diff --git a/scenarios/aca-internal/azure-resource-manager/main-portal-ux.json b/scenarios/aca-internal/azure-resource-manager/main-portal-ux.json index 4ea09607..6efb74fc 100644 --- a/scenarios/aca-internal/azure-resource-manager/main-portal-ux.json +++ b/scenarios/aca-internal/azure-resource-manager/main-portal-ux.json @@ -223,6 +223,22 @@ } ] }, + { + "name": "deployHub", + "type": "Microsoft.Common.CheckBox", + "label": "Deploy Hub", + "subLabel": "", + "defaultValue": true, + "toolTip": "Enable or disable the creation of a hub network and its supporting resources.", + "constraints": { + "required": false, + "regex": "", + "validationMessage": "", + "validations": [] + }, + "infoMessages": [], + "visible": true + }, { "name": "vnetAddressPrefixes", "type": "Microsoft.Common.TextBox", @@ -536,8 +552,24 @@ }, { "name": "flags", - "label": "Deployment feature flags", - "elements": [ + "label": "Deployment dedicated workload profile", + "elements": [ + { + "name": "workloadProfile", + "type": "Microsoft.Common.CheckBox", + "label": "Deploy Hub", + "subLabel": "", + "defaultValue": true, + "toolTip": "Enable this if you would like to deploy a dedicated workload profile called default.", + "constraints": { + "required": false, + "regex": "", + "validationMessage": "", + "validations": [] + }, + "infoMessages": [], + "visible": true + }, { "name": "enableBastion", "type": "Microsoft.Common.DropDown", diff --git a/scenarios/aca-internal/azure-resource-manager/main.json b/scenarios/aca-internal/azure-resource-manager/main.json index c34218ff..d925e6b2 100644 --- a/scenarios/aca-internal/azure-resource-manager/main.json +++ b/scenarios/aca-internal/azure-resource-manager/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14482725554206056949" + "version": "0.28.1.47646", + "templateHash": "16277921859141642795" } }, "parameters": { @@ -18,6 +18,13 @@ "description": "The name of the workload that is being deployed. Up to 10 characters long." } }, + "dedicatedWorkloadProfile": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional, Add a workload profile." + } + }, "environment": { "type": "string", "defaultValue": "test", @@ -40,6 +47,13 @@ "description": "Optional. The tags to be assigned to the created resources." } }, + "deployHub": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable or disable the creation of the Hub network and it's supporting services." + } + }, "hubResourceGroupName": { "type": "string", "defaultValue": "", @@ -59,6 +73,17 @@ "description": "Enable or disable the creation of the Azure Bastion." } }, + "bastionSku": { + "type": "string", + "defaultValue": "Basic", + "allowedValues": [ + "Basic", + "Standard" + ], + "metadata": { + "description": "Bastion sku, default is basic" + } + }, "bastionSubnetAddressPrefix": { "type": "string", "metadata": { @@ -107,6 +132,17 @@ "description": "The SSH public key to use for the virtual machine." } }, + "vmAuthenticationType": { + "type": "string", + "defaultValue": "password", + "allowedValues": [ + "sshPublicKey", + "password" + ], + "metadata": { + "description": "Type of authentication to use on the Virtual Machine. SSH key is recommended." + } + }, "vmJumpboxOSType": { "type": "string", "defaultValue": "none", @@ -237,7 +273,7 @@ } }, "variables": { - "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", + "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\",\r\n \"azureAISearch\": \"srch\",\r\n \"documentIntelligence\": \"di\",\r\n \"eventGridSystemTopic\": \"egst\",\r\n \"eventGridSubscription\": \"evgs\",\r\n \"mysqlServer\": \"mysql\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", "namingRules": "[json(variables('$fxv#0'))]", "rgHubName": "[if(not(empty(parameters('hubResourceGroupName'))), parameters('hubResourceGroupName'), format('{0}-{1}-hub-{2}-{3}', variables('namingRules').resourceTypeAbbreviations.resourceGroup, parameters('workloadName'), parameters('environment'), variables('namingRules').regionAbbreviations[toLower(parameters('location'))]))]", "rgSpokeName": "[if(not(empty(parameters('spokeResourceGroupName'))), parameters('spokeResourceGroupName'), format('{0}-{1}-spoke-{2}-{3}', variables('namingRules').resourceTypeAbbreviations.resourceGroup, parameters('workloadName'), parameters('environment'), variables('namingRules').regionAbbreviations[toLower(parameters('location'))]))]" @@ -251,6 +287,7 @@ "tags": "[parameters('tags')]" }, { + "condition": "[parameters('deployHub')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[take(format('hub-{0}-deployment', deployment().name), 64)]", @@ -282,6 +319,9 @@ "enableBastion": { "value": "[parameters('enableBastion')]" }, + "bastionSku": { + "value": "[parameters('bastionSku')]" + }, "bastionSubnetAddressPrefix": { "value": "[parameters('bastionSubnetAddressPrefix')]" }, @@ -304,8 +344,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14717763998291301658" + "version": "0.28.1.47646", + "templateHash": "17895406598349441412" } }, "parameters": { @@ -357,6 +397,17 @@ "description": "Enable or disable the creation of the Azure Bastion." } }, + "bastionSku": { + "type": "string", + "defaultValue": "Basic", + "allowedValues": [ + "Basic", + "Standard" + ], + "metadata": { + "description": "Bastion sku, default is basic" + } + }, "bastionSubnetAddressPrefix": { "type": "string", "metadata": { @@ -389,7 +440,7 @@ } }, "variables": { - "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", + "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\",\r\n \"azureAISearch\": \"srch\",\r\n \"documentIntelligence\": \"di\",\r\n \"eventGridSystemTopic\": \"egst\",\r\n \"eventGridSubscription\": \"evgs\",\r\n \"mysqlServer\": \"mysql\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", "gatewaySubnetName": "GatewaySubnet", "azureFirewallSubnetName": "AzureFirewallSubnet", "AzureFirewallManagementSubnetName": "AzureFirewallManagementSubnet", @@ -453,8 +504,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17847326324384615666" + "version": "0.28.1.47646", + "templateHash": "5928160571951609193" } }, "parameters": { @@ -616,8 +667,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2291204764315289154" + "version": "0.28.1.47646", + "templateHash": "11791113627827812288" } }, "parameters": { @@ -650,7 +701,7 @@ } }, "variables": { - "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", + "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\",\r\n \"azureAISearch\": \"srch\",\r\n \"documentIntelligence\": \"di\",\r\n \"eventGridSystemTopic\": \"egst\",\r\n \"eventGridSubscription\": \"evgs\",\r\n \"mysqlServer\": \"mysql\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", "naming": "[json(variables('$fxv#0'))]", "uniqueIdShort": "[substring(parameters('uniqueId'), 0, 5)]", "resourceTypeToken": "RES_TYPE", @@ -696,7 +747,15 @@ "vmJumpBox": "[replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine)]", "vmJumpBoxNsg": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.networkSecurityGroup, replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine))]", "vmJumpBoxNic": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.networkInterface, replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine))]", - "frontDoor": "[replace(variables('namingBase'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.frontDoor)]" + "frontDoor": "[replace(variables('namingBase'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.frontDoor)]", + "azureAISearch": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.azureAISearch)]", + "azureAISearchPep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.azureAISearch))]", + "documentIntelligence": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.documentIntelligence)]", + "documentIntelligencePep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.documentIntelligence))]", + "eventGridSystemTopic": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSystemTopic)]", + "eventGridSystemTopicPep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSystemTopic))]", + "eventGridSubscription": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSubscription)]", + "mysqlServer": "[take(toLower(replace(replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.mysqlServer), '-', '')), 24)]" } }, "resources": [], @@ -752,8 +811,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "814413740097423608" + "version": "0.28.1.47646", + "templateHash": "13723632967755413160" } }, "parameters": { @@ -903,8 +962,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9504531883848133858" + "version": "0.28.1.47646", + "templateHash": "2011897887802276035" } }, "parameters": { @@ -1296,8 +1355,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12070682731577549681" + "version": "0.28.1.47646", + "templateHash": "10312721016808065596" } }, "definitions": { @@ -1829,8 +1888,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4760444240554037718" + "version": "0.28.1.47646", + "templateHash": "10411711349032966522" } }, "parameters": { @@ -2124,8 +2183,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10254776496318105172" + "version": "0.28.1.47646", + "templateHash": "11615019865326990585" } }, "parameters": { @@ -2341,8 +2400,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4760444240554037718" + "version": "0.28.1.47646", + "templateHash": "10411711349032966522" } }, "parameters": { @@ -2636,8 +2695,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10254776496318105172" + "version": "0.28.1.47646", + "templateHash": "11615019865326990585" } }, "parameters": { @@ -2939,6 +2998,9 @@ "tags": { "value": "[parameters('tags')]" }, + "sku": { + "value": "[parameters('bastionSku')]" + }, "bastionName": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgHubName')), 'Microsoft.Resources/deployments', take(format('01-sharedNamingDeployment-{0}', deployment().name), 64)), '2022-09-01').outputs.resourcesNames.value.bastion]" }, @@ -2964,8 +3026,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14393073571541598464" + "version": "0.28.1.47646", + "templateHash": "12733050577653225433" } }, "parameters": { @@ -2982,6 +3044,17 @@ "description": "The name of the bastion host to create." } }, + "sku": { + "type": "string", + "defaultValue": "Basic", + "allowedValues": [ + "Basic", + "Standard" + ], + "metadata": { + "description": "Bastion sku, default is basic" + } + }, "bastionVNetName": { "type": "string", "metadata": { @@ -3051,11 +3124,16 @@ }, { "type": "Microsoft.Network/bastionHosts", - "apiVersion": "2021-02-01", + "apiVersion": "2022-07-01", "name": "[parameters('bastionName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", + "sku": { + "name": "[parameters('sku')]" + }, "properties": { + "enableTunneling": "[if(equals(parameters('sku'), 'Standard'), true(), false())]", + "enableFileCopy": "[if(equals(parameters('sku'), 'Standard'), true(), false())]", "ipConfigurations": [ { "name": "ipconf", @@ -3221,6 +3299,13 @@ }, "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgHubName')), 'Microsoft.Resources/deployments', take(format('vnetHub-{0}', deployment().name), 64)), '2022-09-01').outputs.vnetId.value]" }, + "hubVnetName": { + "type": "string", + "metadata": { + "description": "The name of hub virtual network" + }, + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgHubName')), 'Microsoft.Resources/deployments', take(format('vnetHub-{0}', deployment().name), 64)), '2022-09-01').outputs.vnetName.value]" + }, "resourceGroupName": { "type": "string", "metadata": { @@ -3265,8 +3350,15 @@ "workloadName": { "value": "[parameters('workloadName')]" }, - "hubVNetId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('hub-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.hubVNetId.value]" + "hubVNetId": "[if(parameters('deployHub'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('hub-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.hubVNetId.value), createObject('value', ''))]", + "enableBastion": { + "value": "[parameters('enableBastion')]" + }, + "bastionSku": { + "value": "[parameters('bastionSku')]" + }, + "bastionSubnetAddressPrefix": { + "value": "[parameters('bastionSubnetAddressPrefix')]" }, "spokeApplicationGatewaySubnetAddressPrefix": { "value": "[parameters('spokeApplicationGatewaySubnetAddressPrefix')]" @@ -3280,9 +3372,7 @@ "spokeVNetAddressPrefixes": { "value": "[parameters('spokeVNetAddressPrefixes')]" }, - "networkApplianceIpAddress": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('hub-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.networkApplianceIpAddress.value]" - }, + "networkApplianceIpAddress": "[if(parameters('deployHub'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('hub-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.networkApplianceIpAddress.value), createObject('value', ''))]", "vmSize": { "value": "[parameters('vmSize')]" }, @@ -3301,6 +3391,9 @@ "vmJumpBoxSubnetAddressPrefix": { "value": "[parameters('vmJumpBoxSubnetAddressPrefix')]" }, + "vmAuthenticationType": { + "value": "[parameters('vmAuthenticationType')]" + }, "deployAzurePolicies": { "value": "[parameters('deployAzurePolicies')]" } @@ -3311,8 +3404,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6800856517727767534" + "version": "0.28.1.47646", + "templateHash": "12378978688176318356" } }, "parameters": { @@ -3457,16 +3550,45 @@ "description": "CIDR to use for the jump box subnet." } }, + "vmAuthenticationType": { + "type": "string", + "defaultValue": "password", + "allowedValues": [ + "sshPublicKey", + "password" + ], + "metadata": { + "description": "Type of authentication to use on the Virtual Machine. SSH key is recommended." + } + }, "deployAzurePolicies": { "type": "bool", "defaultValue": true, "metadata": { "description": "Optional, default value is true. If true, Azure Policies will be deployed" } + }, + "enableBastion": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Enable or disable the creation of the Azure Bastion in spoke network." + } + }, + "bastionSubnetAddressPrefix": { + "type": "string", + "defaultValue": "10.1.2.64/26", + "metadata": { + "description": "CIDR to use for the Azure Bastion subnet." + } + }, + "bastionSku": { + "type": "string", + "defaultValue": "Basic" } }, "variables": { - "$fxv#0": "{\n //security rules (as of 2023-march-10): https://learn.microsoft.com/azure/container-apps/firewall-integration#nsg-allow-rules\n //Inbound rules are not required, if we leave the default inbound rules 65000 and 65001\n \"securityRules\": [\n // {\n // \"name\": \"Allow_communication_between_IPs_in_the_infra_subnet\",\n // \"properties\": {\n // \"description\": \"Allow communication between IPs in the infrastructure subnet. This address is passed as a parameter when you create an environment. For example, 10.0.0.0/21.\",\n // \"protocol\": \"*\",\n // \"sourceAddressPrefix\": \"10.0.0.0/21\",\n // \"sourcePortRange\": \"*\",\n // \"destinationAddressPrefix\": \"10.0.0.0/21\",\n // \"destinationPortRange\": \"*\",\n // \"access\": \"Allow\",\n // \"priority\": 100,\n // \"direction\": \"Inbound\"\n // }\n // },\n // {\n // \"name\": \"Allow_Azure_Loadbalancer_To_Communicate_with_the_Environment\",\n // \"properties\": {\n // \"description\": \"Allow the Azure infrastructure load balancer to communicate with your environment.\",\n // \"protocol\": \"*\",\n // \"sourceAddressPrefix\": \"AzureLoadBalancer\",\n // \"sourcePortRange\": \"*\",\n // \"destinationAddressPrefix\": \"10.0.0.0/21\",\n // \"destinationPortRange\": \"*\",\n // \"access\": \"Allow\",\n // \"priority\": 110,\n // \"direction\": \"Inbound\"\n // }\n // },\n {\n \"name\": \"Allow_Internal_AKS_Connection_Between_Nodes_And_Control_Plane_UDP\",\n \"properties\": {\n \"description\": \"internal AKS secure connection between underlying nodes and control plane..\",\n \"protocol\": \"UDP\",\n \"sourceAddressPrefix\": \"VirtualNetwork\",\n \"sourcePortRange\": \"*\",\n \"destinationAddressPrefix\": \"AzureCloud.\",\n \"destinationPortRange\": \"1194\",\n \"access\": \"Allow\",\n \"priority\": 100,\n \"direction\": \"Outbound\"\n }\n },\n {\n \"name\": \"Allow_Internal_AKS_Connection_Between_Nodes_And_Control_Plane_TCP\",\n \"properties\": {\n \"description\": \"internal AKS secure connection between underlying nodes and control plane..\",\n \"protocol\": \"TCP\",\n \"sourceAddressPrefix\": \"VirtualNetwork\",\n \"sourcePortRange\": \"*\",\n \"destinationAddressPrefix\": \"AzureCloud.\",\n \"destinationPortRange\": \"9000\",\n \"access\": \"Allow\",\n \"priority\": 110,\n \"direction\": \"Outbound\"\n }\n },\n {\n \"name\": \"Allow_Azure_Monitor\",\n \"properties\": {\n \"description\": \"Allows outbound calls to Azure Monitor.\",\n \"protocol\": \"TCP\",\n \"sourceAddressPrefix\": \"VirtualNetwork\",\n \"sourcePortRange\": \"*\",\n \"destinationAddressPrefix\": \"AzureCloud.\",\n \"destinationPortRange\": \"443\",\n \"access\": \"Allow\",\n \"priority\": 120,\n \"direction\": \"Outbound\"\n }\n },\n {\n \"name\": \"Allow_Outbound_443\",\n \"properties\": {\n \"description\": \"Allowing all outbound on port 443 provides a way to allow all FQDN based outbound dependencies that don't have a static IP\",\n \"protocol\": \"TCP\",\n \"sourceAddressPrefix\": \"VirtualNetwork\",\n \"sourcePortRange\": \"*\",\n \"destinationAddressPrefix\": \"*\",\n \"destinationPortRange\": \"443\",\n \"access\": \"Allow\",\n \"priority\": 130,\n \"direction\": \"Outbound\"\n }\n },\n {\n \"name\": \"Allow_NTP_Server\",\n \"properties\": {\n \"description\": \"NTP server\",\n \"protocol\": \"UDP\",\n \"sourceAddressPrefix\": \"VirtualNetwork\",\n \"sourcePortRange\": \"*\",\n \"destinationAddressPrefix\": \"*\",\n \"destinationPortRange\": \"123\",\n \"access\": \"Allow\",\n \"priority\": 140,\n \"direction\": \"Outbound\"\n }\n },\n {\n \"name\": \"Allow_Container_Apps_control_plane\",\n \"properties\": {\n \"description\": \"Container Apps control plane\",\n \"protocol\": \"TCP\",\n \"sourceAddressPrefix\": \"VirtualNetwork\",\n \"sourcePortRange\": \"*\",\n \"destinationAddressPrefix\": \"*\",\n \"destinationPortRanges\": [\n \"5671\",\n \"5672\"\n ],\n \"access\": \"Allow\",\n \"priority\": 150,\n \"direction\": \"Outbound\"\n }\n }\n ]\n}", + "$fxv#0": "{\r\n //security rules (as of 2023-march-10): https://learn.microsoft.com/azure/container-apps/firewall-integration#nsg-allow-rules\r\n //Inbound rules are not required, if we leave the default inbound rules 65000 and 65001\r\n \"securityRules\": [\r\n // {\r\n // \"name\": \"Allow_communication_between_IPs_in_the_infra_subnet\",\r\n // \"properties\": {\r\n // \"description\": \"Allow communication between IPs in the infrastructure subnet. This address is passed as a parameter when you create an environment. For example, 10.0.0.0/21.