From 5b168e0a138503a39a4b92ab426f36bb6fee61b2 Mon Sep 17 00:00:00 2001 From: John Date: Fri, 13 Oct 2023 16:25:17 +0200 Subject: [PATCH 01/17] Added type virtualWanOptionsType, introduceded parUseCustomNamingScheme for custom names --- .../vwanConnectivity/vwanConnectivity.bicep | 69 +++++++++++++++---- 1 file changed, 57 insertions(+), 12 deletions(-) diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 84e683cae..acc6a45e1 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -1,13 +1,56 @@ metadata name = 'ALZ Bicep - Azure vWAN Connectivity Module' metadata description = 'Module used to set up vWAN Connectivity' +type virtualWanOptionsType = ({ + @sys.description('Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub.') + parVpnGatewayEnabled: bool + + @sys.description('Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub.') + parExpressRouteGatewayEnabled: bool + + @sys.description('Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub.') + parAzFirewallEnabled: bool + + @sys.description('The IP address range in CIDR notation for the vWAN virtual Hub to use.') + parVirtualHubAddressPrefix: string + + @sys.description('The Virtual WAN Hub location.') + parHubLocation: string + + @sys.description('The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`.') + parHubRoutingPreference: ('ExpressRoute' | 'VpnGateway' | 'ASN') + + @sys.description('The Virtual WAN Hub capacity. The value should be between 2 to 50.') + @minValue(2) + @maxValue(50) + parVirtualRouterAutoScaleConfiguration: int + + @sys.description('The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`.') + parVirtualHubRoutingIntentDestinations: ('Internet' | 'PrivateTraffic')[] + + @sys.description('Switch to enable/disable custom naming scheme. When enabled a custom name can be given for Azure Firewall, ExpressRoute Gateway, VPN Gateway and Virtual Hubs.') + parUseCustomNamingScheme: bool + + @sys.description('When `parUseCustomNamingScheme` is true, this parameter is used to specify a custom name for the VPN Gateway.') + parVpnGatewayName: string? + + @sys.description('When `parUseCustomNamingScheme` is true, this parameter is used to specify a custom name for the ExpressRoute Gateway.') + parExpressRouteGatewayName: string? + + @sys.description('When `parUseCustomNamingScheme` is true, this parameter is used to specify a custom name for the Azure Firewall.') + parAzFirewallName: string? + + @sys.description('When `parUseCustomNamingScheme` is true, this parameter is used to specify a custom name for the Virtual WAN Hub.') + parVirtualWanHubName: string? +})[] + @sys.description('Region in which the resource group was created.') param parLocation string = resourceGroup().location @sys.description('Prefix value which will be prepended to all resource names.') param parCompanyPrefix string = 'alz' -@sys.description('Azure Firewall Tier associated with the Firewall to deploy.') +@sys.description('Azure Firewall Tier associated with the Firewall to deploy. If not set, the default value is Standard.') @allowed([ 'Basic' 'Standard' @@ -29,7 +72,7 @@ param parVirtualHubEnabled bool = true @sys.description('Switch to enable/disable Azure Firewall DNS Proxy.') param parAzFirewallDnsProxyEnabled bool = true -@sys.description('Array of custom DNS servers used by Azure Firewall') +@sys.description('Array of custom DNS servers used by Azure Firewall.') param parAzFirewallDnsServers array = [] @sys.description('Prefix Used for Virtual WAN.') @@ -48,24 +91,26 @@ param parVirtualWanHubName string = '${parCompanyPrefix}-vhub' - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. +- `parUseCustomNamingScheme` - Switch to enable/disable custom naming scheme. When enabled a custom name can be given for Azure Firewall, ExpressRoute Gateway, VPN Gateway and Virtual Hubs. ''') -param parVirtualWanHubs array = [ { +param parVirtualWanHubs virtualWanOptionsType = [ { parVpnGatewayEnabled: true parExpressRouteGatewayEnabled: true parAzFirewallEnabled: true parVirtualHubAddressPrefix: '10.100.0.0/23' parHubLocation: parLocation - parHubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute'. - parVirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50 + parHubRoutingPreference: 'ExpressRoute' + parVirtualRouterAutoScaleConfiguration: 2 parVirtualHubRoutingIntentDestinations: [] + parUseCustomNamingScheme: false } ] -@sys.description('Prefix Used for VPN Gateway.') +@sys.description('VPN Gateway Name.') param parVpnGatewayName string = '${parCompanyPrefix}-vpngw' -@sys.description('Prefix Used for ExpressRoute Gateway.') +@sys.description('ExpressRoute Gateway Name.') param parExpressRouteGatewayName string = '${parCompanyPrefix}-ergw' @sys.description('Azure Firewall Name.') @@ -210,7 +255,7 @@ resource resVwan 'Microsoft.Network/virtualWans@2023-04-01' = { } resource resVhub 'Microsoft.Network/virtualHubs@2023-04-01' = [for hub in parVirtualWanHubs: if (parVirtualHubEnabled && !empty(hub.parVirtualHubAddressPrefix)) { - name: '${parVirtualWanHubName}-${hub.parHubLocation}' + name: hub.parUseCustomNamingScheme ? hub.parVirtualWanHubName! : '${parVirtualWanHubName}-${hub.parHubLocation}'! location: hub.parHubLocation tags: parTags properties: { @@ -249,7 +294,7 @@ resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-04 resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023-04-01' = [for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && hub.parAzFirewallEnabled && !empty(hub.parVirtualHubRoutingIntentDestinations)) { parent: resVhub[i] - name: '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent' + name: hub.parUseCustomNamingScheme ? '${parVirtualWanHubName}-Routing-Intent' : '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent' properties: { routingPolicies: [for destination in hub.parVirtualHubRoutingIntentDestinations: { name: destination == 'Internet' ? 'PublicTraffic' : destination == 'PrivateTraffic' ? 