Added several user defined types, ability for custom resources names in vwanConnectivity and mgDiagSettings (#656)

* Added type virtualWanOptionsType, introduceded parUseCustomNamingScheme for custom names

* Check if parUseCustomNamingScheme is present in object

* Fixed parameter casing in baseline

* Generate Parameter Markdowns [johnlokerse/40134377]

* Added parameters for resource names

* Added subnetOptionsType

* Generate Parameter Markdowns [johnlokerse/40134377]

* Added descriptions

* Added nonComplianceMessageType

* Added changes to parameter files, added diagnostic settings name to orchestration

* Generate Parameter Markdowns [johnlokerse/40134377]

* Fix error for "List Azure Resources Types" because of usage of type

* Reduced complexity by using coalesce and safe-dereference operator

* Removed default value on description

* Generate Parameter Markdowns [johnlokerse/4e1ac12d]

* Improve clarity for user defined type properties for the custom resource names

* Generate Parameter Markdowns [oZakari/ef8a90cc]

---------

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>
Co-authored-by: Zach Trocinski <ztrocinski@outlook.com>

.github/workflows/bicep-build-to-validate.yml

@@ -73,20 +73,34 @@ jobs:
       - name: List Azure Resource Types
         shell: pwsh
         run: |
-          $resourceTypesFullList = @{}
-
-          Get-ChildItem -Path '.\infra-as-code\bicep\modules' -Recurse -Filter '*.json' -Exclude 'callModuleFromACR.example.json', 'orchHubSpoke.json', '*parameters*.json', 'bicepconfig.json', '*policy_*.json' | ForEach-Object {
-            Write-Information "==> Reading Built ARM Template JSON File: $_" -InformationAction Continue
-            $armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 100
-            $armResourceTypes = $armTemplate.Resources
-            $armResourceTypes | ForEach-Object {
-              if (!$resourceTypesFullList.ContainsKey($_.Type)) {
-                $resourceTypesFullList.Add($_.Type, 1)
+          function Add-ToResourceTypesList {
+              param (
+                  [Parameter(Mandatory = $true)]
+                  [string] $Type
+              )
+              if (!$resourceTypesFullList.ContainsKey($Type)) {
+                  $resourceTypesFullList.Add($Type, 1)
               }
               else {
-                $resourceTypesFullList[$_.Type] += 1
+                  $resourceTypesFullList[$Type] += 1
+              }
+          }
+
+          $resourceTypesFullList = @{}
+          Get-ChildItem -Path '.\infra-as-code\bicep\modules' -Recurse -Filter '*.json' -Exclude 'callModuleFromACR.example.json', 'orchHubSpoke.json', '*parameters*.json', 'bicepconfig.json', '*policy_*.json' | ForEach-Object {
+              Write-Information "==> Reading Built ARM Template JSON File: $_" -InformationAction Continue
+              $armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 100
+              $armResourceTypes = $armTemplate.Resources
+              $armResourceTypes | ForEach-Object {
+                  if ($null -eq $_.Type) {
+                      $_.PSObject.Properties | ForEach-Object {
+                          Add-ToResourceTypesList -Type $_.Value.Type
+                      }
+                  }
+                  else {
+                      Add-ToResourceTypesList -Type $_.Type
+                  }
               }
-            }
           }
 
           Write-Information "==> Remove nested deployments resource type" -InformationAction Continue

infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep

@@ -1,6 +1,23 @@
 metadata name = 'ALZ Bicep - Hub Networking Module'
 metadata description = 'ALZ Bicep Module used to set up Hub Networking'
 
+type subnetOptionsType = ({
+  @description('Name of subnet.')
+  name: string
+
+  @description('IP-address range for subnet.')
+  ipAddressRange: string
+
+  @description('Id of Network Security Group to associate with subnet.')
+  networkSecurityGroupId: string?
+
+  @description('Id of Route Table to associate with subnet.')
+  routeTableId: string?
+
+  @description('Name of the delegation to create for the subnet.')
+  delegation: string?
+})[]
+
 @sys.description('The Azure Region to deploy the resources into.')
 param parLocation string = resourceGroup().location
 
@@ -14,7 +31,7 @@ param parHubNetworkName string = '${parCompanyPrefix}-hub-${parLocation}'
 param parHubNetworkAddressPrefix string = '10.10.0.0/16'
 
