From 22f436c69861f9f60c1a3353aa57b633589db1d8 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 21:35:26 +0200 Subject: [PATCH 01/16] rg --- modules/resources/resource-group/README.md | 207 ++++++++++----------- 1 file changed, 102 insertions(+), 105 deletions(-) diff --git a/modules/resources/resource-group/README.md b/modules/resources/resource-group/README.md index 66370e303a..8ac95ad140 100644 --- a/modules/resources/resource-group/README.md +++ b/modules/resources/resource-group/README.md @@ -38,111 +38,6 @@ This module deploys a Resource Group. | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Tags of the storage account resource. | - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -
- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Considerations - -This module requires a User Assigned Identity (MSI, managed service identity) to exist, and this MSI has to have contributor rights on the subscription - that allows the Deployment Script to create the required Storage Account and the Azure Container Instance. - ## Outputs | Output Name | Type | Description | @@ -291,3 +186,105 @@ module resourceGroup './resources/resource-group/main.bicep' = {

+ +## Notes + +### Parameter Usage: `roleAssignments` + +Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. + +

+ +Parameter JSON format + +```json +"roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "description": "Reader Role Assignment", + "principalIds": [ + "12345678-1234-1234-1234-123456789012", // object 1 + "78945612-1234-1234-1234-123456789012" // object 2 + ] + }, + { + "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "principalIds": [ + "12345678-1234-1234-1234-123456789012" // object 1 + ], + "principalType": "ServicePrincipal" + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + description: 'Reader Role Assignment' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + '78945612-1234-1234-1234-123456789012' // object 2 + ] + } + { + roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + ] + principalType: 'ServicePrincipal' + } +] +``` + +
+

+ +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +

+ +Parameter JSON format + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +tags: { + Environment: 'Non-Prod' + Contact: 'test.user@testcompany.com' + PurchaseOrder: '1234' + CostCenter: '7890' + ServiceName: 'DeploymentValidation' + Role: 'DeploymentValidation' +} +``` + +
+

From 154e6c739edb4906e91a4b99bdfab6a4cc2028a6 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 21:36:31 +0200 Subject: [PATCH 02/16] ds --- modules/resources/deployment-script/README.md | 155 +++++++++--------- 1 file changed, 76 insertions(+), 79 deletions(-) diff --git a/modules/resources/deployment-script/README.md b/modules/resources/deployment-script/README.md index 2e02259112..cbc3ffa544 100644 --- a/modules/resources/deployment-script/README.md +++ b/modules/resources/deployment-script/README.md @@ -56,81 +56,6 @@ This module deploys a Deployment Script. | :-- | :-- | :-- | :-- | | `baseTime` | string | `[utcNow('yyyy-MM-dd-HH-mm-ss')]` | Do not provide a value! This date value is used to make sure the script run every time the template is deployed. | - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- ## Outputs | Output Name | Type | Description | @@ -141,10 +66,6 @@ userAssignedIdentities: { | `resourceGroupName` | string | The resource group the deployment script was deployed into. | | `resourceId` | string | The resource ID of the deployment script. | -## Considerations - -This module requires a User Assigned Identity (MSI, managed service identity) to exist, and this MSI has to have contributor rights on the subscription - that allows the Deployment Script to create the required Storage Account and the Azure Container Instance. - ## Cross-referenced modules _None_ @@ -379,3 +300,79 @@ module deploymentScript './resources/deployment-script/main.bicep' = {

+ +## Notes + +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +

+ +Parameter JSON format + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +tags: { + Environment: 'Non-Prod' + Contact: 'test.user@testcompany.com' + PurchaseOrder: '1234' + CostCenter: '7890' + ServiceName: 'DeploymentValidation' + Role: 'DeploymentValidation' +} +``` + +
+

+ +### Parameter Usage: `userAssignedIdentities` + +You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: + +

+ +Parameter JSON format + +```json +"userAssignedIdentities": { + "value": { + "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, + "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} + } +} +``` + +
+ +
+ +Bicep format + +```bicep +userAssignedIdentities: { + '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} + '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} +} +``` + +
+

From c29e1a143fd5dad7dd87e1e75576a49c6ec8f5c1 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 21:42:38 +0200 Subject: [PATCH 03/16] Recovery Vault --- modules/recovery-services/vault/README.md | 1077 ++++------------- .../vault/backup-policy/README.md | 183 --- .../vault/replication-fabric/README.md | 52 - .../README.md | 48 - 4 files changed, 235 insertions(+), 1125 deletions(-) diff --git a/modules/recovery-services/vault/README.md b/modules/recovery-services/vault/README.md index 3bf4b14d20..b40ed8507c 100644 --- a/modules/recovery-services/vault/README.md +++ b/modules/recovery-services/vault/README.md @@ -69,848 +69,6 @@ This module deploys a Recovery Services Vault. | `tags` | object | `{object}` | | Tags of the Recovery Service Vault resource. | | `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - -### Parameter Usage: `backupStorageConfig` - -

- -Parameter JSON format - -```json -"backupStorageConfig": { - "value": { - "storageModelType": "GeoRedundant", - "crossRegionRestoreFlag": true - } -} -``` - -
- -
- -Bicep format - -```bicep -backupStorageConfig: { - value: { - storageModelType: 'GeoRedundant' - crossRegionRestoreFlag: true - } -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `backupPolicies` - -Array of backup policies. They need to be properly formatted and can be VM backup policies, SQL on VM backup policies or fileshare policies. The following example shows all three types of backup policies. - -

- -Parameter JSON format - -```json -"backupPolicies": { - "value": [ - { - "name": "VMpolicy", - "type": "Microsoft.RecoveryServices/vaults/backupPolicies", - "properties": { - "backupManagementType": "AzureIaasVM", - "instantRPDetails": {}, - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T07:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 180, - "durationType": "Days" - } - }, - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 12, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - }, - "instantRpRetentionRangeInDays": 2, - "timeZone": "UTC", - "protectedItemsCount": 0 - } - }, - { - "name": "sqlpolicy", - "type": "Microsoft.RecoveryServices/vaults/backupPolicies", - "properties": { - "backupManagementType": "AzureWorkload", - "workLoadType": "SQLDataBase", - "settings": { - "timeZone": "UTC", - "issqlcompression": true, - "isCompression": true - }, - "subProtectionPolicy": [ - { - "policyType": "Full", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Weekly", - "scheduleRunDays": [ - "Sunday" - ], - "scheduleRunTimes": [ - "2019-11-07T22:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 104, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - } - }, - { - "policyType": "Differential", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Weekly", - "scheduleRunDays": [ - "Monday" - ], - "scheduleRunTimes": [ - "2017-03-07T02:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "SimpleRetentionPolicy", - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - { - "policyType": "Log", - "schedulePolicy": { - "schedulePolicyType": "LogSchedulePolicy", - "scheduleFrequencyInMins": 120 - }, - "retentionPolicy": { - "retentionPolicyType": "SimpleRetentionPolicy", - "retentionDuration": { - "count": 15, - "durationType": "Days" - } - } - } - ], - "protectedItemsCount": 0 - } - }, - { - "name": "filesharepolicy", - "type": "Microsoft.RecoveryServices/vaults/backupPolicies", - "properties": { - "backupManagementType": "AzureStorage", - "workloadType": "AzureFileShare", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T04:30:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T04:30:00Z" - ], - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - "timeZone": "UTC", - "protectedItemsCount": 0 - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -backupPolicies: [ - { - name: 'VMpolicy' - type: 'Microsoft.RecoveryServices/vaults/backupPolicies' - properties: { - backupManagementType: 'AzureIaasVM' - instantRPDetails: {} - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Daily' - scheduleRunTimes: [ - '2019-11-07T07:00:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'LongTermRetentionPolicy' - dailySchedule: { - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 180 - durationType: 'Days' - } - } - weeklySchedule: { - daysOfTheWeek: [ - 'Sunday' - ] - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 12 - durationType: 'Weeks' - } - } - monthlySchedule: { - retentionScheduleFormatType: 'Weekly' - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 60 - durationType: 'Months' - } - } - yearlySchedule: { - retentionScheduleFormatType: 'Weekly' - monthsOfYear: [ - 'January' - ] - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 10 - durationType: 'Years' - } - } - } - instantRpRetentionRangeInDays: 2 - timeZone: 'UTC' - protectedItemsCount: 0 - } - } - { - name: 'sqlpolicy' - type: 'Microsoft.RecoveryServices/vaults/backupPolicies' - properties: { - backupManagementType: 'AzureWorkload' - workLoadType: 'SQLDataBase' - settings: { - timeZone: 'UTC' - issqlcompression: true - isCompression: true - } - subProtectionPolicy: [ - { - policyType: 'Full' - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Weekly' - scheduleRunDays: [ - 'Sunday' - ] - scheduleRunTimes: [ - '2019-11-07T22:00:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'LongTermRetentionPolicy' - weeklySchedule: { - daysOfTheWeek: [ - 'Sunday' - ] - retentionTimes: [ - '2019-11-07T22:00:00Z' - ] - retentionDuration: { - count: 104 - durationType: 'Weeks' - } - } - monthlySchedule: { - retentionScheduleFormatType: 'Weekly' - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T22:00:00Z' - ] - retentionDuration: { - count: 60 - durationType: 'Months' - } - } - yearlySchedule: { - retentionScheduleFormatType: 'Weekly' - monthsOfYear: [ - 'January' - ] - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T22:00:00Z' - ] - retentionDuration: { - count: 10 - durationType: 'Years' - } - } - } - } - { - policyType: 'Differential' - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Weekly' - scheduleRunDays: [ - 'Monday' - ] - scheduleRunTimes: [ - '2017-03-07T02:00:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'SimpleRetentionPolicy' - retentionDuration: { - count: 30 - durationType: 'Days' - } - } - } - { - policyType: 'Log' - schedulePolicy: { - schedulePolicyType: 'LogSchedulePolicy' - scheduleFrequencyInMins: 120 - } - retentionPolicy: { - retentionPolicyType: 'SimpleRetentionPolicy' - retentionDuration: { - count: 15 - durationType: 'Days' - } - } - } - ] - protectedItemsCount: 0 - } - } - { - name: 'filesharepolicy' - type: 'Microsoft.RecoveryServices/vaults/backupPolicies' - properties: { - backupManagementType: 'AzureStorage' - workloadType: 'AzureFileShare' - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Daily' - scheduleRunTimes: [ - '2019-11-07T04:30:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'LongTermRetentionPolicy' - dailySchedule: { - retentionTimes: [ - '2019-11-07T04:30:00Z' - ] - retentionDuration: { - count: 30 - durationType: 'Days' - } - } - } - timeZone: 'UTC' - protectedItemsCount: 0 - } - } -] -``` - -
-

- -### Parameter Usage: `replicationFabrics` - -

- -Parameter JSON format - -```json -"replicationFabrics": { - "value": [ - { - "location": "NorthEurope", - "replicationContainers": [ - { - "name": "ne-container1", - "replicationContainerMappings": [ - { - "policyName": "Default_values", - "targetContainerFabricName": "WestEurope-Fabric", - "targetContainerName": "we-conainer2" - } - ] - } - ] - }, - { - "name": "WestEurope-Fabric", //Optional - "location": "WestEurope", - "replicationContainers": [ - { - "name": "we-conainer2" - } - ] - } - ] -}, -``` - -### Parameter Usage: `replicationPolicies` - -
- -Parameter JSON format - -```json -"replicationPolicies": { - "value": [ - { - "name": "Default_values" - }, - { - "name": "Custom_values", - "appConsistentFrequencyInMinutes": 240, - "crashConsistentFrequencyInMinutes": 7, - "multiVmSyncStatus": "Disable", - "recoveryPointHistory": 2880 - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -replicationPolicies: [ - { - name: 'Default_values' - } - { - name: 'Custom_values' - appConsistentFrequencyInMinutes: 240 - crashConsistentFrequencyInMinutes: 7 - multiVmSyncStatus: 'Disable' - recoveryPointHistory: 2880 - } -] -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -### Parameter Usage: `privateEndpoints` - -To use Private Endpoint the following dependencies must be deployed: - -- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. -- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. - -