'PrivateTraffic' : 'N/A' @@ -263,7 +308,7 @@ resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023- resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parVpnGatewayEnabled)) { dependsOn: resVhub - name: '${parVpnGatewayName}-${hub.parHubLocation}' + name: hub.parUseCustomNamingScheme ? hub.parVpnGatewayName! : '${parVpnGatewayName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -281,7 +326,7 @@ resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i resource resErGateway 'Microsoft.Network/expressRouteGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parExpressRouteGatewayEnabled)) { dependsOn: resVhub - name: '${parExpressRouteGatewayName}-${hub.parHubLocation}' + name: hub.parUseCustomNamingScheme ? hub.parExpressRouteGatewayName! : '${parExpressRouteGatewayName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -318,7 +363,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i } resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parAzFirewallEnabled)) { - name: '${parAzFirewallName}-${hub.parHubLocation}' + name: hub.parUseCustomNamingScheme ? hub.parAzFirewallName! : '${parAzFirewallName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags zones: (!empty(parAzFirewallAvailabilityZones) ? parAzFirewallAvailabilityZones : null) From 9ce72dfb52f54c44164292007930547ed21f947f Mon Sep 17 00:00:00 2001 From: John Date: Fri, 13 Oct 2023 22:28:46 +0200 Subject: [PATCH 02/17] Check if parUseCustomNamingScheme is present in object --- .../modules/vwanConnectivity/vwanConnectivity.bicep | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index acc6a45e1..099800f76 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -29,7 +29,7 @@ type virtualWanOptionsType = ({ parVirtualHubRoutingIntentDestinations: ('Internet' | 'PrivateTraffic')[] @sys.description('Switch to enable/disable custom naming scheme. When enabled a custom name can be given for Azure Firewall, ExpressRoute Gateway, VPN Gateway and Virtual Hubs.') - parUseCustomNamingScheme: bool + parUseCustomNamingScheme: bool? @sys.description('When `parUseCustomNamingScheme` is true, this parameter is used to specify a custom name for the VPN Gateway.') parVpnGatewayName: string? @@ -103,7 +103,6 @@ param parVirtualWanHubs virtualWanOptionsType = [ { parHubRoutingPreference: 'ExpressRoute' parVirtualRouterAutoScaleConfiguration: 2 parVirtualHubRoutingIntentDestinations: [] - parUseCustomNamingScheme: false } ] @@ -255,7 +254,7 @@ resource resVwan 'Microsoft.Network/virtualWans@2023-04-01' = { } resource resVhub 'Microsoft.Network/virtualHubs@2023-04-01' = [for hub in parVirtualWanHubs: if (parVirtualHubEnabled && !empty(hub.parVirtualHubAddressPrefix)) { - name: hub.parUseCustomNamingScheme ? hub.parVirtualWanHubName! : '${parVirtualWanHubName}-${hub.parHubLocation}'! + name: (contains(hub, 'parUseCustomNamingScheme') && hub.parUseCustomNamingScheme!) ? hub.parVirtualWanHubName! : '${parVirtualWanHubName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -294,7 +293,7 @@ resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-04 resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023-04-01' = [for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && hub.parAzFirewallEnabled && !empty(hub.parVirtualHubRoutingIntentDestinations)) { parent: resVhub[i] - name: hub.parUseCustomNamingScheme ? '${parVirtualWanHubName}-Routing-Intent' : '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent' + name: (contains(hub, 'parUseCustomNamingScheme') && hub.parUseCustomNamingScheme!) ? '${parVirtualWanHubName}-Routing-Intent' : '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent' properties: { routingPolicies: [for destination in hub.parVirtualHubRoutingIntentDestinations: { name: destination == 'Internet' ? 'PublicTraffic' : destination == 'PrivateTraffic' ? 'PrivateTraffic' : 'N/A' @@ -308,7 +307,7 @@ resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023- resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parVpnGatewayEnabled)) { dependsOn: resVhub - name: hub.parUseCustomNamingScheme ? hub.parVpnGatewayName! : '${parVpnGatewayName}-${hub.parHubLocation}' + name: (contains(hub, 'parUseCustomNamingScheme') && hub.parUseCustomNamingScheme!) ? hub.parVpnGatewayName! : '${parVpnGatewayName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -326,7 +325,7 @@ resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i resource resErGateway 'Microsoft.Network/expressRouteGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parExpressRouteGatewayEnabled)) { dependsOn: resVhub - name: hub.parUseCustomNamingScheme ? hub.parExpressRouteGatewayName! : '${parExpressRouteGatewayName}-${hub.parHubLocation}' + name: (contains(hub, 'parUseCustomNamingScheme') && hub.parUseCustomNamingScheme!) ? hub.parExpressRouteGatewayName! : '${parExpressRouteGatewayName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -363,7 +362,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i } resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parAzFirewallEnabled)) { - name: hub.parUseCustomNamingScheme ? hub.parAzFirewallName! : '${parAzFirewallName}-${hub.parHubLocation}' + name: (contains(hub, 'parUseCustomNamingScheme') && hub.parUseCustomNamingScheme!) ? hub.parAzFirewallName! : '${parAzFirewallName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags zones: (!empty(parAzFirewallAvailabilityZones) ? parAzFirewallAvailabilityZones : null) From d61d82a28b243de9138b3db2cbf6a75cc87a2723 Mon Sep 17 00:00:00 2001 From: John Date: Fri, 13 Oct 2023 22:39:20 +0200 Subject: [PATCH 03/17] Fixed parameter casing in baseline --- .../modules/vwanConnectivity/samples/baseline.sample.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep b/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep index 1b7bfb36b..62c363c9f 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep @@ -29,8 +29,8 @@ module minimum_vwan_conn '../vwanConnectivity.bicep' = { parAzFirewallEnabled: true parVirtualHubAddressPrefix: '10.100.0.0/23' parHubLocation: 'centralus' - parhubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute' - parvirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50 + parHubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute' + parVirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50 parVirtualHubRoutingIntentDestinations: [] } ] parAzFirewallDnsProxyEnabled: true From 11d9b08621430d42d8fa45603462308440366f42 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 13 Oct 2023 20:43:37 +0000 Subject: [PATCH 04/17] Generate Parameter Markdowns [johnlokerse/40134377] --- .../generateddocs/vwanConnectivity.bicep.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index c86a03b87..ce90df5fb 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -8,16 +8,16 @@ Parameter name | Required | Description -------------- | -------- | ----------- parLocation | No | Region in which the resource group was created. