From eb1753911d69748f6521b63c314a1991b2dcdb35 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 4 Jul 2022 14:57:52 +0200 Subject: [PATCH 1/2] Align pe description --- .../configurationStores/deploy.bicep | 2 +- modules/Microsoft.Automation/automationAccounts/deploy.bicep | 2 +- modules/Microsoft.CognitiveServices/accounts/deploy.bicep | 2 +- modules/Microsoft.EventGrid/topics/deploy.bicep | 2 +- modules/Microsoft.EventHub/namespaces/deploy.bicep | 2 +- modules/Microsoft.Insights/privateLinkScopes/deploy.bicep | 4 ++-- modules/Microsoft.KeyVault/vaults/deploy.bicep | 2 +- .../Microsoft.MachineLearningServices/workspaces/deploy.bicep | 2 +- modules/Microsoft.RecoveryServices/vaults/deploy.bicep | 2 +- modules/Microsoft.ServiceBus/namespaces/deploy.bicep | 2 +- modules/Microsoft.Sql/servers/deploy.bicep | 2 +- modules/Microsoft.Storage/storageAccounts/deploy.bicep | 2 +- modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep | 2 +- 13 files changed, 14 insertions(+), 14 deletions(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep index a6600c30bd..d447225b45 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep @@ -100,7 +100,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -@description('Optional. Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] var enableReferencedModulesTelemetry = false diff --git a/modules/Microsoft.Automation/automationAccounts/deploy.bicep b/modules/Microsoft.Automation/automationAccounts/deploy.bicep index 10668efd34..55c9184326 100644 --- a/modules/Microsoft.Automation/automationAccounts/deploy.bicep +++ b/modules/Microsoft.Automation/automationAccounts/deploy.bicep @@ -54,7 +54,7 @@ param gallerySolutions array = [] @description('Optional. List of softwareUpdateConfigurations to be created in the automation account.') param softwareUpdateConfigurations array = [] -@description('Optional. Configuration Details for private endpoints.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] @minValue(0) diff --git a/modules/Microsoft.CognitiveServices/accounts/deploy.bicep b/modules/Microsoft.CognitiveServices/accounts/deploy.bicep index 589622cc27..7b836d39f7 100644 --- a/modules/Microsoft.CognitiveServices/accounts/deploy.bicep +++ b/modules/Microsoft.CognitiveServices/accounts/deploy.bicep @@ -98,7 +98,7 @@ param userAssignedIdentities object = {} @description('Optional. Specify the type of lock.') param lock string = '' -@description('Optional. Configuration Details for private endpoints.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') diff --git a/modules/Microsoft.EventGrid/topics/deploy.bicep b/modules/Microsoft.EventGrid/topics/deploy.bicep index 34865a210d..c75a508aa7 100644 --- a/modules/Microsoft.EventGrid/topics/deploy.bicep +++ b/modules/Microsoft.EventGrid/topics/deploy.bicep @@ -27,7 +27,7 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@description('Optional. Configuration Details for private endpoints. Event Grid topics should use private endpoints.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') diff --git a/modules/Microsoft.EventHub/namespaces/deploy.bicep b/modules/Microsoft.EventHub/namespaces/deploy.bicep index 8d85a4fd1e..842f8b7ee1 100644 --- a/modules/Microsoft.EventHub/namespaces/deploy.bicep +++ b/modules/Microsoft.EventHub/namespaces/deploy.bicep @@ -40,7 +40,7 @@ param authorizationRules array = [ } ] -@description('Optional. Configuration Details for private endpoints.For security reasons, it is recommended to use private endpoints whenever possible.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] @description('Optional. Networks ACLs, this object contains IPs/Subnets to whitelist or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace.') diff --git a/modules/Microsoft.Insights/privateLinkScopes/deploy.bicep b/modules/Microsoft.Insights/privateLinkScopes/deploy.bicep index 2b56092e8c..e731e0637b 100644 --- a/modules/Microsoft.Insights/privateLinkScopes/deploy.bicep +++ b/modules/Microsoft.Insights/privateLinkScopes/deploy.bicep @@ -16,10 +16,10 @@ param lock string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@description('Optional. Configuration Details for Azure Monitor Resources.') +@description('Optional. Configuration details for Azure Monitor Resources.') param scopedResources array = [] -@description('Optional. Configuration Details for private endpoints.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] @description('Optional. Resource tags.') diff --git a/modules/Microsoft.KeyVault/vaults/deploy.bicep b/modules/Microsoft.KeyVault/vaults/deploy.bicep index 73099fa1f3..2b012b70a0 100644 --- a/modules/Microsoft.KeyVault/vaults/deploy.bicep +++ b/modules/Microsoft.KeyVault/vaults/deploy.bicep @@ -99,7 +99,7 @@ param lock string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@description('Optional. Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] @description('Optional. Resource tags.') diff --git a/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep b/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep index 2134953372..86afd9df48 100644 --- a/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep +++ b/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep @@ -43,7 +43,7 @@ param allowPublicAccessWhenBehindVnet bool = false @sys.description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@sys.description('Optional. Configuration Details for private endpoints.') +@sys.description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] @sys.description('Optional. Computes to create respectively attach to the workspace.') diff --git a/modules/Microsoft.RecoveryServices/vaults/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/deploy.bicep index 81cc3f8193..730b46d309 100644 --- a/modules/Microsoft.RecoveryServices/vaults/deploy.bicep +++ b/modules/Microsoft.RecoveryServices/vaults/deploy.bicep @@ -110,7 +110,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -@description('Optional. Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { diff --git a/modules/Microsoft.ServiceBus/namespaces/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/deploy.bicep index 0344fb6c91..e6a195f442 100644 --- a/modules/Microsoft.ServiceBus/namespaces/deploy.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/deploy.bicep @@ -74,7 +74,7 @@ param userAssignedIdentities object = {} @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@description('Optional. Configuration Details for private endpoints.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] @description('Optional. Tags of the resource.') diff --git a/modules/Microsoft.Sql/servers/deploy.bicep b/modules/Microsoft.Sql/servers/deploy.bicep index 63518b250e..489e1594c1 100644 --- a/modules/Microsoft.Sql/servers/deploy.bicep +++ b/modules/Microsoft.Sql/servers/deploy.bicep @@ -54,7 +54,7 @@ param administrators object = {} @description('Optional. Minimal TLS version allowed.') param minimalTlsVersion string = '1.2' -@description('Optional. Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep index 3197f8c17f..3cc2c27179 100644 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/deploy.bicep @@ -47,7 +47,7 @@ param storageAccountAccessTier string = 'Hot' @description('Optional. Provides the identity based authentication settings for Azure Files.') param azureFilesIdentityBasedAuthentication object = {} -@description('Optional. Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] @description('Optional. The Storage Account ManagementPolicies Rules.') diff --git a/modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep b/modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep index 522c590aa2..7b725b81a3 100644 --- a/modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep +++ b/modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep @@ -21,7 +21,7 @@ param enableDefaultTelemetry bool = true @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@description('Optional. Configuration Details for private endpoints.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] var enableReferencedModulesTelemetry = false From 934109b5eb4c966431028e19edfd8d6b54fdfb27 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 4 Jul 2022 17:57:10 +0200 Subject: [PATCH 2/2] Align pe description readmes --- docs/wiki/The library - Module design.md | 2 +- .../Microsoft.AppConfiguration/configurationStores/readme.md | 2 +- modules/Microsoft.Automation/automationAccounts/readme.md | 2 +- modules/Microsoft.CognitiveServices/accounts/readme.md | 2 +- modules/Microsoft.EventGrid/topics/readme.md | 2 +- modules/Microsoft.EventHub/namespaces/readme.md | 2 +- modules/Microsoft.Insights/privateLinkScopes/readme.md | 4 ++-- modules/Microsoft.KeyVault/vaults/readme.md | 2 +- .../Microsoft.MachineLearningServices/workspaces/readme.md | 2 +- modules/Microsoft.RecoveryServices/vaults/readme.md | 2 +- modules/Microsoft.ServiceBus/namespaces/readme.md | 2 +- modules/Microsoft.Sql/servers/readme.md | 2 +- modules/Microsoft.Storage/storageAccounts/readme.md | 2 +- modules/Microsoft.Synapse/privateLinkHubs/readme.md | 2 +- modules/Microsoft.Web/sites/deploy.bicep | 2 +- modules/Microsoft.Web/sites/readme.md | 2 +- modules/Microsoft.Web/staticSites/deploy.bicep | 2 +- modules/Microsoft.Web/staticSites/readme.md | 2 +- 18 files changed, 19 insertions(+), 19 deletions(-) diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 1143c16a5a..00002cbe2c 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -331,7 +331,7 @@ The Private Endpoint deployment has 2 elements. A module that contains the imple #### 1st element in main resource ```bicep -@description('Optional. Configuration Details for private endpoints.