- -Parameter JSON format - -```json -"privateEndpoints": { - "value": [ - // Example showing all available fields - { - "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here - "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "", // e.g. vault, registry, blob - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/" // e.g. privatelink.vaultcore.azure.net, privatelink.azurecr.io, privatelink.blob.core.windows.net - ] - }, - "ipConfigurations":[ - { - "name": "myIPconfigTest02", - "properties": { - "groupId": "blob", - "memberName": "blob", - "privateIPAddress": "10.0.0.30" - } - } - ], - "customDnsConfigs": [ - { - "fqdn": "customname.test.local", - "ipAddresses": [ - "10.10.10.10" - ] - } - ] - }, - // Example showing only mandatory fields - { - "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "" // e.g. vault, registry, blob - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -privateEndpoints: [ - // Example showing all available fields - { - name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here - subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '' // e.g. vault, registry, blob - privateDnsZoneGroup: { - privateDNSResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/' // e.g. privatelink.vaultcore.azure.net, privatelink.azurecr.io, privatelink.blob.core.windows.net - ] - } - customDnsConfigs: [ - { - fqdn: 'customname.test.local' - ipAddresses: [ - '10.10.10.10' - ] - } - ] - ipConfigurations:[ - { - name: 'myIPconfigTest02' - properties: { - groupId: 'blob' - memberName: 'blob' - privateIPAddress: '10.0.0.30' - } - } - ] - } - // Example showing only mandatory fields - { - subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '' // e.g. vault, registry, blob - } -] -``` - -
-

- ## Outputs | Output Name | Type | Description | @@ -1810,3 +968,238 @@ module vault './recovery-services/vault/main.bicep' = {

+ +## Notes + +### Parameter Usage: `roleAssignments` + +Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. + +

+ +Parameter JSON format + +```json +"roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "description": "Reader Role Assignment", + "principalIds": [ + "12345678-1234-1234-1234-123456789012", // object 1 + "78945612-1234-1234-1234-123456789012" // object 2 + ] + }, + { + "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "principalIds": [ + "12345678-1234-1234-1234-123456789012" // object 1 + ], + "principalType": "ServicePrincipal" + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + description: 'Reader Role Assignment' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + '78945612-1234-1234-1234-123456789012' // object 2 + ] + } + { + roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + ] + principalType: 'ServicePrincipal' + } +] +``` + +
+

+ +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +

+ +Parameter JSON format + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +tags: { + Environment: 'Non-Prod' + Contact: 'test.user@testcompany.com' + PurchaseOrder: '1234' + CostCenter: '7890' + ServiceName: 'DeploymentValidation' + Role: 'DeploymentValidation' +} +``` + +
+

+ +### Parameter Usage: `userAssignedIdentities` + +You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: + +

+ +Parameter JSON format + +```json +"userAssignedIdentities": { + "value": { + "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, + "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} + } +} +``` + +
+ +
+ +Bicep format + +```bicep +userAssignedIdentities: { + '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} + '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} +} +``` + +
+

+ +### Parameter Usage: `privateEndpoints` + +To use Private Endpoint the following dependencies must be deployed: + +- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. +- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. + +

+ +Parameter JSON format + +```json +"privateEndpoints": { + "value": [ + // Example showing all available fields + { + "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here + "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", + "service": "", // e.g. vault, registry, blob + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified + "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/" // e.g. privatelink.vaultcore.azure.net, privatelink.azurecr.io, privatelink.blob.core.windows.net + ] + }, + "ipConfigurations":[ + { + "name": "myIPconfigTest02", + "properties": { + "groupId": "blob", + "memberName": "blob", + "privateIPAddress": "10.0.0.30" + } + } + ], + "customDnsConfigs": [ + { + "fqdn": "customname.test.local", + "ipAddresses": [ + "10.10.10.10" + ] + } + ] + }, + // Example showing only mandatory fields + { + "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", + "service": "" // e.g. vault, registry, blob + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +privateEndpoints: [ + // Example showing all available fields + { + name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here + subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' + service: '' // e.g. vault, registry, blob + privateDnsZoneGroup: { + privateDNSResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified + '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/' // e.g. privatelink.vaultcore.azure.net, privatelink.azurecr.io, privatelink.blob.core.windows.net + ] + } + customDnsConfigs: [ + { + fqdn: 'customname.test.local' + ipAddresses: [ + '10.10.10.10' + ] + } + ] + ipConfigurations:[ + { + name: 'myIPconfigTest02' + properties: { + groupId: 'blob' + memberName: 'blob' + privateIPAddress: '10.0.0.30' + } + } + ] + } + // Example showing only mandatory fields + { + subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' + service: '' // e.g. vault, registry, blob + } +] +``` + +
+

diff --git a/modules/recovery-services/vault/backup-policy/README.md b/modules/recovery-services/vault/backup-policy/README.md index 619df0c550..cbd450748c 100644 --- a/modules/recovery-services/vault/backup-policy/README.md +++ b/modules/recovery-services/vault/backup-policy/README.md @@ -36,189 +36,6 @@ This module deploys a Recovery Services Vault Backup Policy. | :-- | :-- | :-- | :-- | | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | - -### Parameter Usage: `backupPolicyProperties` - -Object continaining the configuration for backup policies. It needs to be properly formatted and can be VM backup policies, SQL on VM backup policies or fileshare policies. The following example shows a VM backup policy. - -

- -Parameter JSON format - -```json -"backupPolicyProperties": { - "value": { - "backupManagementType": "AzureIaasVM", - "instantRPDetails": {}, - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T07:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 180, - "durationType": "Days" - } - }, - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 12, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - }, - "instantRpRetentionRangeInDays": 2, - "timeZone": "UTC", - "protectedItemsCount": 0 - } -} -``` - -
- - -
- -Bicep format - -```bicep -backupPolicyProperties: { - backupManagementType: 'AzureIaasVM' - instantRPDetails: {} - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Daily' - scheduleRunTimes: [ - '2019-11-07T07:00:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'LongTermRetentionPolicy' - dailySchedule: { - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 180 - durationType: 'Days' - } - } - weeklySchedule: { - daysOfTheWeek: [ - 'Sunday' - ] - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 12 - durationType: 'Weeks' - } - } - monthlySchedule: { - retentionScheduleFormatType: 'Weekly' - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 60 - durationType: 'Months' - } - } - yearlySchedule: { - retentionScheduleFormatType: 'Weekly' - monthsOfYear: [ - 'January' - ] - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 10 - durationType: 'Years' - } - } - } - instantRpRetentionRangeInDays: 2 - timeZone: 'UTC' - protectedItemsCount: 0 -} -``` - -
-

- ## Outputs | Output Name | Type | Description | diff --git a/modules/recovery-services/vault/replication-fabric/README.md b/modules/recovery-services/vault/replication-fabric/README.md index 8ffb07971f..e48eb98600 100644 --- a/modules/recovery-services/vault/replication-fabric/README.md +++ b/modules/recovery-services/vault/replication-fabric/README.md @@ -41,58 +41,6 @@ This module deploys a Replication Fabric for Azure to Azure disaster recovery sc | `name` | string | `[parameters('location')]` | The name of the fabric. | | `replicationContainers` | array | `[]` | Replication containers to create. | - -### Parameter Usage: `replicationContainers` - -

- -Parameter JSON format - -```json -"replicationContainers": { - "value": [ - { - "name": "we-container1", - "replicationContainerMappings": [ //optional - { - "policyName": "Default_values", - "targetContainerName": "we-container2" - } - ] - }, - { - "name": "we-container2" - }, - ] -} -``` - -
- -
- -Bicep format - -```bicep -replicationContainers: [ - { - name: 'we-container1' - replicationContainerMappings: [ //optional - { - policyName: 'Default_values' - targetContainerName: 'we-container2' - } - ] - } - { - name: 'we-container2' - } -] -``` - -
-

- ## Outputs | Output Name | Type | Description | diff --git a/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md b/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md index 13b7cc85d3..454d9e01d2 100644 --- a/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md +++ b/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md @@ -40,54 +40,6 @@ This module deploys a Recovery Services Vault Replication Protection Container. | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | | `replicationContainerMappings` | array | `[]` | Replication containers mappings to create. | - -### Parameter Usage: `replicationContainerMappings` - -

- -Parameter JSON format - -```json -"replicationContainerMappings": { - "value": [ - { - "targetProtectionContainerId": "/Subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/[[namePrefix]]-az-rsv-dr-001/replicationFabrics/NorthEurope/replicationProtectionContainers/ne-container1", - "policyId": "/Subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/[[namePrefix]]-az-rsv-dr-001/replicationPolicies/Default_values" - }, - { - "name": null, //Optional - "policyName": "Default_values", - "targetContainerFabricName": "WestEurope", - "targetContainerName": "we-container" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -replicationContainerMappings: [ - { - targetProtectionContainerId: '/Subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/[[namePrefix]]-az-rsv-dr-001/replicationFabrics/NorthEurope/replicationProtectionContainers/ne-container1' - policyId: '/Subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/[[namePrefix]]-az-rsv-dr-001/replicationPolicies/Default_values' - } - { - name: null //Optional - policyName: 'Default_values' - targetContainerFabricName: 'WestEurope' - targetContainerName: 'we-container' - } -] -``` - -
-

- ## Outputs | Output Name | Type | Description | From fd66b1b99815b8c6bfe5fbea0bff287345f7f8ab Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 21:47:15 +0200 Subject: [PATCH 04/16] policy --- modules/policy-insights/remediation/README.md | 229 +++++++++--------- 1 file changed, 117 insertions(+), 112 deletions(-) diff --git a/modules/policy-insights/remediation/README.md b/modules/policy-insights/remediation/README.md index b99ddb0e37..cb7a763830 100644 --- a/modules/policy-insights/remediation/README.md +++ b/modules/policy-insights/remediation/README.md @@ -6,10 +6,10 @@ This module deploys a Policy Insights Remediation. - [Resource Types](#Resource-Types) - [Parameters](#Parameters) -- [Module Usage Guidance](#Module-Usage-Guidance) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Deployment examples](#Deployment-examples) +- [Notes](#Notes) ## Resource Types @@ -43,117 +43,6 @@ This module deploys a Policy Insights Remediation. | `subscriptionId` | string | `''` | | The target scope for the remediation. The subscription ID of the subscription for the policy assignment. | -### Parameter Usage: `managementGroupId` - -To deploy resource to a Management Group, provide the `managementGroupId` as an input parameter to the module. - -

- -Parameter JSON format - -```json -"managementGroupId": { - "value": "contoso-group" -} -``` - -
- - -
- -Bicep format - -```bicep -managementGroupId: 'contoso-group' -``` - -
-

- -> `managementGroupId` is an optional parameter. If not provided, the deployment will use the management group defined in the current deployment scope (i.e. `managementGroup().name`). - -### Parameter Usage: `subscriptionId` - -To deploy resource to an Azure Subscription, provide the `subscriptionId` as an input parameter to the module. **Example**: - -

- -Parameter JSON format - -```json -"subscriptionId": { - "value": "12345678-b049-471c-95af-123456789012" -} -``` - -
- -
- -Bicep format - -```bicep -subscriptionId: '12345678-b049-471c-95af-123456789012' -``` - -
-

- -### Parameter Usage: `resourceGroupName` - -To deploy resource to a Resource Group, provide the `subscriptionId` and `resourceGroupName` as an input parameter to the module. **Example**: - -

- -Parameter JSON format - -```json -"subscriptionId": { - "value": "12345678-b049-471c-95af-123456789012" -}, -"resourceGroupName": { - "value": "target-resourceGroup" -} -``` - -
- - -
- -Bicep format - -```bicep -subscriptionId: '12345678-b049-471c-95af-123456789012' -resourceGroupName: 'target-resourceGroup' -``` - -
-

