diff --git a/src/bicep/README.md b/src/bicep/README.md
index 5fd448dba..3de7d2bc9 100644
--- a/src/bicep/README.md
+++ b/src/bicep/README.md
@@ -37,6 +37,11 @@ Pick a unqiue resource prefix that is 3-10 alphanumeric characters in length wit
- See [Setting the Firewall SKU](#Setting-the-Firewall-SKU) for steps on how to use the Standard SKU instead.
- See [Setting the Firewall Location](#Setting-the-Firewall-Location) for steps on how to deploy into a different region.
+- Review the default [Naming Convention](#Naming-Conventions) or apply your own
+
+ - By default, Mission LZ creates resources with a naming convention
+ - See [Naming Convention](#Naming-Conventions) to see what that convention is and how to provide your own to suit your needs
+
#### Know where to find your deployment output
After a deployment is complete, you can refer to the provisioned resources programmaticaly with the Azure CLI.
@@ -328,6 +333,88 @@ Read more about `az deployment` at: [https://docs.microsoft.com](https://docs.mi
Read more about JMESPath queries at:
+## Naming Conventions
+
+The [naming convention is inspired by the Azure Cloud Adoption Framework](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming) and uses the [recommended resource abbreviations](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations).
+
+By default, Mission LZ resources are named according to a naming convention that uses the mandatory `resourcePrefix` parameter and the optional `resourceSuffix` parameter (that is defaulted to `mlz`).
+
+### Default Naming Convention Example
+
+Let's look at an example using `--parameters resourcePrefix=FOO` and `--parameters resourceSuffix=BAR`
+
+- In `mlz.bicep` you will find a variable titled `namingConvention`:
+
+ ```bicep
+ var namingConvention = '${toLower(resourcePrefix)}-${resourceToken}-${nameToken}-${toLower(resourceSuffix)}'
+ # this generates a value of: foo-${resourceToken}-${nameToken}-bar
+ ```
+
+- This naming convention uses Bicep's `replace()` function to substitute resource abbreviations for `resourceToken` and resource names for `nameToken`.
+
+- For example, when naming the Hub Resource Group, first the `resourceToken` is substituted with the recommended abbreviation `rg`:
+
+ ```bicep
+ var resourceGroupNamingConvention = replace(namingConvention, resourceToken, 'rg')
+ # this generates a value of: foo-rg-${nameToken}-bar
+ ```
+
+- Then, the `nameToken` is substituted with the Mission LZ name `hub`:
+
+ ```bicep
+ var hubResourceGroupName = replace(resourceGroupNamingConvention, nameToken, 'hub')
+ # this generates a value of: foo-rg-hub-bar
+ ```
+
+- Finally, the `hubResourceGroupName` is assigned to the resource group `name` parameter:
+
+ ```bicep
+ params: {
+ name: hubResourceGroupName # this is the calculated value 'foo-rg-hub-bar'
+ location: location
+ tags: calculatedTags
+ }
+ ```
+
+### Modifying The Naming Convention
+
+You can modify this naming convention to suit your needs. We recommend following the [Cloud Adoption Framework guidance](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming).
+
+- In `mlz.bicep` you can modify the root naming convention. This is the default convention:
+
+ ```bicep
+ var namingConvention = '${toLower(resourcePrefix)}-${resourceToken}-${nameToken}-${toLower(resourceSuffix)}'
+ ```
+
+- Say you did not want to use the `resourceSuffix` value, but instead wanted to add your own token to the naming convention like `team`:
+
+- First, you added the new parameter `team`:
+
+ ```bicep
+ @allowedValues([
+ 'admin'
+ 'marketing'
+ 'sales'
+ ])
+ param team
+ ```
+
+- Then, you modified the naming convention to allow for mixed case `resourcePrefix` values and your new `team` value (while retaining the token identifiers `resourceToken` and `nameToken`):
+
+ ```bicep
+ var namingConvention = '${resourcePrefix}-${team}-${resourceToken}-${nameToken}'
+ ```
+
+- Now, given a `--parameters resourcePrefix=FOO` and `--parameters team=sales` the generated Hub Resource Group Name would be:
+
+ ```plaintext
+ params: {
+ name: hubResourceGroupName # this is the calculated value 'FOO-sales-rg-hub'
+ location: location
+ tags: calculatedTags
+ }
+ ```
+
## Development Pre-requisites
If you want to develop with Bicep you'll need these:
diff --git a/src/bicep/mlz.bicep b/src/bicep/mlz.bicep
index d81e01b62..7e65145df 100644
--- a/src/bicep/mlz.bicep
+++ b/src/bicep/mlz.bicep
@@ -1,16 +1,186 @@
-// scope
targetScope = 'subscription'
-// main
+/*
-//// scaffolding
+ NAMING CONVENTION
+
+ Here we define some naming conventions for resources.
+
+ First, take `resourcePrefix` and `resourceSuffix` by params.
+ Then, we use string interpolation to insert those values into a naming convention.
+
+ We were inspired for these abbreviations by: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations
+ We were inspired for these naming conventions by: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming
+
+*/
+
+var resourceToken = 'resource_token'
+var nameToken = 'name_token'
+
+var namingConvention = '${toLower(resourcePrefix)}-${resourceToken}-${nameToken}-${toLower(resourceSuffix)}'
+
+/*
+
+ CALCULATED VALUES
+
+ Here, we reference the naming conventions described above,
+ then, use the replace() function to insert unique resource types and values into the naming convention.
+
+*/
+
+// RESOURCE NAME CONVENTIONS WITH ABBREVIATIONS
+
+var bastionHostNamingConvention = replace(namingConvention, resourceToken, 'bas')
+var firewallNamingConvention = replace(namingConvention, resourceToken, 'afw')
+var firewallPolicyNamingConvention = replace(namingConvention, resourceToken, 'afwp')
+var ipConfigurationNamingConvention = replace(namingConvention, resourceToken, 'ipconf')
+var logAnalyticsWorkspaceNamingConvention = replace(namingConvention, resourceToken, 'log')
+var networkInterfaceNamingConvention = replace(namingConvention, resourceToken, 'nic')
+var networkSecurityGroupNamingConvention = replace(namingConvention, resourceToken, 'nsg')
+var publicIpAddressNamingConvention = replace(namingConvention, resourceToken, 'pip')
+var resourceGroupNamingConvention = replace(namingConvention, resourceToken, 'rg')
+var storageAccountNamingConvention = toLower('${resourcePrefix}st${nameToken}${uniqueString(resourcePrefix, resourceSuffix)}') // we use uniqueString() here to generate uniqueness
+var subnetNamingConvention = replace(namingConvention, resourceToken, 'snet')
+var virtualMachineNamingConvention = replace(namingConvention, resourceToken, 'vm')
+var virtualNetworkNamingConvention = replace(namingConvention, resourceToken, 'vnet')
+
+// HUB NAMES
+
+var hubName = 'hub'
+var hubShortName = 'hub'
+var hubResourceGroupName = replace(resourceGroupNamingConvention, nameToken, hubName)
+var hubLogStorageAccountName = take(replace(storageAccountNamingConvention, nameToken, hubShortName), 23)
+var hubVirtualNetworkName = replace(virtualNetworkNamingConvention, nameToken, hubName)
+var hubNetworkSecurityGroupName = replace(networkSecurityGroupNamingConvention, nameToken, hubName)
+var hubSubnetName = replace(subnetNamingConvention, nameToken, hubName)
+
+// IDENTITY NAMES
+
+var identityName = 'identity'
+var identityShortName = 'id'
+var identityResourceGroupName = replace(resourceGroupNamingConvention, nameToken, identityName)
+var identityLogStorageAccountName = take(replace(storageAccountNamingConvention, nameToken, identityShortName), 23)
+var identityVirtualNetworkName = replace(virtualNetworkNamingConvention, nameToken, identityName)
+var identityNetworkSecurityGroupName = replace(networkSecurityGroupNamingConvention, nameToken, identityName)
+var identitySubnetName = replace(subnetNamingConvention, nameToken, identityName)
+
+// OPERATIONS NAMES
+
+var operationsName = 'operations'
+var operationsShortName = 'ops'
+var operationsResourceGroupName = replace(resourceGroupNamingConvention, nameToken, operationsName)
+var operationsLogStorageAccountName = take(replace(storageAccountNamingConvention, nameToken, operationsShortName), 23)
+var operationsVirtualNetworkName = replace(virtualNetworkNamingConvention, nameToken, operationsName)
+var operationsNetworkSecurityGroupName = replace(networkSecurityGroupNamingConvention, nameToken, operationsName)
+var operationsSubnetName = replace(subnetNamingConvention, nameToken, operationsName)
+
+// SHARED SERVICES NAMES
+
+var sharedServicesName = 'sharedServices'
+var sharedServicesShortName = 'svcs'
+var sharedServicesResourceGroupName = replace(resourceGroupNamingConvention, nameToken, sharedServicesName)
+var sharedServicesLogStorageAccountName = take(replace(storageAccountNamingConvention, nameToken, sharedServicesShortName), 23)
+var sharedServicesVirtualNetworkName = replace(virtualNetworkNamingConvention, nameToken, sharedServicesName)
+var sharedServicesNetworkSecurityGroupName = replace(networkSecurityGroupNamingConvention, nameToken, sharedServicesName)
+var sharedServicesSubnetName = replace(subnetNamingConvention, nameToken, sharedServicesName)
+
+// LOG ANALYTICS NAMES
+
+var logAnalyticsWorkspaceName = replace(logAnalyticsWorkspaceNamingConvention, nameToken, operationsName)
+
+// FIREWALL NAMES
+
+var firewallName = replace(firewallNamingConvention, nameToken, hubName)
+var firewallPolicyName = replace(firewallPolicyNamingConvention, nameToken, hubName)
+var firewallClientIpConfigurationName = replace(ipConfigurationNamingConvention, nameToken, 'afw-client')
+var firewallClientPublicIPAddressName = replace(publicIpAddressNamingConvention, nameToken, 'afw-client')
+var firewallManagementIpConfigurationName = replace(ipConfigurationNamingConvention, nameToken, 'afw-mgmt')
+var firewallManagementPublicIPAddressName = replace(publicIpAddressNamingConvention, nameToken, 'afw-mgmt')
