Skip to content

Commit

Permalink
Updated markdowns to correspond with the Bicep files (#331)
Browse files Browse the repository at this point in the history 
* Typo and consistency fixes in customRoleDefinitions

* markdown updates regarding hubNetworking.bicep

* markdown / bicep updates regarding logging.bicep

* markdown / bicep updates regarding managementGroups.bicep

* changes to markdown / bicep: privateDnsZones, publicIp and resourceGroup.bicep

* changes to markdown / bicep: spokeNetworking.bicep

* Removed 'trailing whitespaces'

* Fixes regarding CI build

* changes to markdown / bicep: subscriptionPlacement.bicep

* changes to markdown / bicep: vnetPeeringVwan, vnetPeering.bicep

* Fix ci

* Fix json regarding linter errors

* Updated readme in hubNetworking

* changes to markdown / bicep: hubPeeredSpoke.bicep

* changes to markdown / bicep: role assignments, mgDiagSettings, subPlacementAll

* Replaced guid values with xxx, yyy

* Reverted values, updated readme according to that.

* Consistency in way of writing

* PR feedback: removed minLength/maxLength, added default array value for subscriptionPlacement

* Merge main into branch
  • Loading branch information
@johnlokerse
johnlokerse authored Oct 26, 2022
1 parent 47246b6 commit e3af36b
Show file tree
Hide file tree
Showing 35 changed files with 174 additions and 169 deletions.
2 changes: 1 addition & 1 deletion infra-as-code/bicep/modules/customRoleDefinitions/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ The module requires the following inputs:

| Parameter | Description | Requirement | Example |
| ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | ------- |
| parAssignableScopeManagementGroupId | The management group scope to which the role can be assigned. This management group ID will be used for the [assignableScopes](https://docs.microsoft.com/azure/role-based-access-control/role-definitions#assignablescopes) property in the role definition. | Mandatory input | `alz` |
| parAssignableScopeManagementGroupId | The management group scope to which the role can be assigned. This management group ID will be used for the [assignableScopes](https://docs.microsoft.com/azure/role-based-access-control/role-definitions#assignablescopes) property in the role definition. | None | `alz` |
| parTelemetryOptOut | Set Parameter to true to Opt-out of deployment telemetry | None | `false` |

## Outputs
Expand Down
4 changes: 2 additions & 2 deletions infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
targetScope = 'managementGroup'

@description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition.')
@description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition. Default: alz')
param parAssignableScopeManagementGroupId string = 'alz'

@description('Set Parameter to true to Opt-out of deployment telemetry')
@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false')
param parTelemetryOptOut bool = false

// Customer Usage Attribution Id
Expand Down
4 changes: 2 additions & 2 deletions infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
targetScope = 'managementGroup'

@description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition.')
@description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition. Default: alz')
param parAssignableScopeManagementGroupId string = 'alz'

@description('Set Parameter to true to Opt-out of deployment telemetry')
@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false')
param parTelemetryOptOut bool = false

// Customer Usage Attribution Id
Expand Down
18 changes: 11 additions & 7 deletions infra-as-code/bicep/modules/hubNetworking/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,11 @@ Module deploys the following resources:
- Subnets
- VPN Gateway/ExpressRoute Gateway
- Azure Firewall
- Azure Firewall Policies
- Private DNS Zones
- DDos Standard Plan
- Bastion
- Route Table

## Parameters

Expand All @@ -35,7 +37,7 @@ The module requires the following inputs:
| parHubNetworkAddressPrefix | string | 10.10.0.0/16 | CIDR range for Hub Network | CIDR Notation | 10.10.0.0/16 |
| parHubNetworkName | string | `${parCompanyPrefix}-hub-${parLocation}` | Name prefix for Virtual Network. Prefix will be appended with the region. | 2-50 char | alz-hub-eastus |
| parAzFirewallName | string | `${parCompanyPrefix}-azfw-${parLocation}` | Name associated with Azure Firewall | 1-80 char | alz-azfw-eastus |
| parAzFirewallPoliciesName | string | `${parCompanyPrefix}-azfwpolicy-${resourceGroup().location}` | Name associated with Azure Firewall Policy | 1-80 char | alz-azfwpolicy-eastus |
| parAzFirewallPoliciesName | string | `${parCompanyPrefix}-azfwpolicy-${parLocation}` | Name associated with Azure Firewall Policy | 1-80 char | alz-azfwpolicy-eastus |
| parAzFirewallTier | string | Standard | Tier associated with the Firewall to be deployed. | Standard or Premium | Premium |
| parAzFirewallAvailabilityZones | array | Empty Array [] | Availability Zones to deploy the Azure Firewall across. This also affects the PIP associated with the Azure Firewall. Region must support Availability Zones to use. If it does not then leave empty. | None | `['1']` or `['1' ,'2', '3']` |
| parAzErGatewayAvailabilityZones | array | Empty Array [] | Availability Zones to deploy the ER Gateway PIP across. Ensure that you use a zonal SKU for the Gateway if using Zonal or Zone-Redundant Public IP Address. Region must support Availability Zones to use. If it does not then leave empty. | None | `['1']` or `['1' ,'2', '3']` |
Expand Down Expand Up @@ -67,12 +69,14 @@ The module requires the following inputs:

