From fd31716c31215770940af8f53f8196ca7a78227b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Bezen=C3=A7on?= Date: Tue, 29 Mar 2022 09:48:14 +0200 Subject: [PATCH 1/5] Fixed parDdosEnabled/parDdosPlanName camel casing --- .../modules/hubNetworking/hubNetworking.bicep | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index e5453cdfe..aede225a1 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -60,10 +60,10 @@ param parBastionName string = '${parCompanyPrefix}-bastion' param parBastionSku string = 'Standard' @description('Switch which allows DDOS deployment to be disabled. Default: true') -param parDDoSEnabled bool = true +param parDdosEnabled bool = true @description('DDOS Plan Name. Default: {parCompanyPrefix}-DDos-Plan') -param parDDoSPlanName string = '${parCompanyPrefix}-DDoS-Plan' +param parDdosPlanName string = '${parCompanyPrefix}-DDoS-Plan' @description('Switch which allows Azure Firewall deployment to be disabled. Default: true') param parAzureFirewallEnabled bool = true @@ -208,13 +208,13 @@ var varGwConfig = [ // Customer Usage Attribution Id var varCuaid = '2686e846-5fdc-4d4f-b533-16dcb09d6e6c' -resource resDDoSProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-02-01' = if (parDDoSEnabled) { - name: parDDoSPlanName +resource resDDoSProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-02-01' = if (parDdosEnabled) { + name: parDdosPlanName location: parLocation tags: parTags } -//DDos Protection plan will only be enabled if parDDoSEnabled is true. +//DDos Protection plan will only be enabled if parDdosEnabled is true. resource resHubVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' = { name: parHubNetworkName location: parLocation @@ -229,8 +229,8 @@ resource resHubVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' = { dnsServers: parDNSServerIPArray } subnets: varSubnetProperties - enableDdosProtection: parDDoSEnabled - ddosProtectionPlan: (parDDoSEnabled) ? { + enableDdosProtection: parDdosEnabled + ddosProtectionPlan: (parDdosEnabled) ? { id: resDDoSProtectionPlan.id } : null } From 96111bd5ace24d9c1d8992116c849125fcbacafb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Bezen=C3=A7on?= Date: Tue, 29 Mar 2022 13:45:36 +0200 Subject: [PATCH 2/5] DDoS -> Ddos camel case updates including docs and output --- infra-as-code/bicep/modules/hubNetworking/README.md | 2 +- .../bicep/modules/hubNetworking/hubNetworking.bicep | 10 +++++----- .../orchestration/hubSpoke/orch-hubSpoke.bicep | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/README.md b/infra-as-code/bicep/modules/hubNetworking/README.md index ad0012868..e6de1a9af 100644 --- a/infra-as-code/bicep/modules/hubNetworking/README.md +++ b/infra-as-code/bicep/modules/hubNetworking/README.md @@ -25,7 +25,7 @@ The module requires the following inputs: | parPrivateDNSZonesEnabled | bool | true | Switch to enable deployment of Azure Private DNS Zones | None | true | | parPrivateDnsZones | array | See example parameters file [`hubNetworking.parameters.json`](hubNetworking.parameters.example.json) | Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones except for: `privatelink.batch.azure.com`, `privatelink.azmk8s.io` and `privatelink.siterecovery.windowsazure.com` as these are region specific, which you can add to the parameters file with the required region in the zone name that you wish to deploy for. For more details on private DNS Zones please refer to the above link. | None | See Default | | parCompanyPrefix | string | alz | Prefix value which will be pre-appended to all resource names | 1-10 char | alz | - | parDdosPlanName | string | ${parCompanyPrefix}-DDos-Plan | Name which will be associated with distributed denial of service protection plan | 1-80 char | alz-DDos-Plan | + | parDdosPlanName | string | ${parCompanyPrefix}-Ddos-Plan | Name which will be associated with distributed denial of service protection plan | 1-80 char | alz-Ddos-Plan | | parBastionName | string | ${parCompanyPrefix}-bastion | Name which will be associated with Bastion Service. | 1-80 char | alz-bastion | | parBastionSku | string | Standard | SKU or Tier of Bastion Service to deploy | Standard or Basic | Standard | | parPublicIPSku | string | Standard | SKU or Tier of Public IP to deploy | Standard or Basic | Standard | diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index aede225a1..3a03bee78 