diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index 124b87fe5..09bc3a1da 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -73,20 +73,34 @@ jobs: - name: List Azure Resource Types shell: pwsh run: | - $resourceTypesFullList = @{} - - Get-ChildItem -Path '.\infra-as-code\bicep\modules' -Recurse -Filter '*.json' -Exclude 'callModuleFromACR.example.json', 'orchHubSpoke.json', '*parameters*.json', 'bicepconfig.json', '*policy_*.json' | ForEach-Object { - Write-Information "==> Reading Built ARM Template JSON File: $_" -InformationAction Continue - $armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 - $armResourceTypes = $armTemplate.Resources - $armResourceTypes | ForEach-Object { - if (!$resourceTypesFullList.ContainsKey($_.Type)) { - $resourceTypesFullList.Add($_.Type, 1) + function Add-ToResourceTypesList { + param ( + [Parameter(Mandatory = $true)] + [string] $Type + ) + if (!$resourceTypesFullList.ContainsKey($Type)) { + $resourceTypesFullList.Add($Type, 1) } else { - $resourceTypesFullList[$_.Type] += 1 + $resourceTypesFullList[$Type] += 1 + } + } + + $resourceTypesFullList = @{} + Get-ChildItem -Path '.\infra-as-code\bicep\modules' -Recurse -Filter '*.json' -Exclude 'callModuleFromACR.example.json', 'orchHubSpoke.json', '*parameters*.json', 'bicepconfig.json', '*policy_*.json' | ForEach-Object { + Write-Information "==> Reading Built ARM Template JSON File: $_" -InformationAction Continue + $armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 + $armResourceTypes = $armTemplate.Resources + $armResourceTypes | ForEach-Object { + if ($null -eq $_.Type) { + $_.PSObject.Properties | ForEach-Object { + Add-ToResourceTypesList -Type $_.Value.Type + } + } + else { + Add-ToResourceTypesList -Type $_.Type + } } - } } Write-Information "==> Remove nested deployments resource type" -InformationAction Continue diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index e6e10cb7d..a45108da8 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -1,6 +1,23 @@ metadata name = 'ALZ Bicep - Hub Networking Module' metadata description = 'ALZ Bicep Module used to set up Hub Networking' +type subnetOptionsType = ({ + @description('Name of subnet.') + name: string + + @description('IP-address range for subnet.') + ipAddressRange: string + + @description('Id of Network Security Group to associate with subnet.') + networkSecurityGroupId: string? + + @description('Id of Route Table to associate with subnet.') + routeTableId: string? + + @description('Name of the delegation to create for the subnet.') + delegation: string? +})[] + @sys.description('The Azure Region to deploy the resources into.') param parLocation string = resourceGroup().location @@ -14,7 +31,7 @@ param parHubNetworkName string = '${parCompanyPrefix}-hub-${parLocation}' param parHubNetworkAddressPrefix string = '10.10.0.0/16' @sys.description('The name, IP address range, network security group, route table and delegation serviceName for each subnet in the virtual networks.') -param parSubnets array = [ +param parSubnets subnetOptionsType = [ { name: 'AzureBastionSubnet' ipAddressRange: '10.10.15.0/24' diff --git a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md index b5b191506..aa14497e3 100644 --- a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md +++ b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md @@ -21,6 +21,7 @@ parTags | No | Tags you would like to be applied to all resources i parAutomationAccountTags | No | Tags you would like to be applied to Automation Account. parLogAnalyticsWorkspaceTags | No | Tags you would like to be applied to Log Analytics Workspace. parUseSentinelClassicPricingTiers | No | Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes introduced in July 2023 as documented here: https://learn.microsoft.com/azure/sentinel/enroll-simplified-pricing-tier. +parLogAnalyticsLinkedServiceAutomationAccountName | No | Log Analytics LinkedService name for Automation Account. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry ### parLogAnalyticsWorkspaceName @@ -147,6 +148,14 @@ Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes i - Default value: `False` +### parLogAnalyticsLinkedServiceAutomationAccountName + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Log Analytics LinkedService name for Automation Account. + +- Default value: `Automation` + ### parTelemetryOptOut ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -234,6 +243,9 @@ outAutomationAccountId | string | "parUseSentinelClassicPricingTiers": { "value": false }, + "parLogAnalyticsLinkedServiceAutomationAccountName": { + "value": "Automation" + }, "parTelemetryOptOut": { "value": false } diff --git a/infra-as-code/bicep/modules/logging/logging.bicep b/infra-as-code/bicep/modules/logging/logging.bicep index 4276c34ca..351259f53 100644 --- a/infra-as-code/bicep/modules/logging/logging.bicep +++ b/infra-as-code/bicep/modules/logging/logging.bicep @@ -92,6 +92,9 @@ param parLogAnalyticsWorkspaceTags object = parTags @sys.description('Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes introduced in July 2023 as documented here: https://learn.microsoft.com/azure/sentinel/enroll-simplified-pricing-tier.') param parUseSentinelClassicPricingTiers bool = false +@sys.description('Log Analytics LinkedService name for Automation Account.') +param parLogAnalyticsLinkedServiceAutomationAccountName string = 'Automation' + @sys.description('Set Parameter to true to Opt-out of deployment telemetry') param parTelemetryOptOut bool = false @@ -151,7 +154,7 @@ resource resLogAnalyticsWorkspaceSolutions 'Microsoft.OperationsManagement/solut resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.OperationalInsights/workspaces/linkedServices@2020-08-01' = if (parLogAnalyticsWorkspaceLinkAutomationAccount) { parent: resLogAnalyticsWorkspace - name: 'Automation' + name: parLogAnalyticsLinkedServiceAutomationAccountName properties: { resourceId: resAutomationAccount.id } diff --git a/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json b/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json index dd231d25c..711d6bc9b 100644 --- a/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json +++ b/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json @@ -54,6 +54,9 @@ "parUseSentinelClassicPricingTiers": { "value": false }, + "parLogAnalyticsLinkedServiceAutomationAccountName": { + "value": "Automation" + }, "parTelemetryOptOut": { "value": false } diff --git a/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json b/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json index d1c692f1a..9eb9eee21 100644 --- a/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json +++ b/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json @@ -48,6 +48,9 @@ "Environment": "Live" } }, + "parLogAnalyticsLinkedServiceAutomationAccountName": { + "value": "Automation" + }, "parTelemetryOptOut": { "value": false } diff --git a/infra-as-code/bicep/modules/mgDiagSettings/generateddocs/mgDiagSettings.bicep.md b/infra-as-code/bicep/modules/mgDiagSettings/generateddocs/mgDiagSettings.bicep.md index 41197208d..4535aa0b8 100644 --- a/infra-as-code/bicep/modules/mgDiagSettings/generateddocs/mgDiagSettings.bicep.md +++ b/infra-as-code/bicep/modules/mgDiagSettings/generateddocs/mgDiagSettings.bicep.md @@ -7,6 +7,7 @@ Module used to set up Diagnostic Settings for Management Groups Parameter name | Required | Description -------------- | -------- | ----------- parLogAnalyticsWorkspaceResourceId | Yes | Log Analytics Workspace Resource ID. +parDiagnosticSettingsName | No | Diagnostic Settings Name. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry ### parLogAnalyticsWorkspaceResourceId @@ -15,6 +16,14 @@ parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment t Log Analytics Workspace Resource ID. +### parDiagnosticSettingsName + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Diagnostic Settings Name. + +- Default value: `toLa` + ### parTelemetryOptOut ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -38,6 +47,9 @@ Set Parameter to true to Opt-out of deployment telemetry "parLogAnalyticsWorkspaceResourceId": { "value": "" }, + "parDiagnosticSettingsName": { + "value": "toLa" + }, "parTelemetryOptOut": { "value": false } diff --git a/infra-as-code/bicep/modules/mgDiagSettings/mgDiagSettings.bicep b/infra-as-code/bicep/modules/mgDiagSettings/mgDiagSettings.bicep index 0cf1e7438..45114b503 100644 --- a/infra-as-code/bicep/modules/mgDiagSettings/mgDiagSettings.bicep +++ b/infra-as-code/bicep/modules/mgDiagSettings/mgDiagSettings.bicep @@ -6,6 +6,9 @@ metadata description = 'Module used to set up Diagnostic Settings for Management @sys.description('Log Analytics Workspace Resource ID.') param parLogAnalyticsWorkspaceResourceId