+
+// BASTION NAMES
+
+var bastionHostName = replace(bastionHostNamingConvention, nameToken, hubName)
+var bastionHostPublicIPAddressName = replace(publicIpAddressNamingConvention, nameToken, 'bas')
+var bastionHostIPConfigurationName = replace(ipConfigurationNamingConvention, nameToken, 'bas')
+var linuxNetworkInterfaceName = replace(networkInterfaceNamingConvention, nameToken, 'bas-linux')
+var linuxNetworkInterfaceIpConfigurationName = replace(ipConfigurationNamingConvention, nameToken, 'bas-linux')
+var linuxVmName = replace(virtualMachineNamingConvention, nameToken, 'bas-linux')
+var windowsNetworkInterfaceName = replace(networkInterfaceNamingConvention, nameToken, 'bas-windows')
+var windowsNetworkInterfaceIpConfigurationName = replace(ipConfigurationNamingConvention, nameToken, 'bas-windows')
+var windowsVmName = replace(virtualMachineNamingConvention, nameToken, 'bas-windows')
+
+// SPOKES
+
+var spokes = [
+ {
+ name: identityName
+ subscriptionId: identitySubscriptionId
+ resourceGroupName: identityResourceGroupName
+ logStorageAccountName: identityLogStorageAccountName
+ virtualNetworkName: identityVirtualNetworkName
+ virtualNetworkAddressPrefix: identityVirtualNetworkAddressPrefix
+ virtualNetworkDiagnosticsLogs: identityVirtualNetworkDiagnosticsLogs
+ virtualNetworkDiagnosticsMetrics: identityVirtualNetworkDiagnosticsMetrics
+ networkSecurityGroupName: identityNetworkSecurityGroupName
+ networkSecurityGroupRules: identityNetworkSecurityGroupRules
+ networkSecurityGroupDiagnosticsLogs: identityNetworkSecurityGroupDiagnosticsLogs
+ networkSecurityGroupDiagnosticsMetrics: identityNetworkSecurityGroupDiagnosticsMetrics
+ subnetName: identitySubnetName
+ subnetAddressPrefix: identitySubnetAddressPrefix
+ subnetServiceEndpoints: identitySubnetServiceEndpoints
+ }
+ {
+ name: operationsName
+ subscriptionId: operationsSubscriptionId
+ resourceGroupName: operationsResourceGroupName
+ logStorageAccountName: operationsLogStorageAccountName
+ virtualNetworkName: operationsVirtualNetworkName
+ virtualNetworkAddressPrefix: operationsVirtualNetworkAddressPrefix
+ virtualNetworkDiagnosticsLogs: operationsVirtualNetworkDiagnosticsLogs
+ virtualNetworkDiagnosticsMetrics: operationsVirtualNetworkDiagnosticsMetrics
+ networkSecurityGroupName: operationsNetworkSecurityGroupName
+ networkSecurityGroupRules: operationsNetworkSecurityGroupRules
+ networkSecurityGroupDiagnosticsLogs: operationsNetworkSecurityGroupDiagnosticsLogs
+ networkSecurityGroupDiagnosticsMetrics: operationsNetworkSecurityGroupDiagnosticsMetrics
+ subnetName: operationsSubnetName
+ subnetAddressPrefix: operationsSubnetAddressPrefix
+ subnetServiceEndpoints: operationsSubnetServiceEndpoints
+ }
+ {
+ name: sharedServicesName
+ subscriptionId: sharedServicesSubscriptionId
+ resourceGroupName: sharedServicesResourceGroupName
+ logStorageAccountName: sharedServicesLogStorageAccountName
+ virtualNetworkName: sharedServicesVirtualNetworkName
+ virtualNetworkAddressPrefix: sharedServicesVirtualNetworkAddressPrefix
+ virtualNetworkDiagnosticsLogs: sharedServicesVirtualNetworkDiagnosticsLogs
+ virtualNetworkDiagnosticsMetrics: sharedServicesVirtualNetworkDiagnosticsMetrics
+ networkSecurityGroupName: sharedServicesNetworkSecurityGroupName
+ networkSecurityGroupRules: sharedServicesNetworkSecurityGroupRules
+ networkSecurityGroupDiagnosticsLogs: sharedServicesNetworkSecurityGroupDiagnosticsLogs
+ networkSecurityGroupDiagnosticsMetrics: sharedServicesNetworkSecurityGroupDiagnosticsMetrics
+ subnetName: sharedServicesSubnetName
+ subnetAddressPrefix: sharedServicesSubnetAddressPrefix
+ subnetServiceEndpoints: sharedServicesSubnetServiceEndpoints
+ }
+]
+
+/*
+
+ RESOURCES
+
+ Here, we create deployable resources.
+
+*/
+
+// RESOURCE GROUPS
module hubResourceGroup './modules/resourceGroup.bicep' = {
name: 'deploy-rg-hub-${nowUtc}'
scope: subscription(hubSubscriptionId)
params: {
name: hubResourceGroupName
- location: hubLocation
+ location: location
tags: calculatedTags
}
}
@@ -20,19 +190,19 @@ module spokeResourceGroups './modules/resourceGroup.bicep' = [for spoke in spoke
scope: subscription(spoke.subscriptionId)
params: {
name: spoke.resourceGroupName
- location: spoke.location
+ location: location
tags: calculatedTags
}
}]
-//// log analytics workspace
+// LOG ANALYTICS WORKSPACE
module logAnalyticsWorkspace './modules/logAnalyticsWorkspace.bicep' = {
name: 'deploy-laws-${nowUtc}'
scope: resourceGroup(operationsSubscriptionId, operationsResourceGroupName)
params: {
name: logAnalyticsWorkspaceName
- location: logAnalyticsWorkspaceLocation
+ location: location
tags: calculatedTags
deploySentinel: deploySentinel
retentionInDays: logAnalyticsWorkspaceRetentionInDays
@@ -44,19 +214,19 @@ module logAnalyticsWorkspace './modules/logAnalyticsWorkspace.bicep' = {
]
}
-//// hub and spoke networks
+// HUB AND SPOKE NETWORKS
module hubNetwork './modules/hubNetwork.bicep' = {
name: 'deploy-vnet-hub-${nowUtc}'
scope: resourceGroup(hubSubscriptionId, hubResourceGroupName)
params: {
- location: hubLocation
+ location: location
tags: calculatedTags
logStorageAccountName: hubLogStorageAccountName
- logStorageSkuName: hubLogStorageSkuName
+ logStorageSkuName: logStorageSkuName
- logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
+ logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name
logAnalyticsWorkspaceResourceId: logAnalyticsWorkspace.outputs.id
virtualNetworkName: hubVirtualNetworkName
@@ -81,7 +251,7 @@ module hubNetwork './modules/hubNetwork.bicep' = {
firewallDiagnosticsLogs: firewallDiagnosticsLogs
firewallDiagnosticsMetrics: firewallDiagnosticsMetrics
firewallClientIpConfigurationName: firewallClientIpConfigurationName
- firewallClientSubnetName: firewallClientSubnetName
+ firewallClientSubnetName: 'AzureFirewallSubnet' // must be 'AzureFirewallSubnet'
firewallClientSubnetAddressPrefix: firewallClientSubnetAddressPrefix
firewallClientSubnetServiceEndpoints: firewallClientSubnetServiceEndpoints
firewallClientPublicIPAddressName: firewallClientPublicIPAddressName
@@ -89,7 +259,7 @@ module hubNetwork './modules/hubNetwork.bicep' = {
firewallClientPublicIpAllocationMethod: firewallClientPublicIpAllocationMethod
firewallClientPublicIPAddressAvailabilityZones: firewallClientPublicIPAddressAvailabilityZones
firewallManagementIpConfigurationName: firewallManagementIpConfigurationName
- firewallManagementSubnetName: firewallManagementSubnetName
+ firewallManagementSubnetName: 'AzureFirewallManagementSubnet' //this must be 'AzureFirewallManagementSubnet'
firewallManagementSubnetAddressPrefix: firewallManagementSubnetAddressPrefix
firewallManagementSubnetServiceEndpoints: firewallManagementSubnetServiceEndpoints
firewallManagementPublicIPAddressName: firewallManagementPublicIPAddressName
@@ -106,11 +276,11 @@ module spokeNetworks './modules/spokeNetwork.bicep' = [ for spoke in spokes: {
name: 'deploy-vnet-${spoke.name}-${nowUtc}'
scope: resourceGroup(spoke.subscriptionId, spoke.resourceGroupName)
params: {
- location: spoke.location
+ location: location
tags: calculatedTags
logStorageAccountName: spoke.logStorageAccountName
- logStorageSkuName: spoke.logStorageSkuName
+ logStorageSkuName: logStorageSkuName
logAnalyticsWorkspaceResourceId: logAnalyticsWorkspace.outputs.id
@@ -132,7 +302,7 @@ module spokeNetworks './modules/spokeNetwork.bicep' = [ for spoke in spokes: {
}
}]
-//// virtual network peering
+// VIRTUAL NETWORK PEERINGS
module hubVirtualNetworkPeerings './modules/hubNetworkPeerings.bicep' = {
name: 'deploy-vnet-peerings-hub-${nowUtc}'
@@ -159,7 +329,7 @@ module spokeVirtualNetworkPeerings './modules/spokeNetworkPeering.bicep' = [ for
}
}]
-//// resource group policy assignments
+// POLICY ASSIGNMENTS
module hubPolicyAssignment './modules/policyAssignment.bicep' = if(deployPolicy) {
name: 'assign-policy-hub-${nowUtc}'
@@ -183,7 +353,7 @@ module spokePolicyAssignments './modules/policyAssignment.bicep' = [ for spoke i
}
}]
-//// central logging per subscription if different per hub/spoke
+// CENTRAL LOGGING
module hubSubscriptionActivityLogging './modules/centralLogging.bicep' = {
name: 'activity-logs-hub-${nowUtc}'
@@ -209,10 +379,8 @@ module spokeSubscriptionActivityLogging './modules/centralLogging.bicep' = [ for
]
}]
-//// log analytics workspace diagnostic logging
-
module logAnalyticsDiagnosticLogging './modules/logAnalyticsDiagnosticLogging.bicep' = {
- name: 'deploy-diagnostic-logging-LAWS'
+ name: 'deploy-diagnostic-logging-${nowUtc}'
scope: resourceGroup(operationsSubscriptionId, operationsResourceGroupName)
params: {
diagnosticStorageAccountName: operationsLogStorageAccountName
@@ -224,10 +392,10 @@ module logAnalyticsDiagnosticLogging './modules/logAnalyticsDiagnosticLogging.bi
]
}
-// security center per subscription if different per hub/spoke
+// SECURITY CENTER
module hubSecurityCenter './modules/securityCenter.bicep' = if(deployASC) {
- name: 'set-hub-sub-security-center'
+ name: 'set-hub-sub-security-center-${nowUtc}'
scope: subscription(hubSubscriptionId)
params: {
logAnalyticsWorkspaceId: logAnalyticsWorkspace.outputs.id
@@ -244,14 +412,14 @@ module spokeSecurityCenter './modules/securityCenter.bicep' = [ for spoke in spo
}
}]
-//// remote access
+// REMOTE ACCESS
module remoteAccess './modules/remoteAccess.bicep' = if(deployRemoteAccess) {
name: 'deploy-remote-access-${nowUtc}'
scope: resourceGroup(hubSubscriptionId, hubResourceGroupName)
params: {
- location: hubLocation
+ location: location
hubVirtualNetworkName: hubNetwork.outputs.virtualNetworkName
hubSubnetResourceId: hubNetwork.outputs.subnetResourceId
@@ -300,12 +468,33 @@ module remoteAccess './modules/remoteAccess.bicep' = if(deployRemoteAccess) {
}
}
-// parameters
+/*
+
+ PARAMETERS
+
+ Here are all the parameters a user can override.
