diff --git a/.github/workflows/update-amba.yml b/.github/workflows/update-amba.yml
new file mode 100644
index 0000000..21d78cb
--- /dev/null
+++ b/.github/workflows/update-amba.yml
@@ -0,0 +1,174 @@
+---
+ name: update platform/amba
+
+ # yamllint disable-line rule:truthy
+ on:
+ schedule:
+ - cron: "0 8 * * 1-5"
+ workflow_dispatch: {}
+
+ permissions:
+ contents: write
+
+ env:
+ alz_repository: "Azure/Enterprise-Scale"
+ remote_repository: "Azure/azure-monitor-baseline-alerts"
+ alzlib_repository: "Azure/alzlib"
+ library_dir: "platform/amba"
+ pr_title: "feat: update platform/amba library (automated)"
+ pr_body: |-
+ This is an automated pull_request containing updates to the library templates stored in 'platform/amba'.
+ Please review the files changed tab to review changes.
+
+ jobs:
+ update-lib:
+ name: update
+ runs-on: ubuntu-latest
+ environment: libupdate
+ steps:
+ - name: Local repository checkout
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ with:
+ path: ${{ github.repository }}
+ fetch-depth: 0
+
+ - name: Remote repository checkout
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ with:
+ repository: ${{ env.remote_repository }}
+ path: ${{ env.remote_repository }}
+ ref: main
+
+ - name: Alz repository checkout
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ with:
+ repository: ${{ env.alz_repository }}
+ path: ${{ env.alz_repository }}
+ ref: main
+
+ - name: setup go
+ uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+ with:
+ go-version: 'stable'
+
+ - name: install alzlibtool
+ run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.18.0
+
+ - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+ id: generate-token
+ with:
+ app_id: ${{ secrets.TOKEN_APP_ID }}
+ private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}
+
+ - name: Configure local git
+ run: |
+ git config user.name github-actions
+ git config user.email action@github.com
+ working-directory: ${{ github.repository }}
+
+ - name: Create and checkout branch
+ id: branch
+ run: |
+ BRANCH="platform-amba-${{ github.run_number }}"
+ echo "name=$BRANCH" >> "$GITHUB_OUTPUT"
+ git checkout -b "$BRANCH"
+ working-directory: ${{ github.repository }}
+ env:
+ GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+ - name: Copy policy definitions
+ uses: azure/powershell@53dd145408794f7e80f97cfcca04155c85234709 # v2.0.0
+ with:
+ inlineScript: |
+ Write-Information "==> Running copy policy definitions script..." -InformationAction Continue
+ ${{ github.repository }}/platform/amba/scripts/Copy-PolicyDefinitions.ps1 `
+ -TemplatePath "${{ github.workspace }}/${{ env.remote_repository }}/patterns/alz/templates" `
+ -TargetPath "${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_definitions_copy" `
+ -SourcePath "${{ github.workspace }}/${{ env.remote_repository }}"
+ azPSVersion: "latest"
+
+ - name: Update library policy definitions
+ run: |
+ alzlibtool convert policydefinition -o \
+ "${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_definitions_copy" \
+ "${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_definitions"
+
+ - name: Update library policy set definitions
+ run: |
+ alzlibtool convert policysetdefinition -o \
+ "${{ github.workspace }}/${{ env.remote_repository }}/patterns/alz/policySetDefinitions" \
+ "${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_set_definitions"
+
+ - name: Clean up copied policy definitions
+ run: |
+ rm -rf "${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_definitions_copy"
+ working-directory: ${{ github.workspace }}
+
+ - name: Remove deprecated policy definitions
+ run: |
+ rm -rf "${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_set_definitions/Alerting-LandingZone.alz_policy_set_definition.json"
+ working-directory: ${{ github.workspace }}
+
+ - name: Update library policy assignments and archetypes
+ uses: azure/powershell@53dd145408794f7e80f97cfcca04155c85234709 # v2.0.0
+ with:
+ inlineScript: |
+ Write-Information "==> Running policy assignments and archetypes script..." -InformationAction Continue
+ ${{ github.repository }}/platform/amba/scripts/Invoke-LibraryUpdatePolicyAssignmentArchetypes.ps1 `
+ -AlzToolsPath "${{ github.workspace }}/${{ env.alz_repository }}/src/Alz.Tools/" `
+ -TargetPath "${{ github.workspace }}/${{ github.repository }}" `
+ -SourcePath "${{ github.workspace }}/${{ env.remote_repository }}"
+ azPSVersion: "latest"
+
+ - name: Update library policy definitions in archetype definitions
+ uses: azure/powershell@53dd145408794f7e80f97cfcca04155c85234709 # v2.0.0
+ with:
+ inlineScript: |
+ Write-Information "==> Running policy definitions in archetype definitions script..." -InformationAction Continue
+ ${{ github.repository }}/platform/amba/scripts/Invoke-LibraryUpdatePolicyDefinitions.ps1 `
+ -AlzToolsPath "${{ github.workspace }}/${{ env.alz_repository }}/src/Alz.Tools/" `
+ -TargetPath "${{ github.workspace }}/${{ github.repository }}" `
+ -SourcePath "${{ github.workspace }}/${{ env.remote_repository }}"
+ azPSVersion: "latest"
+
+ - name: Check for changes
+ id: git_status
+ run: |
+ mapfile -t "CHECK_GIT_STATUS" < <(git status -s ${{ env.library_dir }})
+ printf "%s\n" "${CHECK_GIT_STATUS[@]}"
+ echo "changes=${#CHECK_GIT_STATUS[@]}" >> "$GITHUB_OUTPUT"
+ working-directory: ${{ github.workspace }}/${{ github.repository }}
+
+ - name: Add files, commit and push
+ if: steps.git_status.outputs.changes > 0
+ run: |
+ echo "Pushing changes to origin..."
+ git add ${{ env.library_dir }}
+ git commit -m '${{ env.pr_title }}'
+ git push origin ${{ steps.branch.outputs.name }}
+ working-directory: ${{ github.repository }}
+
+ - name: Create pull request
+ if: steps.git_status.outputs.changes > 0
+ id: pr
+ run: |
+ PR="$(gh pr create \
+ --title "${{ env.pr_title }}" \
+ --body "${{ env.pr_body }}" \
+ --base "${{ github.ref }}" \
+ --head "${{ steps.branch.outputs.name }}" \
+ --draft)"
+ echo "Created new PR: $CHECK_PULL_REQUEST_URL"
+ echo number=$(gh pr view $PR_URL --json number | jq -r '.number') >> "$GITHUB_OUTPUT"
+ working-directory: ${{ github.repository }}
+ env:
+ GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+ - name: close and comment out of date prs
+ if: steps.git_status.outputs.changes > 0
+ run: |
+ PULL_REQUESTS=$(gh pr list --search 'feat: update platform/amba library (automated)' --json number,headRefName)
+ echo "$PULL_REQUESTS" | jq -r '.[] | select(.number != ${{ steps.pr.outputs.number }}) | .number' | xargs -I {} gh pr close {} --delete-branch --comment "Supersceeded by #${{ steps.pr.outputs.pull-request-number }}"
+ working-directory: ${{ github.repository }}
+ env:
+ GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
\ No newline at end of file
diff --git a/platform/amba/README.md b/platform/amba/README.md
new file mode 100644
index 0000000..37ab879
--- /dev/null
+++ b/platform/amba/README.md
@@ -0,0 +1,644 @@
+# AMBA (Azure Monitor Baseline Alerts for Azure Landing Zones)
+
+This library provides the reference set of Azure Monitor Baseline Alerts for Azure Landing Zones (ALZ) policies, archetypes, and management group architecture.
+
+## Usage
+
+```terraform
+provider "alz" {
+ library_references = [
+ {
+ path = "platform/amba"
+ tag = "0000.00.0" # Replace with the desired version
+ }
+ ]
+}
+```
+
+## Architectures
+
+The following architectures are available in this library, please note that the diagrams denote the management group display name and, in brackets, the associated archetypes:
+
+### architecture `amba`
+
+> [!NOTE]
+> This hierarchy will be deployed as a child of the user-supplied root management group.
+
+```mermaid
+flowchart TD
+ ambaroot["AMBA root
+(amba_root)"]
+ ambaroot --> amba-landingzones
+ amba-landingzones["Landing zones
+(amba_landing_zones)"]
+ ambaroot --> amba-platform
+ amba-platform["Platform
+(amba_platform)"]
+ amba-platform --> amba-connectivity
+ amba-connectivity["Connectivity
+(amba_connectivity)"]
+ amba-platform --> amba-identity
+ amba-identity["Identity
+(amba_identity)"]
+ amba-platform --> amba-management
+ amba-management["Management
+(amba_management)"]
+
+```
+
+## Archetypes
+
+### archetype `amba_connectivity`
+
+#### amba_connectivity policy assignments
+
+1 policy assignments
+
+- Deploy-AMBA-Connectivity
+
+
+### archetype `amba_identity`
+
+#### amba_identity policy assignments
+
+1 policy assignments
+
+- Deploy-AMBA-Identity
+
+
+### archetype `amba_landing_zones`
+
+#### amba_landing_zones policy assignments
+
+8 policy assignments
+
+- Deploy-AMBA-HybridVM
+- Deploy-AMBA-KeyMgmt
+- Deploy-AMBA-LoadBalance
+- Deploy-AMBA-NetworkChang
+- Deploy-AMBA-RecoverySvc
+- Deploy-AMBA-Storage
+- Deploy-AMBA-VM
+- Deploy-AMBA-Web
+
+
+### archetype `amba_management`
+
+#### amba_management policy assignments
+
+1 policy assignments
+
+- Deploy-AMBA-Management
+
+
+### archetype `amba_platform`
+
+#### amba_platform policy assignments
+
+2 policy assignments
+
+- Deploy-AMBA-HybridVM
+- Deploy-AMBA-VM
+
+
+### archetype `amba_root`
+
+#### amba_root policy definitions
+
+116 policy definitions
+
+- Deploy_AA_TotalJob_Alert
+- Deploy_AFW_FirewallHealth_Alert
+- Deploy_AFW_SNATPortUtilization_Alert
+- Deploy_AG_ApplicationGatewayTotalTime_Alert
+- Deploy_AG_BackendLastByteResponseTime_Alert
+- Deploy_AG_CPUUtilization_Alert
+- Deploy_AG_CapacityUnits_Alert
+- Deploy_AG_ComputeUnits_Alert
+- Deploy_AG_FailedRequests_Alert
+- Deploy_AG_ResponseStatus_Alert
+- Deploy_AG_UnhealthyHostCount_Alert
+- Deploy_ALB_DataPathAvailability_Alert
+- Deploy_ALB_GlobalBackendAvailability_Alert
+- Deploy_ALB_HealthProbeStatus_Alert
+- Deploy_ALB_UsedSNATPorts_Alert
+- Deploy_ActivityLog_ManagedHSMs_Delete
+- Deploy_AlertProcessing_Rule
+- Deploy_DNSZ_RegistrationCapacityUtil_Alert
+- Deploy_ERCIR_ArpAvailability_Alert
+- Deploy_ERCIR_BgpAvailability_Alert
+- Deploy_ERCIR_QosDropBitsInPerSecond_Alert
+- Deploy_ERCIR_QosDropBitsOutPerSecond_Alert
+- Deploy_ERGw_ExpressRouteBitsIn_Alert
+- Deploy_ERGw_ExpressRouteBitsOut_Alert
+- Deploy_ERGw_ExpressRouteCpuUtil_Alert
+- Deploy_ERP_ExpressRoutLineProtocol_Alert
+- Deploy_ERP_ExpressRoutRxLightLevel_Alert
+- Deploy_ERP_ExpressRoutRxLightLevellow_Alert
+- Deploy_ERP_ExpressRoutTxLightLevell_Alert
+- Deploy_ERP_ExpressRoutTxLightLevellow_Alert
+- Deploy_ERP_ExpressRouteBitsIn_Alert
+- Deploy_ERP_ExpressRouteBitsOut_Alert
+- Deploy_FD_BackendHealth_Alert
+- Deploy_FD_BackendRequestLatency_Alert
+- Deploy_FrontDoorCDN_OriginHealthPercentage_Alert
+- Deploy_FrontDoorCDN_OriginLatency_Alert
+- Deploy_FrontDoorCDN_Percentage4XX_Alert
+- Deploy_FrontDoorCDN_Percentage5XX_Alert
+- Deploy_Hybrid_VM_CPU_Alert
+- Deploy_Hybrid_VM_Disconnected_Alert
+- Deploy_Hybrid_VM_HeartBeat_Alert
+- Deploy_Hybrid_VM_Memory_Alert
+- Deploy_Hybrid_VM_NetworkIn_Alert
+- Deploy_Hybrid_VM_NetworkOut_Alert
+- Deploy_Hybrid_VM_OSDiskSpace_Alert
+- Deploy_Hybrid_VM_OSDiskreadLatency_Alert
+- Deploy_Hybrid_VM_OSDiskwriteLatency_Alert
+- Deploy_Hybrid_VM_dataDiskReadLatency_Alert
+- Deploy_Hybrid_VM_dataDiskSpace_Alert
+- Deploy_Hybrid_VM_dataDiskWriteLatency_Alert
+- Deploy_KeyVault_Availability_Alert
+- Deploy_KeyVault_Capacity_Alert
+- Deploy_KeyVault_Latency_Alert
+- Deploy_KeyVault_Requests_Alert
+- Deploy_LAWorkspace_DailyCapLimitReached_Alert
+- Deploy_ManagedHSMs_Availability_Alert
+- Deploy_ManagedHSMs_Latency_Alert
+- Deploy_PDNSZ_CapacityUtil_Alert
+- Deploy_PDNSZ_QueryVolume_Alert
+- Deploy_PDNSZ_RecordSetCapacity_Alert
+- Deploy_PublicIp_BytesInDDoSAttack_Alert
+- Deploy_PublicIp_DDoSAttack_Alert
+- Deploy_PublicIp_PacketsInDDoSAttack_Alert
+- Deploy_PublicIp_VIPAvailability_Alert
+- Deploy_RecoveryVault_ASRHealthMonitor_Alert
+- Deploy_RecoveryVault_BackupHealthMonitor_Alert
+- Deploy_ServiceHealth_ActionGroups
+- Deploy_StorageAccount_Availability_Alert
+- Deploy_Suppression_AlertProcessing_Rule
+- Deploy_TM_EndpointHealth_Alert
+- Deploy_VM_CPU_Alert
+- Deploy_VM_HeartBeat_Alert
+- Deploy_VM_Memory_Alert
+- Deploy_VM_NetworkIn_Alert
+- Deploy_VM_NetworkOut_Alert
+- Deploy_VM_OSDiskSpace_Alert
+- Deploy_VM_OSDiskreadLatency_Alert
+- Deploy_VM_OSDiskwriteLatency_Alert
+- Deploy_VM_dataDiskReadLatency_Alert
+- Deploy_VM_dataDiskSpace_Alert
+- Deploy_VM_dataDiskWriteLatency_Alert
+- Deploy_VNET_DDoSAttack_Alert
+- Deploy_VPNGw_BGPPeerStatus_Alert
+- Deploy_VPNGw_BandwidthUtil_Alert
+- Deploy_VPNGw_Egress_Alert
+- Deploy_VPNGw_Ingress_Alert
+- Deploy_VPNGw_TunnelEgressPacketDropCount_Alert
+- Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert
+- Deploy_VPNGw_TunnelIngressPacketDropCount_Alert
+- Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert
+- Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert
+- Deploy_VnetGw_ExpressRouteCpuUtil_Alert
+- Deploy_VnetGw_TunnelBandwidth_Alert
+- Deploy_VnetGw_TunnelEgressPacketDropCount_Alert
+- Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert
+- Deploy_VnetGw_TunnelEgress_Alert
+- Deploy_VnetGw_TunnelIngressPacketDropCount_Alert
+- Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert
+- Deploy_VnetGw_TunnelIngress_Alert
+- Deploy_WSF_CPUPercentage_Alert
+- Deploy_WSF_DiskQueueLength_Alert
+- Deploy_WSF_HttpQueueLength_Alert
+- Deploy_WSF_MemoryPercentage_Alert
+- Deploy_activitylog_Firewall_Delete
+- Deploy_activitylog_KeyVault_Delete
+- Deploy_activitylog_LAWorkspace_Delete
+- Deploy_activitylog_LAWorkspace_KeyRegen
+- Deploy_activitylog_NSG_Delete
+- Deploy_activitylog_ResourceHealth_Unhealthy_Alert
+- Deploy_activitylog_RouteTable_Update
+- Deploy_activitylog_ServiceHealth_HealthAdvisory
+- Deploy_activitylog_ServiceHealth_Incident
+- Deploy_activitylog_ServiceHealth_Maintenance
+- Deploy_activitylog_ServiceHealth_SecurityAdvisory
+- Deploy_activitylog_StorageAccount_Delete
+- Deploy_activitylog_VPNGateway_Delete
+
+
+#### amba_root policy set definitions
+
+13 policy set definitions
+
+- Alerting-Connectivity
+- Alerting-HybridVM
+- Alerting-Identity
+- Alerting-KeyManagement
+- Alerting-LoadBalancing
+- Alerting-Management
+- Alerting-NetworkChanges
+- Alerting-RecoveryServices
+- Alerting-ServiceHealth
+- Alerting-Storage
+- Alerting-VM
+- Alerting-Web
+- Notification-Assets
+
+
+#### amba_root policy assignments
+
+2 policy assignments
+
+- Deploy-AMBA-Notification
+- Deploy-AMBA-SvcHealth
+
+
+## Policy Default Values
+
+The following policy default values are available in this library:
+
+### default name `amba_alz_action_group_email`
+
+The email address(es) in the action group for alert notifications.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|----------------------------|
+| Deploy-AMBA-Notification | ALZMonitorActionGroupEmail |
+| Deploy-AMBA-SvcHealth | ALZMonitorActionGroupEmail |
+
+
+### default name `amba_alz_arm_role_id`
+
+The ARM role id(s) in the action group for alert notifications.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|-----------------|
+| Deploy-AMBA-Notification | ALZArmRoleId |
+| Deploy-AMBA-SvcHealth | ALZArmRoleId |
+
+
+### default name `amba_alz_byo_action_group`
+
+The resource id of the action group, required if you intend to use an existing action group for monitoring purposes.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|-----------------|
+| Deploy-AMBA-Notification | BYOActionGroup |
+| Deploy-AMBA-SvcHealth | BYOActionGroup |
+
+
+### default name `amba_alz_byo_alert_processing_rule`
+
+The resource id of the alert processing rule, required if you intend to use an existing alert processing rule for monitoring purposes.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|------------------------|
+| Deploy-AMBA-Notification | BYOAlertProcessingRule |
+| Deploy-AMBA-SvcHealth | BYOAlertProcessingRule |
+
+
+### default name `amba_alz_byo_user_assigned_managed_identity_id`
+
+The resource id of the user assigned managed identity, required if you intend to use an existing user assigned managed identity for monitoring purposes.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|------------------------|------------------------------------------|
+| Deploy-AMBA-HybridVM | BYOUserAssignedManagedIdentityResourceId |
+| Deploy-AMBA-Management | BYOUserAssignedManagedIdentityResourceId |
+| Deploy-AMBA-VM | BYOUserAssignedManagedIdentityResourceId |
+
+
+### default name `amba_alz_disable_tag_name`
+
+Tag name used to disable monitoring at the resource level.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|--------------------------|
+| Deploy-AMBA-Connectivity | ALZMonitorDisableTagName |
+| Deploy-AMBA-HybridVM | ALZMonitorDisableTagName |
+| Deploy-AMBA-Identity | ALZMonitorDisableTagName |
+| Deploy-AMBA-KeyMgmt | ALZMonitorDisableTagName |
+| Deploy-AMBA-Management | ALZMonitorDisableTagName |
+| Deploy-AMBA-NetworkChang | ALZMonitorDisableTagName |
+| Deploy-AMBA-Notification | ALZMonitorDisableTagName |
+| Deploy-AMBA-Storage | ALZMonitorDisableTagName |
+| Deploy-AMBA-SvcHealth | ALZMonitorDisableTagName |
+| Deploy-AMBA-VM | ALZMonitorDisableTagName |
+
+
+### default name `amba_alz_disable_tag_values`
+
+Tag value(s) used to disable monitoring at the resource level.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|----------------------------|
+| Deploy-AMBA-Connectivity | ALZMonitorDisableTagValues |
+| Deploy-AMBA-HybridVM | ALZMonitorDisableTagValues |
+| Deploy-AMBA-Identity | ALZMonitorDisableTagValues |
+| Deploy-AMBA-KeyMgmt | ALZMonitorDisableTagValues |
+| Deploy-AMBA-Management | ALZMonitorDisableTagValues |
+| Deploy-AMBA-NetworkChang | ALZMonitorDisableTagValues |
+| Deploy-AMBA-Notification | ALZMonitorDisableTagValues |
+| Deploy-AMBA-Storage | ALZMonitorDisableTagValues |
+| Deploy-AMBA-SvcHealth | ALZMonitorDisableTagValues |
+| Deploy-AMBA-VM | ALZMonitorDisableTagValues |
+
+
+### default name `amba_alz_event_hub_resource_id`
+
+The resource id of the event hub used for monitoring.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|-----------------------|
+| Deploy-AMBA-Notification | ALZEventHubResourceId |
+| Deploy-AMBA-SvcHealth | ALZEventHubResourceId |
+
+
+### default name `amba_alz_function_resource_id`
+
+The resource id of the function used for monitoring.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|-----------------------|
+| Deploy-AMBA-Notification | ALZFunctionResourceId |
+| Deploy-AMBA-SvcHealth | ALZFunctionResourceId |
+
+
+### default name `amba_alz_function_trigger_url`
+
+The trigger url of the function used for monitoring.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|-----------------------|
+| Deploy-AMBA-Notification | ALZFunctionTriggerUrl |
+| Deploy-AMBA-SvcHealth | ALZFunctionTriggerUrl |
+
+
+### default name `amba_alz_logicapp_callback_url`
+
+The callback url of the logic app used for monitoring.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|------------------------|
+| Deploy-AMBA-Notification | ALZLogicappCallbackUrl |
+| Deploy-AMBA-SvcHealth | ALZLogicappCallbackUrl |
+
+
+### default name `amba_alz_logicapp_resource_id`
+
+The resource id of the logic app used for monitoring.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|-----------------------|
+| Deploy-AMBA-Notification | ALZLogicappResourceId |
+| Deploy-AMBA-SvcHealth | ALZLogicappResourceId |
+
+
+### default name `amba_alz_management_subscription_id`
+
+The subscription id where the user assigned managed identity will be created.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|------------------------|-----------------------------|
+| Deploy-AMBA-HybridVM | ALZManagementSubscriptionId |
+| Deploy-AMBA-Management | ALZManagementSubscriptionId |
+| Deploy-AMBA-VM | ALZManagementSubscriptionId |
+
+
+### default name `amba_alz_resource_group_location`
+
+The region short name (e.g. `westus`) of the resource group that will be used for Azure Monitor Baseline Alerts.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|---------------------------------|
+| Deploy-AMBA-Connectivity | ALZMonitorResourceGroupLocation |
+| Deploy-AMBA-HybridVM | ALZMonitorResourceGroupLocation |
+| Deploy-AMBA-Identity | ALZMonitorResourceGroupLocation |
+| Deploy-AMBA-KeyMgmt | ALZMonitorResourceGroupLocation |
+| Deploy-AMBA-Management | ALZMonitorResourceGroupLocation |
+| Deploy-AMBA-NetworkChang | ALZMonitorResourceGroupLocation |
+| Deploy-AMBA-Notification | ALZMonitorResourceGroupLocation |
+| Deploy-AMBA-Storage | ALZMonitorResourceGroupLocation |
+| Deploy-AMBA-SvcHealth | ALZMonitorResourceGroupLocation |
+| Deploy-AMBA-VM | ALZMonitorResourceGroupLocation |
+
+
+### default name `amba_alz_resource_group_name`
+
+The name of the resource group for Azure Monitor Baseline Alerts.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|-----------------------------|
+| Deploy-AMBA-Connectivity | ALZMonitorResourceGroupName |
+| Deploy-AMBA-HybridVM | ALZMonitorResourceGroupName |
+| Deploy-AMBA-Identity | ALZMonitorResourceGroupName |
+| Deploy-AMBA-KeyMgmt | ALZMonitorResourceGroupName |
+| Deploy-AMBA-Management | ALZMonitorResourceGroupName |
+| Deploy-AMBA-NetworkChang | ALZMonitorResourceGroupName |
+| Deploy-AMBA-Notification | ALZMonitorResourceGroupName |
+| Deploy-AMBA-Storage | ALZMonitorResourceGroupName |
+| Deploy-AMBA-SvcHealth | ALZMonitorResourceGroupName |
+| Deploy-AMBA-VM | ALZMonitorResourceGroupName |
+
+
+### default name `amba_alz_resource_group_tags`
+
+The tags for the resource group for Azure Monitor Baseline Alerts.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|-----------------------------|
+| Deploy-AMBA-Connectivity | ALZMonitorResourceGroupTags |
+| Deploy-AMBA-HybridVM | ALZMonitorResourceGroupTags |
+| Deploy-AMBA-Identity | ALZMonitorResourceGroupTags |
+| Deploy-AMBA-KeyMgmt | ALZMonitorResourceGroupTags |
+| Deploy-AMBA-Management | ALZMonitorResourceGroupTags |
+| Deploy-AMBA-NetworkChang | ALZMonitorResourceGroupTags |
+| Deploy-AMBA-Notification | ALZMonitorResourceGroupTags |
+| Deploy-AMBA-Storage | ALZMonitorResourceGroupTags |
+| Deploy-AMBA-SvcHealth | ALZMonitorResourceGroupTags |
+| Deploy-AMBA-VM | ALZMonitorResourceGroupTags |
+
+
+### default name `amba_alz_user_assigned_managed_identity_name`
+
+The name of the user assigned managed identity for monitoring purposes.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|------------------------|------------------------------------|
+| Deploy-AMBA-HybridVM | ALZUserAssignedManagedIdentityName |
+| Deploy-AMBA-Management | ALZUserAssignedManagedIdentityName |
+| Deploy-AMBA-VM | ALZUserAssignedManagedIdentityName |
+
+
+### default name `amba_alz_webhook_service_uri`
+
+The service uri(s) of the webhook used for monitoring.
+
+| ASSIGNMENT | PARAMETER NAMES |
+|--------------------------|----------------------|
+| Deploy-AMBA-Notification | ALZWebhookServiceUri |
+| Deploy-AMBA-SvcHealth | ALZWebhookServiceUri |
+
+
+---
+## Contents
+
+### all policy definitions
+
+116 policy definitions
+
+- Deploy_AA_TotalJob_Alert
+- Deploy_AFW_FirewallHealth_Alert
+- Deploy_AFW_SNATPortUtilization_Alert
+- Deploy_AG_ApplicationGatewayTotalTime_Alert
+- Deploy_AG_BackendLastByteResponseTime_Alert
+- Deploy_AG_CPUUtilization_Alert
+- Deploy_AG_CapacityUnits_Alert
+- Deploy_AG_ComputeUnits_Alert
+- Deploy_AG_FailedRequests_Alert
+- Deploy_AG_ResponseStatus_Alert
+- Deploy_AG_UnhealthyHostCount_Alert
+- Deploy_ALB_DataPathAvailability_Alert
+- Deploy_ALB_GlobalBackendAvailability_Alert
+- Deploy_ALB_HealthProbeStatus_Alert
+- Deploy_ALB_UsedSNATPorts_Alert
+- Deploy_ActivityLog_ManagedHSMs_Delete
+- Deploy_AlertProcessing_Rule
+- Deploy_DNSZ_RegistrationCapacityUtil_Alert
+- Deploy_ERCIR_ArpAvailability_Alert
+- Deploy_ERCIR_BgpAvailability_Alert
+- Deploy_ERCIR_QosDropBitsInPerSecond_Alert
+- Deploy_ERCIR_QosDropBitsOutPerSecond_Alert
+- Deploy_ERGw_ExpressRouteBitsIn_Alert
+- Deploy_ERGw_ExpressRouteBitsOut_Alert
+- Deploy_ERGw_ExpressRouteCpuUtil_Alert
+- Deploy_ERP_ExpressRoutLineProtocol_Alert
+- Deploy_ERP_ExpressRoutRxLightLevel_Alert
+- Deploy_ERP_ExpressRoutRxLightLevellow_Alert
+- Deploy_ERP_ExpressRoutTxLightLevell_Alert
+- Deploy_ERP_ExpressRoutTxLightLevellow_Alert
+- Deploy_ERP_ExpressRouteBitsIn_Alert
+- Deploy_ERP_ExpressRouteBitsOut_Alert
+- Deploy_FD_BackendHealth_Alert
+- Deploy_FD_BackendRequestLatency_Alert
+- Deploy_FrontDoorCDN_OriginHealthPercentage_Alert
+- Deploy_FrontDoorCDN_OriginLatency_Alert
+- Deploy_FrontDoorCDN_Percentage4XX_Alert
+- Deploy_FrontDoorCDN_Percentage5XX_Alert
+- Deploy_Hybrid_VM_CPU_Alert
+- Deploy_Hybrid_VM_Disconnected_Alert
+- Deploy_Hybrid_VM_HeartBeat_Alert
+- Deploy_Hybrid_VM_Memory_Alert
+- Deploy_Hybrid_VM_NetworkIn_Alert
+- Deploy_Hybrid_VM_NetworkOut_Alert
+- Deploy_Hybrid_VM_OSDiskSpace_Alert
+- Deploy_Hybrid_VM_OSDiskreadLatency_Alert
+- Deploy_Hybrid_VM_OSDiskwriteLatency_Alert
+- Deploy_Hybrid_VM_dataDiskReadLatency_Alert
+- Deploy_Hybrid_VM_dataDiskSpace_Alert
+- Deploy_Hybrid_VM_dataDiskWriteLatency_Alert
+- Deploy_KeyVault_Availability_Alert
+- Deploy_KeyVault_Capacity_Alert
+- Deploy_KeyVault_Latency_Alert
+- Deploy_KeyVault_Requests_Alert
+- Deploy_LAWorkspace_DailyCapLimitReached_Alert
+- Deploy_ManagedHSMs_Availability_Alert
+- Deploy_ManagedHSMs_Latency_Alert
+- Deploy_PDNSZ_CapacityUtil_Alert
+- Deploy_PDNSZ_QueryVolume_Alert
+- Deploy_PDNSZ_RecordSetCapacity_Alert
+- Deploy_PublicIp_BytesInDDoSAttack_Alert
+- Deploy_PublicIp_DDoSAttack_Alert
+- Deploy_PublicIp_PacketsInDDoSAttack_Alert
+- Deploy_PublicIp_VIPAvailability_Alert
+- Deploy_RecoveryVault_ASRHealthMonitor_Alert
+- Deploy_RecoveryVault_BackupHealthMonitor_Alert
+- Deploy_ServiceHealth_ActionGroups
+- Deploy_StorageAccount_Availability_Alert
+- Deploy_Suppression_AlertProcessing_Rule
+- Deploy_TM_EndpointHealth_Alert
+- Deploy_VM_CPU_Alert
+- Deploy_VM_HeartBeat_Alert
+- Deploy_VM_Memory_Alert
+- Deploy_VM_NetworkIn_Alert
+- Deploy_VM_NetworkOut_Alert
+- Deploy_VM_OSDiskSpace_Alert
+- Deploy_VM_OSDiskreadLatency_Alert
+- Deploy_VM_OSDiskwriteLatency_Alert
+- Deploy_VM_dataDiskReadLatency_Alert
+- Deploy_VM_dataDiskSpace_Alert
+- Deploy_VM_dataDiskWriteLatency_Alert
+- Deploy_VNET_DDoSAttack_Alert
+- Deploy_VPNGw_BGPPeerStatus_Alert
+- Deploy_VPNGw_BandwidthUtil_Alert
+- Deploy_VPNGw_Egress_Alert
+- Deploy_VPNGw_Ingress_Alert
+- Deploy_VPNGw_TunnelEgressPacketDropCount_Alert
+- Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert
+- Deploy_VPNGw_TunnelIngressPacketDropCount_Alert
+- Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert
+- Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert
+- Deploy_VnetGw_ExpressRouteCpuUtil_Alert
+- Deploy_VnetGw_TunnelBandwidth_Alert
+- Deploy_VnetGw_TunnelEgressPacketDropCount_Alert
+- Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert
+- Deploy_VnetGw_TunnelEgress_Alert
+- Deploy_VnetGw_TunnelIngressPacketDropCount_Alert
+- Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert
+- Deploy_VnetGw_TunnelIngress_Alert
+- Deploy_WSF_CPUPercentage_Alert
+- Deploy_WSF_DiskQueueLength_Alert
+- Deploy_WSF_HttpQueueLength_Alert
+- Deploy_WSF_MemoryPercentage_Alert
+- Deploy_activitylog_Firewall_Delete
+- Deploy_activitylog_KeyVault_Delete
+- Deploy_activitylog_LAWorkspace_Delete
+- Deploy_activitylog_LAWorkspace_KeyRegen
+- Deploy_activitylog_NSG_Delete
+- Deploy_activitylog_ResourceHealth_Unhealthy_Alert
+- Deploy_activitylog_RouteTable_Update
+- Deploy_activitylog_ServiceHealth_HealthAdvisory
+- Deploy_activitylog_ServiceHealth_Incident
+- Deploy_activitylog_ServiceHealth_Maintenance
+- Deploy_activitylog_ServiceHealth_SecurityAdvisory
+- Deploy_activitylog_StorageAccount_Delete
+- Deploy_activitylog_VPNGateway_Delete
+
+
+### all policy set definitions
+
+13 policy set definitions
+
+- Alerting-Connectivity
+- Alerting-HybridVM
+- Alerting-Identity
+- Alerting-KeyManagement
+- Alerting-LoadBalancing
+- Alerting-Management
+- Alerting-NetworkChanges
+- Alerting-RecoveryServices
+- Alerting-ServiceHealth
+- Alerting-Storage
+- Alerting-VM
+- Alerting-Web
+- Notification-Assets
+
+
+### all policy assignments
+
+13 policy assignments
+
+- Deploy-AMBA-Connectivity
+- Deploy-AMBA-HybridVM
+- Deploy-AMBA-Identity
+- Deploy-AMBA-KeyMgmt
+- Deploy-AMBA-LoadBalance
+- Deploy-AMBA-Management
+- Deploy-AMBA-NetworkChang
+- Deploy-AMBA-Notification
+- Deploy-AMBA-RecoverySvc
+- Deploy-AMBA-Storage
+- Deploy-AMBA-SvcHealth
+- Deploy-AMBA-VM
+- Deploy-AMBA-Web
+
+
\ No newline at end of file
diff --git a/platform/amba/alz_library_metadata.json b/platform/amba/alz_library_metadata.json
new file mode 100644
index 0000000..aae72c8
--- /dev/null
+++ b/platform/amba/alz_library_metadata.json
@@ -0,0 +1,8 @@
+{
+ "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/library_metadata.json",
+ "name": "AMBA",
+ "display_name": "Azure Monitor Baseline Alerts for Azure Landing Zones",
+ "description": "This library provides the reference set of Azure Monitor Baseline Alerts for Azure Landing Zones (ALZ) policies, archetypes, and management group architecture.",
+ "path": "platform/amba",
+ "dependencies": []
+}
diff --git a/platform/amba/alz_policy_default_values.json b/platform/amba/alz_policy_default_values.json
new file mode 100644
index 0000000..a5b98d8
--- /dev/null
+++ b/platform/amba/alz_policy_default_values.json
@@ -0,0 +1,587 @@
+{
+ "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/default_policy_values.json",
+ "defaults": [
+ {
+ "default_name": "amba_alz_management_subscription_id",
+ "description": "The subscription id where the user assigned managed identity will be created.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZManagementSubscriptionId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-HybridVM"
+ },
+ {
+ "parameter_names": [
+ "ALZManagementSubscriptionId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Management"
+ },
+ {
+ "parameter_names": [
+ "ALZManagementSubscriptionId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-VM"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_resource_group_name",
+ "description": "The name of the resource group for Azure Monitor Baseline Alerts.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Connectivity"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-HybridVM"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Identity"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-KeyMgmt"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Management"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-NetworkChang"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Storage"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-VM"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_resource_group_tags",
+ "description": "The tags for the resource group for Azure Monitor Baseline Alerts.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupTags"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Connectivity"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupTags"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-HybridVM"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupTags"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Identity"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupTags"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-KeyMgmt"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupTags"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Management"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupTags"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-NetworkChang"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupTags"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupTags"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Storage"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupTags"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupTags"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-VM"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_resource_group_location",
+ "description": "The region short name (e.g. `westus`) of the resource group that will be used for Azure Monitor Baseline Alerts.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupLocation"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Connectivity"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupLocation"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-HybridVM"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupLocation"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Identity"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupLocation"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-KeyMgmt"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupLocation"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Management"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupLocation"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-NetworkChang"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupLocation"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupLocation"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Storage"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupLocation"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorResourceGroupLocation"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-VM"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_user_assigned_managed_identity_name",
+ "description": "The name of the user assigned managed identity for monitoring purposes.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZUserAssignedManagedIdentityName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-HybridVM"
+ },
+ {
+ "parameter_names": [
+ "ALZUserAssignedManagedIdentityName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Management"
+ },
+ {
+ "parameter_names": [
+ "ALZUserAssignedManagedIdentityName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-VM"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_disable_tag_name",
+ "description": "Tag name used to disable monitoring at the resource level.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Connectivity"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-HybridVM"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Identity"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-KeyMgmt"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Management"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-NetworkChang"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Storage"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagName"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-VM"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_disable_tag_values",
+ "description": "Tag value(s) used to disable monitoring at the resource level.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagValues"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Connectivity"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagValues"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-HybridVM"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagValues"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Identity"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagValues"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-KeyMgmt"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagValues"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Management"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagValues"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-NetworkChang"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagValues"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagValues"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Storage"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagValues"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorDisableTagValues"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-VM"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_action_group_email",
+ "description": "The email address(es) in the action group for alert notifications.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZMonitorActionGroupEmail"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "ALZMonitorActionGroupEmail"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_arm_role_id",
+ "description": "The ARM role id(s) in the action group for alert notifications.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZArmRoleId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "ALZArmRoleId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_webhook_service_uri",
+ "description": "The service uri(s) of the webhook used for monitoring.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZWebhookServiceUri"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "ALZWebhookServiceUri"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_event_hub_resource_id",
+ "description": "The resource id of the event hub used for monitoring.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZEventHubResourceId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "ALZEventHubResourceId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_function_resource_id",
+ "description": "The resource id of the function used for monitoring.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZFunctionResourceId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "ALZFunctionResourceId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_function_trigger_url",
+ "description": "The trigger url of the function used for monitoring.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZFunctionTriggerUrl"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "ALZFunctionTriggerUrl"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_logicapp_resource_id",
+ "description": "The resource id of the logic app used for monitoring.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZLogicappResourceId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "ALZLogicappResourceId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_logicapp_callback_url",
+ "description": "The callback url of the logic app used for monitoring.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "ALZLogicappCallbackUrl"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "ALZLogicappCallbackUrl"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_byo_user_assigned_managed_identity_id",
+ "description": "The resource id of the user assigned managed identity, required if you intend to use an existing user assigned managed identity for monitoring purposes.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "BYOUserAssignedManagedIdentityResourceId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-HybridVM"
+ },
+ {
+ "parameter_names": [
+ "BYOUserAssignedManagedIdentityResourceId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Management"
+ },
+ {
+ "parameter_names": [
+ "BYOUserAssignedManagedIdentityResourceId"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-VM"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_byo_alert_processing_rule",
+ "description": "The resource id of the alert processing rule, required if you intend to use an existing alert processing rule for monitoring purposes.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "BYOAlertProcessingRule"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "BYOAlertProcessingRule"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ }
+ ]
+ },
+ {
+ "default_name": "amba_alz_byo_action_group",
+ "description": "The resource id of the action group, required if you intend to use an existing action group for monitoring purposes.",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "BYOActionGroup"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-Notification"
+ },
+ {
+ "parameter_names": [
+ "BYOActionGroup"
+ ],
+ "policy_assignment_name": "Deploy-AMBA-SvcHealth"
+ }
+ ]
+ }
+ ]
+}
diff --git a/platform/amba/archetype_definitions/connectivity.alz_archetype_definition.json b/platform/amba/archetype_definitions/connectivity.alz_archetype_definition.json
new file mode 100644
index 0000000..4994226
--- /dev/null
+++ b/platform/amba/archetype_definitions/connectivity.alz_archetype_definition.json
@@ -0,0 +1,10 @@
+{
+ "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/archetype_definition.json",
+ "name": "amba_connectivity",
+ "policy_assignments": [
+ "Deploy-AMBA-Connectivity"
+ ],
+ "policy_definitions": [],
+ "policy_set_definitions": [],
+ "role_definitions": []
+}
diff --git a/platform/amba/archetype_definitions/identity.alz_archetype_definition.json b/platform/amba/archetype_definitions/identity.alz_archetype_definition.json
new file mode 100644
index 0000000..1280a5c
--- /dev/null
+++ b/platform/amba/archetype_definitions/identity.alz_archetype_definition.json
@@ -0,0 +1,10 @@
+{
+ "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/archetype_definition.json",
+ "name": "amba_identity",
+ "policy_assignments": [
+ "Deploy-AMBA-Identity"
+ ],
+ "policy_definitions": [],
+ "policy_set_definitions": [],
+ "role_definitions": []
+}
diff --git a/platform/amba/archetype_definitions/landing_zones.alz_archetype_definition.json b/platform/amba/archetype_definitions/landing_zones.alz_archetype_definition.json
new file mode 100644
index 0000000..fd61b96
--- /dev/null
+++ b/platform/amba/archetype_definitions/landing_zones.alz_archetype_definition.json
@@ -0,0 +1,17 @@
+{
+ "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/archetype_definition.json",
+ "name": "amba_landing_zones",
+ "policy_assignments": [
+ "Deploy-AMBA-HybridVM",
+ "Deploy-AMBA-KeyMgmt",
+ "Deploy-AMBA-LoadBalance",
+ "Deploy-AMBA-NetworkChang",
+ "Deploy-AMBA-RecoverySvc",
+ "Deploy-AMBA-Storage",
+ "Deploy-AMBA-VM",
+ "Deploy-AMBA-Web"
+ ],
+ "policy_definitions": [],
+ "policy_set_definitions": [],
+ "role_definitions": []
+}
diff --git a/platform/amba/archetype_definitions/management.alz_archetype_definition.json b/platform/amba/archetype_definitions/management.alz_archetype_definition.json
new file mode 100644
index 0000000..08b92b8
--- /dev/null
+++ b/platform/amba/archetype_definitions/management.alz_archetype_definition.json
@@ -0,0 +1,10 @@
+{
+ "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/archetype_definition.json",
+ "name": "amba_management",
+ "policy_assignments": [
+ "Deploy-AMBA-Management"
+ ],
+ "policy_definitions": [],
+ "policy_set_definitions": [],
+ "role_definitions": []
+}
diff --git a/platform/amba/archetype_definitions/platform.alz_archetype_definition.json b/platform/amba/archetype_definitions/platform.alz_archetype_definition.json
new file mode 100644
index 0000000..9931b2b
--- /dev/null
+++ b/platform/amba/archetype_definitions/platform.alz_archetype_definition.json
@@ -0,0 +1,11 @@
+{
+ "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/archetype_definition.json",
+ "name": "amba_platform",
+ "policy_assignments": [
+ "Deploy-AMBA-HybridVM",
+ "Deploy-AMBA-VM"
+ ],
+ "policy_definitions": [],
+ "policy_set_definitions": [],
+ "role_definitions": []
+}
diff --git a/platform/amba/archetype_definitions/root.alz_archetype_definition.json b/platform/amba/archetype_definitions/root.alz_archetype_definition.json
new file mode 100644
index 0000000..e1725fc
--- /dev/null
+++ b/platform/amba/archetype_definitions/root.alz_archetype_definition.json
@@ -0,0 +1,142 @@
+{
+ "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/archetype_definition.json",
+ "name": "amba_root",
+ "policy_assignments": [
+ "Deploy-AMBA-Notification",
+ "Deploy-AMBA-SvcHealth"
+ ],
+ "policy_definitions": [
+ "Deploy_AA_TotalJob_Alert",
+ "Deploy_activitylog_Firewall_Delete",
+ "Deploy_activitylog_KeyVault_Delete",
+ "Deploy_activitylog_LAWorkspace_Delete",
+ "Deploy_activitylog_LAWorkspace_KeyRegen",
+ "Deploy_ActivityLog_ManagedHSMs_Delete",
+ "Deploy_activitylog_NSG_Delete",
+ "Deploy_activitylog_ResourceHealth_Unhealthy_Alert",
+ "Deploy_activitylog_RouteTable_Update",
+ "Deploy_activitylog_ServiceHealth_HealthAdvisory",
+ "Deploy_activitylog_ServiceHealth_Incident",
+ "Deploy_activitylog_ServiceHealth_Maintenance",
+ "Deploy_activitylog_ServiceHealth_SecurityAdvisory",
+ "Deploy_activitylog_StorageAccount_Delete",
+ "Deploy_activitylog_VPNGateway_Delete",
+ "Deploy_AFW_FirewallHealth_Alert",
+ "Deploy_AFW_SNATPortUtilization_Alert",
+ "Deploy_AG_ApplicationGatewayTotalTime_Alert",
+ "Deploy_AG_BackendLastByteResponseTime_Alert",
+ "Deploy_AG_CapacityUnits_Alert",
+ "Deploy_AG_ComputeUnits_Alert",
+ "Deploy_AG_CPUUtilization_Alert",
+ "Deploy_AG_FailedRequests_Alert",
+ "Deploy_AG_ResponseStatus_Alert",
+ "Deploy_AG_UnhealthyHostCount_Alert",
+ "Deploy_ALB_DataPathAvailability_Alert",
+ "Deploy_ALB_GlobalBackendAvailability_Alert",
+ "Deploy_ALB_HealthProbeStatus_Alert",
+ "Deploy_ALB_UsedSNATPorts_Alert",
+ "Deploy_AlertProcessing_Rule",
+ "Deploy_DNSZ_RegistrationCapacityUtil_Alert",
+ "Deploy_ERCIR_ArpAvailability_Alert",
+ "Deploy_ERCIR_BgpAvailability_Alert",
+ "Deploy_ERCIR_QosDropBitsInPerSecond_Alert",
+ "Deploy_ERCIR_QosDropBitsOutPerSecond_Alert",
+ "Deploy_ERGw_ExpressRouteBitsIn_Alert",
+ "Deploy_ERGw_ExpressRouteBitsOut_Alert",
+ "Deploy_ERGw_ExpressRouteCpuUtil_Alert",
+ "Deploy_ERP_ExpressRouteBitsIn_Alert",
+ "Deploy_ERP_ExpressRouteBitsOut_Alert",
+ "Deploy_ERP_ExpressRoutLineProtocol_Alert",
+ "Deploy_ERP_ExpressRoutRxLightLevel_Alert",
+ "Deploy_ERP_ExpressRoutRxLightLevellow_Alert",
+ "Deploy_ERP_ExpressRoutTxLightLevell_Alert",
+ "Deploy_ERP_ExpressRoutTxLightLevellow_Alert",
+ "Deploy_FD_BackendHealth_Alert",
+ "Deploy_FD_BackendRequestLatency_Alert",
+ "Deploy_FrontDoorCDN_OriginHealthPercentage_Alert",
+ "Deploy_FrontDoorCDN_OriginLatency_Alert",
+ "Deploy_FrontDoorCDN_Percentage4XX_Alert",
+ "Deploy_FrontDoorCDN_Percentage5XX_Alert",
+ "Deploy_Hybrid_VM_CPU_Alert",
+ "Deploy_Hybrid_VM_dataDiskReadLatency_Alert",
+ "Deploy_Hybrid_VM_dataDiskSpace_Alert",
+ "Deploy_Hybrid_VM_dataDiskWriteLatency_Alert",
+ "Deploy_Hybrid_VM_Disconnected_Alert",
+ "Deploy_Hybrid_VM_HeartBeat_Alert",
+ "Deploy_Hybrid_VM_Memory_Alert",
+ "Deploy_Hybrid_VM_NetworkIn_Alert",
+ "Deploy_Hybrid_VM_NetworkOut_Alert",
+ "Deploy_Hybrid_VM_OSDiskreadLatency_Alert",
+ "Deploy_Hybrid_VM_OSDiskSpace_Alert",
+ "Deploy_Hybrid_VM_OSDiskwriteLatency_Alert",
+ "Deploy_KeyVault_Availability_Alert",
+ "Deploy_KeyVault_Capacity_Alert",
+ "Deploy_KeyVault_Latency_Alert",
+ "Deploy_KeyVault_Requests_Alert",
+ "Deploy_LAWorkspace_DailyCapLimitReached_Alert",
+ "Deploy_ManagedHSMs_Availability_Alert",
+ "Deploy_ManagedHSMs_Latency_Alert",
+ "Deploy_PDNSZ_CapacityUtil_Alert",
+ "Deploy_PDNSZ_QueryVolume_Alert",
+ "Deploy_PDNSZ_RecordSetCapacity_Alert",
+ "Deploy_PublicIp_BytesInDDoSAttack_Alert",
+ "Deploy_PublicIp_DDoSAttack_Alert",
+ "Deploy_PublicIp_PacketsInDDoSAttack_Alert",
+ "Deploy_PublicIp_VIPAvailability_Alert",
+ "Deploy_RecoveryVault_ASRHealthMonitor_Alert",
+ "Deploy_RecoveryVault_BackupHealthMonitor_Alert",
+ "Deploy_ServiceHealth_ActionGroups",
+ "Deploy_StorageAccount_Availability_Alert",
+ "Deploy_Suppression_AlertProcessing_Rule",
+ "Deploy_TM_EndpointHealth_Alert",
+ "Deploy_VM_CPU_Alert",
+ "Deploy_VM_dataDiskReadLatency_Alert",
+ "Deploy_VM_dataDiskSpace_Alert",
+ "Deploy_VM_dataDiskWriteLatency_Alert",
+ "Deploy_VM_HeartBeat_Alert",
+ "Deploy_VM_Memory_Alert",
+ "Deploy_VM_NetworkIn_Alert",
+ "Deploy_VM_NetworkOut_Alert",
+ "Deploy_VM_OSDiskreadLatency_Alert",
+ "Deploy_VM_OSDiskSpace_Alert",
+ "Deploy_VM_OSDiskwriteLatency_Alert",
+ "Deploy_VNET_DDoSAttack_Alert",
+ "Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert",
+ "Deploy_VnetGw_ExpressRouteCpuUtil_Alert",
+ "Deploy_VnetGw_TunnelBandwidth_Alert",
+ "Deploy_VnetGw_TunnelEgress_Alert",
+ "Deploy_VnetGw_TunnelEgressPacketDropCount_Alert",
+ "Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert",
+ "Deploy_VnetGw_TunnelIngress_Alert",
+ "Deploy_VnetGw_TunnelIngressPacketDropCount_Alert",
+ "Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert",
+ "Deploy_VPNGw_BandwidthUtil_Alert",
+ "Deploy_VPNGw_BGPPeerStatus_Alert",
+ "Deploy_VPNGw_Egress_Alert",
+ "Deploy_VPNGw_Ingress_Alert",
+ "Deploy_VPNGw_TunnelEgressPacketDropCount_Alert",
+ "Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert",
+ "Deploy_VPNGw_TunnelIngressPacketDropCount_Alert",
+ "Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert",
+ "Deploy_WSF_CPUPercentage_Alert",
+ "Deploy_WSF_DiskQueueLength_Alert",
+ "Deploy_WSF_HttpQueueLength_Alert",
+ "Deploy_WSF_MemoryPercentage_Alert"
+ ],
+ "policy_set_definitions": [
+ "Alerting-Connectivity",
+ "Alerting-HybridVM",
+ "Alerting-Identity",
+ "Alerting-KeyManagement",
+ "Alerting-LoadBalancing",
+ "Alerting-Management",
+ "Alerting-NetworkChanges",
+ "Alerting-RecoveryServices",
+ "Alerting-ServiceHealth",
+ "Alerting-Storage",
+ "Alerting-VM",
+ "Alerting-Web",
+ "Notification-Assets"
+ ],
+ "role_definitions": []
+}
diff --git a/platform/amba/architecture_definitions/amba.alz_architecture_definition.json b/platform/amba/architecture_definitions/amba.alz_architecture_definition.json
new file mode 100644
index 0000000..41c9a7a
--- /dev/null
+++ b/platform/amba/architecture_definitions/amba.alz_architecture_definition.json
@@ -0,0 +1,60 @@
+{
+ "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/architecture_definition.json",
+ "name": "amba",
+ "management_groups": [
+ {
+ "archetypes": [
+ "amba_root"
+ ],
+ "display_name": "AMBA root",
+ "exists": true,
+ "id": "ambaroot",
+ "parent_id": null
+ },
+ {
+ "archetypes": [
+ "amba_platform"
+ ],
+ "display_name": "Platform",
+ "exists": true,
+ "id": "amba-platform",
+ "parent_id": "ambaroot"
+ },
+ {
+ "archetypes": [
+ "amba_landing_zones"
+ ],
+ "display_name": "Landing zones",
+ "exists": true,
+ "id": "amba-landingzones",
+ "parent_id": "ambaroot"
+ },
+ {
+ "archetypes": [
+ "amba_management"
+ ],
+ "display_name": "Management",
+ "exists": true,
+ "id": "amba-management",
+ "parent_id": "amba-platform"
+ },
+ {
+ "archetypes": [
+ "amba_connectivity"
+ ],
+ "display_name": "Connectivity",
+ "exists": true,
+ "id": "amba-connectivity",
+ "parent_id": "amba-platform"
+ },
+ {
+ "archetypes": [
+ "amba_identity"
+ ],
+ "display_name": "Identity",
+ "exists": true,
+ "id": "amba-identity",
+ "parent_id": "amba-platform"
+ }
+ ]
+}
diff --git a/platform/amba/policy_assignments/deploy_amba_connectivity.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_connectivity.alz_policy_assignment.json
new file mode 100644
index 0000000..6cba392
--- /dev/null
+++ b/platform/amba/policy_assignments/deploy_amba_connectivity.alz_policy_assignment.json
@@ -0,0 +1,200 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2020-09-01",
+ "name": "Deploy-AMBA-Connectivity",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Network components such as Azure Firewalls, ExpressRoute, VPN, and Private DNS Zones.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Connectivity",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/placeholder/providers/Microsoft.Authorization/policySetDefinitions/Alerting-Connectivity",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Alerting {enforcementMode} be deployed to Azure services."
