Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add option to set NSG and UDR on subnets in hub-vnet #513

Merged
merged 16 commits into from
May 3, 2023
Merged

add option to set NSG and UDR on subnets in hub-vnet #513

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
f92103e
added option to associate routetable with subnet
picccard Apr 27, 2023
f6c721b
updated module doc
picccard Apr 27, 2023
68e3efd
simplified ternary operator
picccard Apr 29, 2023
73e7b3c
Update hubNetworking.bicep
picccard Apr 29, 2023
f4a73c1
Merge branch 'Azure:main' into subnet-routetables
picccard Apr 29, 2023
cd40509
Generate Parameter Markdowns [picccard/4265c127]
github-actions[bot] Apr 29, 2023
15a32e5
add option to set networkSecurityGroupId on subnet
picccard Apr 30, 2023
db56297
update default parSubnet object
picccard Apr 30, 2023
11dfa7b
doc fix
picccard Apr 30, 2023
50729e8
Generate Parameter Markdowns [picccard/4265c127]
github-actions[bot] Apr 30, 2023
6a3563d
Merge branch 'main' into subnet-routetables
picccard May 1, 2023
5531f32
Merge branch 'main' into subnet-routetables
picccard May 3, 2023
daba3ca
Generate Parameter Markdowns [picccard/ad33c272]
github-actions[bot] May 3, 2023
9cd46ea
sat default values for AzureFirewallManagementSubnet
picccard May 3, 2023
3085934
Update generateddocs for hubNetworking.bicep.md
picccard May 3, 2023
ba5a2a1
remove whitespace
jtracey93 May 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 14 additions & 6 deletions infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ parLocation | No | The Azure Region to deploy the resources into.
parCompanyPrefix | No | Prefix value which will be prepended to all resource names.
parHubNetworkName | No | Prefix Used for Hub Network.
parHubNetworkAddressPrefix | No | The IP address range for all virtual networks to use.
parSubnets | No | The name and IP address range for each subnet in the virtual networks.
parSubnets | No | The name, IP address range, network security group and route table for each subnet in the virtual networks.
parDnsServerIps | No | Array of DNS Server IP addresses for VNet.
parPublicIpSku | No | Public IP Address SKU.
parPublicIpPrefix | No | Optional Prefix for Public IPs. Include a succedent dash if required. Example: prefix-
Expand Down Expand Up @@ -76,7 +76,7 @@ The IP address range for all virtual networks to use.

![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)

The name and IP address range for each subnet in the virtual networks.
The name, IP address range, network security group and route table for each subnet in the virtual networks.

- Default value: ` `

Expand Down Expand Up @@ -348,19 +348,27 @@ outHubVirtualNetworkId | string |
"value": [
{
"name": "AzureBastionSubnet",
"ipAddressRange": "10.10.15.0/24"
"ipAddressRange": "10.10.15.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "GatewaySubnet",
"ipAddressRange": "10.10.252.0/24"
"ipAddressRange": "10.10.252.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "AzureFirewallSubnet",
"ipAddressRange": "10.10.254.0/24"
"ipAddressRange": "10.10.254.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "AzureFirewallManagementSubnet",
"ipAddressRange": "10.10.253.0/24"
"ipAddressRange": "10.10.253.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
}
]
},
Expand Down
19 changes: 17 additions & 2 deletions infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,23 +13,31 @@ param parHubNetworkName string = '${parCompanyPrefix}-hub-${parLocation}'
@sys.description('The IP address range for all virtual networks to use.')
param parHubNetworkAddressPrefix string = '10.10.0.0/16'

