Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[vwanConnectivity] Refactor to support multi-region hubs #805

Merged
merged 6 commits into from
Jul 15, 2024
Merged

[vwanConnectivity] Refactor to support multi-region hubs #805

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
d602a9a
add logic for creating a policy per azFirewall
sebassem Jul 4, 2024
86b904c
addin fw settings to hub type
sebassem Jul 4, 2024
3fb2176
update all parameters files
sebassem Jul 4, 2024
ec6f7c9
chore: Update parAzFirewallCustomPublicIps' allowed list
sebassem Jul 4, 2024
7413f66
Generate Parameter Markdowns [sebassem/0a9a675f]
github-actions[bot] Jul 4, 2024
92571e3
Merge branch 'main' into vwanconnectivity-azfw-policy-per-region
oZakari Jul 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 8 additions & 65 deletions ...-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,7 @@ Parameter name | Required | Description
parLocation | No | Region in which the resource group was created.
parCompanyPrefix | No | Prefix value which will be prepended to all resource names.
parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.
parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy.
parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode.
parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment.
parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy.
parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall.
parVirtualWanName | No | Prefix Used for Virtual WAN.
parVirtualWanLock | No | Resource Lock Configuration for Virtual WAN. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.
parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub.
Expand All @@ -25,7 +21,6 @@ parVirtualWanHubsLock | No | Resource Lock Configuration for Virtual WAN H
parVpnGatewayName | No | VPN Gateway Name.
parExpressRouteGatewayName | No | ExpressRoute Gateway Name.
parAzFirewallName | No | Azure Firewall Name.
parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty.
parAzFirewallPoliciesName | No | Azure Firewall Policies Name.
parAzureFirewallLock | No | Resource Lock Configuration for Azure Firewall. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.
parVpnGatewayScaleUnit | No | The scale unit for this VPN Gateway.
Expand Down Expand Up @@ -72,26 +67,6 @@ Global Resource Lock Configuration used for all resources deployed in this modul

- Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep vWAN Connectivity Module.}`

### parAzFirewallTier

![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)

Azure Firewall Tier associated with the Firewall to deploy.

- Default value: `Standard`

- Allowed values: `Basic`, `Standard`, `Premium`

### parAzFirewallIntelMode

![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)

The Azure Firewall Threat Intelligence Mode.

- Default value: `Alert`

- Allowed values: `Alert`, `Deny`, `Off`

### parVirtualHubEnabled

![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
Expand All @@ -100,20 +75,6 @@ Switch to enable/disable Virtual Hub deployment.

- Default value: `True`

### parAzFirewallDnsProxyEnabled

![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)

Switch to enable/disable Azure Firewall DNS Proxy.

- Default value: `True`

### parAzFirewallDnsServers

![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)

Array of custom DNS servers used by Azure Firewall.

### parVirtualWanName

![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
Expand Down Expand Up @@ -231,21 +192,13 @@ Azure Firewall Name.

- Default value: `[format('{0}-fw', parameters('parCompanyPrefix'))]`

### parAzFirewallAvailabilityZones

![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)

Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty.

- Allowed values: `1`, `2`, `3`

### parAzFirewallPoliciesName

![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)

Azure Firewall Policies Name.

- Default value: `[format('{0}-azfwpolicy-{1}', parameters('parCompanyPrefix'), parameters('parLocation'))]`
- Default value: `[format('{0}-azfwpolicy', parameters('parCompanyPrefix'))]`

