last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

Configure IoT Hub device provisioning instances to use private DNS zones

Name Configure IoT Hub device provisioning instances to use private DNS zones
Azure Portal
Id aaa64d2d-2fa3-45e5-b332-0b031b9b30e8
Version 1.0.0
details on versioning
Category Internet of Things
Microsoft docs
Description Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone links to your virtual network to resolve to an IoT Hub device provisioning service instance. Learn more at: https://aka.ms/iotdpsvnet.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-09 14:37:41 add aaa64d2d-2fa3-45e5-b332-0b031b9b30e8
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Configure IoT Hub device provisioning instances to use private DNS zones",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone links to your virtual network to resolve to an IoT Hub device provisioning service instance. Learn more at: https://aka.ms/iotdpsvnet.",
    "metadata": {
      "version": "1.0.0",
      "category": "Internet of Things"
    },
    "parameters": {
      "privateDnsZoneId": {
        "type": "String",
        "metadata": {
          "displayName": "Private DNS Zone ID",
          "description": "Specifies the private DNS zone to use to configure private endpoint",
          "strongType": "Microsoft.Network/privateDnsZones"
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ],
        "defaultValue": "DeployIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Network/privateEndpoints"
          },
          {
            "count": {
            "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
              "where": {
              "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
                "equals": "iotDps"
              }
            },
            "greaterOrEquals": 1
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "privateDnsZoneId": {
                    "type": "string"
                  },
                  "privateEndpointName": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  }
                },
                "resources": [
                  {
                  "name": "[concat(parameters('privateEndpointName'), '/deployedByPolicy')]",
                    "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
                    "apiVersion": "2020-03-01",
                  "location": "[parameters('location')]",
                    "properties": {
                      "privateDnsZoneConfigs": [
                        {
                          "name": "privatelink.azure-devices-provisioning.net",
                          "properties": {
                          "privateDnsZoneId": "[parameters('privateDnsZoneId')]"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "parameters": {
                "privateDnsZoneId": {
                "value": "[parameters('privateDnsZoneId')]"
                },
                "privateEndpointName": {
                "value": "[field('name')]"
                },
                "location": {
                "value": "[field('location')]"
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "aaa64d2d-2fa3-45e5-b332-0b031b9b30e8"
}