Added several user defined types, ability for custom resources names in vwanConnectivity and mgDiagSettings (#656)

* Added type virtualWanOptionsType, introduceded parUseCustomNamingScheme for custom names * Check if parUseCustomNamingScheme is present in object * Fixed parameter casing in baseline * Generate Parameter Markdowns [johnlokerse/40134377] * Added parameters for resource names * Added subnetOptionsType * Generate Parameter Markdowns [johnlokerse/40134377] * Added descriptions * Added nonComplianceMessageType * Added changes to parameter files, added diagnostic settings name to orchestration * Generate Parameter Markdowns [johnlokerse/40134377] * Fix error for "List Azure Resources Types" because of usage of type * Reduced complexity by using coalesce and safe-dereference operator * Removed default value on description * Generate Parameter Markdowns [johnlokerse/4e1ac12d] * Improve clarity for user defined type properties for the custom resource names * Generate Parameter Markdowns [oZakari/ef8a90cc] --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com> Co-authored-by: Zach Trocinski <ztrocinski@outlook.com>
2023-11-20 22:05:50 +01:00 · 2023-11-20 22:05:50 +01:00 · 2ee5422bbe
--- a/.github/workflows/bicep-build-to-validate.yml
+++ b/.github/workflows/bicep-build-to-validate.yml
@ -73,20 +73,34 @@ jobs:
      - name: List Azure Resource Types
        shell: pwsh
        run: |
-          $resourceTypesFullList = @{}
+          function Add-ToResourceTypesList {
-
+              param (
-          Get-ChildItem -Path '.\infra-as-code\bicep\modules' -Recurse -Filter '*.json' -Exclude 'callModuleFromACR.example.json', 'orchHubSpoke.json', '*parameters*.json', 'bicepconfig.json', '*policy_*.json' | ForEach-Object {
+                  [Parameter(Mandatory = $true)]
-            Write-Information "==> Reading Built ARM Template JSON File: $_" -InformationAction Continue
+                  [string] $Type
-            $armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 100
+              )
-            $armResourceTypes = $armTemplate.Resources
+              if (!$resourceTypesFullList.ContainsKey($Type)) {
-            $armResourceTypes | ForEach-Object {
+                  $resourceTypesFullList.Add($Type, 1)
              if (!$resourceTypesFullList.ContainsKey($_.Type)) {
                $resourceTypesFullList.Add($_.Type, 1)
              }
              else {
-                $resourceTypesFullList[$_.Type] += 1
+                  $resourceTypesFullList[$Type] += 1
              }
          }
          $resourceTypesFullList = @{}
          Get-ChildItem -Path '.\infra-as-code\bicep\modules' -Recurse -Filter '*.json' -Exclude 'callModuleFromACR.example.json', 'orchHubSpoke.json', '*parameters*.json', 'bicepconfig.json', '*policy_*.json' | ForEach-Object {
              Write-Information "==> Reading Built ARM Template JSON File: $_" -InformationAction Continue
              $armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 100
              $armResourceTypes = $armTemplate.Resources
              $armResourceTypes | ForEach-Object {
                  if ($null -eq $_.Type) {
                      $_.PSObject.Properties | ForEach-Object {
                          Add-ToResourceTypesList -Type $_.Value.Type
                      }
                  }
                  else {
                      Add-ToResourceTypesList -Type $_.Type
                  }
              }
            }
          }
          Write-Information "==> Remove nested deployments resource type" -InformationAction Continue
--- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep
+++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep
@ -1,6 +1,23 @@
 metadata name = 'ALZ Bicep - Hub Networking Module'
 metadata description = 'ALZ Bicep Module used to set up Hub Networking'
 type subnetOptionsType = ({
  @description('Name of subnet.')
  name: string
  @description('IP-address range for subnet.')
  ipAddressRange: string
  @description('Id of Network Security Group to associate with subnet.')
  networkSecurityGroupId: string?
  @description('Id of Route Table to associate with subnet.')
  routeTableId: string?
  @description('Name of the delegation to create for the subnet.')
  delegation: string?
 })[]
@sys.description('The Azure Region to deploy the resources into.')
 param parLocation string = resourceGroup().location
@ -14,7 +31,7 @@ param parHubNetworkName string = '${parCompanyPrefix}-hub-${parLocation}'
 param parHubNetworkAddressPrefix string = '10.10.0.0/16'
@sys.description('The name, IP address range, network security group, route table and delegation serviceName for each subnet in the virtual networks.')