\",\r\n // \"protocol\": \"*\",\r\n // \"sourceAddressPrefix\": \"10.0.0.0/21\",\r\n // \"sourcePortRange\": \"*\",\r\n // \"destinationAddressPrefix\": \"10.0.0.0/21\",\r\n // \"destinationPortRange\": \"*\",\r\n // \"access\": \"Allow\",\r\n // \"priority\": 100,\r\n // \"direction\": \"Inbound\"\r\n // }\r\n // },\r\n // {\r\n // \"name\": \"Allow_Azure_Loadbalancer_To_Communicate_with_the_Environment\",\r\n // \"properties\": {\r\n // \"description\": \"Allow the Azure infrastructure load balancer to communicate with your environment.\",\r\n // \"protocol\": \"*\",\r\n // \"sourceAddressPrefix\": \"AzureLoadBalancer\",\r\n // \"sourcePortRange\": \"*\",\r\n // \"destinationAddressPrefix\": \"10.0.0.0/21\",\r\n // \"destinationPortRange\": \"*\",\r\n // \"access\": \"Allow\",\r\n // \"priority\": 110,\r\n // \"direction\": \"Inbound\"\r\n // }\r\n // },\r\n {\r\n \"name\": \"Allow_Internal_AKS_Connection_Between_Nodes_And_Control_Plane_UDP\",\r\n \"properties\": {\r\n \"description\": \"internal AKS secure connection between underlying nodes and control plane..\",\r\n \"protocol\": \"UDP\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationAddressPrefix\": \"AzureCloud.\",\r\n \"destinationPortRange\": \"1194\",\r\n \"access\": \"Allow\",\r\n \"priority\": 100,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"Allow_Internal_AKS_Connection_Between_Nodes_And_Control_Plane_TCP\",\r\n \"properties\": {\r\n \"description\": \"internal AKS secure connection between underlying nodes and control plane..\",\r\n \"protocol\": \"TCP\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationAddressPrefix\": \"AzureCloud.\",\r\n \"destinationPortRange\": \"9000\",\r\n \"access\": \"Allow\",\r\n \"priority\": 110,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"Allow_Azure_Monitor\",\r\n \"properties\": {\r\n \"description\": \"Allows outbound calls to Azure Monitor.\",\r\n \"protocol\": \"TCP\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationAddressPrefix\": \"AzureCloud.\",\r\n \"destinationPortRange\": \"443\",\r\n \"access\": \"Allow\",\r\n \"priority\": 120,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"Allow_Outbound_443\",\r\n \"properties\": {\r\n \"description\": \"Allowing all outbound on port 443 provides a way to allow all FQDN based outbound dependencies that don't have a static IP\",\r\n \"protocol\": \"TCP\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"destinationPortRange\": \"443\",\r\n \"access\": \"Allow\",\r\n \"priority\": 130,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"Allow_NTP_Server\",\r\n \"properties\": {\r\n \"description\": \"NTP server\",\r\n \"protocol\": \"UDP\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"destinationPortRange\": \"123\",\r\n \"access\": \"Allow\",\r\n \"priority\": 140,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"Allow_Container_Apps_control_plane\",\r\n \"properties\": {\r\n \"description\": \"Container Apps control plane\",\r\n \"protocol\": \"TCP\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"destinationPortRanges\": [\r\n \"5671\",\r\n \"5672\"\r\n ],\r\n \"access\": \"Allow\",\r\n \"priority\": 150,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n}", "$fxv#1": [ { "name": "HealthProbes", @@ -3525,16 +3647,17 @@ } } ], - "$fxv#2": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", + "$fxv#2": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\",\r\n \"azureAISearch\": \"srch\",\r\n \"documentIntelligence\": \"di\",\r\n \"eventGridSystemTopic\": \"egst\",\r\n \"eventGridSubscription\": \"evgs\",\r\n \"mysqlServer\": \"mysql\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", "locationVar": "[if(equals(parameters('location'), 'francecentral'), 'centralfrance', parameters('location'))]", "nsgCaeRules": "[json(replace(variables('$fxv#0'), '', variables('locationVar')))]", "nsgAppGwRules": "[variables('$fxv#1')]", "namingRules": "[json(variables('$fxv#2'))]", "rgSpokeName": "[if(not(empty(parameters('spokeResourceGroupName'))), parameters('spokeResourceGroupName'), format('{0}-{1}-spoke-{2}-{3}', variables('namingRules').resourceTypeAbbreviations.resourceGroup, parameters('workloadName'), parameters('environment'), variables('namingRules').regionAbbreviations[toLower(parameters('location'))]))]", - "hubVNetResourceIdTokens": "[if(not(empty(parameters('hubVNetId'))), split(parameters('hubVNetId'), '/'), array(''))]", - "hubSubscriptionId": "[variables('hubVNetResourceIdTokens')[2]]", - "hubResourceGroupName": "[variables('hubVNetResourceIdTokens')[4]]", - "hubVNetName": "[variables('hubVNetResourceIdTokens')[8]]" + "hubVNetResourceIdTokens": "[if(contains(parameters('hubVNetId'), '/'), split(parameters('hubVNetId'), '/'), array(''))]", + "hubVNetName": "[if(greater(length(variables('hubVNetResourceIdTokens')), 7), variables('hubVNetResourceIdTokens')[8], '')]", + "hubSubscriptionId": "[if(greater(length(variables('hubVNetResourceIdTokens')), 1), variables('hubVNetResourceIdTokens')[2], '')]", + "hubResourceGroupName": "[if(greater(length(variables('hubVNetResourceIdTokens')), 3), variables('hubVNetResourceIdTokens')[4], '')]", + "bastionSubnetName": "AzureBastionSubnet" }, "resources": [ { @@ -3577,8 +3700,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2291204764315289154" + "version": "0.28.1.47646", + "templateHash": "11791113627827812288" } }, "parameters": { @@ -3611,7 +3734,7 @@ } }, "variables": { - "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", + "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\",\r\n \"azureAISearch\": \"srch\",\r\n \"documentIntelligence\": \"di\",\r\n \"eventGridSystemTopic\": \"egst\",\r\n \"eventGridSubscription\": \"evgs\",\r\n \"mysqlServer\": \"mysql\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", "naming": "[json(variables('$fxv#0'))]", "uniqueIdShort": "[substring(parameters('uniqueId'), 0, 5)]", "resourceTypeToken": "RES_TYPE", @@ -3657,7 +3780,15 @@ "vmJumpBox": "[replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine)]", "vmJumpBoxNsg": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.networkSecurityGroup, replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine))]", "vmJumpBoxNic": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.networkInterface, replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine))]", - "frontDoor": "[replace(variables('namingBase'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.frontDoor)]" + "frontDoor": "[replace(variables('namingBase'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.frontDoor)]", + "azureAISearch": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.azureAISearch)]", + "azureAISearchPep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.azureAISearch))]", + "documentIntelligence": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.documentIntelligence)]", + "documentIntelligencePep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.documentIntelligence))]", + "eventGridSystemTopic": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSystemTopic)]", + "eventGridSystemTopicPep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSystemTopic))]", + "eventGridSubscription": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSubscription)]", + "mysqlServer": "[take(toLower(replace(replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.mysqlServer), '-', '')), 24)]" } }, "resources": [], @@ -3700,7 +3831,7 @@ "tags": { "value": "[parameters('tags')]" }, - "subnets": "[if(not(equals(parameters('vmJumpboxOSType'), 'none')), createObject('value', concat(if(not(empty(parameters('spokeApplicationGatewaySubnetAddressPrefix'))), concat(createArray(createObject('name', parameters('spokeInfraSubnetName'), 'properties', createObject('addressPrefix', parameters('spokeInfraSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgContainerAppsEnvironment-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value), 'routeTable', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('egressLockdownUdr-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)), '2022-09-01').outputs.resourceId.value), 'delegations', createArray(createObject('name', 'envdelegation', 'properties', createObject('serviceName', 'Microsoft.App/environments'))))), createObject('name', parameters('spokePrivateEndpointsSubnetName'), 'properties', createObject('addressPrefix', parameters('spokePrivateEndpointsSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgPep-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value)))), createArray(createObject('name', parameters('spokeApplicationGatewaySubnetName'), 'properties', createObject('addressPrefix', parameters('spokeApplicationGatewaySubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgAppGw-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value))))), createArray(createObject('name', parameters('spokeInfraSubnetName'), 'properties', createObject('addressPrefix', parameters('spokeInfraSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgContainerAppsEnvironment-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value), 'routeTable', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('egressLockdownUdr-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)), '2022-09-01').outputs.resourceId.value), 'delegations', createArray(createObject('name', 'envdelegation', 'properties', createObject('serviceName', 'Microsoft.App/environments'))))), createObject('name', parameters('spokePrivateEndpointsSubnetName'), 'properties', createObject('addressPrefix', parameters('spokePrivateEndpointsSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgPep-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value))))), createArray(createObject('name', parameters('vmSubnetName'), 'properties', createObject('addressPrefix', parameters('vmJumpBoxSubnetAddressPrefix')))))), if(not(empty(parameters('spokeApplicationGatewaySubnetAddressPrefix'))), createObject('value', concat(createArray(createObject('name', parameters('spokeInfraSubnetName'), 'properties', createObject('addressPrefix', parameters('spokeInfraSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgContainerAppsEnvironment-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value), 'routeTable', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('egressLockdownUdr-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)), '2022-09-01').outputs.resourceId.value), 'delegations', createArray(createObject('name', 'envdelegation', 'properties', createObject('serviceName', 'Microsoft.App/environments'))))), createObject('name', parameters('spokePrivateEndpointsSubnetName'), 'properties', createObject('addressPrefix', parameters('spokePrivateEndpointsSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgPep-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value)))), createArray(createObject('name', parameters('spokeApplicationGatewaySubnetName'), 'properties', createObject('addressPrefix', parameters('spokeApplicationGatewaySubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgAppGw-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value)))))), createObject('value', createArray(createObject('name', parameters('spokeInfraSubnetName'), 'properties', createObject('addressPrefix', parameters('spokeInfraSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgContainerAppsEnvironment-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value), 'routeTable', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('egressLockdownUdr-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)), '2022-09-01').outputs.resourceId.value), 'delegations', createArray(createObject('name', 'envdelegation', 'properties', createObject('serviceName', 'Microsoft.App/environments'))))), createObject('name', parameters('spokePrivateEndpointsSubnetName'), 'properties', createObject('addressPrefix', parameters('spokePrivateEndpointsSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgPep-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value)))))))]", + "subnets": "[if(not(equals(parameters('vmJumpboxOSType'), 'none')), createObject('value', concat(if(not(empty(parameters('spokeApplicationGatewaySubnetAddressPrefix'))), concat(if(and(empty(variables('hubVNetName')), parameters('enableBastion')), concat(createArray(createObject('name', parameters('spokeInfraSubnetName'), 'properties', createObject('addressPrefix', parameters('spokeInfraSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgContainerAppsEnvironment-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value), 'routeTable', if(not(equals(parameters('networkApplianceIpAddress'), '')), createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('egressLockdownUdr-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)), '2022-09-01').outputs.resourceId.value), null()), 'delegations', createArray(createObject('name', 'envdelegation', 'properties', createObject('serviceName', 'Microsoft.App/environments'))))), createObject('name', parameters('spokePrivateEndpointsSubnetName'), 'properties', createObject('addressPrefix', parameters('spokePrivateEndpointsSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgPep-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value)))), createArray(createObject('name', variables('bastionSubnetName'), 'properties', createObject('addressPrefix', parameters('bastionSubnetAddressPrefix'))))), createArray(createObject('name', parameters('spokeInfraSubnetName'), 'properties', createObject('addressPrefix', parameters('spokeInfraSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgContainerAppsEnvironment-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value), 'routeTable', if(not(equals(parameters('networkApplianceIpAddress'), '')), createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('egressLockdownUdr-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)), '2022-09-01').outputs.resourceId.value), null()), 'delegations', createArray(createObject('name', 'envdelegation', 'properties', createObject('serviceName', 'Microsoft.App/environments'))))), createObject('name', parameters('spokePrivateEndpointsSubnetName'), 'properties', createObject('addressPrefix', parameters('spokePrivateEndpointsSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgPep-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value))))), createArray(createObject('name', parameters('spokeApplicationGatewaySubnetName'), 'properties', createObject('addressPrefix', parameters('spokeApplicationGatewaySubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgAppGw-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value))))), if(and(empty(variables('hubVNetName')), parameters('enableBastion')), concat(createArray(createObject('name', parameters('spokeInfraSubnetName'), 'properties', createObject('addressPrefix', parameters('spokeInfraSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgContainerAppsEnvironment-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value), 'routeTable', if(not(equals(parameters('networkApplianceIpAddress'), '')), createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('egressLockdownUdr-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)), '2022-09-01').outputs.resourceId.value), null()), 'delegations', createArray(createObject('name', 'envdelegation', 'properties', createObject('serviceName', 'Microsoft.App/environments'))))), createObject('name', parameters('spokePrivateEndpointsSubnetName'), 'properties', createObject('addressPrefix', parameters('spokePrivateEndpointsSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgPep-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value)))), createArray(createObject('name', variables('bastionSubnetName'), 'properties', createObject('addressPrefix', parameters('bastionSubnetAddressPrefix'))))), createArray(createObject('name', parameters('spokeInfraSubnetName'), 'properties', createObject('addressPrefix', parameters('spokeInfraSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgContainerAppsEnvironment-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value), 'routeTable', if(not(equals(parameters('networkApplianceIpAddress'), '')), createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('egressLockdownUdr-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)), '2022-09-01').outputs.resourceId.value), null()), 'delegations', createArray(createObject('name', 'envdelegation', 'properties', createObject('serviceName', 'Microsoft.App/environments'))))), createObject('name', parameters('spokePrivateEndpointsSubnetName'), 'properties', createObject('addressPrefix', parameters('spokePrivateEndpointsSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgPep-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value)))))), createArray(createObject('name', parameters('vmSubnetName'), 'properties', createObject('addressPrefix', parameters('vmJumpBoxSubnetAddressPrefix')))))), if(not(empty(parameters('spokeApplicationGatewaySubnetAddressPrefix'))), createObject('value', concat(if(and(empty(variables('hubVNetName')), parameters('enableBastion')), concat(createArray(createObject('name', parameters('spokeInfraSubnetName'), 'properties', createObject('addressPrefix', parameters('spokeInfraSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgContainerAppsEnvironment-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value), 'routeTable', if(not(equals(parameters('networkApplianceIpAddress'), '')), createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('egressLockdownUdr-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)), '2022-09-01').outputs.resourceId.value), null()), 'delegations', createArray(createObject('name', 'envdelegation', 'properties', createObject('serviceName', 'Microsoft.App/environments'))))), createObject('name', parameters('spokePrivateEndpointsSubnetName'), 'properties', createObject('addressPrefix', parameters('spokePrivateEndpointsSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgPep-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value)))), createArray(createObject('name', variables('bastionSubnetName'), 'properties', createObject('addressPrefix', parameters('bastionSubnetAddressPrefix'))))), createArray(createObject('name', parameters('spokeInfraSubnetName'), 'properties', createObject('addressPrefix', parameters('spokeInfraSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgContainerAppsEnvironment-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value), 'routeTable', if(not(equals(parameters('networkApplianceIpAddress'), '')), createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('egressLockdownUdr-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)), '2022-09-01').outputs.resourceId.value), null()), 'delegations', createArray(createObject('name', 'envdelegation', 'properties', createObject('serviceName', 