+
+ These are the mandatory parameters that Mission LZ does not provide a default for:
+ - resourcePrefix
+
+*/
@minLength(3)
@maxLength(10)
-@description('A name (3-10 alphanumeric characters without whitespace) used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces')
+@description('A prefix, 3-10 alphanumeric characters without whitespace, used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces')
param resourcePrefix string
+
+@minLength(3)
+@maxLength(6)
+@description('A suffix, 3 to 6 characters in length, to append to resource names (e.g. "dev", "test", "prod", "mlz")')
+param resourceSuffix string = 'mlz'
+
+@description('The region to deploy resources into')
+param location string = deployment().location
+
+@description('The Storage Account SKU to use for log storage')
+param logStorageSkuName string = 'Standard_GRS'
+
param hubSubscriptionId string = subscription().subscriptionId
param identitySubscriptionId string = hubSubscriptionId
param operationsSubscriptionId string = hubSubscriptionId
@@ -317,15 +506,10 @@ param sharedServicesSubscriptionId string = hubSubscriptionId
])
param firewallSkuTier string = 'Premium'
-param hubResourceGroupName string = '${resourcePrefix}-hub'
-param hubLocation string = deployment().location
-param hubVirtualNetworkName string = 'hub-vnet'
-param hubSubnetName string = 'hub-subnet'
param hubVirtualNetworkAddressPrefix string = '10.0.100.0/24'
param hubSubnetAddressPrefix string = '10.0.100.128/27'
param hubVirtualNetworkDiagnosticsLogs array = []
param hubVirtualNetworkDiagnosticsMetrics array = []
-param hubNetworkSecurityGroupName string = 'hub-nsg'
param hubNetworkSecurityGroupRules array = []
param hubNetworkSecurityGroupDiagnosticsLogs array = [
{
@@ -343,13 +527,9 @@ param hubSubnetServiceEndpoints array = [
service: 'Microsoft.Storage'
}
]
-param hubLogStorageAccountName string = toLower(take('hublogs${uniqueId}', 24))
-param hubLogStorageSkuName string = 'Standard_GRS'
-param firewallName string = 'firewall'
param firewallManagementSubnetAddressPrefix string = '10.0.100.64/26'
param firewallClientSubnetAddressPrefix string = '10.0.100.0/26'
-param firewallPolicyName string = 'firewall-policy'
@allowed([
'Alert'
@@ -385,17 +565,12 @@ param firewallDiagnosticsMetrics array = [
enabled: true
}
]
-var firewallClientSubnetName = 'AzureFirewallSubnet' //this must be 'AzureFirewallSubnet'
-param firewallClientIpConfigurationName string = 'firewall-client-ip-config'
+
param firewallClientSubnetServiceEndpoints array = []
-param firewallClientPublicIPAddressName string = 'firewall-client-public-ip'
param firewallClientPublicIPAddressSkuName string = 'Standard'
param firewallClientPublicIpAllocationMethod string = 'Static'
param firewallClientPublicIPAddressAvailabilityZones array = []
-var firewallManagementSubnetName = 'AzureFirewallManagementSubnet' //this must be 'AzureFirewallManagementSubnet'
-param firewallManagementIpConfigurationName string = 'firewall-management-ip-config'
param firewallManagementSubnetServiceEndpoints array = []
-param firewallManagementPublicIPAddressName string = 'firewall-management-public-ip'
param firewallManagementPublicIPAddressSkuName string = 'Standard'
param firewallManagementPublicIpAllocationMethod string = 'Static'
param firewallManagementPublicIPAddressAvailabilityZones array = []
@@ -420,59 +595,37 @@ param publicIPAddressDiagnosticsMetrics array = [
}
]
-param identityResourceGroupName string = replace(hubResourceGroupName, 'hub', 'identity')
-param identityLocation string = hubLocation
-param identityVirtualNetworkName string = replace(hubVirtualNetworkName, 'hub', 'identity')
-param identitySubnetName string = replace(hubSubnetName, 'hub', 'identity')
param identityVirtualNetworkAddressPrefix string = '10.0.110.0/26'
-param identitySubnetAddressPrefix string = '10.0.110.0/27'
param identityVirtualNetworkDiagnosticsLogs array = hubVirtualNetworkDiagnosticsLogs
param identityVirtualNetworkDiagnosticsMetrics array = hubVirtualNetworkDiagnosticsMetrics
-param identityNetworkSecurityGroupName string = replace(hubNetworkSecurityGroupName, 'hub', 'identity')
param identityNetworkSecurityGroupRules array = hubNetworkSecurityGroupRules
param identityNetworkSecurityGroupDiagnosticsLogs array = hubNetworkSecurityGroupDiagnosticsLogs
param identityNetworkSecurityGroupDiagnosticsMetrics array = hubNetworkSecurityGroupDiagnosticsMetrics
+param identitySubnetAddressPrefix string = '10.0.110.0/27'
param identitySubnetServiceEndpoints array = hubSubnetServiceEndpoints
-param identityLogStorageAccountName string = toLower(take('idlogs${uniqueId}', 24))
-param identityLogStorageSkuName string = hubLogStorageSkuName
-param operationsResourceGroupName string = replace(hubResourceGroupName, 'hub', 'operations')
-param operationsLocation string = hubLocation
-param operationsVirtualNetworkName string = replace(hubVirtualNetworkName, 'hub', 'operations')
param operationsVirtualNetworkAddressPrefix string = '10.0.115.0/26'
param operationsVirtualNetworkDiagnosticsLogs array = hubVirtualNetworkDiagnosticsLogs
param operationsVirtualNetworkDiagnosticsMetrics array = hubVirtualNetworkDiagnosticsMetrics
-param operationsNetworkSecurityGroupName string = replace(hubNetworkSecurityGroupName, 'hub', 'operations')
param operationsNetworkSecurityGroupRules array = hubNetworkSecurityGroupRules
param operationsNetworkSecurityGroupDiagnosticsLogs array = hubNetworkSecurityGroupDiagnosticsLogs
param operationsNetworkSecurityGroupDiagnosticsMetrics array = hubNetworkSecurityGroupDiagnosticsMetrics
-param operationsSubnetName string = replace(hubSubnetName, 'hub', 'operations')
param operationsSubnetAddressPrefix string = '10.0.115.0/27'
param operationsSubnetServiceEndpoints array = hubSubnetServiceEndpoints
-param operationsLogStorageAccountName string = toLower(take('opslogs${uniqueId}', 24))
-param operationsLogStorageSkuName string = hubLogStorageSkuName
-param sharedServicesResourceGroupName string = replace(hubResourceGroupName, 'hub', 'sharedServices')
-param sharedServicesLocation string = hubLocation
-param sharedServicesVirtualNetworkName string = replace(hubVirtualNetworkName, 'hub', 'sharedServices')
-param sharedServicesSubnetName string = replace(hubSubnetName, 'hub', 'sharedServices')
param sharedServicesVirtualNetworkAddressPrefix string = '10.0.120.0/26'
-param sharedServicesSubnetAddressPrefix string = '10.0.120.0/27'
param sharedServicesVirtualNetworkDiagnosticsLogs array = hubVirtualNetworkDiagnosticsLogs
param sharedServicesVirtualNetworkDiagnosticsMetrics array = hubVirtualNetworkDiagnosticsMetrics
-param sharedServicesNetworkSecurityGroupName string = replace(hubNetworkSecurityGroupName, 'hub', 'sharedServices')
param sharedServicesNetworkSecurityGroupRules array = hubNetworkSecurityGroupRules
param sharedServicesNetworkSecurityGroupDiagnosticsLogs array = hubNetworkSecurityGroupDiagnosticsLogs
param sharedServicesNetworkSecurityGroupDiagnosticsMetrics array = hubNetworkSecurityGroupDiagnosticsMetrics
+param sharedServicesSubnetAddressPrefix string = '10.0.120.0/27'
param sharedServicesSubnetServiceEndpoints array = hubSubnetServiceEndpoints
-param sharedServicesLogStorageAccountName string = toLower(take('shrdSvclogs${uniqueId}', 24))
-param sharedServicesLogStorageSkuName string = hubLogStorageSkuName
-param logAnalyticsWorkspaceName string = take('${resourcePrefix}-laws', 63)
-param logAnalyticsWorkspaceLocation string = operationsLocation
param logAnalyticsWorkspaceCappingDailyQuotaGb int = -1
param logAnalyticsWorkspaceRetentionInDays int = 30
param logAnalyticsWorkspaceSkuName string = 'PerGB2018'
+
@description('When set to "True", enables Microsoft Sentinel within the MLZ Log Analytics workspace.')