-param parSubnets array = [
+param parSubnets subnetOptionsType = [
  {
    name: 'AzureBastionSubnet'
    ipAddressRange: '10.10.15.0/24'
--- a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md
+++ b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md
@ -21,6 +21,7 @@ parTags        | No       | Tags you would like to be applied to all resources i
 parAutomationAccountTags | No       | Tags you would like to be applied to Automation Account.
 parLogAnalyticsWorkspaceTags | No       | Tags you would like to be applied to Log Analytics Workspace.
 parUseSentinelClassicPricingTiers | No       | Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes introduced in July 2023 as documented here: https://learn.microsoft.com/azure/sentinel/enroll-simplified-pricing-tier.
 parLogAnalyticsLinkedServiceAutomationAccountName | No       | Log Analytics LinkedService name for Automation Account.
 parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment telemetry
 ### parLogAnalyticsWorkspaceName
@ -147,6 +148,14 @@ Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes i
 - Default value: `False`
 ### parLogAnalyticsLinkedServiceAutomationAccountName
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 Log Analytics LinkedService name for Automation Account.
 - Default value: `Automation`
 ### parTelemetryOptOut
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@ -234,6 +243,9 @@ outAutomationAccountId | string |
        "parUseSentinelClassicPricingTiers": {
            "value": false
        },
        "parLogAnalyticsLinkedServiceAutomationAccountName": {
            "value": "Automation"
        },
        "parTelemetryOptOut": {
            "value": false
        }
--- a/infra-as-code/bicep/modules/logging/logging.bicep
+++ b/infra-as-code/bicep/modules/logging/logging.bicep
@ -92,6 +92,9 @@ param parLogAnalyticsWorkspaceTags object = parTags
@sys.description('Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes introduced in July 2023 as documented here: https://learn.microsoft.com/azure/sentinel/enroll-simplified-pricing-tier.')
 param parUseSentinelClassicPricingTiers bool = false
@sys.description('Log Analytics LinkedService name for Automation Account.')
 param parLogAnalyticsLinkedServiceAutomationAccountName string = 'Automation'
@sys.description('Set Parameter to true to Opt-out of deployment telemetry')
 param parTelemetryOptOut bool = false
@ -151,7 +154,7 @@ resource resLogAnalyticsWorkspaceSolutions 'Microsoft.OperationsManagement/solut
 resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.OperationalInsights/workspaces/linkedServices@2020-08-01' = if (parLogAnalyticsWorkspaceLinkAutomationAccount) {
  parent: resLogAnalyticsWorkspace
-  name: 'Automation'
+  name: parLogAnalyticsLinkedServiceAutomationAccountName
  properties: {
    resourceId: resAutomationAccount.id
  }
--- a/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json
+++ b/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json
@ -54,6 +54,9 @@
    "parUseSentinelClassicPricingTiers": {
      "value": false
    },
    "parLogAnalyticsLinkedServiceAutomationAccountName": {
      "value": "Automation"
    },
    "parTelemetryOptOut": {
      "value": false
    }
--- a/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json
+++ b/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json
@ -48,6 +48,9 @@
        "Environment": "Live"
      }
    },
    "parLogAnalyticsLinkedServiceAutomationAccountName": {
      "value": "Automation"
    },
    "parTelemetryOptOut": {
      "value": false
    }
--- a/infra-as-code/bicep/modules/mgDiagSettings/generateddocs/mgDiagSettings.bicep.md
+++ b/infra-as-code/bicep/modules/mgDiagSettings/generateddocs/mgDiagSettings.bicep.md
@ -7,6 +7,7 @@ Module used to set up Diagnostic Settings for Management Groups
 Parameter name | Required | Description
 -------------- | -------- | -----------
 parLogAnalyticsWorkspaceResourceId | Yes      | Log Analytics Workspace Resource ID.
 parDiagnosticSettingsName | No       | Diagnostic Settings Name.
 parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment telemetry
 ### parLogAnalyticsWorkspaceResourceId
@ -15,6 +16,14 @@ parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment t
 Log Analytics Workspace Resource ID.
 ### parDiagnosticSettingsName
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 Diagnostic Settings Name.