+ }
+ ],
+ "parameters": {
+ "AFWSNATPortUtilizationPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ALZMonitorDisableTagName": {
+ "value": "MonitorDisable"
+ },
+ "ALZMonitorDisableTagValues": {
+ "value": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ]
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "eastus"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "rg-amba-alz-prod-001"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": {
+ "_deployed_by_alz_monitor": true
+ }
+ },
+ "ERCIRArpAvailabilityPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ERCIRBgpAvailabilityPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ERCIRQoSDropBitsinPerSecPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ERCIRQoSDropBitsoutPerSecPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ERGwExpressRouteBitsInPolicyEffect": {
+ "value": "disabled"
+ },
+ "ERGwExpressRouteBitsOutPolicyEffect": {
+ "value": "disabled"
+ },
+ "ERGwExpressRouteCpuUtilPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ERPBitsInPerSecondPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ERPBitsOutPerSecondPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ERPLineProtocolPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ERPRxLightLevelHighPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ERPRxLightLevelLowPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ERPTxLightLevelHighPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ERPTxLightLevelLowPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "FirewallHealthPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "LBDatapathAvailabilityPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "LBGlobalBackendAvailabilityPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "LBHealthProbeStatusPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "LBUsedSNATPortsPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "PDNSZCapacityUtilPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "PDNSZQueryVolumePolicyEffect": {
+ "value": "disabled"
+ },
+ "PDNSZRecordSetCapacityPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "PDNSZRegistrationCapacityUtilPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "PIPBytesInDDoSPolicyEffect": {
+ "value": "disabled"
+ },
+ "PIPDDoSAttackPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "PIPPacketsInDDoSPolicyEffect": {
+ "value": "disabled"
+ },
+ "PIPVIPAvailabilityPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VNETDDOSAttackPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VPNGWBandWidthUtilPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VPNGWEgressPolicyEffect": {
+ "value": "disabled"
+ },
+ "VPNGWIngressPolicyEffect": {
+ "value": "disabled"
+ },
+ "VPNGWTunnelEgressPacketDropCountPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VPNGWTunnelEgressPacketDropMismatchPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VPNGWTunnelIngressPacketDropCountPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VPNGWTunnelIngressPacketDropMismatchPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VPNGwBGPPeerStatusPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VnetGwERCpuUtilPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VnetGwExpressRouteBitsPerSecondPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VnetGwTunnelBWPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VnetGwTunnelEgressPacketDropCountPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VnetGwTunnelEgressPacketDropMismatchPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VnetGwTunnelEgressPolicyEffect": {
+ "value": "disabled"
+ },
+ "VnetGwTunnelIngressPacketDropCountPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VnetGwTunnelIngressPacketDropMismatchPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VnetGwTunnelIngressPolicyEffect": {
+ "value": "disabled"
+ },
+ "activityFWDeletePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "activityNSGDeletePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "activityUDRUpdatePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "activityVPNGWDeletePolicyEffect": {
+ "value": "deployIfNotExists"
+ }
+ },
+ "metadata": {
+ "_deployed_by_amba": true
+ },
+ "scope": "/providers/Microsoft.Management/managementGroups/placeholder",
+ "notScopes": []
+ }
+}
diff --git a/platform/amba/policy_assignments/deploy_amba_hybridvm.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_hybridvm.alz_policy_assignment.json
new file mode 100644
index 0000000..9ceaba2
--- /dev/null
+++ b/platform/amba/policy_assignments/deploy_amba_hybridvm.alz_policy_assignment.json
@@ -0,0 +1,95 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2020-09-01",
+ "name": "Deploy-AMBA-HybridVM",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Hybrid VMs",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/placeholder/providers/Microsoft.Authorization/policySetDefinitions/Alerting-HybridVM",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Alerting {enforcementMode} be deployed to Azure services."
+ }
+ ],
+ "parameters": {
+ "ALZManagementSubscriptionId": {
+ "value": ""
+ },
+ "ALZMonitorDisableTagName": {
+ "value": "MonitorDisable"
+ },
+ "ALZMonitorDisableTagValues": {
+ "value": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ]
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "eastus"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "rg-amba-alz-prod-001"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": {
+ "_deployed_by_alz_monitor": true
+ }
+ },
+ "ALZUserAssignedManagedIdentityName": {
+ "value": "id-amba-alz-arg-reader-prod-001"
+ },
+ "BYOUserAssignedManagedIdentityResourceId": {
+ "value": ""
+ },
+ "HybridVMDataDiskReadLatencyPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "HybridVMDataDiskSpacePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "HybridVMDataDiskWriteLatencyPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "HybridVMDisconnectedAlertPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "HybridVMHeartBeatRGPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "HybridVMNetworkInPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "HybridVMNetworkOutPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "HybridVMOSDiskReadLatencyPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "HybridVMOSDiskSpacePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "HybridVMOSDiskWriteLatencyPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "HybridVMPercentCPUPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "HybridVMPercentMemoryPolicyEffect": {
+ "value": "deployIfNotExists"
+ }
+ },
+ "metadata": {
+ "_deployed_by_amba": true
+ },
+ "scope": "/providers/Microsoft.Management/managementGroups/placeholder",
+ "notScopes": []
+ }
+}
diff --git a/platform/amba/policy_assignments/deploy_amba_identity.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_identity.alz_policy_assignment.json
new file mode 100644
index 0000000..0f285fb
--- /dev/null
+++ b/platform/amba/policy_assignments/deploy_amba_identity.alz_policy_assignment.json
@@ -0,0 +1,74 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2020-09-01",
+ "name": "Deploy-AMBA-Identity",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "Initiative to deploy AMBA alerts relevant to the ALZ Identity management group",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Identity",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/placeholder/providers/Microsoft.Authorization/policySetDefinitions/Alerting-Identity",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Alerting {enforcementMode} be deployed to Azure services."
+ }
+ ],
+ "parameters": {
+ "ALZMonitorDisableTagName": {
+ "value": "MonitorDisable"
+ },
+ "ALZMonitorDisableTagValues": {
+ "value": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ]
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "eastus"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "rg-amba-alz-prod-001"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": {
+ "_deployed_by_alz_monitor": true
+ }
+ },
+ "HSMsAvailabilityPolicyEffect": {
+ "value": "disabled"
+ },
+ "HSMsLatencyAvailabilityPolicyEffect": {
+ "value": "disabled"
+ },
+ "KVCapacityPolicyEffect": {
+ "value": "disabled"
+ },
+ "KVRequestPolicyEffect": {
+ "value": "disabled"
+ },
+ "KvAvailabilityPolicyEffect": {
+ "value": "disabled"
+ },
+ "KvLatencyAvailabilityPolicyEffect": {
+ "value": "disabled"
+ },
+ "activityHSMsDeletePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "activityKVDeletePolicyEffect": {
+ "value": "deployIfNotExists"
+ }
+ },
+ "metadata": {
+ "_deployed_by_amba": true
+ },
+ "scope": "/providers/Microsoft.Management/managementGroups/placeholder",
+ "notScopes": []
+ }
+}
diff --git a/platform/amba/policy_assignments/deploy_amba_keymgmt.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_keymgmt.alz_policy_assignment.json
new file mode 100644
index 0000000..4db66e9
--- /dev/null
+++ b/platform/amba/policy_assignments/deploy_amba_keymgmt.alz_policy_assignment.json
@@ -0,0 +1,74 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2020-09-01",
+ "name": "Deploy-AMBA-KeyMgmt",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Key Management Services such as Azure Key Vault, and Managed HSM.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Key Management",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/placeholder/providers/Microsoft.Authorization/policySetDefinitions/Alerting-KeyManagement",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Alerting {enforcementMode} be deployed to Azure services."
+ }
+ ],
+ "parameters": {
+ "ALZMonitorDisableTagName": {
+ "value": "MonitorDisable"
+ },
+ "ALZMonitorDisableTagValues": {
+ "value": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ]
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "eastus"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "rg-amba-alz-prod-001"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": {
+ "_deployed_by_amba": true
+ }
+ },
+ "HSMsAvailabilityPolicyEffect": {
+ "value": "disabled"
+ },
+ "HSMsLatencyAvailabilityPolicyEffect": {
+ "value": "disabled"
+ },
+ "KVCapacityPolicyEffect": {
+ "value": "disabled"
+ },
+ "KVRequestPolicyEffect": {
+ "value": "disabled"
+ },
+ "KvAvailabilityPolicyEffect": {
+ "value": "disabled"
+ },
+ "KvLatencyAvailabilityPolicyEffect": {
+ "value": "disabled"
+ },
+ "activityHSMsDeletePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "activityKVDeletePolicyEffect": {
+ "value": "deployIfNotExists"
+ }
+ },
+ "metadata": {
+ "_deployed_by_amba": true
+ },
+ "scope": "/providers/Microsoft.Management/managementGroups/placeholder",
+ "notScopes": []
+ }
+}
diff --git a/platform/amba/policy_assignments/deploy_amba_loadbalance.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_loadbalance.alz_policy_assignment.json
new file mode 100644
index 0000000..02d7693
--- /dev/null
+++ b/platform/amba/policy_assignments/deploy_amba_loadbalance.alz_policy_assignment.json
@@ -0,0 +1,111 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2020-09-01",
+ "name": "Deploy-AMBA-LoadBalance",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Load Balancing Services such as Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Load Balancing",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/placeholder/providers/Microsoft.Authorization/policySetDefinitions/Alerting-LoadBalancing",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Alerting {enforcementMode} be deployed to Azure services."
+ }
+ ],
+ "parameters": {
+ "AGWApplicationGatewayTotalTimePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "AGWBackendLastByteResponseTimePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "AGWCPUUtilPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "AGWCapacityUnitsPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "AGWComputeUnitsPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "AGWFailedRequestsPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "AGWResponseStatusPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "AGWUnhealthyHostCountPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ALZMonitorDisableTagName": {
+ "value": "MonitorDisable"
+ },
+ "ALZMonitorDisableTagValues": {
+ "value": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ]
+ },
+ "CDNPOriginHealthPercentagePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "CDNPOriginLatencyPolicyEffect": {
+ "value": "disabled"
+ },
+ "CDNPPercentage4XXPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "CDNPPercentage5XXPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "FDBackendHealthPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "FDBackendRequestLatencyPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "LBDatapathAvailabilityPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "LBGlobalBackendAvailabilityPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "LBHealthProbeStatusPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "LBUsedSNATPortsPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "PIPBytesInDDoSPolicyEffect": {
+ "value": "disabled"
+ },
+ "PIPDDoSAttackPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "PIPPacketsInDDoSPolicyEffect": {
+ "value": "disabled"
+ },
+ "PIPVIPAvailabilityPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "TMEndpointHealthPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VNETDDOSAttackPolicyEffect": {
+ "value": "deployIfNotExists"
+ }
+ },
+ "metadata": {
+ "_deployed_by_amba": true
+ },
+ "scope": "/providers/Microsoft.Management/managementGroups/placeholder",
+ "notScopes": []
+ }
+}
diff --git a/platform/amba/policy_assignments/deploy_amba_management.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_management.alz_policy_assignment.json
new file mode 100644
index 0000000..80101d7
--- /dev/null
+++ b/platform/amba/policy_assignments/deploy_amba_management.alz_policy_assignment.json
@@ -0,0 +1,83 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2020-09-01",
+ "name": "Deploy-AMBA-Management",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "Initiative to deploy AMBA alerts relevant to the ALZ Management management group",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Management",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/placeholder/providers/Microsoft.Authorization/policySetDefinitions/Alerting-Management",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Alerting {enforcementMode} be deployed to Azure services."
+ }
+ ],
+ "parameters": {
+ "AATotalJobAlertPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "ALZManagementSubscriptionId": {
+ "value": ""
+ },
+ "ALZMonitorDisableTagName": {
+ "value": "MonitorDisable"
+ },
+ "ALZMonitorDisableTagValues": {
+ "value": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ]
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "eastus"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "rg-amba-alz-prod-001"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": {
+ "_deployed_by_alz_monitor": true
+ }
+ },
+ "ALZUserAssignedManagedIdentityName": {
+ "value": "id-amba-alz-arg-reader-prod-001"
+ },
+ "BYOUserAssignedManagedIdentityResourceId": {
+ "value": ""
+ },
+ "LAWDailyCapLimitPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "RVASRHealthMonitorPolicyEffect": {
+ "value": "modify"
+ },
+ "RVBackupHealthMonitorPolicyEffect": {
+ "value": "modify"
+ },
+ "StorageAccountAvailabilityPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "StorageAccountDeletePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "activityLAWDeletePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "activityLAWKeyRegenPolicyEffect": {
+ "value": "deployIfNotExists"
+ }
+ },
+ "metadata": {
+ "_deployed_by_amba": true
+ },
+ "scope": "/providers/Microsoft.Management/managementGroups/placeholder",
+ "notScopes": []
+ }
+}
diff --git a/platform/amba/policy_assignments/deploy_amba_networkchang.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_networkchang.alz_policy_assignment.json
new file mode 100644
index 0000000..7cb2366
--- /dev/null
+++ b/platform/amba/policy_assignments/deploy_amba_networkchang.alz_policy_assignment.json
@@ -0,0 +1,56 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2020-09-01",
+ "name": "Deploy-AMBA-NetworkChang",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "This initiative implements Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Changes in Network Routing and Security",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/placeholder/providers/Microsoft.Authorization/policySetDefinitions/Alerting-NetworkChanges",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Alerting {enforcementMode} be deployed to Azure services."
+ }
+ ],
+ "parameters": {
+ "ALZMonitorDisableTagName": {
+ "value": "MonitorDisable"
+ },
+ "ALZMonitorDisableTagValues": {
+ "value": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ]
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "eastus"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "rg-amba-alz-prod-001"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": {
+ "_deployed_by_alz_monitor": true
+ }
+ },
+ "activityNSGDeletePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "activityUDRUpdatePolicyEffect": {
+ "value": "deployIfNotExists"
+ }
+ },
+ "metadata": {
+ "_deployed_by_amba": true
+ },
+ "scope": "/providers/Microsoft.Management/managementGroups/placeholder",
+ "notScopes": []
+ }
+}
diff --git a/platform/amba/policy_assignments/deploy_amba_notification.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_notification.alz_policy_assignment.json
new file mode 100644
index 0000000..c048429
--- /dev/null
+++ b/platform/amba/policy_assignments/deploy_amba_notification.alz_policy_assignment.json
@@ -0,0 +1,80 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2020-09-01",
+ "name": "Deploy-AMBA-Notification",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "This initiative deploys Notification Assets for Azure Monitor Baseline Alerts. This includes the setup of an Alert Processing Rule and an Action Group to manage notifications and actions, along with a Notification Suppression Rule to manage alert notifications, as well as a Notification Suppression Rule to control alert notifications.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts - Notification Assets",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/placeholder/providers/Microsoft.Authorization/policySetDefinitions/Notification-Assets",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Notification Assets {enforcementMode} be deployed to Azure services."
+ }
+ ],
+ "parameters": {
+ "ALZArmRoleId": {
+ "value": []
+ },
+ "ALZEventHubResourceId": {
+ "value": []
+ },
+ "ALZFunctionResourceId": {
+ "value": ""
+ },
+ "ALZFunctionTriggerUrl": {
+ "value": ""
+ },
+ "ALZLogicappCallbackUrl": {
+ "value": ""
+ },
+ "ALZLogicappResourceId": {
+ "value": ""
+ },
+ "ALZMonitorActionGroupEmail": {
+ "value": []
+ },
+ "ALZMonitorDisableTagName": {
+ "value": "MonitorDisable"
+ },
+ "ALZMonitorDisableTagValues": {
+ "value": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ]
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "eastus"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "rg-amba-alz-prod-001"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": {
+ "_deployed_by_alz_monitor": true
+ }
+ },
+ "ALZWebhookServiceUri": {
+ "value": []
+ },
+ "BYOActionGroup": {
+ "value": []
+ },
+ "BYOAlertProcessingRule": {
+ "value": ""
+ }
+ },
+ "metadata": {
+ "_deployed_by_amba": true
+ },
+ "scope": "/providers/Microsoft.Management/managementGroups/placeholder",
+ "notScopes": []
+ }
+}
diff --git a/platform/amba/policy_assignments/deploy_amba_recoverysvc.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_recoverysvc.alz_policy_assignment.json
new file mode 100644
index 0000000..390e3a9
--- /dev/null
+++ b/platform/amba/policy_assignments/deploy_amba_recoverysvc.alz_policy_assignment.json
@@ -0,0 +1,45 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2020-09-01",
+ "name": "Deploy-AMBA-RecoverySvc",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Recovery Services such as Azure Backup, and Azure Site Recovery.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Recovery Services",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/placeholder/providers/Microsoft.Authorization/policySetDefinitions/Alerting-RecoveryServices",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Alerting {enforcementMode} be deployed to Azure services."
+ }
+ ],
+ "parameters": {
+ "ALZMonitorDisableTagName": {
+ "value": "MonitorDisable"
+ },
+ "ALZMonitorDisableTagValues": {
+ "value": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ]
+ },
+ "RVASRHealthMonitorPolicyEffect": {
+ "value": "modify"
+ },
+ "RVBackupHealthMonitorPolicyEffect": {
+ "value": "modify"
+ }
+ },
+ "metadata": {
+ "_deployed_by_amba": true
+ },
+ "scope": "/providers/Microsoft.Management/managementGroups/placeholder",
+ "notScopes": []
+ }
+}
diff --git a/platform/amba/policy_assignments/deploy_amba_storage.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_storage.alz_policy_assignment.json
new file mode 100644
index 0000000..b14f47a
--- /dev/null
+++ b/platform/amba/policy_assignments/deploy_amba_storage.alz_policy_assignment.json
@@ -0,0 +1,56 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2020-09-01",
+ "name": "Deploy-AMBA-Storage",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Storage Services such as Storage accounts.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Storage",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/placeholder/providers/Microsoft.Authorization/policySetDefinitions/Alerting-Storage",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Alerting {enforcementMode} be deployed to Azure services."
+ }
+ ],
+ "parameters": {
+ "ALZMonitorDisableTagName": {
+ "value": "MonitorDisable"
+ },
+ "ALZMonitorDisableTagValues": {
+ "value": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ]
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "eastus"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "rg-amba-alz-prod-001"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": {
+ "_deployed_by_alz_monitor": true
+ }
+ },
+ "StorageAccountAvailabilityPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "StorageAccountDeletePolicyEffect": {
+ "value": "deployIfNotExists"
+ }
+ },
+ "metadata": {
+ "_deployed_by_amba": true
+ },
+ "scope": "/providers/Microsoft.Management/managementGroups/placeholder",
+ "notScopes": []
+ }
+}
diff --git a/platform/amba/policy_assignments/deploy_amba_svchealth.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_svchealth.alz_policy_assignment.json
new file mode 100644
index 0000000..952bf5b
--- /dev/null
+++ b/platform/amba/policy_assignments/deploy_amba_svchealth.alz_policy_assignment.json
@@ -0,0 +1,95 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2020-09-01",
+ "name": "Deploy-AMBA-SvcHealth",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Service Health Events such as Service issues, Planned maintenance, Health advisories, Security advisories, and Resource health.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Service Health",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/placeholder/providers/Microsoft.Authorization/policySetDefinitions/Alerting-ServiceHealth",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Alerting {enforcementMode} be deployed to Azure services."
+ }
+ ],
+ "parameters": {
+ "ALZArmRoleId": {
+ "value": []
+ },
+ "ALZEventHubResourceId": {
+ "value": []
+ },
+ "ALZFunctionResourceId": {
+ "value": ""
+ },
+ "ALZFunctionTriggerUrl": {
+ "value": ""
+ },
+ "ALZLogicappCallbackUrl": {
+ "value": ""
+ },
+ "ALZLogicappResourceId": {
+ "value": ""
+ },
+ "ALZMonitorActionGroupEmail": {
+ "value": []
+ },
+ "ALZMonitorDisableTagName": {
+ "value": "MonitorDisable"
+ },
+ "ALZMonitorDisableTagValues": {
+ "value": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ]
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "eastus"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "rg-amba-alz-prod-001"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": {
+ "_deployed_by_alz_monitor": true
+ }
+ },
+ "ALZWebhookServiceUri": {
+ "value": []
+ },
+ "BYOActionGroup": {
+ "value": []
+ },
+ "BYOAlertProcessingRule": {
+ "value": ""
+ },
+ "ResHlthUnhealthyPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "serviceHealthAdvisoryPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "serviceHealthIncidentPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "serviceHealthMaintenancePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "serviceHealthSecurityPolicyEffect": {
+ "value": "deployIfNotExists"
+ }
+ },
+ "metadata": {
+ "_deployed_by_amba": true
+ },
+ "scope": "/providers/Microsoft.Management/managementGroups/placeholder",
+ "notScopes": []
+ }
+}
diff --git a/platform/amba/policy_assignments/deploy_amba_vm.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_vm.alz_policy_assignment.json
new file mode 100644
index 0000000..8c538cd
--- /dev/null
+++ b/platform/amba/policy_assignments/deploy_amba_vm.alz_policy_assignment.json
@@ -0,0 +1,92 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2020-09-01",
+ "name": "Deploy-AMBA-VM",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Virtual Machines",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/placeholder/providers/Microsoft.Authorization/policySetDefinitions/Alerting-VM",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Alerting {enforcementMode} be deployed to Azure services."
+ }
+ ],
+ "parameters": {
+ "ALZManagementSubscriptionId": {
+ "value": ""
+ },
+ "ALZMonitorDisableTagName": {
+ "value": "MonitorDisable"
+ },
+ "ALZMonitorDisableTagValues": {
+ "value": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ]
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "eastus"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "rg-amba-alz-prod-001"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": {
+ "_deployed_by_alz_monitor": true
+ }
+ },
+ "ALZUserAssignedManagedIdentityName": {
+ "value": "id-amba-alz-arg-reader-prod-001"
+ },
+ "BYOUserAssignedManagedIdentityResourceId": {
+ "value": ""
+ },
+ "VMDataDiskReadLatencyPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VMDataDiskSpacePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VMDataDiskWriteLatencyPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VMHeartBeatRGPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VMNetworkInPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VMNetworkOutPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VMOSDiskReadLatencyPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VMOSDiskSpacePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VMOSDiskWriteLatencyPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VMPercentCPUPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "VMPercentMemoryPolicyEffect": {
+ "value": "deployIfNotExists"
+ }
+ },
+ "metadata": {
+ "_deployed_by_amba": true
+ },
+ "scope": "/providers/Microsoft.Management/managementGroups/placeholder",
+ "notScopes": []
+ }
+}
diff --git a/platform/amba/policy_assignments/deploy_amba_web.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_web.alz_policy_assignment.json
new file mode 100644
index 0000000..cff28b1
--- /dev/null
+++ b/platform/amba/policy_assignments/deploy_amba_web.alz_policy_assignment.json
@@ -0,0 +1,51 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2020-09-01",
+ "name": "Deploy-AMBA-Web",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Web",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/placeholder/providers/Microsoft.Authorization/policySetDefinitions/Alerting-Web",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Alerting {enforcementMode} be deployed to Azure services."
+ }
+ ],
+ "parameters": {
+ "ALZMonitorDisableTagName": {
+ "value": "MonitorDisable"
+ },
+ "ALZMonitorDisableTagValues": {
+ "value": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ]
+ },
+ "WSFCPUPercentagePolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "WSFDiskQueueLengthPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "WSFHttpQueueLengthPolicyEffect": {
+ "value": "deployIfNotExists"
+ },
+ "WSFMemoryPercentagePolicyEffect": {
+ "value": "deployIfNotExists"
+ }
+ },
+ "metadata": {
+ "_deployed_by_amba": true
+ },
+ "scope": "/providers/Microsoft.Management/managementGroups/placeholder",
+ "notScopes": []
+ }
+}
diff --git a/platform/amba/policy_definitions/Deploy_AA_TotalJob_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AA_TotalJob_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..3e13d2a
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_AA_TotalJob_Alert.alz_policy_definition.json
@@ -0,0 +1,340 @@
+{
+ "name": "Deploy_AA_TotalJob_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Automation Account TotalJob Alert",
+ "displayName": "Deploy Automation Account TotalJob Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Automation",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Automation/automationAccounts",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-TotalJob-threshold-Override_'), field('tags._amba-TotalJob-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TotalJob')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "dimensions": [
+ {
+ "name": "Status",
+ "operator": "Exclude",
+ "values": [
+ "Completed"
+ ]
+ }
+ ],
+ "metricName": "TotalJob",
+ "metricNamespace": "Microsoft.Automation/automationAccounts",
+ "name": "TotalJob",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Automation Account TotalJob Alert",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Automation/automationAccounts",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TotalJob",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Automation/automationAccounts/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-TotalJob-threshold-Override_'), field('tags._amba-TotalJob-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_AFW_FirewallHealth_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AFW_FirewallHealth_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..0f09720
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_AFW_FirewallHealth_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_AFW_FirewallHealth_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Firewall FirewallHealth Alert",
+ "displayName": "Deploy AFW FirewallHealth Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/azureFirewalls",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-FirewallHealth-threshold-Override_'), field('tags._amba-FirewallHealth-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-FirewallHealth')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "FirewallHealth",
+ "metricNamespace": "Microsoft.Network/azureFirewalls",
+ "name": "FirewallHealth",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for AFW FirewallHealth",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/azureFirewalls",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "FirewallHealth",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/azureFirewalls/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-FirewallHealth-threshold-Override_'), field('tags._amba-FirewallHealth-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_AFW_SNATPortUtilization_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AFW_SNATPortUtilization_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..0928ae9
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_AFW_SNATPortUtilization_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_AFW_SNATPortUtilization_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Firewall SNATPortUtilization Alert",
+ "displayName": "Deploy AFW SNATPortUtilization Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "80",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/azureFirewalls",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-SNATPortUtilization-threshold-Override_'), field('tags._amba-SNATPortUtilization-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-SNATPortUtilization')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "SNATPortUtilization",
+ "metricNamespace": "Microsoft.Network/azureFirewalls",
+ "name": "SNATPortUtilization",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for AFW SNATPortUtilization",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/azureFirewalls",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "SNATPortUtilization",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/azureFirewalls/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-SNATPortUtilization-threshold-Override_'), field('tags._amba-SNATPortUtilization-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_AG_ApplicationGatewayTotalTime_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AG_ApplicationGatewayTotalTime_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..978aeb1
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_AG_ApplicationGatewayTotalTime_Alert.alz_policy_definition.json
@@ -0,0 +1,386 @@
+{
+ "name": "Deploy_AG_ApplicationGatewayTotalTime_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Application Gateway ApplicationGatewayTotalTime Alert",
+ "displayName": "Deploy AGW ApplicationGatewayTotalTime Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.4.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertSensitivity": {
+ "allowedValues": [
+ "Low",
+ "Medium",
+ "High"
+ ],
+ "defaultValue": "Medium",
+ "metadata": {
+ "description": "Alert Sensitivity for the alert",
+ "displayName": "Alert Sensitivity"
+ },
+ "type": "String"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "type"
+ },
+ {
+ "In": [
+ "Standard_v2",
+ "WAF_v2"
+ ],
+ "field": "Microsoft.Network/applicationgateways/sku.name"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "alertSensitivity": {
+ "value": "[parameters('alertSensitivity')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertSensitivity": {
+ "type": "String"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-agApplicationGatewayTotalTime')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "[parameters('alertSensitivity')]",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "ApplicationGatewayTotalTime",
+ "metricNamespace": "Microsoft.Network/applicationgateways",
+ "name": "ApplicationGatewayTotalTime",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for App Gateway ApplicationGatewayTotalTime",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "alertSensitivity": {
+ "value": "[parameters('alertSensitivity')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ApplicationGatewayTotalTime",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "[parameters('alertSensitivity')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_AG_BackendLastByteResponseTime_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AG_BackendLastByteResponseTime_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..a0b95eb
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_AG_BackendLastByteResponseTime_Alert.alz_policy_definition.json
@@ -0,0 +1,386 @@
+{
+ "name": "Deploy_AG_BackendLastByteResponseTime_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Application Gateway BackendLastByteResponseTime Alert",
+ "displayName": "Deploy AGW BackendLastByteResponseTime Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.4.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertSensitivity": {
+ "allowedValues": [
+ "Low",
+ "Medium",
+ "High"
+ ],
+ "defaultValue": "Medium",
+ "metadata": {
+ "description": "Alert Sensitivity for the alert",
+ "displayName": "Alert Sensitivity"
+ },
+ "type": "String"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "type"
+ },
+ {
+ "In": [
+ "Standard_v2",
+ "WAF_v2"
+ ],
+ "field": "Microsoft.Network/applicationgateways/sku.name"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "alertSensitivity": {
+ "value": "[parameters('alertSensitivity')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertSensitivity": {
+ "type": "String"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-agBackendLastByteResponseTime')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "[parameters('alertSensitivity')]",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "BackendLastByteResponseTime",
+ "metricNamespace": "Microsoft.Network/applicationgateways",
+ "name": "BackendLastByteResponseTime",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for App Gateway BackendLastByteResponseTime",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "alertSensitivity": {
+ "value": "[parameters('alertSensitivity')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "BackendLastByteResponseTime",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "[parameters('alertSensitivity')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_AG_CPUUtilization_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AG_CPUUtilization_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..84cbd7b
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_AG_CPUUtilization_Alert.alz_policy_definition.json
@@ -0,0 +1,335 @@
+{
+ "name": "Deploy_AG_CPUUtilization_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Application Gateway CPU Utilization Alert",
+ "displayName": "Deploy AGW CPU Utilization Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "80",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "type"
+ },
+ {
+ "field": "Microsoft.Network/applicationgateways/sku.name",
+ "notIn": [
+ "Standard_v2",
+ "WAF_v2"
+ ]
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-CpuUtilization-threshold-Override_'), field('tags._amba-CpuUtilization-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-agCpuUtilization')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "CpuUtilization",
+ "metricNamespace": "Microsoft.Network/applicationgateways",
+ "name": "CpuUtilization",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for App Gateway CPU Utilization",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "CpuUtilization",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-CpuUtilization-threshold-Override_'), field('tags._amba-CpuUtilization-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_AG_CapacityUnits_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AG_CapacityUnits_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..ef76322
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_AG_CapacityUnits_Alert.alz_policy_definition.json
@@ -0,0 +1,335 @@
+{
+ "name": "Deploy_AG_CapacityUnits_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Application Gateway CapacityUnits Alert",
+ "displayName": "Deploy AGW Capacity Units Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "75",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "type"
+ },
+ {
+ "In": [
+ "Standard_v2",
+ "WAF_v2"
+ ],
+ "field": "Microsoft.Network/applicationgateways/sku.name"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-CapacityUnits-threshold-Override_'), field('tags._amba-CapacityUnits-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-agCapacityUnits')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "CapacityUnits",
+ "metricNamespace": "Microsoft.Network/applicationgateways",
+ "name": "CapacityUnits",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for App Gateway Capacity Units",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "CapacityUnits",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-CapacityUnits-threshold-Override_'), field('tags._amba-CapacityUnits-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_AG_ComputeUnits_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AG_ComputeUnits_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..974e321
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_AG_ComputeUnits_Alert.alz_policy_definition.json
@@ -0,0 +1,335 @@
+{
+ "name": "Deploy_AG_ComputeUnits_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Application Gateway ComputeUnits Alert",
+ "displayName": "Deploy AGW Compute Units Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "75",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "type"
+ },
+ {
+ "In": [
+ "Standard_v2",
+ "WAF_v2"
+ ],
+ "field": "Microsoft.Network/applicationgateways/sku.name"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-ComputeUnits-threshold-Override_'), field('tags._amba-ComputeUnits-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-agComputeUnits')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "ComputeUnits",
+ "metricNamespace": "Microsoft.Network/applicationgateways",
+ "name": "ComputeUnits",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for App Gateway Compute Units",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ComputeUnits",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-ComputeUnits-threshold-Override_'), field('tags._amba-ComputeUnits-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_AG_FailedRequests_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AG_FailedRequests_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..44d7125
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_AG_FailedRequests_Alert.alz_policy_definition.json
@@ -0,0 +1,379 @@
+{
+ "name": "Deploy_AG_FailedRequests_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Application Gateway FailedRequests Alert",
+ "displayName": "Deploy AGW FailedRequests Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertSensitivity": {
+ "allowedValues": [
+ "Low",
+ "Medium",
+ "High"
+ ],
+ "defaultValue": "Medium",
+ "metadata": {
+ "description": "Alert Sensitivity for the alert",
+ "displayName": "Alert Sensitivity"
+ },
+ "type": "String"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "alertSensitivity": {
+ "value": "[parameters('alertSensitivity')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertSensitivity": {
+ "type": "String"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-agFailedRequests')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "[parameters('alertSensitivity')]",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "FailedRequests",
+ "metricNamespace": "Microsoft.Network/applicationgateways",
+ "name": "FailedRequests",
+ "operator": "GreaterThan",
+ "timeAggregation": "Total"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for App Gateway FailedRequests",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "alertSensitivity": {
+ "value": "[parameters('alertSensitivity')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "FailedRequests",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Total",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "[parameters('alertSensitivity')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_AG_ResponseStatus_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AG_ResponseStatus_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..b8dd586
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_AG_ResponseStatus_Alert.alz_policy_definition.json
@@ -0,0 +1,389 @@
+{
+ "name": "Deploy_AG_ResponseStatus_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Application Gateway ResponseStatus Alert",
+ "displayName": "Deploy AGW ResponseStatus Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertSensitivity": {
+ "allowedValues": [
+ "Low",
+ "Medium",
+ "High"
+ ],
+ "defaultValue": "Medium",
+ "metadata": {
+ "description": "Alert Sensitivity for the alert",
+ "displayName": "Alert Sensitivity"
+ },
+ "type": "String"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "alertSensitivity": {
+ "value": "[parameters('alertSensitivity')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertSensitivity": {
+ "type": "String"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-agResponseStatus')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "[parameters('alertSensitivity')]",
+ "criterionType": "DynamicThresholdCriterion",
+ "dimensions": [
+ {
+ "name": "HttpStatusGroup",
+ "operator": "Include",
+ "values": [
+ "4xx",
+ "5xx"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "ResponseStatus",
+ "metricNamespace": "Microsoft.Network/applicationgateways",
+ "name": "ResponseStatus",
+ "operator": "GreaterThan",
+ "timeAggregation": "Total"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for App Gateway ResponseStatus",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "alertSensitivity": {
+ "value": "[parameters('alertSensitivity')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ResponseStatus",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Total",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "[parameters('alertSensitivity')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_AG_UnhealthyHostCount_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AG_UnhealthyHostCount_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..9c49d91
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_AG_UnhealthyHostCount_Alert.alz_policy_definition.json
@@ -0,0 +1,328 @@
+{
+ "name": "Deploy_AG_UnhealthyHostCount_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Application Gateway Unhealthy Host Count Alert",
+ "displayName": "Deploy AGW Unhealthy Host Count Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "20",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-UnhealthyHostCount-threshold-Override_'), field('tags._amba-UnhealthyHostCount-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-agUnhealthyHostCount')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "UnhealthyHostCount",
+ "metricNamespace": "Microsoft.Network/applicationgateways",
+ "name": "CpuUtilization",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for App Gateway Unhealthy Host Count",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/applicationgateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "UnhealthyHostCount",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-UnhealthyHostCount-threshold-Override_'), field('tags._amba-UnhealthyHostCount-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ALB_DataPathAvailability_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ALB_DataPathAvailability_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..ce4fd8c
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ALB_DataPathAvailability_Alert.alz_policy_definition.json
@@ -0,0 +1,335 @@
+{
+ "name": "Deploy_ALB_DataPathAvailability_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Load Balancer Data Path Availability Alert",
+ "displayName": "Deploy ALB Data Path Availability Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/loadBalancers",
+ "field": "type"
+ },
+ {
+ "field": "Microsoft.Network/loadBalancers/sku.name",
+ "in": [
+ "Standard",
+ "Gateway"
+ ]
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-VipAvailability-threshold-Override_'), field('tags._amba-VipAvailability-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-ALBDataPathAvailability')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "VipAvailability",
+ "metricNamespace": "Microsoft.Network/loadBalancers",
+ "name": "VipAvailability",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ALB Data Path Availability",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/loadBalancers",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "VipAvailability",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-VipAvailability-threshold-Override_'), field('tags._amba-VipAvailability-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ALB_GlobalBackendAvailability_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ALB_GlobalBackendAvailability_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..ca909bf
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ALB_GlobalBackendAvailability_Alert.alz_policy_definition.json
@@ -0,0 +1,332 @@
+{
+ "name": "Deploy_ALB_GlobalBackendAvailability_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Load Balancer Global Backend Availability Alert",
+ "displayName": "Deploy ALB Global Backend Availability Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/loadBalancers",
+ "field": "type"
+ },
+ {
+ "equals": "Global",
+ "field": "Microsoft.Network/loadBalancers/sku.tier"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-GlobalBackendAvailability-threshold-Override_'), field('tags._amba-GlobalBackendAvailability-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-ALBGlobalBackendAvailability')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "GlobalBackendAvailability",
+ "metricNamespace": "Microsoft.Network/loadBalancers",
+ "name": "GlobalBackendAvailability",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Global Backend Availability",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/loadBalancers",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "GlobalBackendAvailability",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-GlobalBackendAvailability-threshold-Override_'), field('tags._amba-GlobalBackendAvailability-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ALB_HealthProbeStatus_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ALB_HealthProbeStatus_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..b5fa315
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ALB_HealthProbeStatus_Alert.alz_policy_definition.json
@@ -0,0 +1,339 @@
+{
+ "name": "Deploy_ALB_HealthProbeStatus_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Load Balancer Health Probe Status Alert",
+ "displayName": "Deploy ALB Health Probe Status Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/loadBalancers",
+ "field": "type"
+ },
+ {
+ "field": "Microsoft.Network/loadBalancers/sku.name",
+ "in": [
+ "Standard",
+ "Gateway"
+ ]
+ },
+ {
+ "equals": "Regional",
+ "field": "Microsoft.Network/loadBalancers/sku.tier"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-DipAvailability-threshold-Override_'), field('tags._amba-DipAvailability-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-ALBHealthProbeStatus')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "DipAvailability",
+ "metricNamespace": "Microsoft.Network/loadBalancers",
+ "name": "DipAvailability",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ALB Health Probe Status",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/loadBalancers",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "DipAvailability",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-DipAvailability-threshold-Override_'), field('tags._amba-DipAvailability-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ALB_UsedSNATPorts_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ALB_UsedSNATPorts_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..ffdb15e
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ALB_UsedSNATPorts_Alert.alz_policy_definition.json
@@ -0,0 +1,328 @@
+{
+ "name": "Deploy_ALB_UsedSNATPorts_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Azure Load Balancer Used SNAT Ports Alert",
+ "displayName": "Deploy ALB Used SNAT Ports Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "900",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/loadBalancers",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-UsedSNATPorts-threshold-Override_'), field('tags._amba-UsedSNATPorts-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-ALBUsedSNATPorts')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "UsedSNATPorts",
+ "metricNamespace": "Microsoft.Network/loadBalancers",
+ "name": "UsedSNATPorts",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ALB Used SNAT Ports",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/loadBalancers",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "UsedSNATPorts",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-UsedSNATPorts-threshold-Override_'), field('tags._amba-UsedSNATPorts-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ActivityLog_ManagedHSMs_Delete.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ActivityLog_ManagedHSMs_Delete.alz_policy_definition.json
new file mode 100644
index 0000000..3fe58fd
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ActivityLog_ManagedHSMs_Delete.alz_policy_definition.json
@@ -0,0 +1,283 @@
+{
+ "name": "Deploy_ActivityLog_ManagedHSMs_Delete",
+ "properties": {
+ "description": "Policy to Deploy Activity Log Managed HSMs Delete Alert",
+ "displayName": "Deploy Activity Log Managed HSMs Delete Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Key Vault",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.0.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_amba": true
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.keyvault/managedHSMs",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ActivityManagedHSMDelete",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "location": "global",
+ "name": "ActivityManagedHSMDelete",
+ "properties": {
+ "condition": {
+ "allOf": [
+ {
+ "equals": "Administrative",
+ "field": "category"
+ },
+ {
+ "equals": "Microsoft.KeyVault/managedHSMs/delete",
+ "field": "operationName"
+ },
+ {
+ "containsAny": [
+ "succeeded"
+ ],
+ "field": "status"
+ }
+ ]
+ },
+ "description": "Activity Log Managed HSM Delete",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Administrative",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": "operationName",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Microsoft.KeyVault/ManagedHSMs/delete",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 2
+ }
+ ]
+ },
+ "existenceScope": "resourcegroup",
+ "name": "ActivityManagedHSMDelete",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_AlertProcessing_Rule.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AlertProcessing_Rule.alz_policy_definition.json
new file mode 100644
index 0000000..9b3a929
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_AlertProcessing_Rule.alz_policy_definition.json
@@ -0,0 +1,497 @@
+{
+ "name": "Deploy_AlertProcessing_Rule",
+ "properties": {
+ "description": "Policy to deploy Action Group and Alert Processing Rule for all AMBA alerts",
+ "displayName": "Deploy AMBA Notification Assets",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.4.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "ALZArmRoleId": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Arm Built-in Role Ids for action group to send alerts to",
+ "displayName": "Arm Role Ids"
+ },
+ "type": "array"
+ },
+ "ALZEventHubResourceId": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Event Hub resource Ids for action group to send alerts to",
+ "displayName": "Event Hub resource Ids"
+ },
+ "type": "array"
+ },
+ "ALZFunctionResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "Function Resource Id for Action Group to send alerts to",
+ "displayName": "Function Resource Id"
+ },
+ "type": "String"
+ },
+ "ALZFunctionTriggerUrl": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "URL that triggers the Function",
+ "displayName": "Function Trigger URL"
+ },
+ "type": "String"
+ },
+ "ALZLogicappCallbackUrl": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "Callback URL that triggers the Logic App",
+ "displayName": "Logic App Callback URL"
+ },
+ "type": "String"
+ },
+ "ALZLogicappResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "Logic App Resource Id for Action Group to send alerts to",
+ "displayName": "Logic App Resource Id"
+ },
+ "type": "String"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Email addresses to send alerts to",
+ "displayName": "Action Group Email Addresses"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_amba": true
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "ALZWebhookServiceUri": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Indicates the service uri(s) of the webhook to send alerts to",
+ "displayName": "Webhook Service Uri(s)"
+ },
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "The Resource IDs of existing Action Groups currently deployed in the environment.",
+ "displayName": "Customer defined Action Group Resource IDs"
+ },
+ "type": "array"
+ },
+ "BYOAlertProcessingRule": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The Resource ID of an existing Alert Processing Rule already deployed by the customer in his environment",
+ "displayName": "Customer defined Alert Processing Rule Resource ID"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Resources/subscriptions",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ },
+ {
+ "equals": "true",
+ "value": "[empty(parameters('BYOAlertProcessingRule'))]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "ALZArmRoleId": {
+ "value": "[parameters('ALZArmRoleId')]"
+ },
+ "ALZEventHubResourceId": {
+ "value": "[parameters('ALZEventHubResourceId')]"
+ },
+ "ALZFunctionResourceId": {
+ "value": "[parameters('ALZFunctionResourceId')]"
+ },
+ "ALZFunctionTriggerUrl": {
+ "value": "[parameters('ALZFunctionTriggerUrl')]"
+ },
+ "ALZLogicappCallbackUrl": {
+ "value": "[parameters('ALZLogicappCallbackUrl')]"
+ },
+ "ALZLogicappResourceId": {
+ "value": "[parameters('ALZLogicappResourceId')]"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "ALZWebhookServiceUri": {
+ "value": "[parameters('ALZWebhookServiceUri')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "BYOAlertProcessingRule": {
+ "value": "[parameters('BYOAlertProcessingRule')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZArmRoleId": {
+ "type": "array"
+ },
+ "ALZEventHubResourceId": {
+ "type": "array"
+ },
+ "ALZFunctionResourceId": {
+ "type": "string"
+ },
+ "ALZFunctionTriggerUrl": {
+ "type": "String"
+ },
+ "ALZLogicappCallbackUrl": {
+ "type": "String"
+ },
+ "ALZLogicappResourceId": {
+ "type": "string"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "type": "string"
+ },
+ "ALZMonitorResourceGroupName": {
+ "type": "string"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "type": "object"
+ },
+ "ALZWebhookServiceUri": {
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "BYOAlertProcessingRule": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('ALZMonitorResourceGroupLocation')]",
+ "name": "[parameters('ALZMonitorResourceGroupName')]",
+ "tags": "[parameters('ALZMonitorResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('ALZMonitorResourceGroupName'))]"
+ ],
+ "name": "ActionGroupDeployment",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "ALZArmRoleId": {
+ "value": "[parameters('ALZArmRoleId')]"
+ },
+ "ALZEventHubResourceId": {
+ "value": "[parameters('ALZEventHubResourceId')]"
+ },
+ "ALZFunctionResourceId": {
+ "value": "[parameters('ALZFunctionResourceId')]"
+ },
+ "ALZFunctionTriggerUrl": {
+ "value": "[parameters('ALZFunctionTriggerUrl')]"
+ },
+ "ALZLogicappCallbackUrl": {
+ "value": "[parameters('ALZLogicappCallbackUrl')]"
+ },
+ "ALZLogicappResourceId": {
+ "value": "[parameters('ALZLogicappResourceId')]"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "ALZWebhookServiceUri": {
+ "value": "[parameters('ALZWebhookServiceUri')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "BYOAlertProcessingRule": {
+ "value": "[parameters('BYOAlertProcessingRule')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZArmRoleId": {
+ "type": "array"
+ },
+ "ALZEventHubResourceId": {
+ "type": "array"
+ },
+ "ALZFunctionResourceId": {
+ "type": "string"
+ },
+ "ALZFunctionTriggerUrl": {
+ "type": "string"
+ },
+ "ALZLogicappCallbackUrl": {
+ "type": "string"
+ },
+ "ALZLogicappResourceId": {
+ "type": "string"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupName": {
+ "type": "string"
+ },
+ "ALZWebhookServiceUri": {
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "BYOAlertProcessingRule": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2023-01-01",
+ "condition": "[and(empty(parameters('BYOActionGroup')), empty(parameters('BYOAlertProcessingRule')))]",
+ "location": "Global",
+ "name": "[concat('ag-AMBA-', subscription().displayName, '-001')]",
+ "properties": {
+ "armRoleReceivers": "[if(empty(parameters('ALZArmRoleId')), null(), variables('varArmRoleReceivers'))]",
+ "azureFunctionReceivers": "[if(empty(parameters('ALZFunctionResourceId')), null(), variables('varAzureFunctionReceivers'))]",
+ "emailReceivers": "[if(empty(parameters('ALZMonitorActionGroupEmail')), null(), variables('varEmailReceivers'))]",
+ "enabled": true,
+ "eventHubReceivers": "[if(empty(parameters('ALZEventHubResourceId')), null(), variables('varEventHubReceivers'))]",
+ "groupShortName": "ActGrp",
+ "logicAppReceivers": "[if(empty(parameters('ALZLogicappResourceId')), null(), variables('varLogicAppReceivers'))]",
+ "webhookReceivers": "[if(empty(parameters('ALZWebhookServiceUri')), null(), variables('varWebhookReceivers'))]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/actionGroups"
+ },
+ {
+ "apiVersion": "2021-08-08",
+ "condition": "[empty(parameters('BYOAlertProcessingRule'))]",
+ "dependsOn": [
+ "[concat('ag-AMBA-', subscription().displayName, '-001')]"
+ ],
+ "location": "Global",
+ "name": "[concat('apr-AMBA-',subscription().displayName, '-001')]",
+ "properties": {
+ "actions": [
+ {
+ "actionType": "AddActionGroups",
+ "actiongroupIds": "[if(empty(parameters('BYOActionGroup')), array(concat(subscription().Id, '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-', subscription().displayName, '-001')), variables('varAGIds'))]"
+ }
+ ],
+ "description": "AMBA Notification Assets - Alert Processing Rule for Subscription",
+ "enabled": true,
+ "scopes": [
+ "[subscription().Id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.AlertsManagement/actionRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('ALZMonitorResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {
+ "copy": [
+ {
+ "count": "[length(parameters('ALZMonitorActionGroupEmail'))]",
+ "input": {
+ "emailAddress": "[trim(parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')])]",
+ "name": "[concat('AlzMail-', indexOf(parameters('ALZMonitorActionGroupEmail'), parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')]))]",
+ "useCommonAlertSchema": true
+ },
+ "mode": "serial",
+ "name": "varEmailReceivers"
+ },
+ {
+ "count": "[length(parameters('ALZArmRoleId'))]",
+ "input": {
+ "name": "[concat('AlzARM-', indexOf(parameters('ALZArmRoleId'), parameters('ALZArmRoleId')[copyIndex('varArmRoleReceivers')]))]",
+ "roleId": "[trim(parameters('ALZArmRoleId')[copyIndex('varArmRoleReceivers')])]",
+ "useCommonAlertSchema": true
+ },
+ "mode": "serial",
+ "name": "varArmRoleReceivers"
+ },
+ {
+ "count": "[length(parameters('ALZEventHubResourceId'))]",
+ "input": {
+ "eventHubName": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[10])]",
+ "eventHubNameSpace": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[8])]",
+ "name": "[concat('AlzEH-', indexOf(parameters('ALZEventHubResourceId'), parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]))]",
+ "subscriptionId": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[2])]",
+ "tenantId": "[subscription().tenantId]",
+ "useCommonAlertSchema": true
+ },
+ "mode": "serial",
+ "name": "varEventHubReceivers"
+ },
+ {
+ "count": "[length(parameters('ALZWebhookServiceUri'))]",
+ "input": {
+ "identifierUri": "null()",
+ "name": "[concat('AlzWh-', indexOf(parameters('ALZWebhookServiceUri'), parameters('ALZWebhookServiceUri')[copyIndex('varWebhookReceivers')]))]",
+ "objectId": "null()",
+ "serviceUri": "[trim(parameters('ALZWebhookServiceUri')[copyIndex('varWebhookReceivers')])]",
+ "tenantId": "null()",
+ "useAadAuth": "false",
+ "useCommonAlertSchema": true
+ },
+ "mode": "serial",
+ "name": "varWebhookReceivers"
+ },
+ {
+ "count": "[length(parameters('BYOActionGroup'))]",
+ "input": "[trim(parameters('BYOActionGroup')[copyIndex('varAGIds')])]",
+ "mode": "serial",
+ "name": "varAGIds"
+ }
+ ],
+ "varAzureFunctionReceivers": [
+ {
+ "functionAppResourceId": "[if(empty(parameters('ALZFunctionResourceId')), null(), split(trim(parameters('ALZFunctionResourceId')),'/functions/')[0])]",
+ "functionName": "[if(empty(parameters('ALZFunctionResourceId')), null(), split(trim(parameters('ALZFunctionResourceId')),'/')[10])]",
+ "httpTriggerUrl": "[if(empty(parameters('ALZFunctionTriggerUrl')), null(), trim(parameters('ALZFunctionTriggerUrl')))]",
+ "name": "AlzFa-0",
+ "useCommonAlertSchema": true
+ }
+ ],
+ "varBYOAlertProcessingRule": "[if(empty(parameters('BYOAlertProcessingRule')), null(), trim(parameters('BYOAlertProcessingRule')))]",
+ "varLogicAppReceivers": [
+ {
+ "callbackUrl": "[if(empty(parameters('ALZLogicappCallbackUrl')), null(), trim(parameters('ALZLogicappCallbackUrl')))]",
+ "name": "AlzLA-0",
+ "resourceId": "[if(empty(parameters('ALZLogicappResourceId')), null(), trim(parameters('ALZLogicappResourceId')))]",
+ "useCommonAlertSchema": true
+ }
+ ]
+ }
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "AMBA Notification Assets - Alert Processing Rule for Subscription",
+ "field": "Microsoft.AlertsManagement/actionRules/description"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('ALZMonitorResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.AlertsManagement/actionRules"
+ },
+ "effect": "deployIfNotExists"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_DNSZ_RegistrationCapacityUtil_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_DNSZ_RegistrationCapacityUtil_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..1ed88ff
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_DNSZ_RegistrationCapacityUtil_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_DNSZ_RegistrationCapacityUtil_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Private DNS Zone Registration Capacity Utilization Alert",
+ "displayName": "Deploy PDNSZ Registration Capacity Utilization Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "80",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/privateDnsZones",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-VirtualNetworkWithRegistrationCapacityUtilization-threshold-Override_'), field('tags._amba-VirtualNetworkWithRegistrationCapacityUtilization-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-RequestsAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "VirtualNetworkWithRegistrationCapacityUtilization",
+ "metricNamespace": "Microsoft.Network/privateDnsZones",
+ "name": "VirtualNetworkWithRegistrationCapacityUtilization",
+ "operator": "GreaterThanOrEqual",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Maximum"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Private DNS Zone Registration Capacity Utilization",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/privateDnsZones",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "VirtualNetworkWithRegistrationCapacityUtilization",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/privateDnsZones/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Maximum",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThanOrEqual",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-VirtualNetworkWithRegistrationCapacityUtilization-threshold-Override_'), field('tags._amba-VirtualNetworkWithRegistrationCapacityUtilization-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERCIR_ArpAvailability_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERCIR_ArpAvailability_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..68b50d3
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERCIR_ArpAvailability_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_ERCIR_ArpAvailability_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ExpressRoute Circuits Arp Availability Alert",
+ "displayName": "Deploy ExpressRoute Circuits Arp Availability Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRouteCircuits",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-ArpAvailability-threshold-Override_'), field('tags._amba-ArpAvailability-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-ArpAvailability')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "ArpAvailability",
+ "metricNamespace": "Microsoft.Network/expressRouteCircuits",
+ "name": "ArpAvailability",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ExpressRoute Circuit Arp Availability",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRouteCircuits",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ArpAvailability",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRouteCircuits/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-ArpAvailability-threshold-Override_'), field('tags._amba-ArpAvailability-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERCIR_BgpAvailability_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERCIR_BgpAvailability_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..f4f235c
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERCIR_BgpAvailability_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_ERCIR_BgpAvailability_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ExpressRoute Circuits Bgp Availability Alert",
+ "displayName": "Deploy ExpressRoute Circuits Bgp Availability Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRouteCircuits",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-BgpAvailability-threshold-Override_'), field('tags._amba-BgpAvailability-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-BgpAvailability')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "BgpAvailability",
+ "metricNamespace": "Microsoft.Network/expressRouteCircuits",
+ "name": "BgpAvailability",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ExpressRoute Circuit Bgp Availability",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRouteCircuits",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "BgpAvailability",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRouteCircuits/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-BgpAvailability-threshold-Override_'), field('tags._amba-BgpAvailability-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERCIR_QosDropBitsInPerSecond_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERCIR_QosDropBitsInPerSecond_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..1fd8ae6
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERCIR_QosDropBitsInPerSecond_Alert.alz_policy_definition.json
@@ -0,0 +1,360 @@
+{
+ "name": "Deploy_ERCIR_QosDropBitsInPerSecond_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ExpressRoute Circuits QosDropBitsInPerSecond Alert",
+ "displayName": "Deploy ExpressRoute Circuits QosDropBitsInPerSecond Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRouteCircuits",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-QosDropBitsInPerSecond')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "QosDropBitsInPerSecond",
+ "metricNamespace": "Microsoft.Network/expressRouteCircuits",
+ "name": "QosDropBitsInPerSecond",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ExpressRoute Circuit QosDropBitsInPerSecond",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRouteCircuits",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "QosDropBitsInPerSecond",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRouteCircuits/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERCIR_QosDropBitsOutPerSecond_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERCIR_QosDropBitsOutPerSecond_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..37d6ba0
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERCIR_QosDropBitsOutPerSecond_Alert.alz_policy_definition.json
@@ -0,0 +1,360 @@
+{
+ "name": "Deploy_ERCIR_QosDropBitsOutPerSecond_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ExpressRoute Circuits QosDropBitsOutPerSecond Alert",
+ "displayName": "Deploy ExpressRoute Circuits QosDropBitsOutPerSecond Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRouteCircuits",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-QosDropBitsOutPerSecond')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "QosDropBitsOutPerSecond",
+ "metricNamespace": "Microsoft.Network/expressRouteCircuits",
+ "name": "QosDropBitsOutPerSecond",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ExpressRoute Circuit QosDropBitsOutPerSecond",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRouteCircuits",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "QosDropBitsOutPerSecond",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRouteCircuits/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERGw_ExpressRouteBitsIn_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERGw_ExpressRouteBitsIn_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..ba981bd
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERGw_ExpressRouteBitsIn_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_ERGw_ExpressRouteBitsIn_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ER Gateway Connection BitsInPerSecond Alert",
+ "displayName": "Deploy ERG ExpressRoute Bits In Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressroutegateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-ERGatewayConnectionBitsInPerSecond-threshold-Override_'), field('tags._amba-ERGatewayConnectionBitsInPerSecond-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-GatewayERBitsInAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "ERGatewayConnectionBitsInPerSecond",
+ "metricNamespace": "Microsoft.Network/expressroutegateways",
+ "name": "ERGatewayConnectionBitsInPerSecond",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ER Gateway Connection BitsInPerSecond",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressroutegateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ERGatewayConnectionBitsInPerSecond",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressroutegateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-ERGatewayConnectionBitsInPerSecond-threshold-Override_'), field('tags._amba-ERGatewayConnectionBitsInPerSecond-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERGw_ExpressRouteBitsOut_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERGw_ExpressRouteBitsOut_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..7772e53
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERGw_ExpressRouteBitsOut_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_ERGw_ExpressRouteBitsOut_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ER Gateway Connection BitsOutPerSecond Alert",
+ "displayName": "Deploy ERG ExpressRoute Bits Out Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressroutegateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-ERGatewayConnectionBitsOutPerSecond-threshold-Override_'), field('tags._amba-ERGatewayConnectionBitsOutPerSecond-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-GatewayERBitsOutAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "ERGatewayConnectionBitsOutPerSecond",
+ "metricNamespace": "Microsoft.Network/expressroutegateways",
+ "name": "ERGatewayConnectionBitsOutPerSecond",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ER Gateway Connection BitsOutPerSecond",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressroutegateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ERGatewayConnectionBitsOutPerSecond",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressroutegateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-ERGatewayConnectionBitsOutPerSecond-threshold-Override_'), field('tags._amba-ERGatewayConnectionBitsOutPerSecond-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERGw_ExpressRouteCpuUtil_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERGw_ExpressRouteCpuUtil_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..d7ab8f4
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERGw_ExpressRouteCpuUtil_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_ERGw_ExpressRouteCpuUtil_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ER Gateway Express Route CPU Utilization Alert",
+ "displayName": "Deploy ERG ExpressRoute CPU Utilization Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "80",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressroutegateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), field('tags._amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-GatewayERCPUAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "ExpressRouteGatewayCpuUtilization",
+ "metricNamespace": "Microsoft.Network/expressroutegateways",
+ "name": "ExpressRouteGatewayCpuUtilization",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ER Gateway Express Route CPU Utilization",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressroutegateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ExpressRouteGatewayCpuUtilization",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressroutegateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), field('tags._amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutLineProtocol_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutLineProtocol_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..f342560
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutLineProtocol_Alert.alz_policy_definition.json
@@ -0,0 +1,328 @@
+{
+ "name": "Deploy_ERP_ExpressRoutLineProtocol_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ER Direct LineProtocol Alert",
+ "displayName": "Deploy ER Direct ExpressRoute LineProtocol Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "0.9",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-LineProtocol-threshold-Override_'), field('tags._amba-LineProtocol-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-DirectERLineProtocolAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "LineProtocol",
+ "metricNamespace": "Microsoft.Network/expressRoutePorts",
+ "name": "LineProtocol",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ER Direct Connection LineProtocolPerSecond",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "LineProtocol",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-LineProtocol-threshold-Override_'), field('tags._amba-LineProtocol-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutRxLightLevel_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutRxLightLevel_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..b4d81e5