param deploySentinel bool = false
@@ -491,17 +644,11 @@ param deployASC bool = false
@description('Provision Azure Bastion Host and jumpboxes in this deployment')
param deployRemoteAccess bool = false
-param bastionHostName string = 'bastionHost'
param bastionHostSubnetAddressPrefix string = '10.0.100.160/27'
-param bastionHostPublicIPAddressName string = 'bastionHostPublicIPAddress'
param bastionHostPublicIPAddressSkuName string = 'Standard'
param bastionHostPublicIPAddressAllocationMethod string = 'Static'
param bastionHostPublicIPAddressAvailabilityZones array = []
-param bastionHostIPConfigurationName string = 'bastionHostIPConfiguration'
-param linuxNetworkInterfaceName string = 'linuxVmNetworkInterface'
-param linuxNetworkInterfaceIpConfigurationName string = 'linuxVmIpConfiguration'
param linuxNetworkInterfacePrivateIPAddressAllocationMethod string = 'Dynamic'
-param linuxVmName string = 'linuxVirtualMachine'
param linuxVmSize string = 'Standard_B2s'
param linuxVmOsDiskCreateOption string = 'FromImage'
param linuxVmOsDiskType string = 'Standard_LRS'
@@ -518,10 +665,7 @@ param linuxVmAuthenticationType string = 'password'
@secure()
@minLength(14)
param linuxVmAdminPasswordOrKey string = deployRemoteAccess ? '' : newGuid()
-param windowsNetworkInterfaceName string = 'windowsVmNetworkInterface'
-param windowsNetworkInterfaceIpConfigurationName string = 'windowsVmIpConfiguration'
param windowsNetworkInterfacePrivateIPAddressAllocationMethod string = 'Dynamic'
-param windowsVmName string = 'windowsVm'
param windowsVmSize string = 'Standard_DS1_v2'
param windowsVmAdminUsername string = 'azureuser'
@secure()
@@ -537,75 +681,32 @@ param windowsVmStorageAccountType string = 'StandardSSD_LRS'
param tags object = {}
var defaultTags = {
'resourcePrefix': resourcePrefix
+ 'resourceSuffix': resourceSuffix
'DeploymentType': 'MissionLandingZoneARM'
}
var calculatedTags = union(tags,defaultTags)
-param uniqueId string = uniqueString(resourcePrefix, nowUtc)
param nowUtc string = utcNow()
-var spokes = [
- {
- name: 'operations'
- subscriptionId: operationsSubscriptionId
- resourceGroupName: operationsResourceGroupName
- location: operationsLocation
- logStorageAccountName: operationsLogStorageAccountName
- logStorageSkuName: operationsLogStorageSkuName
- virtualNetworkName: operationsVirtualNetworkName
- virtualNetworkAddressPrefix: operationsVirtualNetworkAddressPrefix
- virtualNetworkDiagnosticsLogs: operationsVirtualNetworkDiagnosticsLogs
- virtualNetworkDiagnosticsMetrics: operationsVirtualNetworkDiagnosticsMetrics
- networkSecurityGroupName: operationsNetworkSecurityGroupName
- networkSecurityGroupRules: operationsNetworkSecurityGroupRules
- networkSecurityGroupDiagnosticsLogs: operationsNetworkSecurityGroupDiagnosticsLogs
- networkSecurityGroupDiagnosticsMetrics: operationsNetworkSecurityGroupDiagnosticsMetrics
- subnetName: operationsSubnetName
- subnetAddressPrefix: operationsSubnetAddressPrefix
- subnetServiceEndpoints: operationsSubnetServiceEndpoints
- }
- {
- name: 'identity'
- subscriptionId: identitySubscriptionId
- resourceGroupName: identityResourceGroupName
- location: identityLocation
- logStorageAccountName: identityLogStorageAccountName
- logStorageSkuName: identityLogStorageSkuName
- virtualNetworkName: identityVirtualNetworkName
- virtualNetworkAddressPrefix: identityVirtualNetworkAddressPrefix
- virtualNetworkDiagnosticsLogs: identityVirtualNetworkDiagnosticsLogs
- virtualNetworkDiagnosticsMetrics: identityVirtualNetworkDiagnosticsMetrics
- networkSecurityGroupName: identityNetworkSecurityGroupName
- networkSecurityGroupRules: identityNetworkSecurityGroupRules
- networkSecurityGroupDiagnosticsLogs: identityNetworkSecurityGroupDiagnosticsLogs
- networkSecurityGroupDiagnosticsMetrics: identityNetworkSecurityGroupDiagnosticsMetrics
- subnetName: identitySubnetName
- subnetAddressPrefix: identitySubnetAddressPrefix
- subnetServiceEndpoints: identitySubnetServiceEndpoints
- }
- {
- name: 'sharedServices'
- subscriptionId: sharedServicesSubscriptionId
- resourceGroupName: sharedServicesResourceGroupName
- location: sharedServicesLocation
- logStorageAccountName: sharedServicesLogStorageAccountName
- logStorageSkuName: sharedServicesLogStorageSkuName
- virtualNetworkName: sharedServicesVirtualNetworkName
- virtualNetworkAddressPrefix: sharedServicesVirtualNetworkAddressPrefix
- virtualNetworkDiagnosticsLogs: sharedServicesVirtualNetworkDiagnosticsLogs
- virtualNetworkDiagnosticsMetrics: sharedServicesVirtualNetworkDiagnosticsMetrics
- networkSecurityGroupName: sharedServicesNetworkSecurityGroupName
- networkSecurityGroupRules: sharedServicesNetworkSecurityGroupRules
- networkSecurityGroupDiagnosticsLogs: sharedServicesNetworkSecurityGroupDiagnosticsLogs
- networkSecurityGroupDiagnosticsMetrics: sharedServicesNetworkSecurityGroupDiagnosticsMetrics
- subnetName: sharedServicesSubnetName
- subnetAddressPrefix: sharedServicesSubnetAddressPrefix
- subnetServiceEndpoints: sharedServicesSubnetServiceEndpoints
- }
-]
+/*
+
+ OUTPUTS
+
+ Here, we emit objects to be used post-deployment.
+
+ A user can reference these outputs with the `az deployment sub show` command like this:
+
+ az deployment sub show --name --query properties.outputs
+
+ With that output as JSON you could pass it as arguments to another deployment using the Shared Variable File Pattern:
+ https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/patterns-shared-variable-file
+
+ The output is a JSON object, you can use your favorite tool, like PowerShell or jq, to parse the values you need.
+
+*/
-// outputs
output mlzResourcePrefix string = resourcePrefix
+
output firewallPrivateIPAddress string = hubNetwork.outputs.firewallPrivateIPAddress
output hub object = {
diff --git a/src/bicep/mlz.json b/src/bicep/mlz.json
index 416036160..e63a5d11e 100644
--- a/src/bicep/mlz.json
+++ b/src/bicep/mlz.json
@@ -5,18 +5,41 @@
"_generator": {
"name": "bicep",
"version": "0.4.1008.15138",
- "templateHash": "10286368957514163169"
+ "templateHash": "8826751506579266901"
}
},
"parameters": {
"resourcePrefix": {
"type": "string",
"metadata": {
- "description": "A name (3-10 alphanumeric characters without whitespace) used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces"
+ "description": "A prefix, 3-10 alphanumeric characters without whitespace, used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces"
},
"maxLength": 10,
"minLength": 3
},
+ "resourceSuffix": {
+ "type": "string",
+ "defaultValue": "mlz",
+ "metadata": {
+ "description": "A suffix, 3 to 6 characters in length, to append to resource names (e.g. \"dev\", \"test\", \"prod\", \"mlz\")"
+ },
+ "maxLength": 6,
+ "minLength": 3
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[deployment().location]",
+ "metadata": {
+ "description": "The region to deploy resources into"
+ }
+ },
+ "logStorageSkuName": {
+ "type": "string",
+ "defaultValue": "Standard_GRS",
+ "metadata": {
+ "description": "The Storage Account SKU to use for log storage"
+ }
+ },
"hubSubscriptionId": {
"type": "string",
"defaultValue": "[subscription().subscriptionId]"
@@ -41,22 +64,6 @@
"Premium"
]
},
- "hubResourceGroupName": {
- "type": "string",
- "defaultValue": "[format('{0}-hub', parameters('resourcePrefix'))]"
- },
- "hubLocation": {
- "type": "string",
- "defaultValue": "[deployment().location]"
- },
- "hubVirtualNetworkName": {
- "type": "string",
- "defaultValue": "hub-vnet"
- },
- "hubSubnetName": {
- "type": "string",
- "defaultValue": "hub-subnet"
- },
"hubVirtualNetworkAddressPrefix": {
"type": "string",
"defaultValue": "10.0.100.0/24"
@@ -73,10 +80,6 @@
"type": "array",
"defaultValue": []
},
- "hubNetworkSecurityGroupName": {
- "type": "string",
- "defaultValue": "hub-nsg"
- },
"hubNetworkSecurityGroupRules": {
"type": "array",
"defaultValue": []
@@ -106,18 +109,6 @@
}
]
},
- "hubLogStorageAccountName": {
- "type": "string",
- "defaultValue": "[toLower(take(format('hublogs{0}', parameters('uniqueId')), 24))]"
- },
- "hubLogStorageSkuName": {
- "type": "string",
- "defaultValue": "Standard_GRS"
- },
- "firewallName": {
- "type": "string",
- "defaultValue": "firewall"
- },
"firewallManagementSubnetAddressPrefix": {
"type": "string",
"defaultValue": "10.0.100.64/26"
@@ -126,10 +117,6 @@
"type": "string",
"defaultValue": "10.0.100.0/26"
},
- "firewallPolicyName": {
- "type": "string",
- "defaultValue": "firewall-policy"
- },
"firewallThreatIntelMode": {
"type": "string",
"defaultValue": "Alert",
@@ -174,18 +161,10 @@
}
]
},
- "firewallClientIpConfigurationName": {
- "type": "string",
- "defaultValue": "firewall-client-ip-config"
- },
"firewallClientSubnetServiceEndpoints": {
"type": "array",
"defaultValue": []
},
- "firewallClientPublicIPAddressName": {
- "type": "string",
- "defaultValue": "firewall-client-public-ip"
- },
"firewallClientPublicIPAddressSkuName": {
"type": "string",
"defaultValue": "Standard"
@@ -198,18 +177,10 @@
"type": "array",
"defaultValue": []
},
- "firewallManagementIpConfigurationName": {
- "type": "string",
- "defaultValue": "firewall-management-ip-config"
- },
"firewallManagementSubnetServiceEndpoints": {
"type": "array",
"defaultValue": []
},
- "firewallManagementPublicIPAddressName": {
- "type": "string",
- "defaultValue": "firewall-management-public-ip"
- },
"firewallManagementPublicIPAddressSkuName": {
"type": "string",
"defaultValue": "Standard"
@@ -248,30 +219,10 @@
}
]
},
- "identityResourceGroupName": {
- "type": "string",
- "defaultValue": "[replace(parameters('hubResourceGroupName'), 'hub', 'identity')]"
- },
- "identityLocation": {
- "type": "string",
- "defaultValue": "[parameters('hubLocation')]"
- },
- "identityVirtualNetworkName": {
- "type": "string",
- "defaultValue": "[replace(parameters('hubVirtualNetworkName'), 'hub', 'identity')]"
- },
- "identitySubnetName": {
- "type": "string",
- "defaultValue": "[replace(parameters('hubSubnetName'), 'hub', 'identity')]"
- },
"identityVirtualNetworkAddressPrefix": {
"type": "string",
"defaultValue": "10.0.110.0/26"
},
- "identitySubnetAddressPrefix": {
- "type": "string",
- "defaultValue": "10.0.110.0/27"
- },
"identityVirtualNetworkDiagnosticsLogs": {
"type": "array",
"defaultValue": "[parameters('hubVirtualNetworkDiagnosticsLogs')]"
@@ -280,10 +231,6 @@
"type": "array",