'Microsoft.App/environments'))))), createObject('name', parameters('spokePrivateEndpointsSubnetName'), 'properties', createObject('addressPrefix', parameters('spokePrivateEndpointsSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgPep-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value))))), createArray(createObject('name', parameters('spokeApplicationGatewaySubnetName'), 'properties', createObject('addressPrefix', parameters('spokeApplicationGatewaySubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgAppGw-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value)))))), if(and(empty(variables('hubVNetName')), parameters('enableBastion')), createObject('value', concat(createArray(createObject('name', parameters('spokeInfraSubnetName'), 'properties', createObject('addressPrefix', parameters('spokeInfraSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgContainerAppsEnvironment-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value), 'routeTable', if(not(equals(parameters('networkApplianceIpAddress'), '')), createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('egressLockdownUdr-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)), '2022-09-01').outputs.resourceId.value), null()), 'delegations', createArray(createObject('name', 'envdelegation', 'properties', createObject('serviceName', 'Microsoft.App/environments'))))), createObject('name', parameters('spokePrivateEndpointsSubnetName'), 'properties', createObject('addressPrefix', parameters('spokePrivateEndpointsSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgPep-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value)))), createArray(createObject('name', variables('bastionSubnetName'), 'properties', createObject('addressPrefix', parameters('bastionSubnetAddressPrefix')))))), createObject('value', createArray(createObject('name', parameters('spokeInfraSubnetName'), 'properties', createObject('addressPrefix', parameters('spokeInfraSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgContainerAppsEnvironment-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value), 'routeTable', if(not(equals(parameters('networkApplianceIpAddress'), '')), createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('egressLockdownUdr-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)), '2022-09-01').outputs.resourceId.value), null()), 'delegations', createArray(createObject('name', 'envdelegation', 'properties', createObject('serviceName', 'Microsoft.App/environments'))))), createObject('name', parameters('spokePrivateEndpointsSubnetName'), 'properties', createObject('addressPrefix', parameters('spokePrivateEndpointsSubnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('nsgPep-{0}', deployment().name), 64)), '2022-09-01').outputs.nsgId.value))))))))]", "vnetAddressPrefixes": { "value": "[parameters('spokeVNetAddressPrefixes')]" } @@ -3711,8 +3842,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "814413740097423608" + "version": "0.28.1.47646", + "templateHash": "13723632967755413160" } }, "parameters": { @@ -3848,8 +3979,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17847326324384615666" + "version": "0.28.1.47646", + "templateHash": "5928160571951609193" } }, "parameters": { @@ -4014,8 +4145,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5398082119936880999" + "version": "0.28.1.47646", + "templateHash": "14440237831067286611" } }, "parameters": { @@ -4206,8 +4337,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5398082119936880999" + "version": "0.28.1.47646", + "templateHash": "14440237831067286611" } }, "parameters": { @@ -4397,8 +4528,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5398082119936880999" + "version": "0.28.1.47646", + "templateHash": "14440237831067286611" } }, "parameters": { @@ -4556,7 +4687,7 @@ } }, { - "condition": "[not(empty(parameters('hubVNetId')))]", + "condition": "[not(empty(variables('hubVNetName')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[take(format('{0}-peerSpokeToHubDeployment', deployment().name), 64)]", @@ -4586,8 +4717,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7987784012274817199" + "version": "0.28.1.47646", + "templateHash": "15945919731749145822" } }, "parameters": { @@ -4643,7 +4774,7 @@ } }, { - "condition": "[not(empty(parameters('hubVNetId')))]", + "condition": "[not(empty(variables('hubVNetName')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[take(format('{0}-peerHubToSpokeDeployment', deployment().name), 64)]", @@ -4674,8 +4805,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7987784012274817199" + "version": "0.28.1.47646", + "templateHash": "15945919731749145822" } }, "parameters": { @@ -4731,6 +4862,7 @@ } }, { + "condition": "[not(equals(parameters('networkApplianceIpAddress'), ''))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[take(format('egressLockdownUdr-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)]", @@ -4769,8 +4901,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7540037590953318002" + "version": "0.28.1.47646", + "templateHash": "8758218984864477327" } }, "parameters": { @@ -4888,8 +5020,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "18358369372560772682" + "version": "0.28.1.47646", + "templateHash": "16271650836375679386" } }, "parameters": { @@ -5119,6 +5251,9 @@ }, "vmNetworkSecurityGroupName": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('02-sharedNamingDeployment-{0}', deployment().name), 64)), '2022-09-01').outputs.resourcesNames.value.vmJumpBoxNsg]" + }, + "vmAuthenticationType": { + "value": "[parameters('vmAuthenticationType')]" } }, "template": { @@ -5127,8 +5262,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2869628300835156309" + "version": "0.28.1.47646", + "templateHash": "3329187883771628758" } }, "parameters": { @@ -5256,7 +5391,7 @@ "osProfile": { "computerName": "[parameters('vmName')]", "adminUsername": "[parameters('vmAdminUsername')]", - "adminPassword": "[parameters('vmAdminPassword')]", + "adminPassword": "[if(equals(parameters('vmAuthenticationType'), 'password'), parameters('vmAdminPassword'), null())]", "linuxConfiguration": "[if(equals(parameters('vmAuthenticationType'), 'password'), null(), variables('linuxConfiguration'))]" }, "hardwareProfile": { @@ -5352,8 +5487,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9443647075366481353" + "version": "0.28.1.47646", + "templateHash": "2039155298805475097" } }, "parameters": { @@ -5365,7 +5500,7 @@ }, "vmWindowsOSVersion": { "type": "string", - "defaultValue": "2016-Datacenter" + "defaultValue": "2022-Datacenter" }, "vmVnetName": { "type": "string" @@ -5529,8 +5664,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12489113928884745605" + "version": "0.28.1.47646", + "templateHash": "161717285086746861" } }, "parameters": { @@ -5548,14 +5683,14 @@ } }, "variables": { - "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", - "$fxv#1": "{\n \"properties\": {\n \"displayName\": \"Azure Container Apps allowed container registries\",\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"description\": \"This policy enables you to restrict the list of container registries for Azure Container Apps.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Azure Container Apps\"\n },\n \"parameters\": {\n \"listOfAllowedContainerRegistries\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"Allowed container registries\",\n \"description\": \"The list of container registries that can be specified when deploying resources.\"\n },\n \"defaultValue\": [\n \"mcr.microsoft.com\"\n ]\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Audit\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [{\n \"field\": \"type\",\n \"equals\": \"Microsoft.App/containerApps\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.App/containerApps/template.containers[*]\",\n \"where\": {\n \"value\": \"[split(first(field('Microsoft.App/containerApps/template.containers[*].image')), '/')[0]]\",\n \"notIn\": \"[parameters('listOfAllowedContainerRegistries')]\"\n }\n },\n \"greater\": 0\n }\n ]\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\"\n }\n }\n }\n}", - "$fxv#2": "{\n \"properties\": {\n \"displayName\": \"Azure Container Apps container replica count limits\",\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"description\": \"This policy enforces limits for the minimum and maximum number of replicas for Azure Container Apps.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Azure Container Apps\"\n },\n \"parameters\": {\n \"minReplicas\": {\n \"type\": \"integer\",\n \"metadata\": {\n \"displayName\": \"Min allowed replicas\",\n \"description\": \"Specifies the minimum number of container replicas for the Azure Container App\"\n },\n \"defaultValue\": 0\n },\n \"maxReplicas\": {\n \"type\": \"integer\",\n \"metadata\": {\n \"displayName\": \"Max allowed replicas\",\n \"description\": \"Specifies the maximum number of container replicas for the Azure Container App\"\n },\n \"defaultValue\": 30\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Audit\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [{\n \"field\": \"type\",\n \"equals\": \"Microsoft.App/containerApps\"\n },\n {\n \"anyOf\": [{\n \"field\": \"Microsoft.App/containerApps/template.scale.minReplicas\",\n \"less\": \"[parameters('MinReplicas')]\"\n }, {\n \"field\": \"Microsoft.App/containerApps/template.scale.maxReplicas\",\n \"greater\": \"[parameters('MaxReplicas')]\"\n }]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\"\n }\n }\n }\n}", - "$fxv#3": "{\n \"properties\": {\n \"displayName\": \"Azure Container Apps no container liveness probes\",\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"description\": \"This policy enforces that all the containers of Azure Containers Apps have liveness probes configured.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Azure Container Apps\"\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Audit\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [{\n \"field\": \"type\",\n \"equals\": \"Microsoft.App/containerApps\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.App/containerApps/template.containers[*].probes[*]\",\n \"where\": {\n \"field\": \"Microsoft.App/containerApps/template.containers[*].probes[*].type\",\n \"equals\": \"Liveness\"\n }\n },\n \"equals\": 0\n }\n ]\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\"\n }\n }\n }\n}", - "$fxv#4": "{\n \"properties\": {\n \"displayName\": \"Azure Container Apps no container readiness probes\",\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"description\": \"This policy enforces that all the containers of Azure Containers Apps have readiness probes configured.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Azure Container Apps\"\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Audit\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [{\n \"field\": \"type\",\n \"equals\": \"Microsoft.App/containerApps\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.App/containerApps/template.containers[*].probes[*]\",\n \"where\": {\n \"field\": \"Microsoft.App/containerApps/template.containers[*].probes[*].type\",\n \"equals\": \"Readiness\"\n }\n },\n \"equals\": 0\n }\n ]\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\"\n }\n }\n }\n}", - "$fxv#5": "{\n \"properties\": {\n \"displayName\": \"Azure Container Apps no container startup probes\",\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"description\": \"This policy enforces that all the containers of Azure Containers Apps have startup probes configured.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Azure Container Apps\"\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Audit\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [{\n \"field\": \"type\",\n \"equals\": \"Microsoft.App/containerApps\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.App/containerApps/template.containers[*].probes[*]\",\n \"where\": {\n \"field\": \"Microsoft.App/containerApps/template.containers[*].probes[*].type\",\n \"equals\": \"Startup\"\n }\n },\n \"equals\": 0\n }\n ]\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\"\n }\n }\n }\n}", - "$fxv#6": "{\n \"properties\": {\n \"displayName\": \"Azure Container Apps container required CPU and memory\",\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"description\": \"This policy enforces limits for container CPU and memory requests in an AZure Container App.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Azure Container Apps\"\n },\n \"parameters\": {\n \"maxCpu\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Max allowed CPU cores\",\n \"description\": \"Specifies the maximum CPU cores allowed for a container. E.g. 1.25.\"\n },\n \"defaultValue\": \"2.0\"\n },\n \"maxMemory\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Max allowed memory in Gi\",\n \"description\": \"Specifies the maximum memory in Gi allowed for a container. E.g. 2.5\"\n },\n \"defaultValue\": \"4.0\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Audit\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [{\n \"field\": \"type\",\n \"equals\": \"Microsoft.App/containerApps\"\n },\n {\n \"anyOf\": [{\n \"count\": {\n \"field\": \"Microsoft.App/containerApps/template.containers[*]\",\n \"where\": {\n \"field\": \"Microsoft.App/containerApps/template.containers[*].resources.cpu\",\n \"greater\": \"[float(parameters('maxCpu'))]\"\n }\n },\n \"greater\": 0\n },\n {\n \"count\": {\n \"field\": \"Microsoft.App/containerApps/template.containers[*]\",\n \"where\": {\n \"value\": \"[float(substring(first(field('Microsoft.App/containerApps/template.containers[*].resources.memory')), 0, sub(length(first(field('Microsoft.App/containerApps/template.containers[*].resources.memory'))), 2)))]\",\n \"greater\": \"[float(parameters('maxMemory'))]\"\n }\n },\n \"greater\": 0\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\"\n }\n }\n }\n}", - "$fxv#7": "{\n \"properties\": {\n \"displayName\": \"Azure Container Apps no monitoring configured\",\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"description\": \"This policy enforces that monitoring is configured for Azure Container Apps environments.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Azure Container Apps\"\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"Audit\",\n \"Deny\",\n \"Disabled\"\n ],\n \"defaultValue\": \"Audit\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [{\n \"field\": \"type\",\n \"equals\": \"Microsoft.App/managedEnvironments\"\n },\n {\n \"field\": \"Microsoft.App/managedEnvironments/appLogsConfiguration.destination\",\n \"exists\": false\n }\n ]\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\"\n }\n }\n }\n}", + "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\",\r\n \"azureAISearch\": \"srch\",\r\n \"documentIntelligence\": \"di\",\r\n \"eventGridSystemTopic\": \"egst\",\r\n \"eventGridSubscription\": \"evgs\",\r\n \"mysqlServer\": \"mysql\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", + "$fxv#1": "{\r\n \"properties\": {\r\n \"displayName\": \"Azure Container Apps allowed container registries\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables you to restrict the list of container registries for Azure Container Apps.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Azure Container Apps\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedContainerRegistries\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed container registries\",\r\n \"description\": \"The list of container registries that can be specified when deploying resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"mcr.microsoft.com\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [{\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.App/containerApps\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.App/containerApps/template.containers[*]\",\r\n \"where\": {\r\n \"value\": \"[split(first(field('Microsoft.App/containerApps/template.containers[*].image')), '/')[0]]\",\r\n \"notIn\": \"[parameters('listOfAllowedContainerRegistries')]\"\r\n }\r\n },\r\n \"greater\": 0\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n }\r\n}", + "$fxv#2": "{\r\n \"properties\": {\r\n \"displayName\": \"Azure Container Apps container replica count limits\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enforces limits for the minimum and maximum number of replicas for Azure Container Apps.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Azure Container Apps\"\r\n },\r\n \"parameters\": {\r\n \"minReplicas\": {\r\n \"type\": \"integer\",\r\n \"metadata\": {\r\n \"displayName\": \"Min allowed replicas\",\r\n \"description\": \"Specifies the minimum number of container replicas for the Azure Container App\"\r\n },\r\n \"defaultValue\": 0\r\n },\r\n \"maxReplicas\": {\r\n \"type\": \"integer\",\r\n \"metadata\": {\r\n \"displayName\": \"Max allowed replicas\",\r\n \"description\": \"Specifies the maximum number of container replicas for the Azure Container App\"\r\n },\r\n \"defaultValue\": 30\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [{\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.App/containerApps\"\r\n },\r\n {\r\n \"anyOf\": [{\r\n \"field\": \"Microsoft.App/containerApps/template.scale.minReplicas\",\r\n \"less\": \"[parameters('MinReplicas')]\"\r\n }, {\r\n \"field\": \"Microsoft.App/containerApps/template.scale.maxReplicas\",\r\n \"greater\": \"[parameters('MaxReplicas')]\"\r\n }]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n }\r\n}", + "$fxv#3": "{\r\n \"properties\": {\r\n \"displayName\": \"Azure Container Apps no container liveness probes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enforces that all the containers of Azure Containers Apps have liveness probes configured.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Azure Container Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [{\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.App/containerApps\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.App/containerApps/template.containers[*].probes[*]\",\r\n \"where\": {\r\n \"field\": \"Microsoft.App/containerApps/template.containers[*].probes[*].type\",\r\n \"equals\": \"Liveness\"\r\n }\r\n },\r\n \"equals\": 0\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n }\r\n}", + "$fxv#4": "{\r\n \"properties\": {\r\n \"displayName\": \"Azure Container Apps no container readiness probes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enforces that all the containers of Azure Containers Apps have readiness probes configured.