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] module _privateEndpoints 'https://github.com/Azure/ResourceModules/blob/main/Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md index 4d09613cb0..3a36c165c4 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md +++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md @@ -47,7 +47,7 @@ This module deploys an App Configuration Store. | `keyValues` | _[keyValues](keyValues/readme.md)_ array | `[]` | | All Key / Values to create. | | `location` | string | `[resourceGroup().location]` | | Location for all Resources. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `softDeleteRetentionInDays` | int | `1` | | The amount of time in days that the configuration store will be retained when it is soft deleted. | diff --git a/modules/Microsoft.Automation/automationAccounts/readme.md b/modules/Microsoft.Automation/automationAccounts/readme.md index 35f83cf8c0..4378a6b2c6 100644 --- a/modules/Microsoft.Automation/automationAccounts/readme.md +++ b/modules/Microsoft.Automation/automationAccounts/readme.md @@ -58,7 +58,7 @@ This module deploys an Azure Automation Account. | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | | `modules` | _[modules](modules/readme.md)_ array | `[]` | | List of modules to be created in the automation account. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `runbooks` | _[runbooks](runbooks/readme.md)_ array | `[]` | | List of runbooks to be created in the automation account. | | `schedules` | _[schedules](schedules/readme.md)_ array | `[]` | | List of schedules to be created in the automation account. | diff --git a/modules/Microsoft.CognitiveServices/accounts/readme.md b/modules/Microsoft.CognitiveServices/accounts/readme.md index bb71911827..a469252ba0 100644 --- a/modules/Microsoft.CognitiveServices/accounts/readme.md +++ b/modules/Microsoft.CognitiveServices/accounts/readme.md @@ -55,7 +55,7 @@ This module deploys different kinds of cognitive services resources | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | | `migrationToken` | string | `''` | | Resource migration token. | | `networkAcls` | object | `{object}` | | Service endpoint object information. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `publicNetworkAccess` | string | `''` | `[, Enabled, Disabled]` | Whether or not public endpoint access is allowed for this account. | | `restore` | bool | `False` | | Restore a soft-deleted cognitive service at deployment time. Will fail if no such soft-deleted resource exists. | | `restrictOutboundNetworkAccess` | bool | `True` | | Restrict outbound network access. | diff --git a/modules/Microsoft.EventGrid/topics/readme.md b/modules/Microsoft.EventGrid/topics/readme.md index 40f7cf73ce..23e643ef60 100644 --- a/modules/Microsoft.EventGrid/topics/readme.md +++ b/modules/Microsoft.EventGrid/topics/readme.md @@ -42,7 +42,7 @@ This module deploys an event grid topic. | `inboundIpRules` | array | `[]` | | Array of IPs to whitelist. | | `location` | string | `[resourceGroup().location]` | | Location for all Resources. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. Event Grid topics should use private endpoints. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `publicNetworkAccess` | string | `'Enabled'` | | Determines if traffic is allowed over public network. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Tags of the resource. | diff --git a/modules/Microsoft.EventHub/namespaces/readme.md b/modules/Microsoft.EventHub/namespaces/readme.md index a948d576a2..2c3b3c098a 100644 --- a/modules/Microsoft.EventHub/namespaces/readme.md +++ b/modules/Microsoft.EventHub/namespaces/readme.md @@ -49,7 +49,7 @@ This module deploys an event hub namespace. | `maximumThroughputUnits` | int | `1` | | Upper limit of throughput units when AutoInflate is enabled, value should be within 0 to 20 throughput units. | | `name` | string | `''` | | The name of the event hub namespace. If no name is provided, then unique name will be created. | | `networkRuleSets` | _[networkRuleSets](networkRuleSets/readme.md)_ object | `{object}` | | Networks ACLs, this object contains IPs/Subnets to whitelist or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints.For security reasons, it is recommended to use private endpoints whenever possible. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `skuCapacity` | int | `1` | | Event Hub plan scale-out capacity of the resource. | | `skuName` | string | `'Standard'` | `[Basic, Standard]` | event hub plan SKU name. | diff --git a/modules/Microsoft.Insights/privateLinkScopes/readme.md b/modules/Microsoft.Insights/privateLinkScopes/readme.md index 44835e37a8..ca6d07e531 100644 --- a/modules/Microsoft.Insights/privateLinkScopes/readme.md +++ b/modules/Microsoft.Insights/privateLinkScopes/readme.md @@ -33,9 +33,9 @@ This module deploys an Azure Monitor Private Link Scope. | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `location` | string | `'global'` | | The location of the private link scope. Should be global. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `scopedResources` | _[scopedResources](scopedResources/readme.md)_ array | `[]` | | Configuration Details for Azure Monitor Resources. | +| `scopedResources` | _[scopedResources](scopedResources/readme.md)_ array | `[]` | | Configuration details for Azure Monitor Resources. | | `tags` | object | `{object}` | | Resource tags. | diff --git a/modules/Microsoft.KeyVault/vaults/readme.md b/modules/Microsoft.KeyVault/vaults/readme.md index 9c6dce362a..0a0677d84a 100644 --- a/modules/Microsoft.KeyVault/vaults/readme.md +++ b/modules/Microsoft.KeyVault/vaults/readme.md @@ -50,7 +50,7 @@ This module deploys a key vault and its child resources. | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | | `name` | string | `''` | | Name of the Key Vault. If no name is provided, then unique name will be created. | | `networkAcls` | object | `{object}` | | Service endpoint object information. For security reasons, it is recommended to set the DefaultAction Deny. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `publicNetworkAccess` | string | `'enabled'` | `[enabled, disabled]` | Property to specify whether the vault will accept traffic from public internet. If set to "disabled" all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `secrets` | secureObject | `{object}` | | All secrets to create. | diff --git a/modules/Microsoft.MachineLearningServices/workspaces/readme.md b/modules/Microsoft.MachineLearningServices/workspaces/readme.md index f329f56ca6..1243209479 100644 --- a/modules/Microsoft.MachineLearningServices/workspaces/readme.md +++ b/modules/Microsoft.MachineLearningServices/workspaces/readme.md @@ -63,7 +63,7 @@ This module deploys a Machine Learning Services Workspace. | `imageBuildCompute` | string | `''` | | The compute name for image build. | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `publicNetworkAccess` | string | `'Disabled'` | `[Enabled, Disabled]` | Whether requests from Public Network are allowed. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Resource tags. | diff --git a/modules/Microsoft.RecoveryServices/vaults/readme.md b/modules/Microsoft.RecoveryServices/vaults/readme.md index f86387494b..b1f67f6f2f 100644 --- a/modules/Microsoft.RecoveryServices/vaults/readme.md +++ b/modules/Microsoft.RecoveryServices/vaults/readme.md @@ -53,7 +53,7 @@ This module deploys a recovery service vault. | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `protectionContainers` | _[protectionContainers](protectionContainers/readme.md)_ array | `[]` | | List of all protection containers. | | `replicationFabrics` | _[replicationFabrics](replicationFabrics/readme.md)_ array | `[]` | | List of all replication fabrics. | | `replicationPolicies` | _[replicationPolicies](replicationPolicies/readme.md)_ array | `[]` | | List of all replication policies. | diff --git a/modules/Microsoft.ServiceBus/namespaces/readme.md b/modules/Microsoft.ServiceBus/namespaces/readme.md index 7bab9cd9a6..d84edc81cc 100644 --- a/modules/Microsoft.ServiceBus/namespaces/readme.md +++ b/modules/Microsoft.ServiceBus/namespaces/readme.md @@ -55,7 +55,7 @@ This module deploys a service bus namespace resource. | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | | `migrationConfigurations` | _[migrationConfigurations](migrationConfigurations/readme.md)_ object | `{object}` | | The migration configuration. | | `name` | string | `''` | | Name of the Service Bus Namespace. If no name is provided, then unique name will be created. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `queues` | _[queues](queues/readme.md)_ array | `[]` | | The queues to create in the service bus namespace. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | diff --git a/modules/Microsoft.Sql/servers/readme.md b/modules/Microsoft.Sql/servers/readme.md index 529b1018b5..1f93eebe48 100644 --- a/modules/Microsoft.Sql/servers/readme.md +++ b/modules/Microsoft.Sql/servers/readme.md @@ -47,7 +47,7 @@ This module deploys a SQL server. | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | | `minimalTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Minimal TLS version allowed. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `securityAlertPolicies` | _[securityAlertPolicies](securityAlertPolicies/readme.md)_ array | `[]` | | The security alert policies to create in the server. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md index 418f064a82..14ed811f7f 100644 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/readme.md @@ -63,7 +63,7 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | `minimumTlsVersion` | string | `'TLS1_2'` | `[TLS1_0, TLS1_1, TLS1_2]` | Set the minimum TLS version on request to storage. | | `name` | string | `''` | | Name of the Storage Account. Autogenerated with a unique string if not provided. | | `networkAcls` | object | `{object}` | | Networks ACLs, this value contains IPs to whitelist and/or Subnet information. For security reasons, it is recommended to set the DefaultAction Deny. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `publicNetworkAccess` | string | `'Enabled'` | `[Enabled, Disabled]` | Enable or disallow public network access to Storage Account.. | | `queueServices` | _[queueServices](queueServices/readme.md)_ object | `{object}` | | Queue service and queues to create. | | `requireInfrastructureEncryption` | bool | `True` | | A Boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. For security reasons, it is recommended to set it to true. | diff --git a/modules/Microsoft.Synapse/privateLinkHubs/readme.md b/modules/Microsoft.Synapse/privateLinkHubs/readme.md index 0f89482ad3..c361c3229c 100644 --- a/modules/Microsoft.Synapse/privateLinkHubs/readme.md +++ b/modules/Microsoft.Synapse/privateLinkHubs/readme.md @@ -32,7 +32,7 @@ This module deploys Azure Synapse Analytics (private link hubs). | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `location` | string | `[resourceGroup().location]` | | The geo-location where the resource lives. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Tags of the resource. | diff --git a/modules/Microsoft.Web/sites/deploy.bicep b/modules/Microsoft.Web/sites/deploy.bicep index fe58ab36e0..f74147b3b4 100644 --- a/modules/Microsoft.Web/sites/deploy.bicep +++ b/modules/Microsoft.Web/sites/deploy.bicep @@ -69,7 +69,7 @@ param authSettingV2Configuration object = {} param lock string = '' // Private Endpoints -@description('Optional. Configuration details for private endpoints.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] // Tags diff --git a/modules/Microsoft.Web/sites/readme.md b/modules/Microsoft.Web/sites/readme.md index 7d0efff160..00f4921ce5 100644 --- a/modules/Microsoft.Web/sites/readme.md +++ b/modules/Microsoft.Web/sites/readme.md @@ -49,7 +49,7 @@ This module deploys a web or function app. | `httpsOnly` | bool | `True` | | Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests. | | `location` | string | `[resourceGroup().location]` | | Location for all Resources. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `serverFarmResourceId` | string | `''` | | The resource ID of the app service plan to use for the site. | | `setAzureWebJobsDashboard` | bool | `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` | | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | diff --git a/modules/Microsoft.Web/staticSites/deploy.bicep b/modules/Microsoft.Web/staticSites/deploy.bicep index 6b3a326840..7fff54a10e 100644 --- a/modules/Microsoft.Web/staticSites/deploy.bicep +++ b/modules/Microsoft.Web/staticSites/deploy.bicep @@ -65,7 +65,7 @@ param userAssignedIdentities object = {} @description('Optional. Specify the type of lock.') param lock string = '' -@description('Optional. Configuration details for private endpoints.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] @description('Optional. Tags of the resource.') diff --git a/modules/Microsoft.Web/staticSites/readme.md b/modules/Microsoft.Web/staticSites/readme.md index 76dee48d1c..52ed72ed41 100644 --- a/modules/Microsoft.Web/staticSites/readme.md +++ b/modules/Microsoft.Web/staticSites/readme.md @@ -36,7 +36,7 @@ This module deploys a Static Web Site. | `enterpriseGradeCdnStatus` | string | `'Disabled'` | `[Disabled, Disabling, Enabled, Enabling]` | State indicating the status of the enterprise grade CDN serving traffic to the static web app. | | `location` | string | `[resourceGroup().location]` | | Location to deploy static site. The following locations are supported: CentralUS, EastUS2, EastAsia, WestEurope, WestUS2. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `provider` | string | `'None'` | | The provider that submitted the last deployment to the primary environment of the static site. | | `repositoryToken` | secureString | `''` | | The Personal Access Token for accessing the GitHub repo. | | `repositoryUrl` | string | `''` | | The name of the GitHub repo. |