diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/README.md b/infra-as-code/bicep/modules/customRoleDefinitions/README.md index 3aed7d069..5c57f37c2 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/README.md +++ b/infra-as-code/bicep/modules/customRoleDefinitions/README.md @@ -15,7 +15,7 @@ The module requires the following inputs: | Parameter | Description | Requirement | Example | | ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | ------- | - | parAssignableScopeManagementGroupId | The management group scope to which the role can be assigned. This management group ID will be used for the [assignableScopes](https://docs.microsoft.com/azure/role-based-access-control/role-definitions#assignablescopes) property in the role definition. | Mandatory input | `alz` | + | parAssignableScopeManagementGroupId | The management group scope to which the role can be assigned. This management group ID will be used for the [assignableScopes](https://docs.microsoft.com/azure/role-based-access-control/role-definitions#assignablescopes) property in the role definition. | None | `alz` | | parTelemetryOptOut | Set Parameter to true to Opt-out of deployment telemetry | None | `false` | ## Outputs diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep index 240f4ecde..781575478 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep @@ -1,9 +1,9 @@ targetScope = 'managementGroup' -@description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition.') +@description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition. Default: alz') param parAssignableScopeManagementGroupId string = 'alz' -@description('Set Parameter to true to Opt-out of deployment telemetry') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false // Customer Usage Attribution Id diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep index 0172691aa..74c75d270 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep @@ -1,9 +1,9 @@ targetScope = 'managementGroup' -@description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition.') +@description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition. Default: alz') param parAssignableScopeManagementGroupId string = 'alz' -@description('Set Parameter to true to Opt-out of deployment telemetry') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false // Customer Usage Attribution Id diff --git a/infra-as-code/bicep/modules/hubNetworking/README.md b/infra-as-code/bicep/modules/hubNetworking/README.md index 4b461fa4f..032a88715 100644 --- a/infra-as-code/bicep/modules/hubNetworking/README.md +++ b/infra-as-code/bicep/modules/hubNetworking/README.md @@ -8,9 +8,11 @@ Module deploys the following resources: - Subnets - VPN Gateway/ExpressRoute Gateway - Azure Firewall +- Azure Firewall Policies - Private DNS Zones - DDos Standard Plan - Bastion +- Route Table ## Parameters @@ -35,7 +37,7 @@ The module requires the following inputs: | parHubNetworkAddressPrefix | string | 10.10.0.0/16 | CIDR range for Hub Network | CIDR Notation | 10.10.0.0/16 | | parHubNetworkName | string | `${parCompanyPrefix}-hub-${parLocation}` | Name prefix for Virtual Network. Prefix will be appended with the region. | 2-50 char | alz-hub-eastus | | parAzFirewallName | string | `${parCompanyPrefix}-azfw-${parLocation}` | Name associated with Azure Firewall | 1-80 char | alz-azfw-eastus | - | parAzFirewallPoliciesName | string | `${parCompanyPrefix}-azfwpolicy-${resourceGroup().location}` | Name associated with Azure Firewall Policy | 1-80 char | alz-azfwpolicy-eastus | + | parAzFirewallPoliciesName | string | `${parCompanyPrefix}-azfwpolicy-${parLocation}` | Name associated with Azure Firewall Policy | 1-80 char | alz-azfwpolicy-eastus | | parAzFirewallTier | string | Standard | Tier associated with the Firewall to be deployed. | Standard or Premium | Premium | | parAzFirewallAvailabilityZones | array | Empty Array [] | Availability Zones to deploy the Azure Firewall across. This also affects the PIP associated with the Azure Firewall. Region must support Availability Zones to use. If it does not then leave empty. | None | `['1']` or `['1' ,'2', '3']` | | parAzErGatewayAvailabilityZones | array | Empty Array [] | Availability Zones to deploy the ER Gateway PIP across. Ensure that you use a zonal SKU for the Gateway if using Zonal or Zone-Redundant Public IP Address. Region must support Availability Zones to use. If it does not then leave empty. | None | `['1']` or `['1' ,'2', '3']` | @@ -67,12 +69,14 @@ The module requires the following inputs: The module will generate the following outputs: -| Output | Type | Example | -| ---------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| outAzFirewallPrivateIp | string | 192.168.100.1 | -| outAzFirewallName | string | MyAzureFirewall | -| outDdosPlanResourceId | string | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan | -| outPrivateDnsZones | array | `["name": "privatelink.azurecr.io", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/net-lz-spk-eastus-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"]` | +| Output | Type | Example | +| ------------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| outAzFirewallPrivateIp | string | 192.168.100.1 | +| outAzFirewallName | string | MyAzureFirewall | +| outDdosPlanResourceId | string | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan | +| outPrivateDnsZones | array | `["name": "privatelink.azurecr.io", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/net-lz-spk-eastus-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"]` | +| outHubVirtualNetworkName | array | MyHubVirtualNetworkName | +| outHubVirtualNetworkId | array | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/virtualNetworks/my-hub-vnet | ## Deployment > **Note:** `bicepconfig.json` file is included in the module directory. This file allows us to override Bicep Linters. Currently there are two URLs which were removed because of linter warnings. URLs removed are the following: database.windows.net and core.windows.net diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index b6f5734c3..652719890 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -10,7 +10,7 @@ param parHubNetworkName string = '${parCompanyPrefix}-hub-${parLocation}' @description('The IP address range for all virtual networks to use. Default: 10.10.0.0/16') param parHubNetworkAddressPrefix string = '10.10.0.0/16' -@description('The name and IP address range for each subnet in the virtual networks. Default: AzureBastionSubnet, GatewaySubnet, AzureFirewall Subnet') +@description('The name and IP address range for each subnet in the virtual networks. Default: AzureBastionSubnet, GatewaySubnet, AzureFirewallSubnet') param parSubnets array = [ { name: 'AzureBastionSubnet' @@ -57,13 +57,13 @@ param parDdosPlanName string = '${parCompanyPrefix}-ddos-plan' @description('Switch to enable/disable Azure Firewall deployment. Default: true') param parAzFirewallEnabled bool = true -@description('Azure Firewall Name. Default: {parCompanyPrefix}-azure-firewall ') +@description('Azure Firewall Name. Default: {parCompanyPrefix}-azure-firewall') param parAzFirewallName string = '${parCompanyPrefix}-azfw-${parLocation}' @description('Azure Firewall Policies Name. Default: {parCompanyPrefix}-fwpol-{parLocation}') param parAzFirewallPoliciesName string = '${parCompanyPrefix}-azfwpolicy-${parLocation}' -@description('Azure Firewall Tier associated with the Firewall to deploy. Default: Standard ') +@description('Azure Firewall Tier associated with the Firewall to deploy. Default: Standard') @allowed([ 'Standard' 'Premium' @@ -75,7 +75,7 @@ param parAzFirewallTier string = 'Standard' '2' '3' ]) -@description('Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty.') +@description('Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. Default: Empty Array') param parAzFirewallAvailabilityZones array = [] @allowed([ @@ -83,7 +83,7 @@ param parAzFirewallAvailabilityZones array = [] '2' '3' ]) -@description('Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP') +@description('Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. Default: Empty Array') param parAzErGatewayAvailabilityZones array = [] @allowed([ @@ -91,7 +91,7 @@ param parAzErGatewayAvailabilityZones array = [] '2' '3' ]) -@description('Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP') +@description('Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. Default: Empty Array') param parAzVpnGatewayAvailabilityZones array = [] @description('Switch to enable/disable Azure Firewall DNS Proxy. Default: true') @@ -106,7 +106,7 @@ param parDisableBgpRoutePropagation bool = false @description('Switch to enable/disable Private DNS Zones deployment. Default: true') param parPrivateDnsZonesEnabled bool = true -@description('Resource Group Name for Private DNS Zones. Default: same resource group') +@description('Resource Group Name for Private DNS Zones. Default: resourceGroup().name') param parPrivateDnsZonesResourceGroup string = resourceGroup().name @description('Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones') @@ -211,10 +211,10 @@ param parExpressRouteGatewayConfig object = { } } -@description('Tags you would like to be applied to all resources in this module. Default: empty array') +@description('Tags you would like to be applied to all resources in this module. Default: Empty Object') param parTags object = {} -@description('Set Parameter to true to Opt-out of deployment telemetry') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false var varSubnetProperties = [for subnet in parSubnets: { diff --git a/infra-as-code/bicep/modules/logging/README.md b/infra-as-code/bicep/modules/logging/README.md