Added several user defined types, ability for custom resources names in vwanConnectivity and mgDiagSettings

infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep

@@ -1,6 +1,23 @@
 metadata name = 'ALZ Bicep - Hub Networking Module'
 metadata description = 'ALZ Bicep Module used to set up Hub Networking'
 
+type subnetOptionsType = ({
+  @description('Name of subnet.')
+  name: string
+
+  @description('IP-address range for subnet.')
+  ipAddressRange: string
+
+  @description('Id of Network Security Group to associate with subnet.')
+  networkSecurityGroupId: string?
+
+  @description('Id of Route Table to associate with subnet.')
+  routeTableId: string?
+
+  @description('Name of the delegation to create for the subnet.')
+  delegation: string?
+})[]
+
 @sys.description('The Azure Region to deploy the resources into.')
 param parLocation string = resourceGroup().location
 
@@ -14,7 +31,7 @@ param parHubNetworkName string = '${parCompanyPrefix}-hub-${parLocation}'
 param parHubNetworkAddressPrefix string = '10.10.0.0/16'
 
 @sys.description('The name, IP address range, network security group, route table and delegation serviceName for each subnet in the virtual networks.')
-param parSubnets array = [
+param parSubnets subnetOptionsType = [
   {
     name: 'AzureBastionSubnet'
     ipAddressRange: '10.10.15.0/24'

infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md

@@ -20,6 +20,7 @@ parTags        | No       | Tags you would like to be applied to all resources i
 parAutomationAccountTags | No       | Tags you would like to be applied to Automation Account.
 parLogAnalyticsWorkspaceTags | No       | Tags you would like to be applied to Log Analytics Workspace.
 parUseSentinelClassicPricingTiers | No       | Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes introduced in July 2023 as documented here: https://learn.microsoft.com/azure/sentinel/enroll-simplified-pricing-tier.
+parLogAnalyticsLinkedServiceAutomationAccountName | No       | Log Analytics LinkedService name for Automation Account.
 parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment telemetry
 
 ### parLogAnalyticsWorkspaceName
@@ -138,6 +139,14 @@ Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes i
 
 - Default value: `False`
 
+### parLogAnalyticsLinkedServiceAutomationAccountName
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Log Analytics LinkedService name for Automation Account.
+
+- Default value: `Automation`
+
 ### parTelemetryOptOut
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -222,6 +231,9 @@ outAutomationAccountId | string |
         "parUseSentinelClassicPricingTiers": {
             "value": false
         },
+        "parLogAnalyticsLinkedServiceAutomationAccountName": {
+            "value": "Automation"
+        },
         "parTelemetryOptOut": {
             "value": false
         }

infra-as-code/bicep/modules/logging/logging.bicep

@@ -89,6 +89,9 @@ param parLogAnalyticsWorkspaceTags object = parTags
 @sys.description('Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes introduced in July 2023 as documented here: https://learn.microsoft.com/azure/sentinel/enroll-simplified-pricing-tier.')
 param parUseSentinelClassicPricingTiers bool = false
 
+@sys.description('Log Analytics LinkedService name for Automation Account.')
+param parLogAnalyticsLinkedServiceAutomationAccountName string = 'Automation'
+
 @sys.description('Set Parameter to true to Opt-out of deployment telemetry')
 param parTelemetryOptOut bool = false
 
@@ -147,7 +150,7 @@ resource resLogAnalyticsWorkspaceSolutions 'Microsoft.OperationsManagement/solut
 
 resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.OperationalInsights/workspaces/linkedServices@2020-08-01' = if (parLogAnalyticsWorkspaceLinkAutomationAccount) {
   parent: resLogAnalyticsWorkspace
-  name: 'Automation'
+  name: parLogAnalyticsLinkedServiceAutomationAccountName
   properties: {
     resourceId: resAutomationAccount.id
   }

infra-as-code/bicep/modules/mgDiagSettings/generateddocs/mgDiagSettings.bicep.md

@@ -7,6 +7,7 @@ Module used to set up Diagnostic Settings for Management Groups
 Parameter name | Required | Description
 -------------- | -------- | -----------
 parLogAnalyticsWorkspaceResourceId | Yes      | Log Analytics Workspace Resource ID.
+parDiagnosticSettingsName | No       | Diagnostic Settings Name.
 parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment telemetry
 
 ### parLogAnalyticsWorkspaceResourceId
@@ -15,6 +16,14 @@ parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment t
 
 Log Analytics Workspace Resource ID.
 
+### parDiagnosticSettingsName
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Diagnostic Settings Name.
+
+- Default value: `toLa`
+
 ### parTelemetryOptOut
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -38,6 +47,9 @@ Set Parameter to true to Opt-out of deployment telemetry
         "parLogAnalyticsWorkspaceResourceId": {
             "value": ""
         },
+        "parDiagnosticSettingsName": {
+            "value": "toLa"
+        },
         "parTelemetryOptOut": {
             "value": false
         }

infra-as-code/bicep/modules/mgDiagSettings/mgDiagSettings.bicep

@@ -6,14 +6,17 @@ metadata description = 'Module used to set up Diagnostic Settings for Management
 @sys.description('Log Analytics Workspace Resource ID.')
 param parLogAnalyticsWorkspaceResourceId string
 
+@sys.description('Diagnostic Settings Name.')
+param parDiagnosticSettingsName string = 'toLa'
+
 @sys.description('Set Parameter to true to Opt-out of deployment telemetry')
 param parTelemetryOptOut bool = false
 
