Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define where private endpoints should be implemented in MLZ #306

Closed
brooke-hamilton opened this issue Jul 21, 2021 · 3 comments
Closed

Define where private endpoints should be implemented in MLZ #306

brooke-hamilton opened this issue Jul 21, 2021 · 3 comments
Assignees
@shawngib

Comments

@brooke-hamilton
Copy link
Contributor

Benefit/Result/Outcome
So that private endpoints can be implemented with MLZ deployments.

Description
Determine which MLZ resources, e.g. log analytics workspaces, should be configured with private endpoints.

Acceptance Criteria

  • A GitHub issue (or multiple issues) created for implementing private endpoints.
@glennmusa
Copy link
Contributor

Some docs that might provide context https://docs.microsoft.com/en-us/azure/azure-monitor/logs/private-link-security#hub-spoke-networks

@brooke-hamilton brooke-hamilton added needs triage core New feature or request labels Jul 26, 2021
@brooke-hamilton
Copy link
Contributor Author

Candidate scope:

  • Storage accounts
  • Log Analytics
  • Policy alerts for customer workloads that do not use private endpoints

@brooke-hamilton brooke-hamilton removed the core New feature or request label Sep 1, 2021
@brooke-hamilton brooke-hamilton mentioned this issue Sep 20, 2021
Closed
@shawngib shawngib self-assigned this Oct 5, 2021
@shawngib
Copy link
Member

shawngib commented Oct 5, 2021

@glennmusa and @brooke-hamilton I think for Bicep this may be mostly answered. The current Central Logging PR #438 covers creating Azure Monitor Private Link. I categorize these into 3 buckets, Private Endpoints (AMPLS is one and is in PR), Service Endpoints (we currently do storage and not sure I see requirement currently for more) and Firewall tags (which we need to add AzureCloud allow portal and Azure access to get out of network. Seems we would also need to add NSG rules but a minor add. Since we have item #410 which will address firewall access we may be able to close this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shawngib shawngib

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@glennmusa @shawngib @brooke-hamilton