diff --git a/modules/Microsoft.RecoveryServices/vaults/.parameters/parameters.json b/modules/Microsoft.RecoveryServices/vaults/.parameters/parameters.json index 67f01a8bb6..9993cc4485 100644 --- a/modules/Microsoft.RecoveryServices/vaults/.parameters/parameters.json +++ b/modules/Microsoft.RecoveryServices/vaults/.parameters/parameters.json @@ -1,289 +1,243 @@ { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-rsv-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "backupConfig": { - "value": { - "enhancedSecurityState": "Disabled", - "softDeleteFeatureState": "Disabled" - } + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-rsv-x-001" + }, + "lock": { + "value": "CanNotDelete" + }, + "backupConfig": { + "value": { + "enhancedSecurityState": "Disabled", + "softDeleteFeatureState": "Disabled" + } + }, + "backupPolicies": { + "value": [ + { + "name": "VMpolicy", + "properties": { + "backupManagementType": "AzureIaasVM", + "instantRPDetails": {}, + "schedulePolicy": { + "schedulePolicyType": "SimpleSchedulePolicy", + "scheduleRunFrequency": "Daily", + "scheduleRunTimes": ["2019-11-07T07:00:00Z"], + "scheduleWeeklyFrequency": 0 + }, + "retentionPolicy": { + "retentionPolicyType": "LongTermRetentionPolicy", + "dailySchedule": { + "retentionTimes": ["2019-11-07T07:00:00Z"], + "retentionDuration": { + "count": 180, + "durationType": "Days" + } + }, + "weeklySchedule": { + "daysOfTheWeek": ["Sunday"], + "retentionTimes": ["2019-11-07T07:00:00Z"], + "retentionDuration": { + "count": 12, + "durationType": "Weeks" + } + }, + "monthlySchedule": { + "retentionScheduleFormatType": "Weekly", + "retentionScheduleWeekly": { + "daysOfTheWeek": ["Sunday"], + "weeksOfTheMonth": ["First"] + }, + "retentionTimes": ["2019-11-07T07:00:00Z"], + "retentionDuration": { + "count": 60, + "durationType": "Months" + } + }, + "yearlySchedule": { + "retentionScheduleFormatType": "Weekly", + "monthsOfYear": ["January"], + "retentionScheduleWeekly": { + "daysOfTheWeek": ["Sunday"], + "weeksOfTheMonth": ["First"] + }, + "retentionTimes": ["2019-11-07T07:00:00Z"], + "retentionDuration": { + "count": 10, + "durationType": "Years" + } + } + }, + "instantRpRetentionRangeInDays": 2, + "timeZone": "UTC", + "protectedItemsCount": 0 + } }, - "backupPolicies": { - "value": [ - { - "name": "VMpolicy", - "properties": { - "backupManagementType": "AzureIaasVM", - "instantRPDetails": {}, - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T07:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 180, - "durationType": "Days" - } - }, - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 12, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - }, - "instantRpRetentionRangeInDays": 2, - "timeZone": "UTC", - "protectedItemsCount": 0 - } + { + "name": "sqlpolicy", + "properties": { + "backupManagementType": "AzureWorkload", + "workLoadType": "SQLDataBase", + "settings": { + "timeZone": "UTC", + "issqlcompression": true, + "isCompression": true + }, + "subProtectionPolicy": [ + { + "policyType": "Full", + "schedulePolicy": { + "schedulePolicyType": "SimpleSchedulePolicy", + "scheduleRunFrequency": "Weekly", + "scheduleRunDays": ["Sunday"], + "scheduleRunTimes": ["2019-11-07T22:00:00Z"], + "scheduleWeeklyFrequency": 0 }, - { - "name": "sqlpolicy", - "properties": { - "backupManagementType": "AzureWorkload", - "workLoadType": "SQLDataBase", - "settings": { - "timeZone": "UTC", - "issqlcompression": true, - "isCompression": true - }, - "subProtectionPolicy": [ - { - "policyType": "Full", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Weekly", - "scheduleRunDays": [ - "Sunday" - ], - "scheduleRunTimes": [ - "2019-11-07T22:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 104, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - } - }, - { - "policyType": "Differential", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Weekly", - "scheduleRunDays": [ - "Monday" - ], - "scheduleRunTimes": [ - "2017-03-07T02:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "SimpleRetentionPolicy", - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - { - "policyType": "Log", - "schedulePolicy": { - "schedulePolicyType": "LogSchedulePolicy", - "scheduleFrequencyInMins": 120 - }, - "retentionPolicy": { - "retentionPolicyType": "SimpleRetentionPolicy", - "retentionDuration": { - "count": 15, - "durationType": "Days" - } - } - } - ], - "protectedItemsCount": 0 + "retentionPolicy": { + "retentionPolicyType": "LongTermRetentionPolicy", + "weeklySchedule": { + "daysOfTheWeek": ["Sunday"], + "retentionTimes": ["2019-11-07T22:00:00Z"], + "retentionDuration": { + "count": 104, + "durationType": "Weeks" } - }, - { - "name": "filesharepolicy", - "properties": { - "backupManagementType": "AzureStorage", - "workloadType": "AzureFileShare", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T04:30:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T04:30:00Z" - ], - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - "timeZone": "UTC", - "protectedItemsCount": 0 + }, + "monthlySchedule": { + "retentionScheduleFormatType": "Weekly", + "retentionScheduleWeekly": { + "daysOfTheWeek": ["Sunday"], + "weeksOfTheMonth": ["First"] + }, + "retentionTimes": ["2019-11-07T22:00:00Z"], + "retentionDuration": { + "count": 60, + "durationType": "Months" } + }, + "yearlySchedule": { + "retentionScheduleFormatType": "Weekly", + "monthsOfYear": ["January"], + "retentionScheduleWeekly": { + "daysOfTheWeek": ["Sunday"], + "weeksOfTheMonth": ["First"] + }, + "retentionTimes": ["2019-11-07T22:00:00Z"], + "retentionDuration": { + "count": 10, + "durationType": "Years" + } + } } - ] - }, - "backupStorageConfig": { - "value": { - "storageModelType": "GeoRedundant", - "crossRegionRestoreFlag": true - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] + }, + { + "policyType": "Differential", + "schedulePolicy": { + "schedulePolicyType": "SimpleSchedulePolicy", + "scheduleRunFrequency": "Weekly", + "scheduleRunDays": ["Monday"], + "scheduleRunTimes": ["2017-03-07T02:00:00Z"], + "scheduleWeeklyFrequency": 0 + }, + "retentionPolicy": { + "retentionPolicyType": "SimpleRetentionPolicy", + "retentionDuration": { + "count": 30, + "durationType": "Days" + } } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "systemAssignedIdentity": { - "value": true + }, + { + "policyType": "Log", + "schedulePolicy": { + "schedulePolicyType": "LogSchedulePolicy", + "scheduleFrequencyInMins": 120 + }, + "retentionPolicy": { + "retentionPolicyType": "SimpleRetentionPolicy", + "retentionDuration": { + "count": 15, + "durationType": "Days" + } + } + } + ], + "protectedItemsCount": 0 + } }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } + { + "name": "filesharepolicy", + "properties": { + "backupManagementType": "AzureStorage", + "workloadType": "AzureFileShare", + "schedulePolicy": { + "schedulePolicyType": "SimpleSchedulePolicy", + "scheduleRunFrequency": "Daily", + "scheduleRunTimes": ["2019-11-07T04:30:00Z"], + "scheduleWeeklyFrequency": 0 + }, + "retentionPolicy": { + "retentionPolicyType": "LongTermRetentionPolicy", + "dailySchedule": { + "retentionTimes": ["2019-11-07T04:30:00Z"], + "retentionDuration": { + "count": 30, + "durationType": "Days" + } + } + }, + "timeZone": "UTC", + "protectedItemsCount": 0 + } + } + ] + }, + "backupStorageConfig": { + "value": { + "storageModelType": "GeoRedundant", + "crossRegionRestoreFlag": true + } + }, + "privateEndpoints": { + "value": [ + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", + "service": "AzureSiteRecovery" + } + ] + }, + "roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": ["<>"] } + ] + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "diagnosticStorageAccountId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + }, + "diagnosticWorkspaceId": { + "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + }, + "diagnosticEventHubName": { + "value": "adp-<>-az-evh-x-001" + }, + "systemAssignedIdentity": { + "value": true + }, + "userAssignedIdentities": { + "value": { + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + } } + } } diff --git a/modules/Microsoft.RecoveryServices/vaults/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/deploy.bicep index bf14eeb3cb..81cc3f8193 100644 --- a/modules/Microsoft.RecoveryServices/vaults/deploy.bicep +++ b/modules/Microsoft.RecoveryServices/vaults/deploy.bicep @@ -110,6 +110,9 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' +@description('Optional. Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +param privateEndpoints array = [] + var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { category: category enabled: true @@ -261,6 +264,26 @@ resource rsv_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-0 scope: rsv } +module rsv_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { + name: '${uniqueString(deployment().name, location)}-RSV-PrivateEndpoint-${index}' + params: { + groupIds: [ + privateEndpoint.service + ] + name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(rsv.id, '/'))}-${privateEndpoint.service}-${index}' + serviceResourceId: rsv.id + subnetResourceId: privateEndpoint.subnetResourceId + enableDefaultTelemetry: enableReferencedModulesTelemetry + location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location + lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock + privateDnsZoneGroups: contains(privateEndpoint, 'privateDnsZoneGroups') ? privateEndpoint.privateDnsZoneGroups : [] + roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] + tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {} + manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] + customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] + } +}] + module rsv_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-RSV-Rbac-${index}' params: { diff --git a/modules/Microsoft.RecoveryServices/vaults/readme.md b/modules/Microsoft.RecoveryServices/vaults/readme.md index 22f06d96eb..f86387494b 100644 --- a/modules/Microsoft.RecoveryServices/vaults/readme.md +++ b/modules/Microsoft.RecoveryServices/vaults/readme.md @@ -16,6 +16,8 @@ This module deploys a recovery service vault. | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | +| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | | `Microsoft.RecoveryServices/vaults` | [2022-02-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2022-02-01/vaults) | | `Microsoft.RecoveryServices/vaults/backupconfig` | [2021-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-10-01/vaults/backupconfig) | | `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupFabrics/protectionContainers) | @@ -51,6 +53,7 @@ This module deploys a recovery service vault. | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | +| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `protectionContainers` | _[protectionContainers](protectionContainers/readme.md)_ array | `[]` | | List of all protection containers. | | `replicationFabrics` | _[replicationFabrics](replicationFabrics/readme.md)_ array | `[]` | | List of all replication fabrics. | | `replicationPolicies` | _[replicationPolicies](replicationPolicies/readme.md)_ array | `[]` | | List of all replication policies. | @@ -801,6 +804,83 @@ userAssignedIdentities: {

+### Parameter Usage: `privateEndpoints` + +To use Private Endpoint the following dependencies must be deployed: + +- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. +- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. + +

+ +Parameter JSON format + +```json +"privateEndpoints": { + "value": [ + // Example showing all available fields + { + "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", + "service": "<>", // e.g. vault, registry, file, blob, queue, table etc. + "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net" + ], + "customDnsConfigs": [ // Optional + { + "fqdn": "customname.test.local", + "ipAddresses": [ + "10.10.10.10" + ] + } + ] + }, + // Example showing only mandatory fields + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", + "service": "<>" // e.g. vault, registry, file, blob, queue, table etc. + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +privateEndpoints: [ + // Example showing all available fields + { + name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here + subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' + service: '<>' // e.g. vault registry file blob queue table etc. + privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified + '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net' + ] + // Optional + customDnsConfigs: [ + { + fqdn: 'customname.test.local' + ipAddresses: [ + '10.10.10.10' + ] + } + ] + } + // Example showing only mandatory fields + { + subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' + service: '<>' // e.g. vault registry file blob queue table etc. + } +] +``` + +
