From f8a4f44ac2ad7ec4b2229e6d18506870f0fc1abf Mon Sep 17 00:00:00 2001 From: jayanchpd <108513273+jayanchpd@users.noreply.github.com> Date: Tue, 14 Feb 2023 15:39:48 +0100 Subject: [PATCH] appgw changes (#2724) Co-authored-by: Jayachandran Chandran Pillai --- .../Microsoft.Network/applicationGateways/deploy.bicep | 8 ++++++-- modules/Microsoft.Network/applicationGateways/readme.md | 8 ++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/modules/Microsoft.Network/applicationGateways/deploy.bicep b/modules/Microsoft.Network/applicationGateways/deploy.bicep index fe12b41ab9..33f08c1654 100644 --- a/modules/Microsoft.Network/applicationGateways/deploy.bicep +++ b/modules/Microsoft.Network/applicationGateways/deploy.bicep @@ -132,6 +132,7 @@ param sslPolicyCipherSuites array = [ 'TLSv1_0' 'TLSv1_1' 'TLSv1_2' + 'TLSv1_3' ]) param sslPolicyMinProtocolVersion string = 'TLSv1_2' @@ -140,6 +141,8 @@ param sslPolicyMinProtocolVersion string = 'TLSv1_2' 'AppGwSslPolicy20150501' 'AppGwSslPolicy20170401' 'AppGwSslPolicy20170401S' + 'AppGwSslPolicy20220101' + 'AppGwSslPolicy20220101S' '' ]) param sslPolicyName string = '' @@ -147,6 +150,7 @@ param sslPolicyName string = '' @description('Optional. Type of Ssl Policy.') @allowed([ 'Custom' + 'CustomV2' 'Predefined' ]) param sslPolicyType string = 'Custom' @@ -274,7 +278,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource applicationGateway 'Microsoft.Network/applicationGateways@2021-08-01' = { +resource applicationGateway 'Microsoft.Network/applicationGateways@2022-07-01' = { name: name location: location tags: tags @@ -326,7 +330,7 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2021-08-01' = }, (enableFips ? { enableFips: enableFips } : {}), - (!empty(webApplicationFirewallConfiguration) ? { webApplicationFirewallConfiguration: webApplicationFirewallConfiguration }: {}) + (!empty(webApplicationFirewallConfiguration) ? { webApplicationFirewallConfiguration: webApplicationFirewallConfiguration } : {}) ) zones: zones } diff --git a/modules/Microsoft.Network/applicationGateways/readme.md b/modules/Microsoft.Network/applicationGateways/readme.md index 254bec7236..f7c9bced12 100644 --- a/modules/Microsoft.Network/applicationGateways/readme.md +++ b/modules/Microsoft.Network/applicationGateways/readme.md @@ -17,7 +17,7 @@ This module deploys Network ApplicationGateways. | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/applicationGateways` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/applicationGateways) | +| `Microsoft.Network/applicationGateways` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-07-01/applicationGateways) | ## Parameters @@ -68,9 +68,9 @@ This module deploys Network ApplicationGateways. | `sku` | string | `'WAF_Medium'` | `[Standard_Large, Standard_Medium, Standard_Small, Standard_v2, WAF_Large, WAF_Medium, WAF_v2]` | The name of the SKU for the Application Gateway. | | `sslCertificates` | array | `[]` | | SSL certificates of the application gateway resource. | | `sslPolicyCipherSuites` | array | `[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]` | `[TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384]` | Ssl cipher suites to be enabled in the specified order to application gateway. | -| `sslPolicyMinProtocolVersion` | string | `'TLSv1_2'` | `[TLSv1_0, TLSv1_1, TLSv1_2]` | Ssl protocol enums. | -| `sslPolicyName` | string | `''` | `['', AppGwSslPolicy20150501, AppGwSslPolicy20170401, AppGwSslPolicy20170401S]` | Ssl predefined policy name enums. | -| `sslPolicyType` | string | `'Custom'` | `[Custom, Predefined]` | Type of Ssl Policy. | +| `sslPolicyMinProtocolVersion` | string | `'TLSv1_2'` | `[TLSv1_0, TLSv1_1, TLSv1_2, TLSv1_3]` | Ssl protocol enums. | +| `sslPolicyName` | string | `''` | `['', AppGwSslPolicy20150501, AppGwSslPolicy20170401, AppGwSslPolicy20170401S, AppGwSslPolicy20220101, AppGwSslPolicy20220101S]` | Ssl predefined policy name enums. | +| `sslPolicyType` | string | `'Custom'` | `[Custom, CustomV2, Predefined]` | Type of Ssl Policy. | | `sslProfiles` | array | `[]` | | SSL profiles of the application gateway resource. | | `tags` | object | `{object}` | | Resource tags. | | `trustedClientCertificates` | array | `[]` | | Trusted client certificates of the application gateway resource. |