 - Default value: `toLa`
 ### parTelemetryOptOut
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@ -38,6 +47,9 @@ Set Parameter to true to Opt-out of deployment telemetry
        "parLogAnalyticsWorkspaceResourceId": {
            "value": ""
        },
        "parDiagnosticSettingsName": {
            "value": "toLa"
        },
        "parTelemetryOptOut": {
            "value": false
        }
--- a/infra-as-code/bicep/modules/mgDiagSettings/mgDiagSettings.bicep
+++ b/infra-as-code/bicep/modules/mgDiagSettings/mgDiagSettings.bicep
@ -6,6 +6,9 @@ metadata description = 'Module used to set up Diagnostic Settings for Management
@sys.description('Log Analytics Workspace Resource ID.')
 param parLogAnalyticsWorkspaceResourceId string
@sys.description('Diagnostic Settings Name.')
 param parDiagnosticSettingsName string = 'toLa'
@sys.description('Set Parameter to true to Opt-out of deployment telemetry')
 param parTelemetryOptOut bool = false
@ -13,7 +16,7 @@ param parTelemetryOptOut bool = false
 var varCuaid = '5d17f1c2-f17b-4426-9712-0cd2652c4435'
 resource mgDiagSet 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
-  name: 'toLa'
+  name: parDiagnosticSettingsName
  properties: {
    workspaceId: parLogAnalyticsWorkspaceResourceId
    logs: [
--- a/infra-as-code/bicep/modules/mgDiagSettings/parameters/mgDiagSettings.parameters.all.json
+++ b/infra-as-code/bicep/modules/mgDiagSettings/parameters/mgDiagSettings.parameters.all.json
@ -5,6 +5,9 @@
    "parLogAnalyticsWorkspaceResourceId": {
      "value": ""
    },
    "parDiagnosticSettingsName": {
      "value": "toLa"
    },
    "parTelemetryOptOut": {
      "value": false
    }
--- a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep
+++ b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep
@ -3,6 +3,14 @@ targetScope = 'managementGroup'
 metadata name = 'ALZ Bicep - Management Group Policy Assignments'
 metadata description = 'Module used to assign policy definitions to management groups'
 type nonComplianceMessageType = {
  @description('The message to display when the policy is non-compliant.')
  message: string
  @description('The reference ID of the policy definition.')
  policyDefinitionReferenceId: string
 }[]
@minLength(1)
@maxLength(24)
@sys.description('The name of the policy assignment. e.g. "Deny-Public-IP"')
@ -24,7 +32,7 @@ param parPolicyAssignmentParameters object = {}
 param parPolicyAssignmentParameterOverrides object = {}
@sys.description('An array containing object/s for the non-compliance messages for the policy to be assigned. See https://docs.microsoft.com/en-us/azure/governance/policy/concepts/assignment-structure#non-compliance-messages for more details on use.')
-param parPolicyAssignmentNonComplianceMessages array = []
+param parPolicyAssignmentNonComplianceMessages nonComplianceMessageType = []
@sys.description('An array containing a list of scope Resource IDs to be excluded for the policy assignment. e.g. [\'/providers/Microsoft.Management/managementgroups/alz\', \'/providers/Microsoft.Management/managementgroups/alz-sandbox\' ].')
 param parPolicyAssignmentNotScopes array = []
--- a/infra-as-code/bicep/modules/vwanConnectivity/README.md
+++ b/infra-as-code/bicep/modules/vwanConnectivity/README.md
@ -17,6 +17,7 @@ Module deploys the following resources which can be configured by parameters:
 - [Parameters for Azure Commercial Cloud](generateddocs/vwanConnectivity.bicep.md)
 > **NOTE:** Within the `parVirtualWanHubs` parameter, the following keys (parVpnGatewayCustomName, parExpressRouteGatewayCustomName, parAzFirewallCustomName, and parVirtualWanHubCustomName) can be added to create custom names for the associated resources.
 > **NOTE:** Although there are generated parameter markdowns for Azure Commercial Cloud, this same module can still be used in Azure China. Example parameter are in the [parameters](./parameters/) folder.
 <!-- markdownlint-disable -->
--- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md
+++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md
@ -9,15 +9,15 @@ Parameter name | Required | Description
 parLocation    | No       | Region in which the resource group was created.
 parCompanyPrefix | No       | Prefix value which will be prepended to all resource names.
 parAzFirewallTier | No       | Azure Firewall Tier associated with the Firewall to deploy.
-parAzFirewallIntelMode | No       | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.
+parAzFirewallIntelMode | No       | The Azure Firewall Threat Intelligence Mode.
 parVirtualHubEnabled | No       | Switch to enable/disable Virtual Hub deployment.
 parAzFirewallDnsProxyEnabled | No       | Switch to enable/disable Azure Firewall DNS Proxy.