"defaultValue": "[parameters('hubVirtualNetworkDiagnosticsMetrics')]"
},
- "identityNetworkSecurityGroupName": {
- "type": "string",
- "defaultValue": "[replace(parameters('hubNetworkSecurityGroupName'), 'hub', 'identity')]"
- },
"identityNetworkSecurityGroupRules": {
"type": "array",
"defaultValue": "[parameters('hubNetworkSecurityGroupRules')]"
@@ -296,30 +243,14 @@
"type": "array",
"defaultValue": "[parameters('hubNetworkSecurityGroupDiagnosticsMetrics')]"
},
+ "identitySubnetAddressPrefix": {
+ "type": "string",
+ "defaultValue": "10.0.110.0/27"
+ },
"identitySubnetServiceEndpoints": {
"type": "array",
"defaultValue": "[parameters('hubSubnetServiceEndpoints')]"
},
- "identityLogStorageAccountName": {
- "type": "string",
- "defaultValue": "[toLower(take(format('idlogs{0}', parameters('uniqueId')), 24))]"
- },
- "identityLogStorageSkuName": {
- "type": "string",
- "defaultValue": "[parameters('hubLogStorageSkuName')]"
- },
- "operationsResourceGroupName": {
- "type": "string",
- "defaultValue": "[replace(parameters('hubResourceGroupName'), 'hub', 'operations')]"
- },
- "operationsLocation": {
- "type": "string",
- "defaultValue": "[parameters('hubLocation')]"
- },
- "operationsVirtualNetworkName": {
- "type": "string",
- "defaultValue": "[replace(parameters('hubVirtualNetworkName'), 'hub', 'operations')]"
- },
"operationsVirtualNetworkAddressPrefix": {
"type": "string",
"defaultValue": "10.0.115.0/26"
@@ -332,10 +263,6 @@
"type": "array",
"defaultValue": "[parameters('hubVirtualNetworkDiagnosticsMetrics')]"
},
- "operationsNetworkSecurityGroupName": {
- "type": "string",
- "defaultValue": "[replace(parameters('hubNetworkSecurityGroupName'), 'hub', 'operations')]"
- },
"operationsNetworkSecurityGroupRules": {
"type": "array",
"defaultValue": "[parameters('hubNetworkSecurityGroupRules')]"
@@ -348,10 +275,6 @@
"type": "array",
"defaultValue": "[parameters('hubNetworkSecurityGroupDiagnosticsMetrics')]"
},
- "operationsSubnetName": {
- "type": "string",
- "defaultValue": "[replace(parameters('hubSubnetName'), 'hub', 'operations')]"
- },
"operationsSubnetAddressPrefix": {
"type": "string",
"defaultValue": "10.0.115.0/27"
@@ -360,38 +283,10 @@
"type": "array",
"defaultValue": "[parameters('hubSubnetServiceEndpoints')]"
},
- "operationsLogStorageAccountName": {
- "type": "string",
- "defaultValue": "[toLower(take(format('opslogs{0}', parameters('uniqueId')), 24))]"
- },
- "operationsLogStorageSkuName": {
- "type": "string",
- "defaultValue": "[parameters('hubLogStorageSkuName')]"
- },
- "sharedServicesResourceGroupName": {
- "type": "string",
- "defaultValue": "[replace(parameters('hubResourceGroupName'), 'hub', 'sharedServices')]"
- },
- "sharedServicesLocation": {
- "type": "string",
- "defaultValue": "[parameters('hubLocation')]"
- },
- "sharedServicesVirtualNetworkName": {
- "type": "string",
- "defaultValue": "[replace(parameters('hubVirtualNetworkName'), 'hub', 'sharedServices')]"
- },
- "sharedServicesSubnetName": {
- "type": "string",
- "defaultValue": "[replace(parameters('hubSubnetName'), 'hub', 'sharedServices')]"
- },
"sharedServicesVirtualNetworkAddressPrefix": {
"type": "string",
"defaultValue": "10.0.120.0/26"
},
- "sharedServicesSubnetAddressPrefix": {
- "type": "string",
- "defaultValue": "10.0.120.0/27"
- },
"sharedServicesVirtualNetworkDiagnosticsLogs": {
"type": "array",
"defaultValue": "[parameters('hubVirtualNetworkDiagnosticsLogs')]"
@@ -400,10 +295,6 @@
"type": "array",
"defaultValue": "[parameters('hubVirtualNetworkDiagnosticsMetrics')]"
},
- "sharedServicesNetworkSecurityGroupName": {
- "type": "string",
- "defaultValue": "[replace(parameters('hubNetworkSecurityGroupName'), 'hub', 'sharedServices')]"
- },
"sharedServicesNetworkSecurityGroupRules": {
"type": "array",
"defaultValue": "[parameters('hubNetworkSecurityGroupRules')]"
@@ -416,26 +307,14 @@
"type": "array",
"defaultValue": "[parameters('hubNetworkSecurityGroupDiagnosticsMetrics')]"
},
+ "sharedServicesSubnetAddressPrefix": {
+ "type": "string",
+ "defaultValue": "10.0.120.0/27"
+ },
"sharedServicesSubnetServiceEndpoints": {
"type": "array",
"defaultValue": "[parameters('hubSubnetServiceEndpoints')]"
},
- "sharedServicesLogStorageAccountName": {
- "type": "string",
- "defaultValue": "[toLower(take(format('shrdSvclogs{0}', parameters('uniqueId')), 24))]"
- },
- "sharedServicesLogStorageSkuName": {
- "type": "string",
- "defaultValue": "[parameters('hubLogStorageSkuName')]"
- },
- "logAnalyticsWorkspaceName": {
- "type": "string",
- "defaultValue": "[take(format('{0}-laws', parameters('resourcePrefix')), 63)]"
- },
- "logAnalyticsWorkspaceLocation": {
- "type": "string",
- "defaultValue": "[parameters('operationsLocation')]"
- },
"logAnalyticsWorkspaceCappingDailyQuotaGb": {
"type": "int",
"defaultValue": -1
@@ -489,18 +368,10 @@
"description": "Provision Azure Bastion Host and jumpboxes in this deployment"
}
},
- "bastionHostName": {
- "type": "string",
- "defaultValue": "bastionHost"
- },
"bastionHostSubnetAddressPrefix": {
"type": "string",
"defaultValue": "10.0.100.160/27"
},
- "bastionHostPublicIPAddressName": {
- "type": "string",
- "defaultValue": "bastionHostPublicIPAddress"
- },
"bastionHostPublicIPAddressSkuName": {
"type": "string",
"defaultValue": "Standard"
@@ -513,26 +384,10 @@
"type": "array",
"defaultValue": []
},
- "bastionHostIPConfigurationName": {
- "type": "string",
- "defaultValue": "bastionHostIPConfiguration"
- },
- "linuxNetworkInterfaceName": {
- "type": "string",
- "defaultValue": "linuxVmNetworkInterface"
- },
- "linuxNetworkInterfaceIpConfigurationName": {
- "type": "string",
- "defaultValue": "linuxVmIpConfiguration"
- },
"linuxNetworkInterfacePrivateIPAddressAllocationMethod": {
"type": "string",
"defaultValue": "Dynamic"
},
- "linuxVmName": {
- "type": "string",
- "defaultValue": "linuxVirtualMachine"
- },
"linuxVmSize": {
"type": "string",
"defaultValue": "Standard_B2s"
@@ -578,22 +433,10 @@
"defaultValue": "[if(parameters('deployRemoteAccess'), '', newGuid())]",
"minLength": 14
},
- "windowsNetworkInterfaceName": {
- "type": "string",
- "defaultValue": "windowsVmNetworkInterface"
- },
- "windowsNetworkInterfaceIpConfigurationName": {
- "type": "string",
- "defaultValue": "windowsVmIpConfiguration"
- },
"windowsNetworkInterfacePrivateIPAddressAllocationMethod": {
"type": "string",
"defaultValue": "Dynamic"
},
- "windowsVmName": {
- "type": "string",
- "defaultValue": "windowsVm"
- },
"windowsVmSize": {
"type": "string",
"defaultValue": "Standard_DS1_v2"
@@ -635,10 +478,6 @@
"type": "object",
"defaultValue": {}
},
- "uniqueId": {
- "type": "string",
- "defaultValue": "[uniqueString(parameters('resourcePrefix'), parameters('nowUtc'))]"
- },
"nowUtc": {
"type": "string",
"defaultValue": "[utcNow()]"
@@ -646,72 +485,125 @@
},
"functions": [],
"variables": {
- "firewallClientSubnetName": "AzureFirewallSubnet",
- "firewallManagementSubnetName": "AzureFirewallManagementSubnet",
- "defaultTags": {
- "resourcePrefix": "[parameters('resourcePrefix')]",
- "DeploymentType": "MissionLandingZoneARM"
- },
- "calculatedTags": "[union(parameters('tags'), variables('defaultTags'))]",
+ "resourceToken": "resource_token",
+ "nameToken": "name_token",
+ "namingConvention": "[format('{0}-{1}-{2}-{3}', toLower(parameters('resourcePrefix')), variables('resourceToken'), variables('nameToken'), toLower(parameters('resourceSuffix')))]",
+ "bastionHostNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'bas')]",
+ "firewallNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'afw')]",
+ "firewallPolicyNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'afwp')]",
+ "ipConfigurationNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'ipconf')]",
+ "logAnalyticsWorkspaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'log')]",
+ "networkInterfaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'nic')]",
+ "networkSecurityGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'nsg')]",
+ "publicIpAddressNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'pip')]",
+ "resourceGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'rg')]",
+ "storageAccountNamingConvention": "[toLower(format('{0}st{1}{2}', parameters('resourcePrefix'), variables('nameToken'), uniqueString(parameters('resourcePrefix'), parameters('resourceSuffix'))))]",
+ "subnetNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'snet')]",
+ "virtualMachineNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'vm')]",
+ "virtualNetworkNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'vnet')]",
+ "hubName": "hub",
+ "hubShortName": "hub",
+ "hubResourceGroupName": "[replace(variables('resourceGroupNamingConvention'), variables('nameToken'), variables('hubName'))]",
+ "hubLogStorageAccountName": "[take(replace(variables('storageAccountNamingConvention'), variables('nameToken'), variables('hubShortName')), 23)]",
+ "hubVirtualNetworkName": "[replace(variables('virtualNetworkNamingConvention'), variables('nameToken'), variables('hubName'))]",
+ "hubNetworkSecurityGroupName": "[replace(variables('networkSecurityGroupNamingConvention'), variables('nameToken'), variables('hubName'))]",
+ "hubSubnetName": "[replace(variables('subnetNamingConvention'), variables('nameToken'), variables('hubName'))]",
+ "identityName": "identity",
+ "identityShortName": "id",
+ "identityResourceGroupName": "[replace(variables('resourceGroupNamingConvention'), variables('nameToken'), variables('identityName'))]",
+ "identityLogStorageAccountName": "[take(replace(variables('storageAccountNamingConvention'), variables('nameToken'), variables('identityShortName')), 23)]",
+ "identityVirtualNetworkName": "[replace(variables('virtualNetworkNamingConvention'), variables('nameToken'), variables('identityName'))]",
+ "identityNetworkSecurityGroupName": "[replace(variables('networkSecurityGroupNamingConvention'), variables('nameToken'), variables('identityName'))]",
+ "identitySubnetName": "[replace(variables('subnetNamingConvention'), variables('nameToken'), variables('identityName'))]",
+ "operationsName": "operations",
+ "operationsShortName": "ops",
+ "operationsResourceGroupName": "[replace(variables('resourceGroupNamingConvention'), variables('nameToken'), variables('operationsName'))]",
