From e1279bdab65f68f66bb21b8334c91fd9f560a792 Mon Sep 17 00:00:00 2001 From: alisakina99 Date: Tue, 30 Apr 2024 12:30:53 -0400 Subject: [PATCH 1/3] Editing the main bicep module file (1), parameters files (5), and generated docs file (1) to parameterize route entry name(s) in the route table (VWAN hub to Az Firewall). --- .../generateddocs/vwanConnectivity.bicep.md | 20 ++++++++++--------- .../mc-vwanConnectivity.parameters.all.json | 3 +++ .../mc-vwanConnectivity.parameters.min.json | 3 +++ .../vwanConnectivity.parameters.all.json | 3 +++ .../vwanConnectivity.parameters.az.all.json | 3 +++ .../vwanConnectivity.parameters.min.json | 3 +++ .../vwanConnectivity/vwanConnectivity.bicep | 5 ++++- 7 files changed, 30 insertions(+), 10 deletions(-) diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index 6bb9c2bb2..b64b0d6b0 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -4,41 +4,43 @@ Module used to set up vWAN Connectivity ## Parameters + Parameter name | Required | Description -------------- | -------- | ----------- parLocation | No | Region in which the resource group was created. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. -parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall. parVirtualWanName | No | Prefix Used for Virtual WAN. -parVirtualWanLock | No | Resource Lock Configuration for Virtual WAN. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parVirtualWanLock | No | Resource Lock Configuration for Virtual WAN. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub. -parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. -parVpnGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub VPN Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. -parExpressRouteGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub ExpressRoute Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. -parVirtualWanHubsLock | No | Resource Lock Configuration for Virtual WAN Hub. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parVirtualWanHubRouteName | No | The name of the route table that manages routing between the Virtual WAN Hub and the Azure Firewall +parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. +parVpnGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub VPN Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parExpressRouteGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub ExpressRoute Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parVirtualWanHubsLock | No | Resource Lock Configuration for Virtual WAN Hub. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parVpnGatewayName | No | VPN Gateway Name. parExpressRouteGatewayName | No | ExpressRoute Gateway Name. parAzFirewallName | No | Azure Firewall Name. parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. parAzFirewallPoliciesName | No | Azure Firewall Policies Name. -parAzureFirewallLock | No | Resource Lock Configuration for Azure Firewall. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parAzureFirewallLock | No | Resource Lock Configuration for Azure Firewall. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parVpnGatewayScaleUnit | No | The scale unit for this VPN Gateway. parExpressRouteGatewayScaleUnit | No | The scale unit for this ExpressRoute Gateway. parDdosEnabled | No | Switch to enable/disable DDoS Network Protection deployment. parDdosPlanName | No | DDoS Plan Name. -parDdosLock | No | Resource Lock Configuration for DDoS Plan. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parDdosLock | No | Resource Lock Configuration for DDoS Plan. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parPrivateDnsZonesEnabled | No | Switch to enable/disable Private DNS Zones deployment. parPrivateDnsZonesResourceGroup | No | Resource Group Name for Private DNS Zones. parPrivateDnsZones | No | Array of DNS Zones to provision in Hub Virtual Network. parPrivateDnsZoneAutoMergeAzureBackupZone | No | Set Parameter to false to skip the addition of a Private DNS Zone for Azure Backup. parVirtualNetworkIdToLink | No | Resource ID of VNet for Private DNS Zone VNet Links parVirtualNetworkIdToLinkFailover | No | Resource ID of Failover VNet for Private DNS Zone VNet Failover Links -parPrivateDNSZonesLock | No | Resource Lock Configuration for Private DNS Zone(s). - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parPrivateDNSZonesLock | No | Resource Lock Configuration for Private DNS Zone(s). - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parTags | No | Tags you would like to be applied to all resources in this module. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json index 0693e34bd..05342e672 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json @@ -29,6 +29,9 @@ "parVirtualWanHubName": { "value": "alz-vhub" }, + "parVirtualWanHubRouteName": { + "value": "default-to-azfw" + }, "parVpnGatewayName": { "value": "alz-vpngw" }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json index 653ed1b92..cb9827d99 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json @@ -31,6 +31,9 @@ } ] }, + "parVhubRouteName": { + "value": "default-to-azfw" + }, "parAzFirewallDnsProxyEnabled": { "value": true }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json index a35264e0d..5051bd764 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json @@ -29,6 +29,9 @@ "parVirtualWanHubName": { "value": "alz-vhub" }, + "parVirtualWanHubRouteName": { + "value": "default-to-azfw" + }, "parVpnGatewayName": { "value": "alz-vpngw" }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.all.json index 2b46305e3..cdd48386a 