 @sys.description('The name, IP address range, network security group, route table and delegation serviceName for each subnet in the virtual networks.')
-param parSubnets array = [
+param parSubnets subnetOptionsType = [
   {
     name: 'AzureBastionSubnet'
     ipAddressRange: '10.10.15.0/24'

infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md

@@ -21,6 +21,7 @@ parTags        | No       | Tags you would like to be applied to all resources i
 parAutomationAccountTags | No       | Tags you would like to be applied to Automation Account.
 parLogAnalyticsWorkspaceTags | No       | Tags you would like to be applied to Log Analytics Workspace.
 parUseSentinelClassicPricingTiers | No       | Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes introduced in July 2023 as documented here: https://learn.microsoft.com/azure/sentinel/enroll-simplified-pricing-tier.
+parLogAnalyticsLinkedServiceAutomationAccountName | No       | Log Analytics LinkedService name for Automation Account.
 parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment telemetry
 
 ### parLogAnalyticsWorkspaceName
@@ -147,6 +148,14 @@ Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes i
 
 - Default value: `False`
 
+### parLogAnalyticsLinkedServiceAutomationAccountName
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Log Analytics LinkedService name for Automation Account.
+
+- Default value: `Automation`
+
 ### parTelemetryOptOut
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -234,6 +243,9 @@ outAutomationAccountId | string |
         "parUseSentinelClassicPricingTiers": {
             "value": false
         },
+        "parLogAnalyticsLinkedServiceAutomationAccountName": {
+            "value": "Automation"
+        },
         "parTelemetryOptOut": {
             "value": false
         }

infra-as-code/bicep/modules/logging/logging.bicep

@@ -92,6 +92,9 @@ param parLogAnalyticsWorkspaceTags object = parTags
 @sys.description('Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes introduced in July 2023 as documented here: https://learn.microsoft.com/azure/sentinel/enroll-simplified-pricing-tier.')
 param parUseSentinelClassicPricingTiers bool = false
 
+@sys.description('Log Analytics LinkedService name for Automation Account.')
+param parLogAnalyticsLinkedServiceAutomationAccountName string = 'Automation'
+
 @sys.description('Set Parameter to true to Opt-out of deployment telemetry')
 param parTelemetryOptOut bool = false
 
@@ -151,7 +154,7 @@ resource resLogAnalyticsWorkspaceSolutions 'Microsoft.OperationsManagement/solut
 
 resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.OperationalInsights/workspaces/linkedServices@2020-08-01' = if (parLogAnalyticsWorkspaceLinkAutomationAccount) {
   parent: resLogAnalyticsWorkspace
-  name: 'Automation'
+  name: parLogAnalyticsLinkedServiceAutomationAccountName
   properties: {
     resourceId: resAutomationAccount.id
   }

infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json

@@ -54,6 +54,9 @@
     "parUseSentinelClassicPricingTiers": {
       "value": false
     },
+    "parLogAnalyticsLinkedServiceAutomationAccountName": {
+      "value": "Automation"
+    },
     "parTelemetryOptOut": {
       "value": false
     }

infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json

@@ -48,6 +48,9 @@
         "Environment": "Live"
       }
     },
+    "parLogAnalyticsLinkedServiceAutomationAccountName": {
+      "value": "Automation"
+    },
     "parTelemetryOptOut": {
       "value": false
     }

infra-as-code/bicep/modules/mgDiagSettings/generateddocs/mgDiagSettings.bicep.md

@@ -7,6 +7,7 @@ Module used to set up Diagnostic Settings for Management Groups
 Parameter name | Required | Description
 -------------- | -------- | -----------
 parLogAnalyticsWorkspaceResourceId | Yes      | Log Analytics Workspace Resource ID.
+parDiagnosticSettingsName | No       | Diagnostic Settings Name.
 parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment telemetry
 
 ### parLogAnalyticsWorkspaceResourceId
@@ -15,6 +16,14 @@ parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment t
 
 Log Analytics Workspace Resource ID.
 