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutRxLightLevel_Alert.alz_policy_definition.json
@@ -0,0 +1,332 @@
+{
+ "name": "Deploy_ERP_ExpressRoutRxLightLevel_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ER Direct RxLightLevel High Alert",
+ "displayName": "Deploy ER Direct ExpressRoute RxLightLevel High Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-RxLightLevel-High-threshold-Override_'), field('tags._amba-RxLightLevel-High-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-DirectERRxLightLevelHighAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "RxLightLevel",
+ "metricNamespace": "Microsoft.Network/expressRoutePorts",
+ "name": "RxLightLevel",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ER Direct Connection RxLightLevelHigh",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "RxLightLevel",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-RxLightLevel-High-threshold-Override_'), field('tags._amba-RxLightLevel-High-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutRxLightLevellow_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutRxLightLevellow_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..35fc1ed
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutRxLightLevellow_Alert.alz_policy_definition.json
@@ -0,0 +1,332 @@
+{
+ "name": "Deploy_ERP_ExpressRoutRxLightLevellow_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ER Direct RxLightLevel Low Alert",
+ "displayName": "Deploy ER Direct ExpressRoute RxLightLevel Low Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "-10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-RxLightLevel-Low-threshold-Override_'), field('tags._amba-RxLightLevel-Low-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-DirectERRxLightLevelLowAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "RxLightLevel",
+ "metricNamespace": "Microsoft.Network/expressRoutePorts",
+ "name": "RxLightLevel",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ER Direct Connection RxLightLevelLow",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "RxLightLevel",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-RxLightLevel-Low-threshold-Override_'), field('tags._amba-RxLightLevel-Low-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutTxLightLevell_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutTxLightLevell_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..6e52998
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutTxLightLevell_Alert.alz_policy_definition.json
@@ -0,0 +1,332 @@
+{
+ "name": "Deploy_ERP_ExpressRoutTxLightLevell_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ER Direct TxLightLevel High Alert",
+ "displayName": "Deploy ER Direct ExpressRoute TxLightLevel High Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-TxLightLevel-High-threshold-Override_'), field('tags._amba-TxLightLevel-High-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-DirectERTxLightLevelHighAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "TxLightLevel",
+ "metricNamespace": "Microsoft.Network/expressRoutePorts",
+ "name": "TxLightLevel",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ER Direct Connection TxLightLevelHigh",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TxLightLevel",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-TxLightLevel-High-threshold-Override_'), field('tags._amba-TxLightLevel-High-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutTxLightLevellow_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutTxLightLevellow_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..5ddf4c5
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERP_ExpressRoutTxLightLevellow_Alert.alz_policy_definition.json
@@ -0,0 +1,332 @@
+{
+ "name": "Deploy_ERP_ExpressRoutTxLightLevellow_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ER Direct TxLightLevel Low Alert",
+ "displayName": "Deploy ER Direct ExpressRoute TxLightLevel Low Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "-10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-TxLightLevel-Low-threshold-Override_'), field('tags._amba-TxLightLevel-Low-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-DirectERTxLightLevelLowAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "TxLightLevel",
+ "metricNamespace": "Microsoft.Network/expressRoutePorts",
+ "name": "TxLightLevel",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ER Direct Connection TxLightLevelLow",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TxLightLevel",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-TxLightLevel-Low-threshold-Override_'), field('tags._amba-TxLightLevel-Low-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERP_ExpressRouteBitsIn_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERP_ExpressRouteBitsIn_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..d215d74
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERP_ExpressRouteBitsIn_Alert.alz_policy_definition.json
@@ -0,0 +1,328 @@
+{
+ "name": "Deploy_ERP_ExpressRouteBitsIn_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ER Direct Connection BitsInPerSecond Alert",
+ "displayName": "Deploy ER Direct ExpressRoute Bits In Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-PortBitsInPerSecond-threshold-Override_'), field('tags._amba-PortBitsInPerSecond-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-DirectERBitsInAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "PortBitsInPerSecond",
+ "metricNamespace": "Microsoft.Network/expressRoutePorts",
+ "name": "PortBitsInPerSecond",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ER Direct Connection BitsInPerSecond",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "PortBitsInPerSecond",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-PortBitsInPerSecond-threshold-Override_'), field('tags._amba-PortBitsInPerSecond-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ERP_ExpressRouteBitsOut_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ERP_ExpressRouteBitsOut_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..484d54e
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ERP_ExpressRouteBitsOut_Alert.alz_policy_definition.json
@@ -0,0 +1,328 @@
+{
+ "name": "Deploy_ERP_ExpressRouteBitsOut_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy ER Direct Connection BitsOutPerSecond Alert",
+ "displayName": "Deploy ER Direct ExpressRoute Bits Out Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-PortBitsOutPerSecond-threshold-Override_'), field('tags._amba-PortBitsOutPerSecond-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-DirectERBitsOutAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "PortBitsOutPerSecond",
+ "metricNamespace": "Microsoft.Network/expressRoutePorts",
+ "name": "PortBitsOutPerSecond",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ER Direct Connection BitsOutPerSecond",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/expressRoutePorts",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "PortBitsOutPerSecond",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-PortBitsOutPerSecond-threshold-Override_'), field('tags._amba-PortBitsOutPerSecond-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_FD_BackendHealth_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_FD_BackendHealth_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..647339b
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_FD_BackendHealth_Alert.alz_policy_definition.json
@@ -0,0 +1,328 @@
+{
+ "name": "Deploy_FD_BackendHealth_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy FrontDoor Backend Health Percentage Alert",
+ "displayName": "Deploy Frontdoor Backend Health Percentage Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/frontdoors",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-BackendHealthPercentage-threshold-Override_'), field('tags._amba-BackendHealthPercentage-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-BackendHealthPercentage')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "BackendHealthPercentage",
+ "metricNamespace": "Microsoft.Network/frontdoors",
+ "name": "BackendHealthPercentage",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Frontdoor Backend Health Percentage",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/frontdoors",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "BackendHealthPercentage",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/frontdoors/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-BackendHealthPercentage-threshold-Override_'), field('tags._amba-BackendHealthPercentage-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_FD_BackendRequestLatency_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_FD_BackendRequestLatency_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..d722795
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_FD_BackendRequestLatency_Alert.alz_policy_definition.json
@@ -0,0 +1,326 @@
+{
+ "name": "Deploy_FD_BackendRequestLatency_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Frontdoor Backend Request Latency Alert",
+ "displayName": "Deploy Frontdoor Backend Request Latency Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/frontdoors",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-BackendRequestLatencyAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": 2,
+ "numberOfEvaluationPeriods": 2
+ },
+ "metricName": "BackendRequestLatency",
+ "metricNamespace": "Microsoft.Network/frontdoors",
+ "name": "ServiceApiResult",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Frontdoor BackendRequestLatency",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/frontdoors",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "BackendRequestLatency",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/frontdoors/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": 2,
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": 2,
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_FrontDoorCDN_OriginHealthPercentage_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_FrontDoorCDN_OriginHealthPercentage_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..3d74be3
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_FrontDoorCDN_OriginHealthPercentage_Alert.alz_policy_definition.json
@@ -0,0 +1,328 @@
+{
+ "name": "Deploy_FrontDoorCDN_OriginHealthPercentage_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy FrontDoor Origin Health Percentage Alert",
+ "displayName": "Deploy FrontDoor CDN Profile Origin Health Percentage Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.2"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Cdn/profiles",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-OriginHealthPercentage-threshold-Override_'), field('tags._amba-OriginHealthPercentage-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-OriginHealthPercentage')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "OriginHealthPercentage",
+ "metricNamespace": "Microsoft.Cdn/profiles",
+ "name": "OriginHealthPercentage",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Frontdoor Origin Health Percentage",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Cdn/profiles",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "OriginHealthPercentage",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Cdn/profiles/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-OriginHealthPercentage-threshold-Override_'), field('tags._amba-OriginHealthPercentage-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_FrontDoorCDN_OriginLatency_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_FrontDoorCDN_OriginLatency_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..988f8d2
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_FrontDoorCDN_OriginLatency_Alert.alz_policy_definition.json
@@ -0,0 +1,360 @@
+{
+ "name": "Deploy_FrontDoorCDN_OriginLatency_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy FrontDoor CDN Profile Origin Latency Alert",
+ "displayName": "Deploy FrontDoor CDN Profile Origin Latency Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Cdn/profiles",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-OriginLatencyAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "OriginLatency",
+ "metricNamespace": "Microsoft.Cdn/profiles",
+ "name": "ServiceApiResult",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Frontdoor CDN Origin Latency",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Cdn/profiles",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "OriginLatency",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Cdn/profiles/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_FrontDoorCDN_Percentage4XX_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_FrontDoorCDN_Percentage4XX_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..9001001
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_FrontDoorCDN_Percentage4XX_Alert.alz_policy_definition.json
@@ -0,0 +1,360 @@
+{
+ "name": "Deploy_FrontDoorCDN_Percentage4XX_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy FrontDoor CDN Profile Percentage4XX Alert",
+ "displayName": "Deploy FrontDoor CDN Profile Percentage4XX Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Cdn/profiles",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-Percentage4XXAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "Percentage4XX",
+ "metricNamespace": "Microsoft.Cdn/profiles",
+ "name": "ServiceApiResult",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Frontdoor CDN Origin Latency",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Cdn/profiles",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "Percentage4XX",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Cdn/profiles/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_FrontDoorCDN_Percentage5XX_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_FrontDoorCDN_Percentage5XX_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..a64f829
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_FrontDoorCDN_Percentage5XX_Alert.alz_policy_definition.json
@@ -0,0 +1,360 @@
+{
+ "name": "Deploy_FrontDoorCDN_Percentage5XX_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy FrontDoor CDN Profile Percentage5XX Alert",
+ "displayName": "Deploy FrontDoor CDN Profile Percentage5XX Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Cdn/profiles",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-Percentage5XXAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "Percentage5XX",
+ "metricNamespace": "Microsoft.Cdn/profiles",
+ "name": "ServiceApiResult",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Frontdoor CDN Origin Latency",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Cdn/profiles",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "Percentage5XX",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Cdn/profiles/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_Hybrid_VM_CPU_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Hybrid_VM_CPU_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..110c8a9
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_Hybrid_VM_CPU_Alert.alz_policy_definition.json
@@ -0,0 +1,588 @@
+{
+ "name": "Deploy_Hybrid_VM_CPU_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM CPU Alert",
+ "displayName": "Deploy Hybrid VM CPU Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Hybrid Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "85",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.HybridCompute/machines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "HybridVMCPUAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-HybridVMHighCPUAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-UtilizationPercentage-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Processor\" and Name == \"UtilizationPercentage\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-UtilizationPercentage-threshold-Override_\", tostring(tags.[\"_amba-UtilizationPercentage-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine CPU",
+ "displayName": "[concat(subscription().displayName, '-HybridVMHighCPUAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.HybridCompute/machines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-HybridVMHighCPUAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-UtilizationPercentage-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Processor\" and Name == \"UtilizationPercentage\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-UtilizationPercentage-threshold-Override_\", tostring(tags.[\"_amba-UtilizationPercentage-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_Hybrid_VM_Disconnected_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Hybrid_VM_Disconnected_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..bf8b5cf
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_Hybrid_VM_Disconnected_Alert.alz_policy_definition.json
@@ -0,0 +1,561 @@
+{
+ "name": "Deploy_Hybrid_VM_Disconnected_Alert",
+ "properties": {
+ "description": "Policy to Deploy Hybrid VM Disconnected Alert",
+ "displayName": "Deploy Hybrid VM Disconnected Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Hybrid Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.5.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT10M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT2H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT10M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "allowedValues": [
+ "5m",
+ "10m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "3h",
+ "6h",
+ "12h",
+ "1d",
+ "2d",
+ "3d",
+ "7d"
+ ],
+ "defaultValue": "10m",
+ "metadata": {
+ "description": "Threshold in timespan value for the Hybrid VM Disconnected alert",
+ "displayName": "Hybrid VM Disconnected Threshold (expressed in timespan)"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "P1D",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.HybridCompute/machines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "HybridVMDisconnectedAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-HybridVMDisconnectedAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | where parse_json(tostring(tags.[\"{0}\"])) !in~ (\"{1}\") | where tostring(properties.status) == \"Disconnected\" | extend lastContactedDate = todatetime(properties.lastStatusChange) | where lastContactedDate \u003c= ago(totimespan(policyThresholdString)) | extend status = tostring(properties.status) | project id, Computer=name, status, lastContactedDate', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "id",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Hybrid VM in disconnected state. Not being connected, prevents extensions to be correctly managed from the portal and Azure policies to be correctly applied. Ensure that both server the specific service (Azure Hybrid Instance Metadata Service on Windows or azcmagent on Linux) are running.",
+ "displayName": "[concat(subscription().displayName, '-HybridVMDisconnectedAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.HybridCompute/machines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-HybridVMDisconnectedAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | where parse_json(tostring(tags.[\"{0}\"])) !in~ (\"{1}\") | where tostring(properties.status) == \"Disconnected\" | extend lastContactedDate = todatetime(properties.lastStatusChange) | where lastContactedDate \u003c= ago(totimespan(policyThresholdString)) | extend status = tostring(properties.status) | project id, Computer=name, status, lastContactedDate', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_Hybrid_VM_HeartBeat_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Hybrid_VM_HeartBeat_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..0bb7af1
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_Hybrid_VM_HeartBeat_Alert.alz_policy_definition.json
@@ -0,0 +1,605 @@
+{
+ "name": "Deploy_Hybrid_VM_HeartBeat_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM HeartBeat Alert for all VMs in the subscription",
+ "displayName": "Deploy Hybrid VM HeartBeat Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Hybrid Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT6H",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.HybridCompute/machines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "HybridVMHeartBeatAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-HybridVMHeartBeatAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-Heartbeat-threshold-Override_\"); Heartbeat | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\"minute\",now(),TimeGenerated) | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-Heartbeat-threshold-Override_\", tostring(tags.[\"_amba-Heartbeat-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where Duration \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine Heartbeat",
+ "displayName": "[concat(subscription().displayName, '-HybridVMHeartBeatAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.HybridCompute/machines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-HybridVMHeartBeatAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-Heartbeat-threshold-Override_\"); Heartbeat | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\"minute\",now(),TimeGenerated) | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-Heartbeat-threshold-Override_\", tostring(tags.[\"_amba-Heartbeat-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where Duration \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_Hybrid_VM_Memory_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Hybrid_VM_Memory_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..21a0c98
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_Hybrid_VM_Memory_Alert.alz_policy_definition.json
@@ -0,0 +1,588 @@
+{
+ "name": "Deploy_Hybrid_VM_Memory_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM Memory Alert",
+ "displayName": "Deploy Hybrid VM Memory Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Hybrid Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.HybridCompute/machines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "HybridVMMemoryAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-HybridVMLowMemoryAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-AvailableMemoryPercentage-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Memory\" and Name == \"AvailableMB\" | extend TotalMemory = toreal(todynamic(Tags)[\"vm.azm.ms/memorySizeMB\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-AvailableMemoryPercentage-threshold-Override_\", tostring(tags.[\"_amba-AvailableMemoryPercentage-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003c appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine Memory",
+ "displayName": "[concat(subscription().displayName, '-HybridVMLowMemoryAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.HybridCompute/machines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-HybridVMLowMemoryAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-AvailableMemoryPercentage-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Memory\" and Name == \"AvailableMB\" | extend TotalMemory = toreal(todynamic(Tags)[\"vm.azm.ms/memorySizeMB\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-AvailableMemoryPercentage-threshold-Override_\", tostring(tags.[\"_amba-AvailableMemoryPercentage-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003c appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_Hybrid_VM_NetworkIn_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Hybrid_VM_NetworkIn_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..da1ad96
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_Hybrid_VM_NetworkIn_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_Hybrid_VM_NetworkIn_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM Nework Read Alert",
+ "displayName": "Deploy Hybrid VM Network Read Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Hybrid Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "10000000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.HybridCompute/machines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "HybridVMVMNetworkInAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-HybridVMHighNetworkInAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "NetworkInterface",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadBytesPerSecond-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"ReadBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadBytesPerSecond-Data-threshold-Override_\", tostring(tags.[\"_amba-ReadBytesPerSecond-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine NetworkIn",
+ "displayName": "[concat(subscription().displayName, '-HybridVMHighNetworkInAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.HybridCompute/machines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-HybridVMHighNetworkInAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadBytesPerSecond-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"ReadBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadBytesPerSecond-Data-threshold-Override_\", tostring(tags.[\"_amba-ReadBytesPerSecond-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_Hybrid_VM_NetworkOut_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Hybrid_VM_NetworkOut_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..b79a529
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_Hybrid_VM_NetworkOut_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_Hybrid_VM_NetworkOut_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM Network Out Alert",
+ "displayName": "Deploy Hybrid VM Network Write Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Hybrid Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "10000000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.HybridCompute/machines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "HybridVMVMNetworkOutAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-HybridVMHighNetworkOutAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "NetworkInterface",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteBytesPerSecond-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"WriteBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteBytesPerSecond-Data-threshold-Override_\", tostring(tags.[\"_amba-WriteBytesPerSecond-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine NetworkOut",
+ "displayName": "[concat(subscription().displayName, '-HybridVMHighNetworkOutAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.HybridCompute/machines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-HybridVMHighNetworkOutAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteBytesPerSecond-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"WriteBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteBytesPerSecond-Data-threshold-Override_\", tostring(tags.[\"_amba-WriteBytesPerSecond-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_Hybrid_VM_OSDiskSpace_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Hybrid_VM_OSDiskSpace_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..94f102c
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_Hybrid_VM_OSDiskSpace_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_Hybrid_VM_OSDiskSpace_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM OSDiskSpace Alert",
+ "displayName": "Deploy Hybrid VM OS Disk Space Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Hybrid Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.HybridCompute/machines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "HybridVMOSDiskSpaceAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-HybridVMLowOSDiskSpaceAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "Disk",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-OS-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-OS-threshold-Override_\", tostring(tags.[\"_amba-FreeSpacePercentage-OS-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003c appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine OSDiskSpace",
+ "displayName": "[concat(subscription().displayName, '-HybridVMLowOSDiskSpaceAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.HybridCompute/machines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-HybridVMLowOSDiskSpaceAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-OS-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-OS-threshold-Override_\", tostring(tags.[\"_amba-FreeSpacePercentage-OS-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003c appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_Hybrid_VM_OSDiskreadLatency_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Hybrid_VM_OSDiskreadLatency_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..4027391
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_Hybrid_VM_OSDiskreadLatency_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_Hybrid_VM_OSDiskreadLatency_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM OSDiskreadLatency Alert",
+ "displayName": "Deploy Hybrid VM OS Disk Read Latency Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Hybrid Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.HybridCompute/machines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "HybridVMOSDiskreadLatencyAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-HybridVMHighOSDiskReadLatencyAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "Disk",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-OS-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-OS-threshold-Override_\", tostring(tags.[\"_amba-ReadLatencyMs-OS-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine OSDiskreadLatency",
+ "displayName": "[concat(subscription().displayName, '-HybridVMHighOSDiskReadLatencyAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.HybridCompute/machines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-HybridVMHighOSDiskReadLatencyAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-OS-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-OS-threshold-Override_\", tostring(tags.[\"_amba-ReadLatencyMs-OS-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_Hybrid_VM_OSDiskwriteLatency_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Hybrid_VM_OSDiskwriteLatency_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..c2c017f
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_Hybrid_VM_OSDiskwriteLatency_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_Hybrid_VM_OSDiskwriteLatency_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM OSDiskwriteLatency Alert",
+ "displayName": "Deploy Hybrid VM OS Disk Write Latency Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Hybrid Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.HybridCompute/machines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "HybridVMOSDiskwriteLatencyAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-HybridVMHighOSDiskWriteLatencyAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "Disk",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-OS-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-OS-threshold-Override_\", tostring(tags.[\"_amba-WriteLatencyMs-OS-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine OSDiskwriteLatency",
+ "displayName": "[concat(subscription().displayName, '-HybridVMHighOSDiskWriteLatencyAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.HybridCompute/machines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-HybridVMHighOSDiskWriteLatencyAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-OS-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-OS-threshold-Override_\", tostring(tags.[\"_amba-WriteLatencyMs-OS-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_Hybrid_VM_dataDiskReadLatency_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Hybrid_VM_dataDiskReadLatency_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..937ba5c
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_Hybrid_VM_dataDiskReadLatency_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_Hybrid_VM_dataDiskReadLatency_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM dataDiskReadLatency Alert",
+ "displayName": "Deploy Hybrid VM Data Disk Read Latency Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Hybrid Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.HybridCompute/machines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "HybridVMdataDiskReadLatencyAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-HybridVMHighDataDiskReadLatencyAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "Disk",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\", \"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-Data-threshold-Override_\", tostring(tags.[\"_amba-ReadLatencyMs-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine dataDiskReadLatency",
+ "displayName": "[concat(subscription().displayName, '-HybridVMHighDataDiskReadLatencyAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.HybridCompute/machines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-HybridVMHighDataDiskReadLatencyAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\", \"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-Data-threshold-Override_\", tostring(tags.[\"_amba-ReadLatencyMs-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_Hybrid_VM_dataDiskSpace_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Hybrid_VM_dataDiskSpace_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..fef9dde
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_Hybrid_VM_dataDiskSpace_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_Hybrid_VM_dataDiskSpace_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM data Disk Space Alert",
+ "displayName": "Deploy Hybrid VM Data Disk Space Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Hybrid Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.HybridCompute/machines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "HybridVMdataDiskSpaceAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-HybridVMLowDataDiskSpaceAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "Disk",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-Data-threshold-Override_\", tostring(tags.[\"_amba-FreeSpacePercentage-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003c appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine dataDiskSpace",
+ "displayName": "[concat(subscription().displayName, '-HybridVMLowDataDiskSpaceAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.HybridCompute/machines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-HybridVMLowDataDiskSpaceAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-Data-threshold-Override_\", tostring(tags.[\"_amba-FreeSpacePercentage-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003c appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_Hybrid_VM_dataDiskWriteLatency_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Hybrid_VM_dataDiskWriteLatency_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..d83faac
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_Hybrid_VM_dataDiskWriteLatency_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_Hybrid_VM_dataDiskWriteLatency_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM dataDiskWriteLatency Alert",
+ "displayName": "Deploy Hybrid VM Data Disk Write Latency Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Hybrid Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.HybridCompute/machines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "HybridVMdataDiskWriteLatencyAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "Disk",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-Data-threshold-Override_\", tostring(tags.[\"_amba-WriteLatencyMs-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine dataDiskWriteLatency",
+ "displayName": "[concat(subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.HybridCompute/machines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-Data-threshold-Override_\", tostring(tags.[\"_amba-WriteLatencyMs-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_KeyVault_Availability_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_KeyVault_Availability_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..deeb455
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_KeyVault_Availability_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_KeyVault_Availability_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy KeyVault Availability Alert",
+ "displayName": "Deploy Key Vault Availability Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Key Vault",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.keyvault/vaults",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-Availability')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "Availability",
+ "metricNamespace": "microsoft.keyvault/vaults",
+ "name": "Availability",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for KeyVault Availability",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.keyvault/vaults",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "Availability",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/vaults/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_KeyVault_Capacity_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_KeyVault_Capacity_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..fd65552
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_KeyVault_Capacity_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_KeyVault_Capacity_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy KeyVault Capacity Alert",
+ "displayName": "Deploy Key Vault Capacity Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Key Vault",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "75",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.keyvault/vaults",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-SaturationShoebox-threshold-Override_'), field('tags._amba-SaturationShoebox-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-CapacityAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "SaturationShoebox",
+ "metricNamespace": "microsoft.keyvault/vaults",
+ "name": "SaturationShoebox",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for KeyVault Capacity",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.keyvault/vaults",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "SaturationShoebox",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/vaults/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-SaturationShoebox-threshold-Override_'), field('tags._amba-SaturationShoebox-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_KeyVault_Latency_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_KeyVault_Latency_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..85c67e3
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_KeyVault_Latency_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_KeyVault_Latency_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy KeyVault Latency Alert",
+ "displayName": "Deploy Key Vault Latency Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Key Vault",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.keyvault/vaults",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-ServiceApiLatency-threshold-Override_'), field('tags._amba-ServiceApiLatency-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-LatencyAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "ServiceApiLatency",
+ "metricNamespace": "microsoft.keyvault/vaults",
+ "name": "ServiceApiLatency",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for KeyVault Latency",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.keyvault/vaults",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ServiceApiLatency",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/vaults/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-ServiceApiLatency-threshold-Override_'), field('tags._amba-ServiceApiLatency-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_KeyVault_Requests_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_KeyVault_Requests_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..bd10217
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_KeyVault_Requests_Alert.alz_policy_definition.json
@@ -0,0 +1,326 @@
+{
+ "name": "Deploy_KeyVault_Requests_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy KeyVault Requests Alert",
+ "displayName": "Deploy Key Vault Requests Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Key Vault",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.keyvault/vaults",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-RequestsAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": 4,
+ "numberOfEvaluationPeriods": 4
+ },
+ "metricName": "ServiceApiResult",
+ "metricNamespace": "microsoft.keyvault/vaults",
+ "name": "ServiceApiResult",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for KeyVault Requests",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.keyvault/vaults",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ServiceApiResult",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/vaults/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": 4,
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": 4,
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_LAWorkspace_DailyCapLimitReached_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_LAWorkspace_DailyCapLimitReached_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..b060cb0
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_LAWorkspace_DailyCapLimitReached_Alert.alz_policy_definition.json
@@ -0,0 +1,486 @@
+{
+ "name": "Deploy_LAWorkspace_DailyCapLimitReached_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy LA Workspace Daily Cap Limit Reached Alert",
+ "displayName": "Deploy LA Workspace Daily Cap Limit Reached Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT10M",
+ "PT15M",
+ "PT30M",
+ "PT45M",
+ "PT1H",
+ "PT2H",
+ "PT3H",
+ "PT4H",
+ "PT5H",
+ "PT6H",
+ "P1D"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan",
+ "GreaterThanOrEqual"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT10M",
+ "PT15M",
+ "PT30M",
+ "PT45M",
+ "PT1H",
+ "PT2H",
+ "PT3H",
+ "PT4H",
+ "PT5H",
+ "PT6H",
+ "P1D"
+ ],
+ "defaultValue": "P1D",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.OperationalInsights/workspaces",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceLocation": {
+ "value": "[field('location')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceLocation": {
+ "metadata": {
+ "description": "Location of the resource",
+ "displayName": "resourceLocation"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('resourceLocation')]",
+ "name": "[concat(parameters('resourceName'), '-DailyCapLimitReachedAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "workspaceName",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.OperationalInsights/workspaces\" | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\") | project customerId = tostring(properties.customerId)); let workspaceResources = (arg(\"\").resources | where type =~ \"Microsoft.OperationalInsights/workspaces\" | project id, customerId = tostring(properties.customerId), workspaceName = tostring(name)); Operation | where TenantId !in~ (excludedResources) | where OperationCategory == \"Data Collection Status\" | where Detail has_any(\"RespectQuota\", \"OverQuota\") | summarize arg_max(TimeGenerated, *) by TenantId | where Detail has \"OverQuota\" | join hint.remote=left kind=inner workspaceResources on $left.TenantId == $right.customerId | project TimeGenerated, id, workspaceName, workspaceId = TenantId, Detail', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'))]",
+ "resourceIdColumn": "id",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Daily Cap Limit Reached",
+ "displayName": "[concat(parameters('resourceName'), '-DailyCapLimitReachedAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('threshold')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.OperationalInsights/workspaces\" | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\") | project customerId = tostring(properties.customerId)); let workspaceResources = (arg(\"\").resources | where type =~ \"Microsoft.OperationalInsights/workspaces\" | project id, customerId = tostring(properties.customerId), workspaceName = tostring(name)); Operation | where TenantId !in~ (excludedResources) | where OperationCategory == \"Data Collection Status\" | where Detail has_any(\"RespectQuota\", \"OverQuota\") | summarize arg_max(TimeGenerated, *) by TenantId | where Detail has \"OverQuota\" | join hint.remote=left kind=inner workspaceResources on $left.TenantId == $right.customerId | project TimeGenerated, id, workspaceName, workspaceId = TenantId, Detail', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ManagedHSMs_Availability_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ManagedHSMs_Availability_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..c8c8687
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ManagedHSMs_Availability_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_ManagedHSMs_Availability_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Managed HSMs Availability Alert",
+ "displayName": "Deploy Managed HSMs Availability Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Key Vault",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.0.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.keyvault/managedHSMs",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-Availability')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "Availability",
+ "metricNamespace": "microsoft.keyvault/managedHSMs",
+ "name": "Availability",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ManagedHSM Availability",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.KeyVault/ManagedHSMs",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "Availability",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/managedHSMs/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ManagedHSMs_Latency_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ManagedHSMs_Latency_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..25958ac
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ManagedHSMs_Latency_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_ManagedHSMs_Latency_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Managed HSMs Latency Alert",
+ "displayName": "Deploy Managed HSMs Latency Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Key Vault",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.keyvault/managedHSMs",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-ServiceApiLatency-threshold-Override_'), field('tags._amba-ServiceApiLatency-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-LatencyAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "ServiceApiLatency",
+ "metricNamespace": "Microsoft.KeyVault/managedHSMs",
+ "name": "ServiceApiLatency",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for ManagedHSM Latency",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.KeyVault/managedHSMs",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ServiceApiLatency",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/managedHSMs', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-ServiceApiLatency-threshold-Override_'), field('tags._amba-ServiceApiLatency-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_PDNSZ_CapacityUtil_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_PDNSZ_CapacityUtil_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..b3dd6cd
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_PDNSZ_CapacityUtil_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_PDNSZ_CapacityUtil_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Private DNS Zone Capacity Utilization Alert",
+ "displayName": "Deploy PDNSZ Capacity Utilization Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "80",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/privateDnsZones",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-VirtualNetworkLinkCapacityUtilization-threshold-Override_'), field('tags._amba-VirtualNetworkLinkCapacityUtilization-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-CapacityUtilizationAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "VirtualNetworkLinkCapacityUtilization",
+ "metricNamespace": "Microsoft.Network/privateDnsZones",
+ "name": "VirtualNetworkLinkCapacityUtilization",
+ "operator": "GreaterThanOrEqual",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Maximum"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Private DNS Zone Virtual Network Link Capacity Utilization",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/privateDnsZones",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "VirtualNetworkLinkCapacityUtilization",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/privateDnsZones/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Maximum",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThanOrEqual",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-VirtualNetworkLinkCapacityUtilization-threshold-Override_'), field('tags._amba-VirtualNetworkLinkCapacityUtilization-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_PDNSZ_QueryVolume_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_PDNSZ_QueryVolume_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..ef2675e
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_PDNSZ_QueryVolume_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_PDNSZ_QueryVolume_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Private DNS Zone Query Volume Alert",
+ "displayName": "Deploy PDNSZ Query Volume Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "500",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/privateDnsZones",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-QueryVolume-threshold-Override_'), field('tags._amba-QueryVolume-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-QueryVolumeAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "QueryVolume",
+ "metricNamespace": "Microsoft.Network/privateDnsZones",
+ "name": "QueryVolume",
+ "operator": "GreaterThanOrEqual",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Total"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Private DNS Query Volume",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/privateDnsZones",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "QueryVolume",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/privateDnsZones/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Total",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThanOrEqual",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-QueryVolume-threshold-Override_'), field('tags._amba-QueryVolume-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_PDNSZ_RecordSetCapacity_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_PDNSZ_RecordSetCapacity_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..328f25d
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_PDNSZ_RecordSetCapacity_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_PDNSZ_RecordSetCapacity_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Private DNS Zone Record Set Capacity Alert",
+ "displayName": "Deploy PDNSZ Record Set Capacity Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "80",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/privateDnsZones",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-RecordSetCapacityUtilization-threshold-Override_'), field('tags._amba-RecordSetCapacityUtilization-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-RecordSet_Capacity_Utilization')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "RecordSetCapacityUtilization",
+ "metricNamespace": "Microsoft.Network/privateDnsZones",
+ "name": "RecordSetCapacityUtilization",
+ "operator": "GreaterThanOrEqual",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Maximum"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Private DNS Zone Record Set Capacity Utilization",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/privateDnsZones",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "RecordSetCapacityUtilization",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/privateDnsZones/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Maximum",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThanOrEqual",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-RecordSetCapacityUtilization-threshold-Override_'), field('tags._amba-RecordSetCapacityUtilization-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_PublicIp_BytesInDDoSAttack_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_PublicIp_BytesInDDoSAttack_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..63d18a6
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_PublicIp_BytesInDDoSAttack_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_PublicIp_BytesInDDoSAttack_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy PIP Bytes in DDoS Attack Alert",
+ "displayName": "Deploy PIP Bytes in DDoS Attack Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "8000000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/publicIPAddresses",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-bytesinddos-threshold-Override_'), field('tags._amba-bytesinddos-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-BytesInDDOSAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "bytesinddos",
+ "metricNamespace": "Microsoft.Network/publicIPAddresses",
+ "name": "bytesinddos",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Maximum"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Public IP Address Bytes IN DDOS",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/publicIPAddresses",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "bytesinddos",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/publicIPAddresses/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Maximum",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-bytesinddos-threshold-Override_'), field('tags._amba-bytesinddos-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_PublicIp_DDoSAttack_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_PublicIp_DDoSAttack_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..2959e11
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_PublicIp_DDoSAttack_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_PublicIp_DDoSAttack_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy PIP DDoS Attack Alert",
+ "displayName": "Deploy PIP DDoS Attack Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/publicIPAddresses",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-ifunderddosattack-threshold-Override_'), field('tags._amba-ifunderddosattack-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-DDOS_Attack')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "ifunderddosattack",
+ "metricNamespace": "Microsoft.Network/publicIPAddresses",
+ "name": "ifunderddosattack",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Maximum"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Public IP Address Under Attack",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/publicIPAddresses",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ifunderddosattack",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/publicIPAddresses/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Maximum",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-ifunderddosattack-threshold-Override_'), field('tags._amba-ifunderddosattack-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_PublicIp_PacketsInDDoSAttack_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_PublicIp_PacketsInDDoSAttack_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..32ca5ae
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_PublicIp_PacketsInDDoSAttack_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_PublicIp_PacketsInDDoSAttack_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy PIP Packets in DDoS Attack Alert",
+ "displayName": "Deploy PIP Packets in DDoS Attack Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "40000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/publicIPAddresses",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-PacketsInDDoS-threshold-Override_'), field('tags._amba-PacketsInDDoS-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-PacketsInDDosAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "PacketsInDDoS",
+ "metricNamespace": "Microsoft.Network/publicIPAddresses",
+ "name": "PacketsInDDoS",
+ "operator": "GreaterThanOrEqual",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Total"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Public IP Address Packets IN DDOS",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/publicIPAddresses",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "PacketsInDDoS",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/publicIPAddresses/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Total",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThanOrEqual",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-PacketsInDDoS-threshold-Override_'), field('tags._amba-PacketsInDDoS-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_PublicIp_VIPAvailability_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_PublicIp_VIPAvailability_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..bd241c3
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_PublicIp_VIPAvailability_Alert.alz_policy_definition.json
@@ -0,0 +1,335 @@
+{
+ "name": "Deploy_PublicIp_VIPAvailability_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy PIP VIP Availability Alert",
+ "displayName": "Deploy PIP VIP Availability Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/publicIPAddresses",
+ "field": "type"
+ },
+ {
+ "equals": "Standard",
+ "field": "Microsoft.Network/publicIPAddresses/sku.name"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-VipAvailability-threshold-Override_'), field('tags._amba-VipAvailability-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-VIPAvailabityAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "VipAvailability",
+ "metricNamespace": "Microsoft.Network/publicIPAddresses",
+ "name": "VipAvailability",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Public IP Address VIP Availability",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/publicIPAddresses",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "VipAvailability",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/publicIPAddresses/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-VipAvailability-threshold-Override_'), field('tags._amba-VipAvailability-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_RecoveryVault_ASRHealthMonitor_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_RecoveryVault_ASRHealthMonitor_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..bdfb476
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_RecoveryVault_ASRHealthMonitor_Alert.alz_policy_definition.json
@@ -0,0 +1,107 @@
+{
+ "name": "Deploy_RecoveryVault_ASRHealthMonitor_Alert",
+ "properties": {
+ "description": "Policy to audit/update Recovery Vault ASR Health Alerting to Azure monitor alerts",
+ "displayName": "Deploy RV ASR Health Monitoring Alerts",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Site Recovery",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.0.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "effect": {
+ "allowedValues": [
+ "modify",
+ "audit",
+ "disabled"
+ ],
+ "defaultValue": "modify",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.RecoveryServices/Vaults",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ },
+ {
+ "anyOf": [
+ {
+ "field": "Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllReplicationIssues",
+ "notEquals": "Enabled"
+ },
+ {
+ "field": "Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllFailoverIssues",
+ "notEquals": "Enabled"
+ }
+ ]
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "conflictEffect": "audit",
+ "operations": [
+ {
+ "field": "Microsoft.RecoveryServices/vaults/monitoringSettings.classicAlertSettings.emailNotificationsForSiteRecovery",
+ "operation": "addOrReplace",
+ "value": "Disabled"
+ },
+ {
+ "field": "Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllReplicationIssues",
+ "operation": "addOrReplace",
+ "value": "Enabled"
+ },
+ {
+ "field": "Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllFailoverIssues",
+ "operation": "addOrReplace",
+ "value": "Enabled"
+ }
+ ],
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ]
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_RecoveryVault_BackupHealthMonitor_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_RecoveryVault_BackupHealthMonitor_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..ea37c9c
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_RecoveryVault_BackupHealthMonitor_Alert.alz_policy_definition.json
@@ -0,0 +1,94 @@
+{
+ "name": "Deploy_RecoveryVault_BackupHealthMonitor_Alert",
+ "properties": {
+ "description": "Policy to audit/update Recovery Vault Backup Health Alerting to Azure monitor alerts",
+ "displayName": "Deploy RV Backup Health Monitoring Alerts",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Site Recovery",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "effect": {
+ "allowedValues": [
+ "modify",
+ "audit",
+ "disabled"
+ ],
+ "defaultValue": "modify",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.RecoveryServices/Vaults",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ },
+ {
+ "field": "Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllJobFailures",
+ "notEquals": "Enabled"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "conflictEffect": "audit",
+ "operations": [
+ {
+ "field": "Microsoft.RecoveryServices/vaults/monitoringSettings.classicAlertSettings.alertsForCriticalOperations",
+ "operation": "addOrReplace",
+ "value": "Disabled"
+ },
+ {
+ "field": "Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllJobFailures",
+ "operation": "addOrReplace",
+ "value": "Enabled"
+ }
+ ],
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ]
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_ServiceHealth_ActionGroups.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ServiceHealth_ActionGroups.alz_policy_definition.json
new file mode 100644
index 0000000..b9c0f85
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_ServiceHealth_ActionGroups.alz_policy_definition.json
@@ -0,0 +1,468 @@
+{
+ "name": "Deploy_ServiceHealth_ActionGroups",
+ "properties": {
+ "description": "Policy to deploy action group for Service Health alerts",
+ "displayName": "Deploy Service Health Action Group",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.4.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "ALZArmRoleId": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Arm Built-in Role Ids for action group to send alerts to",
+ "displayName": "Arm Role Ids"
+ },
+ "type": "array"
+ },
+ "ALZEventHubResourceId": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Event Hub resource Ids for action group to send alerts to",
+ "displayName": "Event Hub resource Ids"
+ },
+ "type": "array"
+ },
+ "ALZFunctionResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "Function Resource Id for Action Group to send alerts to",
+ "displayName": "Function Resource Id"
+ },
+ "type": "String"
+ },
+ "ALZFunctionTriggerUrl": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "URL that triggers the Function",
+ "displayName": "Function Trigger URL"
+ },
+ "type": "String"
+ },
+ "ALZLogicappCallbackUrl": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "Callback URL that triggers the Logic App",
+ "displayName": "Logic App Callback URL"
+ },
+ "type": "String"
+ },
+ "ALZLogicappResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "Logic App Resource Id for Action Group to send alerts to",
+ "displayName": "Logic App Resource Id"
+ },
+ "type": "String"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Email addresses to send alerts to",
+ "displayName": "Action Group Email Addresses"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_amba": true
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "ALZWebhookServiceUri": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Indicates the service uri(s) of the webhook to send alerts to",
+ "displayName": "Webhook Service Uri(s)"
+ },
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "The Resource IDs of existing Action Groups currently deployed in the environment.",
+ "displayName": "Customer defined Action Group Resource IDs"
+ },
+ "type": "array"
+ },
+ "BYOAlertProcessingRule": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The Resource ID of an existing Alert Processing Rule already deployed by the customer in his environment",
+ "displayName": "Customer defined Alert Processing Rule Resource ID"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Resources/subscriptions",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ },
+ {
+ "equals": "true",
+ "value": "[empty(parameters('BYOActionGroup'))]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "ALZArmRoleId": {
+ "value": "[parameters('ALZArmRoleId')]"
+ },
+ "ALZEventHubResourceId": {
+ "value": "[parameters('ALZEventHubResourceId')]"
+ },
+ "ALZFunctionResourceId": {
+ "value": "[parameters('ALZFunctionResourceId')]"
+ },
+ "ALZFunctionTriggerUrl": {
+ "value": "[parameters('ALZFunctionTriggerUrl')]"
+ },
+ "ALZLogicappCallbackUrl": {
+ "value": "[parameters('ALZLogicappCallbackUrl')]"
+ },
+ "ALZLogicappResourceId": {
+ "value": "[parameters('ALZLogicappResourceId')]"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "ALZWebhookServiceUri": {
+ "value": "[parameters('ALZWebhookServiceUri')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "BYOAlertProcessingRule": {
+ "value": "[parameters('BYOAlertProcessingRule')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZArmRoleId": {
+ "type": "array"
+ },
+ "ALZEventHubResourceId": {
+ "type": "array"
+ },
+ "ALZFunctionResourceId": {
+ "type": "string"
+ },
+ "ALZFunctionTriggerUrl": {
+ "type": "String"
+ },
+ "ALZLogicappCallbackUrl": {
+ "type": "String"
+ },
+ "ALZLogicappResourceId": {
+ "type": "string"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "type": "string"
+ },
+ "ALZMonitorResourceGroupName": {
+ "type": "string"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "type": "object"
+ },
+ "ALZWebhookServiceUri": {
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "BYOAlertProcessingRule": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('ALZMonitorResourceGroupLocation')]",
+ "name": "[parameters('ALZMonitorResourceGroupName')]",
+ "tags": "[parameters('ALZMonitorResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('ALZMonitorResourceGroupName'))]"
+ ],
+ "name": "SH-ActionGroupDeployment",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "ALZArmRoleId": {
+ "value": "[parameters('ALZArmRoleId')]"
+ },
+ "ALZEventHubResourceId": {
+ "value": "[parameters('ALZEventHubResourceId')]"
+ },
+ "ALZFunctionResourceId": {
+ "value": "[parameters('ALZFunctionResourceId')]"
+ },
+ "ALZFunctionTriggerUrl": {
+ "value": "[parameters('ALZFunctionTriggerUrl')]"
+ },
+ "ALZLogicappCallbackUrl": {
+ "value": "[parameters('ALZLogicappCallbackUrl')]"
+ },
+ "ALZLogicappResourceId": {
+ "value": "[parameters('ALZLogicappResourceId')]"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "ALZWebhookServiceUri": {
+ "value": "[parameters('ALZWebhookServiceUri')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "BYOAlertProcessingRule": {
+ "value": "[parameters('BYOAlertProcessingRule')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZArmRoleId": {
+ "type": "array"
+ },
+ "ALZEventHubResourceId": {
+ "type": "array"
+ },
+ "ALZFunctionResourceId": {
+ "type": "string"
+ },
+ "ALZFunctionTriggerUrl": {
+ "type": "string"
+ },
+ "ALZLogicappCallbackUrl": {
+ "type": "string"
+ },
+ "ALZLogicappResourceId": {
+ "type": "string"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupName": {
+ "type": "string"
+ },
+ "ALZWebhookServiceUri": {
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "BYOAlertProcessingRule": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2023-01-01",
+ "condition": "[empty(parameters('BYOActionGroup'))]",
+ "location": "Global",
+ "name": "[concat('ag-AMBA-SH-', subscription().displayName, '-001')]",
+ "properties": {
+ "armRoleReceivers": "[if(empty(parameters('ALZArmRoleId')), null(), variables('varArmRoleReceivers'))]",
+ "azureFunctionReceivers": "[if(empty(parameters('ALZFunctionResourceId')), null(), variables('varAzureFunctionReceivers'))]",
+ "emailReceivers": "[if(empty(parameters('ALZMonitorActionGroupEmail')), null(), variables('varEmailReceivers'))]",
+ "enabled": true,
+ "eventHubReceivers": "[if(empty(parameters('ALZEventHubResourceId')), null(), variables('varEventHubReceivers'))]",
+ "groupShortName": "SH-ActGrp",
+ "logicAppReceivers": "[if(empty(parameters('ALZLogicappResourceId')), null(), variables('varLogicAppReceivers'))]",
+ "webhookReceivers": "[if(empty(parameters('ALZWebhookServiceUri')), null(), variables('varWebhookReceivers'))]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/actionGroups"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('ALZMonitorResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {
+ "copy": [
+ {
+ "count": "[length(parameters('ALZMonitorActionGroupEmail'))]",
+ "input": {
+ "emailAddress": "[trim(parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')])]",
+ "name": "[concat('AlzMail-', indexOf(parameters('ALZMonitorActionGroupEmail'), parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')]))]",
+ "useCommonAlertSchema": true
+ },
+ "mode": "serial",
+ "name": "varEmailReceivers"
+ },
+ {
+ "count": "[length(parameters('ALZArmRoleId'))]",
+ "input": {
+ "name": "[concat('AlzARM-', indexOf(parameters('ALZArmRoleId'), parameters('ALZArmRoleId')[copyIndex('varArmRoleReceivers')]))]",
+ "roleId": "[trim(parameters('ALZArmRoleId')[copyIndex('varArmRoleReceivers')])]",
+ "useCommonAlertSchema": true
+ },
+ "mode": "serial",
+ "name": "varArmRoleReceivers"
+ },
+ {
+ "count": "[length(parameters('ALZEventHubResourceId'))]",
+ "input": {
+ "eventHubName": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[10])]",
+ "eventHubNameSpace": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[8])]",
+ "name": "[concat('AlzEH-', indexOf(parameters('ALZEventHubResourceId'), parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]))]",
+ "subscriptionId": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[2])]",
+ "tenantId": "[subscription().tenantId]",
+ "useCommonAlertSchema": true
+ },
+ "mode": "serial",
+ "name": "varEventHubReceivers"
+ },
+ {
+ "count": "[length(parameters('ALZWebhookServiceUri'))]",
+ "input": {
+ "identifierUri": "null()",
+ "name": "[concat('AlzWh-', indexOf(parameters('ALZWebhookServiceUri'), parameters('ALZWebhookServiceUri')[copyIndex('varWebhookReceivers')]))]",
+ "objectId": "null()",
+ "serviceUri": "[trim(parameters('ALZWebhookServiceUri')[copyIndex('varWebhookReceivers')])]",
+ "tenantId": "null()",
+ "useAadAuth": "false",
+ "useCommonAlertSchema": true
+ },
+ "mode": "serial",
+ "name": "varWebhookReceivers"
+ }
+ ],
+ "varAzureFunctionReceivers": [
+ {
+ "functionAppResourceId": "[if(empty(parameters('ALZFunctionResourceId')), null(), split(trim(parameters('ALZFunctionResourceId')),'/functions/')[0])]",
+ "functionName": "[if(empty(parameters('ALZFunctionResourceId')), null(), split(trim(parameters('ALZFunctionResourceId')),'/')[10])]",
+ "httpTriggerUrl": "[if(empty(parameters('ALZFunctionTriggerUrl')), null(), trim(parameters('ALZFunctionTriggerUrl')))]",
+ "name": "AlzFa-0",
+ "useCommonAlertSchema": true
+ }
+ ],
+ "varLogicAppReceivers": [
+ {
+ "callbackUrl": "[if(empty(parameters('ALZLogicappCallbackUrl')), null(), trim(parameters('ALZLogicappCallbackUrl')))]",
+ "name": "AlzLA-0",
+ "resourceId": "[if(empty(parameters('ALZLogicappResourceId')), null(), trim(parameters('ALZLogicappResourceId')))]",
+ "useCommonAlertSchema": true
+ }
+ ]
+ }
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": true,
+ "value": "[empty(parameters('BYOActionGroup'))]"
+ },
+ {
+ "equals": "SH-ActGrp",
+ "field": "Microsoft.Insights/actionGroups/groupShortName"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('ALZMonitorResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/actionGroups"
+ },
+ "effect": "deployIfNotExists"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_StorageAccount_Availability_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_StorageAccount_Availability_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..deebf14
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_StorageAccount_Availability_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_StorageAccount_Availability_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy SA Availability Alert",
+ "displayName": "Deploy SA Availability Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Storage",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring resource. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Storage/storageAccounts",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-AvailabilityAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "Availability",
+ "metricNamespace": "Microsoft.Storage/storageAccounts",
+ "name": "Availability",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Storage Account Availability",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Storage/storageAccounts",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "Availability",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Storage/storageAccounts/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_Suppression_AlertProcessing_Rule.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Suppression_AlertProcessing_Rule.alz_policy_definition.json
new file mode 100644
index 0000000..59474c6
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_Suppression_AlertProcessing_Rule.alz_policy_definition.json
@@ -0,0 +1,195 @@
+{
+ "name": "Deploy_Suppression_AlertProcessing_Rule",
+ "properties": {
+ "description": "Policy to deploy empty and disabled suppression Alert Processing Rule for all AMBA alerts",
+ "displayName": "Deploy AMBA Notification Suppression Asset",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "ALZMonitorResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_amba": true
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Resources/subscriptions",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "ALZMonitorResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZMonitorResourceGroupLocation": {
+ "type": "string"
+ },
+ "ALZMonitorResourceGroupName": {
+ "type": "string"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "type": "object"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('ALZMonitorResourceGroupLocation')]",
+ "name": "[parameters('ALZMonitorResourceGroupName')]",
+ "tags": "[parameters('ALZMonitorResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('ALZMonitorResourceGroupName'))]"
+ ],
+ "name": "SuppressionRuleDeployment",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "ALZMonitorResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZMonitorResourceGroupName": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-08-08",
+ "dependsOn": [],
+ "location": "Global",
+ "name": "[concat('apr-AMBA-',subscription().displayName, '-002')]",
+ "properties": {
+ "actions": [
+ {
+ "actionType": "RemoveAllActionGroups"
+ }
+ ],
+ "description": "AMBA Notification Assets - Suppression Alert Processing Rule for maintenance period for Subscription",
+ "enabled": false,
+ "scopes": [
+ "[subscription().Id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.AlertsManagement/actionRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('ALZMonitorResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "AMBA Notification Assets - Suppression Alert Processing Rule for maintenance period for Subscription",
+ "field": "Microsoft.AlertsManagement/actionRules/description"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('ALZMonitorResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.AlertsManagement/actionRules"
+ },
+ "effect": "deployIfNotExists"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_TM_EndpointHealth_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_TM_EndpointHealth_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..eaf6531
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_TM_EndpointHealth_Alert.alz_policy_definition.json
@@ -0,0 +1,337 @@
+{
+ "name": "Deploy_TM_EndpointHealth_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy FTraffic Manager Endpoint Health Health Alert",
+ "displayName": "Deploy Traffic Manager Endpoint Health Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Networking",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "0.9",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/trafficmanagerprofiles",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-EndpointHealth-threshold-Override_'), field('tags._amba-EndpointHealth-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-EndpointHealthAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "dimensions": [
+ {
+ "name": "EndpointName",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "metricName": "ProbeAgentCurrentEndpointStateByProfileResourceId",
+ "metricNamespace": "Microsoft.Network/trafficmanagerprofiles",