 // Customer Usage Attribution Id
 var varCuaid = '5d17f1c2-f17b-4426-9712-0cd2652c4435'
 
 resource mgDiagSet 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
-  name: 'toLa'
+  name: parDiagnosticSettingsName
   properties: {
     workspaceId: parLogAnalyticsWorkspaceResourceId
     logs: [

infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep

@@ -3,6 +3,14 @@ targetScope = 'managementGroup'
 metadata name = 'ALZ Bicep - Management Group Policy Assignments'
 metadata description = 'Module used to assign policy definitions to management groups'
 
+type nonComplianceMessageType = {
+  @description('The message to display when the policy is non-compliant.')
+  message: string
+
+  @description('The reference ID of the policy definition.')
+  policyDefinitionReferenceId: string
+}[]
+
 @minLength(1)
 @maxLength(24)
 @sys.description('The name of the policy assignment. e.g. "Deny-Public-IP"')
@@ -24,7 +32,7 @@ param parPolicyAssignmentParameters object = {}
 param parPolicyAssignmentParameterOverrides object = {}
 
 @sys.description('An array containing object/s for the non-compliance messages for the policy to be assigned. See https://docs.microsoft.com/en-us/azure/governance/policy/concepts/assignment-structure#non-compliance-messages for more details on use.')
-param parPolicyAssignmentNonComplianceMessages array = []
+param parPolicyAssignmentNonComplianceMessages nonComplianceMessageType = []
 
 @sys.description('An array containing a list of scope Resource IDs to be excluded for the policy assignment. e.g. [\'/providers/Microsoft.Management/managementgroups/alz\', \'/providers/Microsoft.Management/managementgroups/alz-sandbox\' ].')
 param parPolicyAssignmentNotScopes array = []

infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md

@@ -8,16 +8,16 @@ Parameter name | Required | Description
 -------------- | -------- | -----------
 parLocation    | No       | Region in which the resource group was created.
 parCompanyPrefix | No       | Prefix value which will be prepended to all resource names.
-parAzFirewallTier | No       | Azure Firewall Tier associated with the Firewall to deploy.
+parAzFirewallTier | No       | Azure Firewall Tier associated with the Firewall to deploy. If not set, the default value is Standard.
 parAzFirewallIntelMode | No       | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.
 parVirtualHubEnabled | No       | Switch to enable/disable Virtual Hub deployment.
 parAzFirewallDnsProxyEnabled | No       | Switch to enable/disable Azure Firewall DNS Proxy.
-parAzFirewallDnsServers | No       | Array of custom DNS servers used by Azure Firewall
+parAzFirewallDnsServers | No       | Array of custom DNS servers used by Azure Firewall.
 parVirtualWanName | No       | Prefix Used for Virtual WAN.
 parVirtualWanHubName | No       | Prefix Used for Virtual WAN Hub.
-parVirtualWanHubs | No       | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required.  - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`.  
-parVpnGatewayName | No       | Prefix Used for VPN Gateway.
-parExpressRouteGatewayName | No       | Prefix Used for ExpressRoute Gateway.
+parVirtualWanHubs | No       | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required.  - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. - `parUseCustomNamingScheme` - Switch to enable/disable custom naming scheme. When enabled a custom name can be given for Azure Firewall, ExpressRoute Gateway, VPN Gateway and Virtual Hubs.  
+parVpnGatewayName | No       | VPN Gateway Name.
+parExpressRouteGatewayName | No       | ExpressRoute Gateway Name.
 parAzFirewallName | No       | Azure Firewall Name.
 parAzFirewallAvailabilityZones | No       | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty.
 parAzFirewallPoliciesName | No       | Azure Firewall Policies Name.
@@ -54,7 +54,7 @@ Prefix value which will be prepended to all resource names.
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Azure Firewall Tier associated with the Firewall to deploy.
+Azure Firewall Tier associated with the Firewall to deploy. If not set, the default value is Standard.
 
 - Default value: `Standard`
 
@@ -90,7 +90,7 @@ Switch to enable/disable Azure Firewall DNS Proxy.
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Array of custom DNS servers used by Azure Firewall
+Array of custom DNS servers used by Azure Firewall.
 
 ### parVirtualWanName
 
@@ -122,22 +122,23 @@ Array Used for multiple Virtual WAN Hubs deployment. Each object in the array re
 - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`.
 - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50.
 - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`.
+- `parUseCustomNamingScheme` - Switch to enable/disable custom naming scheme. When enabled a custom name can be given for Azure Firewall, ExpressRoute Gateway, VPN Gateway and Virtual Hubs.
 
 
 
 ### parVpnGatewayName
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Prefix Used for VPN Gateway.
+VPN Gateway Name.
 
 - Default value: `[format('{0}-vpngw', parameters('parCompanyPrefix'))]`
 
 ### parExpressRouteGatewayName
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Prefix Used for ExpressRoute Gateway.
+ExpressRoute Gateway Name.
 
 - Default value: `[format('{0}-ergw', parameters('parCompanyPrefix'))]`
 

infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep

@@ -29,8 +29,8 @@ module minimum_vwan_conn '../vwanConnectivity.bicep' = {
         parAzFirewallEnabled: true
         parVirtualHubAddressPrefix: '10.100.0.0/23'
         parHubLocation: 'centralus'
-        parhubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute'
-        parvirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50
+        parHubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute'
+        parVirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50
         parVirtualHubRoutingIntentDestinations: []
       } ]
     parAzFirewallDnsProxyEnabled: true