### parAzureFirewallLock

Expand Down Expand Up @@ -413,21 +366,9 @@ outAzFwPrivateIps | array |
"notes": "This lock was created by the ALZ Bicep vWAN Connectivity Module."
}
},
"parAzFirewallTier": {
"value": "Standard"
},
"parAzFirewallIntelMode": {
"value": "Alert"
},
"parVirtualHubEnabled": {
"value": true
},
"parAzFirewallDnsProxyEnabled": {
"value": true
},
"parAzFirewallDnsServers": {
"value": []
},
"parVirtualWanName": {
"value": "[format('{0}-vwan-{1}', parameters('parCompanyPrefix'), parameters('parLocation'))]"
},
Expand All @@ -453,7 +394,12 @@ outAzFwPrivateIps | array |
"parHubLocation": "[parameters('parLocation')]",
"parHubRoutingPreference": "ExpressRoute",
"parVirtualRouterAutoScaleConfiguration": 2,
"parVirtualHubRoutingIntentDestinations": []
"parVirtualHubRoutingIntentDestinations": [],
"parAzFirewallDnsProxyEnabled": true,
"parAzFirewallDnsServers": [],
"parAzFirewallIntelMode": "Alert",
"parAzFirewallTier": "Standard",
"parAzFirewallAvailabilityZones": []
}
]
},
Expand Down Expand Up @@ -484,11 +430,8 @@ outAzFwPrivateIps | array |
"parAzFirewallName": {
"value": "[format('{0}-fw', parameters('parCompanyPrefix'))]"
},
"parAzFirewallAvailabilityZones": {
"value": []
},
"parAzFirewallPoliciesName": {
"value": "[format('{0}-azfwpolicy-{1}', parameters('parCompanyPrefix'), parameters('parLocation'))]"
"value": "[format('{0}-azfwpolicy', parameters('parCompanyPrefix'))]"
},
"parAzureFirewallLock": {
"value": {
Expand Down
23 changes: 8 additions & 15 deletions ...as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,23 +8,11 @@
"parCompanyPrefix": {
"value": "alz"
},
"parAzFirewallTier": {
"value": "Standard"
},
"parAzFirewallIntelMode": {
"value": "Alert"
},
"parVirtualHubEnabled": {
"value": true
},
"parAzFirewallDnsProxyEnabled": {
"value": true
},
"parAzFirewallDnsServers": {
"value": []
},
"parVirtualWanName": {
"value": "alz-vwan-chinaeast2"
"value": "alz-vwan"
},
"parVirtualWanHubName": {
"value": "alz-vhub"
Expand All @@ -45,7 +33,7 @@
"value": []
},
"parAzFirewallPoliciesName": {
"value": "alz-azfwpolicy-chinaeast2"
"value": "alz-azfwpolicy"
},
"parVirtualWanHubs": {
"value": [
Expand All @@ -57,7 +45,12 @@
"parHubLocation": "chinaeast2",
"parHubRoutingPreference": "ExpressRoute",
"parVirtualRouterAutoScaleConfiguration": 2,
"parVirtualHubRoutingIntentDestinations": []
"parVirtualHubRoutingIntentDestinations": [],
"parAzFirewallDnsServers" : [],
"parAzFirewallIntelMode" : "Alert",
"parAzFirewallDnsProxyEnabled": true,
"parAzFirewallTier": "Standard",
"parAzFirewallAvailabilityZones": []
}
]
},
Expand Down
19 changes: 6 additions & 13 deletions ...as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,6 @@
"parCompanyPrefix": {
"value": "alz"
},
"parAzFirewallTier": {
"value": "Standard"
},
"parAzFirewallIntelMode": {
"value": "Alert"
},
"parVirtualHubEnabled": {
"value": true
},
Expand All @@ -27,19 +21,18 @@
"parHubLocation": "chinaeast2",
"parHubRoutingPreference": "ExpressRoute",
"parVirtualRouterAutoScaleConfiguration": 2,
"parVirtualHubRoutingIntentDestinations": []
"parVirtualHubRoutingIntentDestinations": [],
"parAzFirewallDnsServers" : [],
"parAzFirewallIntelMode" : "Alert",
"parAzFirewallDnsProxyEnabled": true,
"parAzFirewallTier": "Standard",
"parAzFirewallAvailabilityZones": []
}
]
},
"parVhubRouteName": {
"value": "default-to-azfw"
},
"parAzFirewallDnsProxyEnabled": {
"value": true
},