+### parDiagnosticSettingsName
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Diagnostic Settings Name.
+
+- Default value: `toLa`
+
 ### parTelemetryOptOut
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -38,6 +47,9 @@ Set Parameter to true to Opt-out of deployment telemetry
         "parLogAnalyticsWorkspaceResourceId": {
             "value": ""
         },
+        "parDiagnosticSettingsName": {
+            "value": "toLa"
+        },
         "parTelemetryOptOut": {
             "value": false
         }

infra-as-code/bicep/modules/mgDiagSettings/mgDiagSettings.bicep

@@ -6,6 +6,9 @@ metadata description = 'Module used to set up Diagnostic Settings for Management
 @sys.description('Log Analytics Workspace Resource ID.')
 param parLogAnalyticsWorkspaceResourceId string
 
+@sys.description('Diagnostic Settings Name.')
+param parDiagnosticSettingsName string = 'toLa'
+
 @sys.description('Set Parameter to true to Opt-out of deployment telemetry')
 param parTelemetryOptOut bool = false
 
@@ -13,7 +16,7 @@ param parTelemetryOptOut bool = false
 var varCuaid = '5d17f1c2-f17b-4426-9712-0cd2652c4435'
 
 resource mgDiagSet 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
-  name: 'toLa'
+  name: parDiagnosticSettingsName
   properties: {
     workspaceId: parLogAnalyticsWorkspaceResourceId
     logs: [

infra-as-code/bicep/modules/mgDiagSettings/parameters/mgDiagSettings.parameters.all.json

@@ -5,6 +5,9 @@
     "parLogAnalyticsWorkspaceResourceId": {
       "value": ""
     },
+    "parDiagnosticSettingsName": {
+      "value": "toLa"
+    },
     "parTelemetryOptOut": {
       "value": false
     }

infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep

@@ -3,6 +3,14 @@ targetScope = 'managementGroup'
 metadata name = 'ALZ Bicep - Management Group Policy Assignments'
 metadata description = 'Module used to assign policy definitions to management groups'
 
+type nonComplianceMessageType = {
+  @description('The message to display when the policy is non-compliant.')
+  message: string
+
+  @description('The reference ID of the policy definition.')
+  policyDefinitionReferenceId: string
+}[]
+
 @minLength(1)
 @maxLength(24)
 @sys.description('The name of the policy assignment. e.g. "Deny-Public-IP"')
@@ -24,7 +32,7 @@ param parPolicyAssignmentParameters object = {}
 param parPolicyAssignmentParameterOverrides object = {}
 
 @sys.description('An array containing object/s for the non-compliance messages for the policy to be assigned. See https://docs.microsoft.com/en-us/azure/governance/policy/concepts/assignment-structure#non-compliance-messages for more details on use.')
-param parPolicyAssignmentNonComplianceMessages array = []
+param parPolicyAssignmentNonComplianceMessages nonComplianceMessageType = []
 
 @sys.description('An array containing a list of scope Resource IDs to be excluded for the policy assignment. e.g. [\'/providers/Microsoft.Management/managementgroups/alz\', \'/providers/Microsoft.Management/managementgroups/alz-sandbox\' ].')
 param parPolicyAssignmentNotScopes array = []

infra-as-code/bicep/modules/vwanConnectivity/README.md

@@ -17,6 +17,7 @@ Module deploys the following resources which can be configured by parameters:
 
 - [Parameters for Azure Commercial Cloud](generateddocs/vwanConnectivity.bicep.md)
 
+> **NOTE:** Within the `parVirtualWanHubs` parameter, the following keys (parVpnGatewayCustomName, parExpressRouteGatewayCustomName, parAzFirewallCustomName, and parVirtualWanHubCustomName) can be added to create custom names for the associated resources.
 > **NOTE:** Although there are generated parameter markdowns for Azure Commercial Cloud, this same module can still be used in Azure China. Example parameter are in the [parameters](./parameters/) folder.
 
 <!-- markdownlint-disable -->

infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md

@@ -9,15 +9,15 @@ Parameter name | Required | Description
 parLocation    | No       | Region in which the resource group was created.
 parCompanyPrefix | No       | Prefix value which will be prepended to all resource names.
 parAzFirewallTier | No       | Azure Firewall Tier associated with the Firewall to deploy.
-parAzFirewallIntelMode | No       | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.
+parAzFirewallIntelMode | No       | The Azure Firewall Threat Intelligence Mode.
 parVirtualHubEnabled | No       | Switch to enable/disable Virtual Hub deployment.
 parAzFirewallDnsProxyEnabled | No       | Switch to enable/disable Azure Firewall DNS Proxy.
-parAzFirewallDnsServers | No       | Array of custom DNS servers used by Azure Firewall
+parAzFirewallDnsServers | No       | Array of custom DNS servers used by Azure Firewall.
 parVirtualWanName | No       | Prefix Used for Virtual WAN.
 parVirtualWanHubName | No       | Prefix Used for Virtual WAN Hub.
 parVirtualWanHubs | No       | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required.  - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`.  
-parVpnGatewayName | No       | Prefix Used for VPN Gateway.
-parExpressRouteGatewayName | No       | Prefix Used for ExpressRoute Gateway.
+parVpnGatewayName | No       | VPN Gateway Name.
+parExpressRouteGatewayName | No       | ExpressRoute Gateway Name.
 parAzFirewallName | No       | Azure Firewall Name.
 parAzFirewallAvailabilityZones | No       | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty.
 parAzFirewallPoliciesName | No       | Azure Firewall Policies Name.
@@ -64,7 +64,7 @@ Azure Firewall Tier associated with the Firewall to deploy.
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.
+The Azure Firewall Threat Intelligence Mode.
 