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. -parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. +parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. If not set, the default value is Standard. parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. -parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall +parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall. parVirtualWanName | No | Prefix Used for Virtual WAN. parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub. -parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. -parVpnGatewayName | No | Prefix Used for VPN Gateway. -parExpressRouteGatewayName | No | Prefix Used for ExpressRoute Gateway. +parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. - `parUseCustomNamingScheme` - Switch to enable/disable custom naming scheme. When enabled a custom name can be given for Azure Firewall, ExpressRoute Gateway, VPN Gateway and Virtual Hubs. +parVpnGatewayName | No | VPN Gateway Name. +parExpressRouteGatewayName | No | ExpressRoute Gateway Name. parAzFirewallName | No | Azure Firewall Name. parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. parAzFirewallPoliciesName | No | Azure Firewall Policies Name. @@ -54,7 +54,7 @@ Prefix value which will be prepended to all resource names. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Azure Firewall Tier associated with the Firewall to deploy. +Azure Firewall Tier associated with the Firewall to deploy. If not set, the default value is Standard. - Default value: `Standard` @@ -90,7 +90,7 @@ Switch to enable/disable Azure Firewall DNS Proxy. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Array of custom DNS servers used by Azure Firewall +Array of custom DNS servers used by Azure Firewall. ### parVirtualWanName @@ -122,6 +122,7 @@ Array Used for multiple Virtual WAN Hubs deployment. Each object in the array re - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. +- `parUseCustomNamingScheme` - Switch to enable/disable custom naming scheme. When enabled a custom name can be given for Azure Firewall, ExpressRoute Gateway, VPN Gateway and Virtual Hubs. @@ -129,7 +130,7 @@ Array Used for multiple Virtual WAN Hubs deployment. Each object in the array re ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Prefix Used for VPN Gateway. +VPN Gateway Name. - Default value: `[format('{0}-vpngw', parameters('parCompanyPrefix'))]` @@ -137,7 +138,7 @@ Prefix Used for VPN Gateway. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Prefix Used for ExpressRoute Gateway. +ExpressRoute Gateway Name. - Default value: `[format('{0}-ergw', parameters('parCompanyPrefix'))]` From 647e47b280a296126e266528e930fc7ad0841f28 Mon Sep 17 00:00:00 2001 From: John Date: Fri, 13 Oct 2023 23:08:44 +0200 Subject: [PATCH 05/17] Added parameters for resource names --- infra-as-code/bicep/modules/logging/logging.bicep | 5 ++++- .../bicep/modules/mgDiagSettings/mgDiagSettings.bicep | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/infra-as-code/bicep/modules/logging/logging.bicep b/infra-as-code/bicep/modules/logging/logging.bicep index 917162145..a8a116e44 100644 --- a/infra-as-code/bicep/modules/logging/logging.bicep +++ b/infra-as-code/bicep/modules/logging/logging.bicep @@ -89,6 +89,9 @@ param parLogAnalyticsWorkspaceTags object = parTags @sys.description('Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes introduced in July 2023 as documented here: https://learn.microsoft.com/azure/sentinel/enroll-simplified-pricing-tier.') param parUseSentinelClassicPricingTiers bool = false +@sys.description('Log Analytics LinkedService name for Automation Account.') +param parLogAnalyticsLinkedServiceAutomationAccountName string = 'Automation' + @sys.description('Set Parameter to true to Opt-out of deployment telemetry') param parTelemetryOptOut bool = false @@ -147,7 +150,7 @@ resource resLogAnalyticsWorkspaceSolutions 'Microsoft.OperationsManagement/solut resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.OperationalInsights/workspaces/linkedServices@2020-08-01' = if (parLogAnalyticsWorkspaceLinkAutomationAccount) { parent: resLogAnalyticsWorkspace - name: 'Automation' + name: parLogAnalyticsLinkedServiceAutomationAccountName properties: { resourceId: resAutomationAccount.id } diff --git a/infra-as-code/bicep/modules/mgDiagSettings/mgDiagSettings.bicep b/infra-as-code/bicep/modules/mgDiagSettings/mgDiagSettings.bicep index 0cf1e7438..45114b503 100644 --- a/infra-as-code/bicep/modules/mgDiagSettings/mgDiagSettings.bicep +++ b/infra-as-code/bicep/modules/mgDiagSettings/mgDiagSettings.bicep @@ -6,6 +6,9 @@ metadata description = 'Module used to set up Diagnostic Settings for Management @sys.description('Log Analytics Workspace Resource ID.') param parLogAnalyticsWorkspaceResourceId string +@sys.description('Diagnostic Settings Name.') +param parDiagnosticSettingsName string = 'toLa' + @sys.description('Set Parameter to true to Opt-out of deployment telemetry') param parTelemetryOptOut bool = false @@ -13,7 +16,7 @@ param parTelemetryOptOut bool = false var varCuaid = '5d17f1c2-f17b-4426-9712-0cd2652c4435' resource mgDiagSet 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = { - name: 'toLa' + name: parDiagnosticSettingsName properties: { workspaceId: parLogAnalyticsWorkspaceResourceId logs: [ From ba1fd3dae975ab084276fd38c072a9f8e14a78db Mon Sep 17 00:00:00 2001 From: John Date: Fri, 13 Oct 2023 23:09:02 +0200 Subject: [PATCH 06/17] Added subnetOptionsType --- .../bicep/modules/hubNetworking/hubNetworking.bicep | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index c3f4bb755..06cee6241 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -1,6 +1,13 @@ metadata name = 'ALZ Bicep - Hub Networking Module' metadata description = 'ALZ Bicep Module used to set up Hub Networking' +type subnetOptionsType = ({ + name: string + ipAddressRange: string + networkSecurityGroupId: string + routeTableId: string +})[] + @sys.description('The Azure Region to deploy the resources into.') param parLocation string = resourceGroup().location @@ -14,7 +21,7 @@ param parHubNetworkName string = '${parCompanyPrefix}-hub-${parLocation}' param parHubNetworkAddressPrefix string = '10.10.0.0/16' @sys.description('The name, IP address range, network security group, route table and delegation serviceName for each subnet in the virtual networks.') -param parSubnets array = [ +param parSubnets subnetOptionsType = [ { name: 'AzureBastionSubnet' ipAddressRange: '10.10.15.0/24' From 5bef430eedc2e79954db2dc7ecb886951fa5f276 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 13 Oct 2023 21:14:01 +0000 Subject: [PATCH 07/17] Generate Parameter Markdowns [johnlokerse/40134377] --- .../modules/logging/generateddocs/logging.bicep.md | 12 ++++++++++++ .../generateddocs/mgDiagSettings.bicep.md | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md index 3f6feefdf..cd3703e2c 100644 --- a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md +++ b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md @@ -20,6 +20,7 @@ parTags | No | Tags you would like to be applied to all resources i parAutomationAccountTags | No | Tags you would like to be applied to Automation Account. parLogAnalyticsWorkspaceTags | No | Tags you would like to be applied to Log Analytics Workspace. parUseSentinelClassicPricingTiers | No | Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes introduced in July 2023 as documented here: https://learn.microsoft.com/azure/sentinel/enroll-simplified-pricing-tier. +parLogAnalyticsLinkedServiceAutomationAccountName | No | Log Analytics LinkedService name for Automation Account. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry ### parLogAnalyticsWorkspaceName @@ -138,6 +139,14 @@ Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes i - Default value: `False` +### parLogAnalyticsLinkedServiceAutomationAccountName + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Log Analytics LinkedService name for Automation Account. + +- Default value: `Automation` + ### parTelemetryOptOut ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -222,6 +231,9 @@ outAutomationAccountId | string | "parUseSentinelClassicPricingTiers": { "value": false }, + "parLogAnalyticsLinkedServiceAutomationAccountName": { + "value": "Automation" + }, "parTelemetryOptOut": { "value": false } diff --git a/infra-as-code/bicep/modules/mgDiagSettings/generateddocs/mgDiagSettings.bicep.md b/infra-as-code/bicep/modules/mgDiagSettings/generateddocs/mgDiagSettings.bicep.md index 41197208d..4535aa0b8 100644 --- a/infra-as-code/bicep/modules/mgDiagSettings/generateddocs/mgDiagSettings.bicep.md +++ b/infra-as-code/bicep/modules/mgDiagSettings/generateddocs/mgDiagSettings.bicep.md @@ -7,6 +7,7 @@ Module used to set up Diagnostic Settings for Management Groups Parameter name | Required | Description -------------- | -------- | ----------- parLogAnalyticsWorkspaceResourceId | Yes | Log Analytics Workspace Resource ID. +parDiagnosticSettingsName | No | Diagnostic Settings Name. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry ### parLogAnalyticsWorkspaceResourceId @@ -15,6 +16,14 @@ parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment t Log Analytics Workspace Resource ID. +### parDiagnosticSettingsName + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Diagnostic Settings Name. + +- Default value: `toLa` + ### parTelemetryOptOut ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -38,6 +47,9 @@ Set Parameter to true to Opt-out of deployment telemetry "parLogAnalyticsWorkspaceResourceId": { "value": "" }, + "parDiagnosticSettingsName": { + "value": "toLa" + }, "parTelemetryOptOut": { "value": false } From cf7cf417b1cdbab5f6fde7ef6472bb553bca8dd4 Mon Sep 17 00:00:00 2001 From: John Date: Fri, 13 Oct 2023 23:21:19 +0200 Subject: [PATCH 08/17] Added descriptions --- .../modules/hubNetworking/hubNetworking.bicep | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 06cee6241..5ab9c039f 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -2,10 +2,20 @@ metadata name = 'ALZ Bicep - Hub Networking Module' metadata description = 'ALZ Bicep Module used to set up Hub Networking' type subnetOptionsType = ({ - name: string - ipAddressRange: string - networkSecurityGroupId: string - routeTableId: string + @description('Name of subnet.') + name: string + + @description('IP-address range for subnet.') + ipAddressRange: string + + @description('Id of Network Security Group to associate with subnet.') + networkSecurityGroupId: string? + + @description('Id of Route Table to associate with subnet.') + routeTableId: string? + + @description('Name of the delegation to create for the subnet.') + delegation: string? })[] @sys.description('The Azure Region to deploy the resources into.') From f3f5761421058c8ee57670c83173507c97e2ae09 Mon Sep 17 00:00:00 2001 From: John Date: Fri, 13 Oct 2023 23:24:27 +0200 Subject: [PATCH 09/17] Added nonComplianceMessageType --- .../assignments/policyAssignmentManagementGroup.bicep | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep index c91359a36..b62e8127d 100644 --- a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep @@ -3,6 +3,14 @@ targetScope = 'managementGroup' metadata name = 'ALZ Bicep - Management Group Policy Assignments' metadata description = 'Module used to assign policy definitions to management groups' +type nonComplianceMessageType = { + @description('The message to display when the policy is non-compliant.') + message: string + + @description('The reference ID of the policy definition.') + policyDefinitionReferenceId: string +}[] + @minLength(1) @maxLength(24) @sys.description('The name of the policy assignment. e.g. "Deny-Public-IP"') @@ -24,7 +32,7 @@ param parPolicyAssignmentParameters object = {} param parPolicyAssignmentParameterOverrides object = {} @sys.description('An array containing object/s for the non-compliance messages for the policy to be assigned. See https://docs.microsoft.com/en-us/azure/governance/policy/concepts/assignment-structure#non-compliance-messages for more details on use.') -param parPolicyAssignmentNonComplianceMessages array = [] +param parPolicyAssignmentNonComplianceMessages nonComplianceMessageType = [] @sys.description('An array containing a list of scope Resource IDs to be excluded for the policy assignment. e.g. [\'/providers/Microsoft.Management/managementgroups/alz\', \'/providers/Microsoft.Management/managementgroups/alz-sandbox\' ].') param parPolicyAssignmentNotScopes array = [] From 48f6f3d7d20e9b26ab7445d88906f5a65687cc68 Mon Sep 17 