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -62,8 +62,8 @@ param parBastionSku string = 'Standard' @description('Switch which allows DDOS deployment to be disabled. Default: true') param parDdosEnabled bool = true -@description('DDOS Plan Name. Default: {parCompanyPrefix}-DDos-Plan') -param parDdosPlanName string = '${parCompanyPrefix}-DDoS-Plan' +@description('DDOS Plan Name. Default: {parCompanyPrefix}-Ddos-Plan') +param parDdosPlanName string = '${parCompanyPrefix}-Ddos-Plan' @description('Switch which allows Azure Firewall deployment to be disabled. Default: true') param parAzureFirewallEnabled bool = true @@ -208,7 +208,7 @@ var varGwConfig = [ // Customer Usage Attribution Id var varCuaid = '2686e846-5fdc-4d4f-b533-16dcb09d6e6c' -resource resDDoSProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-02-01' = if (parDdosEnabled) { +resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-02-01' = if (parDdosEnabled) { name: parDdosPlanName location: parLocation tags: parTags @@ -231,7 +231,7 @@ resource resHubVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' = { subnets: varSubnetProperties enableDdosProtection: parDdosEnabled ddosProtectionPlan: (parDdosEnabled) ? { - id: resDDoSProtectionPlan.id + id: resDdosProtectionPlan.id } : null } } @@ -482,6 +482,6 @@ output outPrivateDnsZones array = [for i in range(0, length(parPrivateDnsZones)) id: resPrivateDnsZones[i].id }] -output outDDoSPlanResourceID string = resDDoSProtectionPlan.id +output outDdosPlanResourceID string = resDdosProtectionPlan.id output outHubVirtualNetworkName string = resHubVirtualNetwork.name output outHubVirtualNetworkID string = resHubVirtualNetwork.id diff --git a/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/orch-hubSpoke.bicep b/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/orch-hubSpoke.bicep index 02e170320..2666d16fb 100644 --- a/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/orch-hubSpoke.bicep +++ b/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/orch-hubSpoke.bicep @@ -887,7 +887,7 @@ module modPolicyAssignmentConnEnableDDoSVNET '../../policy/assignments/policyAss parPolicyAssignmentParameters: varPolicyAssignmentEnableDDoSVNET.libDefinition.properties.parameters parPolicyAssignmentParameterOverrides: { ddosPlan: { - value: modHubNetworking.outputs.outDDoSPlanResourceID + value: modHubNetworking.outputs.outDdosPlanResourceID } } parPolicyAssignmentIdentityType: varPolicyAssignmentEnableDDoSVNET.libDefinition.identity.type From 71b660ade82e76ea8cb5c7b8dbea707e551c7a84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Bezen=C3=A7on?= Date: Tue, 29 Mar 2022 17:55:05 +0200 Subject: [PATCH 3/5] Ensure that all instances of alz-DDos-Plan -> alz-ddos-plan in code, example, doc and validate.yaml --- infra-as-code/bicep/modules/hubNetworking/README.md | 4 ++-- infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep | 4 ++-- .../bicep/modules/policy/assignments/alzDefaults/README.md | 2 +- .../alzDefaultPolicyAssignments.parameters.example.json | 2 +- infra-as-code/bicep/modules/spokeNetworking/README.md | 2 +- tests/pipelines/bicep-build-to-validate.yml | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/README.md b/infra-as-code/bicep/modules/hubNetworking/README.md index e6de1a9af..128e8769a 100644 --- a/infra-as-code/bicep/modules/hubNetworking/README.md +++ b/infra-as-code/bicep/modules/hubNetworking/README.md @@ -25,7 +25,7 @@ The module requires the following inputs: | parPrivateDNSZonesEnabled | bool | true | Switch to enable deployment of Azure Private DNS Zones | None | true | | parPrivateDnsZones | array | See example parameters file [`hubNetworking.parameters.json`](hubNetworking.parameters.example.json) | Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones except for: `privatelink.batch.azure.com`, `privatelink.azmk8s.io` and `privatelink.siterecovery.windowsazure.com` as these are region specific, which you can add to the parameters file with the required region in the zone name that you wish to deploy for. For more details on private DNS Zones please refer to the above link. | None | See Default | | parCompanyPrefix | string | alz | Prefix value which will be pre-appended to all resource names | 1-10 char | alz | - | parDdosPlanName | string | ${parCompanyPrefix}-Ddos-Plan | Name which will be associated with distributed denial of service protection plan | 1-80 char | alz-Ddos-Plan | + | parDdosPlanName | string | ${parCompanyPrefix}-ddos-plan | Name which will be associated with distributed denial of service protection plan | 1-80 char | alz-ddos-plan | | parBastionName | string | ${parCompanyPrefix}-bastion | Name which will be associated with Bastion Service. | 1-80 char | alz-bastion | | parBastionSku | string | Standard | SKU or Tier of Bastion Service to deploy | Standard or Basic | Standard | | parPublicIPSku | string | Standard | SKU or Tier of Public IP to deploy | Standard or Basic | Standard | @@ -51,7 +51,7 @@ The module will generate the following outputs: | ------------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | outAzureFirewallPrivateIP | string | 192.168.100.1 | | outAzureFirewallName | string | MyAzureFirewall | -| outDdosPlanResourceId | string | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-Ddos-Plan | +| outDdosPlanResourceId | string | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan | | outPrivateDnsZones | array | `["name": "privatelink.azurecr.io", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/net-lz-spk-eastus-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"]` | ## Deployment diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 3a03bee78..ee4d515ff 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -62,8 +62,8 @@ param parBastionSku string = 'Standard' @description('Switch which allows DDOS deployment to be disabled. Default: true') param parDdosEnabled bool = true -@description('DDOS Plan Name. Default: {parCompanyPrefix}-Ddos-Plan') -param parDdosPlanName string = '${parCompanyPrefix}-Ddos-Plan' +@description('DDOS Plan Name. Default: {parCompanyPrefix}-ddos-plan') +param parDdosPlanName string = '${parCompanyPrefix}-ddos-plan' @description('Switch which allows Azure Firewall deployment to be disabled. Default: true') param parAzureFirewallEnabled bool = true diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/README.md b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/README.md index d1deea1b8..3bc075b1b 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/README.md +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/README.md @@ -16,7 +16,7 @@ The module requires the following inputs: | parLogAnalyticsWorkspaceLogRetentionInDays | Number of days of log retention for Log Analytics Workspace | Yes | `365` | `365` | | parAutomationAccountName | Automation Account name | Yes | `alz-automation-account` | `alz-automation-account` | | parMSDFCEmailSecurityContact | An e-mail address that you want Microsoft Defender for Cloud alerts to be sent to. | Yes | `security_contact@replace_me.com` | `security_contact@replace_me.com` | - | parDdosProtectionPlanId | ID of the DDoS Protection Plan which will be applied to the Virtual Networks. If left empty, the policy Enable-DDoS-VNET will not be assigned at connectivity or landing zone Management Groups to avoid VNET deployment issues. | Yes | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-Ddos-Plan` | (empty string) | + | parDdosProtectionPlanId | ID of the DDoS Protection Plan which will be applied to the Virtual Networks. If left empty, the policy Enable-DDoS-VNET will not be assigned at connectivity or landing zone Management Groups to avoid VNET deployment issues. | Yes | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-Plan` | (empty string) | | parTelemetryOptOut | Set Parameter to true to Opt-out of deployment telemetry | Yes | `false` | `false` | ## Outputs diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.parameters.example.json b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.parameters.example.json index 82e3f1947..1c2b936d4 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.parameters.example.json +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.parameters.example.json @@ -21,7 +21,7 @@ "value": "security_contact@replace_me.com" }, "parDdosProtectionPlanId": { - "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-Ddos-Plan" + "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan" }, "parTelemetryOptOut": { "value": false diff --git a/infra-as-code/bicep/modules/spokeNetworking/README.md b/infra-as-code/bicep/modules/spokeNetworking/README.md index f56ecab23..795a63efc 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/README.md +++ b/infra-as-code/bicep/modules/spokeNetworking/README.md @@ -17,7 +17,7 @@ The module requires the following inputs: | parLocation | string | `resourceGroup().location` | The Azure Region to deploy the resources into | None | `eastus` | | parBGPRoutePropagation | bool | false | Switch to enable BGP Route Propagation on VNet Route Table | None | false | | parTags | object | Empty object `{}` | Array of Tags to be applied to all resources in the Spoke Network | None | `{"key": "value"}` | - | parDdosProtectionPlanId | string | Empty string `''` | Existing DDoS Protection plan to utilize | None | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-Ddos-Plan` | + | parDdosProtectionPlanId | string | Empty string `''` | Existing DDoS Protection plan to utilize | None | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-Plan` | | parSpokeNetworkAddressPrefix | string | '10.11.0.0/16' | CIDR for Spoke Network | None | '10.11.0.0/16' | | parSpokeNetworkName | string | 'vnet-spoke' | The Name of the Spoke Virtual Network. | None | 'vnet-spoke' | | parDNSServerIPArray | array | Empty array `[]` | Array IP DNS Servers to use for VNet DNS Resolution | None | `['10.10.1.4', '10.20.1.5']` | diff --git a/tests/pipelines/bicep-build-to-validate.yml b/tests/pipelines/bicep-build-to-validate.yml index 20672726b..cc8bbb7df 100644 --- a/tests/pipelines/bicep-build-to-validate.yml +++ b/tests/pipelines/bicep-build-to-validate.yml @@ -169,7 +169,7 @@ jobs: azureSubscription: 'azserviceconnection' ScriptType: 'FilePath' ScriptPath: '.github/scripts/Set-AlzDefaultPolicyAssignment.ps1' - ScriptArguments: '-ManagementGroupId "$(ManagementGroupPrefix)-platform" -parLocation $(Location) -templateFile ./infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep -parameterFile .\infra-as-code\bicep\modules\policy\assignments\alzDefaults\alzDefaultPolicyAssignments.parameters.example.json -parTopLevelManagementGroupPrefix $(ManagementGroupPrefix) -parLogAnalyticsWorkSpaceAndAutomationAccountLocation $(Location) -parLogAnalyticsWorkspaceResourceID "/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics" -parDdosProtectionPlanId "/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/ddosProtectionPlans/alz-Ddos-Plan"' + ScriptArguments: '-ManagementGroupId "$(ManagementGroupPrefix)-platform" -parLocation $(Location) -templateFile ./infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep -parameterFile .\infra-as-code\bicep\modules\policy\assignments\alzDefaults\alzDefaultPolicyAssignments.parameters.example.json -parTopLevelManagementGroupPrefix $(ManagementGroupPrefix) -parLogAnalyticsWorkSpaceAndAutomationAccountLocation $(Location) -parLogAnalyticsWorkspaceResourceID "/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics" -parDdosProtectionPlanId "/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan"' azurePowerShellVersion: 'LatestVersion' pwsh: true From 7855929e2f20743dcf9ee96de8e1841d4ca062f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Bezen=C3=A7on?= Date: Wed, 30 Mar 2022 09:07:20 +0200 Subject: [PATCH 4/5] alz-ddos-Plan -> alz-ddos-plan --- .../modules/hubNetworking/hubNetworking.parameters.example.json | 2 +- .../hubNetworking/mc-hubNetworking.parameters.example.json | 2 +- .../bicep/modules/policy/assignments/alzDefaults/README.md | 2 +- infra-as-code/bicep/modules/spokeNetworking/README.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.parameters.example.json b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.parameters.example.json index 7d831d6ef..1b98a59eb 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.parameters.example.json +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.parameters.example.json @@ -49,7 +49,7 @@ "value": true }, "parDdosPlanName": { - "value": "alz-ddos-Plan" + "value": "alz-ddos-plan" }, "parAzureFirewallEnabled": { "value": true diff --git a/infra-as-code/bicep/modules/hubNetworking/mc-hubNetworking.parameters.example.json b/infra-as-code/bicep/modules/hubNetworking/mc-hubNetworking.parameters.example.json index b7574483a..960fa8fac 100644 --- a/infra-as-code/bicep/modules/hubNetworking/mc-hubNetworking.parameters.example.json +++ b/infra-as-code/bicep/modules/hubNetworking/mc-hubNetworking.parameters.example.json @@ -49,7 +49,7 @@ "value": false }, "parDdosPlanName": { - "value": "alz-ddos-Plan" + "value": "alz-ddos-plan" }, "parAzureFirewallEnabled": { "value": true diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/README.md b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/README.md index 3bc075b1b..f4af47b5f 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/README.md +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/README.md @@ -16,7 +16,7 @@ The module requires the following inputs: | parLogAnalyticsWorkspaceLogRetentionInDays | Number of days of log retention for Log Analytics Workspace | Yes | `365` | `365` | | parAutomationAccountName | Automation Account name | Yes | `alz-automation-account` | `alz-automation-account` | | parMSDFCEmailSecurityContact | An e-mail address that you want Microsoft Defender for Cloud alerts to be sent to. | Yes | `security_contact@replace_me.com` | `security_contact@replace_me.com` | - | parDdosProtectionPlanId | ID of the DDoS Protection Plan which will be applied to the Virtual Networks. If left empty, the policy Enable-DDoS-VNET will not be assigned at connectivity or landing zone Management Groups to avoid VNET deployment issues. | Yes | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-Plan` | (empty string) | + | parDdosProtectionPlanId | ID of the DDoS Protection Plan which will be applied to the Virtual Networks. If left empty, the policy Enable-DDoS-VNET will not be assigned at connectivity or landing zone Management Groups to avoid VNET deployment issues. | Yes | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan` | (empty string) | | parTelemetryOptOut | Set Parameter to true to Opt-out of deployment telemetry | Yes | `false` | `false` | ## Outputs diff --git a/infra-as-code/bicep/modules/spokeNetworking/README.md b/infra-as-code/bicep/modules/spokeNetworking/README.md index 795a63efc..f03900dba 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/README.md +++ b/infra-as-code/bicep/modules/spokeNetworking/README.md @@ -17,7 +17,7 @@ The module requires the following inputs: | parLocation | string | `resourceGroup().location` | The Azure Region to deploy the resources into | None | `eastus` | | parBGPRoutePropagation | bool | false | Switch to enable BGP Route Propagation on VNet Route Table | None | false | | parTags | object | Empty object `{}` | Array of Tags to be applied to all resources in the Spoke Network | None | `{"key": "value"}` | - | parDdosProtectionPlanId | string | Empty string `''` | Existing DDoS Protection plan to utilize | None | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-Plan` | + | parDdosProtectionPlanId | string | Empty string `''` | Existing DDoS Protection plan to utilize | None | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan` | | parSpokeNetworkAddressPrefix | string | '10.11.0.0/16' | CIDR for Spoke Network | None | '10.11.0.0/16' | | parSpokeNetworkName | string | 'vnet-spoke' | The Name of the Spoke Virtual Network. | None | 'vnet-spoke' | | parDNSServerIPArray | array | Empty array `[]` | Array IP DNS Servers to use for VNet DNS Resolution | None | `['10.10.1.4', '10.20.1.5']` | From 25dca6a5f7a488e23c11ea9e5997ca01b4ce1b30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Bezen=C3=A7on?= Date: Wed, 30 Mar 2022 09:17:26 +0200 Subject: [PATCH 5/5] found one last parDDoSPlanName in orch-hubSpoke.bicep - fixed now --- .../unstable/orchestration/hubSpoke/orch-hubSpoke.bicep | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/orch-hubSpoke.bicep b/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/orch-hubSpoke.bicep index 2666d16fb..764e073f2 100644 --- a/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/orch-hubSpoke.bicep +++ b/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/orch-hubSpoke.bicep @@ -106,10 +106,10 @@ param parAutomationAccountName string = 'alz-automation-account' param parBastionEnabled bool = true @description('Switch which allows DDOS deployment to be disabled. Default: true') -param parDDoSEnabled bool = true +param parDdosEnabled bool = true -@description('DDOS Plan Name. Default: {parTopLevelManagementGroupPrefix}-DDos-Plan') -param parDDoSPlanName string = '${parTopLevelManagementGroupPrefix}-DDoS-Plan' +@description('DDOS Plan Name. Default: {parTopLevelManagementGroupPrefix}-ddos-plan') +param parDdosPlanName string = '${parTopLevelManagementGroupPrefix}-ddos-plan' @description('Switch which allows Azure Firewall deployment to be disabled. Default: true') param parAzureFirewallEnabled bool = true