string +@sys.description('Diagnostic Settings Name.') +param parDiagnosticSettingsName string = 'toLa' + @sys.description('Set Parameter to true to Opt-out of deployment telemetry') param parTelemetryOptOut bool = false @@ -13,7 +16,7 @@ param parTelemetryOptOut bool = false var varCuaid = '5d17f1c2-f17b-4426-9712-0cd2652c4435' resource mgDiagSet 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = { - name: 'toLa' + name: parDiagnosticSettingsName properties: { workspaceId: parLogAnalyticsWorkspaceResourceId logs: [ diff --git a/infra-as-code/bicep/modules/mgDiagSettings/parameters/mgDiagSettings.parameters.all.json b/infra-as-code/bicep/modules/mgDiagSettings/parameters/mgDiagSettings.parameters.all.json index e20f3a315..1ac72757f 100644 --- a/infra-as-code/bicep/modules/mgDiagSettings/parameters/mgDiagSettings.parameters.all.json +++ b/infra-as-code/bicep/modules/mgDiagSettings/parameters/mgDiagSettings.parameters.all.json @@ -5,6 +5,9 @@ "parLogAnalyticsWorkspaceResourceId": { "value": "" }, + "parDiagnosticSettingsName": { + "value": "toLa" + }, "parTelemetryOptOut": { "value": false } diff --git a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep index c91359a36..b62e8127d 100644 --- a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep @@ -3,6 +3,14 @@ targetScope = 'managementGroup' metadata name = 'ALZ Bicep - Management Group Policy Assignments' metadata description = 'Module used to assign policy definitions to management groups' +type nonComplianceMessageType = { + @description('The message to display when the policy is non-compliant.') + message: string + + @description('The reference ID of the policy definition.') + policyDefinitionReferenceId: string +}[] + @minLength(1) @maxLength(24) @sys.description('The name of the policy assignment. e.g. "Deny-Public-IP"') @@ -24,7 +32,7 @@ param parPolicyAssignmentParameters object = {} param parPolicyAssignmentParameterOverrides object = {} @sys.description('An array containing object/s for the non-compliance messages for the policy to be assigned. See https://docs.microsoft.com/en-us/azure/governance/policy/concepts/assignment-structure#non-compliance-messages for more details on use.') -param parPolicyAssignmentNonComplianceMessages array = [] +param parPolicyAssignmentNonComplianceMessages nonComplianceMessageType = [] @sys.description('An array containing a list of scope Resource IDs to be excluded for the policy assignment. e.g. [\'/providers/Microsoft.Management/managementgroups/alz\', \'/providers/Microsoft.Management/managementgroups/alz-sandbox\' ].') param parPolicyAssignmentNotScopes array = [] diff --git a/infra-as-code/bicep/modules/vwanConnectivity/README.md b/infra-as-code/bicep/modules/vwanConnectivity/README.md index 0d99c1a64..727d0b203 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/README.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/README.md @@ -17,6 +17,7 @@ Module deploys the following resources which can be configured by parameters: - [Parameters for Azure Commercial Cloud](generateddocs/vwanConnectivity.bicep.md) +> **NOTE:** Within the `parVirtualWanHubs` parameter, the following keys (parVpnGatewayCustomName, parExpressRouteGatewayCustomName, parAzFirewallCustomName, and parVirtualWanHubCustomName) can be added to create custom names for the associated resources. > **NOTE:** Although there are generated parameter markdowns for Azure Commercial Cloud, this same module can still be used in Azure China. Example parameter are in the [parameters](./parameters/) folder. diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index c86a03b87..43ca83794 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -9,15 +9,15 @@ Parameter name | Required | Description parLocation | No | Region in which the resource group was created. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. -parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. +parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. -parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall +parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall. parVirtualWanName | No | Prefix Used for Virtual WAN. parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub. parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. -parVpnGatewayName | No | Prefix Used for VPN Gateway. -parExpressRouteGatewayName | No | Prefix Used for ExpressRoute Gateway. +parVpnGatewayName | No | VPN Gateway Name. +parExpressRouteGatewayName | No | ExpressRoute Gateway Name. parAzFirewallName | No | Azure Firewall Name. parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. parAzFirewallPoliciesName | No | Azure Firewall Policies Name. @@ -64,7 +64,7 @@ Azure Firewall Tier associated with the Firewall to deploy. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. +The Azure Firewall Threat Intelligence Mode. - Default value: `Alert` @@ -90,7 +90,7 @@ Switch to enable/disable Azure Firewall DNS Proxy. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Array of custom DNS servers used by Azure Firewall +Array of custom DNS servers used by Azure Firewall. ### parVirtualWanName @@ -129,7 +129,7 @@ Array Used for multiple Virtual WAN Hubs deployment. Each object in the array re ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Prefix Used for VPN Gateway. +VPN Gateway Name. - Default value: `[format('{0}-vpngw', parameters('parCompanyPrefix'))]` @@ -137,7 +137,7 @@ Prefix Used for VPN Gateway. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Prefix Used for ExpressRoute Gateway. +ExpressRoute Gateway Name. - Default value: `[format('{0}-ergw', parameters('parCompanyPrefix'))]` diff --git a/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep b/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep index 1b7bfb36b..62c363c9f 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep @@ -29,8 +29,8 @@ module minimum_vwan_conn '../vwanConnectivity.bicep' = { parAzFirewallEnabled: true parVirtualHubAddressPrefix: '10.100.0.0/23' parHubLocation: 'centralus' - parhubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute' - parvirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50 + parHubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute' + parVirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50 parVirtualHubRoutingIntentDestinations: [] } ] parAzFirewallDnsProxyEnabled: true diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 84e683cae..63168a00b 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -1,6 +1,46 @@ metadata name = 'ALZ Bicep - Azure vWAN Connectivity Module' metadata description = 'Module used to set up vWAN Connectivity' +type virtualWanOptionsType = ({ + @sys.description('Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub.') + parVpnGatewayEnabled: bool + + @sys.description('Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub.') + parExpressRouteGatewayEnabled: bool + + @sys.description('Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub.') + parAzFirewallEnabled: bool + + @sys.description('The IP address range in CIDR notation for the vWAN virtual Hub to use.') + parVirtualHubAddressPrefix: string + + @sys.description('The Virtual WAN Hub location.') + parHubLocation: string + + @sys.description('The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`.') + parHubRoutingPreference: ('ExpressRoute' | 'VpnGateway' | 'ASN') + + @sys.description('The Virtual WAN Hub capacity. The value should be between 2 to 50.') + @minValue(2) + @maxValue(50) + parVirtualRouterAutoScaleConfiguration: int + + @sys.description('The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`.') + parVirtualHubRoutingIntentDestinations: ('Internet' | 'PrivateTraffic')[] + + @sys.description('This parameter is used to specify a custom name for the VPN Gateway.') + parVpnGatewayCustomName: string? + + @sys.description('This parameter is used to specify a custom name for the ExpressRoute Gateway.') + parExpressRouteGatewayCustomName: string? + + @sys.description('This parameter is used to specify a custom name for the Azure Firewall.') + parAzFirewallCustomName: string? + + @sys.description('This parameter is used to specify a custom name for the Virtual WAN Hub.') + parVirtualWanHubCustomName: string? +})[] + @sys.description('Region in which the resource group was created.') param parLocation string = resourceGroup().location @@ -15,7 +55,7 @@ param parCompanyPrefix string = 'alz' ]) param parAzFirewallTier string = 'Standard' -@sys.description('The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.') +@sys.description('The Azure Firewall Threat Intelligence Mode.') @allowed([ 'Alert' 'Deny' @@ -29,7 +69,7 @@ param parVirtualHubEnabled bool = true @sys.description('Switch to enable/disable