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Azure Container Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [{\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.App/containerApps\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.App/containerApps/template.containers[*].probes[*]\",\r\n \"where\": {\r\n \"field\": \"Microsoft.App/containerApps/template.containers[*].probes[*].type\",\r\n \"equals\": \"Readiness\"\r\n }\r\n },\r\n \"equals\": 0\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n }\r\n}", + "$fxv#5": "{\r\n \"properties\": {\r\n \"displayName\": \"Azure Container Apps no container startup probes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enforces that all the containers of Azure Containers Apps have startup probes configured.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Azure Container Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [{\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.App/containerApps\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.App/containerApps/template.containers[*].probes[*]\",\r\n \"where\": {\r\n \"field\": \"Microsoft.App/containerApps/template.containers[*].probes[*].type\",\r\n \"equals\": \"Startup\"\r\n }\r\n },\r\n \"equals\": 0\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n }\r\n}", + "$fxv#6": "{\r\n \"properties\": {\r\n \"displayName\": \"Azure Container Apps container required CPU and memory\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enforces limits for container CPU and memory requests in an AZure Container App.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Azure Container Apps\"\r\n },\r\n \"parameters\": {\r\n \"maxCpu\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Max allowed CPU cores\",\r\n \"description\": \"Specifies the maximum CPU cores allowed for a container. E.g. 1.25.\"\r\n },\r\n \"defaultValue\": \"2.0\"\r\n },\r\n \"maxMemory\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Max allowed memory in Gi\",\r\n \"description\": \"Specifies the maximum memory in Gi allowed for a container. E.g. 2.5\"\r\n },\r\n \"defaultValue\": \"4.0\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [{\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.App/containerApps\"\r\n },\r\n {\r\n \"anyOf\": [{\r\n \"count\": {\r\n \"field\": \"Microsoft.App/containerApps/template.containers[*]\",\r\n \"where\": {\r\n \"field\": \"Microsoft.App/containerApps/template.containers[*].resources.cpu\",\r\n \"greater\": \"[float(parameters('maxCpu'))]\"\r\n }\r\n },\r\n \"greater\": 0\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.App/containerApps/template.containers[*]\",\r\n \"where\": {\r\n \"value\": \"[float(substring(first(field('Microsoft.App/containerApps/template.containers[*].resources.memory')), 0, sub(length(first(field('Microsoft.App/containerApps/template.containers[*].resources.memory'))), 2)))]\",\r\n \"greater\": \"[float(parameters('maxMemory'))]\"\r\n }\r\n },\r\n \"greater\": 0\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n }\r\n}", + "$fxv#7": "{\r\n \"properties\": {\r\n \"displayName\": \"Azure Container Apps no monitoring configured\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces that monitoring is configured for Azure Container Apps environments.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Azure Container Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [{\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.App/managedEnvironments\"\r\n },\r\n {\r\n \"field\": \"Microsoft.App/managedEnvironments/appLogsConfiguration.destination\",\r\n \"exists\": false\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n }\r\n}", "namingRules": "[json(variables('$fxv#0'))]", "builtInPolicies": [ { @@ -5787,8 +5922,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4326035150635012963" + "version": "0.28.1.47646", + "templateHash": "4272497630959691893" } }, "parameters": { @@ -5860,8 +5995,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "406732206068594528" + "version": "0.28.1.47646", + "templateHash": "15731729765569278736" } }, "parameters": { @@ -5927,65 +6062,375 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4326035150635012963" + "version": "0.28.1.47646", + "templateHash": "4272497630959691893" + } + }, + "parameters": { + "location": { + "type": "string", + "metadata": { + "description": "Specifies the location of the deployment." + } + }, + "policy": { + "type": "object", + "metadata": { + "description": "Specifies the policy definition to assign." + } + }, + "policyDefinitionId": { + "type": "string", + "metadata": { + "description": "Specifies the resource id of the policy definition to assign." + } + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2022-06-01", + "name": "[uniqueString(format('{0}', parameters('policy').name))]", + "location": "[parameters('location')]", + "properties": { + "description": "[parameters('policy').definition.properties.description]", + "displayName": "[parameters('policy').definition.properties.displayName]", + "policyDefinitionId": "[parameters('policyDefinitionId')]", + "parameters": "[parameters('policy').parameters]" + } + } + ], + "outputs": { + "policyAssignmentId": { + "type": "string", + "value": "[resourceId('Microsoft.Authorization/policyAssignments', uniqueString(format('{0}', parameters('policy').name)))]" + } + } + } + }, + "dependsOn": [ + "policyDefinition" + ] + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('02-sharedNamingDeployment-{0}', deployment().name), 64))]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName'))]" + ], + "metadata": { + "description": "Assign built-in and custom (container-apps related) policies to the spoke subscription." + } + }, + { + "condition": "[and(empty(variables('hubVNetName')), parameters('enableBastion'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[take(format('bastion-{0}', deployment().name), 64)]", + "resourceGroup": "[variables('rgSpokeName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "sku": { + "value": "[parameters('bastionSku')]" + }, + "bastionName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('02-sharedNamingDeployment-{0}', deployment().name), 64)), '2022-09-01').outputs.resourcesNames.value.bastion]" + }, + "bastionNetworkSecurityGroupName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('02-sharedNamingDeployment-{0}', deployment().name), 64)), '2022-09-01').outputs.resourcesNames.value.bastionNsg]" + }, + "bastionPublicIpName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('02-sharedNamingDeployment-{0}', deployment().name), 64)), '2022-09-01').outputs.resourcesNames.value.bastionPip]" + }, + "bastionSubnetName": { + "value": "[variables('bastionSubnetName')]" + }, + "bastionSubnetAddressPrefix": { + "value": "[parameters('bastionSubnetAddressPrefix')]" + }, + "bastionVNetName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('vnetSpoke-{0}', deployment().name), 64)), '2022-09-01').outputs.vnetName.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.28.1.47646", + "templateHash": "12733050577653225433" + } + }, + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "The location where the resources will be created." + } + }, + "bastionName": { + "type": "string", + "metadata": { + "description": "The name of the bastion host to create." + } + }, + "sku": { + "type": "string", + "defaultValue": "Basic", + "allowedValues": [ + "Basic", + "Standard" + ], + "metadata": { + "description": "Bastion sku, default is basic" + } + }, + "bastionVNetName": { + "type": "string", + "metadata": { + "description": "The name of the virtual network in which bastion subnet is created." + } + }, + "bastionSubnetName": { + "type": "string", + "metadata": { + "description": "The name of the bastion subnet." + } + }, + "bastionSubnetAddressPrefix": { + "type": "string", + "metadata": { + "description": "CIDR of the bastion subnet." + } + }, + "bastionNetworkSecurityGroupName": { + "type": "string", + "metadata": { + "description": "The name of the network security group to create." + } + }, + "bastionPublicIpName": { + "type": "string", + "metadata": { + "description": "The name of the public IP address to create." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The tags to be assigned to the created resources." + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks/subnets", + "apiVersion": "2020-11-01", + "name": "[format('{0}/{1}', parameters('bastionVNetName'), parameters('bastionSubnetName'))]", + "properties": { + "addressPrefix": "[parameters('bastionSubnetAddressPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('bastionNetworkSecurityGroupName'))]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('bastionNetworkSecurityGroupName'))]" + ] + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2021-02-01", + "name": "[parameters('bastionPublicIpName')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "sku": { + "name": "Standard", + "tier": "Regional" + }, + "properties": { + "publicIPAllocationMethod": "Static" + } + }, + { + "type": "Microsoft.Network/bastionHosts", + "apiVersion": "2022-07-01", + "name": "[parameters('bastionName')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "sku": { + "name": "[parameters('sku')]" + }, + "properties": { + "enableTunneling": "[if(equals(parameters('sku'), 'Standard'), true(), false())]", + "enableFileCopy": "[if(equals(parameters('sku'), 'Standard'), true(), false())]", + "ipConfigurations": [ + { + "name": "ipconf", + "properties": { + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('bastionPublicIpName'))]" + }, + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('bastionVNetName'), parameters('bastionSubnetName')), '/')[0], split(format('{0}/{1}', parameters('bastionVNetName'), parameters('bastionSubnetName')), '/')[1])]" + } + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('bastionNetworkSecurityGroupName'))]", + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('bastionPublicIpName'))]", + "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('bastionVNetName'), parameters('bastionSubnetName')), '/')[0], split(format('{0}/{1}', parameters('bastionVNetName'), parameters('bastionSubnetName')), '/')[1])]" + ] + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2020-06-01", + "name": "[parameters('bastionNetworkSecurityGroupName')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "securityRules": [ + { + "name": "AllowHttpsInbound", + "properties": { + "priority": 120, + "protocol": "Tcp", + "destinationPortRange": "443", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*" + } + }, + { + "name": "AllowGatewayManagerInbound", + "properties": { + "priority": 130, + "protocol": "Tcp", + "destinationPortRange": "443", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "sourceAddressPrefix": "GatewayManager", + "destinationAddressPrefix": "*" + } + }, + { + "name": "AllowAzureLoadBalancerInbound", + "properties": { + "priority": 140, + "protocol": "Tcp", + "destinationPortRange": "443", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "sourceAddressPrefix": "AzureLoadBalancer", + "destinationAddressPrefix": "*" + } + }, + { + "name": "AllowBastionHostCommunicationInbound", + "properties": { + "priority": 150, + "protocol": "*", + "destinationPortRanges": [ + "8080", + "5701" + ], + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "sourceAddressPrefix": "VirtualNetwork", + "destinationAddressPrefix": "VirtualNetwork" + } + }, + { + "name": "AllowSshRdpOutbound", + "properties": { + "priority": 100, + "protocol": "*", + "destinationPortRanges": [ + "22", + "3389" + ], + "access": "Allow", + "direction": "Outbound", + "sourcePortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "VirtualNetwork" } }, - "parameters": { - "location": { - "type": "string", - "metadata": { - "description": "Specifies the location of the deployment." - } - }, - "policy": { - "type": "object", - "metadata": { - "description": "Specifies the policy definition to assign." - } - }, - "policyDefinitionId": { - "type": "string", - "metadata": { - "description": "Specifies the resource id of the policy definition to assign." - } + { + "name": "AllowAzureCloudOutbound", + "properties": { + "priority": 110, + "protocol": "Tcp", + "destinationPortRange": "443", + "access": "Allow", + "direction": "Outbound", + "sourcePortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "AzureCloud" } }, - "resources": [ - { - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[uniqueString(format('{0}', parameters('policy').name))]", - "location": "[parameters('location')]", - "properties": { - "description": "[parameters('policy').definition.properties.description]", - "displayName": "[parameters('policy').definition.properties.displayName]", - "policyDefinitionId": "[parameters('policyDefinitionId')]", - "parameters": "[parameters('policy').parameters]" - } + { + "name": "AllowBastionCommunication", + "properties": { + "priority": 120, + "protocol": "*", + "destinationPortRanges": [ + "8080", + "5701" + ], + "access": "Allow", + "direction": "Outbound", + "sourcePortRange": "*", + "sourceAddressPrefix": "VirtualNetwork", + "destinationAddressPrefix": "VirtualNetwork" } - ], - "outputs": { - "policyAssignmentId": { - "type": "string", - "value": "[resourceId('Microsoft.Authorization/policyAssignments', uniqueString(format('{0}', parameters('policy').name)))]" + }, + { + "name": "AllowGetSessionInformation", + "properties": { + "priority": 130, + "protocol": "*", + "destinationPortRange": "80", + "access": "Allow", + "direction": "Outbound", + "sourcePortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "Internet" } } - } - }, - "dependsOn": [ - "policyDefinition" - ] + ] + } } ] } }, "dependsOn": [ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('02-sharedNamingDeployment-{0}', deployment().name), 64))]", - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName'))]" + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('vnetSpoke-{0}', deployment().name), 64))]" ], "metadata": { - "description": "Assign built-in and custom (container-apps related) policies to the spoke subscription." + "description": "An optional Azure Bastion deployment for jump box access in your spoke network. This would normally be already provisioned by your platform team. This resource will not be provisioned, if you have a valid hub network resource id" } } ], @@ -6052,6 +6497,13 @@ "description": "The resource ID of the Azure Log Analytics Workspace." }, "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('logAnalyticsWs-{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('rgSpokeName')))), 64)), '2022-09-01').outputs.logAnalyticsWsId.value]" + }, + "vmJumpBoxName": { + "type": "string", + "metadata": { + "description": "The name of the jump box virtual machine" + }, + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('02-sharedNamingDeployment-{0}', deployment().name), 64)), '2022-09-01').outputs.resourcesNames.value.vmJumpBox]" } } } @@ -6090,9 +6542,7 @@ "spokeVNetId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('spoke-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.spokeVNetId.value]" }, - "hubVNetId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('hub-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.hubVNetId.value]" - }, + "hubVNetId": "[if(parameters('deployHub'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('hub-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.hubVNetId.value), createObject('value', ''))]", "deployRedisCache": { "value": "[parameters('deployRedisCache')]" }, @@ -6109,8 +6559,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10690019665256242899" + "version": "0.28.1.47646", + "templateHash": "1723674398293225476" } }, "parameters": { @@ -6195,6 +6645,10 @@ } } }, + "variables": { + "hubVNetIdTokens": "[split(parameters('hubVNetId'), '/')]", + "hubVNetName": "[if(greater(length(variables('hubVNetIdTokens')), 8), variables('hubVNetIdTokens')[8], '')]" + }, "resources": [ { "type": "Microsoft.Resources/deployments", @@ -6225,8 +6679,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2291204764315289154" + "version": "0.28.1.47646", + "templateHash": "11791113627827812288" } }, "parameters": { @@ -6259,7 +6713,7 @@ } }, "variables": { - "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", + "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\",\r\n \"azureAISearch\": \"srch\",\r\n \"documentIntelligence\": \"di\",\r\n \"eventGridSystemTopic\": \"egst\",\r\n \"eventGridSubscription\": \"evgs\",\r\n \"mysqlServer\": \"mysql\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", "naming": "[json(variables('$fxv#0'))]", "uniqueIdShort": "[substring(parameters('uniqueId'), 0, 5)]", "resourceTypeToken": "RES_TYPE", @@ -6305,7 +6759,15 @@ "vmJumpBox": "[replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine)]", "vmJumpBoxNsg": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.networkSecurityGroup, replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine))]", "vmJumpBoxNic": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.networkInterface, replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine))]", - "frontDoor": "[replace(variables('namingBase'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.frontDoor)]" + "frontDoor": "[replace(variables('namingBase'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.frontDoor)]", + "azureAISearch": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.azureAISearch)]", + "azureAISearchPep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.azureAISearch))]", + "documentIntelligence": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.documentIntelligence)]", + "documentIntelligencePep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.documentIntelligence))]", + "eventGridSystemTopic": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSystemTopic)]", + "eventGridSystemTopicPep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSystemTopic))]", + "eventGridSubscription": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSubscription)]", + "mysqlServer": "[take(toLower(replace(replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.mysqlServer), '-', '')), 24)]" } }, "resources": [], @@ -6347,6 +6809,9 @@ "spokeVNetId": { "value": "[parameters('spokeVNetId')]" }, + "hubVNetName": { + "value": "[variables('hubVNetName')]" + }, "hubVNetId": { "value": "[parameters('hubVNetId')]" }, @@ -6372,8 +6837,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2151075819488205175" + "version": "0.28.1.47646", + "templateHash": "14679087328053556759" } }, "parameters": { @@ -6403,6 +6868,12 @@ "description": "The resource ID of the Hub Virtual Network." } }, + "hubVNetName": { + "type": "string", + "metadata": { + "description": " Name of the hub vnet" + } + }, "spokeVNetId": { "type": "string", "metadata": { @@ -6445,27 +6916,12 @@ "variables": { "privateDnsZoneNames": "privatelink.azurecr.io", "containerRegistryResourceName": "registry", - "hubVNetIdTokens": "[split(parameters('hubVNetId'), '/')]", - "hubSubscriptionId": "[variables('hubVNetIdTokens')[2]]", - "hubResourceGroupName": "[variables('hubVNetIdTokens')[4]]", - "hubVNetName": "[variables('hubVNetIdTokens')[8]]", "spokeVNetIdTokens": "[split(parameters('spokeVNetId'), '/')]", "spokeSubscriptionId": "[variables('spokeVNetIdTokens')[2]]", "spokeResourceGroupName": "[variables('spokeVNetIdTokens')[4]]", "spokeVNetName": "[variables('spokeVNetIdTokens')[8]]", "containerRegistryPullRoleGuid": "7f951dda-4ed3-4680-a7ca-43fe172d538d", - "spokeVNetLinks": [ - { - "vnetName": "[variables('spokeVNetName')]", - "vnetId": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('spokeVNetName'))]", - "registrationEnabled": false - }, - { - "vnetName": "[variables('hubVNetName')]", - "vnetId": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('hubVNetName'))]", - "registrationEnabled": false - } - ] + "spokeVNetLinks": "[concat(createArray(createObject('vnetName', variables('spokeVNetName'), 'vnetId', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('spokeVNetName')), 'registrationEnabled', false())), if(not(empty(parameters('hubVNetName'))), createArray(createObject('vnetName', parameters('hubVNetName'), 'vnetId', parameters('hubVNetId'), 'registrationEnabled', false())), createArray()))]" }, "resources": [ { @@ -6509,6 +6965,9 @@ }, "diagnosticWorkspaceId": { "value": "[parameters('diagnosticWorkspaceId')]" + }, + "agentPoolSubnetId": { + "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroupName')), 'Microsoft.Network/virtualNetworks/subnets', variables('spokeVNetName'), parameters('spokePrivateEndpointSubnetName'))]" } }, "template": { @@ -6517,8 +6976,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2023532922245227158" + "version": "0.28.1.47646", + "templateHash": "259542600216200148" } }, "parameters": { @@ -6817,6 +7276,39 @@ "metadata": { "description": "Conditional. User assigned identity to use when fetching the customer managed key. Note, CMK requires the 'acrSku' to be 'Premium'. Required if 'cMKKeyName' is not empty." } + }, + "agentPoolName": { + "type": "string", + "defaultValue": "default", + "metadata": { + "description": "Optional. The name of the agent pool. This agent pool will be used to build docker image to be deployed." + } + }, + "agentPoolCount": { + "type": "int", + "defaultValue": 1, + "metadata": { + "description": "Optional. The number of agents in the agent pool." + } + }, + "agentPoolTier": { + "type": "string", + "defaultValue": "S2", + "allowedValues": [ + "S1", + "S2", + "S3", + "I6" + ], + "metadata": { + "description": "Optional. The tier of the agent pool." + } + }, + "agentPoolSubnetId": { + "type": "string", + "metadata": { + "description": "The resource ID of the subnet to which the agent pool will be connected." + } } }, "variables": { @@ -6900,6 +7392,24 @@ "dependsOn": [ "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]" ] + }, + { + "type": "Microsoft.ContainerRegistry/registries/agentPools", + "apiVersion": "2019-06-01-preview", + "name": "[format('{0}/{1}', parameters('name'), parameters('agentPoolName'))]", + "location": "[parameters('location')]", + "properties": { + "count": "[parameters('agentPoolCount')]", + "os": "Linux", + "tier": "[parameters('agentPoolTier')]", + "virtualNetworkSubnetResourceId": "[parameters('agentPoolSubnetId')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]" + ], + "metadata": { + "description": "This agentPool associated with the Azure subnet, will be used to build docker image in ACR build task." + } } ], "outputs": { @@ -6944,6 +7454,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '2022-02-01-preview', 'full').location]" + }, + "agentPoolName": { + "type": "string", + "metadata": { + "description": "The resource ID of Azure container registry agent pool, used for docker image build." + }, + "value": "[parameters('agentPoolName')]" } } } @@ -6990,8 +7507,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2681178685131241480" + "version": "0.28.1.47646", + "templateHash": "12524734430243079913" } }, "parameters": { @@ -7047,15 +7564,13 @@ } }, "variables": { - "vnetHubSplitTokens": "[if(not(empty(parameters('vnetHubResourceId'))), split(parameters('vnetHubResourceId'), '/'), array(''))]" + "vnetHubSplitTokens": "[if(contains(parameters('vnetHubResourceId'), '/'), split(parameters('vnetHubResourceId'), '/'), array(''))]" }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName')))]", - "subscriptionId": "[variables('vnetHubSplitTokens')[2]]", - "resourceGroup": "[variables('vnetHubSplitTokens')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7075,8 +7590,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12224385653740910771" + "version": "0.28.1.47646", + "templateHash": "2426523317982693557" } }, "parameters": { @@ -7182,7 +7697,7 @@ "value": "[parameters('location')]" }, "privateDnsZonesId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('vnetHubSplitTokens')[2], variables('vnetHubSplitTokens')[4]), 'Microsoft.Resources/deployments', format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName')))), '2022-09-01').outputs.privateDnsZonesId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName')))), '2022-09-01').outputs.privateDnsZonesId.value]" }, "privateLinkServiceId": { "value": "[parameters('azServiceId')]" @@ -7200,8 +7715,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3492446693313852889" + "version": "0.28.1.47646", + "templateHash": "17789342952655051459" } }, "parameters": { @@ -7297,7 +7812,7 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('vnetHubSplitTokens')[2], variables('vnetHubSplitTokens')[4]), 'Microsoft.Resources/deployments', format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName'))))]" + "[resourceId('Microsoft.Resources/deployments', format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName'))))]" ] } ] @@ -7336,8 +7851,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7648136746212387614" + "version": "0.28.1.47646", + "templateHash": "13270559252179313794" } }, "parameters": { @@ -7383,7 +7898,7 @@ } }, "variables": { - "$fxv#0": "{\n \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"scope\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"roleDefinitionId\": {\n \"type\": \"string\"\n },\n \"principalId\": {\n \"type\": \"string\"\n },\n \"principalType\": {\n \"type\": \"string\"\n }\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Authorization/roleAssignments\",\n \"apiVersion\": \"2020-08-01-preview\",\n \"scope\": \"[parameters('scope')]\",\n \"name\": \"[parameters('name')]\",\n \"properties\": {\n \"roleDefinitionId\": \"[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]\",\n \"principalId\": \"[parameters('principalId')]\",\n \"principalType\": \"[parameters('principalType')]\"\n }\n }\n ],\n \"outputs\": {\n \"roleAssignmentId\": {\n \"type\": \"string\",\n \"value\": \"[extensionResourceId(parameters('scope'), 'Microsoft.Authorization/roleAssignments', parameters('name'))]\"\n }\n }\n}" + "$fxv#0": "{\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"scope\": {\r\n \"type\": \"string\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"roleDefinitionId\": {\r\n \"type\": \"string\"\r\n },\r\n \"principalId\": {\r\n \"type\": \"string\"\r\n },\r\n \"principalType\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/roleAssignments\",\r\n \"apiVersion\": \"2020-08-01-preview\",\r\n \"scope\": \"[parameters('scope')]\",\r\n \"name\": \"[parameters('name')]\",\r\n \"properties\": {\r\n \"roleDefinitionId\": \"[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]\",\r\n \"principalId\": \"[parameters('principalId')]\",\r\n \"principalType\": \"[parameters('principalType')]\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"roleAssignmentId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[extensionResourceId(parameters('scope'), 'Microsoft.Authorization/roleAssignments', parameters('name'))]\"\r\n }\r\n }\r\n}" }, "resources": [ { @@ -7449,12 +7964,26 @@ }, "value": "[reference(resourceId('Microsoft.Resources/deployments', take(format('containerRegistryNameDeployment-{0}', deployment().name), 64)), '2022-09-01').outputs.name.value]" }, + "containerRegistryLoginServer": { + "type": "string", + "metadata": { + "description": "The name of the container registry login server." + }, + "value": "[reference(resourceId('Microsoft.Resources/deployments', take(format('containerRegistryNameDeployment-{0}', deployment().name), 64)), '2022-09-01').outputs.loginServer.value]" + }, "containerRegistryUserAssignedIdentityId": { "type": "string", "metadata": { "description": "The resource ID of the user assigned managed identity for the container registry to be able to pull images from it." }, "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('containerRegistryUserAssignedIdentityName'))]" + }, + "containerRegistryAgentPoolName": { + "type": "string", + "metadata": { + "description": "The name of Azure container registry agent pool name to build images" + }, + "value": "[reference(resourceId('Microsoft.Resources/deployments', take(format('containerRegistryNameDeployment-{0}', deployment().name), 64)), '2022-09-01').outputs.agentPoolName.value]" } } } @@ -7488,6 +8017,9 @@ "spokeVNetId": { "value": "[parameters('spokeVNetId')]" }, + "hubVNetName": { + "value": "[variables('hubVNetName')]" + }, "hubVNetId": { "value": "[parameters('hubVNetId')]" }, @@ -7507,8 +8039,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "11988179539437841338" + "version": "0.28.1.47646", + "templateHash": "2876675266559777822" } }, "parameters": { @@ -7538,6 +8070,12 @@ "description": "The resource ID of the Hub Virtual Network." } }, + "hubVNetName": { + "type": "string", + "metadata": { + "description": " Name of the hub vnet" + } + }, "spokeVNetId": { "type": "string", "metadata": { @@ -7640,26 +8178,11 @@ ], "privateDnsZoneNames": "privatelink.vaultcore.azure.net", "keyVaultResourceName": "vault", - "hubVNetIdTokens": "[split(parameters('hubVNetId'), '/')]", - "hubSubscriptionId": "[variables('hubVNetIdTokens')[2]]", - "hubResourceGroupName": "[variables('hubVNetIdTokens')[4]]", - "hubVNetName": "[variables('hubVNetIdTokens')[8]]", "spokeVNetIdTokens": "[split(parameters('spokeVNetId'), '/')]", "spokeSubscriptionId": "[variables('spokeVNetIdTokens')[2]]", "spokeResourceGroupName": "[variables('spokeVNetIdTokens')[4]]", "spokeVNetName": "[variables('spokeVNetIdTokens')[8]]", - "spokeVNetLinks": [ - { - "vnetName": "[variables('spokeVNetName')]", - "vnetId": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('spokeVNetName'))]", - "registrationEnabled": false - }, - { - "vnetName": "[variables('hubVNetName')]", - "vnetId": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('hubVNetName'))]", - "registrationEnabled": false - } - ], + "spokeVNetLinks": "[concat(createArray(createObject('vnetName', variables('spokeVNetName'), 'vnetId', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('spokeVNetName')), 'registrationEnabled', false())), if(not(empty(parameters('hubVNetName'))), createArray(createObject('vnetName', parameters('hubVNetName'), 'vnetId', parameters('hubVNetId'), 'registrationEnabled', false())), createArray()))]", "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), variables('diagnosticsLogsSpecified'))]" }, "resources": [ @@ -7746,8 +8269,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2681178685131241480" + "version": "0.28.1.47646", + "templateHash": "12524734430243079913" } }, "parameters": { @@ -7803,15 +8326,13 @@ } }, "variables": { - "vnetHubSplitTokens": "[if(not(empty(parameters('vnetHubResourceId'))), split(parameters('vnetHubResourceId'), '/'), array(''))]" + "vnetHubSplitTokens": "[if(contains(parameters('vnetHubResourceId'), '/'), split(parameters('vnetHubResourceId'), '/'), array(''))]" }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName')))]", - "subscriptionId": "[variables('vnetHubSplitTokens')[2]]", - "resourceGroup": "[variables('vnetHubSplitTokens')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7831,8 +8352,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12224385653740910771" + "version": "0.28.1.47646", + "templateHash": "2426523317982693557" } }, "parameters": { @@ -7938,7 +8459,7 @@ "value": "[parameters('location')]" }, "privateDnsZonesId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('vnetHubSplitTokens')[2], variables('vnetHubSplitTokens')[4]), 'Microsoft.Resources/deployments', format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName')))), '2022-09-01').outputs.privateDnsZonesId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName')))), '2022-09-01').outputs.privateDnsZonesId.value]" }, "privateLinkServiceId": { "value": "[parameters('azServiceId')]" @@ -7956,8 +8477,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3492446693313852889" + "version": "0.28.1.47646", + "templateHash": "17789342952655051459" } }, "parameters": { @@ -8053,7 +8574,7 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('vnetHubSplitTokens')[2], variables('vnetHubSplitTokens')[4]), 'Microsoft.Resources/deployments', format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName'))))]" + "[resourceId('Microsoft.Resources/deployments', format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName'))))]" ] } ] @@ -8115,6 +8636,9 @@ "spokeVNetId": { "value": "[parameters('spokeVNetId')]" }, + "hubVNetName": { + "value": "[variables('hubVNetName')]" + }, "hubVNetId": { "value": "[parameters('hubVNetId')]" }, @@ -8131,8 +8655,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13339774768888612907" + "version": "0.28.1.47646", + "templateHash": "2460645228688089225" } }, "parameters": { @@ -8162,6 +8686,12 @@ "description": "The resource ID of the Hub Virtual Network." } }, + "hubVNetName": { + "type": "string", + "metadata": { + "description": " Name of the hub vnet" + } + }, "spokeVNetId": { "type": "string", "metadata": { @@ -8196,26 +8726,11 @@ "variables": { "privateDnsZoneNames": "privatelink.redis.cache.windows.net", "redisResourceName": "redisCache", - "hubVNetIdTokens": "[split(parameters('hubVNetId'), '/')]", - "hubSubscriptionId": "[variables('hubVNetIdTokens')[2]]", - "hubResourceGroupName": "[variables('hubVNetIdTokens')[4]]", - "hubVNetName": "[variables('hubVNetIdTokens')[8]]", "spokeVNetIdTokens": "[split(parameters('spokeVNetId'), '/')]", "spokeSubscriptionId": "[variables('spokeVNetIdTokens')[2]]", "spokeResourceGroupName": "[variables('spokeVNetIdTokens')[4]]", "spokeVNetName": "[variables('spokeVNetIdTokens')[8]]", - "spokeVNetLinks": [ - { - "vnetName": "[variables('spokeVNetName')]", - "vnetId": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('spokeVNetName'))]", - "registrationEnabled": false - }, - { - "vnetName": "[variables('hubVNetName')]", - "vnetId": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('hubVNetName'))]", - "registrationEnabled": false - } - ] + "spokeVNetLinks": "[concat(createArray(createObject('vnetName', variables('spokeVNetName'), 'vnetId', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('spokeVNetName')), 'registrationEnabled', false())), if(not(empty(parameters('hubVNetName'))), createArray(createObject('vnetName', parameters('hubVNetName'), 'vnetId', parameters('hubVNetId'), 'registrationEnabled', false())), createArray()))]" }, "resources": [ { @@ -8259,8 +8774,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13714020687221279041" + "version": "0.28.1.47646", + "templateHash": "17587276910576551486" } }, "parameters": { @@ -8594,8 +9109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2681178685131241480" + "version": "0.28.1.47646", + "templateHash": "12524734430243079913" } }, "parameters": { @@ -8651,15 +9166,13 @@ } }, "variables": { - "vnetHubSplitTokens": "[if(not(empty(parameters('vnetHubResourceId'))), split(parameters('vnetHubResourceId'), '/'), array(''))]" + "vnetHubSplitTokens": "[if(contains(parameters('vnetHubResourceId'), '/'), split(parameters('vnetHubResourceId'), '/'), array(''))]" }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName')))]", - "subscriptionId": "[variables('vnetHubSplitTokens')[2]]", - "resourceGroup": "[variables('vnetHubSplitTokens')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -8679,8 +9192,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12224385653740910771" + "version": "0.28.1.47646", + "templateHash": "2426523317982693557" } }, "parameters": { @@ -8786,7 +9299,7 @@ "value": "[parameters('location')]" }, "privateDnsZonesId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('vnetHubSplitTokens')[2], variables('vnetHubSplitTokens')[4]), 'Microsoft.Resources/deployments', format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName')))), '2022-09-01').outputs.privateDnsZonesId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName')))), '2022-09-01').outputs.privateDnsZonesId.value]" }, "privateLinkServiceId": { "value": "[parameters('azServiceId')]" @@ -8804,8 +9317,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3492446693313852889" + "version": "0.28.1.47646", + "templateHash": "17789342952655051459" } }, "parameters": { @@ -8901,7 +9414,7 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('vnetHubSplitTokens')[2], variables('vnetHubSplitTokens')[4]), 'Microsoft.Resources/deployments', format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName'))))]" + "[resourceId('Microsoft.Resources/deployments', format('privateDnsZoneDeployment-{0}', uniqueString(parameters('azServiceId'), parameters('privateEndpointSubResourceName'))))]" ] } ] @@ -8963,6 +9476,9 @@ "spokeVNetId": { "value": "[parameters('spokeVNetId')]" }, + "hubVNetName": { + "value": "[variables('hubVNetName')]" + }, "hubVNetId": { "value": "[parameters('hubVNetId')]" }, @@ -8976,8 +9492,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16451335312511273666" + "version": "0.28.1.47646", + "templateHash": "10351444179327580338" } }, "parameters": { @@ -9017,6 +9533,12 @@ "description": "The resource ID of the Hub Virtual Network." } }, + "hubVNetName": { + "type": "string", + "metadata": { + "description": " Name of the hub vnet" + } + }, "spokeVNetId": { "type": "string", "metadata": { @@ -9050,26 +9572,11 @@ } }, "variables": { - "hubVNetIdTokens": "[split(parameters('hubVNetId'), '/')]", - "hubSubscriptionId": "[variables('hubVNetIdTokens')[2]]", - "hubResourceGroupName": "[variables('hubVNetIdTokens')[4]]", - "hubVNetName": "[variables('hubVNetIdTokens')[8]]", "spokeVNetIdTokens": "[split(parameters('spokeVNetId'), '/')]", "spokeSubscriptionId": "[variables('spokeVNetIdTokens')[2]]", "spokeResourceGroupName": "[variables('spokeVNetIdTokens')[4]]", "spokeVNetName": "[variables('spokeVNetIdTokens')[8]]", - "virtualNetworkLinks": [ - { - "vnetName": "[variables('spokeVNetName')]", - "vnetId": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('spokeVNetName'))]", - "registrationEnabled": false - }, - { - "vnetName": "[variables('hubVNetName')]", - "vnetId": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('hubVNetName'))]", - "registrationEnabled": false - } - ], + "spokeVNetLinks": "[concat(createArray(createObject('vnetName', variables('spokeVNetName'), 'vnetId', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('spokeVNetName')), 'registrationEnabled', false())), if(not(empty(parameters('hubVNetName'))), createArray(createObject('vnetName', parameters('hubVNetName'), 'vnetId', parameters('hubVNetId'), 'registrationEnabled', false())), createArray()))]", "vnetHubSplitTokens": "[if(not(empty(parameters('vnetHubResourceId'))), split(parameters('vnetHubResourceId'), '/'), array(''))]", "openAiDnsZoneName": "privatelink.openai.azure.com" }, @@ -9112,8 +9619,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16089281382333651775" + "version": "0.28.1.47646", + "templateHash": "13637851774072702191" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service.", @@ -9945,8 +10452,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4261574806647608684" + "version": "0.28.1.47646", + "templateHash": "3271275319290754298" } }, "parameters": { @@ -10009,8 +10516,6 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[take(format('{0}-PrivateDnsZoneDeployment', replace(variables('openAiDnsZoneName'), '.', '-')), 64)]", - "subscriptionId": "[variables('vnetHubSplitTokens')[2]]", - "resourceGroup": "[variables('vnetHubSplitTokens')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -10021,7 +10526,7 @@ "value": "[variables('openAiDnsZoneName')]" }, "virtualNetworkLinks": { - "value": "[variables('virtualNetworkLinks')]" + "value": "[variables('spokeVNetLinks')]" }, "tags": { "value": "[parameters('tags')]" @@ -10033,8 +10538,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12224385653740910771" + "version": "0.28.1.47646", + "templateHash": "2426523317982693557" } }, "parameters": { @@ -10143,7 +10648,7 @@ "value": "[parameters('tags')]" }, "privateDnsZonesId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('vnetHubSplitTokens')[2], variables('vnetHubSplitTokens')[4]), 'Microsoft.Resources/deployments', take(format('{0}-PrivateDnsZoneDeployment', replace(variables('openAiDnsZoneName'), '.', '-')), 64)), '2022-09-01').outputs.privateDnsZonesId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-PrivateDnsZoneDeployment', replace(variables('openAiDnsZoneName'), '.', '-')), 64)), '2022-09-01').outputs.privateDnsZonesId.value]" }, "privateLinkServiceId": { "value": "[reference(resourceId('Microsoft.Resources/deployments', format('openAI-{0}-Deployment', parameters('name'))), '2022-09-01').outputs.resourceId.value]" @@ -10161,8 +10666,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3492446693313852889" + "version": "0.28.1.47646", + "templateHash": "17789342952655051459" } }, "parameters": { @@ -10259,10 +10764,19 @@ }, "dependsOn": [ "[resourceId('Microsoft.Resources/deployments', format('openAI-{0}-Deployment', parameters('name')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('vnetHubSplitTokens')[2], variables('vnetHubSplitTokens')[4]), 'Microsoft.Resources/deployments', take(format('{0}-PrivateDnsZoneDeployment', replace(variables('openAiDnsZoneName'), '.', '-')), 64))]" + "[resourceId('Microsoft.Resources/deployments', take(format('{0}-PrivateDnsZoneDeployment', replace(variables('openAiDnsZoneName'), '.', '-')), 64))]" ] } - ] + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the Azure Open AI account name." + }, + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('openAI-{0}-Deployment', parameters('name'))), '2022-09-01').outputs.name.value]" + } + } } }, "dependsOn": [ @@ -10285,6 +10799,13 @@ }, "value": "[reference(resourceId('Microsoft.Resources/deployments', format('containerRegistry-{0}', uniqueString(resourceGroup().id))), '2022-09-01').outputs.containerRegistryName.value]" }, + "containerRegistryLoginServer": { + "type": "string", + "metadata": { + "description": "The name of the container registry login server." + }, + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('containerRegistry-{0}', uniqueString(resourceGroup().id))), '2022-09-01').outputs.containerRegistryLoginServer.value]" + }, "containerRegistryUserAssignedIdentityId": { "type": "string", "metadata": { @@ -10292,6 +10813,13 @@ }, "value": "[reference(resourceId('Microsoft.Resources/deployments', format('containerRegistry-{0}', uniqueString(resourceGroup().id))), '2022-09-01').outputs.containerRegistryUserAssignedIdentityId.value]" }, + "containerRegistryAgentPoolName": { + "type": "string", + "metadata": { + "description": "The name of the contianer registry agent pool name to build images" + }, + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('containerRegistry-{0}', uniqueString(resourceGroup().id))), '2022-09-01').outputs.containerRegistryAgentPoolName.value]" + }, "keyVaultId": { "type": "string", "metadata": { @@ -10312,6 +10840,13 @@ "description": "The secret name to retrieve the connection string from KeyVault" }, "value": "[if(parameters('deployRedisCache'), reference(resourceId('Microsoft.Resources/deployments', format('redisCache-{0}', uniqueString(resourceGroup().id))), '2022-09-01').outputs.redisCacheSecretKey.value, '')]" + }, + "openAIAccountName": { + "type": "string", + "metadata": { + "description": "The name of the Azure Open AI account name." + }, + "value": "[if(parameters('deployOpenAi'), reference(resourceId('Microsoft.Resources/deployments', take('openAiModule-Deployment', 64)), '2022-09-01').outputs.name.value, '')]" } } } @@ -10345,9 +10880,7 @@ "workloadName": { "value": "[parameters('workloadName')]" }, - "hubVNetId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('hub-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.hubVNetId.value]" - }, + "hubVNetId": "[if(parameters('deployHub'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('hub-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.hubVNetId.value), createObject('value', ''))]", "spokeVNetName": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('spoke-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.spokeVNetName.value]" }, @@ -10365,6 +10898,9 @@ }, "logAnalyticsWorkspaceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('spoke-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.logAnalyticsWorkspaceId.value]" + }, + "dedicatedWorkloadProfile": { + "value": "[parameters('dedicatedWorkloadProfile')]" } }, "template": { @@ -10373,8 +10909,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15917784855756581148" + "version": "0.28.1.47646", + "templateHash": "1302112122364935317" } }, "parameters": { @@ -10456,14 +10992,23 @@ "metadata": { "description": "Optional, default value is true. If true, any resources that support AZ will be deployed in all three AZ. However if the selected region is not supporting AZ, this parameter needs to be set to false." } + }, + "dedicatedWorkloadProfile": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional, Add a dedicated profile called default." + } } }, "variables": { - "hubVNetResourceIdTokens": "[if(not(empty(parameters('hubVNetId'))), split(parameters('hubVNetId'), '/'), array(''))]", - "hubSubscriptionId": "[variables('hubVNetResourceIdTokens')[2]]", - "hubResourceGroupName": "[variables('hubVNetResourceIdTokens')[4]]", - "hubVNetName": "[variables('hubVNetResourceIdTokens')[8]]", - "telemetryId": "[format('9b4433d6-924a-4c07-b47c-7478619759c7-{0}-acasb', parameters('location'))]" + "workloadProfile": "[if(parameters('dedicatedWorkloadProfile'), createArray(createObject('workloadProfileType', 'D4', 'name', 'default', 'minimumCount', 1, 'maximumCount', 3)), createArray())]", + "hubVNetResourceIdTokens": "[if(contains(parameters('hubVNetId'), '/'), split(parameters('hubVNetId'), '/'), array(''))]", + "hubVNetName": "[if(greater(length(variables('hubVNetResourceIdTokens')), 7), variables('hubVNetResourceIdTokens')[8], '')]", + "hubSubscriptionId": "[if(greater(length(variables('hubVNetResourceIdTokens')), 1), variables('hubVNetResourceIdTokens')[2], '')]", + "hubResourceGroupName": "[if(greater(length(variables('hubVNetResourceIdTokens')), 3), variables('hubVNetResourceIdTokens')[4], '')]", + "telemetryId": "[format('9b4433d6-924a-4c07-b47c-7478619759c7-{0}-acasb', parameters('location'))]", + "spokeVNetLinks": "[concat(createArray(createObject('vnetName', parameters('spokeVNetName'), 'vnetId', resourceId('Microsoft.Network/virtualNetworks', parameters('spokeVNetName')), 'registrationEnabled', false())), if(not(empty(variables('hubVNetName'))), createArray(createObject('vnetName', variables('hubVNetName'), 'vnetId', parameters('hubVNetId'), 'registrationEnabled', false())), createArray()))]" }, "resources": [ { @@ -10512,8 +11057,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2291204764315289154" + "version": "0.28.1.47646", + "templateHash": "11791113627827812288" } }, "parameters": { @@ -10546,7 +11091,7 @@ } }, "variables": { - "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", + "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\",\r\n \"azureAISearch\": \"srch\",\r\n \"documentIntelligence\": \"di\",\r\n \"eventGridSystemTopic\": \"egst\",\r\n \"eventGridSubscription\": \"evgs\",\r\n \"mysqlServer\": \"mysql\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", "naming": "[json(variables('$fxv#0'))]", "uniqueIdShort": "[substring(parameters('uniqueId'), 0, 5)]", "resourceTypeToken": "RES_TYPE", @@ -10592,7 +11137,15 @@ "vmJumpBox": "[replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine)]", "vmJumpBoxNsg": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.networkSecurityGroup, replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine))]", "vmJumpBoxNic": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.networkInterface, replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine))]", - "frontDoor": "[replace(variables('namingBase'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.frontDoor)]" + "frontDoor": "[replace(variables('namingBase'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.frontDoor)]", + "azureAISearch": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.azureAISearch)]", + "azureAISearchPep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.azureAISearch))]", + "documentIntelligence": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.documentIntelligence)]", + "documentIntelligencePep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.documentIntelligence))]", + "eventGridSystemTopic": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSystemTopic)]", + "eventGridSystemTopicPep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSystemTopic))]", + "eventGridSubscription": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSubscription)]", + "mysqlServer": "[take(toLower(replace(replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.mysqlServer), '-', '')), 24)]" } }, "resources": [], @@ -10642,8 +11195,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3205939722669365016" + "version": "0.28.1.47646", + "templateHash": "9444881259385526781" } }, "parameters": { @@ -10839,6 +11392,9 @@ }, "infrastructureResourceGroupName": { "value": "" + }, + "workloadProfiles": { + "value": "[variables('workloadProfile')]" } }, "template": { @@ -10847,8 +11403,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10423141373788103078" + "version": "0.28.1.47646", + "templateHash": "4886992136537914105" } }, "parameters": { @@ -11099,18 +11655,7 @@ "value": "[reference(resourceId('Microsoft.Resources/deployments', take(format('containerAppsEnvironment-{0}', uniqueString(resourceGroup().id)), 64)), '2022-09-01').outputs.containerAppsEnvironmentDefaultDomain.value]" }, "virtualNetworkLinks": { - "value": [ - { - "vnetName": "[parameters('spokeVNetName')]", - "vnetId": "[resourceId('Microsoft.Network/virtualNetworks', parameters('spokeVNetName'))]", - "registrationEnabled": false - }, - { - "vnetName": "[variables('hubVNetName')]", - "vnetId": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('hubVNetName'))]", - "registrationEnabled": false - } - ] + "value": "[variables('spokeVNetLinks')]" }, "tags": { "value": "[parameters('tags')]" @@ -11130,8 +11675,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12224385653740910771" + "version": "0.28.1.47646", + "templateHash": "2426523317982693557" } }, "parameters": { @@ -11241,6 +11786,10 @@ "description": "The name of the Container Apps environment." }, "value": "[reference(resourceId('Microsoft.Resources/deployments', take(format('containerAppsEnvironment-{0}', uniqueString(resourceGroup().id)), 64)), '2022-09-01').outputs.containerAppsEnvironmentName.value]" + }, + "applicationInsightsName": { + "type": "string", + "value": "[if(parameters('enableApplicationInsights'), reference(resourceId('Microsoft.Resources/deployments', take(format('applicationInsights-{0}', uniqueString(resourceGroup().id)), 64)), '2022-09-01').outputs.appInsNname.value, '')]" } } } @@ -11282,8 +11831,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16516297773037696386" + "version": "0.28.1.47646", + "templateHash": "11285583712207060591" } }, "parameters": { @@ -11446,8 +11995,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6411141756238623866" + "version": "0.28.1.47646", + "templateHash": "14213925925730264811" } }, "parameters": { @@ -11588,8 +12137,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2291204764315289154" + "version": "0.28.1.47646", + "templateHash": "11791113627827812288" } }, "parameters": { @@ -11622,7 +12171,7 @@ } }, "variables": { - "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", + "$fxv#0": "{\r\n // Recommended abreviations: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations\r\n \"resourceTypeAbbreviations\" : {\r\n \"applicationGateway\": \"agw\",\r\n \"applicationInsights\": \"appi\",\r\n \"appService\": \"app\",\r\n \"azureFirewall\": \"azfw\",\r\n \"bastion\": \"bas\",\r\n \"containerAppsEnvironment\": \"cae\",\r\n \"containerRegistry\": \"cr\",\r\n \"cosmosDbNoSql\": \"cosno\",\r\n \"frontDoor\": \"afd\",\r\n \"frontDoorEndpoint\": \"fde\",\r\n \"frontDoorWaf\": \"fdfp\",\r\n \"keyVault\": \"kv\",\r\n \"logAnalyticsWorkspace\": \"log\",\r\n \"managedIdentity\": \"id\",\r\n \"networkInterface\": \"nic\",\r\n \"networkSecurityGroup\": \"nsg\",\r\n \"privateEndpoint\": \"pep\",\r\n \"privateLinkService\": \"pls\",\r\n \"publicIpAddress\": \"pip\",\r\n \"resourceGroup\": \"rg\",\r\n \"routeTable\": \"rt\",\r\n \"serviceBus\": \"sb\",\r\n \"serviceBusQueue\": \"sbq\",\r\n \"serviceBusTopic\": \"sbt\",\r\n \"storageAccount\": \"st\",\r\n \"virtualMachine\": \"vm\",\r\n \"virtualNetwork\": \"vnet\",\r\n \"redisCache\": \"redis\",\r\n \"cognitiveAccount\": \"cog\",\r\n \"openAiDeployment\": \"oaidep\",\r\n \"azureAISearch\": \"srch\",\r\n \"documentIntelligence\": \"di\",\r\n \"eventGridSystemTopic\": \"egst\",\r\n \"eventGridSubscription\": \"evgs\",\r\n \"mysqlServer\": \"mysql\"\r\n },\r\n\r\n //copied from here: https://github.com/nianton/azure-naming/blob/main/datafiles/regionAbbreviations.json\r\n \"regionAbbreviations\" : {\r\n \"australiacentral\": \"auc\",\r\n \"australiacentral2\": \"auc2\",\r\n \"australiaeast\": \"aue\",\r\n \"australiasoutheast\": \"ause\",\r\n \"brazilsouth\": \"brs\",\r\n \"brazilsoutheast\": \"brse\",\r\n \"canadacentral\": \"canc\",\r\n \"canadaeast\": \"cane\",\r\n \"centralindia\": \"cin\",\r\n \"centralus\": \"cus\",\r\n \"centraluseuap\": \"cuseuap\",\r\n \"eastasia\": \"ea\",\r\n \"eastus\": \"eus\",\r\n \"eastus2\": \"eus2\",\r\n \"eastus2euap\": \"eus2euap\",\r\n \"francecentral\": \"frc\",\r\n \"francesouth\": \"frs\",\r\n \"germanynorth\": \"gern\",\r\n \"germanywestcentral\": \"gerwc\",\r\n \"japaneast\": \"jae\",\r\n \"japanwest\": \"jaw\",\r\n \"jioindiacentral\": \"jioinc\",\r\n \"jioindiawest\": \"jioinw\",\r\n \"koreacentral\": \"koc\",\r\n \"koreasouth\": \"kors\",\r\n \"northcentralus\": \"ncus\",\r\n \"northeurope\": \"neu\",\r\n \"norwayeast\": \"nore\",\r\n \"norwaywest\": \"norw\",\r\n \"southafricanorth\": \"san\",\r\n \"southafricawest\": \"saw\",\r\n \"southcentralus\": \"scus\",\r\n \"southeastasia\": \"sea\",\r\n \"southindia\": \"sin\",\r\n \"swedencentral\": \"swc\",\r\n \"switzerlandnorth\": \"swn\",\r\n \"switzerlandwest\": \"sww\",\r\n \"uaecentral\": \"uaec\",\r\n \"uaenorth\": \"uaen\",\r\n \"uksouth\": \"uks\",\r\n \"ukwest\": \"ukw\",\r\n \"westcentralus\": \"wcus\",\r\n \"westeurope\": \"weu\",\r\n \"westindia\": \"win\",\r\n \"westus\": \"wus\",\r\n \"westus2\": \"wus2\",\r\n \"westus3\": \"wus3\"\r\n }\r\n}", "naming": "[json(variables('$fxv#0'))]", "uniqueIdShort": "[substring(parameters('uniqueId'), 0, 5)]", "resourceTypeToken": "RES_TYPE", @@ -11668,7 +12217,15 @@ "vmJumpBox": "[replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine)]", "vmJumpBoxNsg": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.networkSecurityGroup, replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine))]", "vmJumpBoxNic": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.networkInterface, replace(variables('namingBaseNoWorkloadName'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.virtualMachine))]", - "frontDoor": "[replace(variables('namingBase'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.frontDoor)]" + "frontDoor": "[replace(variables('namingBase'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.frontDoor)]", + "azureAISearch": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.azureAISearch)]", + "azureAISearchPep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.azureAISearch))]", + "documentIntelligence": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.documentIntelligence)]", + "documentIntelligencePep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.documentIntelligence))]", + "eventGridSystemTopic": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSystemTopic)]", + "eventGridSystemTopicPep": "[format('{0}-{1}', variables('naming').resourceTypeAbbreviations.privateEndpoint, replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSystemTopic))]", + "eventGridSubscription": "[replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.eventGridSubscription)]", + "mysqlServer": "[take(toLower(replace(replace(variables('namingBaseUnique'), variables('resourceTypeToken'), variables('naming').resourceTypeAbbreviations.mysqlServer), '-', '')), 24)]" } }, "resources": [], @@ -11714,8 +12271,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8741727039361463729" + "version": "0.28.1.47646", + "templateHash": "16474600229997273387" } }, "parameters": { @@ -11835,8 +12392,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5923101193164353158" + "version": "0.28.1.47646", + "templateHash": "5883158518687836349" } }, "parameters": { @@ -11938,8 +12495,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8923208684631919907" + "version": "0.28.1.47646", + "templateHash": "11999849498950378244" } }, "parameters": { @@ -12407,8 +12964,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6130111689736481609" + "version": "0.28.1.47646", + "templateHash": "3155928612374688041" } }, "parameters": { @@ -12950,14 +13507,21 @@ "metadata": { "description": "The resource ID of hub virtual network." }, - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('hub-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.hubVNetId.value]" + "value": "[if(parameters('deployHub'), reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('hub-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.hubVNetId.value, '')]" + }, + "hubVNetName": { + "type": "string", + "metadata": { + "description": "The name of hub virtual network." + }, + "value": "[if(parameters('deployHub'), reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('hub-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.hubVnetName.value, '')]" }, "hubResourceGroupName": { "type": "string", "metadata": { "description": "The name of the Hub resource group." }, - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('hub-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.resourceGroupName.value]" + "value": "[if(parameters('deployHub'), reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('hub-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.resourceGroupName.value, '')]" }, "spokeResourceGroupName": { "type": "string", @@ -13015,6 +13579,20 @@ }, "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('spoke-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.spokeApplicationGatewaySubnetName.value]" }, + "logAnalyticsWorkspaceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Log Analytics workspace created in the spoke vnet." + }, + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('spoke-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.logAnalyticsWorkspaceId.value]" + }, + "vmJumpBoxName": { + "type": "string", + "metadata": { + "description": "The name of the jump box virtual machine" + }, + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', take(format('spoke-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.vmJumpBoxName.value]" + }, "containerRegistryId": { "type": "string", "metadata": { @@ -13029,6 +13607,13 @@ }, "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('supportingServices-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.containerRegistryName.value]" }, + "containerRegistryLoginServer": { + "type": "string", + "metadata": { + "description": "The name of the container registry login server." + }, + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('supportingServices-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.containerRegistryLoginServer.value]" + }, "containerRegistryUserAssignedIdentityId": { "type": "string", "metadata": { @@ -13050,6 +13635,13 @@ }, "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('supportingServices-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.keyVaultName.value]" }, + "openAIAccountName": { + "type": "string", + "metadata": { + "description": "The name of the Azure Open AI account name." + }, + "value": "[if(parameters('deployOpenAi'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('supportingServices-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.openAIAccountName.value, '')]" + }, "containerAppsEnvironmentId": { "type": "string", "metadata": { @@ -13063,6 +13655,13 @@ "description": "The name of the container apps environment." }, "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('containerAppsEnvironment-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.containerAppsEnvironmentName.value]" + }, + "applicationInsightsName": { + "type": "string", + "metadata": { + "description": " The name of application Insights instance." + }, + "value": "[if(parameters('enableApplicationInsights'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('rgSpokeName')), 'Microsoft.Resources/deployments', take(format('containerAppsEnvironment-{0}-deployment', deployment().name), 64)), '2022-09-01').outputs.applicationInsightsName.value, '')]" } } } \ No newline at end of file diff --git a/scenarios/aca-internal/azure-resource-manager/main.parameters.jsonc b/scenarios/aca-internal/azure-resource-manager/main.parameters.jsonc index 977e336b..cfdb8cae 100644 --- a/scenarios/aca-internal/azure-resource-manager/main.parameters.jsonc +++ b/scenarios/aca-internal/azure-resource-manager/main.parameters.jsonc @@ -13,6 +13,9 @@ "tags": { "value": {} }, + "deployHub": { + "value": true + }, "enableTelemetry": { "value": true }, @@ -30,6 +33,10 @@ "enableBastion": { "value": true }, + // Should a dedicated workload profile called default be provisioned? + "dedicatedWorkloadProfile": { + "value": false + }, "gatewaySubnetAddressPrefix": { "value": "10.0.0.0/27" }, diff --git a/scenarios/aca-internal/bicep/main.bicep b/scenarios/aca-internal/bicep/main.bicep index 1fbbdd04..f37dbf24 100644 --- a/scenarios/aca-internal/bicep/main.bicep +++ b/scenarios/aca-internal/bicep/main.bicep @@ -8,6 +8,9 @@ targetScope = 'subscription' @maxLength(10) param workloadName string = 'aca-lza' +@description('Optional, Add a workload profile.') +param dedicatedWorkloadProfile bool = false + @description('The name of the environment (e.g. "dev", "test", "prod", "uat", "dr", "qa"). Up to 8 characters long.') @maxLength(8) param environment string = 'test' @@ -18,6 +21,9 @@ param location string = deployment().location @description('Optional. The tags to be assigned to the created resources.') param tags object = {} +@description('Optional. Enable or disable the creation of the Hub network and it\'s supporting services.') +param deployHub bool = true + @description('Optional. The name of the hub resource group to create the resources in. If set, it overrides the name generated by the template.') param hubResourceGroupName string = '' @@ -144,7 +150,8 @@ var rgSpokeName = !empty(spokeResourceGroupName) ? spokeResourceGroupName : '${n // ------------------ // RESOURCES // ------------------ -module hub 'modules/01-hub/deploy.hub.bicep' = { + +module hub 'modules/01-hub/deploy.hub.bicep' = if (deployHub) { name: take('hub-${deployment().name}-deployment', 64) params: { location: location @@ -154,7 +161,7 @@ module hub 'modules/01-hub/deploy.hub.bicep' = { workloadName: workloadName vnetAddressPrefixes: vnetAddressPrefixes enableBastion: enableBastion - bastionSku:bastionSku + bastionSku: bastionSku bastionSubnetAddressPrefix: bastionSubnetAddressPrefix azureFirewallSubnetAddressPrefix: azureFirewallSubnetAddressPrefix azureFirewallSubnetManagementAddressPrefix: azureFirewallSubnetManagementAddressPrefix @@ -177,12 +184,15 @@ module spoke 'modules/02-spoke/deploy.spoke.bicep' = { tags: tags environment: environment workloadName: workloadName - hubVNetId: hub.outputs.hubVNetId + hubVNetId: deployHub ? hub.outputs.hubVNetId : '' + enableBastion: enableBastion + bastionSku: bastionSku + bastionSubnetAddressPrefix: bastionSubnetAddressPrefix spokeApplicationGatewaySubnetAddressPrefix: spokeApplicationGatewaySubnetAddressPrefix spokeInfraSubnetAddressPrefix: spokeInfraSubnetAddressPrefix spokePrivateEndpointsSubnetAddressPrefix: spokePrivateEndpointsSubnetAddressPrefix spokeVNetAddressPrefixes: spokeVNetAddressPrefixes - networkApplianceIpAddress: hub.outputs.networkApplianceIpAddress + networkApplianceIpAddress: deployHub ? hub.outputs.networkApplianceIpAddress : '' vmSize: vmSize vmAdminUsername: vmAdminUsername vmAdminPassword: vmAdminPassword @@ -204,7 +214,7 @@ module supportingServices 'modules/03-supporting-services/deploy.supporting-serv environment: environment workloadName: workloadName spokeVNetId: spoke.outputs.spokeVNetId - hubVNetId: hub.outputs.hubVNetId + hubVNetId: deployHub ? hub.outputs.hubVNetId : '' deployRedisCache: deployRedisCache logAnalyticsWorkspaceId: spoke.outputs.logAnalyticsWorkspaceId deployOpenAi: deployOpenAi @@ -219,13 +229,14 @@ module containerAppsEnvironment 'modules/04-container-apps-environment/deploy.ac tags: tags environment: environment workloadName: workloadName - hubVNetId: hub.outputs.hubVNetId + hubVNetId: deployHub ? hub.outputs.hubVNetId : '' spokeVNetName: spoke.outputs.spokeVNetName spokeInfraSubnetName: spoke.outputs.spokeInfraSubnetName enableApplicationInsights: enableApplicationInsights enableDaprInstrumentation: enableDaprInstrumentation enableTelemetry: enableTelemetry logAnalyticsWorkspaceId: spoke.outputs.logAnalyticsWorkspaceId + dedicatedWorkloadProfile: dedicatedWorkloadProfile } } @@ -265,15 +276,15 @@ module applicationGateway 'modules/06-application-gateway/deploy.app-gateway.bic // ------------------ -// Hub + @description('The resource ID of hub virtual network.') -output hubVNetId string = hub.outputs.hubVNetId +output hubVNetId string = deployHub ? hub.outputs.hubVNetId : '' @description('The name of hub virtual network.') -output hubVNetName string = hub.outputs.hubVnetName +output hubVNetName string = deployHub ? hub.outputs.hubVnetName : '' @description('The name of the Hub resource group.') -output hubResourceGroupName string = hub.outputs.resourceGroupName +output hubResourceGroupName string = deployHub ? hub.outputs.resourceGroupName : '' // Spoke @description('The name of the Spoke resource group.') diff --git a/scenarios/aca-internal/bicep/main.parameters.jsonc b/scenarios/aca-internal/bicep/main.parameters.jsonc index 1115add8..cfdb8cae 100644 --- a/scenarios/aca-internal/bicep/main.parameters.jsonc +++ b/scenarios/aca-internal/bicep/main.parameters.jsonc @@ -13,6 +13,9 @@ "tags": { "value": {} }, + "deployHub": { + "value": true + }, "enableTelemetry": { "value": true }, @@ -30,6 +33,10 @@ "enableBastion": { "value": true }, + // Should a dedicated workload profile called default be provisioned? + "dedicatedWorkloadProfile": { + "value": false + }, "gatewaySubnetAddressPrefix": { "value": "10.0.0.0/27" }, @@ -54,9 +61,6 @@ "vmLinuxSshAuthorizedKeys": { "value": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpNpoh248rsraL3uejAwKlla+pHaDLbp4DM7bKFoc3Rt1DeXPs0XTutJcNtq4iRq+ooRQ1T7WaK42MfQQxt3qkXwjyv8lPJ4v7aElWkAbxZIRYVYmQVxxwfw+zyB1rFdaCQD/kISg/zXxCWw+gdds4rEy7eq23/bXFM0l7pNvbAULIB6ZY7MRpC304lIAJusuZC59iwvjT3dWsDNWifA1SJtgr39yaxB9Fb01UdacwJNuvfGC35GNYH0VJ56c+iCFeAnMXIT00cYuHf0FCRTP0WvTKl+PQmeD1pwxefdFvKCVpidU2hOARb4ooapT0SDM1SODqjaZ/qwWP18y/qQ/v imported-openssh-key" }, - "vmAuthenticationType": { - "value": "sshPublicKey" - }, "vmJumpboxOSType": { "value": "linux" }, diff --git a/scenarios/aca-internal/bicep/modules/01-hub/deploy.hub.bicep b/scenarios/aca-internal/bicep/modules/01-hub/deploy.hub.bicep index bcce4297..dd41eb42 100644 --- a/scenarios/aca-internal/bicep/modules/01-hub/deploy.hub.bicep +++ b/scenarios/aca-internal/bicep/modules/01-hub/deploy.hub.bicep @@ -148,7 +148,7 @@ module vnetHub '../../../../shared/bicep/network/vnet.bicep' = { } @description('The Azure Firewall deployment. This would normally be already provisioned by your platform team.') -module azfw './modules/azureFirewall.bicep' = { +module azfw './modules/azureFirewall.bicep' = { scope: hubResourceGroup name: take('afw-${deployment().name}', 64) params: { @@ -194,4 +194,4 @@ output hubVnetName string = vnetHub.outputs.vnetName output resourceGroupName string = hubResourceGroup.name @description('The private IP address of the Azure Firewall.') -output networkApplianceIpAddress string = azfw.outputs.afwPrivateIp +output networkApplianceIpAddress string = azfw.outputs.afwPrivateIp diff --git a/scenarios/aca-internal/bicep/modules/02-spoke/README.md b/scenarios/aca-internal/bicep/modules/02-spoke/README.md index 7059cf68..9ca53cb0 100644 --- a/scenarios/aca-internal/bicep/modules/02-spoke/README.md +++ b/scenarios/aca-internal/bicep/modules/02-spoke/README.md @@ -20,11 +20,21 @@ After executing these steps you'll have the spoke resource group (`rg-lzaaca-spo - Jump box virtual machine (optional) ## Steps + :warning: If you are running these commands on windows, you might need to run the command below to ensure windows captures the RESOURCEID_VNET_HUB correctly: + ```bash export MSYS_NO_PATHCONV=1 ``` +1. Set the desired region for the whole reference implementation. + + :stop_sign: Update this to your desired region. + + ```bash + LOCATION=eastus # or any location that suits your needs, ensure Azure OpenAI service is available there. + ``` + :warning: You will need to get the IP address of your Azure firewall or whatever network appliance you are using and replace the `[IP OF THE NETWORK APPLIANCE] placeholder in the deploy.spoke.paramters.jsonc file with it. 1. Get the private IP address of your Azure firewall diff --git a/scenarios/aca-internal/bicep/modules/02-spoke/deploy.spoke.bicep b/scenarios/aca-internal/bicep/modules/02-spoke/deploy.spoke.bicep index d79ee195..0108ebec 100644 --- a/scenarios/aca-internal/bicep/modules/02-spoke/deploy.spoke.bicep +++ b/scenarios/aca-internal/bicep/modules/02-spoke/deploy.spoke.bicep @@ -85,6 +85,14 @@ param vmAuthenticationType string = 'password' @description('Optional, default value is true. If true, Azure Policies will be deployed') param deployAzurePolicies bool = true +@description('Enable or disable the creation of the Azure Bastion in spoke network.') +param enableBastion bool = false + +@description('CIDR to use for the Azure Bastion subnet.') +param bastionSubnetAddressPrefix string = '10.1.2.64/26' + +param bastionSku string = 'Basic' + // ------------------ // VARIABLES // ------------------ @@ -98,16 +106,22 @@ var nsgAppGwRules = loadJsonContent('./nsgAppGwRules.jsonc', 'securityRules') var namingRules = json(loadTextContent('../../../../shared/bicep/naming/naming-rules.jsonc')) var rgSpokeName = !empty(spokeResourceGroupName) ? spokeResourceGroupName : '${namingRules.resourceTypeAbbreviations.resourceGroup}-${workloadName}-spoke-${environment}-${namingRules.regionAbbreviations[toLower(location)]}' -var hubVNetResourceIdTokens = !empty(hubVNetId) ? split(hubVNetId, '/') : array('') + +var hubVNetResourceIdTokens = contains(hubVNetId, '/') ? split(hubVNetId, '/') : array('') + +// check to ensure the hubVNetResourceIdTokens was valid by checking the length of the array created in previous step +@description('The name of the hub virtual network.') +var hubVNetName = length(hubVNetResourceIdTokens) > 7 ? hubVNetResourceIdTokens[8] : '' @description('The ID of the subscription containing the hub virtual network.') -var hubSubscriptionId = hubVNetResourceIdTokens[2] +var hubSubscriptionId = length(hubVNetResourceIdTokens) > 1 ? hubVNetResourceIdTokens[2] : '' @description('The name of the resource group containing the hub virtual network.') -var hubResourceGroupName = hubVNetResourceIdTokens[4] +var hubResourceGroupName = length(hubVNetResourceIdTokens) > 3 ? hubVNetResourceIdTokens[4] : '' -@description('The name of the hub virtual network.') -var hubVNetName = hubVNetResourceIdTokens[8] + +// This cannot be another value +var bastionSubnetName = 'AzureBastionSubnet' // Subnet definition taking in consideration feature flags var defaultSubnets = [ @@ -118,9 +132,9 @@ var defaultSubnets = [ networkSecurityGroup: { id: nsgContainerAppsEnvironment.outputs.nsgId } - routeTable: { + routeTable: networkApplianceIpAddress != '' ? { id: egressLockdownUdr.outputs.resourceId - } + } : null delegations: [ { name: 'envdelegation' @@ -142,8 +156,19 @@ var defaultSubnets = [ } ] + +// Append optional bastion subnet, if required +var bastionAndDefaultSubnets = (empty(hubVNetName) && enableBastion ) ? concat(defaultSubnets, [ + { + name: bastionSubnetName + properties: { + addressPrefix: bastionSubnetAddressPrefix + } + } +]) : defaultSubnets + // Append optional application gateway subnet, if required -var appGwAndDefaultSubnets = !empty(spokeApplicationGatewaySubnetAddressPrefix) ? concat(defaultSubnets, [ +var appGwAndDefaultSubnets = !empty(spokeApplicationGatewaySubnetAddressPrefix) ? concat(bastionAndDefaultSubnets, [ { name: spokeApplicationGatewaySubnetName properties: { @@ -153,7 +178,7 @@ var appGwAndDefaultSubnets = !empty(spokeApplicationGatewaySubnetAddressPrefix) } } } - ]) : defaultSubnets + ]) : bastionAndDefaultSubnets //Append optional jumpbox subnet, if required var spokeSubnets = vmJumpboxOSType != 'none' ? concat(appGwAndDefaultSubnets, [ @@ -252,7 +277,7 @@ module nsgPep '../../../../shared/bicep/network/nsg.bicep' = { } @description('Spoke peering to regional hub network. This peering would normally already be provisioned by your subscription vending process.') -module peerSpokeToHub '../../../../shared/bicep/network/peering.bicep' = if (!empty(hubVNetId)) { +module peerSpokeToHub '../../../../shared/bicep/network/peering.bicep' = if (!empty(hubVNetName)) { name: take('${deployment().name}-peerSpokeToHubDeployment', 64) scope: spokeResourceGroup params: { @@ -264,7 +289,7 @@ module peerSpokeToHub '../../../../shared/bicep/network/peering.bicep' = if (!em } @description('Regional hub peering to this spoke network. This peering would normally already be provisioned by your subscription vending process.') -module peerHubToSpoke '../../../../shared/bicep/network/peering.bicep' = if (!empty(hubVNetId)) { +module peerHubToSpoke '../../../../shared/bicep/network/peering.bicep' = if (!empty(hubVNetName)) { name: take('${deployment().name}-peerHubToSpokeDeployment', 64) scope: resourceGroup(hubSubscriptionId, hubResourceGroupName) params: { @@ -275,7 +300,7 @@ module peerHubToSpoke '../../../../shared/bicep/network/peering.bicep' = if (!em } } @description('The Route Table deployment') -module egressLockdownUdr '../../../../shared/bicep/routeTables/main.bicep' = { +module egressLockdownUdr '../../../../shared/bicep/routeTables/main.bicep' = if (networkApplianceIpAddress != '') { name: take('egressLockdownUdr-${uniqueString(spokeResourceGroup.id)}', 64) scope: spokeResourceGroup params: { @@ -346,6 +371,24 @@ module policyAssignments './modules/policy/policy-definition.module.bicep' = if } } +@description('An optional Azure Bastion deployment for jump box access in your spoke network. This would normally be already provisioned by your platform team. This resource will not be provisioned, if you have a valid hub network resource id') +module bastion '../01-hub/modules/bastion.bicep' = if (empty(hubVNetName) && enableBastion ) { + name: take('bastion-${deployment().name}', 64) + scope: spokeResourceGroup + params: { + location: location + tags: tags + sku:bastionSku + bastionName: naming.outputs.resourcesNames.bastion + bastionNetworkSecurityGroupName: naming.outputs.resourcesNames.bastionNsg + bastionPublicIpName: naming.outputs.resourcesNames.bastionPip + bastionSubnetName: bastionSubnetName + bastionSubnetAddressPrefix: bastionSubnetAddressPrefix + bastionVNetName: vnetSpoke.outputs.vnetName + } +} + + // ------------------ // OUTPUTS // ------------------ diff --git a/scenarios/aca-internal/bicep/modules/03-supporting-services/deploy.supporting-services.bicep b/scenarios/aca-internal/bicep/modules/03-supporting-services/deploy.supporting-services.bicep index 374f2d98..40e3e50f 100644 --- a/scenarios/aca-internal/bicep/modules/03-supporting-services/deploy.supporting-services.bicep +++ b/scenarios/aca-internal/bicep/modules/03-supporting-services/deploy.supporting-services.bicep @@ -60,6 +60,10 @@ module naming '../../../../shared/bicep/naming/naming.module.bicep' = { } } +// Keep the logic below here as it is required for all supporting services +var hubVNetIdTokens = split(hubVNetId, '/') +var hubVNetName = length(hubVNetIdTokens) > 8 ? hubVNetIdTokens[8] : '' + @description('Azure Container Registry, where all workload images should be pulled from.') module containerRegistry 'modules/container-registry.module.bicep' = { name: 'containerRegistry-${uniqueString(resourceGroup().id)}' @@ -68,6 +72,7 @@ module containerRegistry 'modules/container-registry.module.bicep' = { location: location tags: tags spokeVNetId: spokeVNetId + hubVNetName: hubVNetName hubVNetId: hubVNetId spokePrivateEndpointSubnetName: spokePrivateEndpointSubnetName containerRegistryPrivateEndpointName: naming.outputs.resourcesNames.containerRegistryPep @@ -85,6 +90,7 @@ module keyVault 'modules/key-vault.bicep' = { location: location tags: tags spokeVNetId: spokeVNetId + hubVNetName: hubVNetName hubVNetId: hubVNetId spokePrivateEndpointSubnetName: spokePrivateEndpointSubnetName keyVaultPrivateEndpointName: naming.outputs.resourcesNames.keyVaultPep @@ -101,6 +107,7 @@ module redisCache 'modules/redis-cache.bicep' = if (deployRedisCache) { logAnalyticsWsId: logAnalyticsWorkspaceId keyVaultName: keyVault.outputs.keyVaultName spokeVNetId: spokeVNetId + hubVNetName: hubVNetName hubVNetId: hubVNetId spokePrivateEndpointSubnetName: spokePrivateEndpointSubnetName redisCachePrivateEndpointName: naming.outputs.resourcesNames.redisCachePep @@ -119,6 +126,7 @@ module openAi 'modules/open-ai.module.bicep'= if(deployOpenAi) { logAnalyticsWsId: logAnalyticsWorkspaceId deployOpenAiGptModel: deployOpenAiGptModel spokeVNetId: spokeVNetId + hubVNetName: hubVNetName hubVNetId: hubVNetId spokePrivateEndpointSubnetName: spokePrivateEndpointSubnetName } diff --git a/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/container-registry.module.bicep b/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/container-registry.module.bicep index 4c0f44b0..4741fdcd 100644 --- a/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/container-registry.module.bicep +++ b/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/container-registry.module.bicep @@ -16,6 +16,9 @@ param tags object = {} @description('The resource ID of the Hub Virtual Network.') param hubVNetId string +@description(' Name of the hub vnet') +param hubVNetName string + @description('The resource ID of the VNet to which the private endpoint will be connected.') param spokeVNetId string @@ -34,6 +37,8 @@ param diagnosticWorkspaceId string = '' @description('Optional, default value is true. If true, any resources that support AZ will be deployed in all three AZ. However if the selected region is not supporting AZ, this parameter needs to be set to false.') param deployZoneRedundantResources bool = true + + // ------------------ // VARIABLES // ------------------ @@ -41,11 +46,6 @@ param deployZoneRedundantResources bool = true var privateDnsZoneNames = 'privatelink.azurecr.io' var containerRegistryResourceName = 'registry' -var hubVNetIdTokens = split(hubVNetId, '/') -var hubSubscriptionId = hubVNetIdTokens[2] -var hubResourceGroupName = hubVNetIdTokens[4] -var hubVNetName = hubVNetIdTokens[8] - var spokeVNetIdTokens = split(spokeVNetId, '/') var spokeSubscriptionId = spokeVNetIdTokens[2] var spokeResourceGroupName = spokeVNetIdTokens[4] @@ -53,28 +53,28 @@ var spokeVNetName = spokeVNetIdTokens[8] var containerRegistryPullRoleGuid='7f951dda-4ed3-4680-a7ca-43fe172d538d' -var spokeVNetLinks = [ - { - vnetName: spokeVNetName - vnetId: vnetSpoke.id - registrationEnabled: false - } - { - vnetName: vnetHub.name - vnetId: vnetHub.id - registrationEnabled: false - } -] +// Only include hubvnet to the mix if a valid hubvnet id is provided +var spokeVNetLinks = concat( + [ + { + vnetName: spokeVNetName + vnetId: vnetSpoke.id + registrationEnabled: false + } + ], + !empty(hubVNetName) ? [ + { + vnetName: hubVNetName + vnetId: hubVNetId + registrationEnabled: false + } + ] : [] +) // ------------------ // RESOURCES // ------------------ -resource vnetHub 'Microsoft.Network/virtualNetworks@2022-07-01' existing = { - scope: resourceGroup(hubSubscriptionId, hubResourceGroupName) - name: hubVNetName -} - resource vnetSpoke 'Microsoft.Network/virtualNetworks@2022-01-01' existing = { scope: resourceGroup(spokeSubscriptionId, spokeResourceGroupName) name: spokeVNetName diff --git a/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/key-vault.bicep b/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/key-vault.bicep index a8c7b77d..53c8cffc 100644 --- a/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/key-vault.bicep +++ b/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/key-vault.bicep @@ -16,6 +16,9 @@ param tags object = {} @description('The resource ID of the Hub Virtual Network.') param hubVNetId string +@description(' Name of the hub vnet') +param hubVNetName string + @description('The resource ID of the VNet to which the private endpoint will be connected.') param spokeVNetId string @@ -69,29 +72,29 @@ param diagnosticSettingsName string = '' var privateDnsZoneNames = 'privatelink.vaultcore.azure.net' var keyVaultResourceName = 'vault' -var hubVNetIdTokens = split(hubVNetId, '/') -var hubSubscriptionId = hubVNetIdTokens[2] -var hubResourceGroupName = hubVNetIdTokens[4] -var hubVNetName = hubVNetIdTokens[8] - var spokeVNetIdTokens = split(spokeVNetId, '/') var spokeSubscriptionId = spokeVNetIdTokens[2] var spokeResourceGroupName = spokeVNetIdTokens[4] var spokeVNetName = spokeVNetIdTokens[8] -var spokeVNetLinks = [ - { - vnetName: spokeVNetName - vnetId: vnetSpoke.id - registrationEnabled: false - } - { - vnetName: vnetHub.name - vnetId: vnetHub.id - registrationEnabled: false - } -] +// Only include hubvnet to the mix if a valid hubvnet id is provided +var spokeVNetLinks = concat( + [ + { + vnetName: spokeVNetName + vnetId: vnetSpoke.id + registrationEnabled: false + } + ], + !empty(hubVNetName) ? [ + { + vnetName: hubVNetName + vnetId: hubVNetId + registrationEnabled: false + } + ] : [] +) var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category @@ -116,11 +119,6 @@ var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { // RESOURCES // ------------------ -resource vnetHub 'Microsoft.Network/virtualNetworks@2022-07-01' existing = { - scope: resourceGroup(hubSubscriptionId, hubResourceGroupName) - name: hubVNetName -} - resource vnetSpoke 'Microsoft.Network/virtualNetworks@2022-01-01' existing = { scope: resourceGroup(spokeSubscriptionId, spokeResourceGroupName) name: spokeVNetName diff --git a/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/open-ai.module.bicep b/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/open-ai.module.bicep index 4659e622..8bbc1cbd 100644 --- a/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/open-ai.module.bicep +++ b/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/open-ai.module.bicep @@ -17,6 +17,9 @@ param tags object = {} @description('The resource ID of the Hub Virtual Network.') param hubVNetId string +@description(' Name of the hub vnet') +param hubVNetName string + @description('The resource ID of the VNet to which the private endpoint will be connected.') param spokeVNetId string @@ -32,41 +35,32 @@ param logAnalyticsWsId string @description('Deploy (or not) a model on the openAI Account. This is used only as a sample to show how to deploy a model on the OpenAI account.') param deployOpenAiGptModel bool = false - - -var hubVNetIdTokens = split(hubVNetId, '/') -var hubSubscriptionId = hubVNetIdTokens[2] -var hubResourceGroupName = hubVNetIdTokens[4] -var hubVNetName = hubVNetIdTokens[8] - var spokeVNetIdTokens = split(spokeVNetId, '/') var spokeSubscriptionId = spokeVNetIdTokens[2] var spokeResourceGroupName = spokeVNetIdTokens[4] var spokeVNetName = spokeVNetIdTokens[8] -var virtualNetworkLinks = [ - { - vnetName: spokeVNetName - vnetId: vnetSpoke.id - registrationEnabled: false - } - { - vnetName: vnetHub.name - vnetId: vnetHub.id - registrationEnabled: false - } -] +// Only include hubvnet to the mix if a valid hubvnet id is provided +var spokeVNetLinks = concat( + [ + { + vnetName: spokeVNetName + vnetId: vnetSpoke.id + registrationEnabled: false + } + ], + !empty(hubVNetName) ? [ + { + vnetName: hubVNetName + vnetId: hubVNetId + registrationEnabled: false + } + ] : [] +) var vnetHubSplitTokens = !empty(vnetHubResourceId) ? split(vnetHubResourceId, '/') : array('') var openAiDnsZoneName = 'privatelink.openai.azure.com' - - -resource vnetHub 'Microsoft.Network/virtualNetworks@2022-07-01' existing = { - scope: resourceGroup(hubSubscriptionId, hubResourceGroupName) - name: hubVNetName -} - resource vnetSpoke 'Microsoft.Network/virtualNetworks@2022-01-01' existing = { scope: resourceGroup(spokeSubscriptionId, spokeResourceGroupName) name: spokeVNetName @@ -108,11 +102,11 @@ module gpt35TurboDeployment '../../../../../shared/bicep/cognitive-services/ope module openAiPrivateDnsZone '../../../../../shared/bicep/network/private-dns-zone.bicep' = { // conditional scope is not working: https://github.com/Azure/bicep/issues/7367 //scope: empty(vnetHubResourceId) ? resourceGroup() : resourceGroup(vnetHubSplitTokens[2], vnetHubSplitTokens[4]) - scope: resourceGroup(vnetHubSplitTokens[2], vnetHubSplitTokens[4]) + scope: empty(hubVNetName) ? resourceGroup() : resourceGroup(vnetHubSplitTokens[2], vnetHubSplitTokens[4]) name: take('${replace(openAiDnsZoneName, '.', '-')}-PrivateDnsZoneDeployment', 64) params: { name: openAiDnsZoneName - virtualNetworkLinks: virtualNetworkLinks + virtualNetworkLinks: spokeVNetLinks tags: tags } } diff --git a/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/redis-cache.bicep b/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/redis-cache.bicep index 800b9ceb..a3009805 100644 --- a/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/redis-cache.bicep +++ b/scenarios/aca-internal/bicep/modules/03-supporting-services/modules/redis-cache.bicep @@ -16,6 +16,9 @@ param tags object = {} @description('The resource ID of the Hub Virtual Network.') param hubVNetId string +@description(' Name of the hub vnet') +param hubVNetName string + @description('The resource ID of the VNet to which the private endpoint will be connected.') param spokeVNetId string @@ -39,39 +42,35 @@ param logAnalyticsWsId string var privateDnsZoneNames = 'privatelink.redis.cache.windows.net' var redisResourceName = 'redisCache' -var hubVNetIdTokens = split(hubVNetId, '/') -var hubSubscriptionId = hubVNetIdTokens[2] -var hubResourceGroupName = hubVNetIdTokens[4] -var hubVNetName = hubVNetIdTokens[8] var spokeVNetIdTokens = split(spokeVNetId, '/') var spokeSubscriptionId = spokeVNetIdTokens[2] var spokeResourceGroupName = spokeVNetIdTokens[4] var spokeVNetName = spokeVNetIdTokens[8] -var spokeVNetLinks = [ - { - vnetName: spokeVNetName - vnetId: vnetSpoke.id - registrationEnabled: false - } - { - vnetName: vnetHub.name - vnetId: vnetHub.id - registrationEnabled: false - } -] +// Only include hubvnet to the mix if a valid hubvnet id is provided +var spokeVNetLinks = concat( + [ + { + vnetName: spokeVNetName + vnetId: vnetSpoke.id + registrationEnabled: false + } + ], + !empty(hubVNetName) ? [ + { + vnetName: hubVNetName + vnetId: hubVNetId + registrationEnabled: false + } + ] : [] +) // ------------------ // RESOURCES // ------------------ -resource vnetHub 'Microsoft.Network/virtualNetworks@2022-07-01' existing = { - scope: resourceGroup(hubSubscriptionId, hubResourceGroupName) - name: hubVNetName -} - resource vnetSpoke 'Microsoft.Network/virtualNetworks@2022-01-01' existing = { scope: resourceGroup(spokeSubscriptionId, spokeResourceGroupName) name: spokeVNetName diff --git a/scenarios/aca-internal/bicep/modules/04-container-apps-environment/deploy.aca-environment.bicep b/scenarios/aca-internal/bicep/modules/04-container-apps-environment/deploy.aca-environment.bicep index bafca89f..c9f8c5b5 100644 --- a/scenarios/aca-internal/bicep/modules/04-container-apps-environment/deploy.aca-environment.bicep +++ b/scenarios/aca-internal/bicep/modules/04-container-apps-environment/deploy.aca-environment.bicep @@ -45,32 +45,58 @@ param logAnalyticsWorkspaceId string @description('Optional, default value is true. If true, any resources that support AZ will be deployed in all three AZ. However if the selected region is not supporting AZ, this parameter needs to be set to false.') param deployZoneRedundantResources bool = true +@description('Optional, Add a dedicated profile called default.') +param dedicatedWorkloadProfile bool = false + // ------------------ // VARIABLES // ------------------ -var hubVNetResourceIdTokens = !empty(hubVNetId) ? split(hubVNetId, '/') : array('') +// remove the option to deploy dedicated profile with ACA environment until bug is fixed on the product side +var workloadProfile = dedicatedWorkloadProfile ? [ +// { +// workloadProfileType: 'D4' +// name: 'default' +// minimumCount: 1 +// maximumCount: 3 +// } +] : [] + +var hubVNetResourceIdTokens = contains(hubVNetId, '/') ? split(hubVNetId, '/') : array('') + +// check to ensure the hubVNetResourceIdTokens was valid by checking the length of the array created in previous step +@description('The name of the hub virtual network.') +var hubVNetName = length(hubVNetResourceIdTokens) > 7 ? hubVNetResourceIdTokens[8] : '' @description('The ID of the subscription containing the hub virtual network.') -var hubSubscriptionId = hubVNetResourceIdTokens[2] +var hubSubscriptionId = length(hubVNetResourceIdTokens) > 1 ? hubVNetResourceIdTokens[2] : '' @description('The name of the resource group containing the hub virtual network.') -var hubResourceGroupName = hubVNetResourceIdTokens[4] - -@description('The name of the hub virtual network.') -var hubVNetName = hubVNetResourceIdTokens[8] +var hubResourceGroupName = length(hubVNetResourceIdTokens) > 3 ? hubVNetResourceIdTokens[4] : '' var telemetryId = '9b4433d6-924a-4c07-b47c-7478619759c7-${location}-acasb' +var spokeVNetLinks = concat( + [ + { + vnetName: spokeVNetName + vnetId: spokeVNet.id + registrationEnabled: false + } + ], + !empty(hubVNetName) ? [ + { + vnetName: hubVNetName + vnetId: hubVNetId + registrationEnabled: false + } + ] : [] +) + // ------------------ // EXISTING RESOURCES // ------------------ -@description('The existing hub virtual network.') -resource vnetHub 'Microsoft.Network/virtualNetworks@2022-07-01' existing = { - scope: resourceGroup(hubSubscriptionId, hubResourceGroupName) - name: hubVNetName -} @description('The existing spoke virtual network.') resource spokeVNet 'Microsoft.Network/virtualNetworks@2022-01-01' existing = { @@ -120,6 +146,7 @@ module containerAppsEnvironment '../../../../shared/bicep/aca-environment.bicep' appInsightsInstrumentationKey: (enableApplicationInsights && enableDaprInstrumentation) ? applicationInsights.outputs.appInsInstrumentationKey : '' zoneRedundant: deployZoneRedundantResources infrastructureResourceGroupName: '' + workloadProfiles: workloadProfile } } @@ -129,18 +156,7 @@ module containerAppsEnvironmentPrivateDnsZone '../../../../shared/bicep/network/ name: 'containerAppsEnvironmentPrivateDnsZone-${uniqueString(resourceGroup().id)}' params: { name: containerAppsEnvironment.outputs.containerAppsEnvironmentDefaultDomain - virtualNetworkLinks: [ - { - vnetName: spokeVNet.name /* Link to spoke */ - vnetId: spokeVNet.id - registrationEnabled: false - } - { - vnetName: vnetHub.name /* Link to hub */ - vnetId: vnetHub.id - registrationEnabled: false - } - ] + virtualNetworkLinks: spokeVNetLinks tags: tags aRecords: [ { diff --git a/scenarios/aca-internal/bicep/modules/04-container-apps-environment/deploy.aca-environment.parameters.jsonc b/scenarios/aca-internal/bicep/modules/04-container-apps-environment/deploy.aca-environment.parameters.jsonc index 931425f7..2f30613c 100644 --- a/scenarios/aca-internal/bicep/modules/04-container-apps-environment/deploy.aca-environment.parameters.jsonc +++ b/scenarios/aca-internal/bicep/modules/04-container-apps-environment/deploy.aca-environment.parameters.jsonc @@ -10,6 +10,10 @@ "environment": { "value": "dev" }, + // Should a dedicated workload profile called default be provisioned? + "dedicatedWorkloadProfile": { + "value": false + }, "tags": { "value": {} }, diff --git a/scenarios/shared/bicep/network/private-networking.bicep b/scenarios/shared/bicep/network/private-networking.bicep index 0db20a58..61b3ebf9 100644 --- a/scenarios/shared/bicep/network/private-networking.bicep +++ b/scenarios/shared/bicep/network/private-networking.bicep @@ -28,14 +28,16 @@ param privateEndpointSubResourceName string @description('The region (location) in which the resource will be deployed. Default: resource group location.') param location string = resourceGroup().location -var vnetHubSplitTokens = !empty(vnetHubResourceId) ? split(vnetHubResourceId, '/') : array('') +// check to see if theres a '/' in the vnetHubResourceId. if there isnt, its an invalid input and default resource group will be used +var vnetHubSplitTokens = contains(vnetHubResourceId, '/') ? split(vnetHubResourceId, '/') : array('') // ------------------ // RESOURCES // ------------------ +// Deploy the private DNS zone in the spoke resource group if no valid resource id is provided module privateDnsZone 'private-dns-zone.bicep' = { - scope: resourceGroup(vnetHubSplitTokens[2], vnetHubSplitTokens[4]) + scope: contains(vnetHubResourceId, '/') ? resourceGroup(vnetHubSplitTokens[2], vnetHubSplitTokens[4]) : resourceGroup() name: 'privateDnsZoneDeployment-${uniqueString(azServiceId, privateEndpointSubResourceName)}' params: { name: azServicePrivateDnsZoneName