Update Policy Library (automated)

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/_policyDefinitionsBicepInput.txt

@@ -290,6 +290,10 @@
 	name: 'DenyAction-ActivityLogs'
 	libDefinition: loadJsonContent('lib/policy_definitions/policy_definition_es_DenyAction-ActivityLogs.json')
 }
+{
+	name: 'DenyAction-DeleteResources'
+	libDefinition: loadJsonContent('lib/policy_definitions/policy_definition_es_DenyAction-DeleteResources.json')
+}
 {
 	name: 'DenyAction-DiagnosticLogs'
 	libDefinition: loadJsonContent('lib/policy_definitions/policy_definition_es_DenyAction-DiagnosticLogs.json')

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_DenyAction-DeleteResources.json

@@ -0,0 +1,72 @@
+{
+  "name": "DenyAction-DeleteResources",
+  "type": "Microsoft.Authorization/policyDefinitions",
+  "apiVersion": "2021-06-01",
+  "scope": null,
+  "properties": {
+    "policyType": "Custom",
+    "mode": "All",
+    "displayName": "Do not allow deletion of specified resource and resource type",
+    "description": "This policy enables you to specify the resource and resource type that your organization can protect from accidentals deletion by blocking delete calls using the deny action effect.",
+    "metadata": {
+      "version": "1.0.0",
+      "category": "General",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
+    },
+    "parameters": {
+      "resourceName": {
+        "type": "String",
+        "metadata": {
+          "displayName": "Resource Name",
+          "description": "Provide the name of the resource that you want to protect from accidental deletion."
+        }
+      },
+      "resourceType": {
+        "type": "String",
+        "metadata": {
+          "displayName": "Resource Type",
+          "description": "Provide the resource type that you want to protect from accidental deletion."
+        }
+      },
+      "effect": {
+        "type": "String",
+        "metadata": {
+          "displayName": "Effect",
+          "description": "Enable or disable the execution of the policy"
+        },
+        "allowedValues": [
+          "DenyAction",
+          "Disabled"
+        ],
+        "defaultValue": "DenyAction"
+      }
+    },
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "field": "type",
+            "equals": "[parameters('resourceType')]"
+          },
+          {
+            "field": "name",
+            "like": "[parameters('resourceName')]"
+          }
+        ]
+      },
+      "then": {
+        "effect": "[parameters('effect')]",
+        "details": {
+          "actionNames": [
+            "delete"
+          ]
+        }
+      }
+    }
+  }
+}

infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/_policySetDefinitionsBicepInput.txt

@@ -1846,9 +1846,9 @@ var varCustomPolicySetDefinitionsArray = [
 				definitionGroups: []
 			}
 			{
-				definitionReferenceId: 'Deny-EH-MINTLS'
-				definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-MINTLS'
-				definitionParameters: varPolicySetDefinitionEsEnforceEncryptTransit_20240509Parameters['Deny-EH-MINTLS'].parameters
+				definitionReferenceId: 'Deny-EH-minTLS'
+				definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS'
+				definitionParameters: varPolicySetDefinitionEsEnforceEncryptTransit_20240509Parameters['Deny-EH-minTLS'].parameters
 				definitionGroups: []
 			}
 			{
@@ -3172,9 +3172,9 @@ var varCustomPolicySetDefinitionsArray = [
 				definitionGroups: []
 			}
 			{
-				definitionReferenceId: 'Deny-Subnet-Without-UDR'
-				definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-UDR'
-				definitionParameters: varPolicySetDefinitionEsEnforceGuardrailsNetworkParameters['Deny-Subnet-Without-UDR'].parameters
+				definitionReferenceId: 'Deny-Subnet-Without-Udr'
+				definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr'
+				definitionParameters: varPolicySetDefinitionEsEnforceGuardrailsNetworkParameters['Deny-Subnet-Without-Udr'].parameters
 				definitionGroups: []
 			}
 			{
@@ -3460,9 +3460,9 @@ var varCustomPolicySetDefinitionsArray = [
 				definitionGroups: []
 			}
 			{
-				definitionReferenceId: 'Deny-Storage-Sftp'
-				definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-Sftp'
-				definitionParameters: varPolicySetDefinitionEsEnforceGuardrailsStorageParameters['Deny-Storage-Sftp'].parameters
+				definitionReferenceId: 'Deny-Storage-SFTP'
+				definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP'
+				definitionParameters: varPolicySetDefinitionEsEnforceGuardrailsStorageParameters['Deny-Storage-SFTP'].parameters
 				definitionGroups: []
 			}
 			{

infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Enforce-EncryptTransit_20240509.json

