From c540d21c9418fe57ed5afe09500f0ad6363c2fc4 Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Wed, 2 Mar 2022 19:15:28 -0600 Subject: [PATCH 1/4] Update Azure Bastion --- .../bastionHosts/.parameters/parameters.json | 6 ++++++ arm/Microsoft.Network/bastionHosts/deploy.bicep | 16 ++++++++++++++++ arm/Microsoft.Network/bastionHosts/readme.md | 2 ++ 3 files changed, 24 insertions(+) diff --git a/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json b/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json index dba5d3d6f5..0b1cd0d25b 100644 --- a/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json +++ b/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json @@ -11,6 +11,12 @@ "publicIPAddressId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-bas" }, + "skuType": { + "value": "Standard" + }, + "scaleUnits": { + "value": 4 + }, "roleAssignments": { "value": [ { diff --git a/arm/Microsoft.Network/bastionHosts/deploy.bicep b/arm/Microsoft.Network/bastionHosts/deploy.bicep index 3c1547cc30..f99c467a76 100644 --- a/arm/Microsoft.Network/bastionHosts/deploy.bicep +++ b/arm/Microsoft.Network/bastionHosts/deploy.bicep @@ -38,6 +38,16 @@ param diagnosticEventHubName string = '' @description('Optional. Specify the type of lock.') param lock string = 'NotSpecified' +@allowed([ + 'Basic' + 'Standard' +]) +@description('Optional. The SKU of this Bastion Host.') +param skuType string = 'Basic' + +@description('Optional. The scale units for the Bastion Host resource.') +param scaleUnits int = 2 + @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'') param roleAssignments array = [] @@ -64,6 +74,8 @@ var diagnosticsLogs = [for log in logsToEnable: { } }] +var var_scaleUnits = skuType == 'Basic' ? null : scaleUnits + module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { name: 'pid-${cuaId}' params: {} @@ -112,7 +124,11 @@ resource azureBastion 'Microsoft.Network/bastionHosts@2021-05-01' = { name: name location: location tags: tags + sku: { + name: skuType + } properties: { + scaleUnits: var_scaleUnits ipConfigurations: [ { name: 'IpConf' diff --git a/arm/Microsoft.Network/bastionHosts/readme.md b/arm/Microsoft.Network/bastionHosts/readme.md index 80f42cf38a..8fadb1f285 100644 --- a/arm/Microsoft.Network/bastionHosts/readme.md +++ b/arm/Microsoft.Network/bastionHosts/readme.md @@ -29,6 +29,8 @@ This module deploys a bastion host. | `publicIPAddressId` | string | | | Optional. Specifies the resource ID of the existing public IP to be leveraged by Azure Bastion. | | `publicIPAddressObject` | object | `{object}` | | Optional. Specifies the properties of the public IP to create and be used by Azure Bastion. If it's not provided and publicIPAddressId is empty, a '-pip' suffix will be appended to the Bastion's name. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | +| `scaleUnits` | int | `2` | | Optional. The scale units for the Bastion Host resource. | +| `skuType` | string | `Basic` | `[Basic, Standard]` | Optional. The SKU of this Bastion Host. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `vNetId` | string | | | Required. Shared services Virtual Network resource identifier | From 25e9f691d9376b7df39c3480c76770997f2364e0 Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Wed, 2 Mar 2022 19:27:40 -0600 Subject: [PATCH 2/4] Update Azure Bastion Scale Units --- arm/Microsoft.Network/bastionHosts/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/bastionHosts/deploy.bicep b/arm/Microsoft.Network/bastionHosts/deploy.bicep index f99c467a76..9a658f0060 100644 --- a/arm/Microsoft.Network/bastionHosts/deploy.bicep +++ b/arm/Microsoft.Network/bastionHosts/deploy.bicep @@ -74,7 +74,7 @@ var diagnosticsLogs = [for log in logsToEnable: { } }] -var var_scaleUnits = skuType == 'Basic' ? null : scaleUnits +var var_scaleUnits = skuType == 'Basic' ? 2 : scaleUnits module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { name: 'pid-${cuaId}' From 9e50c4fd17d3eaeaf7c3a915e7e5c6e6db20b3a1 Mon Sep 17 00:00:00 2001 From: Sergio Navar <47188710+senavar@users.noreply.github.com> Date: Thu, 3 Mar 2022 11:07:55 -0600 Subject: [PATCH 3/4] Update variable Co-authored-by: Marius Storhaug --- arm/Microsoft.Network/bastionHosts/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/bastionHosts/deploy.bicep b/arm/Microsoft.Network/bastionHosts/deploy.bicep index 9a658f0060..a66a687f42 100644 --- a/arm/Microsoft.Network/bastionHosts/deploy.bicep +++ b/arm/Microsoft.Network/bastionHosts/deploy.bicep @@ -74,7 +74,7 @@ var diagnosticsLogs = [for log in logsToEnable: { } }] -var var_scaleUnits = skuType == 'Basic' ? 2 : scaleUnits +var scaleUnits_var = skuType == 'Basic' ? 2 : scaleUnits module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { name: 'pid-${cuaId}' From 674a3cb4701eae40aa3a8993820ae9676f8af48d Mon Sep 17 00:00:00 2001 From: Sergio Navar <47188710+senavar@users.noreply.github.com> Date: Thu, 3 Mar 2022 11:08:08 -0600 Subject: [PATCH 4/4] Update variable Co-authored-by: Marius Storhaug --- arm/Microsoft.Network/bastionHosts/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/bastionHosts/deploy.bicep b/arm/Microsoft.Network/bastionHosts/deploy.bicep index a66a687f42..5d1c0fc0d1 100644 --- a/arm/Microsoft.Network/bastionHosts/deploy.bicep +++ b/arm/Microsoft.Network/bastionHosts/deploy.bicep @@ -128,7 +128,7 @@ resource azureBastion 'Microsoft.Network/bastionHosts@2021-05-01' = { name: skuType } properties: { - scaleUnits: var_scaleUnits + scaleUnits: scaleUnits_var ipConfigurations: [ { name: 'IpConf'