Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated markdowns to correspond with the Bicep files #331

Merged
merged 23 commits into from
Oct 26, 2022
Merged

Updated markdowns to correspond with the Bicep files #331

Show file tree
Hide file tree
Changes from 18 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
3aac7b6
Typo and consistency fixes in customRoleDefinitions
johnlokerse Oct 6, 2022
20f13a3
markdown updates regarding hubNetworking.bicep
johnlokerse Oct 8, 2022
758b79b
markdown / bicep updates regarding logging.bicep
johnlokerse Oct 8, 2022
ce46f55
markdown / bicep updates regarding managementGroups.bicep
johnlokerse Oct 8, 2022
eae2e0e
changes to markdown / bicep: privateDnsZones, publicIp and resourceGr…
johnlokerse Oct 8, 2022
397ea8c
changes to markdown / bicep: spokeNetworking.bicep
johnlokerse Oct 8, 2022
c93564d
Removed 'trailing whitespaces'
johnlokerse Oct 8, 2022
2f38873
Fixes regarding CI build
johnlokerse Oct 8, 2022
6b57951
changes to markdown / bicep: subscriptionPlacement.bicep
johnlokerse Oct 9, 2022
fd2ae2a
changes to markdown / bicep: vnetPeeringVwan, vnetPeering.bicep
johnlokerse Oct 9, 2022
ce984ad
Fix ci
johnlokerse Oct 9, 2022
116acbf
Fix json regarding linter errors
johnlokerse Oct 9, 2022
8ea9eb0
Merge branch 'main' into bug/319
johnlokerse Oct 16, 2022
a3fe24e
Updated readme in hubNetworking
johnlokerse Oct 16, 2022
5ba2f0f
changes to markdown / bicep: hubPeeredSpoke.bicep
johnlokerse Oct 16, 2022
7790e0b
changes to markdown / bicep: role assignments, mgDiagSettings, subPla…
johnlokerse Oct 16, 2022
a0dfb3e
Replaced guid values with xxx, yyy
johnlokerse Oct 16, 2022
b14efd1
Reverted values, updated readme according to that.
johnlokerse Oct 16, 2022
87a84e3
Consistency in way of writing
johnlokerse Oct 16, 2022
e16262d
PR feedback: removed minLength/maxLength, added default array value f…
johnlokerse Oct 22, 2022
bb40d6c
Merge main into branch
johnlokerse Oct 22, 2022
cbc51e3
Merge branch 'main' into bug/319
johnlokerse Oct 22, 2022
ebb3011
Merge branch 'main' into bug/319
johnlokerse Oct 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion infra-as-code/bicep/modules/customRoleDefinitions/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ The module requires the following inputs:

| Parameter | Description | Requirement | Example |
| ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | ------- |
| parAssignableScopeManagementGroupId | The management group scope to which the role can be assigned. This management group ID will be used for the [assignableScopes](https://docs.microsoft.com/azure/role-based-access-control/role-definitions#assignablescopes) property in the role definition. | Mandatory input | `alz` |
| parAssignableScopeManagementGroupId | The management group scope to which the role can be assigned. This management group ID will be used for the [assignableScopes](https://docs.microsoft.com/azure/role-based-access-control/role-definitions#assignablescopes) property in the role definition. | None | `alz` |
| parTelemetryOptOut | Set Parameter to true to Opt-out of deployment telemetry | None | `false` |

## Outputs
Expand Down
4 changes: 2 additions & 2 deletions infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
targetScope = 'managementGroup'

@description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition.')
@description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition. Default: alz')
param parAssignableScopeManagementGroupId string = 'alz'

@description('Set Parameter to true to Opt-out of deployment telemetry')
@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false')
param parTelemetryOptOut bool = false

// Customer Usage Attribution Id
Expand Down
4 changes: 2 additions & 2 deletions infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
targetScope = 'managementGroup'

@description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition.')
@description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition. Default: alz')
param parAssignableScopeManagementGroupId string = 'alz'

@description('Set Parameter to true to Opt-out of deployment telemetry')
@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false')
param parTelemetryOptOut bool = false

// Customer Usage Attribution Id
Expand Down
18 changes: 11 additions & 7 deletions infra-as-code/bicep/modules/hubNetworking/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,11 @@ Module deploys the following resources:
- Subnets
- VPN Gateway/ExpressRoute Gateway
- Azure Firewall
- Azure Firewall Policies
- Private DNS Zones
- DDos Standard Plan
- Bastion
- Route Table

