github Azure/ALZ-Bicep v0.22.0
on GitHub

2 days ago

Summary

The key addition in this release is a new module for deploying Workload Specific Policy Assignments.

As part of this update, we have also refactored the ALZ Default Policy Assignments module by moving Sovereign Landing Zone-specific assignments and exemptions to the new module. This change helps prevent occasional issues with exceeding the 4MB ARM template limit.

What's Changed

  • fix: Remove default security contact email and correct TLS assignment by @oZakari in #971
  • feat: add fallbacktointernet for dns zone by @jantorep in #962
  • refactor: Separation of policy assignments module to avoid hitting ARM size limit and include workload specific policy assignments by @oZakari in #975
  • chore: Update version.json for release v0.22.0 by @oZakari in #979

Breaking Changes

Module: alzDefaultPolicyAssignments.bicep

This update introduces breaking changes by removing the following parameters previously associated with Sovereign Landing Zones:

  • parTopLevelPolicyAssignmentSovereigntyGlobal
  • parPolicyAssignmentSovereigntyConfidential
  • parAllowedVirtualMachineSKUs

These parameters, along with their related policy assignments and exemptions, have been migrated to the workloadSpecificPolicyAssignments.bicep module.

Required Action

If you are using the alzDefaultPolicyAssignments.bicep module, and you are intending on upgrading to this version or upcoming version, you must:

  1. Remove these parameters from your existing parameter files for this module.
  2. Update your configurations accordingly in the workloadSpecificPolicyAssignments.bicep module.

New Contributors

Full Changelog: v0.21.0...v0.22.0

Check out latest releases or
releases around Azure/ALZ-Bicep v0.22.0

Don't miss a new ALZ-Bicep release

NewReleases is sending notifications on new releases.

Get notifications