 - Default value: `Alert`
 
@@ -90,7 +90,7 @@ Switch to enable/disable Azure Firewall DNS Proxy.
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Array of custom DNS servers used by Azure Firewall
+Array of custom DNS servers used by Azure Firewall.
 
 ### parVirtualWanName
 
@@ -129,7 +129,7 @@ Array Used for multiple Virtual WAN Hubs deployment. Each object in the array re
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Prefix Used for VPN Gateway.
+VPN Gateway Name.
 
 - Default value: `[format('{0}-vpngw', parameters('parCompanyPrefix'))]`
 
@@ -137,7 +137,7 @@ Prefix Used for VPN Gateway.
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Prefix Used for ExpressRoute Gateway.
+ExpressRoute Gateway Name.
 
 - Default value: `[format('{0}-ergw', parameters('parCompanyPrefix'))]`
 

infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep

@@ -29,8 +29,8 @@ module minimum_vwan_conn '../vwanConnectivity.bicep' = {
         parAzFirewallEnabled: true
         parVirtualHubAddressPrefix: '10.100.0.0/23'
         parHubLocation: 'centralus'
-        parhubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute'
-        parvirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50
+        parHubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute'
+        parVirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50
         parVirtualHubRoutingIntentDestinations: []
       } ]
     parAzFirewallDnsProxyEnabled: true

infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep

@@ -1,6 +1,46 @@
 metadata name = 'ALZ Bicep - Azure vWAN Connectivity Module'
 metadata description = 'Module used to set up vWAN Connectivity'
 
+type virtualWanOptionsType = ({
+  @sys.description('Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub.')
+  parVpnGatewayEnabled: bool
+
+  @sys.description('Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub.')
+  parExpressRouteGatewayEnabled: bool
+
+  @sys.description('Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub.')
+  parAzFirewallEnabled: bool
+
+  @sys.description('The IP address range in CIDR notation for the vWAN virtual Hub to use.')
+  parVirtualHubAddressPrefix: string
+
+  @sys.description('The Virtual WAN Hub location.')
+  parHubLocation: string
+
+  @sys.description('The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`.')
+  parHubRoutingPreference: ('ExpressRoute' | 'VpnGateway' | 'ASN')
+
+  @sys.description('The Virtual WAN Hub capacity. The value should be between 2 to 50.')
+  @minValue(2)
+  @maxValue(50)
+  parVirtualRouterAutoScaleConfiguration: int
+
+  @sys.description('The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`.')
+  parVirtualHubRoutingIntentDestinations: ('Internet' | 'PrivateTraffic')[]
+
+  @sys.description('This parameter is used to specify a custom name for the VPN Gateway.')
+  parVpnGatewayCustomName: string?
+
+  @sys.description('This parameter is used to specify a custom name for the ExpressRoute Gateway.')
+  parExpressRouteGatewayCustomName: string?
+
+  @sys.description('This parameter is used to specify a custom name for the Azure Firewall.')
+  parAzFirewallCustomName: string?
+
+  @sys.description('This parameter is used to specify a custom name for the Virtual WAN Hub.')
+  parVirtualWanHubCustomName: string?
+})[]
+
 @sys.description('Region in which the resource group was created.')
 param parLocation string = resourceGroup().location
 
@@ -15,7 +55,7 @@ param parCompanyPrefix string = 'alz'
 ])
 param parAzFirewallTier string = 'Standard'
 
-@sys.description('The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.')
+@sys.description('The Azure Firewall Threat Intelligence Mode.')
 @allowed([
   'Alert'
   'Deny'
@@ -29,7 +69,7 @@ param parVirtualHubEnabled bool = true
 @sys.description('Switch to enable/disable Azure Firewall DNS Proxy.')
 param parAzFirewallDnsProxyEnabled bool = true
 
-@sys.description('Array of custom DNS servers used by Azure Firewall')
+@sys.description('Array of custom DNS servers used by Azure Firewall.')
 param parAzFirewallDnsServers array = []
 
 @sys.description('Prefix Used for Virtual WAN.')
@@ -50,22 +90,22 @@ param parVirtualWanHubName string = '${parCompanyPrefix}-vhub'
 - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`.
 