+

+ ## Outputs | Output Name | Type | Description | @@ -1007,293 +1087,247 @@ module vaults './Microsoft.RecoveryServices/vaults/deploy.bicep' = { ```json { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-rsv-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "backupConfig": { - "value": { - "enhancedSecurityState": "Disabled", - "softDeleteFeatureState": "Disabled" - } + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-rsv-x-001" + }, + "lock": { + "value": "CanNotDelete" + }, + "backupConfig": { + "value": { + "enhancedSecurityState": "Disabled", + "softDeleteFeatureState": "Disabled" + } + }, + "backupPolicies": { + "value": [ + { + "name": "VMpolicy", + "properties": { + "backupManagementType": "AzureIaasVM", + "instantRPDetails": {}, + "schedulePolicy": { + "schedulePolicyType": "SimpleSchedulePolicy", + "scheduleRunFrequency": "Daily", + "scheduleRunTimes": ["2019-11-07T07:00:00Z"], + "scheduleWeeklyFrequency": 0 + }, + "retentionPolicy": { + "retentionPolicyType": "LongTermRetentionPolicy", + "dailySchedule": { + "retentionTimes": ["2019-11-07T07:00:00Z"], + "retentionDuration": { + "count": 180, + "durationType": "Days" + } + }, + "weeklySchedule": { + "daysOfTheWeek": ["Sunday"], + "retentionTimes": ["2019-11-07T07:00:00Z"], + "retentionDuration": { + "count": 12, + "durationType": "Weeks" + } + }, + "monthlySchedule": { + "retentionScheduleFormatType": "Weekly", + "retentionScheduleWeekly": { + "daysOfTheWeek": ["Sunday"], + "weeksOfTheMonth": ["First"] + }, + "retentionTimes": ["2019-11-07T07:00:00Z"], + "retentionDuration": { + "count": 60, + "durationType": "Months" + } + }, + "yearlySchedule": { + "retentionScheduleFormatType": "Weekly", + "monthsOfYear": ["January"], + "retentionScheduleWeekly": { + "daysOfTheWeek": ["Sunday"], + "weeksOfTheMonth": ["First"] + }, + "retentionTimes": ["2019-11-07T07:00:00Z"], + "retentionDuration": { + "count": 10, + "durationType": "Years" + } + } + }, + "instantRpRetentionRangeInDays": 2, + "timeZone": "UTC", + "protectedItemsCount": 0 + } }, - "backupPolicies": { - "value": [ - { - "name": "VMpolicy", - "properties": { - "backupManagementType": "AzureIaasVM", - "instantRPDetails": {}, - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T07:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 180, - "durationType": "Days" - } - }, - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 12, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - }, - "instantRpRetentionRangeInDays": 2, - "timeZone": "UTC", - "protectedItemsCount": 0 - } + { + "name": "sqlpolicy", + "properties": { + "backupManagementType": "AzureWorkload", + "workLoadType": "SQLDataBase", + "settings": { + "timeZone": "UTC", + "issqlcompression": true, + "isCompression": true + }, + "subProtectionPolicy": [ + { + "policyType": "Full", + "schedulePolicy": { + "schedulePolicyType": "SimpleSchedulePolicy", + "scheduleRunFrequency": "Weekly", + "scheduleRunDays": ["Sunday"], + "scheduleRunTimes": ["2019-11-07T22:00:00Z"], + "scheduleWeeklyFrequency": 0 }, - { - "name": "sqlpolicy", - "properties": { - "backupManagementType": "AzureWorkload", - "workLoadType": "SQLDataBase", - "settings": { - "timeZone": "UTC", - "issqlcompression": true, - "isCompression": true - }, - "subProtectionPolicy": [ - { - "policyType": "Full", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Weekly", - "scheduleRunDays": [ - "Sunday" - ], - "scheduleRunTimes": [ - "2019-11-07T22:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 104, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - } - }, - { - "policyType": "Differential", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Weekly", - "scheduleRunDays": [ - "Monday" - ], - "scheduleRunTimes": [ - "2017-03-07T02:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "SimpleRetentionPolicy", - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - { - "policyType": "Log", - "schedulePolicy": { - "schedulePolicyType": "LogSchedulePolicy", - "scheduleFrequencyInMins": 120 - }, - "retentionPolicy": { - "retentionPolicyType": "SimpleRetentionPolicy", - "retentionDuration": { - "count": 15, - "durationType": "Days" - } - } - } - ], - "protectedItemsCount": 0 + "retentionPolicy": { + "retentionPolicyType": "LongTermRetentionPolicy", + "weeklySchedule": { + "daysOfTheWeek": ["Sunday"], + "retentionTimes": ["2019-11-07T22:00:00Z"], + "retentionDuration": { + "count": 104, + "durationType": "Weeks" } - }, - { - "name": "filesharepolicy", - "properties": { - "backupManagementType": "AzureStorage", - "workloadType": "AzureFileShare", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T04:30:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T04:30:00Z" - ], - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - "timeZone": "UTC", - "protectedItemsCount": 0 + }, + "monthlySchedule": { + "retentionScheduleFormatType": "Weekly", + "retentionScheduleWeekly": { + "daysOfTheWeek": ["Sunday"], + "weeksOfTheMonth": ["First"] + }, + "retentionTimes": ["2019-11-07T22:00:00Z"], + "retentionDuration": { + "count": 60, + "durationType": "Months" + } + }, + "yearlySchedule": { + "retentionScheduleFormatType": "Weekly", + "monthsOfYear": ["January"], + "retentionScheduleWeekly": { + "daysOfTheWeek": ["Sunday"], + "weeksOfTheMonth": ["First"] + }, + "retentionTimes": ["2019-11-07T22:00:00Z"], + "retentionDuration": { + "count": 10, + "durationType": "Years" } + } } - ] - }, - "backupStorageConfig": { - "value": { - "storageModelType": "GeoRedundant", - "crossRegionRestoreFlag": true - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] + }, + { + "policyType": "Differential", + "schedulePolicy": { + "schedulePolicyType": "SimpleSchedulePolicy", + "scheduleRunFrequency": "Weekly", + "scheduleRunDays": ["Monday"], + "scheduleRunTimes": ["2017-03-07T02:00:00Z"], + "scheduleWeeklyFrequency": 0 + }, + "retentionPolicy": { + "retentionPolicyType": "SimpleRetentionPolicy", + "retentionDuration": { + "count": 30, + "durationType": "Days" + } } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "systemAssignedIdentity": { - "value": true + }, + { + "policyType": "Log", + "schedulePolicy": { + "schedulePolicyType": "LogSchedulePolicy", + "scheduleFrequencyInMins": 120 + }, + "retentionPolicy": { + "retentionPolicyType": "SimpleRetentionPolicy", + "retentionDuration": { + "count": 15, + "durationType": "Days" + } + } + } + ], + "protectedItemsCount": 0 + } }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } + { + "name": "filesharepolicy", + "properties": { + "backupManagementType": "AzureStorage", + "workloadType": "AzureFileShare", + "schedulePolicy": { + "schedulePolicyType": "SimpleSchedulePolicy", + "scheduleRunFrequency": "Daily", + "scheduleRunTimes": ["2019-11-07T04:30:00Z"], + "scheduleWeeklyFrequency": 0 + }, + "retentionPolicy": { + "retentionPolicyType": "LongTermRetentionPolicy", + "dailySchedule": { + "retentionTimes": ["2019-11-07T04:30:00Z"], + "retentionDuration": { + "count": 30, + "durationType": "Days" + } + } + }, + "timeZone": "UTC", + "protectedItemsCount": 0 + } } + ] + }, + "backupStorageConfig": { + "value": { + "storageModelType": "GeoRedundant", + "crossRegionRestoreFlag": true + } + }, + "privateEndpoints": { + "value": [ + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", + "service": "AzureSiteRecovery" + } + ] + }, + "roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": ["<>"] + } + ] + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "diagnosticStorageAccountId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + }, + "diagnosticWorkspaceId": { + "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + }, + "diagnosticEventHubName": { + "value": "adp-<>-az-evh-x-001" + }, + "systemAssignedIdentity": { + "value": true + }, + "userAssignedIdentities": { + "value": { + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + } } + } } ``` @@ -1547,6 +1581,12 @@ module vaults './Microsoft.RecoveryServices/vaults/deploy.bicep' = { storageModelType: 'GeoRedundant' crossRegionRestoreFlag: true } + privateEndpoints: [ + { + subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' + service: 'AzureSiteRecovery' + } + ] roleAssignments: [ { roleDefinitionIdOrName: 'Reader' @@ -1562,7 +1602,7 @@ module vaults './Microsoft.RecoveryServices/vaults/deploy.bicep' = { diagnosticEventHubName: 'adp-<>-az-evh-x-001' systemAssignedIdentity: true userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} + '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} } } }