@sys.description('The name and IP address range for each subnet in the virtual networks.')
@sys.description('The name, IP address range, network security group and route table for each subnet in the virtual networks.')
param parSubnets array = [
{
name: 'AzureBastionSubnet'
ipAddressRange: '10.10.15.0/24'
networkSecurityGroupId: ''
routeTableId: ''
}
{
name: 'GatewaySubnet'
ipAddressRange: '10.10.252.0/24'
networkSecurityGroupId: ''
routeTableId: ''
}
{
name: 'AzureFirewallSubnet'
ipAddressRange: '10.10.254.0/24'
networkSecurityGroupId: ''
routeTableId: ''
}
{
name: 'AzureFirewallManagementSubnet'
ipAddressRange: '10.10.253.0/24'
networkSecurityGroupId: ''
routeTableId: ''
}
]

Expand Down Expand Up @@ -251,8 +259,15 @@ var varSubnetProperties = [for subnet in parSubnets: {
name: subnet.name
properties: {
addressPrefix: subnet.ipAddressRange
networkSecurityGroup: subnet.name != 'AzureBastionSubnet' ? null : {

networkSecurityGroup: (subnet.name == 'AzureBastionSubnet') ? {
id: '${resourceGroup().id}/providers/Microsoft.Network/networkSecurityGroups/${parAzBastionNsgName}'
} : (!empty(subnet.networkSecurityGroupId)) ? {
id: subnet.networkSecurityGroupId
} : null

routeTable: (empty(subnet.routeTableId)) ? null : {
id: subnet.routeTableId
}
}
}]
Expand Down
16 changes: 12 additions & 4 deletions infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,19 +18,27 @@
"value": [
{
"name": "AzureBastionSubnet",
"ipAddressRange": "10.20.0.0/24"
"ipAddressRange": "10.20.0.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "GatewaySubnet",
"ipAddressRange": "10.20.254.0/24"
"ipAddressRange": "10.20.254.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "AzureFirewallSubnet",
"ipAddressRange": "10.20.255.0/24"
"ipAddressRange": "10.20.255.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "AzureFirewallManagementSubnet",
"ipAddressRange": "10.10.253.0/24"
"ipAddressRange": "10.10.253.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
}
]
},
Expand Down
16 changes: 12 additions & 4 deletions infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,19 +9,27 @@
"value": [
{
"name": "AzureBastionSubnet",
"ipAddressRange": "10.20.0.0/24"
"ipAddressRange": "10.20.0.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "GatewaySubnet",
"ipAddressRange": "10.20.254.0/24"
"ipAddressRange": "10.20.254.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "AzureFirewallSubnet",
"ipAddressRange": "10.20.255.0/24"
"ipAddressRange": "10.20.255.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "AzureFirewallManagementSubnet",
"ipAddressRange": "10.10.253.0/24"
"ipAddressRange": "10.10.253.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
}
]
},
Expand Down
16 changes: 12 additions & 4 deletions infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,19 +18,27 @@
"value": [
{
"name": "AzureBastionSubnet",
"ipAddressRange": "10.20.0.0/24"
"ipAddressRange": "10.20.0.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "GatewaySubnet",
"ipAddressRange": "10.20.254.0/24"
"ipAddressRange": "10.20.254.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "AzureFirewallSubnet",
"ipAddressRange": "10.20.255.0/24"
"ipAddressRange": "10.20.255.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "AzureFirewallManagementSubnet",
"ipAddressRange": "10.10.253.0/24"
"ipAddressRange": "10.10.253.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
}
]
},
Expand Down
16 changes: 12 additions & 4 deletions infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,19 +12,27 @@
"value": [
{
"name": "AzureBastionSubnet",
"ipAddressRange": "10.20.0.0/24"
"ipAddressRange": "10.20.0.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "GatewaySubnet",
"ipAddressRange": "10.20.254.0/24"
"ipAddressRange": "10.20.254.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "AzureFirewallSubnet",
"ipAddressRange": "10.20.255.0/24"
"ipAddressRange": "10.20.255.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
},
{
"name": "AzureFirewallManagementSubnet",
"ipAddressRange": "10.10.253.0/24"
"ipAddressRange": "10.10.253.0/24",
"networkSecurityGroupId": "",
"routeTableId": ""
}
]
},
Expand Down