 ''')
-param parVirtualWanHubs array = [ {
+param parVirtualWanHubs virtualWanOptionsType = [ {
     parVpnGatewayEnabled: true
     parExpressRouteGatewayEnabled: true
     parAzFirewallEnabled: true
     parVirtualHubAddressPrefix: '10.100.0.0/23'
     parHubLocation: parLocation
-    parHubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute'.
-    parVirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50
+    parHubRoutingPreference: 'ExpressRoute'
+    parVirtualRouterAutoScaleConfiguration: 2
     parVirtualHubRoutingIntentDestinations: []
   }
 ]
 
-@sys.description('Prefix Used for VPN Gateway.')
+@sys.description('VPN Gateway Name.')
 param parVpnGatewayName string = '${parCompanyPrefix}-vpngw'
 
-@sys.description('Prefix Used for ExpressRoute Gateway.')
+@sys.description('ExpressRoute Gateway Name.')
 param parExpressRouteGatewayName string = '${parCompanyPrefix}-ergw'
 
 @sys.description('Azure Firewall Name.')
@@ -210,7 +250,7 @@ resource resVwan 'Microsoft.Network/virtualWans@2023-04-01' = {
 }
 
 resource resVhub 'Microsoft.Network/virtualHubs@2023-04-01' = [for hub in parVirtualWanHubs: if (parVirtualHubEnabled && !empty(hub.parVirtualHubAddressPrefix)) {
-  name: '${parVirtualWanHubName}-${hub.parHubLocation}'
+  name: hub.?parVirtualWanHubCustomName ?? '${parVirtualWanHubName}-${hub.parHubLocation}'
   location: hub.parHubLocation
   tags: parTags
   properties: {
@@ -249,7 +289,7 @@ resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-04
 
 resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023-04-01' = [for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && hub.parAzFirewallEnabled && !empty(hub.parVirtualHubRoutingIntentDestinations)) {
   parent: resVhub[i]
-  name: '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent'
+  name: !empty(hub.?parVirtualWanHubCustomName) ? '${hub.parVirtualWanHubCustomName}-Routing-Intent' : '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent'
   properties: {
     routingPolicies: [for destination in hub.parVirtualHubRoutingIntentDestinations: {
       name: destination == 'Internet' ? 'PublicTraffic' : destination == 'PrivateTraffic' ? 'PrivateTraffic' : 'N/A'
@@ -263,7 +303,7 @@ resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023-
 
 resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parVpnGatewayEnabled)) {
   dependsOn: resVhub
-  name: '${parVpnGatewayName}-${hub.parHubLocation}'
+  name: hub.?parVpnGatewayCustomName ?? '${parVpnGatewayName}-${hub.parHubLocation}'
   location: hub.parHubLocation
   tags: parTags
   properties: {
@@ -281,7 +321,7 @@ resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i
 
 resource resErGateway 'Microsoft.Network/expressRouteGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parExpressRouteGatewayEnabled)) {
   dependsOn: resVhub
-  name: '${parExpressRouteGatewayName}-${hub.parHubLocation}'
+  name: hub.?parExpressRouteGatewayCustomName ?? '${parExpressRouteGatewayName}-${hub.parHubLocation}'
   location: hub.parHubLocation
   tags: parTags
   properties: {
@@ -318,7 +358,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i
 }
 
 resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parAzFirewallEnabled)) {
-  name: '${parAzFirewallName}-${hub.parHubLocation}'
+  name: hub.?parAzFirewallCustomName ?? '${parAzFirewallName}-${hub.parHubLocation}'
   location: hub.parHubLocation
   tags: parTags
   zones: (!empty(parAzFirewallAvailabilityZones) ? parAzFirewallAvailabilityZones : null)

infra-as-code/bicep/orchestration/mgDiagSettingsAll/generateddocs/mgDiagSettingsAll.bicep.md

