[AVM CI Environment Issue]: Update diagnostic.dependencies.bicep to support Azure tags

[ericscheffler]

Check for previous/existing GitHub issues

• I have checked for previous/existing GitHub issues

Issue Type?

Feature Request

Description

I have my AVM CI/CD environment configured to use an internal Azure subscription; there are Azure policies that will prevent deployment of Storage Accounts with public access, and Event Hub Namespaces without Local Authentication disabled:

• Storage Account - Requires either publicNetworkAccess disabled or a skip tag
• Event Hub Namespace - Requires disableLocalAuth set to true or a skip tag

To work around this the policy managers have enabled the use of skip tags; Azure tags with specific values can be added to resources to allow them to be deployed normally. The problem is that diagnostic.dependencies.bicep does not have the tags parameter exposed, so the necessary skip tags can't be added to allow my tests to complete without being impeded by policy.

Propose the following:

• Add the 'tags' parameter to the resources defined in diagnostic.dependencies.bicep, and expose the parameter as an input
• Consider disabling public access for these resources altogether if not needed for any other patterns or resources
• API updates as appropriate

[microsoft-github-policy-service]

Important

The "Needs: Triage 🔍" label must be removed once the triage process is complete!

Tip

For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.