Azure Landing Zones Library Documentation
GitHub Issue Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Azure Landing Zones Library
  2. /
  3. Library Assets
  4. /
  5. Archetypes
Edit page

Archetypes

Filename patterns:

  • *.alz_archetype_definition.json
  • *.alz_archetype_definition.yaml
  • *.alz_archetype_definition.yml

An archetype is a collection of assets that can be deployed to a management group. In order to promote extensibility, multiple archetypes can be deployed to the same management group.

We publish the schema of an archetype definition here and we have registered the file extensions with schemastore.org to enable automatic validation in editors.

An archetype has a name, which must be unique, and a set of associated policy definitions, policy set definitions, policy assignments, and role definitions. All of these associated assets are referenced by their name (JSON .name) property.

Example

Here is an example archetype definition file:

name: "landing_zones"
policy_assignments:
  - "Audit-AppGW-WAF"
  - "Deny-IP-forwarding"
  - "Deny-MgmtPorts-Internet"
  - "Deny-Priv-Esc-AKS"
  - "Deny-Privileged-AKS"
  - "Deny-Storage-http"
  - "Deny-Subnet-Without-Nsg"
  - "Deploy-AKS-Policy"
  - "Deploy-AzSqlDb-Auditing"
  - "Deploy-MDFC-DefSQL-AMA"
  - "Deploy-SQL-TDE"
  - "Deploy-SQL-Threat"
  - "Deploy-VM-Backup"
  - "Deploy-VM-ChangeTrack"
  - "Deploy-VM-Monitoring"
  - "Deploy-vmArc-ChangeTrack"
  - "Deploy-vmHybr-Monitoring"
  - "Deploy-VMSS-ChangeTrack"
  - "Deploy-VMSS-Monitoring"
  - "Enable-AUM-CheckUpdates"
  - "Enable-DDoS-VNET"
  - "Enforce-AKS-HTTPS"
  - "Enforce-ASR"
  - "Enforce-GR-KeyVault"
  - "Enforce-TLS-SSL-H224"
policy_definitions: []
policy_set_definitions: []
role_definitions: []