- -> The `subscriptionId` is used to enable deployment to a Resource Group Scope, allowing the use of the `resourceGroup()` function from a Management Group Scope. [Additional Details](https://github.com/Azure/bicep/pull/1420). - -## Module Usage Guidance - -In general, resources under the `Microsoft.PolicyInsights` namespace allows deploying resources at multiple scopes (management groups, subscriptions, resource groups). The `main.bicep` root module is simply an orchestrator module that targets sub-modules for different scopes as seen in the parameter usage section. All sub-modules for this namespace have folders that represent the target scope. For example, if the orchestrator module in the [root](main.bicep) needs to target 'subscription' level scopes. It will look at the relative path ['/subscription/main.bicep'](./subscription/main.bicep) and use this sub-module for the actual deployment, while still passing the same parameters from the root module. - -The above method is useful when you want to use a single point to interact with the module but rely on parameter combinations to achieve the target scope. But what if you want to incorporate this module in other modules with lower scopes? This would force you to deploy the module in scope `managementGroup` regardless and further require you to provide its ID with it. If you do not set the scope to management group, this would be the error that you can expect to face: - -```bicep -Error BCP134: Scope "subscription" is not valid for this module. Permitted scopes: "managementGroup" -``` - -The solution is to have the option of directly targeting the sub-module that achieves the required scope. For example, if you have your own Bicep file wanting to create resources at the subscription level, and also use some of the modules from the `Microsoft.PolicyInsights` namespace, then you can directly use the sub-module ['/subscription/main.bicep'](./subscription/main.bicep) as a path within your repository, or reference that same published module from the bicep registry. CARML also published the sub-modules so you would be able to reference it like the following: - -**Bicep Registry Reference** -```bicep -module remediation 'br:bicepregistry.azurecr.io/bicep/modules/policyinsights.remediations.subscription:version' = {} -``` -**Local Path Reference** -```bicep -module remediation 'yourpath/module/Authorization.policyinsights/subscription/main.bicep' = {} - ## Outputs | Output Name | Type | Description | @@ -562,3 +451,119 @@ module remediation './policy-insights/remediation/main.bicep' = {

+ + +## Notes + +### Parameter Usage: `managementGroupId` + +To deploy resource to a Management Group, provide the `managementGroupId` as an input parameter to the module. + +

+ +Parameter JSON format + +```json +"managementGroupId": { + "value": "contoso-group" +} +``` + +
+ + +
+ +Bicep format + +```bicep +managementGroupId: 'contoso-group' +``` + +
+

+ +> `managementGroupId` is an optional parameter. If not provided, the deployment will use the management group defined in the current deployment scope (i.e. `managementGroup().name`). + +### Parameter Usage: `subscriptionId` + +To deploy resource to an Azure Subscription, provide the `subscriptionId` as an input parameter to the module. **Example**: + +

+ +Parameter JSON format + +```json +"subscriptionId": { + "value": "12345678-b049-471c-95af-123456789012" +} +``` + +
+ +
+ +Bicep format + +```bicep +subscriptionId: '12345678-b049-471c-95af-123456789012' +``` + +
+

+ +### Parameter Usage: `resourceGroupName` + +To deploy resource to a Resource Group, provide the `subscriptionId` and `resourceGroupName` as an input parameter to the module. **Example**: + +

+ +Parameter JSON format + +```json +"subscriptionId": { + "value": "12345678-b049-471c-95af-123456789012" +}, +"resourceGroupName": { + "value": "target-resourceGroup" +} +``` + +
+ + +
+ +Bicep format + +```bicep +subscriptionId: '12345678-b049-471c-95af-123456789012' +resourceGroupName: 'target-resourceGroup' +``` + +
+

+ +> The `subscriptionId` is used to enable deployment to a Resource Group Scope, allowing the use of the `resourceGroup()` function from a Management Group Scope. [Additional Details](https://github.com/Azure/bicep/pull/1420). + + +### Module Usage Guidance + +In general, resources under the `Microsoft.PolicyInsights` namespace allows deploying resources at multiple scopes (management groups, subscriptions, resource groups). The `main.bicep` root module is simply an orchestrator module that targets sub-modules for different scopes as seen in the parameter usage section. All sub-modules for this namespace have folders that represent the target scope. For example, if the orchestrator module in the [root](main.bicep) needs to target 'subscription' level scopes. It will look at the relative path ['/subscription/main.bicep'](./subscription/main.bicep) and use this sub-module for the actual deployment, while still passing the same parameters from the root module. + +The above method is useful when you want to use a single point to interact with the module but rely on parameter combinations to achieve the target scope. But what if you want to incorporate this module in other modules with lower scopes? This would force you to deploy the module in scope `managementGroup` regardless and further require you to provide its ID with it. If you do not set the scope to management group, this would be the error that you can expect to face: + +```bicep +Error BCP134: Scope "subscription" is not valid for this module. Permitted scopes: "managementGroup" +``` + +The solution is to have the option of directly targeting the sub-module that achieves the required scope. For example, if you have your own Bicep file wanting to create resources at the subscription level, and also use some of the modules from the `Microsoft.PolicyInsights` namespace, then you can directly use the sub-module ['/subscription/main.bicep'](./subscription/main.bicep) as a path within your repository, or reference that same published module from the bicep registry. CARML also published the sub-modules so you would be able to reference it like the following: + +**Bicep Registry Reference** +```bicep +module remediation 'br:bicepregistry.azurecr.io/bicep/modules/policyinsights.remediations.subscription:version' = {} +``` +**Local Path Reference** +```bicep +module remediation 'yourpath/module/Authorization.policyinsights/subscription/main.bicep' = {} +``` From d91444c3f13465358699566ebdeec519a5988b5b Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 21:49:05 +0200 Subject: [PATCH 05/16] Workspace --- .../operational-insights/workspace/README.md | 538 +++++------------- 1 file changed, 135 insertions(+), 403 deletions(-) diff --git a/modules/operational-insights/workspace/README.md b/modules/operational-insights/workspace/README.md index 6c7f72648d..2486731e0b 100644 --- a/modules/operational-insights/workspace/README.md +++ b/modules/operational-insights/workspace/README.md @@ -75,409 +75,6 @@ This module deploys a Log Analytics Workspace. | `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | | `useResourcePermissions` | bool | `False` | | Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. | - -### Parameter Usage: `gallerySolutions` - -Ref cross-referenced _[solution](../../operations-management/solution/README.md)_ - -

- -Parameter JSON format - -```json -"gallerySolutions": { - "value": [ - { - "name": "AgentHealthAssessment", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AlertManagement", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AntiMalware", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AzureActivity", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AzureAutomation", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AzureCdnCoreAnalytics", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AzureDataFactoryAnalytics", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AzureNSGAnalytics", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AzureSQLAnalytics", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "ChangeTracking", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "Containers", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "InfrastructureInsights", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "KeyVaultAnalytics", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "LogicAppsManagement", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "NetworkMonitoring", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "Security", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "SecurityCenterFree", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "ServiceFabric", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "ServiceMap", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "SQLAssessment", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "Updates", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "VMInsights", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "WireData2", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "WaaSUpdateInsights", - "product": "OMSGallery", - "publisher": "Microsoft" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -gallerySolutions: [ - { - name: 'AgentHealthAssessment' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AlertManagement' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AntiMalware' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AzureActivity' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AzureAutomation' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AzureCdnCoreAnalytics' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AzureDataFactoryAnalytics' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AzureNSGAnalytics' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AzureSQLAnalytics' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'ChangeTracking' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'Containers' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'InfrastructureInsights' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'KeyVaultAnalytics' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'LogicAppsManagement' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'NetworkMonitoring' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'Security' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'SecurityCenterFree' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'ServiceFabric' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'ServiceMap' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'SQLAssessment' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'Updates' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'VMInsights' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'WireData2' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'WaaSUpdateInsights' - product: 'OMSGallery' - publisher: 'Microsoft' - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- ## Outputs | Output Name | Type | Description | @@ -1462,3 +1059,138 @@ module workspace './operational-insights/workspace/main.bicep' = {

+ +## Notes + +### Parameter Usage: `roleAssignments` + +Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. + +

+ +Parameter JSON format + +```json +"roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "description": "Reader Role Assignment", + "principalIds": [ + "12345678-1234-1234-1234-123456789012", // object 1 + "78945612-1234-1234-1234-123456789012" // object 2 + ] + }, + { + "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "principalIds": [ + "12345678-1234-1234-1234-123456789012" // object 1 + ], + "principalType": "ServicePrincipal" + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + description: 'Reader Role Assignment' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + '78945612-1234-1234-1234-123456789012' // object 2 + ] + } + { + roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + ] + principalType: 'ServicePrincipal' + } +] +``` + +
+

+ +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +

+ +Parameter JSON format + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +tags: { + Environment: 'Non-Prod' + Contact: 'test.user@testcompany.com' + PurchaseOrder: '1234' + CostCenter: '7890' + ServiceName: 'DeploymentValidation' + Role: 'DeploymentValidation' +} +``` + +
+

+ +### Parameter Usage: `userAssignedIdentities` + +You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: + +

+ +Parameter JSON format + +```json +"userAssignedIdentities": { + "value": { + "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, + "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} + } +} +``` + +
+ +
+ +Bicep format + +```bicep +userAssignedIdentities: { + '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} + '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} +} +``` + +
+

From d3c3f70eb7d36f66f5f446eada7a61a17d5a877e Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 21:50:44 +0200 Subject: [PATCH 06/16] von --- modules/network/vpn-site/README.md | 402 ++++++++++------------------- 1 file changed, 136 insertions(+), 266 deletions(-) diff --git a/modules/network/vpn-site/README.md b/modules/network/vpn-site/README.md index 36cd83eb33..e60024cf64 100644 --- a/modules/network/vpn-site/README.md +++ b/modules/network/vpn-site/README.md @@ -49,272 +49,6 @@ This module deploys a VPN Site. | `tags` | object | `{object}` | | Tags of the resource. | | `vpnSiteLinks` | array | `[]` | | List of all VPN site links. | - -### Parameter Usage `o365Policy` - -

- -Parameter JSON format - -```json -"o365Policy": { - "value": { - "breakOutCategories": { - "optimize": true, - "allow": true, - "default": true - } - } -} -``` - -
- - -
- -Bicep format - -```bicep -o365Policy: { - breakOutCategories: { - optimize: true - allow: true - default: true - } -} -``` - -
-

- -### Parameter Usage `deviceProperties` - -

- -Parameter JSON format - -```json -"deviceProperties": { - "value": { - "deviceModel": "morty", - "deviceVendor": "contoso", - "linkSpeedInMbps": 0 - } -} -``` - -
- - -
- -Bicep format - -```bicep -deviceProperties: { - deviceModel: 'morty' - deviceVendor: 'contoso' - linkSpeedInMbps: 0 -} -``` - -
-

- -### Parameter Usage `bgpProperties` - -The BGP properties. Note: This is a deprecated property, please use the corresponding `VpnSiteLinks` property instead. - -

- -Parameter JSON format - -```json -"bgpProperties": { - "value": { - "asn": 65010, - "bgpPeeringAddress": "1.1.1.1", - "peerWeight": 0 - } -} -``` - -
- - -
- -Bicep format - -```bicep -bgpProperties: { - asn: 65010 - bgpPeeringAddress: '1.1.1.1' - peerWeight: 0 -} -``` - -
-

- -### Parameter Usage `vpnSiteLinks` - -An array of links. Should be used instead of the top-level `ipAddress` & `bgpProperties` properties. If using links, one default link with same name and properties as VpnSite itself is mandatory. - -

- -Parameter JSON format - -```json -"vpnSiteLinks": { - "value": [ - { - "name": "[[namePrefix]]-az-vSite-x-001", - "properties": { - "bgpProperties": { - "asn": 65010, - "bgpPeeringAddress": "1.1.1.1" - }, - "ipAddress": "1.2.3.4", - "linkProperties": { - "linkProviderName": "contoso", - "linkSpeedInMbps": 5 - } - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -vpnSiteLinks: [ - { - name: '[[namePrefix]]-az-vSite-x-001' - properties: { - bgpProperties: { - asn: 65010 - bgpPeeringAddress: '1.1.1.1' - } - ipAddress: '1.2.3.4' - linkProperties: { - linkProviderName: 'contoso' - linkSpeedInMbps: 5 - } - } - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- ## Outputs | Output Name | Type | Description | @@ -566,3 +300,139 @@ module vpnSite './network/vpn-site/main.bicep' = {