"parAzFirewallAvailabilityZones": {
"value": []
},
"parVpnGatewayScaleUnit": {
"value": 1
},
Expand Down
26 changes: 8 additions & 18 deletions infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,23 +8,11 @@
"parCompanyPrefix": {
"value": "alz"
},
"parAzFirewallTier": {
"value": "Standard"
},
"parAzFirewallIntelMode": {
"value": "Alert"
},
"parVirtualHubEnabled": {
"value": true
},
"parAzFirewallDnsProxyEnabled": {
"value": true
},
"parAzFirewallDnsServers": {
"value": []
},
"parVirtualWanName": {
"value": "alz-vwan-eastus"
"value": "alz-vwan"
},
"parVirtualWanHubName": {
"value": "alz-vhub"
Expand All @@ -41,11 +29,8 @@
"parAzFirewallName": {
"value": "alz-fw"
},
"parAzFirewallAvailabilityZones": {
"value": []
},
"parAzFirewallPoliciesName": {
"value": "alz-azfwpolicy-eastus"
"value": "alz-azfwpolicy"
},
"parVirtualWanHubs": {
"value": [
Expand All @@ -57,7 +42,12 @@
"parHubLocation": "eastus",
"parHubRoutingPreference": "ExpressRoute",
"parVirtualRouterAutoScaleConfiguration": 2,
"parVirtualHubRoutingIntentDestinations": []
"parVirtualHubRoutingIntentDestinations": [],
"parAzFirewallDnsServers" : [],
"parAzFirewallIntelMode" : "Alert",
"parAzFirewallDnsProxyEnabled": true,
"parAzFirewallTier": "Standard",
"parAzFirewallAvailabilityZones": []
}
]
},
Expand Down
30 changes: 8 additions & 22 deletions ...as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.all.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,23 +8,11 @@
"parCompanyPrefix": {
"value": "alz"
},
"parAzFirewallTier": {
"value": "Standard"
},
"parAzFirewallIntelMode": {
"value": "Alert"
},
"parVirtualHubEnabled": {
"value": true
},
"parAzFirewallDnsProxyEnabled": {
"value": true
},
"parAzFirewallDnsServers": {
"value": []
},
"parVirtualWanName": {
"value": "alz-vwan-eastus"
"value": "alz-vwan"
},
"parVirtualWanHubName": {
"value": "alz-vhub"
Expand All @@ -41,15 +29,8 @@
"parAzFirewallName": {
"value": "alz-fw"
},
"parAzFirewallAvailabilityZones": {
"value": [
"1",
"2",
"3"
]
},
"parAzFirewallPoliciesName": {
"value": "alz-azfwpolicy-eastus"
"value": "alz-azfwpolicy"
},
"parVirtualWanHubs": {
"value": [
Expand All @@ -61,7 +42,12 @@
"parHubLocation": "eastus",
"parHubRoutingPreference": "ExpressRoute",
"parVirtualRouterAutoScaleConfiguration": 2,
"parVirtualHubRoutingIntentDestinations": []
"parVirtualHubRoutingIntentDestinations": [],
"parAzFirewallDnsServers" : [],
"parAzFirewallIntelMode" : "Alert",
"parAzFirewallDnsProxyEnabled": true,
"parAzFirewallTier": "Standard",
"parAzFirewallAvailabilityZones": ["1","2","3"]
}
]
},
Expand Down
19 changes: 6 additions & 13 deletions infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@
"parCompanyPrefix": {
"value": "alz"
},
"parAzFirewallTier": {
"value": "Standard"
},
"parAzFirewallIntelMode": {
"value": "Alert"
},
"parVirtualHubEnabled": {
"value": true
},
Expand All @@ -27,16 +21,15 @@
"parHubLocation": "eastus",
"parHubRoutingPreference": "ExpressRoute",
"parVirtualRouterAutoScaleConfiguration": 2,
"parVirtualHubRoutingIntentDestinations": []
"parVirtualHubRoutingIntentDestinations": [],
"parAzFirewallDnsServers" : [],
"parAzFirewallIntelMode" : "Alert",
"parAzFirewallDnsProxyEnabled": true,
"parAzFirewallTier": "Standard",
"parAzFirewallAvailabilityZones": []
}
]
},
"parAzFirewallDnsProxyEnabled": {
"value": true
},
"parAzFirewallAvailabilityZones": {
"value": []
},
"parVpnGatewayScaleUnit": {
"value": 1
},
Expand Down
Loading
Loading