00:00:00 2001 From: John Date: Mon, 16 Oct 2023 16:46:29 +0200 Subject: [PATCH 10/17] Added changes to parameter files, added diagnostic settings name to orchestration --- .../logging/parameters/logging.parameters.all.json | 3 +++ .../logging/parameters/mc-logging.parameters.all.json | 3 +++ .../parameters/mgDiagSettings.parameters.all.json | 3 +++ .../mgDiagSettingsAll/mgDiagSettingsAll.bicep | 8 ++++++++ .../parameters/mgDiagSettingsAll.parameters.all.json | 3 +++ 5 files changed, 20 insertions(+) diff --git a/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json b/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json index 51abbf1c0..2012d1037 100644 --- a/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json +++ b/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json @@ -51,6 +51,9 @@ "parUseSentinelClassicPricingTiers": { "value": false }, + "parLogAnalyticsLinkedServiceAutomationAccountName": { + "value": "Automation" + }, "parTelemetryOptOut": { "value": false } diff --git a/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json b/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json index 5881fbcd0..3ad5a4442 100644 --- a/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json +++ b/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json @@ -45,6 +45,9 @@ "Environment": "Live" } }, + "parLogAnalyticsLinkedServiceAutomationAccountName": { + "value": "Automation" + }, "parTelemetryOptOut": { "value": false } diff --git a/infra-as-code/bicep/modules/mgDiagSettings/parameters/mgDiagSettings.parameters.all.json b/infra-as-code/bicep/modules/mgDiagSettings/parameters/mgDiagSettings.parameters.all.json index e20f3a315..1ac72757f 100644 --- a/infra-as-code/bicep/modules/mgDiagSettings/parameters/mgDiagSettings.parameters.all.json +++ b/infra-as-code/bicep/modules/mgDiagSettings/parameters/mgDiagSettings.parameters.all.json @@ -5,6 +5,9 @@ "parLogAnalyticsWorkspaceResourceId": { "value": "" }, + "parDiagnosticSettingsName": { + "value": "toLa" + }, "parTelemetryOptOut": { "value": false } diff --git a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep index efdaecb20..463a1c6b0 100644 --- a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep +++ b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep @@ -21,6 +21,9 @@ param parPlatformMgChildren array = [] @sys.description('Log Analytics Workspace Resource ID.') param parLogAnalyticsWorkspaceResourceId string +@sys.description('Diagnostic Settings Name.') +param parDiagnosticSettingsName string = 'toLa' + @sys.description('Deploys Diagnostic Settings on Corp & Online Management Groups beneath Landing Zones Management Group if set to true.') param parLandingZoneMgAlzDefaultsEnable bool = true @@ -84,6 +87,7 @@ module modMgDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bicep' = [for m name: 'mg-diag-set-${mgId.value}' params: { parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId + parDiagnosticSettingsName: parDiagnosticSettingsName parTelemetryOptOut: parTelemetryOptOut } }] @@ -94,6 +98,7 @@ module modMgLandingZonesDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bic name: 'mg-diag-set-${childMg.value}' params: { parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId + parDiagnosticSettingsName: parDiagnosticSettingsName parTelemetryOptOut: parTelemetryOptOut } }] @@ -104,6 +109,7 @@ module modMgPlatformDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bicep' name: 'mg-diag-set-${childMg.value}' params: { parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId + parDiagnosticSettingsName: parDiagnosticSettingsName parTelemetryOptOut: parTelemetryOptOut } }] @@ -114,6 +120,7 @@ module modMgChildrenDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bicep' name: 'mg-diag-set-${childMg.mgId}' params: { parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId + parDiagnosticSettingsName: parDiagnosticSettingsName parTelemetryOptOut: parTelemetryOptOut } }] @@ -124,6 +131,7 @@ module modPlatformMgChildrenDiagSet '../../modules/mgDiagSettings/mgDiagSettings name: 'mg-diag-set-${childMg.mgId}' params: { parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId + parDiagnosticSettingsName: parDiagnosticSettingsName parTelemetryOptOut: parTelemetryOptOut } }] diff --git a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/parameters/mgDiagSettingsAll.parameters.all.json b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/parameters/mgDiagSettingsAll.parameters.all.json index 47a5ee185..c03bb09df 100644 --- a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/parameters/mgDiagSettingsAll.parameters.all.json +++ b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/parameters/mgDiagSettingsAll.parameters.all.json @@ -20,6 +20,9 @@ "parLogAnalyticsWorkspaceResourceId": { "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/alz-logging/providers/microsoft.operationalinsights/workspaces/alz-log-analytics" }, + "parDiagnosticSettingsName": { + "value": "toLa" + }, "parLandingZoneMgChildren": { "value": [] }, From 91b68b1d5d653bbabac7ab8522b1a83509edfb89 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 16 Oct 2023 14:51:51 +0000 Subject: [PATCH 11/17] Generate Parameter Markdowns [johnlokerse/40134377] --- .../generateddocs/mgDiagSettingsAll.bicep.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/generateddocs/mgDiagSettingsAll.bicep.md b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/generateddocs/mgDiagSettingsAll.bicep.md index c079b878d..20d8f7c23 100644 --- a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/generateddocs/mgDiagSettingsAll.bicep.md +++ b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/generateddocs/mgDiagSettingsAll.bicep.md @@ -11,6 +11,7 @@ parTopLevelManagementGroupSuffix | No | Optional suffix for the management parLandingZoneMgChildren | No | Array of strings to allow additional or different child Management Groups of the Landing Zones Management Group. parPlatformMgChildren | No | Array of strings to allow additional or different child Management Groups of the Platform Management Group. parLogAnalyticsWorkspaceResourceId | Yes | Log Analytics Workspace Resource ID. +parDiagnosticSettingsName | No | Diagnostic Settings Name. parLandingZoneMgAlzDefaultsEnable | No | Deploys Diagnostic Settings on Corp & Online Management Groups beneath Landing Zones