index 095a7914e..e3ded6aee 100644 --- a/infra-as-code/bicep/modules/logging/README.md +++ b/infra-as-code/bicep/modules/logging/README.md @@ -35,8 +35,8 @@ The module requires the following required input parameters. | parAutomationAccountName | string | Automation account name | Mandatory input, name must be unique in the subscription, default: `alz-automation-account` | `alz-automation-account` | | parAutomationAccountLocation | string | Region name | Mandatory input, default: `resourceGroup().location` | `eastus` | | parTags | object | Empty object `{}` | Array of Tags to be applied to all resources in the logging module | `{"key": "value"}` | -| parAutomationAccountTags | object | Empty object `{}` | Array of Tags to be applied to Automation Account in the logging module | `{"key": "value"}` | -| parLogAnalyticsWorkspaceTags | object | Empty object `{}` | Array of Tags to be applied to Log Analytics Workspace in the logging module | `{"key": "value"}` | +| parAutomationAccountTags | object | `parTags` / Empty object `{}` | Array of Tags to be applied to Automation Account in the logging module | `{"key": "value"}` | +| parLogAnalyticsWorkspaceTags | object | `parTags` / Empty object `{}` | Array of Tags to be applied to Log Analytics Workspace in the logging module | `{"key": "value"}` | | parTelemetryOptOut | bool | Set Parameter to true to Opt-out of deployment telemetry | Mandatory input, default: `false` | `false` | ## Outputs @@ -48,7 +48,7 @@ The module will generate the following outputs: | outLogAnalyticsWorkspaceName | string | alz-log-analytics | | outLogAnalyticsWorkspaceId | string | /subscriptions/4f9f8765-911a-4a6d-af60-4bc0473268c0/resourceGroups/alz-logging/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics | | outLogAnalyticsCustomerId | string | 4192b202-f57d-4e75-a074-d215aa2acb49 | -| outLogAnalyticsSolutions | Array of string | ["AgentHealthAssessment", "AntiMalware","AzureActivity", "ChangeTracking", "Security", "SecurityInsights", "ServiceMap", "SQLAdvancedThreatProtection", "SQLVulnerabilityAssessment", "SQLAssessment", "Updates", "VMInsights"] | +| outLogAnalyticsSolutions | array | ["AgentHealthAssessment", "AntiMalware","AzureActivity", "ChangeTracking", "Security", "SecurityInsights", "ServiceMap", "SQLAdvancedThreatProtection", "SQLVulnerabilityAssessment", "SQLAssessment", "Updates", "VMInsights"] | | outAutomationAccountName | string | alz-automation-account | | outAutomationAccountId | string | /subscriptions/4f9f8765-911a-4a6d-af60-4bc0473268c0/resourceGroups/alz-logging/providers/Microsoft.Automation/automationAccounts/alz-automation-account | @@ -67,8 +67,8 @@ There are separate input parameters files depending on which Azure cloud you are ### Azure CLI ```bash -# For Azure Global regions -# Set Platform management subscripion ID as the the current subscription +# For Azure Global regions +# Set Platform management subscripion ID as the the current subscription ManagementSubscriptionId="[your platform management subscription ID]" az account set --subscription $ManagementSubscriptionId @@ -77,7 +77,7 @@ az group create \ --name alz-logging \ --location eastus -# Deploy Module +# Deploy Module az deployment group create \ --template-file infra-as-code/bicep/modules/logging/logging.bicep \ --parameters @infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json \ @@ -85,8 +85,8 @@ az deployment group create \ ``` OR ```bash -# For Azure China regions -# Set Platform management subscripion ID as the the current subscription +# For Azure China regions +# Set Platform management subscripion ID as the the current subscription ManagementSubscriptionId="[your platform management subscription ID]" az account set --subscription $ManagementSubscriptionId @@ -95,7 +95,7 @@ az group create \ --name alz-logging \ --location chinaeast2 -# Deploy Module +# Deploy Module az deployment group create \ --template-file infra-as-code/bicep/modules/logging/logging.bicep \ --parameters @infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json \ @@ -106,7 +106,7 @@ az deployment group create \ ```powershell # For Azure Global regions -# Set Platform management subscripion ID as the the current subscription +# Set Platform management subscripion ID as the the current subscription $ManagementSubscriptionId = "[your platform management subscription ID]" Select-AzSubscription -SubscriptionId $ManagementSubscriptionId @@ -124,7 +124,7 @@ New-AzResourceGroupDeployment ` OR ```powershell # For Azure China regions -# Set Platform management subscripion ID as the the current subscription +# Set Platform management subscripion ID as the the current subscription $ManagementSubscriptionId = "[your platform management subscription ID]" Select-AzSubscription -SubscriptionId $ManagementSubscriptionId diff --git a/infra-as-code/bicep/modules/logging/logging.bicep b/infra-as-code/bicep/modules/logging/logging.bicep index 815da46b6..22e06f07b 100644 --- a/infra-as-code/bicep/modules/logging/logging.bicep +++ b/infra-as-code/bicep/modules/logging/logging.bicep @@ -1,7 +1,7 @@ -@description('Log Analytics Workspace name. - DEFAULT VALUE: alz-log-analytics') +@description('Log Analytics Workspace name. Default: alz-log-analytics') param parLogAnalyticsWorkspaceName string = 'alz-log-analytics' -@description('Log Analytics region name - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings - DEFAULT VALUE: resourceGroup().location') +@description('Log Analytics region name - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings. Default: resourceGroup().location') param parLogAnalyticsWorkspaceLocation string = resourceGroup().location @allowed([ @@ -14,12 +14,12 @@ param parLogAnalyticsWorkspaceLocation string = resourceGroup().location 'Standalone' 'Standard' ]) -@description('Log Analytics Workspace sku name. - DEFAULT VALUE: PerGB2018') +@description('Log Analytics Workspace sku name. Default: PerGB2018') param parLogAnalyticsWorkspaceSkuName string = 'PerGB2018' @minValue(30) @maxValue(730) -@description('Number of days of log retention for Log Analytics Workspace. - DEFAULT VALUE: 365') +@description('Number of days of log retention for Log Analytics Workspace. Default: 365') param parLogAnalyticsWorkspaceLogRetentionInDays int = 365 @allowed([ @@ -36,7 +36,7 @@ param parLogAnalyticsWorkspaceLogRetentionInDays int = 365 'Updates' 'VMInsights' ]) -@description('Solutions that will be added to the Log Analytics Workspace. - DEFAULT VALUE: [AgentHealthAssessment, AntiMalware, AzureActivity, ChangeTracking, Security, SecurityInsights, ServiceMap, SQLAssessment, Updates, VMInsights]') +@description('Solutions that will be added to the Log Analytics Workspace. Default: [AgentHealthAssessment, AntiMalware, AzureActivity, ChangeTracking, Security, SecurityInsights, ServiceMap, SQLAssessment, Updates, VMInsights]') param parLogAnalyticsWorkspaceSolutions array = [ 'AgentHealthAssessment' 'AntiMalware' @@ -52,19 +52,19 @@ param parLogAnalyticsWorkspaceSolutions array = [ 'VMInsights' ] -@description('Automation account name. - DEFAULT VALUE: alz-automation-account') +@description('Automation account name. - Default: alz-automation-account') param parAutomationAccountName string = 'alz-automation-account' -@description('Automation Account region name. - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings - DEFAULT VALUE: resourceGroup().location') +@description('Automation Account region name. - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings. Default: resourceGroup().location') param parAutomationAccountLocation string = resourceGroup().location -@description('Tags you would like to be applied to all resources in this module') +@description('Tags you would like to be applied to all resources in this module. Default: Empty Object') param parTags object = {} -@description('Tags you would like to be applied to Automation Account. - DEFAULT VALUE: parTags value') +@description('Tags you would like to be applied to Automation Account. Default: parTags') param parAutomationAccountTags object = parTags -@description('Tags you would like to be applied to Log Analytics Workspace. - DEFAULT VALUE: parTags value') +@description('Tags you would like to be applied to Log Analytics Workspace. Default: parTags') param parLogAnalyticsWorkspaceTags object = parTags @description('Set Parameter to true to Opt-out of deployment telemetry') diff --git a/infra-as-code/bicep/modules/managementGroups/README.md b/infra-as-code/bicep/modules/managementGroups/README.md index 2e5add383..34509ec07 100644 --- a/infra-as-code/bicep/modules/managementGroups/README.md +++ b/infra-as-code/bicep/modules/managementGroups/README.md @@ -20,8 +20,8 @@ The module requires the following inputs: | Parameter | Type | Description | Requirements | Example | | ------------------------------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------- | --------------------------------------------------------------------------------------- | -| parTopLevelManagementGroupPrefix | string | Prefix for the management group hierarchy. This management group will be created as part of the deployment. | 2-10 characters | `alz` | -| parTopLevelManagementGroupDisplayName | string | Display name for top level management group. This name will be applied to the management group prefix defined in `parTopLevelManagementGroupPrefix` parameter. | Minimum two characters | `Azure Landing Zones` | +| parTopLevelManagementGroupPrefix | string | Prefix for the management group hierarchy. This management group will be created as part of the deployment. | 2-10 characters, default: `alz` | `alz` | +| parTopLevelManagementGroupDisplayName | string | Display name for top level management group. This name will be applied to the management group prefix defined in `parTopLevelManagementGroupPrefix` parameter. | Minimum two characters, default: `Azure Landing Zones` | `Azure Landing Zones` | | parTopLevelManagementGroupParentId | string | Optional parent for Management Group hierarchy, used as intermediate root Management Group parent, if specified. If empty, default, will deploy beneath Tenant Root Management Group. | Not required input, default `''` | `/providers/Microsoft.Management/managementGroups/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` | | parLandingZoneMgAlzDefaultsEnable | bool | Deploys Corp & Online Management Groups beneath Landing Zones Management Group if set to true. | Mandatory input, default: `true` | `true` | | parLandingZoneMgConfidentialEnable | bool | Deploys Confidential Corp & Confidential Online Management Groups beneath Landing Zones Management Group if set to true. | Mandatory input, default: `false` | `false` | @@ -149,7 +149,7 @@ OR New-AzTenantDeployment ` -TemplateFile infra-as-code/bicep/modules/managementGroups/managementGroups.bicep ` -TemplateParameterFile infra-as-code/bicep/modules/managementGroups/parameters/managementGroups.parameters.all.json ` - -Location chinaeast2 + -Location chinaeast2 ``` ![Example Deployment Output](media/exampleDeploymentOutput.png "Example Deployment Output") diff --git a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep index dfdef2e14..82d2bc62f 100644 --- a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep +++ b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep @@ -1,27 +1,27 @@ targetScope = 'tenant' -@description('Prefix for the management group hierarchy. This management group will be created as part of the deployment.') +@description('Prefix for the management group hierarchy. This management group will be created as part of the deployment. Default: alz') @minLength(2) @maxLength(10) param parTopLevelManagementGroupPrefix string = 'alz' -@description('Display name for top level management group. This name will be applied to the management group prefix defined in parTopLevelManagementGroupPrefix parameter.') +@description('Display name for top level management group. This name will be applied to the management group prefix defined in parTopLevelManagementGroupPrefix parameter. Default: Azure Landing Zones') @minLength(2) param parTopLevelManagementGroupDisplayName string = 'Azure Landing Zones' -@description('Optional parent for Management Group hierarchy, used as intermediate root Management Group parent, if specified. If empty, default, will deploy beneath Tenant Root Management Group.') +@description('Optional parent for Management Group hierarchy, used as intermediate root Management Group parent, if specified. If empty, default, will deploy beneath Tenant Root Management Group. Default: Empty String') param parTopLevelManagementGroupParentId string = '' -@description('Deploys Corp & Online Management Groups beneath Landing Zones Management Group if set to true.') +@description('Deploys Corp & Online Management Groups beneath Landing Zones Management Group if set to true. Default: true') param parLandingZoneMgAlzDefaultsEnable bool = true -@description('Deploys Confidential Corp & Confidential Online Management Groups beneath Landing Zones Management Group if set to true.') +@description('Deploys Confidential Corp & Confidential Online Management Groups beneath Landing Zones Management Group if set to true. Default: false') param parLandingZoneMgConfidentialEnable bool = false -@description('Dictionary Object to allow additional or different child Management Groups of Landing Zones Management Group to be deployed.') +@description('Dictionary Object to allow additional or different child Management Groups of Landing Zones Management Group to be deployed. Default: Empty Object') param parLandingZoneMgChildren object = {} -@description('Set Parameter to true to Opt-out of deployment telemetry') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false // Platform and Child Management Groups @@ -219,7 +219,7 @@ output outPlatformConnectivityManagementGroupId string = resPlatformConnectivity output outPlatformIdentityManagementGroupId string = resPlatformIdentityMg.id output outLandingZonesManagementGroupId string = resLandingZonesMg.id -output outLandingZoneChildrenMangementGroupIds array = [for mg in items(varLandingZoneMgChildrenUnioned): '/providers/Microsoft.Management/managementGroups/${parTopLevelManagementGroupPrefix}-landingzones-${mg.key}' ] +output outLandingZoneChildrenManagementGroupIds array = [for mg in items(varLandingZoneMgChildrenUnioned): '/providers/Microsoft.Management/managementGroups/${parTopLevelManagementGroupPrefix}-landingzones-${mg.key}' ] output outSandboxManagementGroupId string = resSandboxMg.id @@ -234,7 +234,7 @@ output outPlatformConnectivityManagementGroupName string = resPlatformConnectivi output outPlatformIdentityManagementGroupName string = resPlatformIdentityMg.name output outLandingZonesManagementGroupName string = resLandingZonesMg.name -output outLandingZoneChildrenMangementGroupNames array = [for mg in items(varLandingZoneMgChildrenUnioned): mg.value.displayName ] +output outLandingZoneChildrenManagementGroupNames array = [for mg in items(varLandingZoneMgChildrenUnioned): mg.value.displayName ] output outSandboxManagementGroupName string = resSandboxMg.name diff --git a/infra-as-code/bicep/modules/privateDnsZones/README.md b/infra-as-code/bicep/modules/privateDnsZones/README.md index e2848eb02..6d1b66e49 100644 --- a/infra-as-code/bicep/modules/privateDnsZones/README.md +++ b/infra-as-code/bicep/modules/privateDnsZones/README.md @@ -1,6 +1,6 @@ # Module: Private DNS Zones -This module deploys Private DNS Zones used for Private Link based on the recommendations from the Azure Landing Zone Conceptual Architecture. +This module deploys Private DNS Zones used for Private Link based on the recommendations from the Azure Landing Zone Conceptual Architecture. Module deploys the following resources: @@ -78,7 +78,7 @@ There are two different sets of input parameters; one for deploying to Azure glo ### Azure CLI ```bash # For Azure global regions -# Set Platform connectivity subscription ID as the the current subscription +# Set Platform connectivity subscription ID as the the current subscription ConnectivitySubscriptionId="[your platform connectivity subscription ID]" az account set --subscription $ConnectivitySubscriptionId @@ -93,7 +93,7 @@ az deployment group create \ OR ```bash # For Azure China regions -# Set Platform connectivity subscription ID as the the current subscription +# Set Platform connectivity subscription ID as the the current subscription ConnectivitySubscriptionId="[your platform connectivity subscription ID]" az account set --subscription $ConnectivitySubscriptionId @@ -110,14 +110,14 @@ az deployment group create \ ```powershell # For Azure global regions -# Set Platform connectivity subscription ID as the the current subscription +# Set Platform connectivity subscription ID as the the current subscription $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]" Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId New-AzResourceGroup -Name 'Hub_PrivateDNS_POC' ` -Location 'eastus' - + New-AzResourceGroupDeployment ` -TemplateFile infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep ` -TemplateParameterFile infra-as-code/bicep/modules/privateDnsZones/parameters/privateDnsZones.parameters.all.json ` @@ -126,14 +126,14 @@ New-AzResourceGroupDeployment ` OR ```powershell # For Azure China regions -# Set Platform connectivity subscription ID as the the current subscription +# Set Platform connectivity subscription ID as the the current subscription $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]" Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId New-AzResourceGroup -Name 'Hub_PrivateDNS_POC' ` -Location 'chinaeast2' - + New-AzResourceGroupDeployment ` -TemplateFile infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep ` -TemplateParameterFile infra-as-code/bicep/modules/privateDnsZones/parameters/mc-privateDnsZones.parameters.all.json diff --git a/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep b/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep index 8b6022f4d..1ecf9fdf7 100644 --- a/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep +++ b/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep @@ -59,10 +59,10 @@ param parPrivateDnsZones array = [ @description('Tags you would like to be applied to all resources in this module. Default: empty object') param parTags object = {} -@description('Resource ID of VNet for Private DNS Zone VNet Links') +@description('Resource ID of VNet for Private DNS Zone VNet Links. Default: Empty String') param parVirtualNetworkIdToLink string = '' -@description('Set Parameter to true to Opt-out of deployment telemetry') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false var varAzBackupGeoCodes = { diff --git a/infra-as-code/bicep/modules/publicIp/README.md b/infra-as-code/bicep/modules/publicIp/README.md index 6e175173e..9be0926d4 100644 --- a/infra-as-code/bicep/modules/publicIp/README.md +++ b/infra-as-code/bicep/modules/publicIp/README.md @@ -1,6 +1,6 @@ # Module: Public IP -This module defines a public IP address and outputs the id for other modules to consume. +This module defines a public IP address and outputs the id for other modules to consume. Module deploys the following resources: @@ -12,12 +12,12 @@ The module requires the following inputs: | Parameter | Type | Default | Description | Requirement | Example | | --------------------- | ------ | ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------- | ------------------ | ------------------------------------ | - | parLocation | string | resourceGroup().location | Location where Public IP address will be deployed | Valid Azure Region | `eastus2` | + | parLocation | string | `resourceGroup().location` | Location where Public IP address will be deployed | Valid Azure Region | `eastus2` | | parPublicIpName | string | none | Name associated with the Public IP to be created | 1-80 char | alz-bastion-PublicIp | | parPublicIpSku | object | none | SKU of IP to deploy to Azure | Standard or Basic | Standard | | parPublicIpProperties | object | none | N/A | | parAvailabilityZones | array | Empty Array `[]` | Availability Zones to deploy the Public IP across. Region must support Availability Zones to use. If it does not then leave empty. | none | `[]` or `['1']` or `['1' ,'2', '3']` | - | parTags | object | none | Tags to be appended to resource after it is created | none | {"Environment" : "Development"} | + | parTags | object | Empty Object `{}` | Tags to be appended to resource after it is created | none | {"Environment" : "Development"} | | parTelemetryOptOut | bool | `false` | Set Parameter to true to Opt-out of deployment telemetry | none | `false` | ## Outputs diff --git a/infra-as-code/bicep/modules/publicIp/publicIp.bicep b/infra-as-code/bicep/modules/publicIp/publicIp.bicep index 9b13a49cb..87ee84bfe 100644 --- a/infra-as-code/bicep/modules/publicIp/publicIp.bicep +++ b/infra-as-code/bicep/modules/publicIp/publicIp.bicep @@ -1,13 +1,13 @@ -@description('Azure Region to deploy Public IP Address to. Default: Current Resource Group') +@description('Azure Region to deploy Public IP Address to. Default: resourceGroup().location') param parLocation string = resourceGroup().location -@description('Name of Public IP to create in Azure. Default: None') +@description('Name of Public IP to create in Azure.') param parPublicIpName string -@description('Public IP Address SKU. Default: None') +@description('Public IP Address SKU.') param parPublicIpSku object -@description('Properties of Public IP to be deployed. Default: None') +@description('Properties of Public IP to be deployed.') param parPublicIpProperties object @allowed([ @@ -15,13 +15,13 @@ param parPublicIpProperties object '2' '3' ]) -@description('Availability Zones to deploy the Public IP across. Region must support Availability Zones to use. If it does not then leave empty.') +@description('Availability Zones to deploy the Public IP across. Region must support Availability Zones to use. If it does not then leave empty. Default: Empty Array') param parAvailabilityZones array = [] -@description('Tags to be applied to resource when deployed. Default: None') +@description('Tags to be applied to resource when deployed. Default: Empty Object') param parTags object = {} -@description('Set Parameter to true to Opt-out of deployment telemetry') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false // Customer Usage Attribution Id diff --git a/infra-as-code/bicep/modules/resourceGroup/README.md b/infra-as-code/bicep/modules/resourceGroup/README.md index c74618e75..48ca0f301 100644 --- a/infra-as-code/bicep/modules/resourceGroup/README.md +++ b/infra-as-code/bicep/modules/resourceGroup/README.md @@ -1,6 +1,6 @@ # Module: Resource Group -This module creates a Resource group to be utilized by other modules. +This module creates a Resource group to be utilized by other modules. Module deploys the following resources: @@ -32,4 +32,4 @@ Module is intended to be called from other modules as a reusable resource. ## Bicep Visualizer -![Bicep Visualizer](media/bicepVisualizer.png "Bicep Visualizer") \ No newline at end of file +![Bicep Visualizer](media/bicepVisualizer.png "Bicep Visualizer") diff --git a/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep b/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep index e0c4851fa..ef13cb1ed 100644 --- a/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep +++ b/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep @@ -1,15 +1,15 @@ targetScope = 'subscription' -@description('Azure Region where Resource Group will be created. No Default') +@description('Azure Region where Resource Group will be created.') param parLocation string -@description('Name of Resource Group to be created. No Default') +@description('Name of Resource Group to be created.') param parResourceGroupName string -@description('Tags you would like to be applied to all resources in this module') +@description('Tags you would like to be applied to all resources in this module. Default: Empty Object') param parTags object = {} -@description('Set Parameter to true to Opt-out of deployment telemetry') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false // Customer Usage Attribution Id diff --git a/infra-as-code/bicep/modules/roleAssignments/README.md b/infra-as-code/bicep/modules/roleAssignments/README.md index e182e4975..1d6cfb736 100644 --- a/infra-as-code/bicep/modules/roleAssignments/README.md +++ b/infra-as-code/bicep/modules/roleAssignments/README.md @@ -68,8 +68,8 @@ Connect-AzureAD | Parameter | Type | Description | Requirement | Example | | ------------------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | -------------------------------------- | -| parRoleAssignmentNameGuid | string | A GUID representing the role assignment name. Default: guid(managmentGroup().name, parRoleDefinitionId, parAssigneeObjectId) | Unique GUID | `f3b171da-2023-4508-b467-042a53f4cd5d` | -| parRoleDefinitionId | string | Role Definition ID(i.e. GUID, Reader Role Definition ID: acdd72a7-3385-48ef-bd42-f606fba81ae7) | Must exist | `acdd72a7-3385-48ef-bd42-f606fba81ae7` | +| parRoleAssignmentNameGuid | string | A GUID representing the role assignment name. Default: `guid(managmentGroup().name, parRoleDefinitionId, parAssigneeObjectId)` | Unique GUID | `f3b171da-2023-4508-b467-042a53f4cd5d` | +| parRoleDefinitionId | string | Role Definition ID (i.e. GUID, Reader Role Definition ID: acdd72a7-3385-48ef-bd42-f606fba81ae7) | Must exist | `acdd72a7-3385-48ef-bd42-f606fba81ae7` | | parAssigneePrincipalType | string | Principal type of the assignee. Allowed values are `Group` (Security Group) or `ServicePrincipal` (Service Principal or System/User Assigned Managed Identity) | One of [Group, ServicePrincipal] | `ServicePrincipal` | | parAssigneeObjectId | string | Object ID of groups, service principals or managed identities. For managed identities use the principal ID. For service principals, use the object id and not the app ID | Must exist | `a86fe549-7f87-4873-8b0e-82f0081a0034` | | parTelemetryOptOut | bool | Set Parameter to true to Opt-out of deployment telemetry | none | `false` | @@ -78,7 +78,7 @@ Connect-AzureAD | Parameter | Type | Description | Requirement | Example | | ------------------------ | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------- | -------------------------------------------------------- | -| parManagementGroupIds | Array of string | A list of management group scopes that will be used for role assignment (i.e. [alz-platform-connectivity, alz-platform-identity]). Default = [] | Must exist | `['alz-platform-connectivity', 'alz-platform-identity']` | +| parManagementGroupIds | Array of string | A list of management group scopes that will be used for role assignment (i.e. [alz-platform-connectivity, alz-platform-identity]). Default = `[]` | Must exist | `['alz-platform-connectivity', 'alz-platform-identity']` | | parRoleDefinitionId | string | Role Definition ID(i.e. GUID, Reader Role Definition ID: acdd72a7-3385-48ef-bd42-f606fba81ae7) | Must exist | `acdd72a7-3385-48ef-bd42-f606fba81ae7` | | parAssigneePrincipalType | string | Principal type of the assignee. Allowed values are `Group` (Security Group) or `ServicePrincipal` (Service Principal or System/User Assigned Managed Identity) | One of [Group, ServicePrincipal] | `ServicePrincipal` | | parAssigneeObjectId | string | Object ID of groups, service principals or managed identities. For managed identities use the principal ID. For service principals, use the object ID and not the app ID | Must exist | `a86fe549-7f87-4873-8b0e-82f0081a0034` | @@ -88,7 +88,7 @@ Connect-AzureAD | Parameter | Type | Description | Requirement | Example | | ------------------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------- | -------------------------------------- | -| parRoleAssignmentNameGuid | string | A GUID representing the role assignment name. Default: guid(subscription().subscriptionId, parRoleDefinitionId, parAssigneeObjectId) | Unique GUID | `f3b171da-2023-4508-b467-042a53f4cd5d` | +| parRoleAssignmentNameGuid | string | A GUID representing the role assignment name. Default: `guid(subscription().subscriptionId, parRoleDefinitionId, parAssigneeObjectId)` | Unique GUID | `f3b171da-2023-4508-b467-042a53f4cd5d` | | parRoleDefinitionId | string | Role Definition Id (i.e. GUID, Reader Role Definition ID: acdd72a7-3385-48ef-bd42-f606fba81ae7) | Must exist | `acdd72a7-3385-48ef-bd42-f606fba81ae7` | | parAssigneePrincipalType | string | Principal type of the assignee. Allowed values are `Group` (Security Group) or `ServicePrincipal` (Service Principal or System/User Assigned Managed Identity) | One of [Group, ServicePrincipal] | `ServicePrincipal` | | parAssigneeObjectId | string | Object ID of groups, service principals or managed identities. For managed identities use the principal ID. For service principals, use the object ID and not the app ID | Must exist | `a86fe549-7f87-4873-8b0e-82f0081a0034` | diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep index 9f8994a3d..a28293c80 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep @@ -1,9 +1,9 @@ targetScope = 'managementGroup' -@description('A GUID representing the role assignment name. Default: guid(managementGroup().name, parRoleDefinitionId, parAssigneeObjectId)') +@description('A GUID representing the role assignment name. Default: guid(managementGroup().name, parRoleDefinitionId, parAssigneeObjectId)') param parRoleAssignmentNameGuid string = guid(managementGroup().name, parRoleDefinitionId, parAssigneeObjectId) -@description('Role Definition Id (i.e. GUID, Reader Role Definition ID: acdd72a7-3385-48ef-bd42-f606fba81ae7)') +@description('Role Definition Id (i.e. GUID, Reader Role Definition ID: acdd72a7-3385-48ef-bd42-f606fba81ae7)') param parRoleDefinitionId string @description('Principal type of the assignee. Allowed values are \'Group\' (Security Group) or \'ServicePrincipal\' (Service Principal or System/User Assigned Managed Identity)') @@ -16,7 +16,7 @@ param parAssigneePrincipalType string @description('Object ID of groups, service principals or managed identities. For managed identities use the principal id. For service principals, use the object ID and not the app ID') param parAssigneeObjectId string -@description('Set Parameter to true to Opt-out of deployment telemetry') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false // Customer Usage Attribution Id diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroupMany.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroupMany.bicep index 411174156..23c7eaeea 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroupMany.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroupMany.bicep @@ -1,6 +1,6 @@ targetScope = 'managementGroup' -@description('A list of management group scopes that will be used for role assignment (i.e. [alz-platform-connectivity, alz-platform-identity]). Default = []') +@description('A list of management group scopes that will be used for role assignment (i.e. [alz-platform-connectivity, alz-platform-identity]). Default: Empty Array') param parManagementGroupIds array = [] @description('Role Definition Id (i.e. GUID, Reader Role Definition ID: acdd72a7-3385-48ef-bd42-f606fba81ae7)') diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep index 9c72089b5..faf05e0fb 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep @@ -1,12 +1,12 @@ targetScope = 'subscription' -@description('A GUID representing the role assignment name. Default: guid(subscription().subscriptionId, parRoleDefinitionId, parAssigneeObjectId)') +@description('A GUID representing the role assignment name. Default: guid(subscription().subscriptionId, parRoleDefinitionId, parAssigneeObjectId)') param parRoleAssignmentNameGuid string = guid(subscription().subscriptionId, parRoleDefinitionId, parAssigneeObjectId) -@description('Role Definition Id (i.e. GUID, Reader Role Definition ID: acdd72a7-3385-48ef-bd42-f606fba81ae7)') +@description('Role Definition Id (i.e. GUID, Reader Role Definition ID: acdd72a7-3385-48ef-bd42-f606fba81ae7)') param parRoleDefinitionId string -@description('Principal type of the assignee. Allowed values are \'Group\' (Security Group) or \'ServicePrincipal\' (Service Principal or System/User Assigned Managed Identity)') +@description('Principal type of the assignee. Allowed values are \'Group\' (Security Group) or \'ServicePrincipal\' (Service Principal or System/User Assigned Managed Identity)') @allowed([ 'Group' 'ServicePrincipal' @@ -16,7 +16,7 @@ param parAssigneePrincipalType string @description('Object ID of groups, service principals or managed identities. For managed identities use the principal id. For service principals, use the object ID and not the app ID') param parAssigneeObjectId string -@description('Set Parameter to true to Opt-out of deployment telemetry') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false // Customer Usage Attribution Id diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscriptionMany.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscriptionMany.bicep index f75bc02c6..e793d10ef 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscriptionMany.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscriptionMany.bicep @@ -1,6 +1,6 @@ targetScope = 'managementGroup' -@description('A list of subscription IDs that will be used for role assignment (i.e. 4f9f8765-911a-4a6d-af60-4bc0473268c0) Default = []') +@description('A list of subscription IDs that will be used for role assignment (i.e. 4f9f8765-911a-4a6d-af60-4bc0473268c0). Default: Empty Array') param parSubscriptionIds array = [] @description('Role Definition Id (i.e. GUID, Reader Role Definition ID: acdd72a7-3385-48ef-bd42-f606fba81ae7)') diff --git a/infra-as-code/bicep/modules/spokeNetworking/README.md b/infra-as-code/bicep/modules/spokeNetworking/README.md index 3f5126487..033aecd7f 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/README.md +++ b/infra-as-code/bicep/modules/spokeNetworking/README.md @@ -5,7 +5,7 @@ This module defines spoke networking based on the recommendations from the Azure Module deploys the following resources: - Virtual Network (Spoke VNet) -- UDR - if Firewall is enabled +- Route Table with route to NVA - if Firewall is enabled > ## Note > @@ -65,7 +65,7 @@ In this example, the spoke resources will be deployed to the resource group spec ### Azure CLI ```bash # For Azure global regions -# Set Azure Landing zone subscription ID as the the current subscription +# Set Azure Landing zone subscription ID as the the current subscription LandingZoneSubscriptionId="[your landing zone subscription ID]" az account set --subscription $LandingZoneSubscriptionId @@ -80,7 +80,7 @@ az deployment group create \ OR ```bash # For Azure China regions -# Set Platform connectivity subscription ID as the the current subscription +# Set Platform connectivity subscription ID as the the current subscription LandingZoneSubscriptionId="[your landing zone subscription ID]" az account set --subscription $LandingZoneSubscriptionId @@ -97,14 +97,14 @@ az deployment group create \ ```powershell # For Azure global regions -# Set Platform connectivity subscription ID as the the current subscription +# Set Platform connectivity subscription ID as the the current subscription $LandingZoneSubscriptionId = "[your landing zone subscription ID]" Select-AzSubscription -SubscriptionId $LandingZoneSubscriptionId New-AzResourceGroup -Name 'Spoke_Networking_POC' ` -Location 'EastUs2' - + New-AzResourceGroupDeployment ` -TemplateFile infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep ` -TemplateParameterFile infra-as-code/bicep/modules/spokeNetworking/parameters/spokeNetworking.parameters.all.json ` @@ -113,14 +113,14 @@ New-AzResourceGroupDeployment ` OR ```powershell # For Azure China regions -# Set Platform connectivity subscription ID as the the current subscription +# Set Platform connectivity subscription ID as the the current subscription $LandingZoneSubscriptionId = "[your landing zone subscription ID]" Select-AzSubscription -SubscriptionId $LandingZoneSubscriptionId New-AzResourceGroup -Name 'Spoke_Networking_POC' ` -Location 'chinaeast2' - + New-AzResourceGroupDeployment ` -TemplateFile infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep ` -TemplateParameterFile infra-as-code/bicep/modules/spokeNetworking/parameters/spokeNetworking.parameters.all.json ` diff --git a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep index 52bed6781..5e433fc54 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep +++ b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep @@ -4,7 +4,7 @@ param parLocation string = resourceGroup().location @description('Switch to enable/disable BGP Propagation on route table. Default: false') param parDisableBgpRoutePropagation bool = false -@description('Id of the DdosProtectionPlan which will be applied to the Virtual Network. Default: Empty String') +@description('Id of the DdosProtectionPlan which will be applied to the Virtual Network. Default: Empty String') param parDdosProtectionPlanId string = '' @description('The IP address range for all virtual networks to use. Default: 10.11.0.0/16') diff --git a/infra-as-code/bicep/modules/subscriptionPlacement/README.md b/infra-as-code/bicep/modules/subscriptionPlacement/README.md index 178f7c4a0..15924d1a8 100644 --- a/infra-as-code/bicep/modules/subscriptionPlacement/README.md +++ b/infra-as-code/bicep/modules/subscriptionPlacement/README.md @@ -2,7 +2,7 @@ This module moves one or more subscriptions to be a child of the specified management group. Once the subscription(s) are moved under the management group, Azure Policies assigned to the management group or its parent management group(s) will begin to govern the subscription(s). -> Consider using the `subPlacementAll` orchestration module instead to simplify Subscription placement across your entire Management Group hierarchy in a single module. [infra-as-code/bicep/orchestration/hubPeeredSpoke](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/orchestration/subPlacementAll) +> Consider using the `subPlacementAll` orchestration module instead to simplify Subscription placement across your entire Management Group hierarchy in a single module. [infra-as-code/bicep/orchestration/subPlacementAll](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/orchestration/subPlacementAll) ## Parameters @@ -10,16 +10,16 @@ The module requires the following required input parameters. | Parameter | Type | Description | Requirement | Example | | -------------------------- | --------------- | --------------------------------------------------------------------------- | -------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | parSubscriptionIds | Array of string | Array of Subscription Ids that should be moved to the new management group. | Mandatory input | Empty: `[]` or