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.all.json @@ -29,6 +29,9 @@ "parVirtualWanHubName": { "value": "alz-vhub" }, + "parVirtualWanHubRouteName": { + "value": "default-to-azfw" + }, "parVpnGatewayName": { "value": "alz-vpngw" }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json index a9ee9ea2d..b7d7fad21 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json @@ -14,6 +14,9 @@ "parVirtualHubEnabled": { "value": true }, + "parVirtualWanHubRouteName": { + "value": "default-to-azfw" + }, "parVirtualWanHubs": { "value": [ { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 66d0dce69..bd1b1a973 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -111,6 +111,9 @@ param parVirtualWanLock lockType = { @sys.description('Prefix Used for Virtual WAN Hub.') param parVirtualWanHubName string = '${parCompanyPrefix}-vhub' +@sys.description('The name of the route table that manages routing between the Virtual WAN Hub and the Azure Firewall.') +parVirtualWanHubRouteName: 'default-to-azfw' + @sys.description('''Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. @@ -394,7 +397,7 @@ resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-04 ] routes: [ { - name: 'default-to-azfw' + name: parVirtualWanHubRouteName destinations: [ '0.0.0.0/0' ] From 9d20a97b094f782046733eeab9fd757b7774c2b1 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Tue, 30 Apr 2024 12:52:31 -0500 Subject: [PATCH 2/3] Update param name and fix param declaration --- .../vwanConnectivity/generateddocs/vwanConnectivity.bicep.md | 2 +- .../parameters/mc-vwanConnectivity.parameters.all.json | 2 +- .../parameters/vwanConnectivity.parameters.all.json | 2 +- .../parameters/vwanConnectivity.parameters.az.all.json | 2 +- .../parameters/vwanConnectivity.parameters.min.json | 2 +- .../bicep/modules/vwanConnectivity/vwanConnectivity.bicep | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index b64b0d6b0..972dbee4c 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -18,7 +18,7 @@ parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure F parVirtualWanName | No | Prefix Used for Virtual WAN. parVirtualWanLock | No | Resource Lock Configuration for Virtual WAN. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub. -parVirtualWanHubRouteName | No | The name of the route table that manages routing between the Virtual WAN Hub and the Azure Firewall +parVirtualWanHubDefaultRouteName | No | The name of the route table that manages routing between the Virtual WAN Hub and the Azure Firewall parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. parVpnGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub VPN Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parExpressRouteGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub ExpressRoute Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json index 05342e672..0500b3ff5 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json @@ -29,7 +29,7 @@ "parVirtualWanHubName": { "value": "alz-vhub" }, - "parVirtualWanHubRouteName": { + "parVirtualWanHubDefaultRouteName": { "value": "default-to-azfw" }, "parVpnGatewayName": { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json index 5051bd764..f7c8cb610 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json @@ -29,7 +29,7 @@ "parVirtualWanHubName": { "value": "alz-vhub" }, - "parVirtualWanHubRouteName": { + "parVirtualWanHubDefaultRouteName": { "value": "default-to-azfw" }, "parVpnGatewayName": { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.all.json index cdd48386a..9eba41093 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.all.json @@ -29,7 +29,7 @@ "parVirtualWanHubName": { "value": "alz-vhub" }, - "parVirtualWanHubRouteName": { + "parVirtualWanHubDefaultRouteName": { "value": "default-to-azfw" }, "parVpnGatewayName": { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json index b7d7fad21..17233c0b6 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json @@ -14,7 +14,7 @@ "parVirtualHubEnabled": { "value": true }, - "parVirtualWanHubRouteName": { + "parVirtualWanHubDefaultRouteName": { "value": "default-to-azfw" }, "parVirtualWanHubs": { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index bd1b1a973..94e7ce3c1 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -112,7 +112,7 @@ param parVirtualWanLock lockType = { param parVirtualWanHubName string = '${parCompanyPrefix}-vhub' @sys.description('The name of the route table that manages routing between the Virtual WAN Hub and the Azure Firewall.') -parVirtualWanHubRouteName: 'default-to-azfw' +param parVirtualWanHubDefaultRouteName string = 'default-to-azfw' @sys.description('''Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. @@ -397,7 +397,7 @@ resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-04 ] routes: [ { - name: parVirtualWanHubRouteName + name: parVirtualWanHubDefaultRouteName destinations: [ '0.0.0.0/0' ] From 60b05f91e25a7110ef759b0f566318be09ebc1b0 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 17:57:09 +0000 Subject: [PATCH 3/3] Generate Parameter Markdowns [oZakari/f77834c7] --- .../generateddocs/hubNetworking.bicep.md | 40 +++++++++---------- .../generateddocs/vwanConnectivity.bicep.md | 32 ++++++++++----- 2 files changed, 41 insertions(+), 31 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index a7295cf77..ae2720185 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -9,49 +9,49 @@ Parameter name | Required | Description parLocation | No | The Azure Region to deploy the resources into. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. parHubNetworkName | No | Name for Hub Network. -parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parHubNetworkAddressPrefix | No | The IP address range for Hub Network. parSubnets | No | The name, IP address range, network security group, route table and delegation serviceName for each subnet in the virtual networks. parDnsServerIps | No | Array of DNS Server IP addresses for VNet. -parVirtualNetworkLock | No | Resource Lock Configuration for Virtual Network. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parVirtualNetworkLock | No | Resource Lock Configuration for Virtual Network. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parPublicIpSku | No | Public IP Address SKU. parPublicIpPrefix | No | Optional Prefix for Public IPs. Include a succedent dash if required. Example: prefix- parPublicIpSuffix | No | Optional Suffix for Public IPs. Include a preceding dash if required. Example: -suffix -parAzFirewallCustomPublicIps | No | Optional List of Custom Public IPs, which are assigned to firewalls ipConfigurations. parAzBastionEnabled | No | Switch to enable/disable Azure Bastion deployment. parAzBastionName | No | Name Associated with Bastion Service. parAzBastionSku | No | Azure Bastion SKU. parAzBastionTunneling | No | Switch to enable/disable Bastion native client support. This is only supported when the Standard SKU is used for Bastion as documented here: https://learn.microsoft.com/azure/bastion/native-client parAzBastionNsgName | No | Name for Azure Bastion Subnet NSG. -parBastionLock | No | Resource Lock Configuration for Bastion. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parBastionLock | No | Resource Lock Configuration for Bastion. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parDdosEnabled | No | Switch to enable/disable DDoS Network Protection deployment. parDdosPlanName | No | DDoS Plan Name. -parDdosLock | No | Resource Lock Configuration for DDoS Plan. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parDdosLock | No | Resource Lock Configuration for DDoS Plan. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parAzFirewallEnabled | No | Switch to enable/disable Azure Firewall deployment. parAzFirewallName | No | Azure Firewall Name. parAzFirewallPoliciesName | No | Azure Firewall Policies Name. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. +parAzFirewallCustomPublicIps | No | Optional List of Custom Public IPs, which are assigned to firewalls ipConfigurations. parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. parAzErGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. parAzVpnGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall -parAzureFirewallLock | No | Resource Lock Configuration for Azure Firewall. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parAzureFirewallLock | No | Resource Lock Configuration for Azure Firewall. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parHubRouteTableName | No | Name of Route table to create for the default route of Hub. parDisableBgpRoutePropagation | No | Switch to enable/disable BGP Propagation on route table. -parHubRouteTableLock | No | Resource Lock Configuration for Hub Route Table. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parHubRouteTableLock | No | Resource Lock Configuration for Hub Route Table. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parPrivateDnsZonesEnabled | No | Switch to enable/disable Private DNS Zones deployment. parPrivateDnsZonesResourceGroup | No | Resource Group Name for Private DNS Zones. parPrivateDnsZones | No | Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones parPrivateDnsZoneAutoMergeAzureBackupZone | No | Set Parameter to false to skip the addition of a Private DNS Zone for Azure Backup. parVirtualNetworkIdToLinkFailover | No | Resource ID of Failover VNet for Private DNS Zone VNet Failover Links -parPrivateDNSZonesLock | No | Resource Lock Configuration for Private DNS Zone(s). - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parPrivateDNSZonesLock | No | Resource Lock Configuration for Private DNS Zone(s). - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parVpnGatewayEnabled | No | Switch to enable/disable VPN virtual network gateway deployment. parVpnGatewayConfig | No | Configuration for VPN virtual network gateway to be deployed. parExpressRouteGatewayEnabled | No | Switch to enable/disable ExpressRoute virtual network gateway deployment. parExpressRouteGatewayConfig | No | Configuration for ExpressRoute virtual network gateway to be deployed. -parVirtualNetworkGatewayLock | No | Resource Lock Configuration for ExpressRoute Virtual Network Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parVirtualNetworkGatewayLock | No | Resource Lock Configuration for ExpressRoute Virtual Network Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parTags | No | Tags you would like to be applied to all resources in this module. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry. parBastionOutboundSshRdpPorts | No | Define outbound destination ports or ranges for SSH or RDP that you want to access from Azure Bastion. @@ -152,12 +152,6 @@ Optional Suffix for Public IPs. Include a preceding dash if required. Example: - - Default value: `-PublicIP` -### parAzFirewallCustomPublicIps - -![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) - -Optional List of Custom Public IPs, which are assigned to firewalls ipConfigurations. - ### parAzBastionEnabled ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -286,14 +280,20 @@ The Azure Firewall Threat Intelligence Mode. If not set, the default value is Al - Allowed values: `Alert`, `Deny`, `Off` -### parAzFirewallAvailabilityZones +### parAzFirewallCustomPublicIps ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. +Optional List of Custom Public IPs, which are assigned to firewalls ipConfigurations. - Allowed values: `1`, `2`, `3` +### parAzFirewallAvailabilityZones + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. + ### parAzErGatewayAvailabilityZones ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -572,9 +572,6 @@ outHubVirtualNetworkId | string | "parPublicIpSuffix": { "value": "-PublicIP" }, - "parAzFirewallCustomPublicIps": { - "value": [] - }, "parAzBastionEnabled": { "value": true }, @@ -623,6 +620,9 @@ outHubVirtualNetworkId | string | "parAzFirewallIntelMode": { "value": "Alert" }, + "parAzFirewallCustomPublicIps": { + "value": [] + }, "parAzFirewallAvailabilityZones": { "value": [] }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index 972dbee4c..3f487784a 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -4,43 +4,42 @@ Module used to set up vWAN Connectivity ## Parameters - Parameter name | Required | Description -------------- | -------- | ----------- parLocation | No | Region in which the resource group was created. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. -parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall. parVirtualWanName | No | Prefix Used for Virtual WAN. -parVirtualWanLock | No | Resource Lock Configuration for Virtual WAN. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parVirtualWanLock | No | Resource Lock Configuration for Virtual WAN. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub. -parVirtualWanHubDefaultRouteName | No | The name of the route table that manages routing between the Virtual WAN Hub and the Azure Firewall -parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. -parVpnGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub VPN Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. -parExpressRouteGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub ExpressRoute Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. -parVirtualWanHubsLock | No | Resource Lock Configuration for Virtual WAN Hub. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parVirtualWanHubDefaultRouteName | No | The name of the route table that manages routing between the Virtual WAN Hub and the Azure Firewall. +parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. +parVpnGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub VPN Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parExpressRouteGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub ExpressRoute Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parVirtualWanHubsLock | No | Resource Lock Configuration for Virtual WAN Hub. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parVpnGatewayName | No | VPN Gateway Name. parExpressRouteGatewayName | No | ExpressRoute Gateway Name. parAzFirewallName | No | Azure Firewall Name. parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. parAzFirewallPoliciesName | No | Azure Firewall Policies Name. -parAzureFirewallLock | No | Resource Lock Configuration for Azure Firewall. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parAzureFirewallLock | No | Resource Lock Configuration for Azure Firewall. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parVpnGatewayScaleUnit | No | The scale unit for this VPN Gateway. parExpressRouteGatewayScaleUnit | No | The scale unit for this ExpressRoute Gateway. parDdosEnabled | No | Switch to enable/disable DDoS Network Protection deployment. parDdosPlanName | No | DDoS Plan Name. -parDdosLock | No | Resource Lock Configuration for DDoS Plan. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parDdosLock | No | Resource Lock Configuration for DDoS Plan. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parPrivateDnsZonesEnabled | No | Switch to enable/disable Private DNS Zones deployment. parPrivateDnsZonesResourceGroup | No | Resource Group Name for Private DNS Zones. parPrivateDnsZones | No | Array of DNS Zones to provision in Hub Virtual Network. parPrivateDnsZoneAutoMergeAzureBackupZone | No | Set Parameter to false to skip the addition of a Private DNS Zone for Azure Backup. parVirtualNetworkIdToLink | No | Resource ID of VNet for Private DNS Zone VNet Links parVirtualNetworkIdToLinkFailover | No | Resource ID of Failover VNet for Private DNS Zone VNet Failover Links -parPrivateDNSZonesLock | No | Resource Lock Configuration for Private DNS Zone(s). - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parPrivateDNSZonesLock | No | Resource Lock Configuration for Private DNS Zone(s). - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parTags | No | Tags you would like to be applied to all resources in this module. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry @@ -144,6 +143,14 @@ Prefix Used for Virtual WAN Hub. - Default value: `[format('{0}-vhub', parameters('parCompanyPrefix'))]` +### parVirtualWanHubDefaultRouteName + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +The name of the route table that manages routing between the Virtual WAN Hub and the Azure Firewall. + +- Default value: `default-to-azfw` + ### parVirtualWanHubs ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -433,6 +440,9 @@ outAzFwPrivateIps | array | "parVirtualWanHubName": { "value": "[format('{0}-vhub', parameters('parCompanyPrefix'))]" }, + "parVirtualWanHubDefaultRouteName": { + "value": "default-to-azfw" + }, "parVirtualWanHubs": { "value": [ {