Management Group if set to true. parPlatformMgAlzDefaultsEnable | No | Deploys Diagnostic Settings on Management, Connectivity and Identity Management Groups beneath Platform Management Group if set to true. parLandingZoneMgConfidentialEnable | No | Deploys Diagnostic Settings on Confidential Corp & Confidential Online Management Groups beneath Landing Zones Management Group if set to true. @@ -48,6 +49,14 @@ Array of strings to allow additional or different child Management Groups of the Log Analytics Workspace Resource ID. +### parDiagnosticSettingsName + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Diagnostic Settings Name. + +- Default value: `toLa` + ### parLandingZoneMgAlzDefaultsEnable ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -107,6 +116,9 @@ Set Parameter to true to Opt-out of deployment telemetry. "parLogAnalyticsWorkspaceResourceId": { "value": "" }, + "parDiagnosticSettingsName": { + "value": "toLa" + }, "parLandingZoneMgAlzDefaultsEnable": { "value": true }, From b99115f148a83fac459abde1e4b1491bfaf510e3 Mon Sep 17 00:00:00 2001 From: John Date: Mon, 6 Nov 2023 13:37:52 +0100 Subject: [PATCH 12/17] Fix error for "List Azure Resources Types" because of usage of type --- .github/workflows/bicep-build-to-validate.yml | 36 +++++++++++++------ 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index 124b87fe5..09bc3a1da 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -73,20 +73,34 @@ jobs: - name: List Azure Resource Types shell: pwsh run: | - $resourceTypesFullList = @{} - - Get-ChildItem -Path '.\infra-as-code\bicep\modules' -Recurse -Filter '*.json' -Exclude 'callModuleFromACR.example.json', 'orchHubSpoke.json', '*parameters*.json', 'bicepconfig.json', '*policy_*.json' | ForEach-Object { - Write-Information "==> Reading Built ARM Template JSON File: $_" -InformationAction Continue - $armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 - $armResourceTypes = $armTemplate.Resources - $armResourceTypes | ForEach-Object { - if (!$resourceTypesFullList.ContainsKey($_.Type)) { - $resourceTypesFullList.Add($_.Type, 1) + function Add-ToResourceTypesList { + param ( + [Parameter(Mandatory = $true)] + [string] $Type + ) + if (!$resourceTypesFullList.ContainsKey($Type)) { + $resourceTypesFullList.Add($Type, 1) } else { - $resourceTypesFullList[$_.Type] += 1 + $resourceTypesFullList[$Type] += 1 + } + } + + $resourceTypesFullList = @{} + Get-ChildItem -Path '.\infra-as-code\bicep\modules' -Recurse -Filter '*.json' -Exclude 'callModuleFromACR.example.json', 'orchHubSpoke.json', '*parameters*.json', 'bicepconfig.json', '*policy_*.json' | ForEach-Object { + Write-Information "==> Reading Built ARM Template JSON File: $_" -InformationAction Continue + $armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 + $armResourceTypes = $armTemplate.Resources + $armResourceTypes | ForEach-Object { + if ($null -eq $_.Type) { + $_.PSObject.Properties | ForEach-Object { + Add-ToResourceTypesList -Type $_.Value.Type + } + } + else { + Add-ToResourceTypesList -Type $_.Type + } } - } } Write-Information "==> Remove nested deployments resource type" -InformationAction Continue From 4edd4b8d053feba46302cd2fdf5157b781e14139 Mon Sep 17 00:00:00 2001 From: John Date: Mon, 6 Nov 2023 21:16:41 +0100 Subject: [PATCH 13/17] Reduced complexity by using coalesce and safe-dereference operator --- .../vwanConnectivity/vwanConnectivity.bicep | 21 ++++++++----------- 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 099800f76..8d7c4451e 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -28,19 +28,16 @@ type virtualWanOptionsType = ({ @sys.description('The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`.') parVirtualHubRoutingIntentDestinations: ('Internet' | 'PrivateTraffic')[] - @sys.description('Switch to enable/disable custom naming scheme. When enabled a custom name can be given for Azure Firewall, ExpressRoute Gateway, VPN Gateway and Virtual Hubs.') - parUseCustomNamingScheme: bool? - - @sys.description('When `parUseCustomNamingScheme` is true, this parameter is used to specify a custom name for the VPN Gateway.') + @sys.description('This parameter is used to specify a custom name for the VPN Gateway.') parVpnGatewayName: string? - @sys.description('When `parUseCustomNamingScheme` is true, this parameter is used to specify a custom name for the ExpressRoute Gateway.') + @sys.description('This parameter is used to specify a custom name for the ExpressRoute Gateway.') parExpressRouteGatewayName: string? - @sys.description('When `parUseCustomNamingScheme` is true, this parameter is used to specify a custom name for the Azure Firewall.') + @sys.description('This parameter is used to specify a custom name for the Azure Firewall.') parAzFirewallName: string? - @sys.description('When `parUseCustomNamingScheme` is true, this parameter is used to specify a custom name for the Virtual WAN Hub.') + @sys.description('This parameter is used to specify a custom name for the Virtual WAN Hub.') parVirtualWanHubName: string? })[] @@ -254,7 +251,7 @@ resource resVwan 'Microsoft.Network/virtualWans@2023-04-01' = { } resource resVhub 'Microsoft.Network/virtualHubs@2023-04-01' = [for hub in parVirtualWanHubs: if (parVirtualHubEnabled && !empty(hub.parVirtualHubAddressPrefix)) { - name: (contains(hub, 'parUseCustomNamingScheme') && hub.parUseCustomNamingScheme!) ? hub.parVirtualWanHubName! : '${parVirtualWanHubName}-${hub.parHubLocation}' + name: hub.?parVirtualWanHubName ?? '${parVirtualWanHubName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -293,7 +290,7 @@ resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-04 resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023-04-01' = [for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && hub.parAzFirewallEnabled && !empty(hub.parVirtualHubRoutingIntentDestinations)) { parent: resVhub[i] - name: (contains(hub, 'parUseCustomNamingScheme') && hub.parUseCustomNamingScheme!) ? '${parVirtualWanHubName}-Routing-Intent' : '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent' + name: !empty(hub.?parVirtualWanHubName) ? '${hub.parVirtualWanHubName}-Routing-Intent' : '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent' properties: { routingPolicies: [for destination in hub.parVirtualHubRoutingIntentDestinations: { name: destination == 'Internet' ? 