The module will generate the following outputs:

| Output | Type | Example |
| ---------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| outAzFirewallPrivateIp | string | 192.168.100.1 |
| outAzFirewallName | string | MyAzureFirewall |
| outDdosPlanResourceId | string | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan |
| outPrivateDnsZones | array | `["name": "privatelink.azurecr.io", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/net-lz-spk-eastus-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"]` |
| Output | Type | Example |
| ------------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| outAzFirewallPrivateIp | string | 192.168.100.1 |
| outAzFirewallName | string | MyAzureFirewall |
| outDdosPlanResourceId | string | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan |
| outPrivateDnsZones | array | `["name": "privatelink.azurecr.io", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/net-lz-spk-eastus-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"]` |
| outHubVirtualNetworkName | array | MyHubVirtualNetworkName |
| outHubVirtualNetworkId | array | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/virtualNetworks/my-hub-vnet |

## Deployment
> **Note:** `bicepconfig.json` file is included in the module directory. This file allows us to override Bicep Linters. Currently there are two URLs which were removed because of linter warnings. URLs removed are the following: database.windows.net and core.windows.net
Expand Down
18 changes: 9 additions & 9 deletions infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ param parHubNetworkName string = '${parCompanyPrefix}-hub-${parLocation}'
@description('The IP address range for all virtual networks to use. Default: 10.10.0.0/16')
param parHubNetworkAddressPrefix string = '10.10.0.0/16'

@description('The name and IP address range for each subnet in the virtual networks. Default: AzureBastionSubnet, GatewaySubnet, AzureFirewall Subnet')
@description('The name and IP address range for each subnet in the virtual networks. Default: AzureBastionSubnet, GatewaySubnet, AzureFirewallSubnet')
param parSubnets array = [
{
name: 'AzureBastionSubnet'
Expand Down Expand Up @@ -57,13 +57,13 @@ param parDdosPlanName string = '${parCompanyPrefix}-ddos-plan'
@description('Switch to enable/disable Azure Firewall deployment. Default: true')
param parAzFirewallEnabled bool = true

@description('Azure Firewall Name. Default: {parCompanyPrefix}-azure-firewall ')
@description('Azure Firewall Name. Default: {parCompanyPrefix}-azure-firewall')
param parAzFirewallName string = '${parCompanyPrefix}-azfw-${parLocation}'

@description('Azure Firewall Policies Name. Default: {parCompanyPrefix}-fwpol-{parLocation}')
param parAzFirewallPoliciesName string = '${parCompanyPrefix}-azfwpolicy-${parLocation}'

@description('Azure Firewall Tier associated with the Firewall to deploy. Default: Standard ')
@description('Azure Firewall Tier associated with the Firewall to deploy. Default: Standard')
@allowed([
'Standard'
'Premium'
Expand All @@ -75,23 +75,23 @@ param parAzFirewallTier string = 'Standard'
'2'
'3'
])
@description('Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty.')
@description('Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. Default: Empty Array')
param parAzFirewallAvailabilityZones array = []

@allowed([
'1'
'2'
'3'
])
@description('Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP')
@description('Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. Default: Empty Array')
param parAzErGatewayAvailabilityZones array = []

@allowed([
'1'
'2'
'3'
])
@description('Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP')
@description('Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. Default: Empty Array')
param parAzVpnGatewayAvailabilityZones array = []

@description('Switch to enable/disable Azure Firewall DNS Proxy. Default: true')
Expand All @@ -106,7 +106,7 @@ param parDisableBgpRoutePropagation bool = false
@description('Switch to enable/disable Private DNS Zones deployment. Default: true')
param parPrivateDnsZonesEnabled bool = true

@description('Resource Group Name for Private DNS Zones. Default: same resource group')
@description('Resource Group Name for Private DNS Zones. Default: resourceGroup().name')
param parPrivateDnsZonesResourceGroup string = resourceGroup().name

@description('Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones')
Expand Down Expand Up @@ -211,10 +211,10 @@ param parExpressRouteGatewayConfig object = {
}
}

@description('Tags you would like to be applied to all resources in this module. Default: empty array')
@description('Tags you would like to be applied to all resources in this module. Default: Empty Object')
param parTags object = {}

@description('Set Parameter to true to Opt-out of deployment telemetry')
@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false')
param parTelemetryOptOut bool = false

var varSubnetProperties = [for subnet in parSubnets: {
Expand Down
Loading

0 comments on commit e3af36b

Please sign in to comment.