https://chatgpt.com/share/6a5104dd-756c-83ec-a355-4906a9cbcdb2
Support@example.com
Get in touch - Saturday: 8:30 am - 6:00 pm
Below are copy-ready GitLab issue titles and user stories.
DENY-COS-DBPublicEP assignment to DenyAs a developer,
I want to change the DENY-COS-DBPublicEP policy assignments from Audit to Deny in BA and BARZ,
so that Cosmos DB resources using public endpoints are actively restricted instead of only being reported.
Deny-COS-DB-ServerlesPrd assignment to DenyAs a developer,
I want to change the Deny-COS-DB-ServerlesPrd policy assignments from Audit to Deny in BA and BARZ,
so that non-compliant serverless Cosmos DB deployments are prevented.
As a developer,
I want to change the Deny-COS-vCoreName and Deny-COS-Name policy assignments from Audit to Deny in BA and BARZ,
so that Cosmos DB resources that do not follow the approved naming standards are blocked.
Deny-COS-wo-ZoneRedundant in Audit modeAs a developer,
I want to assign the Deny-COS-wo-ZoneRedundant policy in Audit mode in BARZ,
so that non-zone-redundant Cosmos DB deployments can be identified before enforcement is enabled.
As a developer,
I want to confirm the required behavior and rollout scope for Deny-COS-BackupConfig, Modify-COSContBackup, and Modify-COSPeriodicBackup with Murali,
so that the backup policies can be implemented with the correct effects and assignments.
Deny-COS-vCore-create-WOEIDAs a developer,
I want to validate the requirement with Murali and change the Deny-COS-vCore-create-WOEID assignments from Audit to Deny in BA and BARZ,
so that non-compliant Cosmos DB vCore creation is prevented after approval.
As a developer,
I want to convert policydefinition_DENY-COS-MongoVCoreDBHA.json to Bicep, rename the policy to DENY-COS-vCoreDBHA-LE, and deploy it in Audit mode in BA and BARZ,
so that the lower-environment HA policy is managed through the standard infrastructure-as-code approach before enforcement.
Title: Change DENY-COS-vCoreDBHA-LE assignment to Deny
As a developer,
I want to change the DENY-COS-vCoreDBHA-LE policy assignments from Audit to Deny for lower environments,
so that non-compliant MongoDB vCore HA configurations are actively blocked after audit validation.
As a developer,
I want to change the deny-cos-vcore-sku-LE policy assignments from Audit to Deny in BA and BARZ for DEV, TEST, and UAT,
so that unsupported MongoDB vCore SKUs cannot be deployed in lower environments.
As a developer,
I want to change the Deny-AMR-HA-LE policy assignments from Audit to Deny in BA and BARZ for DEV, TEST, and UAT,
so that non-compliant Azure Managed Redis HA configurations are blocked in lower environments.
As a developer,
I want to change the Deny-AMR-SKU-Restrict-LE policy assignments from Audit to Deny in BA and BARZ for DEV, TEST, and UAT,
so that only approved Azure Managed Redis SKUs can be deployed in lower environments.
Deny-AMR-Auto-Update assignment to DenyAs a developer,
I want to change the Deny-AMR-Auto-Update policy assignments from Audit to Deny in BA and BARZ,
so that Azure Managed Redis resources cannot be configured with a non-compliant automatic-update setup.
Please verify the exact policy spellings—particularly ServerlesPrd and WOEID—as I retained them from the engineer’s notes.
Policy Governance and Cost Optimization across AMR, Redis, Cosmos DB and DocumentDB: Introduced audit-mode policies to identify HA-enabled instances in dev/test environments and implemented SKU restriction policies for Cosmos DB and Redis in lower environments. These changes provide visibility into unnecessary HA usage, reduce cost exposure from non-standard SKU provisioning, and strengthen governance by ensuring lower environments follow approved configuration standards. Additional AM18 compliance-related policies were also implemented for zone redundancy and private endpoints.
Then the remaining points become:
Azure Cosmos DB Pipeline and Key Vault Migration Enhancements: Enhanced Cosmos DB pipelines to dynamically select agent pools based on the requested region and added pipeline support for Key Vault migration activities. These changes improve pipeline stability, reduce dependency on hardcoded infrastructure, and enable controlled migration of keys from the infra-global subscription to application-owned subscriptions.
MongoDB vCore TPAC Access Enablement: Updated the TPAI pipeline to enable TPAC access for MongoDB vCore Red Zone, ensuring that only authorized TPAC users can execute the pipeline and provide access in a controlled, compliant, and auditable manner.
Azure Cosmos DB: Application-owned Key Vault enablement for CMK
Application teams can now use their own Key Vault for data-at-rest encryption key management instead of relying on the shared CMK Key Vault flow. This improves ownership, governance, and alignment with a controlled application-owned encryption model.
MongoDB vCore / Cosmos RU to vCore: Cross-tenant migration enablement
The required changes have been released to support cross-tenant migration from RU-based accounts to vCore without enabling public endpoints. This helps ensure the migration approach remains secure, controlled, and aligned with internal connectivity standards.
Title:
Cosmos DB | Update Add Account Pipeline to Configure 7-Day Continuous Backup in Lower Environments
Story:
As a developer,
I want to update the Cosmos DB add account pipeline to configure continuous backup with 7-day retention for lower environments,
so that new Cosmos DB accounts remain compliant with the backup policy before it is moved from Audit mode to Deny mode.
Description:
A backup-related policy has recently been implemented in Audit mode for Cosmos DB. Before this policy is moved to Deny mode, the add Cosmos account pipeline needs to be updated to ensure that Cosmos DB accounts created in lower environments are configured with continuous backup using 7-day retention.
This change will help avoid future policy non-compliance and prevent account creation failures once the policy enforcement is changed to Deny.
Scope:
Acceptance Criteria:
Impacted Product:
Azure Cosmos DB
Impacted Environments:
Dev, Test, UAT / lower environments
Dependency:
Pipeline / Control Plane / Policy implementation, as applicable.
Hello Friends! I am aliena part time blogger from Bihar. I am a student and I manage my study as well as my blog. I am 14 years old and I want to help those people who really want to do something on internet.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit...
Copyright © 201. Metro UI Theme. Designed by: Templateism