add telemetry, remove placeholder aad group id, minor fixes

README.md

@@ -10,6 +10,12 @@ Below is a picture of what a golden state looks like, and open source software l
 
 The AKS Landing Zone Accelerator is only concerned with what gets deployed in the landing zone subscription highlighted by the red box in the picture above. It is assumed that an appropriate platform foundation is already setup which may or may not be the [official ESLZ](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/) platform foundation. This means that policies and governance should already be in place or should be setup after this implementation and are not a part of the scope this reference implementation. The policies applied to management groups in the hierarchy above the subscription will trickle down to the AKS Landing Zone Accelerator landing zone subscription. Having a platform foundation is not mandatory, it just enhances it. The modularized approach used in this program allows the user to pick and choose whatever portion is useful to them. You don't have to use all the resources provided by this program.
 
+## AKS Landing Zone Accelerator Architecture Video
+
+A video explaining the architecture used for AKS Landing Zone is available here: https://www.youtube.com/watch?v=vwGo9tZPngU&list=PLpbcUe4chE79sB7Jg7B4z3HytqUUEwcNE
+
+<img width="1055" alt="image" src="https://user-images.githubusercontent.com/6548359/235442137-87b26450-ab06-48cf-89b0-2cf205276e15.png">
+
 ---
 
 ## Choosing a Deployment Model
@@ -19,7 +25,7 @@ The reference implementations are spread across two repositories that all build
 1. In this repository, we have sample Bicep and Terraform scripts to get you started quickly on AKS using best practices. To Deploy our AKS Secure Baseline Scenario, Check out [AKS Secure Baseline](./Scenarios/AKS-Secure-Baseline-PrivateCluster/). Use [this repo](https://github.com/Azure/AKS-Landing-Zone-Accelerator/tree/main/Scenarios/AKS-Secure-Baseline-PrivateCluster) if you would like step by step guidance on how to deploy secure and well architected AKS clusters using our scenario based model and/or you are new to AKS or IaC. This model promotes a separation of duties, modularized IaC so you can pick and choose components you want to build with your cluster and has implementations in ARM, Terraform and Bicep. It is the best starting point for people new to Azure or AKS.
 1. The [AKS Construction Helper](https://github.com/Azure/Aks-Construction), a flexible templating approach using Bicep that enables multiple scenarios using a Web based tool. It provides tangible artifacts to **quickly** enable AKS deployments through CLI or in your CI/CD pipeline.
 
-:arrow_forward: [AKS Secure Baseline in a Private Cluster](./Scenarios/AKS-Secure-Baseline-Private-AVM/README.md)
+:arrow_forward: [AKS Secure Baseline in a Private Cluster](./Scenarios/AKS-Secure-Baseline-PrivateCluster)
 
 ▶️ [Running Azure ML workloads on a private AKS cluster](./Scenarios/AzureML-on-Private-AKS)
 

Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/03-Network-Hub/main.bicep

@@ -154,3 +154,19 @@ module azureFirewall 'br/public:avm/res/network/azure-firewall:0.1.1' = {
   }
 }
 
+//  Telemetry Deployment
+@description('Enable usage and telemetry feedback to Microsoft.')
+param enableTelemetry bool = true
+var telemetryId = '0d807b2d-f7c3-4710-9a65-e88257df1ea0-${location}'
+resource telemetrydeployment 'Microsoft.Resources/deployments@2021-04-01' = if (enableTelemetry) {
+  name: telemetryId
+  location: location
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#'
+      contentVersion: '1.0.0.0'
+      resources: {}
+    }
+  }
+}

Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/06-AKS-cluster/parameters-main.json

@@ -42,11 +42,11 @@
         "value": "aksIdentity"
       },
       "aksadminaccessprincipalId": {
-        "value": "b6723f14-bfbe-441c-99bb-55d4e5d971ad"
+        "value": "<your Microsoft Entra Group ID>"
       },
       "aksClusterName": {
         "value": "aksCluster"
       }
     }
   }
-
+

Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/All-in-One-Bicep/README.md

@@ -59,7 +59,7 @@ LOCATION=<Your azure region>
 ```
 
 ```bash
-az deployment sub create --location $LOCATION --template-file main.bicep --parameters @main.json --name aksLZAAllInOne
+az deployment sub create --location $LOCATION --template-file main.bicep --parameters @main.json --name aksLZAAllInOne --parameters aksadminaccessprincipalId <your Azure entra group principal id>
 ```
 
 ### Step 3 - Deploy the application to AKS.

Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/All-in-One-Bicep/main.bicep

@@ -283,7 +283,7 @@ param autoScalingProfile object = {
   skipNodesWithLocalStorage: 'false'
   skipNodesWithSystemPods: 'true'
 }
-param aksadminaccessprincipalId string = ''
+param aksadminaccessprincipalId string
 param kubernetesVersion string = '1.30'
 param networkPlugin string = 'azure'
 param aksClusterName string = 'aksCluster'