In a previous post we continued our discussion on Azure Blueprints by focusing on setting RBAC controls. In this post, we move forward by chatting about subscription templates.
First thing first, lets chat a bit about subscription templates. Like regular ARM templates, in subscription templates you can define various resources that you want to deploy. The big difference is the scope in which these resources are applied. ARM templates by default are tied to a resource group, whereas subscription templates allow you to configure subscription level services (such as Azure Security Center).
The official documentation on subscription level templates is located here.
In order to set this up, navigate back to your blueprint and click on edit. Head to artifacts.
We will want to click on the Add Artifact under the Subscription dropdown. The artifact type we are targeting is Azure Resource Manager template (Subscription).
There are only a few resource types that can be deployed at the Subscription level. As I was writing, I was really hoping that alerts and action groups would be subscription level resources, but unfortunately, they are not (they require a specified resource group). As per the documentation, you can set up Azure Security Center as a global level. Here is an example.
No comments:
Post a Comment