+ "operationsLogStorageAccountName": "[take(replace(variables('storageAccountNamingConvention'), variables('nameToken'), variables('operationsShortName')), 23)]",
+ "operationsVirtualNetworkName": "[replace(variables('virtualNetworkNamingConvention'), variables('nameToken'), variables('operationsName'))]",
+ "operationsNetworkSecurityGroupName": "[replace(variables('networkSecurityGroupNamingConvention'), variables('nameToken'), variables('operationsName'))]",
+ "operationsSubnetName": "[replace(variables('subnetNamingConvention'), variables('nameToken'), variables('operationsName'))]",
+ "sharedServicesName": "sharedServices",
+ "sharedServicesShortName": "svcs",
+ "sharedServicesResourceGroupName": "[replace(variables('resourceGroupNamingConvention'), variables('nameToken'), variables('sharedServicesName'))]",
+ "sharedServicesLogStorageAccountName": "[take(replace(variables('storageAccountNamingConvention'), variables('nameToken'), variables('sharedServicesShortName')), 23)]",
+ "sharedServicesVirtualNetworkName": "[replace(variables('virtualNetworkNamingConvention'), variables('nameToken'), variables('sharedServicesName'))]",
+ "sharedServicesNetworkSecurityGroupName": "[replace(variables('networkSecurityGroupNamingConvention'), variables('nameToken'), variables('sharedServicesName'))]",
+ "sharedServicesSubnetName": "[replace(variables('subnetNamingConvention'), variables('nameToken'), variables('sharedServicesName'))]",
+ "logAnalyticsWorkspaceName": "[replace(variables('logAnalyticsWorkspaceNamingConvention'), variables('nameToken'), variables('operationsName'))]",
+ "firewallName": "[replace(variables('firewallNamingConvention'), variables('nameToken'), variables('hubName'))]",
+ "firewallPolicyName": "[replace(variables('firewallPolicyNamingConvention'), variables('nameToken'), variables('hubName'))]",
+ "firewallClientIpConfigurationName": "[replace(variables('ipConfigurationNamingConvention'), variables('nameToken'), 'afw-client')]",
+ "firewallClientPublicIPAddressName": "[replace(variables('publicIpAddressNamingConvention'), variables('nameToken'), 'afw-client')]",
+ "firewallManagementIpConfigurationName": "[replace(variables('ipConfigurationNamingConvention'), variables('nameToken'), 'afw-mgmt')]",
+ "firewallManagementPublicIPAddressName": "[replace(variables('publicIpAddressNamingConvention'), variables('nameToken'), 'afw-mgmt')]",
+ "bastionHostName": "[replace(variables('bastionHostNamingConvention'), variables('nameToken'), variables('hubName'))]",
+ "bastionHostPublicIPAddressName": "[replace(variables('publicIpAddressNamingConvention'), variables('nameToken'), 'bas')]",
+ "bastionHostIPConfigurationName": "[replace(variables('ipConfigurationNamingConvention'), variables('nameToken'), 'bas')]",
+ "linuxNetworkInterfaceName": "[replace(variables('networkInterfaceNamingConvention'), variables('nameToken'), 'bas-linux')]",
+ "linuxNetworkInterfaceIpConfigurationName": "[replace(variables('ipConfigurationNamingConvention'), variables('nameToken'), 'bas-linux')]",
+ "linuxVmName": "[replace(variables('virtualMachineNamingConvention'), variables('nameToken'), 'bas-linux')]",
+ "windowsNetworkInterfaceName": "[replace(variables('networkInterfaceNamingConvention'), variables('nameToken'), 'bas-windows')]",
+ "windowsNetworkInterfaceIpConfigurationName": "[replace(variables('ipConfigurationNamingConvention'), variables('nameToken'), 'bas-windows')]",
+ "windowsVmName": "[replace(variables('virtualMachineNamingConvention'), variables('nameToken'), 'bas-windows')]",
"spokes": [
{
- "name": "operations",
- "subscriptionId": "[parameters('operationsSubscriptionId')]",
- "resourceGroupName": "[parameters('operationsResourceGroupName')]",
- "location": "[parameters('operationsLocation')]",
- "logStorageAccountName": "[parameters('operationsLogStorageAccountName')]",
- "logStorageSkuName": "[parameters('operationsLogStorageSkuName')]",
- "virtualNetworkName": "[parameters('operationsVirtualNetworkName')]",
- "virtualNetworkAddressPrefix": "[parameters('operationsVirtualNetworkAddressPrefix')]",
- "virtualNetworkDiagnosticsLogs": "[parameters('operationsVirtualNetworkDiagnosticsLogs')]",
- "virtualNetworkDiagnosticsMetrics": "[parameters('operationsVirtualNetworkDiagnosticsMetrics')]",
- "networkSecurityGroupName": "[parameters('operationsNetworkSecurityGroupName')]",
- "networkSecurityGroupRules": "[parameters('operationsNetworkSecurityGroupRules')]",
- "networkSecurityGroupDiagnosticsLogs": "[parameters('operationsNetworkSecurityGroupDiagnosticsLogs')]",
- "networkSecurityGroupDiagnosticsMetrics": "[parameters('operationsNetworkSecurityGroupDiagnosticsMetrics')]",
- "subnetName": "[parameters('operationsSubnetName')]",
- "subnetAddressPrefix": "[parameters('operationsSubnetAddressPrefix')]",
- "subnetServiceEndpoints": "[parameters('operationsSubnetServiceEndpoints')]"
- },
- {
- "name": "identity",
+ "name": "[variables('identityName')]",
"subscriptionId": "[parameters('identitySubscriptionId')]",
- "resourceGroupName": "[parameters('identityResourceGroupName')]",
- "location": "[parameters('identityLocation')]",
- "logStorageAccountName": "[parameters('identityLogStorageAccountName')]",
- "logStorageSkuName": "[parameters('identityLogStorageSkuName')]",
- "virtualNetworkName": "[parameters('identityVirtualNetworkName')]",
+ "resourceGroupName": "[variables('identityResourceGroupName')]",
+ "logStorageAccountName": "[variables('identityLogStorageAccountName')]",
+ "virtualNetworkName": "[variables('identityVirtualNetworkName')]",
"virtualNetworkAddressPrefix": "[parameters('identityVirtualNetworkAddressPrefix')]",
"virtualNetworkDiagnosticsLogs": "[parameters('identityVirtualNetworkDiagnosticsLogs')]",
"virtualNetworkDiagnosticsMetrics": "[parameters('identityVirtualNetworkDiagnosticsMetrics')]",
- "networkSecurityGroupName": "[parameters('identityNetworkSecurityGroupName')]",
+ "networkSecurityGroupName": "[variables('identityNetworkSecurityGroupName')]",
"networkSecurityGroupRules": "[parameters('identityNetworkSecurityGroupRules')]",
"networkSecurityGroupDiagnosticsLogs": "[parameters('identityNetworkSecurityGroupDiagnosticsLogs')]",
"networkSecurityGroupDiagnosticsMetrics": "[parameters('identityNetworkSecurityGroupDiagnosticsMetrics')]",
- "subnetName": "[parameters('identitySubnetName')]",
+ "subnetName": "[variables('identitySubnetName')]",
"subnetAddressPrefix": "[parameters('identitySubnetAddressPrefix')]",
"subnetServiceEndpoints": "[parameters('identitySubnetServiceEndpoints')]"
},
{
- "name": "sharedServices",
+ "name": "[variables('operationsName')]",
+ "subscriptionId": "[parameters('operationsSubscriptionId')]",
+ "resourceGroupName": "[variables('operationsResourceGroupName')]",
+ "logStorageAccountName": "[variables('operationsLogStorageAccountName')]",
+ "virtualNetworkName": "[variables('operationsVirtualNetworkName')]",
+ "virtualNetworkAddressPrefix": "[parameters('operationsVirtualNetworkAddressPrefix')]",
+ "virtualNetworkDiagnosticsLogs": "[parameters('operationsVirtualNetworkDiagnosticsLogs')]",
+ "virtualNetworkDiagnosticsMetrics": "[parameters('operationsVirtualNetworkDiagnosticsMetrics')]",
+ "networkSecurityGroupName": "[variables('operationsNetworkSecurityGroupName')]",
+ "networkSecurityGroupRules": "[parameters('operationsNetworkSecurityGroupRules')]",
+ "networkSecurityGroupDiagnosticsLogs": "[parameters('operationsNetworkSecurityGroupDiagnosticsLogs')]",
+ "networkSecurityGroupDiagnosticsMetrics": "[parameters('operationsNetworkSecurityGroupDiagnosticsMetrics')]",
+ "subnetName": "[variables('operationsSubnetName')]",
+ "subnetAddressPrefix": "[parameters('operationsSubnetAddressPrefix')]",
+ "subnetServiceEndpoints": "[parameters('operationsSubnetServiceEndpoints')]"
+ },
+ {
+ "name": "[variables('sharedServicesName')]",
"subscriptionId": "[parameters('sharedServicesSubscriptionId')]",
- "resourceGroupName": "[parameters('sharedServicesResourceGroupName')]",
- "location": "[parameters('sharedServicesLocation')]",
- "logStorageAccountName": "[parameters('sharedServicesLogStorageAccountName')]",
- "logStorageSkuName": "[parameters('sharedServicesLogStorageSkuName')]",
- "virtualNetworkName": "[parameters('sharedServicesVirtualNetworkName')]",
+ "resourceGroupName": "[variables('sharedServicesResourceGroupName')]",
+ "logStorageAccountName": "[variables('sharedServicesLogStorageAccountName')]",
+ "virtualNetworkName": "[variables('sharedServicesVirtualNetworkName')]",
"virtualNetworkAddressPrefix": "[parameters('sharedServicesVirtualNetworkAddressPrefix')]",
"virtualNetworkDiagnosticsLogs": "[parameters('sharedServicesVirtualNetworkDiagnosticsLogs')]",
"virtualNetworkDiagnosticsMetrics": "[parameters('sharedServicesVirtualNetworkDiagnosticsMetrics')]",
- "networkSecurityGroupName": "[parameters('sharedServicesNetworkSecurityGroupName')]",
+ "networkSecurityGroupName": "[variables('sharedServicesNetworkSecurityGroupName')]",
"networkSecurityGroupRules": "[parameters('sharedServicesNetworkSecurityGroupRules')]",
"networkSecurityGroupDiagnosticsLogs": "[parameters('sharedServicesNetworkSecurityGroupDiagnosticsLogs')]",
"networkSecurityGroupDiagnosticsMetrics": "[parameters('sharedServicesNetworkSecurityGroupDiagnosticsMetrics')]",
- "subnetName": "[parameters('sharedServicesSubnetName')]",
+ "subnetName": "[variables('sharedServicesSubnetName')]",
"subnetAddressPrefix": "[parameters('sharedServicesSubnetAddressPrefix')]",
"subnetServiceEndpoints": "[parameters('sharedServicesSubnetServiceEndpoints')]"
}
- ]
+ ],
+ "defaultTags": {
+ "resourcePrefix": "[parameters('resourcePrefix')]",
+ "resourceSuffix": "[parameters('resourceSuffix')]",
+ "DeploymentType": "MissionLandingZoneARM"
+ },
+ "calculatedTags": "[union(parameters('tags'), variables('defaultTags'))]"
},
"resources": [
{
@@ -727,10 +619,10 @@
"mode": "Incremental",
"parameters": {
"name": {
- "value": "[parameters('hubResourceGroupName')]"
+ "value": "[variables('hubResourceGroupName')]"
},
"location": {
- "value": "[parameters('hubLocation')]"
+ "value": "[parameters('location')]"
},
"tags": {
"value": "[variables('calculatedTags')]"
@@ -805,7 +697,7 @@
"value": "[variables('spokes')[copyIndex()].resourceGroupName]"
},
"location": {
- "value": "[variables('spokes')[copyIndex()].location]"
+ "value": "[parameters('location')]"