+ "name": "EndpointHealth",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Traffic Manager Endpoint Health",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/trafficmanagerprofiles",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ProbeAgentCurrentEndpointStateByProfileResourceId",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/trafficmanagerprofiles/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-EndpointHealth-threshold-Override_'), field('tags._amba-EndpointHealth-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VM_CPU_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VM_CPU_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..f624e65
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VM_CPU_Alert.alz_policy_definition.json
@@ -0,0 +1,588 @@
+{
+ "name": "Deploy_VM_CPU_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM CPU Alert",
+ "displayName": "Deploy VM CPU Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.5.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "85",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Compute/virtualMachines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "VMCPUAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-VMHighCPUAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-UtilizationPercentage-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Processor\" and Name == \"UtilizationPercentage\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-UtilizationPercentage-threshold-Override_\", tostring(tags.[\"_amba-UtilizationPercentage-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine CPU",
+ "displayName": "[concat(subscription().displayName, '-VMHighCPUAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.Compute/virtualMachines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-VMHighCPUAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-UtilizationPercentage-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Processor\" and Name == \"UtilizationPercentage\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-UtilizationPercentage-threshold-Override_\", tostring(tags.[\"_amba-UtilizationPercentage-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VM_HeartBeat_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VM_HeartBeat_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..7afafde
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VM_HeartBeat_Alert.alz_policy_definition.json
@@ -0,0 +1,605 @@
+{
+ "name": "Deploy_VM_HeartBeat_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM HeartBeat Alert for all VMs in the subscription",
+ "displayName": "Deploy VM HeartBeat Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.5.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT6H",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Compute/virtualMachines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "HeartBeatAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-VMHeartBeatAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-Heartbeat-threshold-Override_\"); Heartbeat | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\"minute\",now(),TimeGenerated) | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-Heartbeat-threshold-Override_\", tostring(tags.[\"_amba-Heartbeat-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where Duration \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine Heartbeat",
+ "displayName": "[concat(subscription().displayName, '-VMHeartBeatAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.Compute/virtualMachines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-VMHeartBeatAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-Heartbeat-threshold-Override_\"); Heartbeat | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\"minute\",now(),TimeGenerated) | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-Heartbeat-threshold-Override_\", tostring(tags.[\"_amba-Heartbeat-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where Duration \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VM_Memory_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VM_Memory_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..40e6b84
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VM_Memory_Alert.alz_policy_definition.json
@@ -0,0 +1,588 @@
+{
+ "name": "Deploy_VM_Memory_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM Memory Alert",
+ "displayName": "Deploy VM Memory Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.5.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Compute/virtualMachines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "VMMemoryAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-VMLowMemoryAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-AvailableMemoryPercentage-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Memory\" and Name == \"AvailableMB\" | extend TotalMemory = toreal(todynamic(Tags)[\"vm.azm.ms/memorySizeMB\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-AvailableMemoryPercentage-threshold-Override_\", tostring(tags.[\"_amba-AvailableMemoryPercentage-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003c appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine Memory",
+ "displayName": "[concat(subscription().displayName, '-VMLowMemoryAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.Compute/virtualMachines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-VMLowMemoryAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-AvailableMemoryPercentage-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Memory\" and Name == \"AvailableMB\" | extend TotalMemory = toreal(todynamic(Tags)[\"vm.azm.ms/memorySizeMB\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-AvailableMemoryPercentage-threshold-Override_\", tostring(tags.[\"_amba-AvailableMemoryPercentage-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003c appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VM_NetworkIn_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VM_NetworkIn_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..12d9c1c
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VM_NetworkIn_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_VM_NetworkIn_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM Network Read Alert",
+ "displayName": "Deploy VM Network Read Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.5.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "10000000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Compute/virtualMachines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "VMNetworkInAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-VMHighNetworkInAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "NetworkInterface",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadBytesPerSecond-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"ReadBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadBytesPerSecond-Data-threshold-Override_\", tostring(tags.[\"_amba-ReadBytesPerSecond-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine NetworkIn",
+ "displayName": "[concat(subscription().displayName, '-VMHighNetworkInAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.Compute/virtualMachines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-VMHighNetworkInAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadBytesPerSecond-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"ReadBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadBytesPerSecond-Data-threshold-Override_\", tostring(tags.[\"_amba-ReadBytesPerSecond-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VM_NetworkOut_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VM_NetworkOut_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..020a136
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VM_NetworkOut_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_VM_NetworkOut_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM Network Out Alert",
+ "displayName": "Deploy VM Network Write Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.5.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "10000000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Compute/virtualMachines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "VMNetworkOutAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-VMHighNetworkOutAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "NetworkInterface",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteBytesPerSecond-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"WriteBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteBytesPerSecond-Data-threshold-Override_\", tostring(tags.[\"_amba-WriteBytesPerSecond-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine NetworkOut",
+ "displayName": "[concat(subscription().displayName, '-VMHighNetworkOutAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.Compute/virtualMachines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-VMHighNetworkOutAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteBytesPerSecond-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"WriteBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteBytesPerSecond-Data-threshold-Override_\", tostring(tags.[\"_amba-WriteBytesPerSecond-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VM_OSDiskSpace_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VM_OSDiskSpace_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..1b0ee38
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VM_OSDiskSpace_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_VM_OSDiskSpace_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM OSDiskSpace Alert",
+ "displayName": "Deploy VM OS Disk Space Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.5.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Compute/virtualMachines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "VMOSDiskSpaceAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-VMLowOSDiskSpaceAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "Disk",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-OS-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-OS-threshold-Override_\", tostring(tags.[\"_amba-FreeSpacePercentage-OS-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003c appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine OSDiskSpace",
+ "displayName": "[concat(subscription().displayName, '-VMLowOSDiskSpaceAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.Compute/virtualMachines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-VMLowOSDiskSpaceAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-OS-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-OS-threshold-Override_\", tostring(tags.[\"_amba-FreeSpacePercentage-OS-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003c appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VM_OSDiskreadLatency_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VM_OSDiskreadLatency_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..6948dfe
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VM_OSDiskreadLatency_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_VM_OSDiskreadLatency_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM OSDiskreadLatency Alert",
+ "displayName": "Deploy VM OS Disk Read Latency Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.5.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Compute/virtualMachines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "VMOSDiskreadLatencyAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-VMHighOSDiskReadLatencyAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "Disk",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-OS-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-OS-threshold-Override_\", tostring(tags.[\"_amba-ReadLatencyMs-OS-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine OSDiskreadLatency",
+ "displayName": "[concat(subscription().displayName, '-VMHighOSDiskReadLatencyAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.Compute/virtualMachines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-VMHighOSDiskReadLatencyAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-OS-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-OS-threshold-Override_\", tostring(tags.[\"_amba-ReadLatencyMs-OS-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VM_OSDiskwriteLatency_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VM_OSDiskwriteLatency_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..ea7298c
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VM_OSDiskwriteLatency_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_VM_OSDiskwriteLatency_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM OSDiskwriteLatency Alert",
+ "displayName": "Deploy VM OS Disk Write Latency Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.5.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Compute/virtualMachines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "VMOSDiskwriteLatencyAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-VMHighOSDiskWriteLatencyAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "Disk",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-OS-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-OS-threshold-Override_\", tostring(tags.[\"_amba-WriteLatencyMs-OS-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine OSDiskwriteLatency",
+ "displayName": "[concat(subscription().displayName, '-VMHighOSDiskWriteLatencyAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.Compute/virtualMachines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-VMHighOSDiskWriteLatencyAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-OS-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-OS-threshold-Override_\", tostring(tags.[\"_amba-WriteLatencyMs-OS-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VM_dataDiskReadLatency_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VM_dataDiskReadLatency_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..04c4966
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VM_dataDiskReadLatency_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_VM_dataDiskReadLatency_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM dataDiskReadLatency Alert",
+ "displayName": "Deploy VM Data Disk Read Latency Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.5.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Compute/virtualMachines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "VMdataDiskReadLatencyAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-VMHighDataDiskReadLatencyAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "Disk",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\", \"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-Data-threshold-Override_\", tostring(tags.[\"_amba-ReadLatencyMs-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine dataDiskReadLatency",
+ "displayName": "[concat(subscription().displayName, '-VMHighDataDiskReadLatencyAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.Compute/virtualMachines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-VMHighDataDiskReadLatencyAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\", \"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-Data-threshold-Override_\", tostring(tags.[\"_amba-ReadLatencyMs-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VM_dataDiskSpace_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VM_dataDiskSpace_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..95dbb24
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VM_dataDiskSpace_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_VM_dataDiskSpace_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM data Disk Space Alert",
+ "displayName": "Deploy VM Data Disk Space Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.5.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Compute/virtualMachines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "VMdataDiskSpaceAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-VMLowDataDiskSpaceAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "Disk",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\", \"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-Data-threshold-Override_\", tostring(tags.[\"_amba-FreeSpacePercentage-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003c appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine dataDiskSpace",
+ "displayName": "[concat(subscription().displayName, '-VMLowDataDiskSpaceAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.Compute/virtualMachines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-VMLowDataDiskSpaceAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\", \"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-Data-threshold-Override_\", tostring(tags.[\"_amba-FreeSpacePercentage-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003c appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VM_dataDiskWriteLatency_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VM_dataDiskWriteLatency_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..e75162d
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VM_dataDiskWriteLatency_Alert.alz_policy_definition.json
@@ -0,0 +1,612 @@
+{
+ "name": "Deploy_VM_dataDiskWriteLatency_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VM dataDiskWriteLatency Alert",
+ "displayName": "Deploy VM Data Disk Write Latency Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Compute",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.5.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity.",
+ "displayName": "User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "autoResolve": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve time for the alert in ISO 8601 format",
+ "displayName": "Auto Resolve"
+ },
+ "type": "String"
+ },
+ "computersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Array of Computer to be monitored",
+ "displayName": "Computers to be included to be monitored"
+ },
+ "type": "array"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "operator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Operator"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "timeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "TimeAggregation"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "PT24H"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Compute/virtualMachines",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('operator')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('timeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "type": "Array"
+ },
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "autoMitigate": {
+ "type": "String"
+ },
+ "autoResolve": {
+ "type": "String"
+ },
+ "autoResolveTime": {
+ "type": "String"
+ },
+ "computersToInclude": {
+ "type": "array"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "operator": {
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "timeAggregation": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "VMdataDiskWriteLatencyAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "UAMIResourceId": {
+ "type": "string"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2022-08-01-preview",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "[parameters('UAMIResourceId')]": {}
+ }
+ },
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[concat(subscription().displayName, '-VMHighDataDiskWriteLatencyAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "dimensions": [
+ {
+ "name": "Computer",
+ "operator": "Include",
+ "values": "[parameters('computersToInclude')]"
+ },
+ {
+ "name": "Disk",
+ "operator": "Include",
+ "values": [
+ "*"
+ ]
+ }
+ ],
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "operator": "[parameters('operator')]",
+ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-Data-threshold-Override_\", tostring(tags.[\"_amba-WriteLatencyMs-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "resourceIdColumn": "_ResourceId",
+ "threshold": 0,
+ "timeAggregation": "[parameters('timeAggregation')]"
+ }
+ ]
+ },
+ "description": "Log Alert for Virtual Machine dataDiskWriteLatency",
+ "displayName": "[concat(subscription().displayName, '-VMHighDataDiskWriteLatencyAlert')]",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('MonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('MonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[parameters('UAMIResourceId')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('autoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('autoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('computersToInclude')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "ruleResolveConfiguration": {
+ "autoResolved": "[parameters('autoResolve')]",
+ "timeToResolve": "[parameters('autoResolveTime')]"
+ },
+ "scopes": [
+ "[subscription().Id]"
+ ],
+ "severity": "[parameters('severity')]",
+ "targetResourceTypes": [
+ "Microsoft.Compute/virtualMachines"
+ ],
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[concat(subscription().displayName, '-VMHighDataDiskWriteLatencyAlert')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/displayName"
+ },
+ {
+ "equals": "[subscription().id]",
+ "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate"
+ },
+ {
+ "equals": "[parameters('operator')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator"
+ },
+ {
+ "equals": "[parameters('timeAggregation')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-Data-threshold-Override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-Data-threshold-Override_\", tostring(tags.[\"_amba-WriteLatencyMs-Data-threshold-Override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue \u003e appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query"
+ },
+ {
+ "containsKey": "[parameters('UAMIResourceId')]",
+ "field": "identity.userAssignedIdentities"
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/scheduledQueryRules"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VNET_DDoSAttack_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VNET_DDoSAttack_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..233c60b
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VNET_DDoSAttack_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_VNET_DDoSAttack_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Virtual Network DDoS Attack Alert",
+ "displayName": "Deploy VNet DDoS Attack Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/virtualNetworks",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-ifunderddosattack-threshold-Override_'), field('tags._amba-ifunderddosattack-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-DDOSAttackAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "ifunderddosattack",
+ "metricNamespace": "Microsoft.Network/virtualNetworks",
+ "name": "ifunderddosattack",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Maximum"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VNet DDOS Attack",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/virtualNetworks",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ifunderddosattack",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Maximum",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-ifunderddosattack-threshold-Override_'), field('tags._amba-ifunderddosattack-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VPNGw_BGPPeerStatus_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VPNGw_BGPPeerStatus_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..ddd50ae
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VPNGw_BGPPeerStatus_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_VPNGw_BGPPeerStatus_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VPN Gateway BGP Peer Status Alert",
+ "displayName": "Deploy VPNG BGP Peer Status Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-bgppeerstatus-threshold-Override_'), field('tags._amba-bgppeerstatus-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-BGPPeerStatusAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "bgppeerstatus",
+ "metricNamespace": "microsoft.network/vpngateways",
+ "name": "bgppeerstatus",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Total"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VPN Gateway BGP peer status",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "bgppeerstatus",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Total",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-bgppeerstatus-threshold-Override_'), field('tags._amba-bgppeerstatus-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VPNGw_BandwidthUtil_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VPNGw_BandwidthUtil_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..2530cef
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VPNGw_BandwidthUtil_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_VPNGw_BandwidthUtil_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VPN Gateway Bandwidth Utilization Alert",
+ "displayName": "Deploy VPNG Bandwidth Utilization Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-tunnelaveragebandwidth-threshold-Override_'), field('tags._amba-tunnelaveragebandwidth-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-GatewayBandwidthAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "tunnelaveragebandwidth",
+ "metricNamespace": "microsoft.network/vpngateways",
+ "name": "tunnelaveragebandwidth",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VPN Gateway Bandwidth Utilization",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "tunnelaveragebandwidth",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-tunnelaveragebandwidth-threshold-Override_'), field('tags._amba-tunnelaveragebandwidth-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VPNGw_Egress_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VPNGw_Egress_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..93f4f12
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VPNGw_Egress_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_VPNGw_Egress_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VPN Gateway Egress Alert",
+ "displayName": "Deploy VPNG Egress Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-tunnelegressbytes-threshold-Override_'), field('tags._amba-tunnelegressbytes-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TunnelEgressAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "tunnelegressbytes",
+ "metricNamespace": "microsoft.network/vpngateways",
+ "name": "tunnelegressbytes",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VPN Gateway tunnel egress bytes",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "tunnelegressbytes",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-tunnelegressbytes-threshold-Override_'), field('tags._amba-tunnelegressbytes-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VPNGw_Ingress_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VPNGw_Ingress_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..a7cbb27
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VPNGw_Ingress_Alert.alz_policy_definition.json
@@ -0,0 +1,331 @@
+{
+ "name": "Deploy_VPNGw_Ingress_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VPN Gateway Ingress Alert",
+ "displayName": "Deploy VPNG Ingress Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-tunnelingressbytes-threshold-Override_'), field('tags._amba-tunnelingressbytes-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TunnelIngressAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "tunnelingressbytes",
+ "metricNamespace": "microsoft.network/vpngateways",
+ "name": "tunnelingressbytes",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VPN Gateway tunnel ingress bytes",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "tunnelingressbytes",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-tunnelingressbytes-threshold-Override_'), field('tags._amba-tunnelingressbytes-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VPNGw_TunnelEgressPacketDropCount_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VPNGw_TunnelEgressPacketDropCount_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..2537ec2
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VPNGw_TunnelEgressPacketDropCount_Alert.alz_policy_definition.json
@@ -0,0 +1,360 @@
+{
+ "name": "Deploy_VPNGw_TunnelEgressPacketDropCount_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VPN Gateway Egress Packet Drop Count Alert",
+ "displayName": "Deploy VPNG Egress Packet Drop Count Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TunnelEgressPacketDropCountAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "TunnelEgressPacketDropCount",
+ "metricNamespace": "microsoft.network/vpngateways",
+ "name": "TunnelEgressPacketDropCount",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VPN Gateway tunnel TunnelEgressPacketDropCount",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TunnelEgressPacketDropCount",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..25d84e2
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert.alz_policy_definition.json
@@ -0,0 +1,360 @@
+{
+ "name": "Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VPN Gateway Egress Packet Drop Mismatch Alert",
+ "displayName": "Deploy VPNG Egress Packet Drop Mismatch Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TunnelEgressPacketDropTSMismatchAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "TunnelEgressPacketDropTSMismatch",
+ "metricNamespace": "microsoft.network/vpngateways",
+ "name": "TunnelEgressPacketDropTSMismatch",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VPN Gateway tunnel TunnelEgressPacketDropTSMismatch",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TunnelEgressPacketDropTSMismatch",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VPNGw_TunnelIngressPacketDropCount_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VPNGw_TunnelIngressPacketDropCount_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..2110f43
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VPNGw_TunnelIngressPacketDropCount_Alert.alz_policy_definition.json
@@ -0,0 +1,360 @@
+{
+ "name": "Deploy_VPNGw_TunnelIngressPacketDropCount_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VPN Gateway Ingress Packet Drop Count Alert",
+ "displayName": "Deploy VPNG Ingress Packet Drop Count Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TunnelIngressPacketDropCountAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "TunnelIngressPacketDropCount",
+ "metricNamespace": "microsoft.network/vpngateways",
+ "name": "TunnelIngressPacketDropCount",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VPN Gateway tunnel TunnelIngressPacketDropCount",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TunnelIngressPacketDropCount",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..80c9ad4
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert.alz_policy_definition.json
@@ -0,0 +1,360 @@
+{
+ "name": "Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy VPN Gateway Ingress Packet Drop Mismatch Alert",
+ "displayName": "Deploy VPNG Ingress Packet Drop Mismatch Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TunnelIngressPacketDropTSMismatchAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "TunnelIngressPacketDropTSMismatch",
+ "metricNamespace": "microsoft.network/vpngateways",
+ "name": "TunnelIngressPacketDropTSMismatch",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VPN Gateway tunnel TunnelIngressPacketDropTSMismatch",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/vpngateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TunnelIngressPacketDropTSMismatch",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..3066056
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert.alz_policy_definition.json
@@ -0,0 +1,335 @@
+{
+ "name": "Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Virtual Network Gateway Express Route Bits Per Second Alert",
+ "displayName": "Deploy VNetG ExpressRoute Bits Per Second Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/virtualNetworkGateways",
+ "field": "type"
+ },
+ {
+ "equals": "ExpressRoute",
+ "field": "Microsoft.Network/virtualNetworkGateways/gatewayType"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayBitsPerSecond-threshold-Override_'), field('tags._amba-ExpressRouteGatewayBitsPerSecond-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-GatewayERBitsAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "ExpressRouteGatewayBitsPerSecond",
+ "metricNamespace": "Microsoft.Network/virtualNetworkGateways",
+ "name": "ExpressRouteGatewayBitsPerSecond",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VNet Gateway Express Route Bits Per Second",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/virtualNetworkGateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ExpressRouteGatewayBitsPerSecond",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayBitsPerSecond-threshold-Override_'), field('tags._amba-ExpressRouteGatewayBitsPerSecond-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VnetGw_ExpressRouteCpuUtil_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VnetGw_ExpressRouteCpuUtil_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..431c651
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VnetGw_ExpressRouteCpuUtil_Alert.alz_policy_definition.json
@@ -0,0 +1,335 @@
+{
+ "name": "Deploy_VnetGw_ExpressRouteCpuUtil_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Virtual Network Gateway Express Route CPU Utilization Alert",
+ "displayName": "Deploy VNetG ExpressRoute CPU Utilization Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "80",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/virtualNetworkGateways",
+ "field": "type"
+ },
+ {
+ "equals": "ExpressRoute",
+ "field": "Microsoft.Network/virtualNetworkGateways/gatewayType"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), field('tags._amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-GatewayERCPUAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "ExpressRouteGatewayCpuUtilization",
+ "metricNamespace": "Microsoft.Network/virtualNetworkGateways",
+ "name": "ExpressRouteGatewayCpuUtilization",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VNet Gateway Express Route CPU Utilization",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/virtualNetworkGateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "ExpressRouteGatewayCpuUtilization",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), field('tags._amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VnetGw_TunnelBandwidth_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelBandwidth_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..d227170
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelBandwidth_Alert.alz_policy_definition.json
@@ -0,0 +1,335 @@
+{
+ "name": "Deploy_VnetGw_TunnelBandwidth_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Virtual Network Gateway Tunnel Bandwidth Alert",
+ "displayName": "Deploy VNetG Tunnel Bandwidth Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/virtualNetworkGateways",
+ "field": "type"
+ },
+ {
+ "equals": "VPN",
+ "field": "Microsoft.Network/virtualNetworkGateways/gatewayType"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-TunnelAverageBandwidth-threshold-Override_'), field('tags._amba-TunnelAverageBandwidth-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TunnelBandwidthAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "TunnelAverageBandwidth",
+ "metricNamespace": "Microsoft.Network/virtualNetworkGateways",
+ "name": "TunnelAverageBandwidth",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VNet Gateway Tunnel Avg Bandwidth",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/virtualNetworkGateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TunnelAverageBandwidth",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-TunnelAverageBandwidth-threshold-Override_'), field('tags._amba-TunnelAverageBandwidth-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VnetGw_TunnelEgressPacketDropCount_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelEgressPacketDropCount_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..3519f2c
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelEgressPacketDropCount_Alert.alz_policy_definition.json
@@ -0,0 +1,364 @@
+{
+ "name": "Deploy_VnetGw_TunnelEgressPacketDropCount_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Vnet Gateway Egress Packet Drop Count Alert",
+ "displayName": "Deploy VNetG Egress Packet Drop Count Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.4.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/virtualNetworkGateways",
+ "field": "type"
+ },
+ {
+ "equals": "VPN",
+ "field": "Microsoft.Network/virtualNetworkGateways/gatewayType"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TunnelEgressPacketDropCountAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "TunnelEgressPacketDropCount",
+ "metricNamespace": "microsoft.network/virtualNetworkGateways",
+ "name": "TunnelEgressPacketDropCount",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Vnet Gateway tunnel TunnelEgressPacketDropCount",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/virtualNetworkGateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TunnelEgressPacketDropCount",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..d2e3545
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert.alz_policy_definition.json
@@ -0,0 +1,364 @@
+{
+ "name": "Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Vnet Gateway Egress Packet Drop Mismatch Alert",
+ "displayName": "Deploy VNetG Egress Packet Drop Mismatch Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.4.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/virtualNetworkGateways",
+ "field": "type"
+ },
+ {
+ "equals": "VPN",
+ "field": "Microsoft.Network/virtualNetworkGateways/gatewayType"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TunnelEgressPacketDropTSMismatchAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "TunnelEgressPacketDropTSMismatch",
+ "metricNamespace": "microsoft.network/virtualNetworkGateways",
+ "name": "TunnelEgressPacketDropTSMismatch",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Vnet Gateway tunnel TunnelEgressPacketDropTSMismatch",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/virtualNetworkGateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TunnelEgressPacketDropTSMismatch",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VnetGw_TunnelEgress_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelEgress_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..5ba9e75
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelEgress_Alert.alz_policy_definition.json
@@ -0,0 +1,335 @@
+{
+ "name": "Deploy_VnetGw_TunnelEgress_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Virtual Network Gateway Tunnel Egress Alert",
+ "displayName": "Deploy VNetG Tunnel Egress Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/virtualNetworkGateways",
+ "field": "type"
+ },
+ {
+ "equals": "VPN",
+ "field": "Microsoft.Network/virtualNetworkGateways/gatewayType"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-TunnelEgressBytes-threshold-Override_'), field('tags._amba-TunnelEgressBytes-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TunnelEgressAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "TunnelEgressBytes",
+ "metricNamespace": "Microsoft.Network/virtualNetworkGateways",
+ "name": "TunnelEgressBytes",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VNet Gateway Tunnel Egress Bytes",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/virtualNetworkGateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TunnelEgressBytes",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-TunnelEgressBytes-threshold-Override_'), field('tags._amba-TunnelEgressBytes-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VnetGw_TunnelIngressPacketDropCount_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelIngressPacketDropCount_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..6fa3e52
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelIngressPacketDropCount_Alert.alz_policy_definition.json
@@ -0,0 +1,364 @@
+{
+ "name": "Deploy_VnetGw_TunnelIngressPacketDropCount_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Vnet Gateway Ingress Packet Drop Count Alert",
+ "displayName": "Deploy VNetG Ingress Packet Drop Count Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.4.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/virtualNetworkGateways",
+ "field": "type"
+ },
+ {
+ "equals": "VPN",
+ "field": "Microsoft.Network/virtualNetworkGateways/gatewayType"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TunnelIngressPacketDropCountAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "TunnelIngressPacketDropCount",
+ "metricNamespace": "microsoft.network/virtualNetworkGateways",
+ "name": "TunnelIngressPacketDropCount",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Vnet Gateway tunnel TunnelIngressPacketDropCount",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/virtualNetworkGateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TunnelIngressPacketDropCount",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..2f94085
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert.alz_policy_definition.json
@@ -0,0 +1,364 @@
+{
+ "name": "Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Vnet Gateway Ingress Packet Drop Mismatch Alert",
+ "displayName": "Deploy VNetG Ingress Packet Drop Mismatch Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.4.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/virtualNetworkGateways",
+ "field": "type"
+ },
+ {
+ "equals": "VPN",
+ "field": "Microsoft.Network/virtualNetworkGateways/gatewayType"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TunnelIngressPacketDropTSMismatchAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "TunnelIngressPacketDropTSMismatch",
+ "metricNamespace": "microsoft.network/virtualNetworkGateways",
+ "name": "TunnelIngressPacketDropTSMismatch",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for Vnet Gateway tunnel TunnelIngressPacketDropTSMismatch",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "microsoft.network/virtualNetworkGateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TunnelIngressPacketDropTSMismatch",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_VnetGw_TunnelIngress_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelIngress_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..faa146e
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_VnetGw_TunnelIngress_Alert.alz_policy_definition.json
@@ -0,0 +1,335 @@
+{
+ "name": "Deploy_VnetGw_TunnelIngress_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy Virtual Network Gateway Tunnel Ingress Alert",
+ "displayName": "Deploy VNetG Tunnel Ingress Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/virtualNetworkGateways",
+ "field": "type"
+ },
+ {
+ "equals": "VPN",
+ "field": "Microsoft.Network/virtualNetworkGateways/gatewayType"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-TunnelIngressBytes-threshold-Override_'), field('tags._amba-TunnelIngressBytes-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-TunnelIngressAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "TunnelIngressBytes",
+ "metricNamespace": "Microsoft.Network/virtualNetworkGateways",
+ "name": "TunnelIngressBytes",
+ "operator": "LessThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for VNet Gateway Tunnel ingress Bytes",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/virtualNetworkGateways",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "TunnelIngressBytes",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "LessThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-TunnelIngressBytes-threshold-Override_'), field('tags._amba-TunnelIngressBytes-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_WSF_CPUPercentage_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_WSF_CPUPercentage_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..d155614
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_WSF_CPUPercentage_Alert.alz_policy_definition.json
@@ -0,0 +1,328 @@
+{
+ "name": "Deploy_WSF_CPUPercentage_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy App Service Plan CPU Percentage Alert",
+ "displayName": "Deploy App Service Plan CPU Percentage Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Web Services",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Web/serverfarms",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-CpuPercentage-threshold-Override_'), field('tags._amba-CpuPercentage-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-CpuPercentage')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "CpuPercentage",
+ "metricNamespace": "Microsoft.Web/serverfarms",
+ "name": "CpuPercentage",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for App Service Plan CPU Percentage",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Web/serverfarms",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "CpuPercentage",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-CpuPercentage-threshold-Override_'), field('tags._amba-CpuPercentage-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_WSF_DiskQueueLength_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_WSF_DiskQueueLength_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..4460b93
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_WSF_DiskQueueLength_Alert.alz_policy_definition.json
@@ -0,0 +1,360 @@
+{
+ "name": "Deploy_WSF_DiskQueueLength_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy App Service Plan Disk Queue Length Alert",
+ "displayName": "Deploy App Service Plan Disk Queue Length Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Web Services",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Web/serverfarms",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-DiskQueueLengthAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "DiskQueueLength",
+ "metricNamespace": "Microsoft.Web/serverfarms",
+ "name": "ServiceApiResult",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for App Service Plan Disk Queue Length",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Web/serverfarms",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "DiskQueueLength",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_WSF_HttpQueueLength_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_WSF_HttpQueueLength_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..87aba01
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_WSF_HttpQueueLength_Alert.alz_policy_definition.json
@@ -0,0 +1,360 @@
+{
+ "name": "Deploy_WSF_HttpQueueLength_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy App Service Plan Http Queue Length Alert",
+ "displayName": "Deploy App Service Plan Http Queue Length Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Web Services",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "failingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Failing Periods"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Web/serverfarms",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "evaluationPeriods": {
+ "type": "String"
+ },
+ "failingPeriods": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-HttpQueueLengthAlert')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "alertSensitivity": "Medium",
+ "criterionType": "DynamicThresholdCriterion",
+ "failingPeriods": {
+ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]",
+ "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]"
+ },
+ "metricName": "HttpQueueLength",
+ "metricNamespace": "Microsoft.Web/serverfarms",
+ "name": "ServiceApiResult",
+ "operator": "GreaterThan",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for App Service Plan Http Queue Length",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('evaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('failingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Web/serverfarms",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "HttpQueueLength",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator"
+ },
+ {
+ "equals": "Medium",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity"
+ },
+ {
+ "equals": "[parameters('failingPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert"
+ },
+ {
+ "equals": "[parameters('evaluationPeriods')]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_WSF_MemoryPercentage_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_WSF_MemoryPercentage_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..e21d0fe
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_WSF_MemoryPercentage_Alert.alz_policy_definition.json
@@ -0,0 +1,328 @@
+{
+ "name": "Deploy_WSF_MemoryPercentage_Alert",
+ "properties": {
+ "description": "Policy to audit/deploy App Service Plan Memory Percentage Alert",
+ "displayName": "Deploy App Service Plan Memory Percentage Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "category": "Web Services",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.1"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "autoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Severity"
+ },
+ "type": "String"
+ },
+ "threshold": {
+ "defaultValue": "85",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Threshold"
+ },
+ "type": "String"
+ },
+ "windowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Window Size"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Web/serverfarms",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "resourceId": {
+ "value": "[field('id')]"
+ },
+ "resourceName": {
+ "value": "[field('name')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[if(contains(field('tags'), '_amba-MemoryPercentage-threshold-Override_'), field('tags._amba-MemoryPercentage-threshold-Override_'), parameters('threshold'))]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "autoMitigate": {
+ "type": "String"
+ },
+ "enabled": {
+ "type": "String"
+ },
+ "evaluationFrequency": {
+ "type": "String"
+ },
+ "resourceId": {
+ "metadata": {
+ "description": "Resource ID of the resource emitting the metric that will be used for the comparison",
+ "displayName": "resourceId"
+ },
+ "type": "String"
+ },
+ "resourceName": {
+ "metadata": {
+ "description": "Name of the resource",
+ "displayName": "resourceName"
+ },
+ "type": "String"
+ },
+ "severity": {
+ "type": "String"
+ },
+ "threshold": {
+ "type": "String"
+ },
+ "windowSize": {
+ "type": "String"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2018-03-01",
+ "location": "global",
+ "name": "[concat(parameters('resourceName'), '-MemoryPercentage')]",
+ "properties": {
+ "autoMitigate": "[parameters('autoMitigate')]",
+ "criteria": {
+ "allOf": [
+ {
+ "criterionType": "StaticThresholdCriterion",
+ "metricName": "MemoryPercentage",
+ "metricNamespace": "Microsoft.Web/serverfarms",
+ "name": "MemoryPercentage",
+ "operator": "GreaterThan",
+ "threshold": "[parameters('threshold')]",
+ "timeAggregation": "Average"
+ }
+ ],
+ "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
+ },
+ "description": "Metric Alert for App Service Plan Memory Percentage",
+ "enabled": "[parameters('enabled')]",
+ "evaluationFrequency": "[parameters('evaluationFrequency')]",
+ "parameters": {
+ "autoMitigate": {
+ "value": "[parameters('autoMitigate')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('evaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('severity')]"
+ },
+ "threshold": {
+ "value": "[parameters('threshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('windowSize')]"
+ }
+ },
+ "scopes": [
+ "[parameters('resourceId')]"
+ ],
+ "severity": "[parameters('severity')]",
+ "windowSize": "[parameters('windowSize')]"
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "Microsoft.Insights/metricAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Web/serverfarms",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace"
+ },
+ {
+ "equals": "MemoryPercentage",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName"
+ },
+ {
+ "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', field('fullName'))]",
+ "field": "Microsoft.Insights/metricalerts/scopes[*]"
+ },
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/metricAlerts/enabled"
+ },
+ {
+ "equals": "[parameters('evaluationFrequency')]",
+ "field": "Microsoft.Insights/metricAlerts/evaluationFrequency"
+ },
+ {
+ "equals": "[parameters('windowSize')]",
+ "field": "Microsoft.Insights/metricAlerts/windowSize"
+ },
+ {
+ "equals": "[parameters('severity')]",
+ "field": "Microsoft.Insights/metricalerts/severity"
+ },
+ {
+ "equals": "[parameters('autoMitigate')]",
+ "field": "Microsoft.Insights/metricAlerts/autoMitigate"
+ },
+ {
+ "equals": "Average",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation"
+ },
+ {
+ "equals": "GreaterThan",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator"
+ },
+ {
+ "equals": "[if(contains(field('tags'), '_amba-MemoryPercentage-threshold-Override_'), field('tags._amba-MemoryPercentage-threshold-Override_'), parameters('threshold'))]",
+ "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold"
+ }
+ ]
+ },
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/metricAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_activitylog_Firewall_Delete.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_Firewall_Delete.alz_policy_definition.json
new file mode 100644
index 0000000..3e550bd
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_activitylog_Firewall_Delete.alz_policy_definition.json
@@ -0,0 +1,283 @@
+{
+ "name": "Deploy_activitylog_Firewall_Delete",
+ "properties": {
+ "description": "Policy to Deploy Activity Log Azure Firewall Delete Alert",
+ "displayName": "Deploy Activity Log Azure FireWall Delete Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/azureFirewalls",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ActivityAzureFirewallDelete",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "location": "global",
+ "name": "ActivityAzureFirewallDelete",
+ "properties": {
+ "condition": {
+ "allOf": [
+ {
+ "equals": "Administrative",
+ "field": "category"
+ },
+ {
+ "equals": "Microsoft.Network/azurefirewalls/delete",
+ "field": "operationName"
+ },
+ {
+ "containsAny": [
+ "succeeded"
+ ],
+ "field": "status"
+ }
+ ]
+ },
+ "description": "Activity Log Firewall Delete",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Administrative",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": "operationName",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Microsoft.Network/azureFirewalls/delete",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 2
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "name": "ActivityAzureFirewallDelete",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_activitylog_KeyVault_Delete.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_KeyVault_Delete.alz_policy_definition.json
new file mode 100644
index 0000000..e2db25c
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_activitylog_KeyVault_Delete.alz_policy_definition.json
@@ -0,0 +1,283 @@
+{
+ "name": "Deploy_activitylog_KeyVault_Delete",
+ "properties": {
+ "description": "Policy to Deploy Activity Log Key Vault Delete Alert",
+ "displayName": "Deploy Activity Log Key Vault Delete Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Key Vault",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_amba": true
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "microsoft.keyvault/vaults",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ActivityKeyVaultDelete",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "location": "global",
+ "name": "ActivityKeyVaultDelete",
+ "properties": {
+ "condition": {
+ "allOf": [
+ {
+ "equals": "Administrative",
+ "field": "category"
+ },
+ {
+ "equals": "Microsoft.KeyVault/vaults/delete",
+ "field": "operationName"
+ },
+ {
+ "containsAny": [
+ "succeeded"
+ ],
+ "field": "status"
+ }
+ ]
+ },
+ "description": "Activity Log Key Vault Delete",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Administrative",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": "operationName",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Microsoft.KeyVault/vaults/delete",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 2
+ }
+ ]
+ },
+ "existenceScope": "resourcegroup",
+ "name": "ActivityKeyVaultDelete",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_activitylog_LAWorkspace_Delete.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_LAWorkspace_Delete.alz_policy_definition.json
new file mode 100644
index 0000000..396942d
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_activitylog_LAWorkspace_Delete.alz_policy_definition.json
@@ -0,0 +1,283 @@
+{
+ "name": "Deploy_activitylog_LAWorkspace_Delete",
+ "properties": {
+ "description": "Policy to Deploy Activity Log LA Workspace Delete Alert",
+ "displayName": "Deploy Activity Log LA Workspace Delete Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_amba": true
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.OperationalInsights/workspaces",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ActivityLAWorkspaceDelete",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "location": "global",
+ "name": "ActivityLAWorkspaceDelete",
+ "properties": {
+ "condition": {
+ "allOf": [
+ {
+ "equals": "Administrative",
+ "field": "category"
+ },
+ {
+ "equals": "Microsoft.OperationalInsights/workspaces/delete",
+ "field": "operationName"
+ },
+ {
+ "containsAny": [
+ "succeeded"
+ ],
+ "field": "status"
+ }
+ ]
+ },
+ "description": "Activity Log LA Workspace Delete",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Administrative",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": "operationName",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Microsoft.OperationalInsights/workspaces/delete",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 2
+ }
+ ]
+ },
+ "existenceScope": "resourcegroup",
+ "name": "ActivityLAWorkspaceDelete",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_activitylog_LAWorkspace_KeyRegen.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_LAWorkspace_KeyRegen.alz_policy_definition.json
new file mode 100644
index 0000000..ba2cede
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_activitylog_LAWorkspace_KeyRegen.alz_policy_definition.json
@@ -0,0 +1,283 @@
+{
+ "name": "Deploy_activitylog_LAWorkspace_KeyRegen",
+ "properties": {
+ "description": "Policy to Deploy Activity Log LA Workspace Regenerate Key Alert",
+ "displayName": "Deploy Activity Log LA Workspace Regenerate Key Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.OperationalInsights/workspaces",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ActivityLAWorkspaceRegenKey",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "location": "global",
+ "name": "ActivityLAWorkspaceRegenKey",
+ "properties": {
+ "condition": {
+ "allOf": [
+ {
+ "equals": "Administrative",
+ "field": "category"
+ },
+ {
+ "equals": "Microsoft.OperationalInsights/workspaces/regeneratesharedkey/action",
+ "field": "operationName"
+ },
+ {
+ "containsAny": [
+ "succeeded"
+ ],
+ "field": "status"
+ }
+ ]
+ },
+ "description": "Activity Log LA Workspace Regenerate Key",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Administrative",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": "operationName",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Microsoft.OperationalInsights/workspaces/regeneratesharedkey/action",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 2
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "name": "ActivityLAWorkspaceRegenKey",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_activitylog_NSG_Delete.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_NSG_Delete.alz_policy_definition.json
new file mode 100644
index 0000000..701e4df
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_activitylog_NSG_Delete.alz_policy_definition.json
@@ -0,0 +1,283 @@
+{
+ "name": "Deploy_activitylog_NSG_Delete",
+ "properties": {
+ "description": "Policy to Deploy Activity Log NSG Delete Alert",
+ "displayName": "Deploy Activity Log NSG Delete Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/networkSecurityGroups",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ActivityNSGDelete",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "location": "global",
+ "name": "ActivityNSGDelete",
+ "properties": {
+ "condition": {
+ "allOf": [
+ {
+ "equals": "Administrative",
+ "field": "category"
+ },
+ {
+ "equals": "Microsoft.Network/networkSecurityGroups/delete",
+ "field": "operationName"
+ },
+ {
+ "containsAny": [
+ "succeeded"
+ ],
+ "field": "status"
+ }
+ ]
+ },
+ "description": "Activity Log NSG Delete",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Administrative",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": "operationName",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Microsoft.Network/networkSecurityGroups/delete",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 2
+ }
+ ]
+ },
+ "existenceScope": "resourcegroup",
+ "name": "ActivityNSGDelete",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_activitylog_ResourceHealth_Unhealthy_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_ResourceHealth_Unhealthy_Alert.alz_policy_definition.json
new file mode 100644
index 0000000..304a651
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_activitylog_ResourceHealth_Unhealthy_Alert.alz_policy_definition.json
@@ -0,0 +1,419 @@
+{
+ "name": "Deploy_activitylog_ResourceHealth_Unhealthy_Alert",
+ "properties": {
+ "description": "Policy to Deploy Resource Health Unhealthy Alert",
+ "displayName": "Deploy Resource Health Unhealthy Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "BYOActionGroup": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "The Resource IDs of existing Action Groups currently deployed in the environment.",
+ "displayName": "Customer defined Action Group Resource IDs"
+ },
+ "type": "array"
+ },
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_amba": true
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Resources/subscriptions",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ResourceHealtAlert",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "condition": "[empty(parameters('BYOActionGroup'))]",
+ "location": "global",
+ "name": "ResourceHealthUnhealthyAlert",
+ "properties": {
+ "actions": {
+ "actionGroups": [
+ {
+ "actionGroupId": "[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-SH-', subscription().displayName, '-001')]",
+ "webhookProperties": {}
+ }
+ ]
+ },
+ "condition": {
+ "allOf": [
+ {
+ "equals": "ResourceHealth",
+ "field": "category"
+ },
+ {
+ "anyOf": [
+ {
+ "equals": "PlatformInitiated",
+ "field": "properties.cause"
+ },
+ {
+ "equals": "UserInitiated",
+ "field": "properties.cause"
+ }
+ ]
+ },
+ {
+ "anyOf": [
+ {
+ "equals": "Degraded",
+ "field": "properties.currentHealthStatus"
+ },
+ {
+ "equals": "Unavailable",
+ "field": "properties.currentHealthStatus"
+ }
+ ]
+ }
+ ]
+ },
+ "description": "Resource Health Unhealthy Alert",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ },
+ {
+ "apiVersion": "2020-10-01",
+ "condition": "[not(empty(parameters('BYOActionGroup')))]",
+ "location": "global",
+ "name": "ResourceHealthUnhealthyAlert",
+ "properties": {
+ "actions": {
+ "actionGroups": "[variables('varActionGroupIds')]"
+ },
+ "condition": {
+ "allOf": [
+ {
+ "equals": "ResourceHealth",
+ "field": "category"
+ },
+ {
+ "anyOf": [
+ {
+ "equals": "PlatformInitiated",
+ "field": "properties.cause"
+ },
+ {
+ "equals": "UserInitiated",
+ "field": "properties.cause"
+ }
+ ]
+ },
+ {
+ "anyOf": [
+ {
+ "equals": "Degraded",
+ "field": "properties.currentHealthStatus"
+ },
+ {
+ "equals": "Unavailable",
+ "field": "properties.currentHealthStatus"
+ }
+ ]
+ }
+ ]
+ },
+ "description": "Resource Health Unhealthy Alert",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {
+ "copy": [
+ {
+ "count": "[length(parameters('BYOActionGroup'))]",
+ "input": {
+ "actionGroupId": "[trim(parameters('BYOActionGroup')[copyIndex('varActionGroupIds')])]"
+ },
+ "mode": "serial",
+ "name": "varActionGroupIds"
+ }
+ ]
+ }
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": true,
+ "value": "[empty(parameters('BYOActionGroup'))]"
+ },
+ {
+ "contains": "ag-AMBA-SH-",
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": false,
+ "value": "[empty(parameters('BYOActionGroup'))]"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*]",
+ "where": {
+ "anyOf": [
+ {
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
+ "in": "[parameters('BYOActionGroup')]"
+ }
+ ]
+ }
+ },
+ "greaterOrEquals": 1
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "ResourceHealth",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 1
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_activitylog_RouteTable_Update.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_RouteTable_Update.alz_policy_definition.json
new file mode 100644
index 0000000..75c0751
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_activitylog_RouteTable_Update.alz_policy_definition.json
@@ -0,0 +1,283 @@
+{
+ "name": "Deploy_activitylog_RouteTable_Update",
+ "properties": {
+ "description": "Policy to Deploy Activity Log Route Table Update Alert",
+ "displayName": "Deploy Activity Log Route Table Update Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/routeTables",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ActivityUDRUpdate",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "location": "global",
+ "name": "ActivityUDRUpdate",
+ "properties": {
+ "condition": {
+ "allOf": [
+ {
+ "equals": "Administrative",
+ "field": "category"
+ },
+ {
+ "equals": "Microsoft.Network/routeTables/routes/write",
+ "field": "operationName"
+ },
+ {
+ "containsAny": [
+ "succeeded"
+ ],
+ "field": "status"
+ }
+ ]
+ },
+ "description": "Activity Log Route table update",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Administrative",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": "operationName",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Microsoft.Network/routeTables/routes/write",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 2
+ }
+ ]
+ },
+ "existenceScope": "resourcegroup",
+ "name": "ActivityUDRUpdate",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_activitylog_ServiceHealth_HealthAdvisory.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_ServiceHealth_HealthAdvisory.alz_policy_definition.json
new file mode 100644
index 0000000..e824515
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_activitylog_ServiceHealth_HealthAdvisory.alz_policy_definition.json
@@ -0,0 +1,410 @@
+{
+ "name": "Deploy_activitylog_ServiceHealth_HealthAdvisory",
+ "properties": {
+ "description": "Policy to Deploy Service Health Advisory Alert",
+ "displayName": "Deploy Service Health Advisory Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Email addresses to send alerts to",
+ "displayName": "Action Group Email Addresses"
+ },
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "The Resource IDs of existing Action Groups currently deployed in the environment.",
+ "displayName": "Customer defined Action Group Resource IDs"
+ },
+ "type": "array"
+ },
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_amba": true
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Resources/subscriptions",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ServiceHealthHealth",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "condition": "[empty(parameters('BYOActionGroup'))]",
+ "location": "Global",
+ "name": "ServiceHealthAdvisoryEvent",
+ "properties": {
+ "actions": {
+ "actionGroups": [
+ {
+ "actionGroupId": "[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-SH-', subscription().displayName, '-001')]"
+ }
+ ]
+ },
+ "condition": {
+ "allOf": [
+ {
+ "equals": "ServiceHealth",
+ "field": "category"
+ },
+ {
+ "equals": "ActionRequired",
+ "field": "properties.incidentType"
+ }
+ ]
+ },
+ "description": "Service Health Advisory Alert",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ },
+ {
+ "apiVersion": "2020-10-01",
+ "condition": "[not(empty(parameters('BYOActionGroup')))]",
+ "location": "Global",
+ "name": "ServiceHealthAdvisoryEvent",
+ "properties": {
+ "actions": {
+ "actionGroups": "[variables('varActionGroupIds')]"
+ },
+ "condition": {
+ "allOf": [
+ {
+ "equals": "ServiceHealth",
+ "field": "category"
+ },
+ {
+ "equals": "ActionRequired",
+ "field": "properties.incidentType"
+ }
+ ]
+ },
+ "description": "Service Health Advisory Alert",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {
+ "copy": [
+ {
+ "count": "[length(parameters('BYOActionGroup'))]",
+ "input": {
+ "actionGroupId": "[trim(parameters('BYOActionGroup')[copyIndex('varActionGroupIds')])]"
+ },
+ "mode": "serial",
+ "name": "varActionGroupIds"
+ }
+ ]
+ }
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": true,
+ "value": "[empty(parameters('BYOActionGroup'))]"
+ },
+ {
+ "contains": "ag-AMBA-SH-",
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": false,
+ "value": "[empty(parameters('BYOActionGroup'))]"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*]",
+ "where": {
+ "anyOf": [
+ {
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
+ "in": "[parameters('BYOActionGroup')]"
+ }
+ ]
+ }
+ },
+ "greaterOrEquals": 1
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "ServiceHealth",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": "properties.incidentType",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "ActionRequired",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 2
+ }
+ ]
+ },
+ "existenceScope": "resourceGroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_activitylog_ServiceHealth_Incident.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_ServiceHealth_Incident.alz_policy_definition.json
new file mode 100644
index 0000000..655a319
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_activitylog_ServiceHealth_Incident.alz_policy_definition.json
@@ -0,0 +1,410 @@
+{
+ "name": "Deploy_activitylog_ServiceHealth_Incident",
+ "properties": {
+ "description": "Policy to Deploy Service Health Incident Alert",
+ "displayName": "Deploy Service Health Incident Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Email addresses to send alerts to",
+ "displayName": "Action Group Email Addresses"
+ },
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "The Resource IDs of existing Action Groups currently deployed in the environment.",
+ "displayName": "Customer defined Action Group Resource IDs"
+ },
+ "type": "array"
+ },
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_amba": true
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Resources/subscriptions",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ServiceHealthIncident",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "condition": "[empty(parameters('BYOActionGroup'))]",
+ "location": "global",
+ "name": "ServiceHealthIncident",
+ "properties": {
+ "actions": {
+ "actionGroups": [
+ {
+ "actionGroupId": "[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-SH-', subscription().displayName, '-001')]"
+ }
+ ]
+ },
+ "condition": {
+ "allOf": [
+ {
+ "equals": "ServiceHealth",
+ "field": "category"
+ },
+ {
+ "equals": "Incident",
+ "field": "properties.incidentType"
+ }
+ ]
+ },
+ "description": "Service Health Incident Alert",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ },
+ {
+ "apiVersion": "2020-10-01",
+ "condition": "[not(empty(parameters('BYOActionGroup')))]",
+ "location": "global",
+ "name": "ServiceHealthIncident",
+ "properties": {
+ "actions": {
+ "actionGroups": "[variables('varActionGroupIds')]"
+ },
+ "condition": {
+ "allOf": [
+ {
+ "equals": "ServiceHealth",
+ "field": "category"
+ },
+ {
+ "equals": "Incident",
+ "field": "properties.incidentType"
+ }
+ ]
+ },
+ "description": "Service Health Incident Alert",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {
+ "copy": [
+ {
+ "count": "[length(parameters('BYOActionGroup'))]",
+ "input": {
+ "actionGroupId": "[trim(parameters('BYOActionGroup')[copyIndex('varActionGroupIds')])]"
+ },
+ "mode": "serial",
+ "name": "varActionGroupIds"
+ }
+ ]
+ }
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": true,
+ "value": "[empty(parameters('BYOActionGroup'))]"
+ },
+ {
+ "contains": "ag-AMBA-SH-",
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": false,
+ "value": "[empty(parameters('BYOActionGroup'))]"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*]",
+ "where": {
+ "anyOf": [
+ {
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
+ "in": "[parameters('BYOActionGroup')]"
+ }
+ ]
+ }
+ },
+ "greaterOrEquals": 1
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "ServiceHealth",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": "properties.incidentType",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Incident",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 2
+ }
+ ]
+ },
+ "existenceScope": "resourcegroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_activitylog_ServiceHealth_Maintenance.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_ServiceHealth_Maintenance.alz_policy_definition.json
new file mode 100644
index 0000000..f007d2a
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_activitylog_ServiceHealth_Maintenance.alz_policy_definition.json
@@ -0,0 +1,410 @@
+{
+ "name": "Deploy_activitylog_ServiceHealth_Maintenance",
+ "properties": {
+ "description": "Policy to Deploy Service Health Maintenance Alert",
+ "displayName": "Deploy Service Health Maintenance Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Email addresses to send alerts to",
+ "displayName": "Action Group Email Addresses"
+ },
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "The Resource IDs of existing Action Groups currently deployed in the environment.",
+ "displayName": "Customer defined Action Group Resource IDs"
+ },
+ "type": "array"
+ },
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_amba": true
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Resources/subscriptions",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ServiceHealthMaintenance",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "condition": "[empty(parameters('BYOActionGroup'))]",
+ "location": "global",
+ "name": "ServiceHealthPlannedMaintenance",
+ "properties": {
+ "actions": {
+ "actionGroups": [
+ {
+ "actionGroupId": "[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-SH-', subscription().displayName, '-001')]"
+ }
+ ]
+ },
+ "condition": {
+ "allOf": [
+ {
+ "equals": "ServiceHealth",
+ "field": "category"
+ },
+ {
+ "equals": "Maintenance",
+ "field": "properties.incidentType"
+ }
+ ]
+ },
+ "description": "Service Health Planned Maintenance Alert",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ },
+ {
+ "apiVersion": "2020-10-01",
+ "condition": "[not(empty(parameters('BYOActionGroup')))]",
+ "location": "global",
+ "name": "ServiceHealthPlannedMaintenance",
+ "properties": {
+ "actions": {
+ "actionGroups": "[variables('varActionGroupIds')]"
+ },
+ "condition": {
+ "allOf": [
+ {
+ "equals": "ServiceHealth",
+ "field": "category"
+ },
+ {
+ "equals": "Maintenance",
+ "field": "properties.incidentType"
+ }
+ ]
+ },
+ "description": "Service Health Planned Maintenance Alert",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {
+ "copy": [
+ {
+ "count": "[length(parameters('BYOActionGroup'))]",
+ "input": {
+ "actionGroupId": "[trim(parameters('BYOActionGroup')[copyIndex('varActionGroupIds')])]"
+ },
+ "mode": "serial",
+ "name": "varActionGroupIds"
+ }
+ ]
+ }
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": true,
+ "value": "[empty(parameters('BYOActionGroup'))]"
+ },
+ {
+ "contains": "ag-AMBA-SH-",
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": false,
+ "value": "[empty(parameters('BYOActionGroup'))]"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*]",
+ "where": {
+ "anyOf": [
+ {
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
+ "in": "[parameters('BYOActionGroup')]"
+ }
+ ]
+ }
+ },
+ "greaterOrEquals": 1
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "ServiceHealth",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": "properties.incidentType",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Maintenance",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 2
+ }
+ ]
+ },
+ "existenceScope": "resourcegroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_activitylog_ServiceHealth_SecurityAdvisory.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_ServiceHealth_SecurityAdvisory.alz_policy_definition.json
new file mode 100644
index 0000000..2b6d146
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_activitylog_ServiceHealth_SecurityAdvisory.alz_policy_definition.json
@@ -0,0 +1,410 @@
+{
+ "name": "Deploy_activitylog_ServiceHealth_SecurityAdvisory",
+ "properties": {
+ "description": "Policy to Deploy Service Health Security Advisory Alert",
+ "displayName": "Deploy Service Health Security Advisory Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Email addresses to send alerts to",
+ "displayName": "Action Group Email Addresses"
+ },
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "The Resource IDs of existing Action Groups currently deployed in the environment.",
+ "displayName": "Customer defined Action Group Resource IDs"
+ },
+ "type": "array"
+ },
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_amba": true
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Resources/subscriptions",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ServiceSecurityIncident",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "type": "array"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "condition": "[empty(parameters('BYOActionGroup'))]",