-parAzFirewallDnsServers | No       | Array of custom DNS servers used by Azure Firewall
+parAzFirewallDnsServers | No       | Array of custom DNS servers used by Azure Firewall.
 parVirtualWanName | No       | Prefix Used for Virtual WAN.
 parVirtualWanHubName | No       | Prefix Used for Virtual WAN Hub.
 parVirtualWanHubs | No       | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required.  - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`.  
-parVpnGatewayName | No       | Prefix Used for VPN Gateway.
+parVpnGatewayName | No       | VPN Gateway Name.
-parExpressRouteGatewayName | No       | Prefix Used for ExpressRoute Gateway.
+parExpressRouteGatewayName | No       | ExpressRoute Gateway Name.
 parAzFirewallName | No       | Azure Firewall Name.
 parAzFirewallAvailabilityZones | No       | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty.
 parAzFirewallPoliciesName | No       | Azure Firewall Policies Name.
@ -64,7 +64,7 @@ Azure Firewall Tier associated with the Firewall to deploy.
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
-The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.
+The Azure Firewall Threat Intelligence Mode.
 - Default value: `Alert`
@ -90,7 +90,7 @@ Switch to enable/disable Azure Firewall DNS Proxy.
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
-Array of custom DNS servers used by Azure Firewall
+Array of custom DNS servers used by Azure Firewall.
 ### parVirtualWanName
@ -129,7 +129,7 @@ Array Used for multiple Virtual WAN Hubs deployment. Each object in the array re
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
-Prefix Used for VPN Gateway.
+VPN Gateway Name.
 - Default value: `[format('{0}-vpngw', parameters('parCompanyPrefix'))]`
@ -137,7 +137,7 @@ Prefix Used for VPN Gateway.
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
-Prefix Used for ExpressRoute Gateway.
+ExpressRoute Gateway Name.
 - Default value: `[format('{0}-ergw', parameters('parCompanyPrefix'))]`
--- a/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep
+++ b/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep
@ -29,8 +29,8 @@ module minimum_vwan_conn '../vwanConnectivity.bicep' = {
        parAzFirewallEnabled: true
        parVirtualHubAddressPrefix: '10.100.0.0/23'
        parHubLocation: 'centralus'
-        parhubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute'
+        parHubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute'
-        parvirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50
+        parVirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50
        parVirtualHubRoutingIntentDestinations: []
      } ]
    parAzFirewallDnsProxyEnabled: true
--- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep
+++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep
@ -1,6 +1,46 @@
 metadata name = 'ALZ Bicep - Azure vWAN Connectivity Module'
 metadata description = 'Module used to set up vWAN Connectivity'
 type virtualWanOptionsType = ({
  @sys.description('Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub.')
  parVpnGatewayEnabled: bool
  @sys.description('Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub.')
  parExpressRouteGatewayEnabled: bool
  @sys.description('Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub.')
  parAzFirewallEnabled: bool
  @sys.description('The IP address range in CIDR notation for the vWAN virtual Hub to use.')
  parVirtualHubAddressPrefix: string
  @sys.description('The Virtual WAN Hub location.')
  parHubLocation: string
  @sys.description('The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`.')
  parHubRoutingPreference: ('ExpressRoute' | 'VpnGateway' | 'ASN')
  @sys.description('The Virtual WAN Hub capacity. The value should be between 2 to 50.')
  @minValue(2)
  @maxValue(50)
  parVirtualRouterAutoScaleConfiguration: int
  @sys.description('The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`.')
  parVirtualHubRoutingIntentDestinations: ('Internet' | 'PrivateTraffic')[]
  @sys.description('This parameter is used to specify a custom name for the VPN Gateway.')
  parVpnGatewayCustomName: string?
  @sys.description('This parameter is used to specify a custom name for the ExpressRoute Gateway.')
  parExpressRouteGatewayCustomName: string?
  @sys.description('This parameter is used to specify a custom name for the Azure Firewall.')
  parAzFirewallCustomName: string?
  @sys.description('This parameter is used to specify a custom name for the Virtual WAN Hub.')
  parVirtualWanHubCustomName: string?
 })[]
@sys.description('Region in which the resource group was created.')
 param parLocation string = resourceGroup().location
@ -15,7 +55,7 @@ param parCompanyPrefix string = 'alz'
 ])
 param parAzFirewallTier string = 'Standard'
-@sys.description('The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.')
+@sys.description('The Azure Firewall Threat Intelligence Mode.')