'PublicTraffic' : destination == 'PrivateTraffic' ? 'PrivateTraffic' : 'N/A' @@ -307,7 +304,7 @@ resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023- resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parVpnGatewayEnabled)) { dependsOn: resVhub - name: (contains(hub, 'parUseCustomNamingScheme') && hub.parUseCustomNamingScheme!) ? hub.parVpnGatewayName! : '${parVpnGatewayName}-${hub.parHubLocation}' + name: hub.?parVpnGatewayName ?? '${parVpnGatewayName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -325,7 +322,7 @@ resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i resource resErGateway 'Microsoft.Network/expressRouteGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parExpressRouteGatewayEnabled)) { dependsOn: resVhub - name: (contains(hub, 'parUseCustomNamingScheme') && hub.parUseCustomNamingScheme!) ? hub.parExpressRouteGatewayName! : '${parExpressRouteGatewayName}-${hub.parHubLocation}' + name: hub.?parExpressRouteGatewayName ?? '${parExpressRouteGatewayName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -362,7 +359,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i } resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parAzFirewallEnabled)) { - name: (contains(hub, 'parUseCustomNamingScheme') && hub.parUseCustomNamingScheme!) ? hub.parAzFirewallName! : '${parAzFirewallName}-${hub.parHubLocation}' + name: hub.?parAzFirewallName ?? '${parAzFirewallName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags zones: (!empty(parAzFirewallAvailabilityZones) ? parAzFirewallAvailabilityZones : null) From 3eb173b53e8d2279aad4b231067b3684141a0388 Mon Sep 17 00:00:00 2001 From: John Date: Fri, 10 Nov 2023 15:26:29 +0100 Subject: [PATCH 14/17] Removed default value on description --- .../bicep/modules/vwanConnectivity/vwanConnectivity.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 8d7c4451e..a8d17f6cc 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -47,7 +47,7 @@ param parLocation string = resourceGroup().location @sys.description('Prefix value which will be prepended to all resource names.') param parCompanyPrefix string = 'alz' -@sys.description('Azure Firewall Tier associated with the Firewall to deploy. If not set, the default value is Standard.') +@sys.description('Azure Firewall Tier associated with the Firewall to deploy.') @allowed([ 'Basic' 'Standard' @@ -55,7 +55,7 @@ param parCompanyPrefix string = 'alz' ]) param parAzFirewallTier string = 'Standard' -@sys.description('The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.') +@sys.description('The Azure Firewall Threat Intelligence Mode.') @allowed([ 'Alert' 'Deny' From d95225f3d451e7affa676e6df4095f9544054814 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 10 Nov 2023 14:31:09 +0000 Subject: [PATCH 15/17] Generate Parameter Markdowns [johnlokerse/4e1ac12d] --- .../generateddocs/vwanConnectivity.bicep.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index ce90df5fb..02dfe29b0 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -8,8 +8,8 @@ Parameter name | Required | Description -------------- | -------- | ----------- parLocation | No | Region in which the resource group was created. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. -parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. If not set, the default value is Standard. -parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. +parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. +parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall. @@ -54,7 +54,7 @@ Prefix value which will be prepended to all resource names. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Azure Firewall Tier associated with the Firewall to deploy. If not set, the default value is Standard. +Azure Firewall Tier associated with the Firewall to deploy. - Default value: `Standard` @@ -64,7 +64,7 @@ Azure Firewall Tier associated with the Firewall to deploy. If not set, the defa ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. +The Azure Firewall Threat Intelligence Mode. - Default value: `Alert` From 8d739de1f71309cdc31813bc9fe326cf18ef0c53 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 16 Nov 2023 20:44:05 -0600 Subject: [PATCH 16/17] Improve clarity for user defined type properties for the custom resource names --- .../bicep/modules/vwanConnectivity/README.md | 1 + .../generateddocs/vwanConnectivity.bicep.md | 4 +--- .../vwanConnectivity/vwanConnectivity.bicep | 19 +++++++++---------- 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/infra-as-code/bicep/modules/vwanConnectivity/README.md b/infra-as-code/bicep/modules/vwanConnectivity/README.md index 0d99c1a64..727d0b203 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/README.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/README.md @@ -17,6 +17,7 @@ Module deploys the following resources which can be configured by parameters: - [Parameters for Azure Commercial Cloud](generateddocs/vwanConnectivity.bicep.md) +> **NOTE:** Within the `parVirtualWanHubs` parameter, the following keys (parVpnGatewayCustomName, parExpressRouteGatewayCustomName, parAzFirewallCustomName, and parVirtualWanHubCustomName) can be added to create custom names for the associated resources. > **NOTE:** Although there are generated parameter markdowns for Azure Commercial Cloud, this same module can still be used in Azure China. Example parameter are in the [parameters](./parameters/) folder. diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index 02dfe29b0..876b74ab4 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -15,7 +15,7 @@ parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewal parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall. parVirtualWanName | No | Prefix Used for Virtual WAN. parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub. -parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. - `parUseCustomNamingScheme` - Switch to enable/disable custom naming scheme. When enabled a custom name can be given for Azure Firewall, ExpressRoute Gateway, VPN Gateway and Virtual Hubs. +parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. - `parVpnGatewayCustomName` - This parameter is used to specify a custom name for the VPN Gateway. - `parExpressRouteGatewayCustomName` - This parameter is used to specify a custom name for the ExpressRoute Gateway. - `parAzFirewallCustomName` - This