+ "location": "global",
+ "name": "ServiceHealthSecurityIncident",
+ "properties": {
+ "actions": {
+ "actionGroups": [
+ {
+ "actionGroupId": "[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-SH-', subscription().displayName, '-001')]"
+ }
+ ]
+ },
+ "condition": {
+ "allOf": [
+ {
+ "equals": "ServiceHealth",
+ "field": "category"
+ },
+ {
+ "equals": "Security",
+ "field": "properties.incidentType"
+ }
+ ]
+ },
+ "description": "Service Health Security Alert",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ },
+ {
+ "apiVersion": "2020-10-01",
+ "condition": "[not(empty(parameters('BYOActionGroup')))]",
+ "location": "global",
+ "name": "ServiceHealthSecurityIncident",
+ "properties": {
+ "actions": {
+ "actionGroups": "[variables('varActionGroupIds')]"
+ },
+ "condition": {
+ "allOf": [
+ {
+ "equals": "ServiceHealth",
+ "field": "category"
+ },
+ {
+ "equals": "Security",
+ "field": "properties.incidentType"
+ }
+ ]
+ },
+ "description": "Service Health Security Alert",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {
+ "copy": [
+ {
+ "count": "[length(parameters('BYOActionGroup'))]",
+ "input": {
+ "actionGroupId": "[trim(parameters('BYOActionGroup')[copyIndex('varActionGroupIds')])]"
+ },
+ "mode": "serial",
+ "name": "varActionGroupIds"
+ }
+ ]
+ }
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": true,
+ "value": "[empty(parameters('BYOActionGroup'))]"
+ },
+ {
+ "contains": "ag-AMBA-SH-",
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": false,
+ "value": "[empty(parameters('BYOActionGroup'))]"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*]",
+ "where": {
+ "anyOf": [
+ {
+ "field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
+ "in": "[parameters('BYOActionGroup')]"
+ }
+ ]
+ }
+ },
+ "greaterOrEquals": 1
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "ServiceHealth",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": "properties.incidentType",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Security",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 2
+ }
+ ]
+ },
+ "existenceScope": "resourcegroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_activitylog_StorageAccount_Delete.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_StorageAccount_Delete.alz_policy_definition.json
new file mode 100644
index 0000000..ab02143
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_activitylog_StorageAccount_Delete.alz_policy_definition.json
@@ -0,0 +1,283 @@
+{
+ "name": "Deploy_activitylog_StorageAccount_Delete",
+ "properties": {
+ "description": "Policy to Deploy Activity Log Storage Account Delete Alert",
+ "displayName": "Deploy Activity Log Storage Account Delete Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.2.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name to disable monitoring on resource. Set to true if monitoring should be disabled",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_amba": true
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Storage/storageAccounts",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ActivitySADelete",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "location": "global",
+ "name": "Activity Log Storage Account Delete",
+ "properties": {
+ "condition": {
+ "allOf": [
+ {
+ "equals": "Administrative",
+ "field": "category"
+ },
+ {
+ "equals": "Microsoft.Storage/storageAccounts/delete",
+ "field": "operationName"
+ },
+ {
+ "containsAny": [
+ "succeeded"
+ ],
+ "field": "status"
+ }
+ ]
+ },
+ "description": "Activity Log Storage Account Delete",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Administrative",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": "operationName",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Microsoft.Storage/storageAccounts/delete",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 2
+ }
+ ]
+ },
+ "existenceScope": "resourcegroup",
+ "name": "Activity Log Storage Account Delete",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_definitions/Deploy_activitylog_VPNGateway_Delete.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_VPNGateway_Delete.alz_policy_definition.json
new file mode 100644
index 0000000..81acb5e
--- /dev/null
+++ b/platform/amba/policy_definitions/Deploy_activitylog_VPNGateway_Delete.alz_policy_definition.json
@@ -0,0 +1,282 @@
+{
+ "name": "Deploy_activitylog_VPNGateway_Delete",
+ "properties": {
+ "description": "Policy to Deploy Activity Log VPN Gateway Delete Alert",
+ "displayName": "Deploy Activity Log VPN Gateway Delete Alert",
+ "metadata": {
+ "_deployed_by_amba": "True",
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Network",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.0"
+ },
+ "mode": "All",
+ "parameters": {
+ "MonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "MonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "alertResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the Resource group the alert is placed in",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Resource group the alert is placed in",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "alertResourceGroupTags": {
+ "defaultValue": {
+ "Project": "amba-monitoring"
+ },
+ "metadata": {
+ "description": "Tags on the Resource group the alert is placed in",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "effect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Effect of the policy",
+ "displayName": "Effect"
+ },
+ "type": "String"
+ },
+ "enabled": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Alert State"
+ },
+ "type": "String"
+ }
+ },
+ "policyRule": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Network/vpnGateways",
+ "field": "type"
+ },
+ {
+ "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
+ "notIn": "[parameters('MonitorDisableTagValues')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "deployment": {
+ "location": "northeurope",
+ "properties": {
+ "mode": "incremental",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "value": "[parameters('alertResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('alertResourceGroupTags')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupLocation": {
+ "type": "string"
+ },
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "alertResourceGroupTags": {
+ "type": "object"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-04-01",
+ "location": "[parameters('alertResourceGroupLocation')]",
+ "name": "[parameters('alertResourceGroupName')]",
+ "tags": "[parameters('alertResourceGroupTags')]",
+ "type": "Microsoft.Resources/resourceGroups"
+ },
+ {
+ "apiVersion": "2019-10-01",
+ "dependsOn": [
+ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
+ ],
+ "name": "ActivityVPNGatewayDelete",
+ "properties": {
+ "mode": "Incremental",
+ "parameters": {
+ "alertResourceGroupName": {
+ "value": "[parameters('alertResourceGroupName')]"
+ },
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "alertResourceGroupName": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "string"
+ }
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-10-01",
+ "location": "global",
+ "name": "ActivityVPNGatewayDelete",
+ "properties": {
+ "condition": {
+ "allOf": [
+ {
+ "equals": "Administrative",
+ "field": "category"
+ },
+ {
+ "equals": "Microsoft.Network/vpnGateways/delete",
+ "field": "operationName"
+ },
+ {
+ "containsAny": [
+ "succeeded"
+ ],
+ "field": "status"
+ }
+ ]
+ },
+ "description": "Activity Log VPN Gateway Delete",
+ "enabled": "[parameters('enabled')]",
+ "parameters": {
+ "enabled": {
+ "value": "[parameters('enabled')]"
+ }
+ },
+ "scopes": [
+ "[subscription().id]"
+ ]
+ },
+ "tags": {
+ "_deployed_by_amba": true
+ },
+ "type": "microsoft.insights/activityLogAlerts"
+ }
+ ],
+ "variables": {}
+ }
+ },
+ "resourceGroup": "[parameters('alertResourceGroupName')]",
+ "type": "Microsoft.Resources/deployments"
+ }
+ ],
+ "variables": {}
+ }
+ }
+ },
+ "deploymentScope": "subscription",
+ "existenceCondition": {
+ "allOf": [
+ {
+ "equals": "[parameters('enabled')]",
+ "field": "Microsoft.Insights/ActivityLogAlerts/enabled"
+ },
+ {
+ "count": {
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
+ "where": {
+ "anyOf": [
+ {
+ "allOf": [
+ {
+ "equals": "category",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Administrative",
+ "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ },
+ {
+ "allOf": [
+ {
+ "equals": "operationName",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field"
+ },
+ {
+ "equals": "Microsoft.Network/vpnGateways/delete",
+ "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "equals": 2
+ }
+ ]
+ },
+ "existenceScope": "resourcegroup",
+ "resourceGroupName": "[parameters('alertResourceGroupName')]",
+ "roleDefinitionIds": [
+ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ],
+ "type": "Microsoft.Insights/activityLogAlerts"
+ },
+ "effect": "[parameters('effect')]"
+ }
+ },
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policyDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_set_definitions/Alerting-Connectivity.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-Connectivity.alz_policy_set_definition.json
new file mode 100644
index 0000000..6f33996
--- /dev/null
+++ b/platform/amba/policy_set_definitions/Alerting-Connectivity.alz_policy_set_definition.json
@@ -0,0 +1,5133 @@
+{
+ "name": "Alerting-Connectivity",
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Network components such as Azure Firewalls, ExpressRoute, VPN, and Private DNS Zones.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Connectivity",
+ "metadata": {
+ "_deployed_by_amba": true,
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.2"
+ },
+ "parameters": {
+ "AFWSNATPortUtilizationAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "AFW SNAT Port Utilization Alert Severity"
+ },
+ "type": "String"
+ },
+ "AFWSNATPortUtilizationAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "AFW SNAT Port Utilization Alert State"
+ },
+ "type": "string"
+ },
+ "AFWSNATPortUtilizationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "AFW SNAT Port Utilization Frequency"
+ },
+ "type": "string"
+ },
+ "AFWSNATPortUtilizationPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "AFW SNAT Port Utilization Policy Effect"
+ },
+ "type": "string"
+ },
+ "AFWSNATPortUtilizationThreshold": {
+ "defaultValue": "80",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "AFW SNAT Port Utilization Threshold"
+ },
+ "type": "string"
+ },
+ "AFWSNATPortUtilizationWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "AFW SNAT Port Utilization Window Size"
+ },
+ "type": "string"
+ },
+ "ALZMonitorDisableTagName": {
+ "defaultValue": "MonitorDisableTagName",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Location"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Name of the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_alz_monitor": true
+ },
+ "metadata": {
+ "description": "Tags to be applied to the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "ERCIRArpAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ERCIR Arp Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERCIRArpAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ERCIR Arp Availability Alert State"
+ },
+ "type": "string"
+ },
+ "ERCIRArpAvailabilityFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ERCIR Arp Availability Frequency"
+ },
+ "type": "string"
+ },
+ "ERCIRArpAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ERCIR ARP Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERCIRArpAvailabilityThreshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "ERCIR Arp Availability Threshold"
+ },
+ "type": "string"
+ },
+ "ERCIRArpAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ERCIR Arp Availability Window Size"
+ },
+ "type": "string"
+ },
+ "ERCIRBgpAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ERCIR Bgp Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERCIRBgpAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ERCIR Bgp Availability Alert State"
+ },
+ "type": "string"
+ },
+ "ERCIRBgpAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ERCIR Bgp Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "ERCIRBgpAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ERCIR Bgp Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERCIRBgpAvailabilityThreshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "ERCIR Bgp Availability Threshold"
+ },
+ "type": "string"
+ },
+ "ERCIRBgpAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ERCIR Bgp Availability Window Size"
+ },
+ "type": "string"
+ },
+ "ERCIRQoSDropBitsinPerSecAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ERC IRQoS Drop Bits in Per Sec Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERCIRQoSDropBitsinPerSecAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ERC IRQoS Drop Bits in Per Sec Alert State"
+ },
+ "type": "string"
+ },
+ "ERCIRQoSDropBitsinPerSecEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ERC IRQoS Drop Bits in Per Sec Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "ERCIRQoSDropBitsinPerSecEvaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "ERC IRQoS Drop Bits in Per Sec Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "ERCIRQoSDropBitsinPerSecFailingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "ERC IRQoS Drop Bits in Per Sec Failing Periods"
+ },
+ "type": "string"
+ },
+ "ERCIRQoSDropBitsinPerSecPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ERC IRQoS Drop Bits in Per Sec Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERCIRQoSDropBitsinPerSecWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ERC IRQoS Drop Bits in Per Sec Window Size"
+ },
+ "type": "string"
+ },
+ "ERCIRQoSDropBitsoutPerSecAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ERC IRQoS Drop Bits out Per Sec Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERCIRQoSDropBitsoutPerSecAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ERC IRQoS Drop Bits out Per Sec Alert State"
+ },
+ "type": "string"
+ },
+ "ERCIRQoSDropBitsoutPerSecEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ERC IRQoS Drop Bits out Per Sec Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "ERCIRQoSDropBitsoutPerSecEvaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "ERC IRQoS Drop Bits out Per Sec Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "ERCIRQoSDropBitsoutPerSecFailingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "ERC IRQoS Drop Bits out Per Sec Failing Periods"
+ },
+ "type": "string"
+ },
+ "ERCIRQoSDropBitsoutPerSecPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ERC IRQoS Drop Bits out Per Sec Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERCIRQoSDropBitsoutPerSecWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ERC IRQoS Drop Bits out Per Sec Window Size"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteBitsInAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ER Gw Express Route Bits In Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERGwExpressRouteBitsInAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ER Gw Express Route Bits In Alert State"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteBitsInEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ER Gw Express Route Bits In Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteBitsInPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ER Gw Express Route Bits In Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteBitsInThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "ER Gw Express Route Bits In Threshold"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteBitsInWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ER Gw Express Route Bits In Window Size"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteBitsOutAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ER Gw Express Route Bits Out Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERGwExpressRouteBitsOutAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ER Gw Express Route Bits Out Alert State"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteBitsOutEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ER Gw Express Route Bits Out Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteBitsOutPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ER Gw Express Route Bits Out Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteBitsOutThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "ER Gw Express Route Bits Out Threshold"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteBitsOutWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ER Gw Express Route Bits Out Window Size"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteCpuUtilAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ER Gw Express Route Cpu Util Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERGwExpressRouteCpuUtilAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ER Gw Express Route Cpu Util Alert State"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteCpuUtilEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ER Gw Express Route Cpu Util Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteCpuUtilPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ER Gw Express Route Cpu Util Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteCpuUtilThreshold": {
+ "defaultValue": "80",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "ER Gw Express Route Cpu Util Threshold"
+ },
+ "type": "string"
+ },
+ "ERGwExpressRouteCpuUtilWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ER Gw Express Route Cpu Util Window Size"
+ },
+ "type": "string"
+ },
+ "ERPBitsInPerSecondAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ERP Bits In Per Second Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERPBitsInPerSecondAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ERP Bits In Per Second Alert State"
+ },
+ "type": "string"
+ },
+ "ERPBitsInPerSecondEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ERP Bits In Per Second Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "ERPBitsInPerSecondPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ERP Bits In Per Second Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERPBitsInPerSecondWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ERP Bits In Per Second Window Size"
+ },
+ "type": "string"
+ },
+ "ERPBitsOutPerSecondAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ERP Bits Out Per Second Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERPBitsOutPerSecondAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ERP Bits Out Per Second Alert State"
+ },
+ "type": "string"
+ },
+ "ERPBitsOutPerSecondEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ERP Bits Out Per Second Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "ERPBitsOutPerSecondPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ERP Bits Out Per Second Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERPBitsOutPerSecondWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ERP Bits Out Per Second Window Size"
+ },
+ "type": "string"
+ },
+ "ERPLineProtocolAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ERP Line Protocol Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERPLineProtocolAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ERP Line Protocol Alert State"
+ },
+ "type": "string"
+ },
+ "ERPLineProtocolEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ERP Line Protocol Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "ERPLineProtocolPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ERP Line Protocol Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERPLineProtocolWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ERP Line Protocol Window Size"
+ },
+ "type": "string"
+ },
+ "ERPRxLightLevelHighAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ERP Rx Light Level High Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERPRxLightLevelHighAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ERP Rx Light Level High Alert State"
+ },
+ "type": "string"
+ },
+ "ERPRxLightLevelHighEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ERP Rx Light Level High Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "ERPRxLightLevelHighPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ERP Rx Light Level High Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERPRxLightLevelHighWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ERP Rx Light Level High Window Size"
+ },
+ "type": "string"
+ },
+ "ERPRxLightLevelLowAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ERP Rx Light Level Low Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERPRxLightLevelLowAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ERP Rx Light Level Low Alert State"
+ },
+ "type": "string"
+ },
+ "ERPRxLightLevelLowEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ERP Rx Light Level Low Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "ERPRxLightLevelLowPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ERP Rx Light Level Low Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERPRxLightLevelLowWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ERP Rx Light Level Low Window Size"
+ },
+ "type": "string"
+ },
+ "ERPTxLightLevelHighAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ERP Tx Light Level High Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERPTxLightLevelHighAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ERP Tx Light Level High Alert State"
+ },
+ "type": "string"
+ },
+ "ERPTxLightLevelHighEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ERP Tx Light Level High Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "ERPTxLightLevelHighPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ERP Tx Light Level High Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERPTxLightLevelHighWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ERP Tx Light Level High Window Size"
+ },
+ "type": "string"
+ },
+ "ERPTxLightLevelLowAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "ERP Tx Light Level Low Alert Severity"
+ },
+ "type": "String"
+ },
+ "ERPTxLightLevelLowAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ERP Tx Light Level Low Alert State"
+ },
+ "type": "string"
+ },
+ "ERPTxLightLevelLowEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "ERP Tx Light Level Low Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "ERPTxLightLevelLowPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "ERP Tx Light Level Low Policy Effect"
+ },
+ "type": "string"
+ },
+ "ERPTxLightLevelLowWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "ERP Tx Light Level Low Window Size"
+ },
+ "type": "string"
+ },
+ "FirewallHealthAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "Firewall Health Alert Severity"
+ },
+ "type": "String"
+ },
+ "FirewallHealthAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Firewall Health Alert State"
+ },
+ "type": "string"
+ },
+ "FirewallHealthEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Firewall Health Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "FirewallHealthPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Firewall Health Policy Effect"
+ },
+ "type": "string"
+ },
+ "FirewallHealthThreshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Firewall Health Threshold"
+ },
+ "type": "string"
+ },
+ "FirewallHealthWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Firewall Health Window Size"
+ },
+ "type": "string"
+ },
+ "LBDatapathAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "LB Data path Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "LBDatapathAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "LB Data path Availability Alert State"
+ },
+ "type": "string"
+ },
+ "LBDatapathAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "LB Data path Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "LBDatapathAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "LB Data path Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "LBDatapathAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "LB Data path Availability Window Size"
+ },
+ "type": "string"
+ },
+ "LBGlobalBackendAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "LB Global Backend Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "LBGlobalBackendAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "LB Global Backend Availability Alert State"
+ },
+ "type": "string"
+ },
+ "LBGlobalBackendAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "LB Global Backend Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "LBGlobalBackendAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "LB Global Backend Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "LBGlobalBackendAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "LB Global Backend Availability Window Size"
+ },
+ "type": "string"
+ },
+ "LBHealthProbeStatusAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "LB Health Probe Status Alert Severity"
+ },
+ "type": "String"
+ },
+ "LBHealthProbeStatusAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "LB Health Probe Status Alert State"
+ },
+ "type": "string"
+ },
+ "LBHealthProbeStatusEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "LB Health Probe Status Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "LBHealthProbeStatusPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "LB Health Probe Status Policy Effect"
+ },
+ "type": "string"
+ },
+ "LBHealthProbeStatusWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "LB Health Probe Status Window Size"
+ },
+ "type": "string"
+ },
+ "LBUsedSNATPortsAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "LB Used SNAT Ports Alert Severity"
+ },
+ "type": "String"
+ },
+ "LBUsedSNATPortsAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "LB Used SNAT Ports Alert State"
+ },
+ "type": "string"
+ },
+ "LBUsedSNATPortsEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "LB Used SNAT Ports Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "LBUsedSNATPortsPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "LB Used SNAT Ports Policy Effect"
+ },
+ "type": "string"
+ },
+ "LBUsedSNATPortsWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "LB Used SNAT Ports Window Size"
+ },
+ "type": "string"
+ },
+ "PDNSZCapacityUtilAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "PDNSZ Capacity Util Alert Severity"
+ },
+ "type": "String"
+ },
+ "PDNSZCapacityUtilAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "PDNSZ Capacity Util Alert State"
+ },
+ "type": "string"
+ },
+ "PDNSZCapacityUtilEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "PDNSZ Capacity Util Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "PDNSZCapacityUtilPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "PDNSZ Capacity Util Policy Effect"
+ },
+ "type": "string"
+ },
+ "PDNSZCapacityUtilThreshold": {
+ "defaultValue": "80",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "PDNSZ Capacity Util Threshold"
+ },
+ "type": "string"
+ },
+ "PDNSZCapacityUtilWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "PDNSZ Capacity Util Window Size"
+ },
+ "type": "string"
+ },
+ "PDNSZQueryVolumeAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "PDNSZ Query Volume Alert Severity"
+ },
+ "type": "String"
+ },
+ "PDNSZQueryVolumeAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "PDNSZ Query Volume Alert State"
+ },
+ "type": "string"
+ },
+ "PDNSZQueryVolumeEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "PDNSZ Query Volume Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "PDNSZQueryVolumePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "PDNSZ Query Volume Policy Effect"
+ },
+ "type": "string"
+ },
+ "PDNSZQueryVolumeThreshold": {
+ "defaultValue": "500",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "PDNSZ Query Volume Threshold"
+ },
+ "type": "string"
+ },
+ "PDNSZQueryVolumeWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "PDNSZ Query Volume Window Size"
+ },
+ "type": "string"
+ },
+ "PDNSZRecordSetCapacityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "PDNSZ Record Set Capacity Alert Severity"
+ },
+ "type": "String"
+ },
+ "PDNSZRecordSetCapacityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "PDNSZ Record Set Capacity Alert State"
+ },
+ "type": "string"
+ },
+ "PDNSZRecordSetCapacityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "PDNSZ Record Set Capacity Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "PDNSZRecordSetCapacityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "PDNSZ Record Set Capacity Policy Effect"
+ },
+ "type": "string"
+ },
+ "PDNSZRecordSetCapacityThreshold": {
+ "defaultValue": "80",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "PDNSZ Record Set Capacity Threshold"
+ },
+ "type": "string"
+ },
+ "PDNSZRecordSetCapacityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "PDNSZ Record Set Capacity Window Size"
+ },
+ "type": "string"
+ },
+ "PDNSZRegistrationCapacityUtilAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "PDNSZ Registration Capacity Util Alert Severity"
+ },
+ "type": "String"
+ },
+ "PDNSZRegistrationCapacityUtilAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "PDNSZ Registration Capacity Util Alert State"
+ },
+ "type": "string"
+ },
+ "PDNSZRegistrationCapacityUtilEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "PDNSZ Registration Capacity Util Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "PDNSZRegistrationCapacityUtilPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "PDNSZ Registration Capacity Util Policy Effect"
+ },
+ "type": "string"
+ },
+ "PDNSZRegistrationCapacityUtilThreshold": {
+ "defaultValue": "80",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "PDNSZ Registration Capacity Util Threshold"
+ },
+ "type": "string"
+ },
+ "PDNSZRegistrationCapacityUtilWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "PDNSZ Registration Capacity Util Window Size"
+ },
+ "type": "string"
+ },
+ "PIPBytesInDDoSAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "PIP Bytes In DDoS Alert Severity"
+ },
+ "type": "String"
+ },
+ "PIPBytesInDDoSAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "PIP Bytes In DDoS Alert State"
+ },
+ "type": "string"
+ },
+ "PIPBytesInDDoSEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "PIP Bytes In DDoS Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "PIPBytesInDDoSPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "PIP Bytes In DDoS Policy Effect"
+ },
+ "type": "string"
+ },
+ "PIPBytesInDDoSThreshold": {
+ "defaultValue": "8000000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "PIP Bytes In DDoS Threshold"
+ },
+ "type": "string"
+ },
+ "PIPBytesInDDoSWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "PIP Bytes In DDoS Window Size"
+ },
+ "type": "string"
+ },
+ "PIPDDoSAttackAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "PIP DDoS Attack Alert Severity"
+ },
+ "type": "String"
+ },
+ "PIPDDoSAttackAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "PIP DDoS Attack Alert State"
+ },
+ "type": "string"
+ },
+ "PIPDDoSAttackEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "PIP DDoS Attack Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "PIPDDoSAttackPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "PIP DDoS Attack Policy Effect"
+ },
+ "type": "string"
+ },
+ "PIPDDoSAttackThreshold": {
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "PIP DDoS Attack Threshold"
+ },
+ "type": "string"
+ },
+ "PIPDDoSAttackWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "PIP DDoS Attack Window Size"
+ },
+ "type": "string"
+ },
+ "PIPPacketsInDDoSAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "PIP Packets In DDoS Alert Severity"
+ },
+ "type": "String"
+ },
+ "PIPPacketsInDDoSAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "PIP Packets In DDoS Alert State"
+ },
+ "type": "string"
+ },
+ "PIPPacketsInDDoSEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "PIP Packets In DDoS Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "PIPPacketsInDDoSPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "PIP Packets In DDoS Policy Effect"
+ },
+ "type": "string"
+ },
+ "PIPPacketsInDDoSThreshold": {
+ "defaultValue": "40000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "PIP Packets In DDoS Threshold"
+ },
+ "type": "string"
+ },
+ "PIPPacketsInDDoSWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "PIP Packets In DDoS Window Size"
+ },
+ "type": "string"
+ },
+ "PIPVIPAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "PIP VIP Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "PIPVIPAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "PIP VIP Availability Alert State"
+ },
+ "type": "string"
+ },
+ "PIPVIPAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "PIP VIP Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "PIPVIPAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "PIP VIP Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "PIPVIPAvailabilityThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "PIP VIP Availability Threshold"
+ },
+ "type": "string"
+ },
+ "PIPVIPAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "PIP VIP Availability Window Size"
+ },
+ "type": "string"
+ },
+ "VNETDDOSAttackAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "VNET DDoS Attack Alert Severity"
+ },
+ "type": "String"
+ },
+ "VNETDDOSAttackAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "VNET DDoS Attack Alert State"
+ },
+ "type": "string"
+ },
+ "VNETDDOSAttackEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VNET DDoS Attack Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VNETDDOSAttackPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "VNET DDoS Attack Policy Effect"
+ },
+ "type": "string"
+ },
+ "VNETDDOSAttackThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VNET DDoS Attack Threshold"
+ },
+ "type": "string"
+ },
+ "VNETDDOSAttackWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VNET DDoS Attack Window Size"
+ },
+ "type": "string"
+ },
+ "VPNGWBandWidthUtilAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "VPN GW Band Width Util Alert Severity"
+ },
+ "type": "String"
+ },
+ "VPNGWBandWidthUtilAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "VPN GW Band Width Util Alert State"
+ },
+ "type": "string"
+ },
+ "VPNGWBandWidthUtilEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VPN GW Band Width Util Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VPNGWBandWidthUtilPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "VPN GW Band Width Util Policy Effect"
+ },
+ "type": "string"
+ },
+ "VPNGWBandWidthUtilThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VPN GW Band Width Util Threshold"
+ },
+ "type": "string"
+ },
+ "VPNGWBandWidthUtilWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VPN GW Band Width Util Window Size"
+ },
+ "type": "string"
+ },
+ "VPNGWEgressAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "VPN GW Egress Alert Severity"
+ },
+ "type": "String"
+ },
+ "VPNGWEgressAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "VPN GW Egress Alert State"
+ },
+ "type": "string"
+ },
+ "VPNGWEgressEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VPN GW Egress Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VPNGWEgressPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "VPN GW Egress Policy Effect"
+ },
+ "type": "string"
+ },
+ "VPNGWEgressThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VPN GW Egress Threshold"
+ },
+ "type": "string"
+ },
+ "VPNGWEgressWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VPN GW Egress Window Size"
+ },
+ "type": "string"
+ },
+ "VPNGWIngressAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "VPN GW Ingress Alert Severity"
+ },
+ "type": "string"
+ },
+ "VPNGWIngressAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "VPN GW Ingress Alert State"
+ },
+ "type": "string"
+ },
+ "VPNGWIngressAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "VPN GW Ingress Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "VPNGWIngressEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VPN GW Ingress Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VPNGWIngressPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "VPN GW Ingress Policy Effect"
+ },
+ "type": "string"
+ },
+ "VPNGWIngressThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VPN GW Ingress Threshold"
+ },
+ "type": "string"
+ },
+ "VPNGWIngressWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VPN GW Ingress Window Size"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelEgressPacketDropCountAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Count Alert Severity"
+ },
+ "type": "String"
+ },
+ "VPNGWTunnelEgressPacketDropCountAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Count Alert State"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelEgressPacketDropCountEvaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Count Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelEgressPacketDropCountFailingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Count Failing Periods"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelEgressPacketDropCountFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Count Frequency"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelEgressPacketDropCountPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Count Policy Effect"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelEgressPacketDropCountWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Count Window Size"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelEgressPacketDropMismatchAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Alert Severity"
+ },
+ "type": "String"
+ },
+ "VPNGWTunnelEgressPacketDropMismatchAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Alert State"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelEgressPacketDropMismatchEvaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelEgressPacketDropMismatchFailingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Failing Periods"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelEgressPacketDropMismatchFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Frequency"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelEgressPacketDropMismatchPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Policy Effect"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelEgressPacketDropMismatchWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Window Size"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelIngressPacketDropCountAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Count Alert Severity"
+ },
+ "type": "String"
+ },
+ "VPNGWTunnelIngressPacketDropCountAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Count Alert State"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelIngressPacketDropCountEvaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Count Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelIngressPacketDropCountFailingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Count Failing Periods"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelIngressPacketDropCountFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Count Frequency"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelIngressPacketDropCountPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Count Policy Effect"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelIngressPacketDropCountWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Count Window Size"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelIngressPacketDropMismatchAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Alert Severity"
+ },
+ "type": "String"
+ },
+ "VPNGWTunnelIngressPacketDropMismatchAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Alert State"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelIngressPacketDropMismatchEvaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelIngressPacketDropMismatchFailingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Failing Periods"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelIngressPacketDropMismatchFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Frequency"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelIngressPacketDropMismatchPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Policy Effect"
+ },
+ "type": "string"
+ },
+ "VPNGWTunnelIngressPacketDropMismatchWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Window Size"
+ },
+ "type": "string"
+ },
+ "VPNGwBGPPeerStatusAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "VPN Gw BGP Peer Status Alert Severity"
+ },
+ "type": "String"
+ },
+ "VPNGwBGPPeerStatusAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "VPN Gw BGP Peer Status Alert State"
+ },
+ "type": "string"
+ },
+ "VPNGwBGPPeerStatusEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VPN Gw BGP Peer Status Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VPNGwBGPPeerStatusPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "VPN Gw BGP Peer Status Policy Effect"
+ },
+ "type": "string"
+ },
+ "VPNGwBGPPeerStatusThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VPN Gw BGP Peer Status Threshold"
+ },
+ "type": "string"
+ },
+ "VPNGwBGPPeerStatusWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VPN Gw BGP Peer Status Window Size"
+ },
+ "type": "string"
+ },
+ "VnetGwERCpuUtilAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "Vnet Gw ER Cpu Util Alert Severity"
+ },
+ "type": "String"
+ },
+ "VnetGwERCpuUtilAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Vnet Gw ER Cpu Util Alert State"
+ },
+ "type": "string"
+ },
+ "VnetGwERCpuUtilEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Vnet Gw ER Cpu Util Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VnetGwERCpuUtilPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Vnet Gw ER Cpu Util Policy Effect"
+ },
+ "type": "string"
+ },
+ "VnetGwERCpuUtilThreshold": {
+ "defaultValue": "80",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Vnet Gw ER Cpu Util Threshold"
+ },
+ "type": "string"
+ },
+ "VnetGwERCpuUtilWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Vnet Gw ER Cpu Util Window Size"
+ },
+ "type": "string"
+ },
+ "VnetGwExpressRouteBitsPerSecondAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "Vnet Gw Express Route Bits Per Second Alert Severity"
+ },
+ "type": "String"
+ },
+ "VnetGwExpressRouteBitsPerSecondAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Vnet Gw Express Route Bits Per Second Alert State"
+ },
+ "type": "string"
+ },
+ "VnetGwExpressRouteBitsPerSecondEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Vnet Gw Express Route Bits Per Second Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VnetGwExpressRouteBitsPerSecondPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Vnet Gw Express Route Bits Per Second Policy Effect"
+ },
+ "type": "string"
+ },
+ "VnetGwExpressRouteBitsPerSecondThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Vnet Gw Express Route Bits Per Second Threshold"
+ },
+ "type": "string"
+ },
+ "VnetGwExpressRouteBitsPerSecondWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Vnet Gw Express Route Bits Per Second Window Size"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelBWAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "Vnet Gw Tunnel BW Alert Severity"
+ },
+ "type": "String"
+ },
+ "VnetGwTunnelBWAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Vnet Gw Tunnel BW Alert State"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelBWEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Vnet Gw Tunnel BW Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelBWPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Vnet Gw Tunnel BW Policy Effect"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelBWThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Vnet Gw Tunnel BW Threshold"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelBWWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Vnet Gw Tunnel BW Window Size"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "Vnet Gw Tunnel Egress Alert Severity"
+ },
+ "type": "String"
+ },
+ "VnetGwTunnelEgressAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Vnet Gw Tunnel Egress Alert State"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Vnet Gw Tunnel Egress Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressPacketDropCountAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Alert Severity"
+ },
+ "type": "String"
+ },
+ "VnetGwTunnelEgressPacketDropCountAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Alert State"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressPacketDropCountEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressPacketDropCountEvaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressPacketDropCountFailingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Failing Periods"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressPacketDropCountPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Policy Effect"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressPacketDropCountWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Window Size"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressPacketDropMismatchAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Alert Severity"
+ },
+ "type": "String"
+ },
+ "VnetGwTunnelEgressPacketDropMismatchAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Alert State"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressPacketDropMismatchEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressPacketDropMismatchEvaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressPacketDropMismatchFailingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Failing Periods"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressPacketDropMismatchPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Policy Effect"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressPacketDropMismatchWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Window Size"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Vnet Gw Tunnel Egress Policy Effect"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Vnet Gw Tunnel Egress Threshold"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelEgressWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Vnet Gw Tunnel Egress Window Size"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Alert Severity"
+ },
+ "type": "String"
+ },
+ "VnetGwTunnelIngressAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Alert State"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressPacketDropCountAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Alert Severity"
+ },
+ "type": "String"
+ },
+ "VnetGwTunnelIngressPacketDropCountAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Alert State"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressPacketDropCountEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressPacketDropCountEvaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressPacketDropCountFailingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Failing Periods"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressPacketDropCountPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Policy Effect"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressPacketDropCountWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Window Size"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressPacketDropMismatchAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Alert Severity"
+ },
+ "type": "String"
+ },
+ "VnetGwTunnelIngressPacketDropMismatchAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Alert State"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressPacketDropMismatchEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressPacketDropMismatchEvaluationPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressPacketDropMismatchFailingPeriods": {
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Failing Periods"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressPacketDropMismatchPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Policy Effect"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressPacketDropMismatchWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Window Size"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Policy Effect"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Threshold"
+ },
+ "type": "string"
+ },
+ "VnetGwTunnelIngressWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Vnet Gw Tunnel Ingress Window Size"
+ },
+ "type": "string"
+ },
+ "activityFWDeleteAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Activity FW Delete Alert State"
+ },
+ "type": "string"
+ },
+ "activityFWDeletePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Activity FW Delete Policy Effect"
+ },
+ "type": "string"
+ },
+ "activityNSGDeleteAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Activity NSG Delete Alert State"
+ },
+ "type": "string"
+ },
+ "activityNSGDeletePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Activity NSG Delete Policy Effect"
+ },
+ "type": "string"
+ },
+ "activityUDRUpdateAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Activity UDR Update Alert State"
+ },
+ "type": "string"
+ },
+ "activityUDRUpdatePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Activity UDR Update Policy Effect"
+ },
+ "type": "string"
+ },
+ "activityVPNGWDeleteAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Activity VPN GW Delete Alert State"
+ },
+ "type": "string"
+ },
+ "activityVPNGWDeletePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Activity VPN GW Delete Policy Effect"
+ },
+ "type": "string"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERCIRQoSDropBitsinPerSecPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERCIRQoSDropBitsinPerSecAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERCIRQoSDropBitsinPerSecEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('ERCIRQoSDropBitsinPerSecEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('ERCIRQoSDropBitsinPerSecFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('ERCIRQoSDropBitsinPerSecAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERCIRQoSDropBitsinPerSecWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERCIR_QosDropBitsInPerSecond_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERCIRQoSDropBitsinPerSec"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERCIRQoSDropBitsoutPerSecPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERCIRQoSDropBitsoutPerSecAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERCIRQoSDropBitsoutPerSecEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('ERCIRQoSDropBitsoutPerSecEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('ERCIRQoSDropBitsoutPerSecFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('ERCIRQoSDropBitsoutPerSecAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERCIRQoSDropBitsoutPerSecWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERCIR_QosDropBitsOutPerSecond_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERCIRQoSDropBitsoutPerSec"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VPNGwBGPPeerStatusPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VPNGwBGPPeerStatusAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VPNGwBGPPeerStatusEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('VPNGwBGPPeerStatusAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VPNGwBGPPeerStatusThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VPNGwBGPPeerStatusWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_BGPPeerStatus_Alert",
+ "policyDefinitionReferenceId": "ALZ_VPNGwBGPPeerStatus"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VnetGwERCpuUtilPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VnetGwERCpuUtilAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VnetGwERCpuUtilEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('VnetGwERCpuUtilAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VnetGwERCpuUtilThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VnetGwERCpuUtilWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_ExpressRouteCpuUtil_Alert",
+ "policyDefinitionReferenceId": "ALZ_VnetGwERCpuUtil"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VnetGwTunnelBWPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VnetGwTunnelBWAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VnetGwTunnelBWEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('VnetGwTunnelBWAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VnetGwTunnelBWThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VnetGwTunnelBWWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelBandwidth_Alert",
+ "policyDefinitionReferenceId": "ALZ_VnetGwTunnelBW"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VnetGwTunnelEgressPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VnetGwTunnelEgressAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VnetGwTunnelEgressEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('VnetGwTunnelEgressAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VnetGwTunnelEgressThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VnetGwTunnelEgressWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelEgress_Alert",
+ "policyDefinitionReferenceId": "ALZ_VnetGwTunnelEgress"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VnetGwTunnelIngressPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VnetGwTunnelIngressAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VnetGwTunnelIngressEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('VnetGwTunnelIngressAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VnetGwTunnelIngressThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VnetGwTunnelIngressWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelIngress_Alert",
+ "policyDefinitionReferenceId": "ALZ_VnetGwTunnelIngress"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VPNGWBandWidthUtilPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VPNGWBandWidthUtilAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VPNGWBandWidthUtilEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('VPNGWBandWidthUtilAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VPNGWBandWidthUtilThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VPNGWBandWidthUtilWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_BandwidthUtil_Alert",
+ "policyDefinitionReferenceId": "ALZ_VPNGWBandWidthUtil"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VPNGWEgressPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VPNGWEgressAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VPNGWEgressEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('VPNGWEgressAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VPNGWEgressThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VPNGWEgressWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_Egress_Alert",
+ "policyDefinitionReferenceId": "ALZ_VPNGWEgress"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropCountPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropCountAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropCountFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropCountEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropCountFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropCountAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropCountWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_TunnelEgressPacketDropCount_Alert",
+ "policyDefinitionReferenceId": "ALZ_VPNGWTunnelEgressPacketDropCount"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropMismatchPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropMismatchAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropMismatchFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropMismatchEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropMismatchFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropMismatchAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VPNGWTunnelEgressPacketDropMismatchWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert",
+ "policyDefinitionReferenceId": "ALZ_VPNGWTunnelEgressPacketDropMismatch"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('VPNGWIngressAutoMitigate')]"
+ },
+ "effect": {
+ "value": "[parameters('VPNGWIngressPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VPNGWIngressAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VPNGWIngressEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('VPNGWIngressAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VPNGWIngressThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VPNGWIngressWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_Ingress_Alert",
+ "policyDefinitionReferenceId": "ALZ_VPNGWIngress"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropCountPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropCountAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropCountFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropCountEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropCountFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropCountAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropCountWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_TunnelIngressPacketDropCount_Alert",
+ "policyDefinitionReferenceId": "ALZ_VPNGWTunnelIngressPacketDropCount"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropMismatchPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropMismatchAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropMismatchFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropMismatchEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropMismatchFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropMismatchAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VPNGWTunnelIngressPacketDropMismatchWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert",
+ "policyDefinitionReferenceId": "ALZ_VPNGWTunnelIngressPacketDropMismatch"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('PDNSZCapacityUtilPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('PDNSZCapacityUtilAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('PDNSZCapacityUtilEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('PDNSZCapacityUtilAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('PDNSZCapacityUtilThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('PDNSZCapacityUtilWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_PDNSZ_CapacityUtil_Alert",
+ "policyDefinitionReferenceId": "ALZ_PDNSZCapacityUtil"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('PDNSZQueryVolumePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('PDNSZQueryVolumeAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('PDNSZQueryVolumeEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('PDNSZQueryVolumeAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('PDNSZQueryVolumeThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('PDNSZQueryVolumeWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_PDNSZ_QueryVolume_Alert",
+ "policyDefinitionReferenceId": "ALZ_PDNSZQueryVolume"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('PDNSZRecordSetCapacityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('PDNSZRecordSetCapacityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('PDNSZRecordSetCapacityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('PDNSZRecordSetCapacityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('PDNSZRecordSetCapacityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('PDNSZRecordSetCapacityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_PDNSZ_RecordSetCapacity_Alert",
+ "policyDefinitionReferenceId": "ALZ_PDNSZRecordSetCapacity"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('PDNSZRegistrationCapacityUtilPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('PDNSZRegistrationCapacityUtilAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('PDNSZRegistrationCapacityUtilEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('PDNSZRegistrationCapacityUtilAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('PDNSZRegistrationCapacityUtilThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('PDNSZRegistrationCapacityUtilWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_DNSZ_RegistrationCapacityUtil_Alert",
+ "policyDefinitionReferenceId": "ALZ_PDNSZRegistrationCapacityUtil"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERGwExpressRouteBitsInPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERGwExpressRouteBitsInAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERGwExpressRouteBitsInEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('ERGwExpressRouteBitsInAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('ERGwExpressRouteBitsInThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERGwExpressRouteBitsInWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERGw_ExpressRouteBitsIn_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERGwExpressRouteBitsIn"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERGwExpressRouteBitsOutPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERGwExpressRouteBitsOutAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERGwExpressRouteBitsOutEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('ERGwExpressRouteBitsOutAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('ERGwExpressRouteBitsOutThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERGwExpressRouteBitsOutWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERGw_ExpressRouteBitsOut_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERGwExpressRouteBitsOut"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERGwExpressRouteCpuUtilPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERGwExpressRouteCpuUtilAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERGwExpressRouteCpuUtilEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('ERGwExpressRouteCpuUtilAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('ERGwExpressRouteCpuUtilThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERGwExpressRouteCpuUtilWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERGw_ExpressRouteCpuUtil_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERGwExpressRouteCpuUtil"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropCountPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropCountAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropCountEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropCountEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropCountFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropCountAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropCountWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelEgressPacketDropCount_Alert",
+ "policyDefinitionReferenceId": "ALZ_VnetGwTunnelEgressPacketDropCount"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropMismatchPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropMismatchAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropMismatchEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropMismatchEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropMismatchFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropMismatchAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VnetGwTunnelEgressPacketDropMismatchWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert",
+ "policyDefinitionReferenceId": "ALZ_VnetGwTunnelEgressPacketDropMismatch"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VnetGwExpressRouteBitsPerSecondPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VnetGwExpressRouteBitsPerSecondAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VnetGwExpressRouteBitsPerSecondEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('VnetGwExpressRouteBitsPerSecondAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VnetGwExpressRouteBitsPerSecondThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VnetGwExpressRouteBitsPerSecondWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert",
+ "policyDefinitionReferenceId": "ALZ_VnetGwExpressRouteBitsPerSecond"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropMismatchPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropMismatchAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropMismatchEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropMismatchEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropMismatchFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropMismatchAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropMismatchWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert",
+ "policyDefinitionReferenceId": "ALZ_VnetGwTunnelIngressPacketDropMismatch"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropCountPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropCountAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropCountEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropCountEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropCountFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropCountAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VnetGwTunnelIngressPacketDropCountWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelIngressPacketDropCount_Alert",
+ "policyDefinitionReferenceId": "ALZ_VnetGwTunnelIngressPacketDropCount"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERCIRBgpAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERCIRBgpAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERCIRBgpAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('ERCIRBgpAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('ERCIRBgpAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERCIRBgpAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERCIR_BgpAvailability_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERCIRBgpAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERCIRArpAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERCIRArpAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERCIRArpAvailabilityFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('ERCIRArpAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('ERCIRArpAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERCIRArpAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERCIR_ArpAvailability_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERCIRArpAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('AFWSNATPortUtilizationPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('AFWSNATPortUtilizationAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('AFWSNATPortUtilizationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('AFWSNATPortUtilizationAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('AFWSNATPortUtilizationThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('AFWSNATPortUtilizationWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AFW_SNATPortUtilization_Alert",
+ "policyDefinitionReferenceId": "ALZ_AFWSNATPortUtilization"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('PIPBytesInDDoSPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('PIPBytesInDDoSAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('PIPBytesInDDoSEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('PIPBytesInDDoSAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('PIPBytesInDDoSThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('PIPBytesInDDoSWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_BytesInDDoSAttack_Alert",
+ "policyDefinitionReferenceId": "ALZ_PIPBytesInDDoSEvaluationFrequency"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('PIPDDoSAttackPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('PIPDDoSAttackAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('PIPDDoSAttackEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('PIPDDoSAttackAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('PIPDDoSAttackThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('PIPDDoSAttackWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_DDoSAttack_Alert",
+ "policyDefinitionReferenceId": "ALZ_PIPDDoSAttack"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('PIPPacketsInDDoSPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('PIPPacketsInDDoSAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('PIPPacketsInDDoSEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('PIPPacketsInDDoSAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('PIPPacketsInDDoSThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('PIPPacketsInDDoSWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_PacketsInDDoSAttack_Alert",
+ "policyDefinitionReferenceId": "ALZ_PIPPacketsInDDoS"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('PIPVIPAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('PIPVIPAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('PIPVIPAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('PIPVIPAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('PIPVIPAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('PIPVIPAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_VIPAvailability_Alert",
+ "policyDefinitionReferenceId": "ALZ_PIPVIPAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VNETDDOSAttackPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VNETDDOSAttackAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VNETDDOSAttackEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('VNETDDOSAttackAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VNETDDOSAttackThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VNETDDOSAttackWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VNET_DDoSAttack_Alert",
+ "policyDefinitionReferenceId": "ALZ_VNETDDOSAttack"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('FirewallHealthPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('FirewallHealthAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('FirewallHealthEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('FirewallHealthAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('FirewallHealthThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('FirewallHealthWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AFW_FirewallHealth_Alert",
+ "policyDefinitionReferenceId": "ALZ_FirewallHealth"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('activityFWDeletePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('activityFWDeleteAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_Firewall_Delete",
+ "policyDefinitionReferenceId": "ALZ_activityFWDelete"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('activityNSGDeletePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('activityNSGDeleteAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_NSG_Delete",
+ "policyDefinitionReferenceId": "ALZ_activityNSGDelete"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('activityUDRUpdatePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('activityUDRUpdateAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_RouteTable_Update",
+ "policyDefinitionReferenceId": "ALZ_activityUDRUpdate"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('activityVPNGWDeletePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('activityVPNGWDeleteAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_VPNGateway_Delete",
+ "policyDefinitionReferenceId": "ALZ_activityVPNGWDelete"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('LBDataPathAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('LBDataPathAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('LBDataPathAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('LBDataPathAvailabilityAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('LBDataPathAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ALB_DataPathAvailability_Alert",
+ "policyDefinitionReferenceId": "ALZ_LBDataPathAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('LBGlobalBackendAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('LBGlobalBackendAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('LBGlobalBackendAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('LBGlobalBackendAvailabilityAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('LBGlobalBackendAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ALB_GlobalBackendAvailability_Alert",
+ "policyDefinitionReferenceId": "ALZ_LBGlobalBackendAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('LBHealthProbeStatusPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('LBHealthProbeStatusAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('LBHealthProbeStatusEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('LBHealthProbeStatusAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('LBHealthProbeStatusWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ALB_HealthProbeStatus_Alert",
+ "policyDefinitionReferenceId": "ALZ_LBHealthProbeStatus"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('LBUsedSNATPortsPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('LBUsedSNATPortsAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('LBUsedSNATPortsEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('LBUsedSNATPortsAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('LBUsedSNATPortsWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ALB_UsedSNATPorts_Alert",
+ "policyDefinitionReferenceId": "ALZ_LBUsedSNATPorts"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERPBitsInPerSecondPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERPBitsInPerSecondAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERPBitsInPerSecondEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('ERPBitsInPerSecondAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERPBitsInPerSecondWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERP_ExpressRouteBitsIn_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERPBitsInPerSecond"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERPBitsOutPerSecondPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERPBitsOutPerSecondAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERPBitsOutPerSecondEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('ERPBitsOutPerSecondAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERPBitsOutPerSecondWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERP_ExpressRouteBitsOut_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERPBitsOutPerSecond"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERPLineProtocolPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERPLineProtocolAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERPLineProtocolEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('ERPLineProtocolAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERPLineProtocolWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERP_ExpressRoutLineProtocol_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERPLineProtocol"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERPRxLightLevelHighPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERPRxLightLevelHighAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERPRxLightLevelHighEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('ERPRxLightLevelHighAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERPRxLightLevelHighWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERP_ExpressRoutRxLightLevel_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERPRxLightLevelHigh"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERPRxLightLevelLowPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERPRxLightLevelLowAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERPRxLightLevelLowEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('ERPRxLightLevelLowAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERPRxLightLevelLowWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERP_ExpressRoutRxLightLevellow_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERPRxLightLevelLow"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERPTxLightLevelHighPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERPTxLightLevelHighAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERPTxLightLevelHighEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('ERPTxLightLevelHighAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERPTxLightLevelHighWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERP_ExpressRoutTxLightLevell_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERPTxLightLevelHigh"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('ERPTxLightLevelLowPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ERPTxLightLevelLowAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('ERPTxLightLevelLowEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('ERPTxLightLevelLowAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('ERPTxLightLevelLowWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERP_ExpressRoutTxLightLevellow_Alert",
+ "policyDefinitionReferenceId": "ALZ_ERPTxLightLevelLow"
+ }
+ ],
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policySetDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_set_definitions/Alerting-HybridVM.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-HybridVM.alz_policy_set_definition.json
new file mode 100644
index 0000000..2e77286
--- /dev/null
+++ b/platform/amba/policy_set_definitions/Alerting-HybridVM.alz_policy_set_definition.json
@@ -0,0 +1,2579 @@
+{
+ "name": "Alerting-HybridVM",
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Hybrid VMs",
+ "metadata": {
+ "_deployed_by_amba": true,
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.1"
+ },
+ "parameters": {
+ "ALZManagementSubscriptionId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The subscription ID of the management subscription where the user assigned managed identity will be created."