+ +## Notes + +### Parameter Usage `deviceProperties` + +

+ +Parameter JSON format + +```json +"deviceProperties": { + "value": { + "deviceModel": "morty", + "deviceVendor": "contoso", + "linkSpeedInMbps": 0 + } +} +``` + +
+ + +
+ +Bicep format + +```bicep +deviceProperties: { + deviceModel: 'morty' + deviceVendor: 'contoso' + linkSpeedInMbps: 0 +} +``` + +
+

+ +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +

+ +Parameter JSON format + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +tags: { + Environment: 'Non-Prod' + Contact: 'test.user@testcompany.com' + PurchaseOrder: '1234' + CostCenter: '7890' + ServiceName: 'DeploymentValidation' + Role: 'DeploymentValidation' +} +``` + +
+

+ +### Parameter Usage: `roleAssignments` + +Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. + +

+ +Parameter JSON format + +```json +"roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "description": "Reader Role Assignment", + "principalIds": [ + "12345678-1234-1234-1234-123456789012", // object 1 + "78945612-1234-1234-1234-123456789012" // object 2 + ] + }, + { + "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "principalIds": [ + "12345678-1234-1234-1234-123456789012" // object 1 + ], + "principalType": "ServicePrincipal" + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + description: 'Reader Role Assignment' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + '78945612-1234-1234-1234-123456789012' // object 2 + ] + } + { + roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + ] + principalType: 'ServicePrincipal' + } +] +``` + +
+

From aac884e4972b99dbf98a7c19a037bc088f62e09c Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 21:53:48 +0200 Subject: [PATCH 07/16] vpn gw --- modules/network/vpn-gateway/README.md | 239 +++++++++--------- .../vpn-gateway/vpn-connection/README.md | 24 +- 2 files changed, 132 insertions(+), 131 deletions(-) diff --git a/modules/network/vpn-gateway/README.md b/modules/network/vpn-gateway/README.md index 283bbfe3cd..e16fcdd0ec 100644 --- a/modules/network/vpn-gateway/README.md +++ b/modules/network/vpn-gateway/README.md @@ -43,125 +43,6 @@ This module deploys a VPN Gateway. | `vpnConnections` | array | `[]` | | The VPN connections to create in the VPN gateway. | | `vpnGatewayScaleUnit` | int | `2` | | The scale unit for this VPN gateway. | - -### Parameter Usage: `bgpSettings` - -

- -Parameter JSON format - -```json -"bgpSettings": { - "asn": 65515, - "peerWeight": 0, - "bgpPeeringAddresses": [ - { - "ipconfigurationId": "Instance0", - "defaultBgpIpAddresses": [ - "10.0.0.12" - ], - "customBgpIpAddresses": [], - "tunnelIpAddresses": [ - "20.84.35.53", - "10.0.0.4" - ] - }, - { - "ipconfigurationId": "Instance1", - "defaultBgpIpAddresses": [ - "10.0.0.13" - ], - "customBgpIpAddresses": [], - "tunnelIpAddresses": [ - "20.84.34.225", - "10.0.0.5" - ] - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -bgpSettings: { - asn: 65515 - peerWeight: 0 - bgpPeeringAddresses: [ - { - ipconfigurationId: 'Instance0' - defaultBgpIpAddresses: [ - '10.0.0.12' - ] - customBgpIpAddresses: [] - tunnelIpAddresses: [ - '20.84.35.53' - '10.0.0.4' - ] - } - { - ipconfigurationId: 'Instance1' - defaultBgpIpAddresses: [ - '10.0.0.13' - ] - customBgpIpAddresses: [] - tunnelIpAddresses: [ - '20.84.34.225' - '10.0.0.5' - ] - } - ] -} -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- ## Outputs | Output Name | Type | Description | @@ -371,3 +252,123 @@ module vpnGateway './network/vpn-gateway/main.bicep' = {

+ +## Notes + +### Parameter Usage: `bgpSettings` + +

+ +Parameter JSON format + +```json +"bgpSettings": { + "asn": 65515, + "peerWeight": 0, + "bgpPeeringAddresses": [ + { + "ipconfigurationId": "Instance0", + "defaultBgpIpAddresses": [ + "10.0.0.12" + ], + "customBgpIpAddresses": [], + "tunnelIpAddresses": [ + "20.84.35.53", + "10.0.0.4" + ] + }, + { + "ipconfigurationId": "Instance1", + "defaultBgpIpAddresses": [ + "10.0.0.13" + ], + "customBgpIpAddresses": [], + "tunnelIpAddresses": [ + "20.84.34.225", + "10.0.0.5" + ] + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +bgpSettings: { + asn: 65515 + peerWeight: 0 + bgpPeeringAddresses: [ + { + ipconfigurationId: 'Instance0' + defaultBgpIpAddresses: [ + '10.0.0.12' + ] + customBgpIpAddresses: [] + tunnelIpAddresses: [ + '20.84.35.53' + '10.0.0.4' + ] + } + { + ipconfigurationId: 'Instance1' + defaultBgpIpAddresses: [ + '10.0.0.13' + ] + customBgpIpAddresses: [] + tunnelIpAddresses: [ + '20.84.34.225' + '10.0.0.5' + ] + } + ] +} +``` + +
+

+ +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +

+ +Parameter JSON format + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +tags: { + Environment: 'Non-Prod' + Contact: 'test.user@testcompany.com' + PurchaseOrder: '1234' + CostCenter: '7890' + ServiceName: 'DeploymentValidation' + Role: 'DeploymentValidation' +} +``` + +
+

diff --git a/modules/network/vpn-gateway/vpn-connection/README.md b/modules/network/vpn-gateway/vpn-connection/README.md index fd46c20e02..b61a394071 100644 --- a/modules/network/vpn-gateway/vpn-connection/README.md +++ b/modules/network/vpn-gateway/vpn-connection/README.md @@ -48,7 +48,19 @@ This module deploys a VPN Gateway VPN Connection. | `usePolicyBasedTrafficSelectors` | bool | `False` | | Enable policy-based traffic selectors. | | `vpnConnectionProtocolType` | string | `'IKEv2'` | `[IKEv1, IKEv2]` | Gateway connection protocol. | | `vpnLinkConnections` | array | `[]` | | List of all VPN site link connections to the gateway. | +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the VPN connection. | +| `resourceGroupName` | string | The name of the resource group the VPN connection was deployed into. | +| `resourceId` | string | The resource ID of the VPN connection. | + +## Cross-referenced modules +_None_ + +## Notes ### Parameter Usage: `routingConfiguration` @@ -106,15 +118,3 @@ routingConfiguration: {

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the VPN connection. | -| `resourceGroupName` | string | The name of the resource group the VPN connection was deployed into. | -| `resourceId` | string | The resource ID of the VPN connection. | - -## Cross-referenced modules - -_None_ From a7a21aec6cd7d8920abb19665be023a26e014568 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 21:55:31 +0200 Subject: [PATCH 08/16] vn gw --- .../network/virtual-network-gateway/README.md | 269 +++++++----------- 1 file changed, 101 insertions(+), 168 deletions(-) diff --git a/modules/network/virtual-network-gateway/README.md b/modules/network/virtual-network-gateway/README.md index 8eaf06c0d0..c7408ccddf 100644 --- a/modules/network/virtual-network-gateway/README.md +++ b/modules/network/virtual-network-gateway/README.md @@ -73,174 +73,6 @@ This module deploys a Virtual Network Gateway. | `vpnGatewayGeneration` | string | `'None'` | `[Generation1, Generation2, None]` | The generation for this VirtualNetworkGateway. Must be None if virtualNetworkGatewayType is not VPN. | | `vpnType` | string | `'RouteBased'` | `[PolicyBased, RouteBased]` | Specifies the VPN type. | - -### Parameter Usage: `subnets` - -The `subnets` parameter accepts a JSON Array of `subnet` objects to deploy to the Virtual Network. - -Here's an example of specifying a couple Subnets to deploy: - -

- -Parameter JSON format - -```json -"subnets": { - "value": [ - { - "name": "app", - "properties": { - "addressPrefix": "10.1.0.0/24", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'app-nsg')]" - }, - "routeTable": { - "id": "[resourceId('Microsoft.Network/routeTables', 'app-udr')]" - } - } - }, - { - "name": "data", - "properties": { - "addressPrefix": "10.1.1.0/24" - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -subnets: [ - { - name: 'app' - properties: { - addressPrefix: '10.1.0.0/24' - networkSecurityGroup: { - id: '[resourceId('Microsoft.Network/networkSecurityGroups' 'app-nsg')]' - } - routeTable: { - id: '[resourceId('Microsoft.Network/routeTables' 'app-udr')]' - } - } - } - { - name: 'data' - properties: { - addressPrefix: '10.1.1.0/24' - } - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- ## Outputs | Output Name | Type | Description | @@ -790,3 +622,104 @@ module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = {

+ +## Notes +### Parameter Usage: `roleAssignments` + +Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. + +

+ +Parameter JSON format + +```json +"roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "description": "Reader Role Assignment", + "principalIds": [ + "12345678-1234-1234-1234-123456789012", // object 1 + "78945612-1234-1234-1234-123456789012" // object 2 + ] + }, + { + "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "principalIds": [ + "12345678-1234-1234-1234-123456789012" // object 1 + ], + "principalType": "ServicePrincipal" + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + description: 'Reader Role Assignment' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + '78945612-1234-1234-1234-123456789012' // object 2 + ] + } + { + roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + ] + principalType: 'ServicePrincipal' + } +] +``` + +
+

+ +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +

+ +Parameter JSON format + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +tags: { + Environment: 'Non-Prod' + Contact: 'test.user@testcompany.com' + PurchaseOrder: '1234' + CostCenter: '7890' + ServiceName: 'DeploymentValidation' + Role: 'DeploymentValidation' +} +``` + +
+

From b9087dabac8c58272e4670e7b3e92cd0b0657a0e Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 21:56:09 +0200 Subject: [PATCH 09/16] Update to latest --- .../virtual-network/virtual-network-peering/README.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/modules/network/virtual-network/virtual-network-peering/README.md b/modules/network/virtual-network/virtual-network-peering/README.md index 059f1d9ef1..f5dd0935e8 100644 --- a/modules/network/virtual-network/virtual-network-peering/README.md +++ b/modules/network/virtual-network/virtual-network-peering/README.md @@ -15,13 +15,6 @@ This module deploys a Virtual Network Peering. | :-- | :-- | | `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualNetworks/virtualNetworkPeerings) | -### Resource dependency - -The following resources are required to be able to deploy this resource. - -- Local Virtual Network (Identified by the `localVnetName` parameter). -- Remote Virtual Network (Identified by the `remoteVirtualNetworkId` parameter) - ## Parameters **Required parameters** From 8641f07edbce9f1f7d82f3d729c833e60f0162df Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 22:00:08 +0200 Subject: [PATCH 10/16] VNET --- modules/network/virtual-network/README.md | 407 ++++++------------ .../network/virtual-network/subnet/README.md | 109 +---- 2 files changed, 134 insertions(+), 382 deletions(-) diff --git a/modules/network/virtual-network/README.md b/modules/network/virtual-network/README.md index 2664550387..79482bf129 100644 --- a/modules/network/virtual-network/README.md +++ b/modules/network/virtual-network/README.md @@ -55,291 +55,6 @@ This module deploys a Virtual Network (vNet). | `vnetEncryption` | bool | `False` | | Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. Requires the EnableVNetEncryption feature to be registered for the subscription and a supported region to use this property. | | `vnetEncryptionEnforcement` | string | `'AllowUnencrypted'` | `[AllowUnencrypted, DropUnencrypted]` | If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled. | - -### Parameter Usage: `subnets` - -Below you can find an example for the subnet property's usage. For all remaining properties, please refer to the _[subnet](subnet/README.md)_ readme. - -