## Parameters

Expand All @@ -35,7 +37,7 @@ The module requires the following inputs:
| parHubNetworkAddressPrefix | string | 10.10.0.0/16 | CIDR range for Hub Network | CIDR Notation | 10.10.0.0/16 |
| parHubNetworkName | string | `${parCompanyPrefix}-hub-${parLocation}` | Name prefix for Virtual Network. Prefix will be appended with the region. | 2-50 char | alz-hub-eastus |
| parAzFirewallName | string | `${parCompanyPrefix}-azfw-${parLocation}` | Name associated with Azure Firewall | 1-80 char | alz-azfw-eastus |
| parAzFirewallPoliciesName | string | `${parCompanyPrefix}-azfwpolicy-${resourceGroup().location}` | Name associated with Azure Firewall Policy | 1-80 char | alz-azfwpolicy-eastus |
| parAzFirewallPoliciesName | string | `${parCompanyPrefix}-azfwpolicy-${parLocation}` | Name associated with Azure Firewall Policy | 1-80 char | alz-azfwpolicy-eastus |
jtracey93 marked this conversation as resolved.
Show resolved Hide resolved
| parAzFirewallTier | string | Standard | Tier associated with the Firewall to be deployed. | Standard or Premium | Premium |
| parAzFirewallAvailabilityZones | array | Empty Array [] | Availability Zones to deploy the Azure Firewall across. This also affects the PIP associated with the Azure Firewall. Region must support Availability Zones to use. If it does not then leave empty. | None | `['1']` or `['1' ,'2', '3']` |
| parAzErGatewayAvailabilityZones | array | Empty Array [] | Availability Zones to deploy the ER Gateway PIP across. Ensure that you use a zonal SKU for the Gateway if using Zonal or Zone-Redundant Public IP Address. Region must support Availability Zones to use. If it does not then leave empty. | None | `['1']` or `['1' ,'2', '3']` |
Expand Down Expand Up @@ -67,12 +69,14 @@ The module requires the following inputs:

The module will generate the following outputs:

| Output | Type | Example |
| ---------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| outAzFirewallPrivateIp | string | 192.168.100.1 |
| outAzFirewallName | string | MyAzureFirewall |
| outDdosPlanResourceId | string | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan |
| outPrivateDnsZones | array | `["name": "privatelink.azurecr.io", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/net-lz-spk-eastus-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"]` |
| Output | Type | Example |
| ------------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| outAzFirewallPrivateIp | string | 192.168.100.1 |
| outAzFirewallName | string | MyAzureFirewall |
| outDdosPlanResourceId | string | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan |
| outPrivateDnsZones | array | `["name": "privatelink.azurecr.io", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/net-lz-spk-eastus-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"]` |
| outHubVirtualNetworkName | array | MyHubVirtualNetworkName |
| outHubVirtualNetworkId | array | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/virtualNetworks/my-hub-vnet |

## Deployment
> **Note:** `bicepconfig.json` file is included in the module directory. This file allows us to override Bicep Linters. Currently there are two URLs which were removed because of linter warnings. URLs removed are the following: database.windows.net and core.windows.net
Expand Down
18 changes: 9 additions & 9 deletions infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ param parHubNetworkName string = '${parCompanyPrefix}-hub-${parLocation}'
@description('The IP address range for all virtual networks to use. Default: 10.10.0.0/16')
param parHubNetworkAddressPrefix string = '10.10.0.0/16'

@description('The name and IP address range for each subnet in the virtual networks. Default: AzureBastionSubnet, GatewaySubnet, AzureFirewall Subnet')
@description('The name and IP address range for each subnet in the virtual networks. Default: AzureBastionSubnet, GatewaySubnet, AzureFirewallSubnet')
param parSubnets array = [
{
name: 'AzureBastionSubnet'
Expand Down Expand Up @@ -57,13 +57,13 @@ param parDdosPlanName string = '${parCompanyPrefix}-ddos-plan'
@description('Switch to enable/disable Azure Firewall deployment. Default: true')
param parAzFirewallEnabled bool = true

@description('Azure Firewall Name. Default: {parCompanyPrefix}-azure-firewall ')
@description('Azure Firewall Name. Default: {parCompanyPrefix}-azure-firewall')
param parAzFirewallName string = '${parCompanyPrefix}-azfw-${parLocation}'

@description('Azure Firewall Policies Name. Default: {parCompanyPrefix}-fwpol-{parLocation}')
param parAzFirewallPoliciesName string = '${parCompanyPrefix}-azfwpolicy-${parLocation}'

@description('Azure Firewall Tier associated with the Firewall to deploy. Default: Standard ')
@description('Azure Firewall Tier associated with the Firewall to deploy. Default: Standard')
@allowed([
'Standard'
'Premium'
Expand All @@ -75,23 +75,23 @@ param parAzFirewallTier string = 'Standard'
'2'
'3'
])
@description('Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty.')
@description('Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. Default: Empty Array')
param parAzFirewallAvailabilityZones array = []

@allowed([
'1'
'2'
'3'
])
@description('Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP')
@description('Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. Default: Empty Array')
param parAzErGatewayAvailabilityZones array = []

@allowed([
'1'
'2'
'3'
])
@description('Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP')
@description('Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. Default: Empty Array')
param parAzVpnGatewayAvailabilityZones array = []

@description('Switch to enable/disable Azure Firewall DNS Proxy. Default: true')
Expand All @@ -106,7 +106,7 @@ param parDisableBgpRoutePropagation bool = false
@description('Switch to enable/disable Private DNS Zones deployment. Default: true')
param parPrivateDnsZonesEnabled bool = true

@description('Resource Group Name for Private DNS Zones. Default: same resource group')
@description('Resource Group Name for Private DNS Zones. Default: resourceGroup().name')
param parPrivateDnsZonesResourceGroup string = resourceGroup().name

@description('Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones')
Expand Down Expand Up @@ -211,10 +211,10 @@ param parExpressRouteGatewayConfig object = {
}
}

@description('Tags you would like to be applied to all resources in this module. Default: empty array')
@description('Tags you would like to be applied to all resources in this module. Default: Empty Object')
param parTags object = {}

@description('Set Parameter to true to Opt-out of deployment telemetry')
@description('Set Parameter to true to Opt-out of deployment telemetry. Default: false')
param parTelemetryOptOut bool = false

var varSubnetProperties = [for subnet in parSubnets: {
Expand Down
Loading