+ },
+ "type": "string"
+ },
+ "ALZMonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Location"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Name of the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_alz_monitor": true
+ },
+ "metadata": {
+ "description": "Tags for the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "ALZUserAssignedManagedIdentityName": {
+ "defaultValue": "id-AMBA-ARG-Reader-001",
+ "metadata": {
+ "description": "The name of the user assigned managed identity to be created for monitoring purpose.",
+ "displayName": "Name of the user assigned managed identity to be created."
+ },
+ "type": "string"
+ },
+ "BYOUserAssignedManagedIdentityResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity provided by the customer.",
+ "displayName": "Customer defined User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskReadLatencyAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Data Disk Read Latency",
+ "displayName": "Hybrid VM Data Disk Read Latency Alert Severity"
+ },
+ "type": "String"
+ },
+ "HybridVMDataDiskReadLatencyAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "Hybrid VM Data Disk Read Latency Alert State"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskReadLatencyAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Hybrid VM Data Disk Read Latency Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskReadLatencyAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Hybrid VM Data Disk Read Latency Auto Resolve"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskReadLatencyAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "Hybrid VM Data Disk Read Latency Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskReadLatencyComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "Hybrid VM Data Disk Read Latency Computers To Include"
+ },
+ "type": "array"
+ },
+ "HybridVMDataDiskReadLatencyEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Hybrid VM Data Disk Read Latency Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskReadLatencyEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "Hybrid VM Data Disk Read Latency Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskReadLatencyFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "Hybrid VM Data Disk Read Latency Failing Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskReadLatencyOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "Hybrid VM Data Disk Read Latency Operator"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskReadLatencyPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Hybrid VM Data Disk Read Latency Policy Effect"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskReadLatencyThreshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Hybrid VM Data Disk Read Latency Threshold"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskReadLatencyTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "Hybrid VM Data Disk Read Latency Time Aggregation"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskReadLatencyWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Hybrid VM Data Disk Read Latency Window Size"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskSpaceAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Data Disk Space",
+ "displayName": "Hybrid VM Data Disk Space Alert Severity"
+ },
+ "type": "String"
+ },
+ "HybridVMDataDiskSpaceAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "Hybrid VM Data Disk Space Alert State"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskSpaceAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Hybrid VM Data Disk Space Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskSpaceAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Hybrid VM Data Disk Space Auto Resolve"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskSpaceAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "Hybrid VM Data Disk Space Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskSpaceComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "Hybrid VM Data Disk Space Computers To Include"
+ },
+ "type": "array"
+ },
+ "HybridVMDataDiskSpaceEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Hybrid VM Data Disk Space Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskSpaceEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "Hybrid VM Data Disk Space Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskSpaceFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "Hybrid VM Data Disk Space Failing Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskSpaceOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "Hybrid VM Data Disk Space Operator"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskSpacePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Hybrid VM Data Disk Space Policy Effect"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskSpaceThreshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Hybrid VM Data Disk Space Threshold"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskSpaceTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "Hybrid VM Data Disk Space Time Aggregation"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskSpaceWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Hybrid VM Data Disk Space Window Size"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskWriteLatencyAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Data Disk Write Latency",
+ "displayName": "Hybrid VM Data Disk Write Latency Alert Severity"
+ },
+ "type": "String"
+ },
+ "HybridVMDataDiskWriteLatencyAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "Hybrid VM Data Disk Write Latency Alert State"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskWriteLatencyAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Hybrid VM Data Disk Write Latency Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskWriteLatencyAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Hybrid VM Data Disk Write Latency Auto Resolve"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskWriteLatencyAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "Hybrid VM Data Disk Write Latency Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskWriteLatencyComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "Hybrid VM Data Disk Write Latency Computers To Include"
+ },
+ "type": "array"
+ },
+ "HybridVMDataDiskWriteLatencyEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Hybrid VM Data Disk Write Latency Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskWriteLatencyEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "Hybrid VM Data Disk Write Latency Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskWriteLatencyFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "Hybrid VM Data Disk Write Latency Failing Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskWriteLatencyOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "Hybrid VM Data Disk Write Latency Operator"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskWriteLatencyPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Hybrid VM Data Disk Write Latency Policy Effect"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskWriteLatencyThreshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Hybrid VM Data Disk Write Latency Threshold"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskWriteLatencyTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "Hybrid VM Data Disk Write Latency Time Aggregation"
+ },
+ "type": "string"
+ },
+ "HybridVMDataDiskWriteLatencyWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Hybrid VM Data Disk Write Latency Window Size"
+ },
+ "type": "string"
+ },
+ "HybridVMDisconnectedAlertAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the Hybrid VM Disconnected alert",
+ "displayName": "Hybrid VM Disconnected Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "HybridVMDisconnectedAlertEvaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT10M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT2H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT10M",
+ "metadata": {
+ "description": "Evaluation frequency for the Hybrid VM Disconnected alert",
+ "displayName": "Hybrid VM Disconnected Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HybridVMDisconnectedAlertEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the Hybrid VM Disconnected alert",
+ "displayName": "Hybrid VM Disconnected Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMDisconnectedAlertFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the Hybrid VM Disconnected alert",
+ "displayName": "Hybrid VM Disconnected Failing Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMDisconnectedAlertOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the Hybrid VM Disconnected alert",
+ "displayName": "Hybrid VM Disconnected Operator"
+ },
+ "type": "string"
+ },
+ "HybridVMDisconnectedAlertPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Hybrid VM Disconnected Policy Effect"
+ },
+ "type": "string"
+ },
+ "HybridVMDisconnectedAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the Hybrid VM Disconnected alert",
+ "displayName": "Hybrid VM Disconnected Alert Severity"
+ },
+ "type": "String"
+ },
+ "HybridVMDisconnectedAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "Hybrid VM Disconnected Alert State"
+ },
+ "type": "string"
+ },
+ "HybridVMDisconnectedAlertThreshold": {
+ "allowedValues": [
+ "5m",
+ "10m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "3h",
+ "6h",
+ "12h",
+ "1d",
+ "2d",
+ "3d",
+ "7d"
+ ],
+ "defaultValue": "10m",
+ "metadata": {
+ "description": "Threshold in timespan value for the Hybrid VM Disconnected alert",
+ "displayName": "Hybrid VM Disconnected Threshold (expressed in timespan)"
+ },
+ "type": "string"
+ },
+ "HybridVMDisconnectedAlertTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the Hybrid VM Disconnected alert",
+ "displayName": "Hybrid VM Disconnected Time Aggregation"
+ },
+ "type": "string"
+ },
+ "HybridVMDisconnectedAlertWindowSize": {
+ "allowedValues": [
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "P1D",
+ "metadata": {
+ "description": "Window size for the Hybrid VM Disconnected alert",
+ "displayName": "Hybrid VM Disconnected Window Size"
+ },
+ "type": "string"
+ },
+ "HybridVMHeartBeatRGAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert for VM Heart Beat RG",
+ "displayName": "Hybrid VM Heart Beat RG Alert Severity"
+ },
+ "type": "String"
+ },
+ "HybridVMHeartBeatRGAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Hybrid VM Heart Beat RG Alert State"
+ },
+ "type": "string"
+ },
+ "HybridVMHeartBeatRGAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Hybrid VM Heart Beat RG Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "HybridVMHeartBeatRGAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Hybrid VM Heart Beat RG Auto Resolve"
+ },
+ "type": "string"
+ },
+ "HybridVMHeartBeatRGAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "Hybrid VM Heart Beat RG Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "HybridVMHeartBeatRGComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "Hybrid VM Heart Beat RG Computers To Include"
+ },
+ "type": "array"
+ },
+ "HybridVMHeartBeatRGEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Hybrid VM Heart Beat RG Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HybridVMHeartBeatRGFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "HybridVM Heart Beat RG Failing Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMHeartBeatRGOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "Hybrid VM Heart Beat RG Operator"
+ },
+ "type": "string"
+ },
+ "HybridVMHeartBeatRGPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Hybrid VM Heart Beat RG Policy Effect"
+ },
+ "type": "string"
+ },
+ "HybridVMHeartBeatRGThreshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Hybrid VM Heart Beat RG Threshold"
+ },
+ "type": "string"
+ },
+ "HybridVMHeartBeatRGTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "Hybrid VM Heart Beat RG Time Aggregation"
+ },
+ "type": "string"
+ },
+ "HybridVMHeartBeatRGWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Hybrid VM Heart Beat RG Window Size"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkInAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Network In",
+ "displayName": "Hybrid VM Network In Alert Severity"
+ },
+ "type": "String"
+ },
+ "HybridVMNetworkInAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Hybrid VM Network In Alert State"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkInAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Hybrid VM Network In Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkInAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Hybrid VM Network In Auto Resolve"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkInAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "Hybrid VM Network In Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkInComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "Hybrid VM Network In Computers To Include"
+ },
+ "type": "array"
+ },
+ "HybridVMNetworkInEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Hybrid VM Network In Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkInEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "Hybrid VM Network In Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkInFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "Hybrid VM Network In Failing Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkInOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "Hybrid VM Network In Operator"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkInPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Hybrid VM Network In Policy Effect"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkInThreshold": {
+ "defaultValue": "10000000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Hybrid VM Network In Threshold"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkInTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "Hybrid VM Network In Time Aggregation"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkInWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Hybrid VM Network In Window Size"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkOutAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Network Out",
+ "displayName": "Hybrid VM Network Out Alert Severity"
+ },
+ "type": "String"
+ },
+ "HybridVMNetworkOutAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "Hybrid VM Network Out Alert State"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkOutAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Hybrid VM Network Out Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkOutAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Hybrid VM Network Out Auto Resolve"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkOutAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "Hybrid VM Network Out Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkOutComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "Hybrid VM Network Out Computers To Include"
+ },
+ "type": "array"
+ },
+ "HybridVMNetworkOutEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Hybrid VM Network Out Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkOutEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "Hybrid VM Network Out Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkOutFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "Hybrid VM Network Out Failing Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkOutOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "Hybrid VM Network Out Operator"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkOutPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Hybrid VM Network Out Policy Effect"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkOutThreshold": {
+ "defaultValue": "10000000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Hybrid VM Network Out Threshold"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkOutTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "Hybrid VM Network Out Time Aggregation"
+ },
+ "type": "string"
+ },
+ "HybridVMNetworkOutWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Hybrid VM Network Out Window Size"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskReadLatencyAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM OS Disk Read Latency",
+ "displayName": "Hybrid VM OS Disk Read Latency Alert Severity"
+ },
+ "type": "String"
+ },
+ "HybridVMOSDiskReadLatencyAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "Hybrid VM OS Disk Read Latency Alert State"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskReadLatencyAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Hybrid VM OS Disk Read Latency Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskReadLatencyAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Hybrid VM OS Disk Read Latency Auto Resolve"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskReadLatencyAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "Hybrid VM OS Disk Read Latency Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskReadLatencyComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "Hybrid VM OS Disk Read Latency Computers To Include"
+ },
+ "type": "array"
+ },
+ "HybridVMOSDiskReadLatencyEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Hybrid VM OS Disk Read Latency Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskReadLatencyEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "Hybrid VM OS Disk Read Latency Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskReadLatencyFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "Hybrid VM OS Disk Read Latency Failing Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskReadLatencyOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "Hybrid VM OS Disk Read Latency Operator"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskReadLatencyPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Hybrid VM OS Disk Read Latency Policy Effect"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskReadLatencyThreshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Hybrid VM OS Disk Read Latency Threshold"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskReadLatencyTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "Hybrid VM OS Disk Read Latency Time Aggregation"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskReadLatencyWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Hybrid VM OS Disk Read Latency Window Size"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskSpaceAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM OS Disk Space",
+ "displayName": "Hybrid VM OS Disk Space Alert Severity"
+ },
+ "type": "String"
+ },
+ "HybridVMOSDiskSpaceAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "Hybrid VM OS Disk Space Alert State"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskSpaceAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Hybrid VM OS Disk Space Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskSpaceAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Hybrid VM OS Disk Space Auto Resolve"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskSpaceAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "Hybrid VM OS Disk Space Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskSpaceComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "Hybrid VM OS Disk Space Computers To Include"
+ },
+ "type": "array"
+ },
+ "HybridVMOSDiskSpaceEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Hybrid VM OS Disk Space Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskSpaceEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "Hybrid VM OS Disk Space Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskSpaceFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "Hybrid VM OS Disk Space Failing Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskSpaceOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "Hybrid VM OS Disk Space Operator"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskSpacePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Hybrid VM OS Disk Space Policy Effect"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskSpaceThreshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Hybrid VM OS Disk Space Threshold"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskSpaceTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "Hybrid VM OS Disk Space Time Aggregation"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskSpaceWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Hybrid VM OS Disk Space Window Size"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskWriteLatencyAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM OS Disk Write Latency",
+ "displayName": "Hybrid VM OS Disk Write Latency Alert Severity"
+ },
+ "type": "String"
+ },
+ "HybridVMOSDiskWriteLatencyAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "Hybrid VM OS Disk Write Latency Alert State"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskWriteLatencyAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Hybrid VM OS Disk Write Latency Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskWriteLatencyAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Hybrid VM OS Disk Write Latency Auto Resolve"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskWriteLatencyAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "Hybrid VM OS Disk Write Latency Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskWriteLatencyComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "Hybrid VM OS Disk Write Latency Computers To Include"
+ },
+ "type": "array"
+ },
+ "HybridVMOSDiskWriteLatencyEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Hybrid VM OS Disk Write Latency Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskWriteLatencyEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "Hybrid VM OS Disk Write Latency Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskWriteLatencyFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "Hybrid VM OS Disk Write Latency Failing Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskWriteLatencyOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "Hybrid VM OS Disk Write Latency Operator"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskWriteLatencyPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Hybrid VM OS Disk Write Latency Policy Effect"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskWriteLatencyThreshold": {
+ "defaultValue": "50",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Hybrid VM OS Disk Write Latency Threshold"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskWriteLatencyTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "Hybrid VM OS Disk Write Latency Time Aggregation"
+ },
+ "type": "string"
+ },
+ "HybridVMOSDiskWriteLatencyWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Hybrid VM OS Disk Write Latency Window Size"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentCPUAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Percent CPU",
+ "displayName": "Hybrid VM Percent CPU Alert Severity"
+ },
+ "type": "String"
+ },
+ "HybridVMPercentCPUAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "Hybrid VM Percent CPU Alert State"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentCPUAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Hybrid VM Percent CPU Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentCPUAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Hybrid VM Percent CPU Auto Resolve"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentCPUAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "Hybrid VM Percent CPU Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentCPUEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Hybrid VM Percent CPU Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentCPUFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "Hybrid VM Percent CPU Failing Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentCPUOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "Hybrid VM Percent CPU Operator"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentCPUPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Hybrid VM Percent CPU Policy Effect"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentCPUThreshold": {
+ "defaultValue": "85",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Hybrid VM Percent CPU Threshold"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentCPUTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "Hybrid VM Percent CPU Time Aggregation"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentCPUWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Hybrid VM Percent CPU Window Size"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentMemoryAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Percent Memory",
+ "displayName": "Hybrid VM Percent Memory Alert Severity"
+ },
+ "type": "String"
+ },
+ "HybridVMPercentMemoryAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "Hybrid VM Percent Memory Alert State"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentMemoryAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Hybrid VM Percent Memory Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentMemoryAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "Hybrid VM Percent Memory Auto Resolve"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentMemoryAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "Hybrid VM Percent Memory Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentMemoryEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Hybrid VM Percent Memory Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentMemoryFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "Hybrid VM Percent Memory Failing Periods"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentMemoryOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "Hybrid VM Percent Memory Operator"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentMemoryPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Hybrid VM Percent Memory Policy Effect"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentMemoryThreshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Hybrid VM Percent Memory Threshold"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentMemoryTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "Hybrid VM Percent Memory Time Aggregation"
+ },
+ "type": "string"
+ },
+ "HybridVMPercentMemoryWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Hybrid VM Percent Memory Window Size"
+ },
+ "type": "string"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('HybridVMHeartBeatRGAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('HybridVMHeartBeatRGAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('HybridVMHeartBeatRGAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('HybridVMHeartBeatRGComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('HybridVMHeartBeatRGPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HybridVMHeartBeatRGAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HybridVMHeartBeatRGEvaluationFrequency')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('HybridVMHeartBeatRGFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('HybridVMHeartBeatRGOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('HybridVMHeartBeatRGAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HybridVMHeartBeatRGThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('HybridVMHeartBeatRGTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HybridVMHeartBeatRGWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Hybrid_VM_HeartBeat_Alert",
+ "policyDefinitionReferenceId": "ALZ_HybridVMHeartBeatRG"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('HybridVMNetworkInAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('HybridVMNetworkInAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('HybridVMNetworkInAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('HybridVMNetworkInComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('HybridVMNetworkInPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HybridVMNetworkInAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HybridVMNetworkInEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('HybridVMNetworkInEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('HybridVMNetworkInFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('HybridVMNetworkInOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('HybridVMNetworkInAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HybridVMNetworkInThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('HybridVMNetworkInTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HybridVMNetworkInWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Hybrid_VM_NetworkIn_Alert",
+ "policyDefinitionReferenceId": "ALZ_HybridVMNetworkIn"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('HybridVMNetworkOutAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('HybridVMNetworkOutAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('HybridVMNetworkOutAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('HybridVMNetworkOutComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('HybridVMNetworkOutPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HybridVMNetworkOutAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HybridVMNetworkOutEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('HybridVMNetworkOutEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('HybridVMNetworkOutFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('HybridVMNetworkOutOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('HybridVMNetworkOutAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HybridVMNetworkOutThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('HybridVMNetworkOutTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HybridVMNetworkOutWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Hybrid_VM_NetworkOut_Alert",
+ "policyDefinitionReferenceId": "ALZ_HybridVMNetworkOut"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HybridVMOSDiskReadLatencyWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Hybrid_VM_OSDiskreadLatency_Alert",
+ "policyDefinitionReferenceId": "ALZ_HybridVMOSDiskReadLatency"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HybridVMOSDiskWriteLatencyWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Hybrid_VM_OSDiskwriteLatency_Alert",
+ "policyDefinitionReferenceId": "ALZ_HybridVMOSDiskWriteLatency"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('HybridVMOSDiskSpaceAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('HybridVMOSDiskSpaceAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('HybridVMOSDiskSpaceAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('HybridVMOSDiskSpaceComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('HybridVMOSDiskSpacePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HybridVMOSDiskSpaceAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HybridVMOSDiskSpaceEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('HybridVMOSDiskSpaceEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('HybridVMOSDiskSpaceFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('HybridVMOSDiskSpaceOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('HybridVMOSDiskSpaceAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HybridVMOSDiskSpaceThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('HybridVMOSDiskSpaceTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HybridVMOSDiskSpaceWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Hybrid_VM_OSDiskSpace_Alert",
+ "policyDefinitionReferenceId": "ALZ_HybridVMOSDiskSpace"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('HybridVMPercentCPUAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('HybridVMPercentCPUAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('HybridVMPercentCPUAutoResolveTime')]"
+ },
+ "effect": {
+ "value": "[parameters('HybridVMPercentCPUPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HybridVMPercentCPUAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HybridVMPercentCPUEvaluationFrequency')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('HybridVMPercentCPUFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('HybridVMPercentCPUOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('HybridVMPercentCPUAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HybridVMPercentCPUThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('HybridVMPercentCPUTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HybridVMPercentCPUWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Hybrid_VM_CPU_Alert",
+ "policyDefinitionReferenceId": "ALZ_HybridVMPercentCPU"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('HybridVMPercentMemoryAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('HybridVMPercentMemoryAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('HybridVMPercentMemoryAutoResolveTime')]"
+ },
+ "effect": {
+ "value": "[parameters('HybridVMPercentMemoryPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HybridVMPercentMemoryAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HybridVMPercentMemoryEvaluationFrequency')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('HybridVMPercentMemoryFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('HybridVMPercentMemoryOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('HybridVMPercentMemoryAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HybridVMPercentMemoryThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('HybridVMPercentMemoryTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HybridVMPercentMemoryWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Hybrid_VM_Memory_Alert",
+ "policyDefinitionReferenceId": "ALZ_HybridVMPercentMemory"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('HybridVMDataDiskSpaceAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('HybridVMDataDiskSpaceAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('HybridVMDataDiskSpaceAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('HybridVMDataDiskSpaceComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('HybridVMDataDiskSpacePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HybridVMDataDiskSpaceAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HybridVMDataDiskSpaceEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('HybridVMDataDiskSpaceEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('HybridVMDataDiskSpaceFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('HybridVMDataDiskSpaceOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('HybridVMDataDiskSpaceAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HybridVMDataDiskSpaceThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('HybridVMDataDiskSpaceTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HybridVMDataDiskSpaceWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Hybrid_VM_dataDiskSpace_Alert",
+ "policyDefinitionReferenceId": "ALZ_HybridVMDataDiskSpace"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HybridVMDataDiskReadLatencyWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Hybrid_VM_dataDiskReadLatency_Alert",
+ "policyDefinitionReferenceId": "ALZ_HybridVMDataDiskReadLatency"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HybridVMDataDiskWriteLatencyWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Hybrid_VM_dataDiskWriteLatency_Alert",
+ "policyDefinitionReferenceId": "ALZ_HybridVMDataDiskWriteLatency"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('HybridVMDisconnectedAlertAutoMitigate')]"
+ },
+ "effect": {
+ "value": "[parameters('HybridVMDisconnectedAlertPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HybridVMDisconnectedAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HybridVMDisconnectedAlertEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('HybridVMDisconnectedAlertEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('HybridVMDisconnectedAlertFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('HybridVMDisconnectedAlertOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('HybridVMDisconnectedAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HybridVMDisconnectedAlertThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('HybridVMDisconnectedAlertTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HybridVMDisconnectedAlertWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Hybrid_VM_Disconnected_Alert",
+ "policyDefinitionReferenceId": "ALZ_HybridVMDisconnected"
+ }
+ ],
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policySetDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_set_definitions/Alerting-Identity.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-Identity.alz_policy_set_definition.json
new file mode 100644
index 0000000..f6b878b
--- /dev/null
+++ b/platform/amba/policy_set_definitions/Alerting-Identity.alz_policy_set_definition.json
@@ -0,0 +1,788 @@
+{
+ "name": "Alerting-Identity",
+ "properties": {
+ "description": "Initiative to deploy AMBA alerts relevant to the ALZ Identity management group",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Identity",
+ "metadata": {
+ "_deployed_by_amba": true,
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.1"
+ },
+ "parameters": {
+ "ALZMonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the resource group where the alerting resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Location"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Name of the resource group where the alerting resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_alz_monitor": true
+ },
+ "metadata": {
+ "description": "Tags for the resource group where the alerting resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "HSMsAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert for Key Vault Managed HSMs Availability",
+ "displayName": "Key Vault Managed HSMs Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "HSMsAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Key Vault Managed HSMs Availability Alert State"
+ },
+ "type": "string"
+ },
+ "HSMsAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Key Vault Managed HSMs Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HSMsAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Key Vault Managed HSMs Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "HSMsAvailabilityThreshold": {
+ "defaultValue": "20",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Key Vault Managed HSMs Availability Threshold"
+ },
+ "type": "string"
+ },
+ "HSMsAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Key Vault Managed HSMs Availability Window Size"
+ },
+ "type": "string"
+ },
+ "HSMsLatencyAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the alert for Key Vault Managed HSMs Latency Availability",
+ "displayName": "Key Vault Managed HSMs Latency Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "HSMsLatencyAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Key Vault Managed HSMs Latency Availability Alert State"
+ },
+ "type": "string"
+ },
+ "HSMsLatencyAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Key Vault Managed HSMs Latency Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HSMsLatencyAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Key Vault Managed HSMs Latency Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "HSMsLatencyAvailabilityThreshold": {
+ "defaultValue": "1000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Key Vault Managed HSMs Latency Availability Threshold"
+ },
+ "type": "string"
+ },
+ "HSMsLatencyAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Key Vault Managed HSMs Latency Availability Window Size"
+ },
+ "type": "string"
+ },
+ "KVAvailabilityThreshold": {
+ "defaultValue": "20",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "KeyVault Availability Alert Threshold"
+ },
+ "type": "string"
+ },
+ "KVCapacityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "KeyVault Capacity Alert Severity"
+ },
+ "type": "String"
+ },
+ "KVCapacityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "State of the alert, true will enable the alert, false will disable the alert",
+ "displayName": "KeyVault Capacity Alert State"
+ },
+ "type": "string"
+ },
+ "KVCapacityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "KeyVault Capacity Alert Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "KVCapacityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "KeyVault Capacity Alert Policy Effect"
+ },
+ "type": "string"
+ },
+ "KVCapacityThreshold": {
+ "defaultValue": "75",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "KeyVault Capacity Alert Threshold"
+ },
+ "type": "string"
+ },
+ "KVCapacityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "KeyVault Capacity Alert Window Size"
+ },
+ "type": "string"
+ },
+ "KVRequestAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "KeyVault Request Alert Severity"
+ },
+ "type": "String"
+ },
+ "KVRequestAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "State of the alert, true will enable the alert, false will disable the alert",
+ "displayName": "KeyVault Request Alert State"
+ },
+ "type": "string"
+ },
+ "KVRequestEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "KeyVault Request Alert Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "KVRequestPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "KeyVault Request Alert Policy Effect"
+ },
+ "type": "string"
+ },
+ "KVRequestWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "KeyVault Request Alert Window Size"
+ },
+ "type": "string"
+ },
+ "KvAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "KeyVault Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "KvAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "State of the alert, true will enable the alert, false will disable the alert",
+ "displayName": "KeyVault Availability Alert State"
+ },
+ "type": "string"
+ },
+ "KvAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "KeyVault Availability Alert Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "KvAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "KeyVault Availability Alert Policy Effect"
+ },
+ "type": "string"
+ },
+ "KvAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "KeyVault Availability Alert Window Size"
+ },
+ "type": "string"
+ },
+ "KvLatencyAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "KeyVault Latency Alert Severity"
+ },
+ "type": "String"
+ },
+ "KvLatencyAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "State of the alert, true will enable the alert, false will disable the alert",
+ "displayName": "KeyVault Latency Alert State"
+ },
+ "type": "string"
+ },
+ "KvLatencyAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "KeyVault Latency Alert Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "KvLatencyAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "KeyVault Latency Alert Policy Effect"
+ },
+ "type": "string"
+ },
+ "KvLatencyAvailabilityThreshold": {
+ "defaultValue": "1000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "KeyVault Latency Alert Threshold"
+ },
+ "type": "string"
+ },
+ "KvLatencyAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "KeyVault Latency Alert Window Size"
+ },
+ "type": "string"
+ },
+ "activityHSMsDeleteAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Activity Key Vault Managed HSMs Delete Alert State"
+ },
+ "type": "string"
+ },
+ "activityHSMsDeletePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Key Vault Managed HSMs Delete Policy Effect"
+ },
+ "type": "string"
+ },
+ "activityKVDeleteAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "State of the alert, true will enable the alert, false will disable the alert",
+ "displayName": "Activity Log KeyVault Delete Alert State"
+ },
+ "type": "string"
+ },
+ "activityKVDeletePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Key Vault Delete Policy Effect"
+ },
+ "type": "string"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('KVRequestPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('KVRequestAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('KVRequestEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('KVRequestAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('KVRequestWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Requests_Alert",
+ "policyDefinitionReferenceId": "ALZ_KVRequest"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('KvAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('KvAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('KvAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('KvAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('KVAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('KvAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Availability_Alert",
+ "policyDefinitionReferenceId": "ALZ_KvAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('KvLatencyAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('KvLatencyAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('KvLatencyAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('KvLatencyAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('KvLatencyAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('KvLatencyAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Latency_Alert",
+ "policyDefinitionReferenceId": "ALZ_KvLatencyAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('KVCapacityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('KVCapacityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('KVCapacityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('KVCapacityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('KVCapacityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('KVCapacityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Capacity_Alert",
+ "policyDefinitionReferenceId": "ALZ_KVCapacity"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('activityKVDeletePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('activityKVDeleteAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_KeyVault_Delete",
+ "policyDefinitionReferenceId": "ALZ_activityKVDelete"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('HSMsAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HSMsAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HSMsAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('HSMsAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HSMsAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HSMsAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ManagedHSMs_Availability_Alert",
+ "policyDefinitionReferenceId": "ALZ_ManagedHSMsAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('HSMsLatencyAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HSMsLatencyAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HSMsLatencyAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('HSMsLatencyAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HSMsLatencyAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HSMsLatencyAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ManagedHSMs_Latency_Alert",
+ "policyDefinitionReferenceId": "ALZ_ManagedHSMsLatencyAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('activityHSMsDeletePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('activityHSMsDeleteAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ActivityLog_ManagedHSMs_Delete",
+ "policyDefinitionReferenceId": "ALZ_activityManagedHSMsDelete"
+ }
+ ],
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policySetDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_set_definitions/Alerting-KeyManagement.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-KeyManagement.alz_policy_set_definition.json
new file mode 100644
index 0000000..c3a5b4f
--- /dev/null
+++ b/platform/amba/policy_set_definitions/Alerting-KeyManagement.alz_policy_set_definition.json
@@ -0,0 +1,788 @@
+{
+ "name": "Alerting-KeyManagement",
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Key Management Services such as Azure Key Vault, and Managed HSM.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Key Management",
+ "metadata": {
+ "_deployed_by_amba": true,
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.0.1"
+ },
+ "parameters": {
+ "ALZMonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Location"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Name of the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_amba": true
+ },
+ "metadata": {
+ "description": "Tags for the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "HSMsAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert for Key Vault Managed HSMs Availability",
+ "displayName": "Key Vault Managed HSMs Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "HSMsAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Key Vault Managed HSMs Availability Alert State"
+ },
+ "type": "string"
+ },
+ "HSMsAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Key Vault Managed HSMs Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HSMsAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Key Vault Managed HSMs Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "HSMsAvailabilityThreshold": {
+ "defaultValue": "20",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Key Vault Managed HSMs Availability Threshold"
+ },
+ "type": "string"
+ },
+ "HSMsAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Key Vault Managed HSMs Availability Window Size"
+ },
+ "type": "string"
+ },
+ "HSMsLatencyAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the alert for Key Vault Managed HSMs Latency Availability",
+ "displayName": "Key Vault Managed HSMs Latency Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "HSMsLatencyAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Key Vault Managed HSMs Latency Availability Alert State"
+ },
+ "type": "string"
+ },
+ "HSMsLatencyAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Key Vault Managed HSMs Latency Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "HSMsLatencyAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Key Vault Managed HSMs Latency Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "HSMsLatencyAvailabilityThreshold": {
+ "defaultValue": "1000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Key Vault Managed HSMs Latency Availability Threshold"
+ },
+ "type": "string"
+ },
+ "HSMsLatencyAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Key Vault Managed HSMs Latency Availability Window Size"
+ },
+ "type": "string"
+ },
+ "KVAvailabilityThreshold": {
+ "defaultValue": "20",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Key Vault Availability Threshold"
+ },
+ "type": "string"
+ },
+ "KVCapacityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert for Key Vault Capacity",
+ "displayName": "Key Vault Capacity Alert Severity"
+ },
+ "type": "String"
+ },
+ "KVCapacityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Key Vault Capacity Alert State"
+ },
+ "type": "string"
+ },
+ "KVCapacityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Key Vault Capacity Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "KVCapacityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Key Vault Capacity Policy Effect"
+ },
+ "type": "string"
+ },
+ "KVCapacityThreshold": {
+ "defaultValue": "75",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Key Vault Capacity Threshold"
+ },
+ "type": "string"
+ },
+ "KVCapacityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Key Vault Capacity Window Size"
+ },
+ "type": "string"
+ },
+ "KVRequestAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for Key Vault Request",
+ "displayName": "Key Vault Request Alert Severity"
+ },
+ "type": "String"
+ },
+ "KVRequestAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Key Vault Request Alert State"
+ },
+ "type": "string"
+ },
+ "KVRequestEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Key Vault Request Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "KVRequestPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Key Vault Request Policy Effect"
+ },
+ "type": "string"
+ },
+ "KVRequestWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Key Vault Request Window Size"
+ },
+ "type": "string"
+ },
+ "KvAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert for Key Vault Availability",
+ "displayName": "Key Vault Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "KvAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Key Vault Availability Alert State"
+ },
+ "type": "string"
+ },
+ "KvAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Key Vault Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "KvAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Key Vault Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "KvAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Key Vault Availability Window Size"
+ },
+ "type": "string"
+ },
+ "KvLatencyAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "3",
+ "metadata": {
+ "description": "Severity of the alert for Key Vault Latency Availability",
+ "displayName": "Key Vault Latency Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "KvLatencyAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Key Vault Latency Availability Alert State"
+ },
+ "type": "string"
+ },
+ "KvLatencyAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Key Vault Latency Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "KvLatencyAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Key Vault Latency Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "KvLatencyAvailabilityThreshold": {
+ "defaultValue": "1000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Key Vault Latency Availability Threshold"
+ },
+ "type": "string"
+ },
+ "KvLatencyAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Key Vault Latency Availability Window Size"
+ },
+ "type": "string"
+ },
+ "activityHSMsDeleteAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Activity Key Vault Managed HSMs Delete Alert State"
+ },
+ "type": "string"
+ },
+ "activityHSMsDeletePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Key Vault Managed HSMs Delete Policy Effect"
+ },
+ "type": "string"
+ },
+ "activityKVDeleteAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Activity Key Vault Delete Alert State"
+ },
+ "type": "string"
+ },
+ "activityKVDeletePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Key Vault Delete Policy Effect"
+ },
+ "type": "string"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('KVRequestPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('KVRequestAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('KVRequestEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('KVRequestAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('KVRequestWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Requests_Alert",
+ "policyDefinitionReferenceId": "ALZ_KVRequest"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('KvAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('KvAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('KvAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('KvAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('KVAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('KvAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Availability_Alert",
+ "policyDefinitionReferenceId": "ALZ_KvAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('KvLatencyAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('KvLatencyAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('KvLatencyAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('KvLatencyAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('KvLatencyAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('KvLatencyAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Latency_Alert",
+ "policyDefinitionReferenceId": "ALZ_KvLatencyAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('KVCapacityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('KVCapacityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('KVCapacityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('KVCapacityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('KVCapacityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('KVCapacityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Capacity_Alert",
+ "policyDefinitionReferenceId": "ALZ_KVCapacity"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('activityKVDeletePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('activityKVDeleteAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_KeyVault_Delete",
+ "policyDefinitionReferenceId": "ALZ_activityKVDelete"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('HSMsAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HSMsAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HSMsAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('HSMsAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HSMsAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HSMsAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ManagedHSMs_Availability_Alert",
+ "policyDefinitionReferenceId": "ALZ_ManagedHSMsAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('HSMsLatencyAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('HSMsLatencyAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('HSMsLatencyAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('HSMsLatencyAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('HSMsLatencyAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('HSMsLatencyAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ManagedHSMs_Latency_Alert",
+ "policyDefinitionReferenceId": "ALZ_ManagedHSMsLatencyAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('activityHSMsDeletePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('activityHSMsDeleteAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ActivityLog_ManagedHSMs_Delete",
+ "policyDefinitionReferenceId": "ALZ_activityManagedHSMsDelete"
+ }
+ ],
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policySetDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_set_definitions/Alerting-LoadBalancing.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-LoadBalancing.alz_policy_set_definition.json
new file mode 100644
index 0000000..4cd3b85
--- /dev/null
+++ b/platform/amba/policy_set_definitions/Alerting-LoadBalancing.alz_policy_set_definition.json
@@ -0,0 +1,2596 @@
+{
+ "name": "Alerting-LoadBalancing",
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Load Balancing Services such as Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Load Balancing",
+ "metadata": {
+ "_deployed_by_amba": true,
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.1"
+ },
+ "parameters": {
+ "AGWApplicationGatewayTotalTimeAlertSensitivity": {
+ "allowedValues": [
+ "Low",
+ "Medium",
+ "High"
+ ],
+ "defaultValue": "Medium",
+ "metadata": {
+ "description": "Dynamic Sensitivity of the alert",
+ "displayName": "AGW Total Time Dynamic Alert Sensitivity"
+ },
+ "type": "String"
+ },
+ "AGWApplicationGatewayTotalTimeAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "AGW Total Time Alert Severity"
+ },
+ "type": "String"
+ },
+ "AGWApplicationGatewayTotalTimeAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "AGW Total Time Alert State"
+ },
+ "type": "string"
+ },
+ "AGWApplicationGatewayTotalTimeEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "AGW Total Time Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "AGWApplicationGatewayTotalTimeEvaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "AGW Total Time Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "AGWApplicationGatewayTotalTimeFailingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "AGW Total Time Failing Periods"
+ },
+ "type": "string"
+ },
+ "AGWApplicationGatewayTotalTimePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "AGW Total Time Policy Effect"
+ },
+ "type": "string"
+ },
+ "AGWApplicationGatewayTotalTimeWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "AGW Total Time Window Size"
+ },
+ "type": "string"
+ },
+ "AGWBackendLastByteResponseTimeAlertSensitivity": {
+ "allowedValues": [
+ "Low",
+ "Medium",
+ "High"
+ ],
+ "defaultValue": "Medium",
+ "metadata": {
+ "description": "Dynamic Severity of the alert",
+ "displayName": "AGW Backend Last Byte Response Time Dynamic Alert Sensitivity"
+ },
+ "type": "String"
+ },
+ "AGWBackendLastByteResponseTimeAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "AGW Backend Last Byte Response Time Alert Severity"
+ },
+ "type": "String"
+ },
+ "AGWBackendLastByteResponseTimeAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "AGW Backend Last Byte Response Time Alert State"
+ },
+ "type": "string"
+ },
+ "AGWBackendLastByteResponseTimeEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "AGW Backend Last Byte Response Time Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "AGWBackendLastByteResponseTimeEvaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "AGW Backend Last Byte Response Time Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "AGWBackendLastByteResponseTimeFailingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "AGW Backend Last Byte Response Time Failing Periods"
+ },
+ "type": "string"
+ },
+ "AGWBackendLastByteResponseTimePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "AGW Backend Last Byte Response Time Policy Effect"
+ },
+ "type": "string"
+ },
+ "AGWBackendLastByteResponseTimeWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "AGW Backend Last Byte Response Time Window Size"
+ },
+ "type": "string"
+ },
+ "AGWCPUUtilAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "AGW CPU Util Alert Severity"
+ },
+ "type": "String"
+ },
+ "AGWCPUUtilAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "AGW CPU Util Alert State"
+ },
+ "type": "string"
+ },
+ "AGWCPUUtilEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "AGW CPU Util Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "AGWCPUUtilPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "AGW CPU Util Policy Effect"
+ },
+ "type": "string"
+ },
+ "AGWCPUUtilWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "AGW CPU Util Window Size"
+ },
+ "type": "string"
+ },
+ "AGWCapacityUnitsAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "AGW Capacity Units Alert Severity"
+ },
+ "type": "String"
+ },
+ "AGWCapacityUnitsAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "AGW Capacity Units Alert State"
+ },
+ "type": "string"
+ },
+ "AGWCapacityUnitsEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "AGW Capacity Units Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "AGWCapacityUnitsPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "AGW Capacity Units Policy Effect"
+ },
+ "type": "string"
+ },
+ "AGWCapacityUnitsWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "AGW Capacity Units Window Size"
+ },
+ "type": "string"
+ },
+ "AGWComputeUnitsAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "AGW Compute Units Alert Severity"
+ },
+ "type": "String"
+ },
+ "AGWComputeUnitsAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "AGW Compute Units Alert State"
+ },
+ "type": "string"
+ },
+ "AGWComputeUnitsEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "AGW Compute Units Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "AGWComputeUnitsPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "AGW Compute Units Policy Effect"
+ },
+ "type": "string"
+ },
+ "AGWComputeUnitsWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "AGW Compute Units Window Size"
+ },
+ "type": "string"
+ },
+ "AGWFailedRequestsAlertSensitivity": {
+ "allowedValues": [
+ "Low",
+ "Medium",
+ "High"
+ ],
+ "defaultValue": "Medium",
+ "metadata": {
+ "description": "Dynamic Sensitivity of the alert",
+ "displayName": "AGW Failed Requests Dynamic Alert Sensitivity"
+ },
+ "type": "String"
+ },
+ "AGWFailedRequestsAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "AGW Failed Requests Alert Severity"
+ },
+ "type": "String"
+ },
+ "AGWFailedRequestsAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "AGW Failed Requests Alert State"
+ },
+ "type": "string"
+ },
+ "AGWFailedRequestsEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "AGW Failed Requests Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "AGWFailedRequestsEvaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "AGW Failed Requests Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "AGWFailedRequestsFailingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "AGW Failed Requests Failing Periods"
+ },
+ "type": "string"
+ },
+ "AGWFailedRequestsPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "AGW Failed Requests Policy Effect"
+ },
+ "type": "string"
+ },
+ "AGWFailedRequestsWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "AGW Failed Requests Window Size"
+ },
+ "type": "string"
+ },
+ "AGWResponseStatusAlertSensitivity": {
+ "allowedValues": [
+ "Low",
+ "Medium",
+ "High"
+ ],
+ "defaultValue": "Medium",
+ "metadata": {
+ "description": "Dynamic Sensitivity of the alert",
+ "displayName": "AGW Response Status Dynamic Alert Sensitivity"
+ },
+ "type": "String"
+ },
+ "AGWResponseStatusAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "AGW Response Status Alert Severity"
+ },
+ "type": "String"
+ },
+ "AGWResponseStatusAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "AGW Response Status Alert State"
+ },
+ "type": "string"
+ },
+ "AGWResponseStatusEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "AGW Response Status Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "AGWResponseStatusEvaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "AGW Response Status Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "AGWResponseStatusFailingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "AGW Response Status Failing Periods"
+ },
+ "type": "string"
+ },
+ "AGWResponseStatusPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "AGW Response Status Policy Effect"
+ },
+ "type": "string"
+ },
+ "AGWResponseStatusWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "AGW Response Status Window Size"
+ },
+ "type": "string"
+ },
+ "AGWUnhealthyHostCountAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "AGW Unhealthy Host Count Alert Severity"
+ },
+ "type": "String"
+ },
+ "AGWUnhealthyHostCountAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "AGW Unhealthy Host Count Alert State"
+ },
+ "type": "string"
+ },
+ "AGWUnhealthyHostCountEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "AGW Unhealthy Host Count Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "AGWUnhealthyHostCountPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "AGW Unhealthy Host Count Policy Effect"
+ },
+ "type": "string"
+ },
+ "AGWUnhealthyHostCountWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "AGW Unhealthy Host Count Window Size"
+ },
+ "type": "string"
+ },
+ "ALZMonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "CDNPOriginHealthPercentageAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "CDN Origin Health Percentage Alert Severity"
+ },
+ "type": "String"
+ },
+ "CDNPOriginHealthPercentageAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "CDN Origin Health Percentage Alert State"
+ },
+ "type": "string"
+ },
+ "CDNPOriginHealthPercentageEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "CDN Origin Health Percentage Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "CDNPOriginHealthPercentagePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "CDN Origin Health Percentage Policy Effect"
+ },
+ "type": "string"
+ },
+ "CDNPOriginHealthPercentageWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "CDN Origin Health Percentage Window Size"
+ },
+ "type": "string"
+ },
+ "CDNPOriginLatencyAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "CDN Origin Latancy Alert Severity"
+ },
+ "type": "String"
+ },
+ "CDNPOriginLatencyAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "CDN Origin Latency Alert State"
+ },
+ "type": "string"
+ },
+ "CDNPOriginLatencyEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "CDN Origin Latency Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "CDNPOriginLatencyEvaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "CDN Origin Latency Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "CDNPOriginLatencyFailingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "CDN Origin Latency Failing Periods"
+ },
+ "type": "String"
+ },
+ "CDNPOriginLatencyPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "CDN Origin Latency Policy Effect"
+ },
+ "type": "string"
+ },
+ "CDNPOriginLatencyWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "CDN Origin Latency Window Size"
+ },
+ "type": "string"
+ },
+ "CDNPPercentage4XXAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "CDN Percentage 4XX Alert Severity"
+ },
+ "type": "String"
+ },
+ "CDNPPercentage4XXAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "CDN Percentage 4XX Alert State"
+ },
+ "type": "string"
+ },
+ "CDNPPercentage4XXEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "CDN Percentage 4XX Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "CDNPPercentage4XXEvaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "CDN Percentage 4XX Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "CDNPPercentage4XXFailingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "CDN Percentage 4XX Failing Periods"
+ },
+ "type": "String"
+ },
+ "CDNPPercentage4XXPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "CDN Percentage 4XX Policy Effect"
+ },
+ "type": "string"
+ },
+ "CDNPPercentage4XXWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "CDN Percentage 4XX Window Size"
+ },
+ "type": "string"
+ },
+ "CDNPPercentage5XXAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "CDN Percentage 5XX Alert Severity"
+ },
+ "type": "String"
+ },
+ "CDNPPercentage5XXAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "CDN Percentage 5XX Alert State"
+ },
+ "type": "string"
+ },
+ "CDNPPercentage5XXEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "CDN Percentage 5XX Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "CDNPPercentage5XXEvaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "CDN Percentage 5XX Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "CDNPPercentage5XXFailingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "CDN Percentage 5XX Failing Periods"
+ },
+ "type": "String"
+ },
+ "CDNPPercentage5XXPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "CDN Percentage 5XX Policy Effect"
+ },
+ "type": "string"
+ },
+ "CDNPPercentage5XXWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "CDN Percentage 5XX Window Size"
+ },
+ "type": "string"
+ },
+ "FDBackendHealthAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "FD Backend Health Alert Severity"
+ },
+ "type": "String"
+ },
+ "FDBackendHealthAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "FD Backend Health Alert State"
+ },
+ "type": "string"
+ },
+ "FDBackendHealthEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "FD Backend Health Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "FDBackendHealthPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "FD Backend Health Policy Effect"
+ },
+ "type": "string"
+ },
+ "FDBackendHealthWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "FD Backend Health Window Size"
+ },
+ "type": "string"
+ },
+ "FDBackendRequestLatencyAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "FD Backend Request Latency Alert Severity"
+ },
+ "type": "String"
+ },
+ "FDBackendRequestLatencyAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "FD Backend Request Latency Alert State"
+ },
+ "type": "string"
+ },
+ "FDBackendRequestLatencyEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "FD Backend Request Latency Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "FDBackendRequestLatencyPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "FD Backend Request Latency Policy Effect"
+ },
+ "type": "string"
+ },
+ "FDBackendRequestLatencyWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "FD Backend Request Latency Window Size"
+ },
+ "type": "string"
+ },
+ "LBDatapathAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "LB Data path Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "LBDatapathAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "LB Data path Availability Alert State"
+ },
+ "type": "string"
+ },
+ "LBDatapathAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "LB Data path Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "LBDatapathAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "LB Data path Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "LBDatapathAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "LB Data path Availability Window Size"
+ },
+ "type": "string"
+ },
+ "LBGlobalBackendAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "LB Global Backend Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "LBGlobalBackendAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "LB Global Backend Availability Alert State"
+ },
+ "type": "string"
+ },
+ "LBGlobalBackendAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "LB Global Backend Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "LBGlobalBackendAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "LB Global Backend Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "LBGlobalBackendAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "LB Global Backend Availability Window Size"
+ },
+ "type": "string"
+ },
+ "LBHealthProbeStatusAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "LB Health Probe Status Alert Severity"
+ },
+ "type": "String"
+ },
+ "LBHealthProbeStatusAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "LB Health Probe Status Alert State"
+ },
+ "type": "string"
+ },
+ "LBHealthProbeStatusEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "LB Health Probe Status Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "LBHealthProbeStatusPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "LB Health Probe Status Policy Effect"
+ },
+ "type": "string"
+ },
+ "LBHealthProbeStatusWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "LB Health Probe Status Window Size"
+ },
+ "type": "string"
+ },
+ "LBUsedSNATPortsAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "LB Used SNAT Ports Alert Severity"
+ },
+ "type": "String"
+ },
+ "LBUsedSNATPortsAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "LB Used SNAT Ports Alert State"
+ },
+ "type": "string"
+ },
+ "LBUsedSNATPortsEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "LB Used SNAT Ports Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "LBUsedSNATPortsPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "LB Used SNAT Ports Policy Effect"
+ },
+ "type": "string"
+ },
+ "LBUsedSNATPortsWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "LB Used SNAT Ports Window Size"
+ },
+ "type": "string"
+ },
+ "PIPBytesInDDoSAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Severity of the alert for PIP Bytes In DDoS",
+ "displayName": "PIP Bytes In DDoS Alert Severity"
+ },
+ "type": "String"
+ },
+ "PIPBytesInDDoSAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "PIP Bytes In DDoS Alert State"
+ },
+ "type": "string"
+ },
+ "PIPBytesInDDoSEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "PIP Bytes In DDoS Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "PIPBytesInDDoSPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "PIP Bytes In DDoS Policy Effect"
+ },
+ "type": "string"
+ },
+ "PIPBytesInDDoSThreshold": {
+ "defaultValue": "8000000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "PIP Bytes In DDoS Threshold"
+ },
+ "type": "string"
+ },
+ "PIPBytesInDDoSWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "PIP Bytes In DDoS Window Size"
+ },
+ "type": "string"
+ },
+ "PIPDDoSAttackAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert for PIP DDoS Attack",
+ "displayName": "PIP DDoS Attack Alert Severity"
+ },
+ "type": "String"
+ },
+ "PIPDDoSAttackAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "PIP DDoS Attack Alert State"
+ },
+ "type": "string"
+ },
+ "PIPDDoSAttackEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "PIP DDoS Attack Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "PIPDDoSAttackPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "PIP DDoS Attack Policy Effect"
+ },
+ "type": "string"
+ },
+ "PIPDDoSAttackThreshold": {
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "PIP DDoS Attack Threshold"
+ },
+ "type": "string"
+ },
+ "PIPDDoSAttackWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "PIP DDoS Attack Window Size"
+ },
+ "type": "string"
+ },
+ "PIPPacketsInDDoSAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "4",
+ "metadata": {
+ "description": "Severity of the alert for PIP Packets In DDoS",
+ "displayName": "PIP Packets In DDoS Alert Severity"
+ },
+ "type": "String"
+ },
+ "PIPPacketsInDDoSAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "PIP Packets In DDoS Alert State"
+ },
+ "type": "string"
+ },
+ "PIPPacketsInDDoSEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "PIP Packets In DDoS Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "PIPPacketsInDDoSPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "disabled",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "PIP Packets In DDoS Policy Effect"
+ },
+ "type": "string"
+ },
+ "PIPPacketsInDDoSThreshold": {
+ "defaultValue": "40000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "PIP Packets In DDoS Threshold"
+ },
+ "type": "string"
+ },
+ "PIPPacketsInDDoSWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "PIP Packets In DDoS Window Size"
+ },
+ "type": "string"
+ },
+ "PIPVIPAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert for PIP VIP Availability",
+ "displayName": "PIP VIP Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "PIPVIPAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "PIP VIP Availability Alert State"
+ },
+ "type": "string"
+ },
+ "PIPVIPAvailabilityEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "PIP VIP Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "PIPVIPAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "PIP VIP Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "PIPVIPAvailabilityThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "PIP VIP Availability Threshold"
+ },
+ "type": "string"
+ },
+ "PIPVIPAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "PIP VIP Availability Window Size"
+ },
+ "type": "string"
+ },
+ "TMEndpointHealthAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "TM Enpoint Health Alert Severity"
+ },
+ "type": "String"
+ },
+ "TMEndpointHealthAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "TM Enpoint Health Alert State"
+ },
+ "type": "string"
+ },
+ "TMEndpointHealthEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "TM Enpoint Health Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "TMEndpointHealthPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "TM Enpoint Health Policy Effect"
+ },
+ "type": "string"
+ },
+ "TMEndpointHealthWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "TM Enpoint Health Window Size"
+ },
+ "type": "string"
+ },
+ "VNETDDOSAttackAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert for VNET DDoS Attack",
+ "displayName": "VNET DDoS Attack Alert Severity"
+ },
+ "type": "String"
+ },
+ "VNETDDOSAttackAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "VNET DDoS Attack Alert State"
+ },
+ "type": "string"
+ },
+ "VNETDDOSAttackEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VNET DDoS Attack Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VNETDDOSAttackPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "VNET DDoS Attack Policy Effect"
+ },
+ "type": "string"
+ },
+ "VNETDDOSAttackThreshold": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VNET DDoS Attack Threshold"
+ },
+ "type": "string"
+ },
+ "VNETDDOSAttackWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VNET DDoS Attack Window Size"
+ },
+ "type": "string"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('PIPBytesInDDoSPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('PIPBytesInDDoSAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('PIPBytesInDDoSEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('PIPBytesInDDoSAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('PIPBytesInDDoSThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('PIPBytesInDDoSWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_BytesInDDoSAttack_Alert",
+ "policyDefinitionReferenceId": "ALZ_PIPBytesInDDoS"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('PIPDDoSAttackPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('PIPDDoSAttackAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('PIPDDoSAttackEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('PIPDDoSAttackAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('PIPDDoSAttackThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('PIPDDoSAttackWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_DDoSAttack_Alert",
+ "policyDefinitionReferenceId": "ALZ_PIPDDoSAttack"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('PIPPacketsInDDoSPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('PIPPacketsInDDoSAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('PIPPacketsInDDoSEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('PIPPacketsInDDoSAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('PIPPacketsInDDoSThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('PIPPacketsInDDoSWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_PacketsInDDoSAttack_Alert",
+ "policyDefinitionReferenceId": "ALZ_PIPPacketsInDDoS"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('PIPVIPAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('PIPVIPAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('PIPVIPAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('PIPVIPAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('PIPVIPAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('PIPVIPAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_VIPAvailability_Alert",
+ "policyDefinitionReferenceId": "ALZ_PIPVIPAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('VNETDDOSAttackPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VNETDDOSAttackAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VNETDDOSAttackEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('VNETDDOSAttackAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VNETDDOSAttackThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VNETDDOSAttackWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VNET_DDoSAttack_Alert",
+ "policyDefinitionReferenceId": "ALZ_VNETDDOSAttack"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertSensitivity": {
+ "value": "[parameters('AGWApplicationGatewayTotalTimeAlertSensitivity')]"
+ },
+ "effect": {
+ "value": "[parameters('AGWApplicationGatewayTotalTimePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('AGWApplicationGatewayTotalTimeAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('AGWApplicationGatewayTotalTimeEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('AGWApplicationGatewayTotalTimeEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('AGWApplicationGatewayTotalTimeFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('AGWApplicationGatewayTotalTimeAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('AGWApplicationGatewayTotalTimeWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AG_ApplicationGatewayTotalTime_Alert",
+ "policyDefinitionReferenceId": "ALZ_AGWTotalTime"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertSensitivity": {
+ "value": "[parameters('AGWBackendLastByteResponseTimeAlertSensitivity')]"
+ },
+ "effect": {
+ "value": "[parameters('AGWBackendLastByteResponseTimePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('AGWBackendLastByteResponseTimeAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('AGWBackendLastByteResponseTimeEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('AGWBackendLastByteResponseTimeEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('AGWBackendLastByteResponseTimeFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('AGWBackendLastByteResponseTimeAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('AGWBackendLastByteResponseTimeWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AG_BackendLastByteResponseTime_Alert",
+ "policyDefinitionReferenceId": "ALZ_AGWBackendLastByteResponseTime"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('AGWCapacityUnitsPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('AGWCapacityUnitsAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('AGWCapacityUnitsEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('AGWCapacityUnitsAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('AGWCapacityUnitsWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AG_CapacityUnits_Alert",
+ "policyDefinitionReferenceId": "ALZ_AGWCapacityUnits"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('AGWComputeUnitsPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('AGWComputeUnitsAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('AGWComputeUnitsEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('AGWComputeUnitsAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('AGWComputeUnitsWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AG_ComputeUnits_Alert",
+ "policyDefinitionReferenceId": "ALZ_AGWComputeUnits"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('AGWCPUUtilPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('AGWCPUUtilAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('AGWCPUUtilEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('AGWCPUUtilAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('AGWCPUUtilWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AG_CPUUtilization_Alert",
+ "policyDefinitionReferenceId": "ALZ_AGWCPUUtilization"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertSensitivity": {
+ "value": "[parameters('AGWFailedRequestsAlertSensitivity')]"
+ },
+ "effect": {
+ "value": "[parameters('AGWFailedRequestsPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('AGWFailedRequestsAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('AGWFailedRequestsEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('AGWFailedRequestsEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('AGWFailedRequestsFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('AGWFailedRequestsAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('AGWFailedRequestsWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AG_FailedRequests_Alert",
+ "policyDefinitionReferenceId": "ALZ_AGWFailedRequests"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertSensitivity": {
+ "value": "[parameters('AGWResponseStatusAlertSensitivity')]"
+ },
+ "effect": {
+ "value": "[parameters('AGWResponseStatusPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('AGWResponseStatusAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('AGWResponseStatusEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('AGWResponseStatusEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('AGWResponseStatusFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('AGWResponseStatusAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('AGWResponseStatusWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AG_ResponseStatus_Alert",
+ "policyDefinitionReferenceId": "ALZ_AGWResponseStatus"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('AGWUnhealthyHostCountPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('AGWUnhealthyHostCountAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('AGWUnhealthyHostCountEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('AGWUnhealthyHostCountAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('AGWUnhealthyHostCountWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AG_UnhealthyHostCount_Alert",
+ "policyDefinitionReferenceId": "ALZ_AGWUnhealthyHostCount"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('LBDataPathAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('LBDataPathAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('LBDataPathAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('LBDataPathAvailabilityAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('LBDataPathAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ALB_DataPathAvailability_Alert",
+ "policyDefinitionReferenceId": "ALZ_LBDataPathAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('LBGlobalBackendAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('LBGlobalBackendAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('LBGlobalBackendAvailabilityEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('LBGlobalBackendAvailabilityAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('LBGlobalBackendAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ALB_GlobalBackendAvailability_Alert",
+ "policyDefinitionReferenceId": "ALZ_LBGlobalBackendAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('LBHealthProbeStatusPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('LBHealthProbeStatusAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('LBHealthProbeStatusEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('LBHealthProbeStatusAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('LBHealthProbeStatusWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ALB_HealthProbeStatus_Alert",
+ "policyDefinitionReferenceId": "ALZ_LBHealthProbeStatus"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('LBUsedSNATPortsPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('LBUsedSNATPortsAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('LBUsedSNATPortsEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('LBUsedSNATPortsAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('LBUsedSNATPortsWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ALB_UsedSNATPorts_Alert",
+ "policyDefinitionReferenceId": "ALZ_LBUsedSNATPorts"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('CDNPOriginHealthPercentagePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('CDNPOriginHealthPercentageAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('CDNPOriginHealthPercentageEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('CDNPOriginHealthPercentageAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('CDNPOriginHealthPercentageWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_FrontDoorCDN_OriginHealthPercentage_Alert",
+ "policyDefinitionReferenceId": "ALZ_CDNPOriginHealthPercentage"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('CDNPOriginLatencyPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('CDNPOriginLatencyAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('CDNPOriginLatencyEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('CDNPOriginLatencyEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('CDNPOriginLatencyFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('CDNPOriginLatencyAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('CDNPOriginLatencyWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_FrontDoorCDN_OriginLatency_Alert",
+ "policyDefinitionReferenceId": "ALZ_CDNPOriginLatency"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('CDNPPercentage4XXPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('CDNPPercentage4XXAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('CDNPPercentage4XXEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('CDNPPercentage4XXEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('CDNPPercentage4XXFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('CDNPPercentage4XXAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('CDNPPercentage4XXWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_FrontDoorCDN_Percentage4XX_Alert",
+ "policyDefinitionReferenceId": "ALZ_CDNPPercentage4XX"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('CDNPPercentage5XXPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('CDNPPercentage5XXAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('CDNPPercentage5XXEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('CDNPPercentage5XXEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('CDNPPercentage5XXFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('CDNPPercentage5XXAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('CDNPPercentage5XXWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_FrontDoorCDN_Percentage5XX_Alert",
+ "policyDefinitionReferenceId": "ALZ_CDNPPercentage5XX"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('TMEndpointHealthPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('TMEndpointHealthAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('TMEndpointHealthEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('TMEndpointHealthAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('TMEndpointHealthWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_TM_EndpointHealth_Alert",
+ "policyDefinitionReferenceId": "ALZ_TMEndpointHealth"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('FDBackendHealthPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('FDBackendHealthAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('FDBackendHealthEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('FDBackendHealthAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('FDBackendHealthWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_FD_BackendHealth_Alert",
+ "policyDefinitionReferenceId": "ALZ_FDBackendHealth"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('FDBackendRequestLatencyPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('FDBackendRequestLatencyAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('FDBackendRequestLatencyEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('FDBackendRequestLatencyAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('FDBackendRequestLatencyWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_FD_BackendRequestLatency_Alert",
+ "policyDefinitionReferenceId": "ALZ_FDBackendRequestLatency"
+ }
+ ],
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policySetDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_set_definitions/Alerting-Management.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-Management.alz_policy_set_definition.json
new file mode 100644
index 0000000..40a25dd
--- /dev/null
+++ b/platform/amba/policy_set_definitions/Alerting-Management.alz_policy_set_definition.json
@@ -0,0 +1,686 @@
+{
+ "name": "Alerting-Management",
+ "properties": {
+ "description": "Initiative to deploy AMBA alerts relevant to the ALZ Management management group",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Management",
+ "metadata": {
+ "_deployed_by_amba": true,
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.1"
+ },
+ "parameters": {
+ "AATotalJobAlertAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "AA Total Job Alert State"
+ },
+ "type": "string"
+ },
+ "AATotalJobAlertEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "AA Total Job Alert Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "AATotalJobAlertPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert",
+ "displayName": "AA Total Job Alert Policy Effect"
+ },
+ "type": "string"
+ },
+ "AATotalJobAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "AA Total Job Alert Severity"
+ },
+ "type": "String"
+ },
+ "AATotalJobAlertThreshold": {
+ "defaultValue": "20",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "AA Total Job Alert Threshold"
+ },
+ "type": "string"
+ },
+ "AATotalJobAlertWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "AA Total Job Alert Window Size"
+ },
+ "type": "string"
+ },
+ "ALZManagementSubscriptionId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The subscription ID of the management subscription where the user assigned managed identity will be created."
+ },
+ "type": "string"
+ },
+ "ALZMonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the resource group",
+ "displayName": "ALZ Monitoring Resource Group Location"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Name of the resource group to deploy the ALZ monitoring resources to",
+ "displayName": "ALZ Monitoring Resource Group Name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_alz_monitor": true
+ },
+ "metadata": {
+ "description": "Tags to apply to the resource group",
+ "displayName": "ALZ Monitoring Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "ALZUserAssignedManagedIdentityName": {
+ "defaultValue": "id-AMBA-ARG-Reader-001",
+ "metadata": {
+ "description": "The name of the user assigned managed identity to be created for monitoring purpose.",
+ "displayName": "Name of the user assigned managed identity to be created."
+ },
+ "type": "string"
+ },
+ "BYOUserAssignedManagedIdentityResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity provided by the customer.",
+ "displayName": "Customer defined User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "LAWDailyCapLimitAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "ALog Analytics Workspace Daily Cap Limit Reached Alert State"
+ },
+ "type": "string"
+ },
+ "LAWDailyCapLimitAutoMitigate": {
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Auto Mitigate"
+ },
+ "type": "String"
+ },
+ "LAWDailyCapLimitEvaluationFrequency": {
+ "allowedValues": [
+ "PT5M",
+ "PT10M",
+ "PT15M",
+ "PT30M",
+ "PT45M",
+ "PT1H",
+ "PT2H",
+ "PT3H",
+ "PT4H",
+ "PT5H",
+ "PT6H",
+ "P1D"
+ ],
+ "defaultValue": "PT1H",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Evaluation Frequency"
+ },
+ "type": "String"
+ },
+ "LAWDailyCapLimitEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Evaluation Periods"
+ },
+ "type": "String"
+ },
+ "LAWDailyCapLimitFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Failing Periods"
+ },
+ "type": "String"
+ },
+ "LAWDailyCapLimitOperator": {
+ "allowedValues": [
+ "GreaterThan",
+ "GreaterThanOrEqual"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Operator"
+ },
+ "type": "String"
+ },
+ "LAWDailyCapLimitPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert",
+ "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Policy Effect"
+ },
+ "type": "string"
+ },
+ "LAWDailyCapLimitSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the Alert",
+ "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Severity"
+ },
+ "type": "String"
+ },
+ "LAWDailyCapLimitThreshold": {
+ "defaultValue": "0",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Threshold"
+ },
+ "type": "String"
+ },
+ "LAWDailyCapLimitTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert TimeAggregation"
+ },
+ "type": "String"
+ },
+ "LAWDailyCapLimitWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT10M",
+ "PT15M",
+ "PT30M",
+ "PT45M",
+ "PT1H",
+ "PT2H",
+ "PT3H",
+ "PT4H",
+ "PT5H",
+ "PT6H",
+ "P1D"
+ ],
+ "defaultValue": "P1D",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Window Size"
+ },
+ "type": "String"
+ },
+ "RVASRHealthMonitorPolicyEffect": {
+ "allowedValues": [
+ "modify",
+ "audit",
+ "disabled"
+ ],
+ "defaultValue": "modify",
+ "metadata": {
+ "description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist",
+ "displayName": "Recovery Vault ASR Health Monitor Policy Effect"
+ },
+ "type": "string"
+ },
+ "RVBackupHealthMonitorPolicyEffect": {
+ "allowedValues": [
+ "modify",
+ "audit",
+ "disabled"
+ ],
+ "defaultValue": "modify",
+ "metadata": {
+ "description": "Policy effect for the alert, modify will create the alert if it does not exist and enable it on your Recovery Vaults, audit will only audit if alerting is enabled on Recovery Vaults, disabled will not create the alert on Recovery Vaults",
+ "displayName": "RV Backup Health Monitor Policy Effect"
+ },
+ "type": "string"
+ },
+ "StorageAccountAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "Storage Account Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "StorageAccountAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Storage Account Availability Alert State"
+ },
+ "type": "string"
+ },
+ "StorageAccountAvailabilityFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Storage Account Availability Alert Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "StorageAccountAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert",
+ "displayName": "Storage Account Availability Alert Policy Effect"
+ },
+ "type": "string"
+ },
+ "StorageAccountAvailabilityThreshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Storage Account Availability Alert Threshold"
+ },
+ "type": "string"
+ },
+ "StorageAccountAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Storage Account Availability Alert Window Size"
+ },
+ "type": "string"
+ },
+ "StorageAccountDeleteAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Storage Account Delete Alert State"
+ },
+ "type": "string"
+ },
+ "StorageAccountDeletePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert",
+ "displayName": "Storage Account Delete Alert Policy Effect"
+ },
+ "type": "string"
+ },
+ "activityLAWDeleteAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Activity Log Alert Delete Alert State"
+ },
+ "type": "string"
+ },
+ "activityLAWDeletePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert",
+ "displayName": "Activity Log Alert Delete Policy Effect"
+ },
+ "type": "string"
+ },
+ "activityLAWKeyRegenAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Activity Log Alert Key Regen Alert State"
+ },
+ "type": "string"
+ },
+ "activityLAWKeyRegenPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert",
+ "displayName": "LAW Key Regen Alert Policy Effect"
+ },
+ "type": "string"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('activityLAWDeletePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('activityLAWDeleteAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_LAWorkspace_Delete",
+ "policyDefinitionReferenceId": "ALZ_activityLAWDelete"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('activityLAWKeyRegenPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('activityLAWKeyRegenAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_LAWorkspace_KeyRegen",
+ "policyDefinitionReferenceId": "ALZ_activityLAWKeyRegen"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('LAWDailyCapLimitAutoMitigate')]"
+ },
+ "effect": {
+ "value": "[parameters('LAWDailyCapLimitPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('LAWDailyCapLimitAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('LAWDailyCapLimitEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('LAWDailyCapLimitEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('LAWDailyCapLimitFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('LAWDailyCapLimitOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('LAWDailyCapLimitSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('LAWDailyCapLimitThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('LAWDailyCapLimitTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('LAWDailyCapLimitWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_LAWorkspace_DailyCapLimitReached_Alert",
+ "policyDefinitionReferenceId": "ALZ_LAWorkspaceDailyCapLimitReached"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('AATotalJobAlertPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('AATotalJobAlertAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('AATotalJobAlertEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('AATotalJobAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('AATotalJobAlertThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('AATotalJobAlertWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AA_TotalJob_Alert",
+ "policyDefinitionReferenceId": "ALZ_AATotalJob"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('RVBackupHealthMonitorPolicyEffect')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_BackupHealthMonitor_Alert",
+ "policyDefinitionReferenceId": "ALZ_RVBackupHealth"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('RVASRHealthMonitorPolicyEffect')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_ASRHealthMonitor_Alert",
+ "policyDefinitionReferenceId": "ALZ_RVASRHealthMonitor"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('StorageAccountAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('StorageAccountAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('StorageAccountAvailabilityFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('StorageAccountAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('StorageAccountAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('StorageAccountAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_StorageAccount_Availability_Alert",
+ "policyDefinitionReferenceId": "ALZ_StorageAccountAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('StorageAccountDeletePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('StorageAccountDeleteAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_StorageAccount_Delete",
+ "policyDefinitionReferenceId": "ALZ_activitySADelete"
+ }
+ ],
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policySetDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_set_definitions/Alerting-NetworkChanges.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-NetworkChanges.alz_policy_set_definition.json
new file mode 100644
index 0000000..7a478be
--- /dev/null
+++ b/platform/amba/policy_set_definitions/Alerting-NetworkChanges.alz_policy_set_definition.json
@@ -0,0 +1,163 @@
+{
+ "name": "Alerting-NetworkChanges",
+ "properties": {
+ "description": "This initiative implements Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Changes in Network Routing and Security",
+ "metadata": {
+ "_deployed_by_amba": true,
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.0.1"
+ },
+ "parameters": {
+ "ALZMonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Location"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Name of the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_alz_monitor": true
+ },
+ "metadata": {
+ "description": "Tags for the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "activityNSGDeleteAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Activity NSG Delete Alert State"
+ },
+ "type": "string"
+ },
+ "activityNSGDeletePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Activity NSG Delete Policy Effect"
+ },
+ "type": "string"
+ },
+ "activityUDRUpdateAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Activity UDR Update Alert State"
+ },
+ "type": "string"
+ },
+ "activityUDRUpdatePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "Activity UDR Update Policy Effect"
+ },
+ "type": "string"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('activityNSGDeletePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('activityNSGDeleteAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_NSG_Delete",
+ "policyDefinitionReferenceId": "ALZ_activityNSGDelete"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('activityUDRUpdatePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('activityUDRUpdateAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_RouteTable_Update",
+ "policyDefinitionReferenceId": "ALZ_activityUDRUpdate"
+ }
+ ],
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policySetDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_set_definitions/Alerting-RecoveryServices.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-RecoveryServices.alz_policy_set_definition.json
new file mode 100644
index 0000000..b1badf2
--- /dev/null
+++ b/platform/amba/policy_set_definitions/Alerting-RecoveryServices.alz_policy_set_definition.json
@@ -0,0 +1,99 @@
+{
+ "name": "Alerting-RecoveryServices",
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Recovery Services such as Azure Backup, and Azure Site Recovery.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Recovery Services",
+ "metadata": {
+ "_deployed_by_amba": true,
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.1.0"
+ },
+ "parameters": {
+ "ALZMonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "RVASRHealthMonitorPolicyEffect": {
+ "allowedValues": [
+ "modify",
+ "audit",
+ "disabled"
+ ],
+ "defaultValue": "modify",
+ "metadata": {
+ "description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist",
+ "displayName": "Recovery Vault ASR Health Monitor Policy Effect"
+ },
+ "type": "string"
+ },
+ "RVBackupHealthMonitorPolicyEffect": {
+ "allowedValues": [
+ "modify",
+ "audit",
+ "disabled"
+ ],
+ "defaultValue": "modify",
+ "metadata": {
+ "description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist",
+ "displayName": "Recovery Vault Backup Health Monitor Policy Effect"
+ },
+ "type": "string"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('RVBackupHealthMonitorPolicyEffect')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_BackupHealthMonitor_Alert",
+ "policyDefinitionReferenceId": "ALZ_RVBackupHealthMonitor"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('RVASRHealthMonitorPolicyEffect')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_ASRHealthMonitor_Alert",
+ "policyDefinitionReferenceId": "ALZ_RVASRHealthMonitor"
+ }
+ ],
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policySetDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_set_definitions/Alerting-ServiceHealth.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-ServiceHealth.alz_policy_set_definition.json
new file mode 100644
index 0000000..4e78225
--- /dev/null
+++ b/platform/amba/policy_set_definitions/Alerting-ServiceHealth.alz_policy_set_definition.json
@@ -0,0 +1,462 @@
+{
+ "name": "Alerting-ServiceHealth",
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Service Health Events such as Service issues, Planned maintenance, Health advisories, Security advisories, and Resource health.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Service Health",
+ "metadata": {
+ "_deployed_by_amba": true,
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.5.2"
+ },
+ "parameters": {
+ "ALZArmRoleId": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Arm Built-in Role Ids for action group to send alerts to",
+ "displayName": "Arm Role Ids"
+ },
+ "type": "array"
+ },
+ "ALZEventHubResourceId": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Event Hub resource Ids for action group to send alerts to",
+ "displayName": "Event Hub resource Ids"
+ },
+ "type": "array"
+ },
+ "ALZFunctionResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "Function Resource Id for Action Group to send alerts to",
+ "displayName": "Function Resource Id"
+ },
+ "type": "String"
+ },
+ "ALZFunctionTriggerUrl": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "URL that triggers the Function App",
+ "displayName": "Function Trigger URL"
+ },
+ "type": "String"
+ },
+ "ALZLogicappCallbackUrl": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "Callback URL that triggers the Logic App",
+ "displayName": "Logic App Callback URL"
+ },
+ "type": "String"
+ },
+ "ALZLogicappResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "Logic App Resource Id for Action Group to send alerts to",
+ "displayName": "Logic App Resource Id"
+ },
+ "type": "String"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Email addresses to send alerts to",
+ "displayName": "Action Group Email Addresses"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the resource group",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Name of the resource group to deploy the alerts to",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_alz_monitor": true
+ },
+ "metadata": {
+ "description": "Tags to apply to the resource group",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "ALZWebhookServiceUri": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Indicates the service uri(s) of the webhook to send alerts to",
+ "displayName": "Webhook Service Uri(s)"
+ },
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "The Resource IDs of existing Action Groups currently deployed in the environment.",
+ "displayName": "Customer defined Action Group Resource IDs"
+ },
+ "type": "array"
+ },
+ "BYOAlertProcessingRule": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The Resource ID of an existing Alert Processing Rule already deployed by the customer in his environment",
+ "displayName": "Customer defined Alert Processing Rule Resource ID"
+ },
+ "type": "String"
+ },
+ "ResHlthUnhealthyAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "State of the Resource Health Unhealthy alert",
+ "displayName": "Resource Health Unhealthy Alert State"
+ },
+ "type": "string"
+ },
+ "ResHlthUnhealthyPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Resource Health Unhealthy Alert Policy Effect"
+ },
+ "type": "string"
+ },
+ "SvcHlthAdvisoryAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "State of the Service Health Advisory alert",
+ "displayName": "Service Health Advisory Alert State"
+ },
+ "type": "string"
+ },
+ "SvcHlthIncidentAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "State of the Service Health Incident alert",
+ "displayName": "Service Health Incident Alert State"
+ },
+ "type": "string"
+ },
+ "SvcHlthMaintenanceAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "State of the Service Health Maintenance alert",
+ "displayName": "Service Health Maintenance Alert State"
+ },
+ "type": "string"
+ },
+ "serviceHealthAdvisoryPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Service Health Advisory Alert Policy Effect"
+ },
+ "type": "string"
+ },
+ "serviceHealthIncidentPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Service Health Incident Alert Policy Effect"
+ },
+ "type": "string"
+ },
+ "serviceHealthMaintenancePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Service Health Maintenance Alert Policy Effect"
+ },
+ "type": "string"
+ },
+ "serviceHealthSecurityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Service Health Security Advisory Alert Policy Effect"
+ },
+ "type": "string"
+ },
+ "svcHlthSecAdvisoryAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "State of the Service Health Security Advisory alert",
+ "displayName": "Service Health Security Advisory Alert State"
+ },
+ "type": "string"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "parameters": {
+ "ALZArmRoleId": {
+ "value": "[parameters('ALZArmRoleId')]"
+ },
+ "ALZEventHubResourceId": {
+ "value": "[parameters('ALZEventHubResourceId')]"
+ },
+ "ALZFunctionResourceId": {
+ "value": "[parameters('ALZFunctionResourceId')]"
+ },
+ "ALZFunctionTriggerUrl": {
+ "value": "[parameters('ALZFunctionTriggerUrl')]"
+ },
+ "ALZLogicappCallbackUrl": {
+ "value": "[parameters('ALZLogicappCallbackUrl')]"
+ },
+ "ALZLogicappResourceId": {
+ "value": "[parameters('ALZLogicappResourceId')]"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "ALZWebhookServiceUri": {
+ "value": "[parameters('ALZWebhookServiceUri')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "BYOAlertProcessingRule": {
+ "value": "[parameters('BYOAlertProcessingRule')]"
+ },
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ServiceHealth_ActionGroups",
+ "policyDefinitionReferenceId": "ALZ_ServiceHealth_ActionGroups"
+ },
+ {
+ "parameters": {
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('ResHlthUnhealthyPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('ResHlthUnhealthyAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ResourceHealth_Unhealthy_Alert",
+ "policyDefinitionReferenceId": "ALZ_ResHlthUnhealthy"
+ },
+ {
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('serviceHealthAdvisoryPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('SvcHlthAdvisoryAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_HealthAdvisory",
+ "policyDefinitionReferenceId": "ALZ_SvcHlthAdvisory"
+ },
+ {
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('serviceHealthIncidentPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('SvcHlthIncidentAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Incident",
+ "policyDefinitionReferenceId": "ALZ_SvcHlthIncident"
+ },
+ {
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('serviceHealthMaintenancePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('SvcHlthMaintenanceAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Maintenance",
+ "policyDefinitionReferenceId": "ALZ_SvcHlthMaintenance"
+ },
+ {
+ "parameters": {
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('serviceHealthSecurityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('svcHlthSecAdvisoryAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_SecurityAdvisory",
+ "policyDefinitionReferenceId": "ALZ_svcHlthSecAdvisory"
+ }
+ ],
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policySetDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_set_definitions/Alerting-Storage.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-Storage.alz_policy_set_definition.json
new file mode 100644
index 0000000..9d2eb4b
--- /dev/null
+++ b/platform/amba/policy_set_definitions/Alerting-Storage.alz_policy_set_definition.json
@@ -0,0 +1,222 @@
+{
+ "name": "Alerting-Storage",
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Storage Services such as Storage accounts.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Storage",
+ "metadata": {
+ "_deployed_by_amba": true,
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.0.1"
+ },
+ "parameters": {
+ "ALZMonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Location"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Name of the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_alz_monitor": true
+ },
+ "metadata": {
+ "description": "Tags for the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "StorageAccountAvailabilityAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert for Storage Account Availability",
+ "displayName": "Storage Account Availability Alert Severity"
+ },
+ "type": "String"
+ },
+ "StorageAccountAvailabilityAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Storage Account Availability Alert State"
+ },
+ "type": "string"
+ },
+ "StorageAccountAvailabilityFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "Storage Account Availability Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "StorageAccountAvailabilityPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "Storage Account Availability Policy Effect"
+ },
+ "type": "string"
+ },
+ "StorageAccountAvailabilityThreshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "Storage Account Availability Threshold"
+ },
+ "type": "string"
+ },
+ "StorageAccountAvailabilityWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "Storage Account Availability Window Size"
+ },
+ "type": "string"
+ },
+ "StorageAccountDeleteAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "Storage Account Delete Alert State"
+ },
+ "type": "string"
+ },
+ "StorageAccountDeletePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert",
+ "displayName": "Storage Account Delete Alert Policy Effect"
+ },
+ "type": "string"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('StorageAccountAvailabilityPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('StorageAccountAvailabilityAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('StorageAccountAvailabilityFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('StorageAccountAvailabilityAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('StorageAccountAvailabilityThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('StorageAccountAvailabilityWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_StorageAccount_Availability_Alert",
+ "policyDefinitionReferenceId": "ALZ_StorageAccountAvailability"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "effect": {
+ "value": "[parameters('StorageAccountDeletePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('StorageAccountDeleteAlertState')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_StorageAccount_Delete",
+ "policyDefinitionReferenceId": "ALZ_activitySADelete"
+ }
+ ],
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policySetDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_set_definitions/Alerting-VM.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-VM.alz_policy_set_definition.json
new file mode 100644
index 0000000..1b496d9
--- /dev/null
+++ b/platform/amba/policy_set_definitions/Alerting-VM.alz_policy_set_definition.json
@@ -0,0 +1,2391 @@
+{
+ "name": "Alerting-VM",
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Virtual Machines",
+ "metadata": {
+ "_deployed_by_amba": true,
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.0.1"
+ },
+ "parameters": {
+ "ALZManagementSubscriptionId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The subscription ID of the management subscription where the user assigned managed identity will be created."
+ },
+ "type": "string"
+ },
+ "ALZMonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Location"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Name of the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_alz_monitor": true
+ },
+ "metadata": {
+ "description": "Tags for the resource group where the ALZ Monitor resources will be deployed",
+ "displayName": "ALZ Monitor Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "ALZUserAssignedManagedIdentityName": {
+ "defaultValue": "id-AMBA-ARG-Reader-001",
+ "metadata": {
+ "description": "The name of the user assigned managed identity to be created for monitoring purpose.",
+ "displayName": "Name of the user assigned managed identity to be created."
+ },
+ "type": "string"
+ },
+ "BYOUserAssignedManagedIdentityResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The resource Id of the user assigned managed identity provided by the customer.",
+ "displayName": "Customer defined User Assigned managed Identity resource Id."