Azure Firewall DNS Proxy.') param parAzFirewallDnsProxyEnabled bool = true -@sys.description('Array of custom DNS servers used by Azure Firewall') +@sys.description('Array of custom DNS servers used by Azure Firewall.') param parAzFirewallDnsServers array = [] @sys.description('Prefix Used for Virtual WAN.') @@ -50,22 +90,22 @@ param parVirtualWanHubName string = '${parCompanyPrefix}-vhub' - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. ''') -param parVirtualWanHubs array = [ { +param parVirtualWanHubs virtualWanOptionsType = [ { parVpnGatewayEnabled: true parExpressRouteGatewayEnabled: true parAzFirewallEnabled: true parVirtualHubAddressPrefix: '10.100.0.0/23' parHubLocation: parLocation - parHubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute'. - parVirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50 + parHubRoutingPreference: 'ExpressRoute' + parVirtualRouterAutoScaleConfiguration: 2 parVirtualHubRoutingIntentDestinations: [] } ] -@sys.description('Prefix Used for VPN Gateway.') +@sys.description('VPN Gateway Name.') param parVpnGatewayName string = '${parCompanyPrefix}-vpngw' -@sys.description('Prefix Used for ExpressRoute Gateway.') +@sys.description('ExpressRoute Gateway Name.') param parExpressRouteGatewayName string = '${parCompanyPrefix}-ergw' @sys.description('Azure Firewall Name.') @@ -210,7 +250,7 @@ resource resVwan 'Microsoft.Network/virtualWans@2023-04-01' = { } resource resVhub 'Microsoft.Network/virtualHubs@2023-04-01' = [for hub in parVirtualWanHubs: if (parVirtualHubEnabled && !empty(hub.parVirtualHubAddressPrefix)) { - name: '${parVirtualWanHubName}-${hub.parHubLocation}' + name: hub.?parVirtualWanHubCustomName ?? '${parVirtualWanHubName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -249,7 +289,7 @@ resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-04 resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023-04-01' = [for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && hub.parAzFirewallEnabled && !empty(hub.parVirtualHubRoutingIntentDestinations)) { parent: resVhub[i] - name: '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent' + name: !empty(hub.?parVirtualWanHubCustomName) ? '${hub.parVirtualWanHubCustomName}-Routing-Intent' : '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent' properties: { routingPolicies: [for destination in hub.parVirtualHubRoutingIntentDestinations: { name: destination == 'Internet' ? 'PublicTraffic' : destination == 'PrivateTraffic' ? 'PrivateTraffic' : 'N/A' @@ -263,7 +303,7 @@ resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023- resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parVpnGatewayEnabled)) { dependsOn: resVhub - name: '${parVpnGatewayName}-${hub.parHubLocation}' + name: hub.?parVpnGatewayCustomName ?? '${parVpnGatewayName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -281,7 +321,7 @@ resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i resource resErGateway 'Microsoft.Network/expressRouteGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parExpressRouteGatewayEnabled)) { dependsOn: resVhub - name: '${parExpressRouteGatewayName}-${hub.parHubLocation}' + name: hub.?parExpressRouteGatewayCustomName ?? '${parExpressRouteGatewayName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -318,7 +358,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i } resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parAzFirewallEnabled)) { - name: '${parAzFirewallName}-${hub.parHubLocation}' + name: hub.?parAzFirewallCustomName ?? '${parAzFirewallName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags zones: (!empty(parAzFirewallAvailabilityZones) ? parAzFirewallAvailabilityZones : null) diff --git a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/generateddocs/mgDiagSettingsAll.bicep.md b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/generateddocs/mgDiagSettingsAll.bicep.md index c079b878d..20d8f7c23 100644 --- a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/generateddocs/mgDiagSettingsAll.bicep.md +++ b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/generateddocs/mgDiagSettingsAll.bicep.md @@ -11,6 +11,7 @@ parTopLevelManagementGroupSuffix | No | Optional suffix for the management parLandingZoneMgChildren | No | Array of strings to allow additional or different child Management Groups of the Landing Zones Management