@@ -11,6 +11,7 @@ parTopLevelManagementGroupSuffix | No       | Optional suffix for the management
 parLandingZoneMgChildren | No       | Array of strings to allow additional or different child Management Groups of the Landing Zones Management Group.
 parPlatformMgChildren | No       | Array of strings to allow additional or different child Management Groups of the Platform Management Group.
 parLogAnalyticsWorkspaceResourceId | Yes      | Log Analytics Workspace Resource ID.
+parDiagnosticSettingsName | No       | Diagnostic Settings Name.
 parLandingZoneMgAlzDefaultsEnable | No       | Deploys Diagnostic Settings on Corp & Online Management Groups beneath Landing Zones Management Group if set to true.
 parPlatformMgAlzDefaultsEnable | No       | Deploys Diagnostic Settings on Management, Connectivity and Identity Management Groups beneath Platform Management Group if set to true.
 parLandingZoneMgConfidentialEnable | No       | Deploys Diagnostic Settings on Confidential Corp & Confidential Online Management Groups beneath Landing Zones Management Group if set to true.
@@ -48,6 +49,14 @@ Array of strings to allow additional or different child Management Groups of the
 
 Log Analytics Workspace Resource ID.
 
+### parDiagnosticSettingsName
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Diagnostic Settings Name.
+
+- Default value: `toLa`
+
 ### parLandingZoneMgAlzDefaultsEnable
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -107,6 +116,9 @@ Set Parameter to true to Opt-out of deployment telemetry.
         "parLogAnalyticsWorkspaceResourceId": {
             "value": ""
         },
+        "parDiagnosticSettingsName": {
+            "value": "toLa"
+        },
         "parLandingZoneMgAlzDefaultsEnable": {
             "value": true
         },

infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep

@@ -21,6 +21,9 @@ param parPlatformMgChildren array = []
 @sys.description('Log Analytics Workspace Resource ID.')
 param parLogAnalyticsWorkspaceResourceId string
 
+@sys.description('Diagnostic Settings Name.')
+param parDiagnosticSettingsName string = 'toLa'
+
 @sys.description('Deploys Diagnostic Settings on Corp & Online Management Groups beneath Landing Zones Management Group if set to true.')
 param parLandingZoneMgAlzDefaultsEnable bool = true
 
@@ -84,6 +87,7 @@ module modMgDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bicep' = [for m
   name: 'mg-diag-set-${mgId.value}'
   params: {
     parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId
+    parDiagnosticSettingsName: parDiagnosticSettingsName
     parTelemetryOptOut: parTelemetryOptOut
   }
 }]
@@ -94,6 +98,7 @@ module modMgLandingZonesDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bic
   name: 'mg-diag-set-${childMg.value}'
   params: {
     parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId
+    parDiagnosticSettingsName: parDiagnosticSettingsName
     parTelemetryOptOut: parTelemetryOptOut
   }
 }]
@@ -104,6 +109,7 @@ module modMgPlatformDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bicep'
   name: 'mg-diag-set-${childMg.value}'
   params: {
     parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId
+    parDiagnosticSettingsName: parDiagnosticSettingsName
     parTelemetryOptOut: parTelemetryOptOut
   }
 }]
@@ -114,6 +120,7 @@ module modMgChildrenDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bicep'
   name: 'mg-diag-set-${childMg.mgId}'
   params: {
     parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId
+    parDiagnosticSettingsName: parDiagnosticSettingsName
     parTelemetryOptOut: parTelemetryOptOut
   }
 }]
@@ -124,6 +131,7 @@ module modPlatformMgChildrenDiagSet '../../modules/mgDiagSettings/mgDiagSettings
   name: 'mg-diag-set-${childMg.mgId}'
   params: {
     parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId
+    parDiagnosticSettingsName: parDiagnosticSettingsName
     parTelemetryOptOut: parTelemetryOptOut
   }
 }]

infra-as-code/bicep/orchestration/mgDiagSettingsAll/parameters/mgDiagSettingsAll.parameters.all.json

@@ -20,6 +20,9 @@
     "parLogAnalyticsWorkspaceResourceId": {
       "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/alz-logging/providers/microsoft.operationalinsights/workspaces/alz-log-analytics"
     },
+    "parDiagnosticSettingsName": {
+      "value": "toLa"
+    },
     "parLandingZoneMgChildren": {
       "value": []
     },