1 Subscription: `["4f9f8765-911a-4a6d-af60-4bc0473268c0"]` or
Many Subscriptions: `["34b63c8f-1782-42e6-8fb9-ba6ee8b99735", "4f9f8765-911a-4a6d-af60-4bc0473268c0"]` | + | parSubscriptionIds | Array | Array of Subscription Ids that should be moved to the new management group. | Mandatory input, default: `[]` | Empty: `[]` or
1 Subscription: `["yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"]` or
Many Subscriptions: `["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"]` | | parTargetManagementGroupId | string | Target management group for the subscription. | Mandatory input, management group must exist | `alz-platform-connectivity` | - | parTelemetryOptOut | bool | Set Parameter to true to Opt-out of deployment telemetry | none | `false` | + | parTelemetryOptOut | bool | Set Parameter to true to Opt-out of deployment telemetry | Optional input, default: `false` | `false` | ## Outputs *This module does not produce any outputs.* ## Deployment -In this example, the subscriptions `34b63c8f-1782-42e6-8fb9-ba6ee8b99735` and `4f9f8765-911a-4a6d-af60-4bc0473268c0` will be moved to `alz-platform-connectivity` management group. The inputs for this module are defined in `parameters/subscriptionPlacement.parameters.all.json`. +In this example, the subscription `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` will be moved to `alz-platform-connectivity` management group. The inputs for this module are defined in `parameters/subscriptionPlacement.parameters.all.json`. > For the examples below we assume you have downloaded or cloned the Git repo as-is and are in the root of the repository as your selected directory in your terminal of choice. diff --git a/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep b/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep index d11ee4cce..de8989081 100644 --- a/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep +++ b/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep @@ -1,12 +1,12 @@ targetScope = 'managementGroup' -@description('Array of Subscription Ids that should be moved to the new management group.') +@description('Array of Subscription Ids that should be moved to the new management group. Default: Empty Array') param parSubscriptionIds array = [] -@description('Target management group for the subscription. This management group must exist.') +@description('Target management group for the subscription. This management group must exist.') param parTargetManagementGroupId string -@description('Set Parameter to true to Opt-out of deployment telemetry') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false // Customer Usage Attribution Id diff --git a/infra-as-code/bicep/modules/vnetPeering/README.md b/infra-as-code/bicep/modules/vnetPeering/README.md index 237f9a33e..af6b2069f 100644 --- a/infra-as-code/bicep/modules/vnetPeering/README.md +++ b/infra-as-code/bicep/modules/vnetPeering/README.md @@ -1,6 +1,6 @@ # Module: VNet Peering -This module creates a virtual network peering connection between two virtual networks and is to be utilized by other modules. Module will need to be called twice to create the completed peering. Each time with a peering direction. This allows for peering between different subscriptions. +This module creates a virtual network peering connection between two virtual networks and is to be utilized by other modules. Module will need to be called twice to create the completed peering. Each time with a peering direction. This allows for peering between different subscriptions. **Peering Options Documentation:** @@ -52,7 +52,7 @@ During the deployment step, we will take parameters provided in the example para ### Azure CLI ```bash # For Azure global regions -# Set your Corp Connected Landing Zone subscription ID as the the current subscription +# Set your Corp Connected Landing Zone subscription ID as the the current subscription LandingZoneSubscriptionId="[your Landing Zone subscription ID]" az account set --subscription $LandingZoneSubscriptionId @@ -64,7 +64,7 @@ az deployment group create \ OR ```bash # For Azure China regions -# Set your Corp Connected Landing Zone subscription ID as the the current subscription +# Set your Corp Connected Landing Zone subscription ID as the the current subscription LandingZoneSubscriptionId="[your Landing Zone subscription ID]" az account set --subscription $LandingZoneSubscriptionId @@ -78,7 +78,7 @@ az deployment group create \ ```powershell # For Azure global regions -# Set your Corp Connected Landing Zone subscription ID as the the current subscription +# Set your Corp Connected Landing Zone subscription ID as the the current subscription $LandingZoneSubscriptionId = "[your Landing Zone subscription ID]" Select-AzSubscription -SubscriptionId $LandingZoneSubscriptionId @@ -91,7 +91,7 @@ New-AzResourceGroupDeployment ` OR ```powershell # For Azure China regions -# Set your Corp Connected Landing Zone subscription ID as the the current subscription +# Set your Corp Connected Landing Zone subscription ID as the the current subscription $LandingZoneSubscriptionId = "[your Landing Zone subscription ID]" Select-AzSubscription -SubscriptionId $LandingZoneSubscriptionId diff --git a/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep b/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep index aca6df7d2..6bee80ab1 100644 --- a/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep +++ b/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep @@ -1,25 +1,25 @@ -@description('Virtual Network ID of Virtual Network destination. No default') +@description('Virtual Network ID of Virtual Network destination.') param parDestinationVirtualNetworkId string -@description('Name of source Virtual Network we are peering. No default') +@description('Name of source Virtual Network we are peering.') param parSourceVirtualNetworkName string -@description('Name of destination virtual network we are peering. No default') +@description('Name of destination virtual network we are peering.') param parDestinationVirtualNetworkName string -@description('Switch to enable/disable Virtual Network Access for the Network Peer. Default = true') +@description('Switch to enable/disable Virtual Network Access for the Network Peer. Default: true') param parAllowVirtualNetworkAccess bool = true -@description('Switch to enable/disable forwarded traffic for the Network Peer. Default = true') +@description('Switch to enable/disable forwarded traffic for the Network Peer. Default: true') param parAllowForwardedTraffic bool = true -@description('Switch to enable/disable gateway transit for the Network Peer. Default = false') +@description('Switch to enable/disable gateway transit for the Network Peer. Default: false') param parAllowGatewayTransit bool = false -@description('Switch to enable/disable remote gateway for the Network Peer. Default = false') +@description('Switch to enable/disable remote gateway for the Network Peer. Default:false') param parUseRemoteGateways bool = false -@description('Set Parameter to true to Opt-out of deployment telemetry. Default = false') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false // Customer Usage Attribution Id diff --git a/infra-as-code/bicep/modules/vnetPeeringVwan/README.md b/infra-as-code/bicep/modules/vnetPeeringVwan/README.md index b372e03fa..31f04ed6b 100644 --- a/infra-as-code/bicep/modules/vnetPeeringVwan/README.md +++ b/infra-as-code/bicep/modules/vnetPeeringVwan/README.md @@ -40,8 +40,8 @@ In this example, the remote spoke Vnet will be peered with the Vwan Virtual Hub ### Azure CLI ```bash # For Azure global regions -# Set your Corp Connected Landing Zone subscription ID as the the current subscription -$ConnectivitySubscriptionId="[your Landing Zone subscription ID]" +# Set your Corp Connected Landing Zone subscription ID as the the current subscription +ConnectivitySubscriptionId="[your Landing Zone subscription ID]" az account set --subscription $ConnectivitySubscriptionId az deployment sub create \ @@ -52,8 +52,8 @@ az deployment sub create \ OR ```bash # For Azure China regions -# Set your Corp Connected Landing Zone subscription ID as the the current subscription -$ConnectivitySubscriptionId="[your Landing Zone subscription ID]" +# Set your Corp Connected Landing Zone subscription ID as the the current subscription +ConnectivitySubscriptionId="[your Landing Zone subscription ID]" az account set --subscription $ConnectivitySubscriptionId az deployment sub create \ @@ -66,7 +66,7 @@ az deployment sub create \ ```powershell # For Azure global regions -# Set your Corp Connected Landing Zone subscription ID as the the current subscription +# Set your Corp Connected Landing Zone subscription ID as the the current subscription $ConnectivitySubscriptionId = "[your Landing Zone subscription ID]" Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId @@ -79,7 +79,7 @@ New-AzDeployment ` OR ```powershell # For Azure China regions -# Set your Corp Connected Landing Zone subscription ID as the the current subscription +# Set your Corp Connected Landing Zone subscription ID as the the current subscription $ConnectivitySubscriptionId = "[your Landing Zone subscription ID]" Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId diff --git a/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep b/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep index 7a6d01c0b..ded3b83e8 100644 --- a/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep +++ b/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep @@ -1,7 +1,7 @@ -@description('Virtual WAN Hub resource ID. No default') +@description('Virtual WAN Hub resource ID.') param parVirtualWanHubResourceId string -@description('Remote Spoke virtual network resource ID. No default') +@description('Remote Spoke virtual network resource ID.') param parRemoteVirtualNetworkResourceId string var varVwanHubName = split(parVirtualWanHubResourceId, '/')[8] diff --git a/infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep b/infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep index 9bce6876a..369a8d211 100644 --- a/infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep +++ b/infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep @@ -1,12 +1,12 @@ targetScope = 'subscription' -@description('Virtual WAN Hub resource ID. No default') +@description('Virtual WAN Hub resource ID.') param parVirtualWanHubResourceId string -@description('Remote Spoke virtual network resource ID. No default') +@description('Remote Spoke virtual network resource ID.') param parRemoteVirtualNetworkResourceId string -@description('Set Parameter to true to Opt-out of deployment telemetry') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false // Customer Usage Attribution Id @@ -22,7 +22,7 @@ var varModhubVirtualNetworkConnectionDeploymentName = take('deploy-vnet-peering- // The hubVirtualNetworkConnection resource is implemented as a separate module because the deployment scope could be on a different subscription and resource group module modhubVirtualNetworkConnection 'hubVirtualNetworkConnection.bicep' = if (!empty(parVirtualWanHubResourceId) && !empty(parRemoteVirtualNetworkResourceId)) { - scope: resourceGroup(varVwanSubscriptionId, varVwanResourceGroup) + scope: resourceGroup(varVwanSubscriptionId, varVwanResourceGroup) name: varModhubVirtualNetworkConnectionDeploymentName params: { parVirtualWanHubResourceId: parVirtualWanHubResourceId diff --git a/infra-as-code/bicep/orchestration/hubPeeredSpoke/README.md b/infra-as-code/bicep/orchestration/hubPeeredSpoke/README.md index aecd7a56d..560fd541b 100644 --- a/infra-as-code/bicep/orchestration/hubPeeredSpoke/README.md +++ b/infra-as-code/bicep/orchestration/hubPeeredSpoke/README.md @@ -5,6 +5,7 @@ This module acts as an orchestration module that create and configures a spoke n Module deploys the following resources: - Subscription placement in Management Group hierarchy - if parPeeredVnetSubscriptionMgPlacement is specified +- Resource group - Virtual Network (Spoke VNet) - UDR - if parNextHopIPAddress and resource id of hub virtual network object is specified - Hub to Spoke peering - if resource id of hub virtual network object is specified in parHubVirtualNetworkID @@ -15,7 +16,7 @@ Note that only one peering type can be created with this module, so either tradi > You can use this module to enable Landing Zones (aka Subscriptions) with platform resources, as defined above, and also place them into the correct location in the hierarchy to meet governance requirements. For example, you can also use this module to deploy the Identity Landing Zone Subscription's vNet and peer it back to the hub vNet. -> +> > You could also use it in a [loop](https://docs.microsoft.com/azure/azure-resource-manager/bicep/loops) to enable multiple Landing Zone Subscriptions at a time in a single deployment. @@ -25,7 +26,7 @@ The module requires the following inputs: | Parameter | Type | Default | Description | Requirement | Example | | -------------------------------------- | ------ | --------------------------------------------------------------- | ---------------------------------------------------------------------- | ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | - | parLocation | string | `deployment().location` | The region to deploy all resoruces into | Valid Azure Region | `northeurope` | + | parLocation | string | `deployment().location` | The region to deploy all resources into | Valid Azure Region | `northeurope` | | parTopLevelManagementGroupPrefix | string | `'alz'` | Prefix for the management group hierarchy | None | `alz` | | parPeeredVnetSubscriptionId | string | Empty string `''` | Subscription Id to the Virtual Network Hub object | None | `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` | | parTags | object | Empty object `{}` | Array of Tags to be applied to all resources in module | None | `{"key": "value"}` | @@ -39,7 +40,7 @@ The module requires the following inputs: | parNextHopIpAddress | string | Empty string `''` | IP Address where network traffic should route to | None | `192.168.50.4` | | parDisableBgpRoutePropagation | bool | false | Switch to enable BGP Route Propagation on VNet Route Table | None | false | | parSpokeToHubRouteTableName | string | 'rtb-spoke-to-hub' | Name of Route table to create for the default route of Hub | None | `rtb-spoke-to-hub` | - | parHubVirtualNetworkId | string | Empty string `''` | Virtual Network ID of Hub Virtual Network, or Azure Virtuel WAN hub ID | None | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/virtualNetworks/alz-vnet-hub-northeurope` + | parHubVirtualNetworkId | string | Empty string `''` | Virtual Network ID of Hub Virtual Network, or Azure Virtuel WAN hub ID | None | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/virtualNetworks/alz-vnet-hub-northeurope` | parAllowSpokeForwardedTraffic | bool | false | Switch to enable/disable forwarded Traffic from outside spoke network | None | false | | parAllowHubVpnGatewayTransit | bool | false | Switch to enable/disable VPN Gateway for the hub network peering | None | false | diff --git a/infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep b/infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep index c05b2ca5a..ece94ff95 100644 --- a/infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep +++ b/infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep @@ -2,29 +2,29 @@ targetScope = 'managementGroup' // **Parameters** // Generic Parameters - Used in multiple modules -@description('The region to deploy all resources into. DEFAULTS TO deployment().location') +@description('The region to deploy all resources into. Default: deployment().location') param parLocation string = deployment().location -@description('Prefix for the management group hierarchy. DEFAULTS TO = alz') +@description('Prefix for the management group hierarchy. Default: alz') @minLength(2) @maxLength(10) param parTopLevelManagementGroupPrefix string = 'alz' -@description('Subscription Id to the Virtual Network Hub object. DEFAULTS TO empty') +@description('Subscription Id to the Virtual Network Hub object. Default: Empty String') param parPeeredVnetSubscriptionId string = '' -@description('Array of Tags to be applied to all resources in module. Default: empty array') +@description('Array of Tags to be applied to all resources in module. Default: Empty Object') param parTags object = {} -@description('Set Parameter to true to Opt-out of deployment telemetry DEFAULTS TO = false') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false // Subscription Module Parameters -@description('The Management Group Id to place the subscription in. DEFAULTS TO empty') +@description('The Management Group Id to place the subscription in. Default: Empty String') param parPeeredVnetSubscriptionMgPlacement string = '' // Resource Group Module Parameters -@description('Name of Resource Group to be created to contain spoke networking resources like the virtual network. Default: {parTopLevelManagementGroupPrefix}-{parLocation}-spoke-networking') +@description('Name of Resource Group to be created to contain spoke networking resources like the virtual network. Default: {parTopLevelManagementGroupPrefix}-{parLocation}-spoke-networking') param parResourceGroupNameForSpokeNetworking string = '${parTopLevelManagementGroupPrefix}-${parLocation}-spoke-networking' // Spoke Networking Module Parameters @@ -43,20 +43,20 @@ param parDnsServerIps array = [] @description('IP Address where network traffic should route to. Default: Empty string') param parNextHopIpAddress string = '' -@description('Switch which allows BGP Route Propogation to be disabled on the route table') +@description('Switch which allows BGP Route Propogation to be disabled on the route table. Default: false') param parDisableBgpRoutePropagation bool = false @description('Name of Route table to create for the default route of Hub. Default: rtb-spoke-to-hub') param parSpokeToHubRouteTableName string = 'rtb-spoke-to-hub' // Peering Modules Parameters -@description('Virtual Network ID of Hub Virtual Network, or Azure Virtuel WAN hub ID. No default') +@description('Virtual Network ID of Hub Virtual Network, or Azure Virtuel WAN hub ID.') param parHubVirtualNetworkId string -@description('Switch to enable/disable forwarded Traffic from outside spoke network. Default = false') +@description('Switch to enable/disable forwarded Traffic from outside spoke network. Default: false') param parAllowSpokeForwardedTraffic bool = false -@description('Switch to enable/disable VPN Gateway for the hub network peering. Default = false') +@description('Switch to enable/disable VPN Gateway for the hub network peering. Default: false') param parAllowHubVpnGatewayTransit bool = false // **Variables** @@ -177,7 +177,7 @@ module modSpokePeeringToHub '../../modules/vnetPeering/vnetPeering.bicep' = if ( // Module - Spoke to Azure Virtual WAN Hub peering. module modhubVirtualNetworkConnection '../../modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep' = if (!empty(varVirtualHubResourceId)) { - scope: resourceGroup(varVirtualHubSubscriptionId, varVirtualHubResourceGroup) + scope: resourceGroup(varVirtualHubSubscriptionId, varVirtualHubResourceGroup) name: varModuleDeploymentNames.modVnetPeeringVwan params: { parVirtualWanHubResourceId: varVirtualHubResourceId diff --git a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/README.md b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/README.md index 7588c2c44..b79220e4f 100644 --- a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/README.md +++ b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/README.md @@ -14,7 +14,7 @@ The module requires the following inputs: | Parameter | Type | Description | Requirements | Example | | ------------------------------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------- | --------------------------------------------------------------------------------------- | -| parTopLevelManagementGroupPrefix | string | Prefix for the management group hierarchy. This management group will be created as part of the deployment. | 2-10 characters | `alz` | +| parTopLevelManagementGroupPrefix | string | Prefix for the management group hierarchy. This management group will be created as part of the deployment. | 2-10 characters, default: `alz` | `alz` | | parLandingZoneMgAlzDefaultsEnable | bool | Deploys Corp & Online Management Groups beneath Landing Zones Management Group if set to true. | Mandatory input, default: `true` | `true` | | parLandingZoneMgConfidentialEnable | bool | Deploys Confidential Corp & Confidential Online Management Groups beneath Landing Zones Management Group if set to true. | Mandatory input, default: `false` | `false` | | parLogAnalyticsWorkspaceResourceId | string | Resource ID of the Log Analytics Workspace | Mandatory input | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/alz-logging/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics` | diff --git a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep index 279d1d011..ce62778a3 100644 --- a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep +++ b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep @@ -1,23 +1,23 @@ targetScope = 'tenant' -@description('Prefix used for the management group hierarchy in the managementGroups module.') +@description('Prefix used for the management group hierarchy in the managementGroups module. Default: alz') @minLength(2) @maxLength(10) param parTopLevelManagementGroupPrefix string = 'alz' -@description('Dictionary Object to allow additional or different child Management Groups of the Landing Zones Management Group .') +@description('Dictionary Object to allow additional or different child Management Groups of the Landing Zones Management Group. Default: Empty Array') param parLandingZoneMgChildren array = [] @description('Log Analytics Workspace Resource ID.') param parLogAnalyticsWorkspaceResourceId string -@description('Deploys Corp & Online Management Groups beneath Landing Zones Management Group if set to true.') +@description('Deploys Corp & Online Management Groups beneath Landing Zones Management Group if set to true. Default: true') param parLandingZoneMgAlzDefaultsEnable bool = true -@description('Deploys Confidential Corp & Confidential Online Management Groups beneath Landing Zones Management Group if set to true.') +@description('Deploys Confidential Corp & Confidential Online Management Groups beneath Landing Zones Management Group if set to true. Default: false') param parLandingZoneMgConfidentialEnable bool = false -@description('Set Parameter to true to Opt-out of deployment telemetry') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false var varMgIds = { diff --git a/infra-as-code/bicep/orchestration/subPlacementAll/README.md b/infra-as-code/bicep/orchestration/subPlacementAll/README.md index cf7ebd70a..1f87cd9d3 100644 --- a/infra-as-code/bicep/orchestration/subPlacementAll/README.md +++ b/infra-as-code/bicep/orchestration/subPlacementAll/README.md @@ -14,7 +14,7 @@ The module requires the following inputs: | Parameter | Type | Default | Description | Required | Example | | --------------------------------------- | ------ | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ---------------------------------------------------------------------------------- | - | parTopLevelManagementGroupPrefix | string | `'alz'` | Prefix for the management group hierarchy | Yes | `'alz` | + | parTopLevelManagementGroupPrefix | string | `'alz'` | Prefix for the management group hierarchy | Yes | `'alz'` | | parIntRootMgSubs | array | `[]` | An array of Subscription IDs to place in the Intermediate Root Management Group. | No | `['xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx', 'yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy']` | | parPlatformMgSubs | array | `[]` | An array of Subscription IDs to place in the Platform Management Group. | No | `['xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx', 'yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy']` | | parPlatformManagementMgSubs | array | `[]` | An array of Subscription IDs to place in the (Platform) Management Management Group. | No | `['xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx', 'yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy']` | diff --git a/infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep b/infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep index 81b03e3d9..48834646c 100644 --- a/infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep +++ b/infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep @@ -1,50 +1,50 @@ targetScope = 'managementGroup' -@description('Prefix for the management group hierarchy. This management group will be created as part of the deployment.') +@description('Prefix for the management group hierarchy. This management group will be created as part of the deployment. Default: alz') @minLength(2) @maxLength(10) param parTopLevelManagementGroupPrefix string = 'alz' -@description('An array of Subscription IDs to place in the Intermediate Root Management Group.') +@description('An array of Subscription IDs to place in the Intermediate Root Management Group. Default: Empty Array') param parIntRootMgSubs array = [] -@description('An array of Subscription IDs to place in the Platform Management Group.') +@description('An array of Subscription IDs to place in the Platform Management Group. Default: Empty Array') param parPlatformMgSubs array = [] -@description('An array of Subscription IDs to place in the (Platform) Management Management Group.') +@description('An array of Subscription IDs to place in the (Platform) Management Management Group. Default: Empty Array') param parPlatformManagementMgSubs array = [] -@description('An array of Subscription IDs to place in the (Platform) Connectivity Management Group.') +@description('An array of Subscription IDs to place in the (Platform) Connectivity Management Group. Default: Empty Array') param parPlatformConnectivityMgSubs array = [] -@description('An array of Subscription IDs to place in the (Platform) Identity Management Group.') +@description('An array of Subscription IDs to place in the (Platform) Identity Management Group. Default: Empty Array') param parPlatformIdentityMgSubs array = [] -@description('An array of Subscription IDs to place in the Landing Zones Management Group.') +@description('An array of Subscription IDs to place in the Landing Zones Management Group. Default: Empty Array') param parLandingZonesMgSubs array = [] -@description('An array of Subscription IDs to place in the Corp (Landing Zones) Management Group.') +@description('An array of Subscription IDs to place in the Corp (Landing Zones) Management Group. Default: Empty Array') param parLandingZonesCorpMgSubs array = [] -@description('An array of Subscription IDs to place in the Online (Landing Zones) Management Group.') +@description('An array of Subscription IDs to place in the Online (Landing Zones) Management Group. Default: Empty Array') param parLandingZonesOnlineMgSubs array = [] -@description('An array of Subscription IDs to place in the Confidential Corp (Landing Zones) Management Group.') +@description('An array of Subscription IDs to place in the Confidential Corp (Landing Zones) Management Group. Default: Empty Array') param parLandingZonesConfidentialCorpMgSubs array = [] -@description('An array of Subscription IDs to place in the Confidential Online (Landing Zones) Management Group.') +@description('An array of Subscription IDs to place in the Confidential Online (Landing Zones) Management Group. Default: Empty Array') param parLandingZonesConfidentialOnlineMgSubs array = [] -@description('Dictionary Object to allow additional or different child Management Groups of the Landing Zones Management Group describing the Subscription IDs which each of them contain.') +@description('Dictionary Object to allow additional or different child Management Groups of the Landing Zones Management Group describing the Subscription IDs which each of them contain. Default: Empty Object') param parLandingZoneMgChildrenSubs object = {} -@description('An array of Subscription IDs to place in the Decommissioned Management Group.') +@description('An array of Subscription IDs to place in the Decommissioned Management Group. Default: Empty Array') param parDecommissionedMgSubs array = [] -@description('An array of Subscription IDs to place in the Sandbox Management Group.') +@description('An array of Subscription IDs to place in the Sandbox Management Group. Default: Empty Array') param parSandboxMgSubs array = [] -@description('Set Parameter to true to Opt-out of deployment telemetry') +@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false') param parTelemetryOptOut bool = false var varMgIds = {