},
"tags": {
"value": "[variables('calculatedTags')]"
@@ -865,7 +757,7 @@
"apiVersion": "2020-06-01",
"name": "[format('deploy-laws-{0}', parameters('nowUtc'))]",
"subscriptionId": "[parameters('operationsSubscriptionId')]",
- "resourceGroup": "[parameters('operationsResourceGroupName')]",
+ "resourceGroup": "[variables('operationsResourceGroupName')]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
@@ -873,10 +765,10 @@
"mode": "Incremental",
"parameters": {
"name": {
- "value": "[parameters('logAnalyticsWorkspaceName')]"
+ "value": "[variables('logAnalyticsWorkspaceName')]"
},
"location": {
- "value": "[parameters('logAnalyticsWorkspaceLocation')]"
+ "value": "[parameters('location')]"
},
"tags": {
"value": "[variables('calculatedTags')]"
@@ -1078,7 +970,7 @@
"apiVersion": "2020-06-01",
"name": "[format('deploy-vnet-hub-{0}', parameters('nowUtc'))]",
"subscriptionId": "[parameters('hubSubscriptionId')]",
- "resourceGroup": "[parameters('hubResourceGroupName')]",
+ "resourceGroup": "[variables('hubResourceGroupName')]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
@@ -1086,25 +978,25 @@
"mode": "Incremental",
"parameters": {
"location": {
- "value": "[parameters('hubLocation')]"
+ "value": "[parameters('location')]"
},
"tags": {
"value": "[variables('calculatedTags')]"
},
"logStorageAccountName": {
- "value": "[parameters('hubLogStorageAccountName')]"
+ "value": "[variables('hubLogStorageAccountName')]"
},
"logStorageSkuName": {
- "value": "[parameters('hubLogStorageSkuName')]"
+ "value": "[parameters('logStorageSkuName')]"
},
"logAnalyticsWorkspaceName": {
- "value": "[parameters('logAnalyticsWorkspaceName')]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value]"
},
"logAnalyticsWorkspaceResourceId": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
},
"virtualNetworkName": {
- "value": "[parameters('hubVirtualNetworkName')]"
+ "value": "[variables('hubVirtualNetworkName')]"
},
"virtualNetworkAddressPrefix": {
"value": "[parameters('hubVirtualNetworkAddressPrefix')]"
@@ -1116,7 +1008,7 @@
"value": "[parameters('hubVirtualNetworkDiagnosticsMetrics')]"
},
"networkSecurityGroupName": {
- "value": "[parameters('hubNetworkSecurityGroupName')]"
+ "value": "[variables('hubNetworkSecurityGroupName')]"
},
"networkSecurityGroupRules": {
"value": "[parameters('hubNetworkSecurityGroupRules')]"
@@ -1128,7 +1020,7 @@
"value": "[parameters('hubNetworkSecurityGroupDiagnosticsMetrics')]"
},
"subnetName": {
- "value": "[parameters('hubSubnetName')]"
+ "value": "[variables('hubSubnetName')]"
},
"subnetAddressPrefix": {
"value": "[parameters('hubSubnetAddressPrefix')]"
@@ -1137,13 +1029,13 @@
"value": "[parameters('hubSubnetServiceEndpoints')]"
},
"firewallName": {
- "value": "[parameters('firewallName')]"
+ "value": "[variables('firewallName')]"
},
"firewallSkuTier": {
"value": "[parameters('firewallSkuTier')]"
},
"firewallPolicyName": {
- "value": "[parameters('firewallPolicyName')]"
+ "value": "[variables('firewallPolicyName')]"
},
"firewallThreatIntelMode": {
"value": "[parameters('firewallThreatIntelMode')]"
@@ -1158,10 +1050,10 @@
"value": "[parameters('firewallDiagnosticsMetrics')]"
},
"firewallClientIpConfigurationName": {
- "value": "[parameters('firewallClientIpConfigurationName')]"
+ "value": "[variables('firewallClientIpConfigurationName')]"
},
"firewallClientSubnetName": {
- "value": "[variables('firewallClientSubnetName')]"
+ "value": "AzureFirewallSubnet"
},
"firewallClientSubnetAddressPrefix": {
"value": "[parameters('firewallClientSubnetAddressPrefix')]"
@@ -1170,7 +1062,7 @@
"value": "[parameters('firewallClientSubnetServiceEndpoints')]"
},
"firewallClientPublicIPAddressName": {
- "value": "[parameters('firewallClientPublicIPAddressName')]"
+ "value": "[variables('firewallClientPublicIPAddressName')]"
},
"firewallClientPublicIPAddressSkuName": {
"value": "[parameters('firewallClientPublicIPAddressSkuName')]"
@@ -1182,10 +1074,10 @@
"value": "[parameters('firewallClientPublicIPAddressAvailabilityZones')]"
},
"firewallManagementIpConfigurationName": {
- "value": "[parameters('firewallManagementIpConfigurationName')]"
+ "value": "[variables('firewallManagementIpConfigurationName')]"
},
"firewallManagementSubnetName": {
- "value": "[variables('firewallManagementSubnetName')]"
+ "value": "AzureFirewallManagementSubnet"
},
"firewallManagementSubnetAddressPrefix": {
"value": "[parameters('firewallManagementSubnetAddressPrefix')]"
@@ -1194,7 +1086,7 @@
"value": "[parameters('firewallManagementSubnetServiceEndpoints')]"
},
"firewallManagementPublicIPAddressName": {
- "value": "[parameters('firewallManagementPublicIPAddressName')]"
+ "value": "[variables('firewallManagementPublicIPAddressName')]"
},
"firewallManagementPublicIPAddressSkuName": {
"value": "[parameters('firewallManagementPublicIPAddressSkuName')]"
@@ -2772,7 +2664,7 @@
}
},
"dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
]
},
{
@@ -2792,7 +2684,7 @@
"mode": "Incremental",
"parameters": {
"location": {
- "value": "[variables('spokes')[copyIndex()].location]"
+ "value": "[parameters('location')]"
},
"tags": {
"value": "[variables('calculatedTags')]"
@@ -2801,13 +2693,13 @@
"value": "[variables('spokes')[copyIndex()].logStorageAccountName]"
},
"logStorageSkuName": {
- "value": "[variables('spokes')[copyIndex()].logStorageSkuName]"
+ "value": "[parameters('logStorageSkuName')]"
},
"logAnalyticsWorkspaceResourceId": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
},
"firewallPrivateIPAddress": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.firewallPrivateIPAddress.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.firewallPrivateIPAddress.value]"
},
"virtualNetworkName": {
"value": "[variables('spokes')[copyIndex()].virtualNetworkName]"
@@ -3399,8 +3291,8 @@
}
},
"dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc')))]",
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc')))]",
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
]
},
{
@@ -3408,7 +3300,7 @@
"apiVersion": "2020-06-01",
"name": "[format('deploy-vnet-peerings-hub-{0}', parameters('nowUtc'))]",
"subscriptionId": "[parameters('hubSubscriptionId')]",
- "resourceGroup": "[parameters('hubResourceGroupName')]",
+ "resourceGroup": "[variables('hubResourceGroupName')]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
@@ -3416,7 +3308,7 @@
"mode": "Incremental",
"parameters": {
"hubVirtualNetworkName": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.virtualNetworkName.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.virtualNetworkName.value]"
},
"spokes": {
"copy": [
@@ -3507,7 +3399,7 @@
}
},
"dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc')))]",
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc')))]",
"spokeNetworks"
]
},
@@ -3537,10 +3429,10 @@
"value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[copyIndex()].subscriptionId, variables('spokes')[copyIndex()].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('nowUtc'))), '2020-06-01').outputs.virtualNetworkName.value]"
},
"hubVirtualNetworkName": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.virtualNetworkName.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.virtualNetworkName.value]"
},
"hubVirtualNetworkResourceId": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.virtualNetworkResourceId.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.virtualNetworkResourceId.value]"
}
},
"template": {
@@ -3628,7 +3520,7 @@
}
},
"dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc')))]",
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc')))]",
"[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[copyIndex()].subscriptionId, variables('spokes')[copyIndex()].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('nowUtc')))]"
]
},
@@ -3638,7 +3530,7 @@
"apiVersion": "2020-06-01",
"name": "[format('assign-policy-hub-{0}', parameters('nowUtc'))]",
"subscriptionId": "[parameters('hubSubscriptionId')]",
- "resourceGroup": "[parameters('hubResourceGroupName')]",
+ "resourceGroup": "[variables('hubResourceGroupName')]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
@@ -3649,10 +3541,10 @@
"value": "[parameters('policy')]"
},
"logAnalyticsWorkspaceName": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value]"
},
"logAnalyticsWorkspaceResourceGroupName": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.resourceGroupName.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.resourceGroupName.value]"
},
"operationsSubscriptionId": {
"value": "[parameters('operationsSubscriptionId')]"
@@ -3888,7 +3780,7 @@
}
},
"dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
]
},
{
@@ -3912,10 +3804,10 @@
"value": "[parameters('policy')]"
},
"logAnalyticsWorkspaceName": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value]"
},
"logAnalyticsWorkspaceResourceGroupName": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.resourceGroupName.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.resourceGroupName.value]"
},
"operationsSubscriptionId": {
"value": "[parameters('operationsSubscriptionId')]"
@@ -4151,7 +4043,7 @@
}
},
"dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
]
},
{
@@ -4167,10 +4059,10 @@
"mode": "Incremental",
"parameters": {
"diagnosticSettingName": {
- "value": "[format('log-hub-sub-activity-to-{0}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value)]"
+ "value": "[format('log-hub-sub-activity-to-{0}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value)]"
},
"logAnalyticsWorkspaceId": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
}
},
"template": {
@@ -4247,8 +4139,8 @@
}
},
"dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc')))]",
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc')))]",
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
]
},
{
@@ -4269,10 +4161,10 @@
"mode": "Incremental",
"parameters": {
"diagnosticSettingName": {
- "value": "[format('log-{0}-sub-activity-to-{1}', variables('spokes')[copyIndex()].name, reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value)]"
+ "value": "[format('log-{0}-sub-activity-to-{1}', variables('spokes')[copyIndex()].name, reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value)]"
},
"logAnalyticsWorkspaceId": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
}
},
"template": {
@@ -4349,16 +4241,16 @@