@allowed([
  'Alert'
  'Deny'
@ -29,7 +69,7 @@ param parVirtualHubEnabled bool = true
@sys.description('Switch to enable/disable Azure Firewall DNS Proxy.')
 param parAzFirewallDnsProxyEnabled bool = true
-@sys.description('Array of custom DNS servers used by Azure Firewall')
+@sys.description('Array of custom DNS servers used by Azure Firewall.')
 param parAzFirewallDnsServers array = []
@sys.description('Prefix Used for Virtual WAN.')
@ -50,22 +90,22 @@ param parVirtualWanHubName string = '${parCompanyPrefix}-vhub'
 - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`.
 ''')
-param parVirtualWanHubs array = [ {
+param parVirtualWanHubs virtualWanOptionsType = [ {
    parVpnGatewayEnabled: true
    parExpressRouteGatewayEnabled: true
    parAzFirewallEnabled: true
    parVirtualHubAddressPrefix: '10.100.0.0/23'
    parHubLocation: parLocation
-    parHubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute'.
+    parHubRoutingPreference: 'ExpressRoute'
-    parVirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50
+    parVirtualRouterAutoScaleConfiguration: 2
    parVirtualHubRoutingIntentDestinations: []
  }
 ]
-@sys.description('Prefix Used for VPN Gateway.')
+@sys.description('VPN Gateway Name.')
 param parVpnGatewayName string = '${parCompanyPrefix}-vpngw'
-@sys.description('Prefix Used for ExpressRoute Gateway.')
+@sys.description('ExpressRoute Gateway Name.')
 param parExpressRouteGatewayName string = '${parCompanyPrefix}-ergw'
@sys.description('Azure Firewall Name.')
@ -210,7 +250,7 @@ resource resVwan 'Microsoft.Network/virtualWans@2023-04-01' = {
 }
 resource resVhub 'Microsoft.Network/virtualHubs@2023-04-01' = [for hub in parVirtualWanHubs: if (parVirtualHubEnabled && !empty(hub.parVirtualHubAddressPrefix)) {
-  name: '${parVirtualWanHubName}-${hub.parHubLocation}'
+  name: hub.?parVirtualWanHubCustomName ?? '${parVirtualWanHubName}-${hub.parHubLocation}'
  location: hub.parHubLocation
  tags: parTags
  properties: {
@ -249,7 +289,7 @@ resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-04
 resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023-04-01' = [for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && hub.parAzFirewallEnabled && !empty(hub.parVirtualHubRoutingIntentDestinations)) {
  parent: resVhub[i]
-  name: '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent'
+  name: !empty(hub.?parVirtualWanHubCustomName) ? '${hub.parVirtualWanHubCustomName}-Routing-Intent' : '${parVirtualWanHubName}-${hub.parHubLocation}-Routing-Intent'
  properties: {
    routingPolicies: [for destination in hub.parVirtualHubRoutingIntentDestinations: {
      name: destination == 'Internet' ? 'PublicTraffic' : destination == 'PrivateTraffic' ? 'PrivateTraffic' : 'N/A'
@ -263,7 +303,7 @@ resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023-
 resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parVpnGatewayEnabled)) {
  dependsOn: resVhub
-  name: '${parVpnGatewayName}-${hub.parHubLocation}'
+  name: hub.?parVpnGatewayCustomName ?? '${parVpnGatewayName}-${hub.parHubLocation}'
  location: hub.parHubLocation
  tags: parTags
  properties: {
@ -281,7 +321,7 @@ resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i
 resource resErGateway 'Microsoft.Network/expressRouteGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parExpressRouteGatewayEnabled)) {
  dependsOn: resVhub
-  name: '${parExpressRouteGatewayName}-${hub.parHubLocation}'
+  name: hub.?parExpressRouteGatewayCustomName ?? '${parExpressRouteGatewayName}-${hub.parHubLocation}'
  location: hub.parHubLocation
  tags: parTags
  properties: {
@ -318,7 +358,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i
 }
 resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parAzFirewallEnabled)) {
-  name: '${parAzFirewallName}-${hub.parHubLocation}'
+  name: hub.?parAzFirewallCustomName ?? '${parAzFirewallName}-${hub.parHubLocation}'
  location: hub.parHubLocation
  tags: parTags
  zones: (!empty(parAzFirewallAvailabilityZones) ? parAzFirewallAvailabilityZones : null)
--- a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/generateddocs/mgDiagSettingsAll.bicep.md
+++ b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/generateddocs/mgDiagSettingsAll.bicep.md
@ -11,6 +11,7 @@ parTopLevelManagementGroupSuffix | No       | Optional suffix for the management
 parLandingZoneMgChildren | No       | Array of strings to allow additional or different child Management Groups of the Landing Zones Management Group.