- -Template JSON format - -```json -"subnets": { - "value": [ - { - "name": "GatewaySubnet", - "addressPrefix": "10.0.255.0/24" - }, - { - "name": "[[namePrefix]]-az-subnet-x-001", - "addressPrefix": "10.0.0.0/24", - "networkSecurityGroupId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-[[namePrefix]]-az-nsg-x-001", - "serviceEndpoints": [ - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.Sql" - } - ], - "routeTableId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-[[namePrefix]]-az-udr-x-001", - "delegations": [ - { - "name": "netappDel", - "properties": { - "serviceName": "Microsoft.Netapp/volumes" - } - } - ], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -subnets: [ - { - name: 'GatewaySubnet' - addressPrefix: '10.0.255.0/24' - } - { - name: '[[namePrefix]]-az-subnet-x-001' - addressPrefix: '10.0.0.0/24' - networkSecurityGroupId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-[[namePrefix]]-az-nsg-x-001' - serviceEndpoints: [ - { - service: 'Microsoft.Storage' - } - { - service: 'Microsoft.Sql' - } - ] - routeTableId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-[[namePrefix]]-az-udr-x-001' - delegations: [ - { - name: 'netappDel' - properties: { - serviceName: 'Microsoft.Netapp/volumes' - } - } - ] - privateEndpointNetworkPolicies: 'Disabled' - privateLinkServiceNetworkPolicies: 'Enabled' - } -] -``` - -
-

- -### Parameter Usage: `virtualNetworkPeerings` - -As the virtual network peering array allows you to deploy not only a one-way but also two-way peering (i.e reverse), you can use the following ***additional*** properties on top of what is documented in _[virtualNetworkPeering](virtual-network-peering/README.md)_. - -| Parameter Name | Type | Default Value | Possible Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `remotePeeringEnabled` | bool | `false` | | Optional. Set to true to also deploy the reverse peering for the configured remote virtual networks to the local network | -| `remotePeeringName` | string | `'${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}'` | | Optional. The Name of Vnet Peering resource. If not provided, default value will be - | -| `remotePeeringAllowForwardedTraffic` | bool | `true` | | Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. | -| `remotePeeringAllowGatewayTransit` | bool | `false` | | Optional. If gateway links can be used in remote virtual networking to link to this virtual network. | -| `remotePeeringAllowVirtualNetworkAccess` | bool | `true` | | Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. | -| `remotePeeringDoNotVerifyRemoteGateways` | bool | `true` | | Optional. If we need to verify the provisioning state of the remote gateway. | -| `remotePeeringUseRemoteGateways` | bool | `false` | | Optional. If remote gateways can be used on this virtual network. If the flag is set to `true`, and allowGatewayTransit on local peering is also `true`, virtual network will use gateways of local virtual network for transit. Only one peering can have this flag set to `true`. This flag cannot be set if virtual network already has a gateway. | - -

- -Parameter JSON format - -```json -"virtualNetworkPeerings": { - "value": [ - { - "remoteVirtualNetworkId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-[[namePrefix]]-az-vnet-x-peer01", - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "allowVirtualNetworkAccess": true, - "useRemoteGateways": false, - "remotePeeringEnabled": true, - "remotePeeringName": "customName", - "remotePeeringAllowVirtualNetworkAccess": true, - "remotePeeringAllowForwardedTraffic": true - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -virtualNetworkPeerings: [ - { - remoteVirtualNetworkId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-[[namePrefix]]-az-vnet-x-peer01' - allowForwardedTraffic: true - allowGatewayTransit: false - allowVirtualNetworkAccess: true - useRemoteGateways: false - remotePeeringEnabled: true - remotePeeringName: 'customName' - remotePeeringAllowVirtualNetworkAccess: true - remotePeeringAllowForwardedTraffic: true - } -] -``` - -
-

- -### Parameter Usage: `addressPrefixes` - -The `addressPrefixes` parameter accepts a JSON Array of string values containing the IP Address Prefixes for the Virtual Network (vNet). - -Here's an example of specifying a single Address Prefix: - - -

- -Parameter JSON format - -```json -"addressPrefixes": { - "value": [ - "10.1.0.0/16" - ] -} -``` - -
- -
- -Bicep format - -```bicep -addressPrefixes: [ - '10.1.0.0/16' -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Considerations - -The network security group and route table resources must reside in the same resource group as the virtual network. - ## Outputs | Output Name | Type | Description | @@ -737,3 +452,125 @@ module virtualNetwork './network/virtual-network/main.bicep' = {

+ +## Notes + +### Considerations + +The network security group and route table resources must reside in the same resource group as the virtual network. + +### Parameter Usage: `peerings` + +As the virtual network peering array allows you to deploy not only a one-way but also two-way peering (i.e reverse), you can use the following ***additional*** properties on top of what is documented in _[virtualNetworkPeering](virtual-network-peering/README.md)_. + +| Parameter Name | Type | Default Value | Possible Values | Description | +| :-- | :-- | :-- | :-- | :-- | +| `remotePeeringEnabled` | bool | `false` | | Optional. Set to true to also deploy the reverse peering for the configured remote virtual networks to the local network | +| `remotePeeringName` | string | `'${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}'` | | Optional. The Name of Vnet Peering resource. If not provided, default value will be - | +| `remotePeeringAllowForwardedTraffic` | bool | `true` | | Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. | +| `remotePeeringAllowGatewayTransit` | bool | `false` | | Optional. If gateway links can be used in remote virtual networking to link to this virtual network. | +| `remotePeeringAllowVirtualNetworkAccess` | bool | `true` | | Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. | +| `remotePeeringDoNotVerifyRemoteGateways` | bool | `true` | | Optional. If we need to verify the provisioning state of the remote gateway. | +| `remotePeeringUseRemoteGateways` | bool | `false` | | Optional. If remote gateways can be used on this virtual network. If the flag is set to `true`, and allowGatewayTransit on local peering is also `true`, virtual network will use gateways of local virtual network for transit. Only one peering can have this flag set to `true`. This flag cannot be set if virtual network already has a gateway. | + + +### Parameter Usage: `roleAssignments` + +Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. + +

+ +Parameter JSON format + +```json +"roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "description": "Reader Role Assignment", + "principalIds": [ + "12345678-1234-1234-1234-123456789012", // object 1 + "78945612-1234-1234-1234-123456789012" // object 2 + ] + }, + { + "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "principalIds": [ + "12345678-1234-1234-1234-123456789012" // object 1 + ], + "principalType": "ServicePrincipal" + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + description: 'Reader Role Assignment' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + '78945612-1234-1234-1234-123456789012' // object 2 + ] + } + { + roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + ] + principalType: 'ServicePrincipal' + } +] +``` + +
+

+ +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +

+ +Parameter JSON format + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +tags: { + Environment: 'Non-Prod' + Contact: 'test.user@testcompany.com' + PurchaseOrder: '1234' + CostCenter: '7890' + ServiceName: 'DeploymentValidation' + Role: 'DeploymentValidation' +} +``` + +
+

+ diff --git a/modules/network/virtual-network/subnet/README.md b/modules/network/virtual-network/subnet/README.md index 2fcd6f1dff..dc97c4e730 100644 --- a/modules/network/virtual-network/subnet/README.md +++ b/modules/network/virtual-network/subnet/README.md @@ -50,92 +50,21 @@ This module deploys a Virtual Network Subnet. | `serviceEndpointPolicies` | array | `[]` | | An array of service endpoint policies. | | `serviceEndpoints` | array | `[]` | | The service endpoints to enable on the subnet. | +## Outputs -### Parameter Usage: `delegations` - -

- -Parameter JSON format - -```json -"delegations": [ - { - "name": "sqlMiDel", - "properties": { - "serviceName": "Microsoft.Sql/managedInstances" - } - } -] -``` - -
- -
- -Bicep format - -```bicep -delegations: [ - { - name: 'sqlMiDel' - properties: { - serviceName: 'Microsoft.Sql/managedInstances' - } - } -] -``` - -
-

- -### Parameter Usage: `serviceEndpoints` - -

- -Parameter JSON format - -```json -"serviceEndpoints": [ - { - "service": "Microsoft.EventHub" - }, - { - "service": "Microsoft.Sql" - }, - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.KeyVault" - } -] -``` - -
- -
+| Output Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the virtual network peering. | +| `resourceGroupName` | string | The resource group the virtual network peering was deployed into. | +| `resourceId` | string | The resource ID of the virtual network peering. | +| `subnetAddressPrefix` | string | The address prefix for the subnet. | +| `subnetAddressPrefixes` | array | List of address prefixes for the subnet. | -Bicep format +## Cross-referenced modules -```bicep -serviceEndpoints: [ - { - name: 'Microsoft.EventHub' - } - { - name: 'Microsoft.Sql' - } - { - name: 'Microsoft.Storage' - } - { - name: 'Microsoft.KeyVault' - } -] -``` +_None_ -
-

+## Notes ### Parameter Usage: `roleAssignments` @@ -196,20 +125,6 @@ roleAssignments: [

-## Considerations +### Considerations The `privateEndpointNetworkPolicies` property must be set to disabled for subnets that contain private endpoints. It confirms that NSGs rules will not apply to private endpoints (currently not supported, [reference](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview#limitations)). Default Value when not specified is "Enabled". - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the virtual network peering. | -| `resourceGroupName` | string | The resource group the virtual network peering was deployed into. | -| `resourceId` | string | The resource ID of the virtual network peering. | -| `subnetAddressPrefix` | string | The address prefix for the subnet. | -| `subnetAddressPrefixes` | array | List of address prefixes for the subnet. | - -## Cross-referenced modules - -_None_ From f2036fd7b0071bde30d5f0404e3a394eb49cf5ea Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 22:01:21 +0200 Subject: [PATCH 11/16] Hub connection --- .../virtual-hub/hub-virtual-network-connection/README.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/network/virtual-hub/hub-virtual-network-connection/README.md b/modules/network/virtual-hub/hub-virtual-network-connection/README.md index 6039a55267..87f5dc8ea8 100644 --- a/modules/network/virtual-hub/hub-virtual-network-connection/README.md +++ b/modules/network/virtual-hub/hub-virtual-network-connection/README.md @@ -38,11 +38,6 @@ This module deploys a Virtual Hub Virtual Network Connection. | `enableInternetSecurity` | bool | `True` | Enable internet security. | | `routingConfiguration` | object | `{object}` | Routing Configuration indicating the associated and propagated route tables for this connection. | - -### Parameter Usage: `hubVirtualNetworkConnections` - -... - ## Outputs | Output Name | Type | Description | From 9df492e20967ef994c73921a1c83ad7f3aa64836 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 22:03:07 +0200 Subject: [PATCH 12/16] traffigmanager --- .../network/trafficmanagerprofile/README.md | 339 +++++++++--------- 1 file changed, 170 insertions(+), 169 deletions(-) diff --git a/modules/network/trafficmanagerprofile/README.md b/modules/network/trafficmanagerprofile/README.md index 3511923eee..5de0ab9733 100644 --- a/modules/network/trafficmanagerprofile/README.md +++ b/modules/network/trafficmanagerprofile/README.md @@ -51,6 +51,176 @@ This module deploys a Traffic Manager Profile. | `trafficViewEnrollmentStatus` | string | `'Disabled'` | `[Disabled, Enabled]` | Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile. | | `ttl` | int | `60` | | The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile. | +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the traffic manager was deployed into. | +| `resourceGroupName` | string | The resource group the traffic manager was deployed into. | +| `resourceId` | string | The resource ID of the traffic manager. | + +## Cross-referenced modules + +_None_ + +## Deployment examples + +The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. + + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + +

Example 1: Common

+ +
+ +via Bicep module + +```bicep +module trafficmanagerprofile './network/trafficmanagerprofile/main.bicep' = { + name: '${uniqueString(deployment().name, location)}-test-ntmpcom' + params: { + // Required parameters + name: '' + relativeName: '' + // Non-required parameters + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' + enableDefaultTelemetry: '' + lock: 'CanNotDelete' + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "" + }, + "relativeName": { + "value": "" + }, + // Non-required parameters + "diagnosticEventHubAuthorizationRuleId": { + "value": "" + }, + "diagnosticEventHubName": { + "value": "" + }, + "diagnosticStorageAccountId": { + "value": "" + }, + "diagnosticWorkspaceId": { + "value": "" + }, + "enableDefaultTelemetry": { + "value": "" + }, + "lock": { + "value": "CanNotDelete" + }, + "roleAssignments": { + "value": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ +

Example 2: Min

+ +
+ +via Bicep module + +```bicep +module trafficmanagerprofile './network/trafficmanagerprofile/main.bicep' = { + name: '${uniqueString(deployment().name, location)}-test-ntmpmin' + params: { + // Required parameters + name: '' + relativeName: '' + // Non-required parameters + enableDefaultTelemetry: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "" + }, + "relativeName": { + "value": "" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" + } + } +} +``` + +
+

+ +## Notes ### Parameter Usage: `monitorConfig` @@ -241,172 +411,3 @@ tags: {

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the traffic manager was deployed into. | -| `resourceGroupName` | string | The resource group the traffic manager was deployed into. | -| `resourceId` | string | The resource ID of the traffic manager. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

- -
- -via Bicep module - -```bicep -module trafficmanagerprofile './network/trafficmanagerprofile/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-ntmpcom' - params: { - // Required parameters - name: '' - relativeName: '' - // Non-required parameters - diagnosticEventHubAuthorizationRuleId: '' - diagnosticEventHubName: '' - diagnosticStorageAccountId: '' - diagnosticWorkspaceId: '' - enableDefaultTelemetry: '' - lock: 'CanNotDelete' - roleAssignments: [ - { - principalIds: [ - '' - ] - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "" - }, - "relativeName": { - "value": "" - }, - // Non-required parameters - "diagnosticEventHubAuthorizationRuleId": { - "value": "" - }, - "diagnosticEventHubName": { - "value": "" - }, - "diagnosticStorageAccountId": { - "value": "" - }, - "diagnosticWorkspaceId": { - "value": "" - }, - "enableDefaultTelemetry": { - "value": "" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - } -} -``` - -
-

- -

Example 2: Min

- -
- -via Bicep module - -```bicep -module trafficmanagerprofile './network/trafficmanagerprofile/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-ntmpmin' - params: { - // Required parameters - name: '' - relativeName: '' - // Non-required parameters - enableDefaultTelemetry: '' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "" - }, - "relativeName": { - "value": "" - }, - // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - } - } -} -``` - -
-

From e25d188fe53cbf6c9d385bc7f0ce115835f19986 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 22:05:39 +0200 Subject: [PATCH 13/16] Routes --- modules/network/route-table/README.md | 292 +++++++++----------------- 1 file changed, 102 insertions(+), 190 deletions(-) diff --git a/modules/network/route-table/README.md b/modules/network/route-table/README.md index 0d634f3add..2d08dc94a2 100644 --- a/modules/network/route-table/README.md +++ b/modules/network/route-table/README.md @@ -38,196 +38,6 @@ This module deploys a User Defined Route Table (UDR). | `routes` | array | `[]` | | An Array of Routes to be established within the hub route table. | | `tags` | object | `{object}` | | Tags of the resource. | - -### Parameter Usage: `routes` - -The `routes` parameter accepts a JSON Array of Route objects to deploy to the Route Table. - -Here's an example of specifying a few routes: - -

- -Parameter JSON format - -```json -"routes": { - "value": [ - { - "name": "tojumpboxes", - "properties": { - "addressPrefix": "172.16.0.48/28", - "nextHopType": "VnetLocal" - } - }, - { - "name": "tosharedservices", - "properties": { - "addressPrefix": "172.16.0.64/27", - "nextHopType": "VnetLocal" - } - }, - { - "name": "toonprem", - "properties": { - "addressPrefix": "10.0.0.0/8", - "nextHopType": "VirtualNetworkGateway" - } - }, - { - "name": "tonva", - "properties": { - "addressPrefix": "172.16.0.0/18", - "nextHopType": "VirtualAppliance", - "nextHopIpAddress": "172.16.0.20" - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -routes: [ - { - name: 'tojumpboxes' - properties: { - addressPrefix: '172.16.0.48/28' - nextHopType: 'VnetLocal' - } - } - { - name: 'tosharedservices' - properties: { - addressPrefix: '172.16.0.64/27' - nextHopType: 'VnetLocal' - } - } - { - name: 'toonprem' - properties: { - addressPrefix: '10.0.0.0/8' - nextHopType: 'VirtualNetworkGateway' - } - } - { - name: 'tonva' - properties: { - addressPrefix: '172.16.0.0/18' - nextHopType: 'VirtualAppliance' - nextHopIpAddress: '172.16.0.20' - } - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- ## Outputs | Output Name | Type | Description | @@ -395,3 +205,105 @@ module routeTable './network/route-table/main.bicep' = {

+ +## Notes + +### Parameter Usage: `roleAssignments` + +Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. + +

+ +Parameter JSON format + +```json +"roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "description": "Reader Role Assignment", + "principalIds": [ + "12345678-1234-1234-1234-123456789012", // object 1 + "78945612-1234-1234-1234-123456789012" // object 2 + ] + }, + { + "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "principalIds": [ + "12345678-1234-1234-1234-123456789012" // object 1 + ], + "principalType": "ServicePrincipal" + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + description: 'Reader Role Assignment' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + '78945612-1234-1234-1234-123456789012' // object 2 + ] + } + { + roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + ] + principalType: 'ServicePrincipal' + } +] +``` + +
+

+ +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +

+ +Parameter JSON format + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +tags: { + Environment: 'Non-Prod' + Contact: 'test.user@testcompany.com' + PurchaseOrder: '1234' + CostCenter: '7890' + ServiceName: 'DeploymentValidation' + Role: 'DeploymentValidation' +} +``` + +
+

From e8f6cd85a38b1efd4966bca3da6ca2e5b0acaaab Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 12 Oct 2023 22:12:45 +0200 Subject: [PATCH 14/16] Private Link Service --- .../network/private-link-service/README.md | 636 ++++++++---------- .../network/private-link-service/main.bicep | 6 +- 2 files changed, 266 insertions(+), 376 deletions(-) diff --git a/modules/network/private-link-service/README.md b/modules/network/private-link-service/README.md index 9709de3864..ad8c02cae2 100644 --- a/modules/network/private-link-service/README.md +++ b/modules/network/private-link-service/README.md @@ -9,6 +9,7 @@ This module deploys a Private Link Service. - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Deployment examples](#Deployment-examples) +- [Notes](#Notes) ## Resource types @@ -32,18 +33,275 @@ This module deploys a Private Link Service. | :-- | :-- | :-- | :-- | :-- | | `autoApproval` | object | `{object}` | | The auto-approval list of the private link service. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableProxyProtocol` | bool | `False` | | Whether the private link service is enabled for proxy protocol or not. | +| `enableProxyProtocol` | bool | `False` | | Lets the service provider use tcp proxy v2 to retrieve connection information about the service consumer. Service Provider is responsible for setting up receiver configs to be able to parse the proxy protocol v2 header. | | `extendedLocation` | object | `{object}` | | The extended location of the load balancer. | | `fqdns` | array | `[]` | | The list of Fqdn. | | `ipConfigurations` | array | `[]` | | An array of private link service IP configurations. | -| `loadBalancerFrontendIpConfigurations` | array | `[]` | | An array of references to the load balancer IP configurations. | +| `loadBalancerFrontendIpConfigurations` | array | `[]` | | An array of references to the load balancer IP configurations. The Private Link service is tied to the frontend IP address of a Standard Load Balancer. All traffic destined for the service will reach the frontend of the SLB. You can configure SLB rules to direct this traffic to appropriate backend pools where your applications are running. Load balancer frontend IP configurations are different than NAT IP configurations. | | `location` | string | `[resourceGroup().location]` | | Location for all Resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Tags to be applied on all resources/resource groups in this deployment. | -| `visibility` | object | `{object}` | | The visibility list of the private link service. | +| `visibility` | object | `{object}` | | Controls the exposure settings for your Private Link service. Service providers can choose to limit the exposure to their service to subscriptions with Azure role-based access control (Azure RBAC) permissions, a restricted set of subscriptions, or all Azure subscriptions. | +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the private link service. | +| `resourceGroupName` | string | The resource group the private link service was deployed into. | +| `resourceId` | string | The resource ID of the private link service. | + +## Cross-referenced modules + +_None_ + +## Deployment examples + +The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. + + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + +

Example 1: Common

+ +
+ +via Bicep module + +```bicep +module privateLinkService './network/private-link-service/main.bicep' = { + name: '${uniqueString(deployment().name, location)}-test-nplscom' + params: { + // Required parameters + name: 'nplscom001' + // Non-required parameters + autoApproval: { + subscriptions: [ + '*' + ] + } + enableDefaultTelemetry: '' + enableProxyProtocol: true + fqdns: [ + 'nplscom.plsfqdn01.azure.privatelinkservice' + 'nplscom.plsfqdn02.azure.privatelinkservice' + ] + ipConfigurations: [ + { + name: 'nplscom01' + properties: { + primary: true + privateIPAllocationMethod: 'Dynamic' + subnet: { + id: '' + } + } + } + ] + loadBalancerFrontendIpConfigurations: [ + { + id: '' + } + ] + lock: 'CanNotDelete' + roleAssignments: [ + { + principalIds: [ + '' + ] + roleDefinitionIdOrName: 'Reader' + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + visibility: { + subscriptions: [ + '' + ] + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "nplscom001" + }, + // Non-required parameters + "autoApproval": { + "value": { + "subscriptions": [ + "*" + ] + } + }, + "enableDefaultTelemetry": { + "value": "" + }, + "enableProxyProtocol": { + "value": true + }, + "fqdns": { + "value": [ + "nplscom.plsfqdn01.azure.privatelinkservice", + "nplscom.plsfqdn02.azure.privatelinkservice" + ] + }, + "ipConfigurations": { + "value": [ + { + "name": "nplscom01", + "properties": { + "primary": true, + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "" + } + } + } + ] + }, + "loadBalancerFrontendIpConfigurations": { + "value": [ + { + "id": "" + } + ] + }, + "lock": { + "value": "CanNotDelete" + }, + "roleAssignments": { + "value": [ + { + "principalIds": [ + "" + ], + "roleDefinitionIdOrName": "Reader" + } + ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + }, + "visibility": { + "value": { + "subscriptions": [ + "" + ] + } + } + } +} +``` + +
+

+ +

Example 2: Min

+ +
+ +via Bicep module + +```bicep +module privateLinkService './network/private-link-service/main.bicep' = { + name: '${uniqueString(deployment().name, location)}-test-nplsmin' + params: { + // Required parameters + name: 'nplsmin001' + // Non-required parameters + enableDefaultTelemetry: '' + ipConfigurations: [ + { + name: 'nplsmin01' + properties: { + subnet: { + id: '' + } + } + } + ] + loadBalancerFrontendIpConfigurations: [ + { + id: '' + } + ] + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "nplsmin001" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" + }, + "ipConfigurations": { + "value": [ + { + "name": "nplsmin01", + "properties": { + "subnet": { + "id": "" + } + } + } + ] + }, + "loadBalancerFrontendIpConfigurations": { + "value": [ + { + "id": "" + } + ] + } + } +} +``` + +
+

+ + +## Notes + ### Parameter Usage: `ipConfigurations` This property refers to the NAT (Network Address Translation) IP configuration for the Private Link service. The NAT IP can be chosen from any subnet in a service provider's virtual network. Private Link service performs destination side NAT-ing on the Private Link traffic. This ensures that there is no IP conflict between source (consumer side) and destination (service provider) address space. On the destination side (service provider side), the NAT IP address will show up as Source IP for all packets received by your service and destination IP for all packets sent by your service. @@ -117,43 +375,6 @@ ipConfigurations: [