@@ -882,8 +882,8 @@
         "groupNames": []
       },
       {
-        "policyDefinitionReferenceId": "Deny-EH-MINTLS",
-        "policyDefinitionId": "${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-MINTLS",
+        "policyDefinitionReferenceId": "Deny-EH-minTLS",
+        "policyDefinitionId": "${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS",
         "parameters": {
           "effect": {
             "value": "[[parameters('eventHubMinTls')]"

infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Enforce-EncryptTransit_20240509.parameters.json

@@ -65,7 +65,7 @@
       }
     }
   },
-  "Deny-EH-MINTLS": {
+  "Deny-EH-minTLS": {
     "parameters": {
       "effect": {
         "value": "[[parameters('eventHubMinTls')]"

infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Enforce-Guardrails-ContainerInstance.json

@@ -28,16 +28,18 @@
         ]
       }
     },
-    "policyDefinitions": {
-      "policyDefinitionReferenceId": "Deny-ContainerInstance-Vnet",
-      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615",
-      "parameters": {
-        "effect": {
-          "value": "[[parameters('containerInstanceVnet')]"
-        }
-      },
-      "groupNames": []
-    },
+    "policyDefinitions": [
+      {
+        "policyDefinitionReferenceId": "Deny-ContainerInstance-Vnet",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615",
+        "parameters": {
+          "effect": {
+            "value": "[[parameters('containerInstanceVnet')]"
+          }
+        },
+        "groupNames": []
+      }
+    ],
     "policyDefinitionGroups": null
   }
 }

infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Enforce-Guardrails-Network.json

@@ -408,8 +408,8 @@
         "groupNames": []
       },
       {
-        "policyDefinitionReferenceId": "Deny-Subnet-Without-UDR",
-        "policyDefinitionId": "${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-UDR",
+        "policyDefinitionReferenceId": "Deny-Subnet-Without-Udr",
+        "policyDefinitionId": "${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr",
         "parameters": {
           "effect": {
             "value": "[[parameters('subnetUdr')]"

infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Enforce-Guardrails-Network.parameters.json

@@ -71,7 +71,7 @@
       }
     }
   },
-  "Deny-Subnet-Without-UDR": {
+  "Deny-Subnet-Without-Udr": {
     "parameters": {
       "effect": {
         "value": "[[parameters('subnetUdr')]"

infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Enforce-Guardrails-PostgreSQL.json

@@ -27,16 +27,18 @@
         ]
       }
     },
-    "policyDefinitions": {
-      "policyDefinitionReferenceId": "Dine-PostgreSql-Adv-Threat-Protection",
-      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3",
-      "parameters": {
-        "effect": {
-          "value": "[[parameters('postgreSqlAdvThreatProtection')]"
-        }
-      },
-      "groupNames": []
-    },
+    "policyDefinitions": [
+      {
+        "policyDefinitionReferenceId": "Dine-PostgreSql-Adv-Threat-Protection",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3",
+        "parameters": {
+          "effect": {
+            "value": "[[parameters('postgreSqlAdvThreatProtection')]"
+          }
+        },
+        "groupNames": []
+      }
+    ],
     "policyDefinitionGroups": null
   }
 }

infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Enforce-Guardrails-Storage.json

@@ -262,8 +262,8 @@
         "groupNames": []
       },
       {
-        "policyDefinitionReferenceId": "Deny-Storage-Sftp",
-        "policyDefinitionId": "${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-Sftp",
+        "policyDefinitionReferenceId": "Deny-Storage-SFTP",
+        "policyDefinitionId": "${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP",
         "parameters": {
           "effect": {
             "value": "[[parameters('storageSftp')]"

infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Enforce-Guardrails-Storage.parameters.json

@@ -120,7 +120,7 @@
       }
     }
   },
-  "Deny-Storage-Sftp": {
+  "Deny-Storage-SFTP": {
     "parameters": {
       "effect": {
         "value": "[[parameters('storageSftp')]"