 parPlatformMgChildren | No       | Array of strings to allow additional or different child Management Groups of the Platform Management Group.
 parLogAnalyticsWorkspaceResourceId | Yes      | Log Analytics Workspace Resource ID.
 parDiagnosticSettingsName | No       | Diagnostic Settings Name.
 parLandingZoneMgAlzDefaultsEnable | No       | Deploys Diagnostic Settings on Corp & Online Management Groups beneath Landing Zones Management Group if set to true.
 parPlatformMgAlzDefaultsEnable | No       | Deploys Diagnostic Settings on Management, Connectivity and Identity Management Groups beneath Platform Management Group if set to true.
 parLandingZoneMgConfidentialEnable | No       | Deploys Diagnostic Settings on Confidential Corp & Confidential Online Management Groups beneath Landing Zones Management Group if set to true.
@ -48,6 +49,14 @@ Array of strings to allow additional or different child Management Groups of the
 Log Analytics Workspace Resource ID.
 ### parDiagnosticSettingsName
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 Diagnostic Settings Name.
 - Default value: `toLa`
 ### parLandingZoneMgAlzDefaultsEnable
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@ -107,6 +116,9 @@ Set Parameter to true to Opt-out of deployment telemetry.
        "parLogAnalyticsWorkspaceResourceId": {
            "value": ""
        },
        "parDiagnosticSettingsName": {
            "value": "toLa"
        },
        "parLandingZoneMgAlzDefaultsEnable": {
            "value": true
        },
--- a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep
+++ b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep
@ -21,6 +21,9 @@ param parPlatformMgChildren array = []
@sys.description('Log Analytics Workspace Resource ID.')
 param parLogAnalyticsWorkspaceResourceId string
@sys.description('Diagnostic Settings Name.')
 param parDiagnosticSettingsName string = 'toLa'
@sys.description('Deploys Diagnostic Settings on Corp & Online Management Groups beneath Landing Zones Management Group if set to true.')
 param parLandingZoneMgAlzDefaultsEnable bool = true
@ -84,6 +87,7 @@ module modMgDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bicep' = [for m
  name: 'mg-diag-set-${mgId.value}'
  params: {
    parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId
    parDiagnosticSettingsName: parDiagnosticSettingsName
    parTelemetryOptOut: parTelemetryOptOut
  }
 }]
@ -94,6 +98,7 @@ module modMgLandingZonesDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bic
  name: 'mg-diag-set-${childMg.value}'
  params: {
    parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId
    parDiagnosticSettingsName: parDiagnosticSettingsName
    parTelemetryOptOut: parTelemetryOptOut
  }
 }]
@ -104,6 +109,7 @@ module modMgPlatformDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bicep'
  name: 'mg-diag-set-${childMg.value}'
  params: {
    parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId
    parDiagnosticSettingsName: parDiagnosticSettingsName
    parTelemetryOptOut: parTelemetryOptOut
  }
 }]
@ -114,6 +120,7 @@ module modMgChildrenDiagSet '../../modules/mgDiagSettings/mgDiagSettings.bicep'
  name: 'mg-diag-set-${childMg.mgId}'
  params: {
    parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId
    parDiagnosticSettingsName: parDiagnosticSettingsName
    parTelemetryOptOut: parTelemetryOptOut
  }
 }]
@ -124,6 +131,7 @@ module modPlatformMgChildrenDiagSet '../../modules/mgDiagSettings/mgDiagSettings
  name: 'mg-diag-set-${childMg.mgId}'
  params: {
    parLogAnalyticsWorkspaceResourceId: parLogAnalyticsWorkspaceResourceId
    parDiagnosticSettingsName: parDiagnosticSettingsName
    parTelemetryOptOut: parTelemetryOptOut
  }
 }]
--- a/infra-as-code/bicep/orchestration/mgDiagSettingsAll/parameters/mgDiagSettingsAll.parameters.all.json
+++ b/infra-as-code/bicep/orchestration/mgDiagSettingsAll/parameters/mgDiagSettingsAll.parameters.all.json
@ -20,6 +20,9 @@
    "parLogAnalyticsWorkspaceResourceId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/alz-logging/providers/microsoft.operationalinsights/workspaces/alz-log-analytics"
    },
    "parDiagnosticSettingsName": {
      "value": "toLa"
    },
    "parLandingZoneMgChildren": {
      "value": []
    },