-### Parameter Usage: `loadBalancerFrontendIpConfigurations` - -Private Link service is tied to the frontend IP address of a Standard Load Balancer. All traffic destined for the service will reach the frontend of the SLB. You can configure SLB rules to direct this traffic to appropriate backend pools where your applications are running. Load balancer frontend IP configurations are different than NAT IP configurations. - -

- -Parameter JSON format - -```json -"loadBalancerFrontendIpConfigurations": { - "value": [ - // Example showing reference to the font end IP configuration of the load balancer - { - "id": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-[[namePrefix]]-az-lb-internal-001/frontendIPConfigurations/privateIPConfig1" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -loadBalancerFrontendIpConfigurations: [ - // Example showing reference to the font end IP configuration of the load balancer - { - id: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-[[namePrefix]]-az-lb-internal-001/frontendIPConfigurations/privateIPConfig1' - } -] -``` - -
-

- ### Parameter Usage: `extendedLocation` This is the Edge Zone ID of the Edge Zone corresponding to the region in which the resource is deployed. More information is available here: [Azure Edge Zone ID](https://learn.microsoft.com/en-us/azure/public-multi-access-edge-compute-mec/key-concepts#azure-edge-zone-id). @@ -228,85 +449,8 @@ autoApproval: [ // Example to auto-approve a specific set of subscriptions. This should always be a subset of the subscriptions provided under "visibility" autoApproval: [ - '12345678-1234-1234-1234-123456781234' // Subscription 1 - '87654321-1234-1234-1234-123456781234' // Subscription 2 -] -``` - - -

- -### Parameter Usage: `visibility` - -Visibility is the property that controls the exposure settings for your Private Link service. Service providers can choose to limit the exposure to their service to subscriptions with Azure role-based access control (Azure RBAC) permissions, a restricted set of subscriptions, or all Azure subscriptions. - -

- -Parameter JSON format - -```json -"visibility": { - "value" - // Example showing usage of visibility param - "subscriptions": [ - "12345678-1234-1234-1234-123456781234", // Subscription 1 - "87654321-1234-1234-1234-123456781234", // Subscription 2 - "12341234-1234-1234-1234-123456781234" // Subscription 3 - ] -} -``` - -
- -
- -Bicep format - -```bicep -visibility: { - subscriptions: [ - '12345678-1234-1234-1234-123456781234' // Subscription 1 - '87654321-1234-1234-1234-123456781234' // Subscription 2 - '12341234-1234-1234-1234-123456781234' // Subscription 3 - ] -} -``` - -
-

- -### Parameter Usage: `enableProxyProtocol` - -This property lets the service provider use tcp proxy v2 to retrieve connection information about the service consumer. Service Provider is responsible for setting up receiver configs to be able to parse the proxy protocol v2 header. - -### Parameter Usage: `fqdns` - -This property lets you set the fqdn(s) to access the Private Link service. -

- -Parameter JSON format - -```json -"fqdns": { - // Example to set FQDNs for the Private Link service - "value": [ - "pls01.azure.privatelinkservice", // FQDN 1 - "pls01-duplicate.azure.privatelinkserivce" // FQDN 2 - ] -} -``` - -
- -
- -Bicep format - -```bicep -fqdns: [ - // Example to set FQDNs for the Private Link service - 'pls01.azure.privatelinkservice' - 'pls01-duplicate.azure.privatelinkservice' + '12345678-1234-1234-1234-123456781234' // Subscription 1 + '87654321-1234-1234-1234-123456781234' // Subscription 2 ] ``` @@ -412,257 +556,3 @@ tags: {

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the private link service. | -| `resourceGroupName` | string | The resource group the private link service was deployed into. | -| `resourceId` | string | The resource ID of the private link service. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

- -
- -via Bicep module - -```bicep -module privateLinkService './network/private-link-service/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-nplscom' - params: { - // Required parameters - name: 'nplscom001' - // Non-required parameters - autoApproval: { - subscriptions: [ - '*' - ] - } - enableDefaultTelemetry: '' - enableProxyProtocol: true - fqdns: [ - 'nplscom.plsfqdn01.azure.privatelinkservice' - 'nplscom.plsfqdn02.azure.privatelinkservice' - ] - ipConfigurations: [ - { - name: 'nplscom01' - properties: { - primary: true - privateIPAllocationMethod: 'Dynamic' - subnet: { - id: '' - } - } - } - ] - loadBalancerFrontendIpConfigurations: [ - { - id: '' - } - ] - lock: 'CanNotDelete' - roleAssignments: [ - { - principalIds: [ - '' - ] - roleDefinitionIdOrName: 'Reader' - } - ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - visibility: { - subscriptions: [ - '' - ] - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "nplscom001" - }, - // Non-required parameters - "autoApproval": { - "value": { - "subscriptions": [ - "*" - ] - } - }, - "enableDefaultTelemetry": { - "value": "" - }, - "enableProxyProtocol": { - "value": true - }, - "fqdns": { - "value": [ - "nplscom.plsfqdn01.azure.privatelinkservice", - "nplscom.plsfqdn02.azure.privatelinkservice" - ] - }, - "ipConfigurations": { - "value": [ - { - "name": "nplscom01", - "properties": { - "primary": true, - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "" - } - } - } - ] - }, - "loadBalancerFrontendIpConfigurations": { - "value": [ - { - "id": "" - } - ] - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "principalIds": [ - "" - ], - "roleDefinitionIdOrName": "Reader" - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - }, - "visibility": { - "value": { - "subscriptions": [ - "" - ] - } - } - } -} -``` - -
-

- -

Example 2: Min

- -
- -via Bicep module - -```bicep -module privateLinkService './network/private-link-service/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-nplsmin' - params: { - // Required parameters - name: 'nplsmin001' - // Non-required parameters - enableDefaultTelemetry: '' - ipConfigurations: [ - { - name: 'nplsmin01' - properties: { - subnet: { - id: '' - } - } - } - ] - loadBalancerFrontendIpConfigurations: [ - { - id: '' - } - ] - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "nplsmin001" - }, - // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - }, - "ipConfigurations": { - "value": [ - { - "name": "nplsmin01", - "properties": { - "subnet": { - "id": "" - } - } - } - ] - }, - "loadBalancerFrontendIpConfigurations": { - "value": [ - { - "id": "" - } - ] - } - } -} -``` - -
-

diff --git a/modules/network/private-link-service/main.bicep b/modules/network/private-link-service/main.bicep index cc1f2dccdc..e9f91ecae5 100644 --- a/modules/network/private-link-service/main.bicep +++ b/modules/network/private-link-service/main.bicep @@ -25,7 +25,7 @@ param extendedLocation object = {} @description('Optional. The auto-approval list of the private link service.') param autoApproval object = {} -@description('Optional. Whether the private link service is enabled for proxy protocol or not.') +@description('Optional. Lets the service provider use tcp proxy v2 to retrieve connection information about the service consumer. Service Provider is responsible for setting up receiver configs to be able to parse the proxy protocol v2 header.') param enableProxyProtocol bool = false @description('Optional. The list of Fqdn.') @@ -34,10 +34,10 @@ param fqdns array = [] @description('Optional. An array of private link service IP configurations.') param ipConfigurations array = [] -@description('Optional. An array of references to the load balancer IP configurations.') +@description('Optional. An array of references to the load balancer IP configurations. The Private Link service is tied to the frontend IP address of a Standard Load Balancer. All traffic destined for the service will reach the frontend of the SLB. You can configure SLB rules to direct this traffic to appropriate backend pools where your applications are running. Load balancer frontend IP configurations are different than NAT IP configurations.') param loadBalancerFrontendIpConfigurations array = [] -@description('Optional. The visibility list of the private link service.') +@description('Optional. Controls the exposure settings for your Private Link service. Service providers can choose to limit the exposure to their service to subscriptions with Azure role-based access control (Azure RBAC) permissions, a restricted set of subscriptions, or all Azure subscriptions.') param visibility object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') From f9a3ee06b655510dc32715a4877f5cc7b259378c Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 13 Oct 2023 23:03:52 +0200 Subject: [PATCH 15/16] Regen readmes --- modules/network/route-table/README.md | 3 +++ modules/network/trafficmanagerprofile/README.md | 3 +++ .../virtual-hub/hub-virtual-network-connection/README.md | 1 + modules/network/virtual-network-gateway/README.md | 3 +++ modules/network/virtual-network/README.md | 5 +++-- modules/network/virtual-network/subnet/README.md | 3 ++- modules/network/vpn-gateway/README.md | 3 +++ modules/network/vpn-gateway/vpn-connection/README.md | 3 +++ modules/network/vpn-site/README.md | 3 +++ modules/operational-insights/workspace/README.md | 3 +++ modules/recovery-services/vault/README.md | 3 +++ modules/recovery-services/vault/backup-policy/README.md | 1 + modules/recovery-services/vault/replication-fabric/README.md | 1 + .../replication-protection-container/README.md | 1 + modules/resources/deployment-script/README.md | 4 +++- modules/resources/resource-group/README.md | 4 +++- 16 files changed, 39 insertions(+), 5 deletions(-) diff --git a/modules/network/route-table/README.md b/modules/network/route-table/README.md index 2d08dc94a2..345da52329 100644 --- a/modules/network/route-table/README.md +++ b/modules/network/route-table/README.md @@ -9,6 +9,7 @@ This module deploys a User Defined Route Table (UDR). - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Deployment examples](#Deployment-examples) +- [Notes](#Notes) ## Resource types @@ -38,6 +39,7 @@ This module deploys a User Defined Route Table (UDR). | `routes` | array | `[]` | | An Array of Routes to be established within the hub route table. | | `tags` | object | `{object}` | | Tags of the resource. | + ## Outputs | Output Name | Type | Description | @@ -206,6 +208,7 @@ module routeTable './network/route-table/main.bicep' = {

+ ## Notes ### Parameter Usage: `roleAssignments` diff --git a/modules/network/trafficmanagerprofile/README.md b/modules/network/trafficmanagerprofile/README.md index 5de0ab9733..592e9cd99b 100644 --- a/modules/network/trafficmanagerprofile/README.md +++ b/modules/network/trafficmanagerprofile/README.md @@ -9,6 +9,7 @@ This module deploys a Traffic Manager Profile. - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Deployment examples](#Deployment-examples) +- [Notes](#Notes) ## Resource types @@ -51,6 +52,7 @@ This module deploys a Traffic Manager Profile. | `trafficViewEnrollmentStatus` | string | `'Disabled'` | `[Disabled, Enabled]` | Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile. | | `ttl` | int | `60` | | The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile. | + ## Outputs | Output Name | Type | Description | @@ -220,6 +222,7 @@ module trafficmanagerprofile './network/trafficmanagerprofile/main.bicep' = {

+ ## Notes ### Parameter Usage: `monitorConfig` diff --git a/modules/network/virtual-hub/hub-virtual-network-connection/README.md b/modules/network/virtual-hub/hub-virtual-network-connection/README.md index 87f5dc8ea8..bd663aeb43 100644 --- a/modules/network/virtual-hub/hub-virtual-network-connection/README.md +++ b/modules/network/virtual-hub/hub-virtual-network-connection/README.md @@ -38,6 +38,7 @@ This module deploys a Virtual Hub Virtual Network Connection. | `enableInternetSecurity` | bool | `True` | Enable internet security. | | `routingConfiguration` | object | `{object}` | Routing Configuration indicating the associated and propagated route tables for this connection. | + ## Outputs | Output Name | Type | Description | diff --git a/modules/network/virtual-network-gateway/README.md b/modules/network/virtual-network-gateway/README.md index c7408ccddf..f40b952857 100644 --- a/modules/network/virtual-network-gateway/README.md +++ b/modules/network/virtual-network-gateway/README.md @@ -9,6 +9,7 @@ This module deploys a Virtual Network Gateway. - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Deployment examples](#Deployment-examples) +- [Notes](#Notes) ## Resource types @@ -73,6 +74,7 @@ This module deploys a Virtual Network Gateway. | `vpnGatewayGeneration` | string | `'None'` | `[Generation1, Generation2, None]` | The generation for this VirtualNetworkGateway. Must be None if virtualNetworkGatewayType is not VPN. | | `vpnType` | string | `'RouteBased'` | `[PolicyBased, RouteBased]` | Specifies the VPN type. | + ## Outputs | Output Name | Type | Description | @@ -623,6 +625,7 @@ module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = {

+ ## Notes ### Parameter Usage: `roleAssignments` diff --git a/modules/network/virtual-network/README.md b/modules/network/virtual-network/README.md index 79482bf129..420481c523 100644 --- a/modules/network/virtual-network/README.md +++ b/modules/network/virtual-network/README.md @@ -6,10 +6,10 @@ This module deploys a Virtual Network (vNet). - [Resource types](#Resource-types) - [Parameters](#Parameters) -- [Considerations](#Considerations) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Deployment examples](#Deployment-examples) +- [Notes](#Notes) ## Resource types @@ -55,6 +55,7 @@ This module deploys a Virtual Network (vNet). | `vnetEncryption` | bool | `False` | | Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. Requires the EnableVNetEncryption feature to be registered for the subscription and a supported region to use this property. | | `vnetEncryptionEnforcement` | string | `'AllowUnencrypted'` | `[AllowUnencrypted, DropUnencrypted]` | If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled. | + ## Outputs | Output Name | Type | Description | @@ -453,6 +454,7 @@ module virtualNetwork './network/virtual-network/main.bicep' = {

+ ## Notes ### Considerations @@ -573,4 +575,3 @@ tags: {

- diff --git a/modules/network/virtual-network/subnet/README.md b/modules/network/virtual-network/subnet/README.md index dc97c4e730..1d0e363cf6 100644 --- a/modules/network/virtual-network/subnet/README.md +++ b/modules/network/virtual-network/subnet/README.md @@ -6,9 +6,9 @@ This module deploys a Virtual Network Subnet. - [Resource Types](#Resource-Types) - [Parameters](#Parameters) -- [Considerations](#Considerations) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) +- [Notes](#Notes) ## Resource Types @@ -50,6 +50,7 @@ This module deploys a Virtual Network Subnet. | `serviceEndpointPolicies` | array | `[]` | | An array of service endpoint policies. | | `serviceEndpoints` | array | `[]` | | The service endpoints to enable on the subnet. | + ## Outputs | Output Name | Type | Description | diff --git a/modules/network/vpn-gateway/README.md b/modules/network/vpn-gateway/README.md index e16fcdd0ec..dae2760dda 100644 --- a/modules/network/vpn-gateway/README.md +++ b/modules/network/vpn-gateway/README.md @@ -9,6 +9,7 @@ This module deploys a VPN Gateway. - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Deployment examples](#Deployment-examples) +- [Notes](#Notes) ## Resource Types @@ -43,6 +44,7 @@ This module deploys a VPN Gateway. | `vpnConnections` | array | `[]` | | The VPN connections to create in the VPN gateway. | | `vpnGatewayScaleUnit` | int | `2` | | The scale unit for this VPN gateway. | + ## Outputs | Output Name | Type | Description | @@ -253,6 +255,7 @@ module vpnGateway './network/vpn-gateway/main.bicep' = {

+ ## Notes ### Parameter Usage: `bgpSettings` diff --git a/modules/network/vpn-gateway/vpn-connection/README.md b/modules/network/vpn-gateway/vpn-connection/README.md index b61a394071..624aacd235 100644 --- a/modules/network/vpn-gateway/vpn-connection/README.md +++ b/modules/network/vpn-gateway/vpn-connection/README.md @@ -8,6 +8,7 @@ This module deploys a VPN Gateway VPN Connection. - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) +- [Notes](#Notes) ## Resource Types @@ -48,6 +49,8 @@ This module deploys a VPN Gateway VPN Connection. | `usePolicyBasedTrafficSelectors` | bool | `False` | | Enable policy-based traffic selectors. | | `vpnConnectionProtocolType` | string | `'IKEv2'` | `[IKEv1, IKEv2]` | Gateway connection protocol. | | `vpnLinkConnections` | array | `[]` | | List of all VPN site link connections to the gateway. | + + ## Outputs | Output Name | Type | Description | diff --git a/modules/network/vpn-site/README.md b/modules/network/vpn-site/README.md index e60024cf64..885dd54c32 100644 --- a/modules/network/vpn-site/README.md +++ b/modules/network/vpn-site/README.md @@ -9,6 +9,7 @@ This module deploys a VPN Site. - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Deployment examples](#Deployment-examples) +- [Notes](#Notes) ## Resource Types @@ -49,6 +50,7 @@ This module deploys a VPN Site. | `tags` | object | `{object}` | | Tags of the resource. | | `vpnSiteLinks` | array | `[]` | | List of all VPN site links. | + ## Outputs | Output Name | Type | Description | @@ -301,6 +303,7 @@ module vpnSite './network/vpn-site/main.bicep' = {

+ ## Notes ### Parameter Usage `deviceProperties` diff --git a/modules/operational-insights/workspace/README.md b/modules/operational-insights/workspace/README.md index 2486731e0b..ef62355818 100644 --- a/modules/operational-insights/workspace/README.md +++ b/modules/operational-insights/workspace/README.md @@ -9,6 +9,7 @@ This module deploys a Log Analytics Workspace. - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Deployment examples](#Deployment-examples) +- [Notes](#Notes) ## Resource types @@ -75,6 +76,7 @@ This module deploys a Log Analytics Workspace. | `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | | `useResourcePermissions` | bool | `False` | | Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. | + ## Outputs | Output Name | Type | Description | @@ -1060,6 +1062,7 @@ module workspace './operational-insights/workspace/main.bicep' = {

+ ## Notes ### Parameter Usage: `roleAssignments` diff --git a/modules/recovery-services/vault/README.md b/modules/recovery-services/vault/README.md index b40ed8507c..fdb0a41276 100644 --- a/modules/recovery-services/vault/README.md +++ b/modules/recovery-services/vault/README.md @@ -9,6 +9,7 @@ This module deploys a Recovery Services Vault. - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Deployment examples](#Deployment-examples) +- [Notes](#Notes) ## Resource Types @@ -69,6 +70,7 @@ This module deploys a Recovery Services Vault. | `tags` | object | `{object}` | | Tags of the Recovery Service Vault resource. | | `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | + ## Outputs | Output Name | Type | Description | @@ -969,6 +971,7 @@ module vault './recovery-services/vault/main.bicep' = {

+ ## Notes ### Parameter Usage: `roleAssignments` diff --git a/modules/recovery-services/vault/backup-policy/README.md b/modules/recovery-services/vault/backup-policy/README.md index cbd450748c..8490913844 100644 --- a/modules/recovery-services/vault/backup-policy/README.md +++ b/modules/recovery-services/vault/backup-policy/README.md @@ -36,6 +36,7 @@ This module deploys a Recovery Services Vault Backup Policy. | :-- | :-- | :-- | :-- | | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | + ## Outputs | Output Name | Type | Description | diff --git a/modules/recovery-services/vault/replication-fabric/README.md b/modules/recovery-services/vault/replication-fabric/README.md index e48eb98600..e11ecc23d5 100644 --- a/modules/recovery-services/vault/replication-fabric/README.md +++ b/modules/recovery-services/vault/replication-fabric/README.md @@ -41,6 +41,7 @@ This module deploys a Replication Fabric for Azure to Azure disaster recovery sc | `name` | string | `[parameters('location')]` | The name of the fabric. | | `replicationContainers` | array | `[]` | Replication containers to create. | + ## Outputs | Output Name | Type | Description | diff --git a/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md b/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md index 454d9e01d2..23b6656e50 100644 --- a/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md +++ b/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md @@ -40,6 +40,7 @@ This module deploys a Recovery Services Vault Replication Protection Container. | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | | `replicationContainerMappings` | array | `[]` | Replication containers mappings to create. | + ## Outputs | Output Name | Type | Description | diff --git a/modules/resources/deployment-script/README.md b/modules/resources/deployment-script/README.md index cbc3ffa544..78a07ec984 100644 --- a/modules/resources/deployment-script/README.md +++ b/modules/resources/deployment-script/README.md @@ -7,9 +7,9 @@ This module deploys a Deployment Script. - [Resource types](#Resource-types) - [Parameters](#Parameters) - [Outputs](#Outputs) -- [Considerations](#Considerations) - [Cross-referenced modules](#Cross-referenced-modules) - [Deployment examples](#Deployment-examples) +- [Notes](#Notes) ## Resource types @@ -56,6 +56,7 @@ This module deploys a Deployment Script. | :-- | :-- | :-- | :-- | | `baseTime` | string | `[utcNow('yyyy-MM-dd-HH-mm-ss')]` | Do not provide a value! This date value is used to make sure the script run every time the template is deployed. | + ## Outputs | Output Name | Type | Description | @@ -301,6 +302,7 @@ module deploymentScript './resources/deployment-script/main.bicep' = {

+ ## Notes ### Parameter Usage: `tags` diff --git a/modules/resources/resource-group/README.md b/modules/resources/resource-group/README.md index 8ac95ad140..f0f88d7331 100644 --- a/modules/resources/resource-group/README.md +++ b/modules/resources/resource-group/README.md @@ -6,10 +6,10 @@ This module deploys a Resource Group. - [Resource types](#Resource-types) - [Parameters](#Parameters) -- [Considerations](#Considerations) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Deployment examples](#Deployment-examples) +- [Notes](#Notes) ## Resource types @@ -38,6 +38,7 @@ This module deploys a Resource Group. | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Tags of the storage account resource. | + ## Outputs | Output Name | Type | Description | @@ -187,6 +188,7 @@ module resourceGroup './resources/resource-group/main.bicep' = {

+ ## Notes ### Parameter Usage: `roleAssignments` From dc4ff0f6e2c57cc6c30680b1f086b1ceb5a3f521 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 13 Oct 2023 23:26:17 +0200 Subject: [PATCH 16/16] Compiled template --- modules/network/private-link-service/main.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/network/private-link-service/main.json b/modules/network/private-link-service/main.json index d355611b6c..fedfe30695 100644 --- a/modules/network/private-link-service/main.json +++ b/modules/network/private-link-service/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5269294083779286611" + "version": "0.22.6.54827", + "templateHash": "15026904267969319263" }, "name": "Private Link Services", "description": "This module deploys a Private Link Service.", @@ -62,7 +62,7 @@ "type": "bool", "defaultValue": false, "metadata": { - "description": "Optional. Whether the private link service is enabled for proxy protocol or not." + "description": "Optional. Lets the service provider use tcp proxy v2 to retrieve connection information about the service consumer. Service Provider is responsible for setting up receiver configs to be able to parse the proxy protocol v2 header." } }, "fqdns": { @@ -83,14 +83,14 @@ "type": "array", "defaultValue": [], "metadata": { - "description": "Optional. An array of references to the load balancer IP configurations." + "description": "Optional. An array of references to the load balancer IP configurations. The Private Link service is tied to the frontend IP address of a Standard Load Balancer. All traffic destined for the service will reach the frontend of the SLB. You can configure SLB rules to direct this traffic to appropriate backend pools where your applications are running. Load balancer frontend IP configurations are different than NAT IP configurations." } }, "visibility": { "type": "object", "defaultValue": {}, "metadata": { - "description": "Optional. The visibility list of the private link service." + "description": "Optional. Controls the exposure settings for your Private Link service. Service providers can choose to limit the exposure to their service to subscriptions with Azure role-based access control (Azure RBAC) permissions, a restricted set of subscriptions, or all Azure subscriptions." } }, "enableDefaultTelemetry": { @@ -187,8 +187,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5533654870046410263" + "version": "0.22.6.54827", + "templateHash": "535852805558824015" } }, "parameters": {