+ },
+ "type": "string"
+ },
+ "VMDataDiskReadLatencyAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Data Disk Read Latency",
+ "displayName": "VM Data Disk Read Latency Alert Severity"
+ },
+ "type": "String"
+ },
+ "VMDataDiskReadLatencyAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "VM Data Disk Read Latency Alert State"
+ },
+ "type": "string"
+ },
+ "VMDataDiskReadLatencyAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "VM Data Disk Read Latency Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "VMDataDiskReadLatencyAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "VM Data Disk Read Latency Auto Resolve"
+ },
+ "type": "string"
+ },
+ "VMDataDiskReadLatencyAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "VM Data Disk Read Latency Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "VMDataDiskReadLatencyComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "VM Data Disk Read Latency Computers To Include"
+ },
+ "type": "array"
+ },
+ "VMDataDiskReadLatencyEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VM Data Disk Read Latency Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VMDataDiskReadLatencyEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "VM Data Disk Read Latency Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VMDataDiskReadLatencyFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "VM Data Disk Read Latency Failing Periods"
+ },
+ "type": "string"
+ },
+ "VMDataDiskReadLatencyOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "VM Data Disk Read Latency Operator"
+ },
+ "type": "string"
+ },
+ "VMDataDiskReadLatencyPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "VM Data Disk Read Latency Policy Effect"
+ },
+ "type": "string"
+ },
+ "VMDataDiskReadLatencyThreshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VM Data Disk Read Latency Threshold"
+ },
+ "type": "string"
+ },
+ "VMDataDiskReadLatencyTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "VM Data Disk Read Latency Time Aggregation"
+ },
+ "type": "string"
+ },
+ "VMDataDiskReadLatencyWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VM Data Disk Read Latency Window Size"
+ },
+ "type": "string"
+ },
+ "VMDataDiskSpaceAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Data Disk Space",
+ "displayName": "VM Data Disk Space Alert Severity"
+ },
+ "type": "String"
+ },
+ "VMDataDiskSpaceAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "VM Data Disk Space Alert State"
+ },
+ "type": "string"
+ },
+ "VMDataDiskSpaceAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "VM Data Disk Space Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "VMDataDiskSpaceAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "VM Data Disk Space Auto Resolve"
+ },
+ "type": "string"
+ },
+ "VMDataDiskSpaceAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "VM Data Disk Space Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "VMDataDiskSpaceComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "VM Data Disk Space Computers To Include"
+ },
+ "type": "array"
+ },
+ "VMDataDiskSpaceEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VM Data Disk Space Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VMDataDiskSpaceEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "VM Data Disk Space Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VMDataDiskSpaceFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "VM Data Disk Space Failing Periods"
+ },
+ "type": "string"
+ },
+ "VMDataDiskSpaceOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "VM Data Disk Space Operator"
+ },
+ "type": "string"
+ },
+ "VMDataDiskSpacePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "VM Data Disk Space Policy Effect"
+ },
+ "type": "string"
+ },
+ "VMDataDiskSpaceThreshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VM Data Disk Space Threshold"
+ },
+ "type": "string"
+ },
+ "VMDataDiskSpaceTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "VM Data Disk Space Time Aggregation"
+ },
+ "type": "string"
+ },
+ "VMDataDiskSpaceWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VM Data Disk Space Window Size"
+ },
+ "type": "string"
+ },
+ "VMDataDiskWriteLatencyAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Data Disk Write Latency",
+ "displayName": "VM Data Disk Write Latency Alert Severity"
+ },
+ "type": "String"
+ },
+ "VMDataDiskWriteLatencyAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "VM Data Disk Write Latency Alert State"
+ },
+ "type": "string"
+ },
+ "VMDataDiskWriteLatencyAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "VM Data Disk Write Latency Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "VMDataDiskWriteLatencyAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "VM Data Disk Write Latency Auto Resolve"
+ },
+ "type": "string"
+ },
+ "VMDataDiskWriteLatencyAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "VM Data Disk Write Latency Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "VMDataDiskWriteLatencyComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "VM Data Disk Write Latency Computers To Include"
+ },
+ "type": "array"
+ },
+ "VMDataDiskWriteLatencyEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VM Data Disk Write Latency Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VMDataDiskWriteLatencyEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "VM Data Disk Write Latency Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VMDataDiskWriteLatencyFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "VM Data Disk Write Latency Failing Periods"
+ },
+ "type": "string"
+ },
+ "VMDataDiskWriteLatencyOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "VM Data Disk Write Latency Operator"
+ },
+ "type": "string"
+ },
+ "VMDataDiskWriteLatencyPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "VM Data Disk Write Latency Policy Effect"
+ },
+ "type": "string"
+ },
+ "VMDataDiskWriteLatencyThreshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VM Data Disk Write Latency Threshold"
+ },
+ "type": "string"
+ },
+ "VMDataDiskWriteLatencyTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "VM Data Disk Write Latency Time Aggregation"
+ },
+ "type": "string"
+ },
+ "VMDataDiskWriteLatencyWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VM Data Disk Write Latency Window Size"
+ },
+ "type": "string"
+ },
+ "VMHeartBeatRGAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Severity of the alert for VM Heart Beat RG",
+ "displayName": "VM Heart Beat RG Alert Severity"
+ },
+ "type": "String"
+ },
+ "VMHeartBeatRGAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "VM Heart Beat RG Alert State"
+ },
+ "type": "string"
+ },
+ "VMHeartBeatRGAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "VM Heart Beat RG Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "VMHeartBeatRGAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "VM Heart Beat RG Auto Resolve"
+ },
+ "type": "string"
+ },
+ "VMHeartBeatRGAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "VM Heart Beat RG Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "VMHeartBeatRGComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "VM Heart Beat RG Computers To Include"
+ },
+ "type": "array"
+ },
+ "VMHeartBeatRGEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VM Heart Beat RG Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VMHeartBeatRGFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "VM Heart Beat RG Failing Periods"
+ },
+ "type": "string"
+ },
+ "VMHeartBeatRGOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "VM Heart Beat RG Operator"
+ },
+ "type": "string"
+ },
+ "VMHeartBeatRGPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "VM Heart Beat RG Policy Effect"
+ },
+ "type": "string"
+ },
+ "VMHeartBeatRGThreshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VM Heart Beat RG Threshold"
+ },
+ "type": "string"
+ },
+ "VMHeartBeatRGTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "VM Heart Beat RG Time Aggregation"
+ },
+ "type": "string"
+ },
+ "VMHeartBeatRGWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT6H",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VM Heart Beat RG Window Size"
+ },
+ "type": "string"
+ },
+ "VMNetworkInAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Network In",
+ "displayName": "VM Network In Alert Severity"
+ },
+ "type": "String"
+ },
+ "VMNetworkInAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "VM Network In Alert State"
+ },
+ "type": "string"
+ },
+ "VMNetworkInAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "VM Network In Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "VMNetworkInAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "VM Network In Auto Resolve"
+ },
+ "type": "string"
+ },
+ "VMNetworkInAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "VM Network In Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "VMNetworkInComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "VM Network In Computers To Include"
+ },
+ "type": "array"
+ },
+ "VMNetworkInEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VM Network In Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VMNetworkInEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "VM Network In Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VMNetworkInFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "VM Network In Failing Periods"
+ },
+ "type": "string"
+ },
+ "VMNetworkInOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "VM Network In Operator"
+ },
+ "type": "string"
+ },
+ "VMNetworkInPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "VM Network In Policy Effect"
+ },
+ "type": "string"
+ },
+ "VMNetworkInThreshold": {
+ "defaultValue": "10000000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VM Network In Threshold"
+ },
+ "type": "string"
+ },
+ "VMNetworkInTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "VM Network In Time Aggregation"
+ },
+ "type": "string"
+ },
+ "VMNetworkInWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VM Network In Window Size"
+ },
+ "type": "string"
+ },
+ "VMNetworkOutAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Network Out",
+ "displayName": "VM Network Out Alert Severity"
+ },
+ "type": "String"
+ },
+ "VMNetworkOutAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "VM Network Out Alert State"
+ },
+ "type": "string"
+ },
+ "VMNetworkOutAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "VM Network Out Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "VMNetworkOutAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "VM Network Out Auto Resolve"
+ },
+ "type": "string"
+ },
+ "VMNetworkOutAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "VM Network Out Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "VMNetworkOutComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "VM Network Out Computers To Include"
+ },
+ "type": "array"
+ },
+ "VMNetworkOutEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VM Network Out Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VMNetworkOutEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "VM Network Out Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VMNetworkOutFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "VM Network Out Failing Periods"
+ },
+ "type": "string"
+ },
+ "VMNetworkOutOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "VM Network Out Operator"
+ },
+ "type": "string"
+ },
+ "VMNetworkOutPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "VM Network Out Policy Effect"
+ },
+ "type": "string"
+ },
+ "VMNetworkOutThreshold": {
+ "defaultValue": "10000000",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VM Network Out Threshold"
+ },
+ "type": "string"
+ },
+ "VMNetworkOutTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "VM Network Out Time Aggregation"
+ },
+ "type": "string"
+ },
+ "VMNetworkOutWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VM Network Out Window Size"
+ },
+ "type": "string"
+ },
+ "VMOSDiskReadLatencyAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM OS Disk Read Latency",
+ "displayName": "VM OS Disk Read Latency Alert Severity"
+ },
+ "type": "String"
+ },
+ "VMOSDiskReadLatencyAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "VM OS Disk Read Latency Alert State"
+ },
+ "type": "string"
+ },
+ "VMOSDiskReadLatencyAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "VM OS Disk Read Latency Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "VMOSDiskReadLatencyAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "VM OS Disk Read Latency Auto Resolve"
+ },
+ "type": "string"
+ },
+ "VMOSDiskReadLatencyAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "VM OS Disk Read Latency Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "VMOSDiskReadLatencyComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "VM OS Disk Read Latency Computers To Include"
+ },
+ "type": "array"
+ },
+ "VMOSDiskReadLatencyEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VM OS Disk Read Latency Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VMOSDiskReadLatencyEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "VM OS Disk Read Latency Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VMOSDiskReadLatencyFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "VM OS Disk Read Latency Failing Periods"
+ },
+ "type": "string"
+ },
+ "VMOSDiskReadLatencyOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "VM OS Disk Read Latency Operator"
+ },
+ "type": "string"
+ },
+ "VMOSDiskReadLatencyPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "VM OS Disk Read Latency Policy Effect"
+ },
+ "type": "string"
+ },
+ "VMOSDiskReadLatencyThreshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VM OS Disk Read Latency Threshold"
+ },
+ "type": "string"
+ },
+ "VMOSDiskReadLatencyTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "VM OS Disk Read Latency Time Aggregation"
+ },
+ "type": "string"
+ },
+ "VMOSDiskReadLatencyWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VM OS Disk Read Latency Window Size"
+ },
+ "type": "string"
+ },
+ "VMOSDiskSpaceAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM OS Disk Space",
+ "displayName": "VM OS Disk Space Alert Severity"
+ },
+ "type": "String"
+ },
+ "VMOSDiskSpaceAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "VM OS Disk Space Alert State"
+ },
+ "type": "string"
+ },
+ "VMOSDiskSpaceAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "VM OS Disk Space Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "VMOSDiskSpaceAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "VM OS Disk Space Auto Resolve"
+ },
+ "type": "string"
+ },
+ "VMOSDiskSpaceAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "VM OS Disk Space Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "VMOSDiskSpaceComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "VM OS Disk Space Computers To Include"
+ },
+ "type": "array"
+ },
+ "VMOSDiskSpaceEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VM OS Disk Space Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VMOSDiskSpaceEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "VM OS Disk Space Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VMOSDiskSpaceFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "VM OS Disk Space Failing Periods"
+ },
+ "type": "string"
+ },
+ "VMOSDiskSpaceOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "VM OS Disk Space Operator"
+ },
+ "type": "string"
+ },
+ "VMOSDiskSpacePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "VM OS Disk Space Policy Effect"
+ },
+ "type": "string"
+ },
+ "VMOSDiskSpaceThreshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VM OS Disk Space Threshold"
+ },
+ "type": "string"
+ },
+ "VMOSDiskSpaceTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "VM OS Disk Space Time Aggregation"
+ },
+ "type": "string"
+ },
+ "VMOSDiskSpaceWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VM OS Disk Space Window Size"
+ },
+ "type": "string"
+ },
+ "VMOSDiskWriteLatencyAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM OS Disk Write Latency",
+ "displayName": "VM OS Disk Write Latency Alert Severity"
+ },
+ "type": "String"
+ },
+ "VMOSDiskWriteLatencyAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "VM OS Disk Write Latency Alert State"
+ },
+ "type": "string"
+ },
+ "VMOSDiskWriteLatencyAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "VM OS Disk Write Latency Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "VMOSDiskWriteLatencyAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "VM OS Disk Write Latency Auto Resolve"
+ },
+ "type": "string"
+ },
+ "VMOSDiskWriteLatencyAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "VM OS Disk Write Latency Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "VMOSDiskWriteLatencyComputersToInclude": {
+ "defaultValue": [
+ "*"
+ ],
+ "metadata": {
+ "description": "Computers To Include for the alert",
+ "displayName": "VM OS Disk Write Latency Computers To Include"
+ },
+ "type": "array"
+ },
+ "VMOSDiskWriteLatencyEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VM OS Disk Write Latency Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VMOSDiskWriteLatencyEvaluationPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Evaluation Periods for the alert",
+ "displayName": "VM OS Disk Write Latency Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "VMOSDiskWriteLatencyFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "VM OS Disk Write Latency Failing Periods"
+ },
+ "type": "string"
+ },
+ "VMOSDiskWriteLatencyOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "VM OS Disk Write Latency Operator"
+ },
+ "type": "string"
+ },
+ "VMOSDiskWriteLatencyPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "VM OS Disk Write Latency Policy Effect"
+ },
+ "type": "string"
+ },
+ "VMOSDiskWriteLatencyThreshold": {
+ "defaultValue": "30",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VM OS Disk Write Latency Threshold"
+ },
+ "type": "string"
+ },
+ "VMOSDiskWriteLatencyTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "VM OS Disk Write Latency Time Aggregation"
+ },
+ "type": "string"
+ },
+ "VMOSDiskWriteLatencyWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VM OS Disk Write Latency Window Size"
+ },
+ "type": "string"
+ },
+ "VMPercentCPUAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Percent CPU",
+ "displayName": "VM Percent CPU Alert Severity"
+ },
+ "type": "String"
+ },
+ "VMPercentCPUAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "VM Percent CPU Alert State"
+ },
+ "type": "string"
+ },
+ "VMPercentCPUAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "VM Percent CPU Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "VMPercentCPUAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "VM Percent CPU Auto Resolve"
+ },
+ "type": "string"
+ },
+ "VMPercentCPUAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "VM Percent CPU Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "VMPercentCPUEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VM Percent CPU Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VMPercentCPUFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "VM Percent CPU Failing Periods"
+ },
+ "type": "string"
+ },
+ "VMPercentCPUOperator": {
+ "allowedValues": [
+ "Equals",
+ "GreaterThan",
+ "GreaterThanOrEqual",
+ "LessThan",
+ "LessThanOrEqual"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "VM Percent CPU Operator"
+ },
+ "type": "string"
+ },
+ "VMPercentCPUPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "VM Percent CPU Policy Effect"
+ },
+ "type": "string"
+ },
+ "VMPercentCPUThreshold": {
+ "defaultValue": "85",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VM Percent CPU Threshold"
+ },
+ "type": "string"
+ },
+ "VMPercentCPUTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "VM Percent CPU Time Aggregation"
+ },
+ "type": "string"
+ },
+ "VMPercentCPUWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VM Percent CPU Window Size"
+ },
+ "type": "string"
+ },
+ "VMPercentMemoryAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert for VM Percent Memory",
+ "displayName": "VM Percent Memory Alert Severity"
+ },
+ "type": "String"
+ },
+ "VMPercentMemoryAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert, true will enable the alert, false will disable the alert",
+ "displayName": "VM Percent Memory Alert State"
+ },
+ "type": "string"
+ },
+ "VMPercentMemoryAutoMitigate": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Mitigate for the alert",
+ "displayName": "VM Percent Memory Auto Mitigate"
+ },
+ "type": "string"
+ },
+ "VMPercentMemoryAutoResolve": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Auto Resolve for the alert",
+ "displayName": "VM Percent Memory Auto Resolve"
+ },
+ "type": "string"
+ },
+ "VMPercentMemoryAutoResolveTime": {
+ "defaultValue": "00:10:00",
+ "metadata": {
+ "description": "Auto Resolve Time for the alert",
+ "displayName": "VM Percent Memory Auto Resolve Time"
+ },
+ "type": "string"
+ },
+ "VMPercentMemoryEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "VM Percent Memory Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "VMPercentMemoryFailingPeriods": {
+ "defaultValue": "1",
+ "metadata": {
+ "description": "Failing Periods for the alert",
+ "displayName": "VM Percent Memory Failing Periods"
+ },
+ "type": "string"
+ },
+ "VMPercentMemoryOperator": {
+ "allowedValues": [
+ "GreaterThan"
+ ],
+ "defaultValue": "GreaterThan",
+ "metadata": {
+ "description": "Operator for the alert",
+ "displayName": "VM Percent Memory Operator"
+ },
+ "type": "string"
+ },
+ "VMPercentMemoryPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist",
+ "displayName": "VM Percent Memory Policy Effect"
+ },
+ "type": "string"
+ },
+ "VMPercentMemoryThreshold": {
+ "defaultValue": "10",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "VM Percent Memory Threshold"
+ },
+ "type": "string"
+ },
+ "VMPercentMemoryTimeAggregation": {
+ "allowedValues": [
+ "Count"
+ ],
+ "defaultValue": "Count",
+ "metadata": {
+ "description": "Time Aggregation for the alert",
+ "displayName": "VM Percent Memory Time Aggregation"
+ },
+ "type": "string"
+ },
+ "VMPercentMemoryWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT15M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "VM Percent Memory Window Size"
+ },
+ "type": "string"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('VMHeartBeatRGAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('VMHeartBeatRGAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('VMHeartBeatRGAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('VMHeartBeatRGComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('VMHeartBeatRGPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VMHeartBeatRGAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VMHeartBeatRGEvaluationFrequency')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VMHeartBeatRGFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('VMHeartBeatRGOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('VMHeartBeatRGAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VMHeartBeatRGThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('VMHeartBeatRGTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VMHeartBeatRGWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_HeartBeat_Alert",
+ "policyDefinitionReferenceId": "ALZ_VMHeartBeatRG"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('VMNetworkInAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('VMNetworkInAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('VMNetworkInAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('VMNetworkInComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('VMNetworkInPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VMNetworkInAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VMNetworkInEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VMNetworkInEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VMNetworkInFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('VMNetworkInOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('VMNetworkInAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VMNetworkInThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('VMNetworkInTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VMNetworkInWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_NetworkIn_Alert",
+ "policyDefinitionReferenceId": "ALZ_VMNetworkIn"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('VMNetworkOutAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('VMNetworkOutAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('VMNetworkOutAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('VMNetworkOutComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('VMNetworkOutPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VMNetworkOutAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VMNetworkOutEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VMNetworkOutEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VMNetworkOutFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('VMNetworkOutOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('VMNetworkOutAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VMNetworkOutThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('VMNetworkOutTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VMNetworkOutWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_NetworkOut_Alert",
+ "policyDefinitionReferenceId": "ALZ_VMNetworkOut"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('VMOSDiskReadLatencyAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('VMOSDiskReadLatencyAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('VMOSDiskReadLatencyAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('VMOSDiskReadLatencyComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('VMOSDiskReadLatencyPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VMOSDiskReadLatencyAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VMOSDiskReadLatencyEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VMOSDiskReadLatencyEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VMOSDiskReadLatencyFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('VMOSDiskReadLatencyOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('VMOSDiskReadLatencyAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VMOSDiskReadLatencyThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('VMOSDiskReadLatencyTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VMOSDiskReadLatencyWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_OSDiskreadLatency_Alert",
+ "policyDefinitionReferenceId": "ALZ_VMOSDiskReadLatency"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('VMOSDiskWriteLatencyAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('VMOSDiskWriteLatencyAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('VMOSDiskWriteLatencyAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('VMOSDiskWriteLatencyComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('VMOSDiskWriteLatencyPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VMOSDiskWriteLatencyAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VMOSDiskWriteLatencyEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VMOSDiskWriteLatencyEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VMOSDiskWriteLatencyFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('VMOSDiskWriteLatencyOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('VMOSDiskWriteLatencyAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VMOSDiskWriteLatencyThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('VMOSDiskWriteLatencyTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VMOSDiskWriteLatencyWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_OSDiskwriteLatency_Alert",
+ "policyDefinitionReferenceId": "ALZ_VMOSDiskWriteLatency"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('VMOSDiskSpaceAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('VMOSDiskSpaceAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('VMOSDiskSpaceAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('VMOSDiskSpaceComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('VMOSDiskSpacePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VMOSDiskSpaceAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VMOSDiskSpaceEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VMOSDiskSpaceEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VMOSDiskSpaceFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('VMOSDiskSpaceOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('VMOSDiskSpaceAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VMOSDiskSpaceThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('VMOSDiskSpaceTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VMOSDiskSpaceWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_OSDiskSpace_Alert",
+ "policyDefinitionReferenceId": "ALZ_VMOSDiskSpace"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('VMPercentCPUAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('VMPercentCPUAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('VMPercentCPUAutoResolveTime')]"
+ },
+ "effect": {
+ "value": "[parameters('VMPercentCPUPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VMPercentCPUAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VMPercentCPUEvaluationFrequency')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VMPercentCPUFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('VMPercentCPUOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('VMPercentCPUAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VMPercentCPUThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('VMPercentCPUTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VMPercentCPUWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_CPU_Alert",
+ "policyDefinitionReferenceId": "ALZ_VMPercentCPU"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('VMPercentMemoryAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('VMPercentMemoryAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('VMPercentMemoryAutoResolveTime')]"
+ },
+ "effect": {
+ "value": "[parameters('VMPercentMemoryPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VMPercentMemoryAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VMPercentMemoryEvaluationFrequency')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VMPercentMemoryFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('VMPercentMemoryOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('VMPercentMemoryAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VMPercentMemoryThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('VMPercentMemoryTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VMPercentMemoryWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_Memory_Alert",
+ "policyDefinitionReferenceId": "ALZ_VMPercentMemory"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('VMDataDiskSpaceAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('VMDataDiskSpaceAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('VMDataDiskSpaceAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('VMDataDiskSpaceComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('VMDataDiskSpacePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VMDataDiskSpaceAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VMDataDiskSpaceEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VMDataDiskSpaceEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VMDataDiskSpaceFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('VMDataDiskSpaceOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('VMDataDiskSpaceAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VMDataDiskSpaceThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('VMDataDiskSpaceTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VMDataDiskSpaceWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_dataDiskSpace_Alert",
+ "policyDefinitionReferenceId": "ALZ_VMDataDiskSpace"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('VMDataDiskReadLatencyAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('VMDataDiskReadLatencyAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('VMDataDiskReadLatencyAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('VMDataDiskReadLatencyComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('VMDataDiskReadLatencyPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VMDataDiskReadLatencyAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VMDataDiskReadLatencyEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VMDataDiskReadLatencyEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VMDataDiskReadLatencyFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('VMDataDiskReadLatencyOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('VMDataDiskReadLatencyAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VMDataDiskReadLatencyThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('VMDataDiskReadLatencyTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VMDataDiskReadLatencyWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_dataDiskReadLatency_Alert",
+ "policyDefinitionReferenceId": "ALZ_VMDataDiskReadLatency"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "UAMIResourceId": {
+ "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]"
+ },
+ "alertResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "alertResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "alertResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "autoMitigate": {
+ "value": "[parameters('VMDataDiskWriteLatencyAutoMitigate')]"
+ },
+ "autoResolve": {
+ "value": "[parameters('VMDataDiskWriteLatencyAutoResolve')]"
+ },
+ "autoResolveTime": {
+ "value": "[parameters('VMDataDiskWriteLatencyAutoResolveTime')]"
+ },
+ "computersToInclude": {
+ "value": "[parameters('VMDataDiskWriteLatencyComputersToInclude')]"
+ },
+ "effect": {
+ "value": "[parameters('VMDataDiskWriteLatencyPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('VMDataDiskWriteLatencyAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('VMDataDiskWriteLatencyEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('VMDataDiskWriteLatencyEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('VMDataDiskWriteLatencyFailingPeriods')]"
+ },
+ "operator": {
+ "value": "[parameters('VMDataDiskWriteLatencyOperator')]"
+ },
+ "severity": {
+ "value": "[parameters('VMDataDiskWriteLatencyAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('VMDataDiskWriteLatencyThreshold')]"
+ },
+ "timeAggregation": {
+ "value": "[parameters('VMDataDiskWriteLatencyTimeAggregation')]"
+ },
+ "windowSize": {
+ "value": "[parameters('VMDataDiskWriteLatencyWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_dataDiskWriteLatency_Alert",
+ "policyDefinitionReferenceId": "ALZ_VMDataDiskWriteLatency"
+ }
+ ],
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policySetDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_set_definitions/Alerting-Web.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-Web.alz_policy_set_definition.json
new file mode 100644
index 0000000..e9eed90
--- /dev/null
+++ b/platform/amba/policy_set_definitions/Alerting-Web.alz_policy_set_definition.json
@@ -0,0 +1,489 @@
+{
+ "name": "Alerting-Web",
+ "properties": {
+ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts for Web",
+ "metadata": {
+ "_deployed_by_amba": true,
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.0.0"
+ },
+ "parameters": {
+ "ALZMonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "WSFCPUPercentageAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "WSF CPU Percentage Alert Severity"
+ },
+ "type": "String"
+ },
+ "WSFCPUPercentageAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "WSF CPU Percentage Alert State"
+ },
+ "type": "string"
+ },
+ "WSFCPUPercentageEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "WSF CPU Percentage Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "WSFCPUPercentagePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "WSF CPU Percentage Policy Effect"
+ },
+ "type": "string"
+ },
+ "WSFCPUPercentageThreshold": {
+ "defaultValue": "90",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "WSF CPU Percentage Threshold"
+ },
+ "type": "string"
+ },
+ "WSFCPUPercentageWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "WSF CPU Percentage Window Size"
+ },
+ "type": "string"
+ },
+ "WSFDiskQueueLengthAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "WSF Disk Queue Lenght Alert Severity"
+ },
+ "type": "String"
+ },
+ "WSFDiskQueueLengthAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "WSF Disk Queue Lenght Alert State"
+ },
+ "type": "string"
+ },
+ "WSFDiskQueueLengthEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "WSF Disk Queue Lenght Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "WSFDiskQueueLengthEvaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "WSF Disk Queue Lenght Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "WSFDiskQueueLengthFailingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "WSF Disk Queue Lenght Failing Periods"
+ },
+ "type": "string"
+ },
+ "WSFDiskQueueLengthPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "WSF Disk Queue Lenght Policy Effect"
+ },
+ "type": "string"
+ },
+ "WSFDiskQueueLengthWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "WSF Disk Queue Lenght Window Size"
+ },
+ "type": "string"
+ },
+ "WSFHttpQueueLengthAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "WSF HTTP Queue Lenght Alert Severity"
+ },
+ "type": "String"
+ },
+ "WSFHttpQueueLengthAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "WSF HTTP Queue Lenght Alert State"
+ },
+ "type": "string"
+ },
+ "WSFHttpQueueLengthEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "WSF HTTP Queue Lenght Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "WSFHttpQueueLengthEvaluationPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "The number of aggregated lookback points.",
+ "displayName": "WSF HTTP Queue Lenght Evaluation Periods"
+ },
+ "type": "string"
+ },
+ "WSFHttpQueueLengthFailingPeriods": {
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Number of failing periods before alert is fired",
+ "displayName": "WSF HTTP Queue Lenght Failing Periods"
+ },
+ "type": "string"
+ },
+ "WSFHttpQueueLengthPolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "WSF HTTP Queue Lenght Policy Effect"
+ },
+ "type": "string"
+ },
+ "WSFHttpQueueLengthWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "WSF HTTP Queue Lenght Window Size"
+ },
+ "type": "string"
+ },
+ "WSFMemoryPercentageAlertSeverity": {
+ "allowedValues": [
+ "0",
+ "1",
+ "2",
+ "3",
+ "4"
+ ],
+ "defaultValue": "2",
+ "metadata": {
+ "description": "Severity of the alert",
+ "displayName": "WSF Memory Percentage Alert Severity"
+ },
+ "type": "String"
+ },
+ "WSFMemoryPercentageAlertState": {
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Alert state for the alert",
+ "displayName": "WSF Memory Percentage Alert State"
+ },
+ "type": "string"
+ },
+ "WSFMemoryPercentageEvaluationFrequency": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H"
+ ],
+ "defaultValue": "PT1M",
+ "metadata": {
+ "description": "Evaluation frequency for the alert",
+ "displayName": "WSF Memory Percentage Evaluation Frequency"
+ },
+ "type": "string"
+ },
+ "WSFMemoryPercentagePolicyEffect": {
+ "allowedValues": [
+ "deployIfNotExists",
+ "disabled"
+ ],
+ "defaultValue": "deployIfNotExists",
+ "metadata": {
+ "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert",
+ "displayName": "WSF Memory Percentage Policy Effect"
+ },
+ "type": "string"
+ },
+ "WSFMemoryPercentageThreshold": {
+ "defaultValue": "85",
+ "metadata": {
+ "description": "Threshold for the alert",
+ "displayName": "WSF Memory Percentage Threshold"
+ },
+ "type": "string"
+ },
+ "WSFMemoryPercentageWindowSize": {
+ "allowedValues": [
+ "PT1M",
+ "PT5M",
+ "PT15M",
+ "PT30M",
+ "PT1H",
+ "PT6H",
+ "PT12H",
+ "P1D"
+ ],
+ "defaultValue": "PT5M",
+ "metadata": {
+ "description": "Window size for the alert",
+ "displayName": "WSF Memory Percentage Window Size"
+ },
+ "type": "string"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('WSFCPUPercentagePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('WSFCPUPercentageAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('WSFCPUPercentageEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('WSFCPUPercentageAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('WSFCPUPercentageThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('WSFCPUPercentageWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_WSF_CPUPercentage_Alert",
+ "policyDefinitionReferenceId": "ALZ_WSFCPUPercentage"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('WSFMemoryPercentagePolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('WSFMemoryPercentageAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('WSFMemoryPercentageEvaluationFrequency')]"
+ },
+ "severity": {
+ "value": "[parameters('WSFMemoryPercentageAlertSeverity')]"
+ },
+ "threshold": {
+ "value": "[parameters('WSFMemoryPercentageThreshold')]"
+ },
+ "windowSize": {
+ "value": "[parameters('WSFMemoryPercentageWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_WSF_MemoryPercentage_Alert",
+ "policyDefinitionReferenceId": "ALZ_WSFMemoryPercentage"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('WSFDiskQueueLengthPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('WSFDiskQueueLengthAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('WSFDiskQueueLengthEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('WSFDiskQueueLengthEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('WSFDiskQueueLengthFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('WSFDiskQueueLengthAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('WSFDiskQueueLengthWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_WSF_DiskQueueLength_Alert",
+ "policyDefinitionReferenceId": "ALZ_WSFDiskQueueLength"
+ },
+ {
+ "parameters": {
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ },
+ "effect": {
+ "value": "[parameters('WSFHttpQueueLengthPolicyEffect')]"
+ },
+ "enabled": {
+ "value": "[parameters('WSFHttpQueueLengthAlertState')]"
+ },
+ "evaluationFrequency": {
+ "value": "[parameters('WSFHttpQueueLengthEvaluationFrequency')]"
+ },
+ "evaluationPeriods": {
+ "value": "[parameters('WSFHttpQueueLengthEvaluationPeriods')]"
+ },
+ "failingPeriods": {
+ "value": "[parameters('WSFHttpQueueLengthFailingPeriods')]"
+ },
+ "severity": {
+ "value": "[parameters('WSFHttpQueueLengthAlertSeverity')]"
+ },
+ "windowSize": {
+ "value": "[parameters('WSFHttpQueueLengthWindowSize')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_WSF_HttpQueueLength_Alert",
+ "policyDefinitionReferenceId": "ALZ_WSFHttpQueueLength"
+ }
+ ],
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policySetDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/policy_set_definitions/Notification-Assets.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Notification-Assets.alz_policy_set_definition.json
new file mode 100644
index 0000000..654a87b
--- /dev/null
+++ b/platform/amba/policy_set_definitions/Notification-Assets.alz_policy_set_definition.json
@@ -0,0 +1,221 @@
+{
+ "name": "Notification-Assets",
+ "properties": {
+ "description": "This initiative deploys Notification Assets for Azure Monitor Baseline Alerts. This includes the setup of an Alert Processing Rule and an Action Group to manage notifications and actions, along with a Notification Suppression Rule to manage alert notifications, as well as a Notification Suppression Rule to control alert notifications.",
+ "displayName": "Deploy Azure Monitor Baseline Alerts - Notification Assets",
+ "metadata": {
+ "_deployed_by_amba": true,
+ "alzCloudEnvironments": [
+ "AzureCloud"
+ ],
+ "category": "Monitoring",
+ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
+ "version": "1.3.1"
+ },
+ "parameters": {
+ "ALZArmRoleId": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Arm Built-in Role Ids for action group to send alerts to",
+ "displayName": "Arm Role Ids"
+ },
+ "type": "array"
+ },
+ "ALZEventHubResourceId": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Event Hub resource Ids for action group to send alerts to",
+ "displayName": "Event Hub resource Ids"
+ },
+ "type": "array"
+ },
+ "ALZFunctionResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "Function Resource Id for Action Group to send alerts to",
+ "displayName": "Function Resource Id"
+ },
+ "type": "String"
+ },
+ "ALZFunctionTriggerUrl": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "URL that triggers the Function",
+ "displayName": "Function Trigger URL"
+ },
+ "type": "String"
+ },
+ "ALZLogicappCallbackUrl": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "Callback URL that triggers the Logic App",
+ "displayName": "Logic App Callback URL"
+ },
+ "type": "String"
+ },
+ "ALZLogicappResourceId": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "Logic App Resource Id for Action Group to send alerts to",
+ "displayName": "Logic App Resource Id"
+ },
+ "type": "String"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Email addresses to send alerts to",
+ "displayName": "Action Group Email Addresses"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorDisableTagName": {
+ "defaultValue": "MonitorDisable",
+ "metadata": {
+ "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorDisableTagValues": {
+ "defaultValue": [
+ "true",
+ "Test",
+ "Dev",
+ "Sandbox"
+ ],
+ "metadata": {
+ "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
+ "displayName": "ALZ Monitoring disabled tag values(s)"
+ },
+ "type": "Array"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "defaultValue": "centralus",
+ "metadata": {
+ "description": "Location of the resource group",
+ "displayName": "Resource Group Location"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupName": {
+ "defaultValue": "rg-amba-monitoring-001",
+ "metadata": {
+ "description": "Name of the resource group to deploy the alerts to",
+ "displayName": "Resource Group Name"
+ },
+ "type": "String"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "defaultValue": {
+ "_deployed_by_alz_monitor": true
+ },
+ "metadata": {
+ "description": "Tags to apply to the resource group",
+ "displayName": "Resource Group Tags"
+ },
+ "type": "Object"
+ },
+ "ALZWebhookServiceUri": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "Indicates the service uri(s) of the webhook to send alerts to",
+ "displayName": "Webhook Service Uri(s)"
+ },
+ "type": "Array"
+ },
+ "BYOActionGroup": {
+ "defaultValue": [],
+ "metadata": {
+ "description": "The Resource IDs of existing Action Groups currently deployed in the environment.",
+ "displayName": "Customer defined Action Group Resource IDs"
+ },
+ "type": "array"
+ },
+ "BYOAlertProcessingRule": {
+ "defaultValue": "",
+ "metadata": {
+ "description": "The Resource ID of an existing Alert Processing Rule already deployed by the customer in his environment",
+ "displayName": "Customer defined Alert Processing Rule Resource ID"
+ },
+ "type": "String"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "parameters": {
+ "ALZArmRoleId": {
+ "value": "[parameters('ALZArmRoleId')]"
+ },
+ "ALZEventHubResourceId": {
+ "value": "[parameters('ALZEventHubResourceId')]"
+ },
+ "ALZFunctionResourceId": {
+ "value": "[parameters('ALZFunctionResourceId')]"
+ },
+ "ALZFunctionTriggerUrl": {
+ "value": "[parameters('ALZFunctionTriggerUrl')]"
+ },
+ "ALZLogicappCallbackUrl": {
+ "value": "[parameters('ALZLogicappCallbackUrl')]"
+ },
+ "ALZLogicappResourceId": {
+ "value": "[parameters('ALZLogicappResourceId')]"
+ },
+ "ALZMonitorActionGroupEmail": {
+ "value": "[parameters('ALZMonitorActionGroupEmail')]"
+ },
+ "ALZMonitorResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "ALZWebhookServiceUri": {
+ "value": "[parameters('ALZWebhookServiceUri')]"
+ },
+ "BYOActionGroup": {
+ "value": "[parameters('BYOActionGroup')]"
+ },
+ "BYOAlertProcessingRule": {
+ "value": "[parameters('BYOAlertProcessingRule')]"
+ },
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AlertProcessing_Rule",
+ "policyDefinitionReferenceId": "ALZ_AlertProcessing_Rule"
+ },
+ {
+ "parameters": {
+ "ALZMonitorResourceGroupLocation": {
+ "value": "[parameters('ALZMonitorResourceGroupLocation')]"
+ },
+ "ALZMonitorResourceGroupName": {
+ "value": "[parameters('ALZMonitorResourceGroupName')]"
+ },
+ "ALZMonitorResourceGroupTags": {
+ "value": "[parameters('ALZMonitorResourceGroupTags')]"
+ },
+ "MonitorDisableTagName": {
+ "value": "[parameters('ALZMonitorDisableTagName')]"
+ },
+ "MonitorDisableTagValues": {
+ "value": "[parameters('ALZMonitorDisableTagValues')]"
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Suppression_AlertProcessing_Rule",
+ "policyDefinitionReferenceId": "ALZ_Suppression_AlertProcessing_Rule"
+ }
+ ],
+ "policyType": "Custom"
+ },
+ "type": "Microsoft.Authorization/policySetDefinitions"
+}
\ No newline at end of file
diff --git a/platform/amba/scripts/Copy-PolicyDefinitions.ps1 b/platform/amba/scripts/Copy-PolicyDefinitions.ps1
new file mode 100644
index 0000000..ec5afdf
--- /dev/null
+++ b/platform/amba/scripts/Copy-PolicyDefinitions.ps1
@@ -0,0 +1,45 @@
+<#
+.SYNOPSIS
+ Copies policy definition files from a source directory to a target directory.
+
+.DESCRIPTION
+ This script reads the AMBA-ALZ template files to find policy definition file paths, then copies those files from the source directory to the target directory. It creates the target directory if it does not exist.
+
+.NOTES
+ Intended to be used in the context of the update platform/amba-alz workflow.
+
+.LINK
+ https://github.com/Azure/Azure-Landing-Zones-Library
+
+.PARAMETER TemplatePath
+ The path to the template files containing the policy definition file paths. Typically "patterns/alz/templates".
+
+.PARAMETER SourcePath
+ The path to the source directory where the policy definition files are located.
+
+.PARAMETER TargetPath
+ The path to the target directory where the policy definition files will be copied.
+#>
+
+[CmdletBinding(SupportsShouldProcess)]
+param (
+ [Parameter(Mandatory = $true)]
+ [string]
+ $TemplatePath,
+
+ [Parameter(Mandatory = $true)]
+ [string]
+ $SourcePath,
+
+ [Parameter(Mandatory = $true)]
+ [string]
+ $TargetPath
+)
+
+$files = (Select-String -Path $TemplatePath/policies-*.bicep -Pattern "../../../services/").Line -replace ([regex]::Escape(" loadTextContent('../../..")), "" -replace ([regex]::Escape("')")), ""
+
+New-Item $TargetPath -Type Directory
+
+foreach ($file in $files) {
+ Copy-Item -Path $($SourcePath+$file) -Destination $TargetPath -Force
+}
diff --git a/platform/amba/scripts/Invoke-LibraryUpdatePolicyAssignmentArchetypes.ps1 b/platform/amba/scripts/Invoke-LibraryUpdatePolicyAssignmentArchetypes.ps1
new file mode 100644
index 0000000..ca89fab
--- /dev/null
+++ b/platform/amba/scripts/Invoke-LibraryUpdatePolicyAssignmentArchetypes.ps1
@@ -0,0 +1,235 @@
+#!/usr/bin/pwsh
+
+#
+# PowerShell Script
+# - Update template library in terraform-azurerm-caf-enterprise-scale repository
+#
+
+[CmdletBinding(SupportsShouldProcess)]
+param (
+ [Parameter()][String]$AlzToolsPath = "$PWD/enterprise-scale/src/Alz.Tools",
+ [Parameter()][String]$TargetPath = "$PWD/library",
+ [Parameter()][String]$SourcePath = "$PWD/enterprise-scale",
+ [Parameter()][String]$LineEnding = "unix",
+ [Parameter()][String]$ParserToolUrl = "https://github.com/Azure/arm-template-parser/releases/download/0.2.4"
+)
+
+$ErrorActionPreference = "Stop"
+
+# This script relies on a custom set of classes and functions
+# defined within the EnterpriseScaleLibraryTools PowerShell
+# module.
+Import-Module $AlzToolsPath -ErrorAction Stop
+
+$parserPath = "$TargetPath/.github/scripts"
+$parserExe = "Template.Parser.Cli"
+if ($IsWindows) {
+ $parserExe += ".exe"
+}
+
+$parser = "$parserPath/$parserExe"
+
+if (!(Test-Path $parser)) {
+ Write-Information "Downloading Template Parser." -InformationAction Continue
+ if (!(Test-Path $parserPath)) {
+ New-Item -Path $parserPath -ItemType Directory
+ }
+ Invoke-WebRequest "$ParserToolUrl/$parserExe" -OutFile $parser
+ if ($IsLinux -Or $IsMacOS) {
+ chmod +x $parser
+ }
+}
+
+# Update the policy assignments if enabled
+Write-Information "Updating Policy Assignment Archetypes." -InformationAction Continue
+
+$eslzArmSourcePath = "$SourcePath/patterns/alz/alzArm.json"
+$eslzArmParametersSourcePath = "$SourcePath/patterns/alz/eslzArm.terraform-sync.param.json"
+
+$eslzArm = & $parser "-s $eslzArmSourcePath" "-f $eslzArmParametersSourcePath" "-a" | Out-String | ConvertFrom-Json
+
+$policyAssignments = New-Object 'System.Collections.Generic.Dictionary[string,System.Collections.Generic.List[string]]'
+
+foreach ($resource in $eslzArm) {
+ $scope = $resource.scope
+ $policyAssignment = $resource.properties.templateLink.uri
+
+ if ($null -ne $policyAssignment -and $policyAssignment.StartsWith("https://deploymenturi/policyAssignments/") -and $resource.condition) {
+
+ $managementGroup = $scope.Split("/")[-1]
+ $policyAssignmentFileName = $policyAssignment.Split("/")[-1]
+
+ if (!($policyAssignmentFileName.StartsWith("fairfax"))) {
+ if (!($policyAssignments.ContainsKey($managementGroup))) {
+ $values = New-Object 'System.Collections.Generic.List[string]'
+ $values.Add($policyAssignmentFileName)
+ $policyAssignments.Add($managementGroup, $values)
+ }
+ else {
+ $policyAssignments[$managementGroup].Add($policyAssignmentFileName)
+ }
+ }
+ }
+}
+
+$managementGroupMapping = @{
+ "defaults" = "root"
+ "management" = "management"
+ "connectivity" = "connectivity"
+ "corp" = "corp"
+ "landingzones" = "landing_zones"
+ "decommissioned" = "decommissioned"
+ "sandboxes" = "sandboxes"
+ "identity" = "identity"
+ "platform" = "platform"
+}
+
+$parameters = @{
+ default = @{
+ nonComplianceMessagePlaceholder = "{donotchange}"
+ topLevelManagementGroupPrefix = "`${temp}"
+ userAssignedManagedIdentityName = "id-amba-alz-prod-001"
+ ALZMonitorResourceGroupName = "rg-amba-alz-prod-001"
+ ALZUserAssignedManagedIdentityName = "id-amba-alz-arg-reader-prod-001"
+ ALZMonitorResourceGroupLocation = "eastus"
+ ALZMonitorDisableTagName = "MonitorDisable"
+ }
+ overrides = @{}
+}
+
+$finalPolicyAssignments = New-Object 'System.Collections.Generic.Dictionary[string,System.Collections.Generic.List[string]]'
+
+$policyAssignmentSourcePath = "$SourcePath/patterns/alz/policyAssignments"
+$policyAssignmentTargetPath = "$TargetPath/platform/amba/policy_assignments"
+
+foreach ($managementGroup in $policyAssignments.Keys) {
+ $managementGroupNameFinal = $managementGroupMapping[$managementGroup.Replace("defaults-", "")]
+ $managementGroupNameFinal
+ Write-Output "`nProcessing Archetype Policy Assignments for Management Group: $managementGroupNameFinal"
+
+ foreach ($policyAssignmentFile in $policyAssignments[$managementGroup]) {
+ Write-Output "`nProcessing Archetype Policy Assignment: $managementGroupNameFinal - $policyAssignmentFile"
+
+ $defaultParameters = $parameters.default
+ foreach ($overrideKey in $parameters.overrides.Keys) {
+ if ($policyAssignmentFile -in $parameters.overrides[$overrideKey].policy_assignments) {
+ foreach ($parameter in $parameters.overrides[$overrideKey].parameters.Keys) {
+ $defaultParameters.$parameter = $parameters.overrides[$overrideKey].parameters.$parameter
+ }
+ }
+ }
+
+ $defaultParameterFormatted = $defaultParameters.GetEnumerator().ForEach({ "-p $($_.Name)=$($_.Value)" })
+
+ $parsedAssignmentArray = & $parser "-s $policyAssignmentSourcePath/$policyAssignmentFile" $defaultParameterFormatted "-a" | Out-String | ConvertFrom-Json
+
+ foreach ($parsedAssignment in $parsedAssignmentArray) {
+ if ($parsedAssignment.type -ne "Microsoft.Authorization/policyAssignments") {
+ continue
+ }
+
+ $policyAssignmentName = $parsedAssignment.name
+
+ Write-Output "Parsed Assignment Name: $($parsedAssignment.name)"
+
+ if (!(Get-Member -InputObject $parsedAssignment.properties -Name "scope" -MemberType Properties)) {
+ $parsedAssignment.properties | Add-Member -MemberType NoteProperty -Name "scope" -Value "/providers/Microsoft.Management/managementGroups/placeholder"
+ }
+
+ if (!(Get-Member -InputObject $parsedAssignment.properties -Name "notScopes" -MemberType Properties)) {
+ $parsedAssignment.properties | Add-Member -MemberType NoteProperty -Name "notScopes" -Value @()
+ }
+
+ if (!(Get-Member -InputObject $parsedAssignment.properties -Name "parameters" -MemberType Properties)) {
+ $parsedAssignment.properties | Add-Member -MemberType NoteProperty -Name "parameters" -Value @{}
+ }
+
+ if (!(Get-Member -InputObject $parsedAssignment -Name "location" -MemberType Properties)) {
+ $parsedAssignment | Add-Member -MemberType NoteProperty -Name "location" -Value "uksouth"
+ }
+
+ # if (!(Get-Member -InputObject $parsedAssignment -Name "identity" -MemberType Properties)) {
+ # $parsedAssignment | Add-Member -MemberType NoteProperty -Name "identity" -Value @{ type = "None" }
+ # }
+
+ if ($parsedAssignment.properties.policyDefinitionId.StartsWith("/providers/Microsoft.Management/managementGroups/`${temp}")) {
+ $parsedAssignment.properties.policyDefinitionId = $parsedAssignment.properties.policyDefinitionId.Replace("/providers/Microsoft.Management/managementGroups/`${temp}", "/providers/Microsoft.Management/managementGroups/placeholder")
+ }
+
+ foreach ($property in Get-Member -InputObject $parsedAssignment.properties.parameters -MemberType NoteProperty) {
+ $propertyName = $property.Name
+ Write-Verbose "Checking Parameter: $propertyName"
+ if ($parsedAssignment.properties.parameters.($propertyName).value.GetType() -ne [System.String]) {
+ Write-Verbose "Skipping non-string parameter: $propertyName"
+ continue
+ }
+
+ if ($parsedAssignment.properties.parameters.($propertyName).value.StartsWith("`${private_dns_zone_prefix}/providers/Microsoft.Network/privateDnsZones/")) {
+ $parsedAssignment.properties.parameters.($propertyName).value = $parsedAssignment.properties.parameters.($propertyName).value.Replace("`${private_dns_zone_prefix}/providers/Microsoft.Network/privateDnsZones/", "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/placeholder/providers/Microsoft.Network/privateDnsZones/")
+ # $parsedAssignment.properties.parameters.($propertyName).value = $parsedAssignment.properties.parameters.($propertyName).value.Replace("privatelink.uks.backup.windowsazure.com", "privatelink.`${connectivity_location_short}.backup.windowsazure.com")
+ }
+ if ($parsedAssignment.properties.parameters.($propertyName).value.StartsWith("`${temp}")) {
+ $parsedAssignment.properties.parameters.($propertyName).value = $parsedAssignment.properties.parameters.($propertyName).value.Replace("`${temp}", "/providers/Microsoft.Management/managementGroups/placeholder")
+ }
+ }
+
+ $targetPolicyAssignmentFileName = "$($policyAssignmentName.ToLower() -replace "-", "_").alz_policy_assignment.json"
+
+ Write-Information "Writing $targetPolicyAssignmentFileName" -InformationAction Continue
+ $json = $parsedAssignment | ConvertTo-Json -Depth 10
+ $json | Edit-LineEndings -LineEnding $LineEnding | Out-File -FilePath "$policyAssignmentTargetPath/$targetPolicyAssignmentFileName" -Force
+
+ Write-Verbose "Got final data for $managementGroupNameFinal and $policyAssignmentName"
+
+ if (!($finalPolicyAssignments.ContainsKey($managementGroupNameFinal))) {
+ $values = New-Object 'System.Collections.Generic.List[string]'
+ $values.Add($policyAssignmentName)
+ $finalPolicyAssignments.Add($managementGroupNameFinal, $values)
+ }
+ else {
+ $finalPolicyAssignments[$managementGroupNameFinal].Add($policyAssignmentName)
+ }
+ }
+ }
+}
+
+$archetypeTargetPath = "$TargetPath/platform/amba/archetype_definitions"
+
+foreach ($managementGroup in $finalPolicyAssignments.Keys) {
+ $archetypeFilePath = "$archetypeTargetPath/$managementGroup.alz_archetype_definition.json"
+ $archetypeJson = Get-Content $archetypeFilePath | ConvertFrom-Json
+
+ $archetypeJson.policy_assignments = @($finalPolicyAssignments[$managementGroup] | Sort-Object)
+
+ Write-Information "Writing $archetypeFilePath" -InformationAction Continue
+ $json = $archetypeJson | ConvertTo-Json -Depth 10
+ $json | Edit-LineEndings -LineEnding $LineEnding | Out-File -FilePath "$archetypeFilePath" -Force
+}
+
+$policySetDefinitions = Get-ChildItem -Path "$TargetPath/platform/amba/policy_set_definitions" -Filter *.alz_policy_set_definition.json -Recurse
+
+foreach ($policySetDefinition in $policySetDefinitions) {
+ $policySetDefinitionJson = Get-Content $policySetDefinition.FullName -Raw | ConvertFrom-Json
+ $policyAssignmentJson = Get-Content $policySetDefinition.FullName.Replace("policy_set_definitions", "policy_assignments").Replace("Alerting-","deploy_amba_").Replace("Notification-Assets","deploy_amba_notification").Replace(".alz_policy_set_definition.json", ".alz_policy_assignment.json").Replace("KeyManagement","keymgmt").Replace("LoadBalancing","loadbalance").Replace("NetworkChanges","networkchang").Replace("RecoveryServices","recoverysvc").Replace("ServiceHealth","svchealth").Replace("Connectivity","connectivity").Replace("Identity","identity").Replace("Storage","storage").Replace("Management","management").Replace("Web","web").Replace("VM","vm").Replace("HybridVM","hybridvm").Replace("Hybridvm","hybridvm") -Raw | ConvertFrom-Json
+
+ $policySetDefinitionJson.properties.parameters = $policySetDefinitionJson.properties.parameters | Select-Object * -ExcludeProperty *WindowSize, *EvaluationFrequency, *AlertState, *AlertSeverity, *Threshold, *Frequency, *Severity, *AutoMitigate, *AutoResolve, *AutoResolveTime, *ComputersToInclude, *EvaluationPeriods, *FailingPeriods, *Operator, *TimeAggregation, *AlertSensitivity
+
+ $newParameters = [ordered]@{}
+
+ foreach ($param in $policySetDefinitionJson.properties.parameters.PSObject.Properties) {
+ if ($parameters.default.ContainsKey($param.Name)) {
+ $value = $parameters.default.$($param.Name)
+ }
+ else {
+ $value = $param.Value.defaultValue
+ }
+
+ $newParameters.$($param.Name) = [PSCustomObject]@{
+ value = $value
+ }
+ }
+
+ $policyAssignmentJson.properties.parameters = $newParameters
+
+ $policyAssignmentJson | ConvertTo-Json -Depth 100 | Set-Content $policySetDefinition.FullName.Replace("policy_set_definitions", "policy_assignments").Replace("Alerting-","deploy_amba_").Replace("Notification-Assets","deploy_amba_notification").Replace(".alz_policy_set_definition.json", ".alz_policy_assignment.json").Replace("KeyManagement","keymgmt").Replace("LoadBalancing","loadbalance").Replace("NetworkChanges","networkchang").Replace("RecoveryServices","recoverysvc").Replace("ServiceHealth","svchealth").Replace("Connectivity","connectivity").Replace("Identity","identity").Replace("Storage","storage").Replace("Management","management").Replace("Web","web").Replace("VM","vm").Replace("Hybridvm","hybridvm")
+}
diff --git a/platform/amba/scripts/Invoke-LibraryUpdatePolicyDefinitions.ps1 b/platform/amba/scripts/Invoke-LibraryUpdatePolicyDefinitions.ps1
new file mode 100644
index 0000000..64428e2
--- /dev/null
+++ b/platform/amba/scripts/Invoke-LibraryUpdatePolicyDefinitions.ps1
@@ -0,0 +1,71 @@
+#!/usr/bin/pwsh
+
+#
+# PowerShell Script
+# - Update template library in terraform-azurerm-caf-enterprise-scale repository
+#
+# Valid object schema for Export-LibraryArtifact function loop:
+#
+# @{
+# inputPath = [String]
+# inputFilter = [String]
+# typeFilter = [String[]]
+# outputPath = [String]
+# fileNamePrefix = [String]
+# fileNameSuffix = [String]
+# asTemplate = [Boolean]
+# recurse = [Boolean]
+# whatIf = [Boolean]
+# }
+#
+
+[CmdletBinding(SupportsShouldProcess)]
+param (
+ [Parameter()][String]$AlzToolsPath = "$PWD/enterprise-scale/src/Alz.Tools",
+ [Parameter()][String]$TargetPath = "$PWD/library/platform/amba",
+ [Parameter()][String]$SourcePath = "$PWD/enterprise-scale",
+ [Parameter()][String]$LineEnding = "unix",
+ [Parameter()][Switch]$Reset,
+ [Parameter()][Switch]$UpdateProviderApiVersions
+)
+
+$ErrorActionPreference = "Stop"
+
+# This script relies on a custom set of classes and functions
+# defined within the EnterpriseScaleLibraryTools PowerShell
+# module.
+Import-Module $AlzToolsPath -ErrorAction Stop
+
+# To avoid needing to authenticate with Azure, the following
+# code will preload the ProviderApiVersions cache from a
+# stored state in the module if the UseCacheFromModule flag
+# is set and the ProviderApiVersions.zip file is present.
+if (!$UpdateProviderApiVersions -and (Test-Path "$AlzToolsPath/ProviderApiVersions.zip")) {
+ Write-Information "Pre-loading ProviderApiVersions from saved cache." -InformationAction Continue
+ Invoke-UseCacheFromModule($AlzToolsPath)
+}
+
+# Get a list of current Policy Definition names
+$policyDefinitionFiles = Get-ChildItem -Path "$TargetPath/platform/amba/policy_definitions/"
+$policyDefinitionNames = $policyDefinitionFiles | ForEach-Object {
+ (Get-Content -Path $_ | ConvertFrom-Json).Name
+}
+
+# Get a list of current Policy Set Definition names
+$policySetDefinitionFiles = Get-ChildItem -Path "$TargetPath/platform/amba/policy_set_definitions/"
+$policySetDefinitionNames = $policySetDefinitionFiles | ForEach-Object {
+ (Get-Content -Path $_ | ConvertFrom-Json).Name
+}
+
+# Update the es_root archetype definition to reflect
+# the current list of Policy Definitions and Policy
+# Set Definitions
+$esRootFilePath = $TargetPath + "/platform/amba/archetype_definitions/root.alz_archetype_definition.json"
+Write-Information "Loading `"root`" archetype definition." -InformationAction Continue
+$esRootConfig = Get-Content -Path $esRootFilePath | ConvertFrom-Json
+Write-Information "Updating Policy Definitions in `"root`" archetype definition." -InformationAction Continue
+$esRootConfig.policy_definitions = $policyDefinitionNames
+Write-Information "Updating Policy Set Definitions in `"root`" archetype definition." -InformationAction Continue
+$esRootConfig.policy_set_definitions = $policySetDefinitionNames
+Write-Information "Saving `"root`" archetype definition." -InformationAction Continue
+$esRootConfig | ConvertTo-Json -Depth 10 | Edit-LineEndings -LineEnding $LineEnding | Out-File -FilePath $esRootFilePath -Force