Group. parPlatformMgChildren | No | Array of strings to allow additional or different child Management Groups of the Platform Management Group. parLogAnalyticsWorkspaceResourceId | Yes | Log Analytics Workspace Resource ID. +parDiagnosticSettingsName | No | Diagnostic Settings Name. parLandingZoneMgAlzDefaultsEnable | No | Deploys Diagnostic Settings on Corp & Online Management Groups beneath Landing Zones Management Group if set to true. parPlatformMgAlzDefaultsEnable | No | Deploys Diagnostic Settings on Management, Connectivity and Identity Management Groups beneath Platform Management Group if set to true. parLandingZoneMgConfidentialEnable | No | Deploys Diagnostic Settings on Confidential Corp & Confidential Online Management Groups beneath Landing Zones Management Group if set to true. @@ -48,6 +49,14 @@ Array of strings to allow additional or different child Management Groups of the Log Analytics Workspace Resource ID. +### parDiagnosticSettingsName + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Diagnostic Settings Name. + +- Default value: `toLa` + ### parLandingZoneMgAlzDefaultsEnable ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -107,6 +116,9 @@ Set Parameter to true to Opt-out of deployment telemetry. "parLogAnalyticsWorkspaceResourceId": { "value": "" }, + "parDiagnosticSettingsName": { + "value": "toLa" + }, "parLandingZoneMgAlzDefaultsEnable": { "value": true }, diff --git a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep index efdaecb20..463a1c6b0 100644 --- a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep +++ b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep @@ -21,6 +21,9 @@ param parPlatformMgChildren array = [] @sys.description('Log Analytics Workspace Resource ID.') param parLogAnalyticsWorkspaceResourceId string +@sys.description('Diagnostic Settings Name.') +param parDiagnosticSettingsName string = 'toLa' + @sys.description('Deploys Diagnostic Settings on Corp & Online Management Groups beneath Landing Zones Management Group if set to true.') param parLandingZoneMgAlzDefaultsEnable bool = true @@ -84,6 +87,7 @@ module modMgDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bicep' = [for m name: 'mg-diag-set-${mgId.value}' params: { parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId + parDiagnosticSettingsName: parDiagnosticSettingsName parTelemetryOptOut: parTelemetryOptOut } }] @@ -94,6 +98,7 @@ module modMgLandingZonesDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bic name: 'mg-diag-set-${childMg.value}' params: { parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId + parDiagnosticSettingsName: parDiagnosticSettingsName parTelemetryOptOut: parTelemetryOptOut } }] @@ -104,6 +109,7 @@ module modMgPlatformDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bicep' name: 'mg-diag-set-${childMg.value}' params: { parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId + parDiagnosticSettingsName: parDiagnosticSettingsName parTelemetryOptOut: parTelemetryOptOut } }] @@ -114,6 +120,7 @@ module modMgChildrenDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bicep' name: 'mg-diag-set-${childMg.mgId}' params: { parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId + parDiagnosticSettingsName: parDiagnosticSettingsName parTelemetryOptOut: parTelemetryOptOut } }] @@ -124,6 +131,7 @@ module modPlatformMgChildrenDiagSet '../../modules/mgDiagSettings/mgDiagSettings name: 'mg-diag-set-${childMg.mgId}' params: { parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId + parDiagnosticSettingsName: parDiagnosticSettingsName parTelemetryOptOut: parTelemetryOptOut } }] diff --git a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/parameters/mgDiagSettingsAll.parameters.all.json b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/parameters/mgDiagSettingsAll.parameters.all.json index 47a5ee185..c03bb09df 100644 --- a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/parameters/mgDiagSettingsAll.parameters.all.json +++ b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/parameters/mgDiagSettingsAll.parameters.all.json @@ -20,6 +20,9 @@ "parLogAnalyticsWorkspaceResourceId": { "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/alz-logging/providers/microsoft.operationalinsights/workspaces/alz-log-analytics" }, + "parDiagnosticSettingsName": { + "value": "toLa" + }, "parLandingZoneMgChildren": { "value": [] },