}
},
"dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]",
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]",
"spokeNetworks"
]
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
- "name": "deploy-diagnostic-logging-LAWS",
+ "name": "[format('deploy-diagnostic-logging-{0}', parameters('nowUtc'))]",
"subscriptionId": "[parameters('operationsSubscriptionId')]",
- "resourceGroup": "[parameters('operationsResourceGroupName')]",
+ "resourceGroup": "[variables('operationsResourceGroupName')]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
@@ -4366,10 +4258,10 @@
"mode": "Incremental",
"parameters": {
"diagnosticStorageAccountName": {
- "value": "[parameters('operationsLogStorageAccountName')]"
+ "value": "[variables('operationsLogStorageAccountName')]"
},
"logAnalyticsWorkspaceName": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value]"
}
},
"template": {
@@ -4426,8 +4318,8 @@
}
},
"dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc')))]",
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]",
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc')))]",
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]",
"spokeNetworks"
]
},
@@ -4435,7 +4327,7 @@
"condition": "[parameters('deployASC')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
- "name": "set-hub-sub-security-center",
+ "name": "[format('set-hub-sub-security-center-{0}', parameters('nowUtc'))]",
"subscriptionId": "[parameters('hubSubscriptionId')]",
"location": "[deployment().location]",
"properties": {
@@ -4445,7 +4337,7 @@
"mode": "Incremental",
"parameters": {
"logAnalyticsWorkspaceId": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
},
"emailSecurityContact": {
"value": "[parameters('emailSecurityContact')]"
@@ -4569,7 +4461,7 @@
}
},
"dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
]
},
{
@@ -4590,7 +4482,7 @@
"mode": "Incremental",
"parameters": {
"logAnalyticsWorkspaceId": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
},
"emailSecurityContact": {
"value": "[parameters('emailSecurityContact')]"
@@ -4714,7 +4606,7 @@
}
},
"dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
]
},
{
@@ -4723,7 +4615,7 @@
"apiVersion": "2020-06-01",
"name": "[format('deploy-remote-access-{0}', parameters('nowUtc'))]",
"subscriptionId": "[parameters('hubSubscriptionId')]",
- "resourceGroup": "[parameters('hubResourceGroupName')]",
+ "resourceGroup": "[variables('hubResourceGroupName')]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
@@ -4731,25 +4623,25 @@
"mode": "Incremental",
"parameters": {
"location": {
- "value": "[parameters('hubLocation')]"
+ "value": "[parameters('location')]"
},
"hubVirtualNetworkName": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.virtualNetworkName.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.virtualNetworkName.value]"
},
"hubSubnetResourceId": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.subnetResourceId.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.subnetResourceId.value]"
},
"hubNetworkSecurityGroupResourceId": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.networkSecurityGroupResourceId.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.networkSecurityGroupResourceId.value]"
},
"bastionHostName": {
- "value": "[parameters('bastionHostName')]"
+ "value": "[variables('bastionHostName')]"
},
"bastionHostSubnetAddressPrefix": {
"value": "[parameters('bastionHostSubnetAddressPrefix')]"
},
"bastionHostPublicIPAddressName": {
- "value": "[parameters('bastionHostPublicIPAddressName')]"
+ "value": "[variables('bastionHostPublicIPAddressName')]"
},
"bastionHostPublicIPAddressSkuName": {
"value": "[parameters('bastionHostPublicIPAddressSkuName')]"
@@ -4761,19 +4653,19 @@
"value": "[parameters('bastionHostPublicIPAddressAvailabilityZones')]"
},
"bastionHostIPConfigurationName": {
- "value": "[parameters('bastionHostIPConfigurationName')]"
+ "value": "[variables('bastionHostIPConfigurationName')]"
},
"linuxNetworkInterfaceName": {
- "value": "[parameters('linuxNetworkInterfaceName')]"
+ "value": "[variables('linuxNetworkInterfaceName')]"
},
"linuxNetworkInterfaceIpConfigurationName": {
- "value": "[parameters('linuxNetworkInterfaceIpConfigurationName')]"
+ "value": "[variables('linuxNetworkInterfaceIpConfigurationName')]"
},
"linuxNetworkInterfacePrivateIPAddressAllocationMethod": {
"value": "[parameters('linuxNetworkInterfacePrivateIPAddressAllocationMethod')]"
},
"linuxVmName": {
- "value": "[parameters('linuxVmName')]"
+ "value": "[variables('linuxVmName')]"
},
"linuxVmSize": {
"value": "[parameters('linuxVmSize')]"
@@ -4806,16 +4698,16 @@
"value": "[parameters('linuxVmAdminPasswordOrKey')]"
},
"windowsNetworkInterfaceName": {
- "value": "[parameters('windowsNetworkInterfaceName')]"
+ "value": "[variables('windowsNetworkInterfaceName')]"
},
"windowsNetworkInterfaceIpConfigurationName": {
- "value": "[parameters('windowsNetworkInterfaceIpConfigurationName')]"
+ "value": "[variables('windowsNetworkInterfaceIpConfigurationName')]"
},
"windowsNetworkInterfacePrivateIPAddressAllocationMethod": {
"value": "[parameters('windowsNetworkInterfacePrivateIPAddressAllocationMethod')]"
},
"windowsVmName": {
- "value": "[parameters('windowsVmName')]"
+ "value": "[variables('windowsVmName')]"
},
"windowsVmSize": {
"value": "[parameters('windowsVmSize')]"
@@ -4845,7 +4737,7 @@
"value": "[parameters('windowsVmStorageAccountType')]"
},
"logAnalyticsWorkspaceId": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
}
},
"template": {
@@ -4855,7 +4747,7 @@
"_generator": {
"name": "bicep",
"version": "0.4.1008.15138",
- "templateHash": "1148831067271080103"
+ "templateHash": "7553476343724456136"
}
},
"parameters": {
@@ -5298,7 +5190,7 @@
"_generator": {
"name": "bicep",
"version": "0.4.1008.15138",
- "templateHash": "16381556259285133052"
+ "templateHash": "9165533268589955383"
}
},
"parameters": {
@@ -5419,14 +5311,14 @@
"typeHandlerVersion": "1.4"
},
"dependsOn": [
- "[resourceId('Microsoft.Compute/virtualMachines/extensions', split(format('{0}/Microsoft.Azure.AzurePolicyforLinux', parameters('name')), '/')[0], split(format('{0}/Microsoft.Azure.AzurePolicyforLinux', parameters('name')), '/')[1])]",
+ "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('name'), 'AzurePolicyforLinux')]",
"[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]"
]
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
- "apiVersion": "2020-06-01",
- "name": "[format('{0}/Microsoft.Azure.AzurePolicyforLinux', parameters('name'))]",
+ "apiVersion": "2020-12-01",
+ "name": "[format('{0}/{1}', parameters('name'), 'AzurePolicyforLinux')]",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.GuestConfiguration",
@@ -5825,8 +5717,8 @@
}
},
"dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc')))]",
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc')))]",
+ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]"
]
}
],
@@ -5837,7 +5729,7 @@
},
"firewallPrivateIPAddress": {
"type": "string",
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.firewallPrivateIPAddress.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.firewallPrivateIPAddress.value]"
},
"hub": {
"type": "object",
@@ -5845,22 +5737,22 @@
"subscriptionId": "[parameters('hubSubscriptionId')]",
"resourceGroupName": "[reference(subscriptionResourceId(parameters('hubSubscriptionId'), 'Microsoft.Resources/deployments', format('deploy-rg-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value]",
"resourceGroupResourceId": "[reference(subscriptionResourceId(parameters('hubSubscriptionId'), 'Microsoft.Resources/deployments', format('deploy-rg-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]",
- "virtualNetworkName": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.virtualNetworkName.value]",
- "virtualNetworkResourceId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.virtualNetworkResourceId.value]",
- "subnetName": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.subnetName.value]",
- "subnetResourceId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.subnetResourceId.value]",
- "subnetAddressPrefix": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.subnetAddressPrefix.value]",
- "networkSecurityGroupName": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.networkSecurityGroupName.value]",
- "networkSecurityGroupResourceId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.networkSecurityGroupResourceId.value]"
+ "virtualNetworkName": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.virtualNetworkName.value]",
+ "virtualNetworkResourceId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.virtualNetworkResourceId.value]",
+ "subnetName": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.subnetName.value]",
+ "subnetResourceId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.subnetResourceId.value]",
+ "subnetAddressPrefix": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.subnetAddressPrefix.value]",
+ "networkSecurityGroupName": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.networkSecurityGroupName.value]",
+ "networkSecurityGroupResourceId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('nowUtc'))), '2020-06-01').outputs.networkSecurityGroupResourceId.value]"
}
},
"logAnalyticsWorkspaceName": {
"type": "string",
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.name.value]"
},
"logAnalyticsWorkspaceResourceId": {
"type": "string",
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
+ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2020-06-01').outputs.id.value]"
},
"spokes": {
"type": "array",
diff --git a/src/bicep/modules/linuxVirtualMachine.bicep b/src/bicep/modules/linuxVirtualMachine.bicep
index 8cc1de22d..77b48ffea 100644
--- a/src/bicep/modules/linuxVirtualMachine.bicep
+++ b/src/bicep/modules/linuxVirtualMachine.bicep
@@ -91,8 +91,9 @@ resource networkWatcher 'Microsoft.Compute/virtualMachines/extensions@2020-06-01
]
}
-resource policyExtension 'Microsoft.Compute/virtualMachines/extensions@2020-06-01' = {
- name: '${virtualMachine.name}/Microsoft.Azure.AzurePolicyforLinux'
+resource policyExtension 'Microsoft.Compute/virtualMachines/extensions@2020-12-01' = {
+ parent: virtualMachine
+ name: 'AzurePolicyforLinux'
location: location
properties: {
publisher: 'Microsoft.GuestConfiguration'