parameter is used to specify a custom name for the Azure Firewall. - `parVirtualHubCustomName` - This parameter is used to specify a custom name for the Virtual Hub. parVpnGatewayName | No | VPN Gateway Name. parExpressRouteGatewayName | No | ExpressRoute Gateway Name. parAzFirewallName | No | Azure Firewall Name. @@ -124,8 +124,6 @@ Array Used for multiple Virtual WAN Hubs deployment. Each object in the array re - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. - `parUseCustomNamingScheme` - Switch to enable/disable custom naming scheme. When enabled a custom name can be given for Azure Firewall, ExpressRoute Gateway, VPN Gateway and Virtual Hubs. - - ### parVpnGatewayName ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index a8d17f6cc..63168a00b 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -29,16 +29,16 @@ type virtualWanOptionsType = ({ parVirtualHubRoutingIntentDestinations: ('Internet' | 'PrivateTraffic')[] @sys.description('This parameter is used to specify a custom name for the VPN Gateway.') - parVpnGatewayName: string? + parVpnGatewayCustomName: string? @sys.description('This parameter is used to specify a custom name for the ExpressRoute Gateway.') - parExpressRouteGatewayName: string? + parExpressRouteGatewayCustomName: string? @sys.description('This parameter is used to specify a custom name for the Azure Firewall.') - parAzFirewallName: string? + parAzFirewallCustomName: string? @sys.description('This parameter is used to specify a custom name for the Virtual WAN Hub.') - parVirtualWanHubName: string? + parVirtualWanHubCustomName: string? })[] @sys.description('Region in which the resource group was created.') @@ -88,7 +88,6 @@ param parVirtualWanHubName string = '${parCompanyPrefix}-vhub' - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. -- `parUseCustomNamingScheme` - Switch to enable/disable custom naming scheme. When enabled a custom name can be given for Azure Firewall, ExpressRoute Gateway, VPN Gateway and Virtual Hubs. ''') param parVirtualWanHubs virtualWanOptionsType = [ { @@ -251,7 +250,7 @@ resource resVwan 'Microsoft.Network/virtualWans@2023-04-01' = { } resource resVhub 'Microsoft.Network/virtualHubs@2023-04-01' = [for hub in parVirtualWanHubs: if (parVirtualHubEnabled && !empty(hub.parVirtualHubAddressPrefix)) { - name: hub.?parVirtualWanHubName ?? '${parVirtualWanHubName}-${hub.parHubLocation}' + name: hub.?parVirtualWanHubCustomName ?? '${parVirtualWanHubName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -290,7 +289,7 @@ resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-04 resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023-04-01' = [for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && hub.parAzFirewallEnabled && !empty(hub.parVirtualHubRoutingIntentDestinations)) { parent: resVhub[i] - name: !empty(hub.?parVirtualWanHubName) ? '${hub.parVirtualWanHubName}-Routing-Intent' : '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent' + name: !empty(hub.?parVirtualWanHubCustomName) ? '${hub.parVirtualWanHubCustomName}-Routing-Intent' : '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent' properties: { routingPolicies: [for destination in hub.parVirtualHubRoutingIntentDestinations: { name: destination == 'Internet' ? 'PublicTraffic' : destination == 'PrivateTraffic' ? 'PrivateTraffic' : 'N/A' @@ -304,7 +303,7 @@ resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023- resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parVpnGatewayEnabled)) { dependsOn: resVhub - name: hub.?parVpnGatewayName ?? '${parVpnGatewayName}-${hub.parHubLocation}' + name: hub.?parVpnGatewayCustomName ?? '${parVpnGatewayName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -322,7 +321,7 @@ resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i resource resErGateway 'Microsoft.Network/expressRouteGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parExpressRouteGatewayEnabled)) { dependsOn: resVhub - name: hub.?parExpressRouteGatewayName ?? '${parExpressRouteGatewayName}-${hub.parHubLocation}' + name: hub.?parExpressRouteGatewayCustomName ?? '${parExpressRouteGatewayName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags properties: { @@ -359,7 +358,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i } resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parAzFirewallEnabled)) { - name: hub.?parAzFirewallName ?? '${parAzFirewallName}-${hub.parHubLocation}' + name: hub.?parAzFirewallCustomName ?? '${parAzFirewallName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags zones: (!empty(parAzFirewallAvailabilityZones) ? parAzFirewallAvailabilityZones : null) From 38ba41dfcc5093b2296fd26145acac816984472f Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 17 Nov 2023 02:51:12 +0000 Subject: [PATCH 17/17] Generate Parameter Markdowns [oZakari/ef8a90cc] --- .../vwanConnectivity/generateddocs/vwanConnectivity.bicep.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index 876b74ab4..43ca83794 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -15,7 +15,7 @@ parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewal parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall. parVirtualWanName | No | Prefix Used for Virtual WAN. parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub. -parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. - `parVpnGatewayCustomName` - This parameter is used to specify a custom name for the VPN Gateway. - `parExpressRouteGatewayCustomName` - This parameter is used to specify a custom name for the ExpressRoute Gateway. - `parAzFirewallCustomName` - This parameter is used to specify a custom name for the Azure Firewall. - `parVirtualHubCustomName` - This parameter is used to specify a custom name for the Virtual Hub. +parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. parVpnGatewayName | No | VPN Gateway Name. parExpressRouteGatewayName | No | ExpressRoute Gateway Name. parAzFirewallName | No | Azure Firewall Name. @@ -122,7 +122,8 @@ Array Used for multiple Virtual WAN Hubs deployment. Each object in the array re - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. -- `parUseCustomNamingScheme` - Switch to enable/disable custom naming scheme. When enabled a custom name can be given for Azure Firewall, ExpressRoute Gateway, VPN Gateway and Virtual Hubs. + + ### parVpnGatewayName