From 4a8a6f57ddfe2ba776d9203e8d1e49c075f365f8 Mon Sep 17 00:00:00 2001 From: Marvin Buss <34542414+marvinbuss@users.noreply.github.com> Date: Wed, 8 Sep 2021 17:10:34 +0200 Subject: [PATCH] Add Option to select Firewall SKU (#793) * Added Stream Analytics Custom Policies * update to be consistent with eslz * synch with azure main * Added dataPolicies.json * * updated policy definition for private endpoints * removed policies from policies.json * added databricks policies * removed single policy definition files * removed initiatives resource * Add Option to select Firewall SKU * added docs * updated label for firewall sku * updating azure firewall tier tooltip --- docs/wiki/Whats-new.md | 18 +++++++++++++ eslzArm/eslz-portal.json | 27 +++++++++++++++++++ eslzArm/eslzArm.json | 20 ++++++++++++++ .../hubspoke-connectivity.json | 12 +++++++++ .../vwan-connectivity.json | 10 ++++++- 5 files changed, 86 insertions(+), 1 deletion(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index b32bdae4..e40c99cb 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -30,6 +30,24 @@ This article will be updated as and when changes are made to the above and anyth Here's what's changed in Enterprise Scale: +### September 2021 + +#### Docs + +- *No updates, yet.* + +#### Tooling + +- Added Option to select Azure Firewall SKU (https://github.com/Azure/Enterprise-Scale/pull/793) + +### Policy + +- *No updates, yet.* + +### Other + +- *No updates, yet.* + ### August 2021 #### Docs diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json index 685344d8..0a5c9f07 100644 --- a/eslzArm/eslz-portal.json +++ b/eslzArm/eslz-portal.json @@ -1463,6 +1463,32 @@ ] } }, + { + "name": "esAzFwSku", + "type": "Microsoft.Common.DropDown", + "label": "Select Azure Firewall tier", + "defaultValue": "Standard", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[equals(steps('esConnectivityGoalState').esAzFw, 'Yes')]", + "toolTip": "Select Azure Firewall tier", + "constraints": { + "allowedValues": [ + { + "label": "Standard", + "description": "Standard Azure Firewall", + "value": "Standard" + }, + { + "label": "Premium", + "description": "Premium Azure Firewall adds support for TLS inspection, IDPS, URL filtering and web categories.", + "value": "Premium" + } + ] + } + }, { "name": "esFwAz", "type": "Microsoft.Common.DropDown", @@ -2311,6 +2337,7 @@ "enableVmMonitoring": "[steps('lzGoalState').esVmMonitoring]", "enableVmssMonitoring": "[steps('lzGoalState').esVmssMonitoring]", "vpnOrErZones": "[steps('esConnectivityGoalState').esGwRegionalOrAz]", + "firewallSku": "[steps('esConnectivityGoalState').esAzFwSku]", "firewallZones": "[steps('esConnectivityGoalState').esFwAz]", "paToken": "[steps('lzDevOps').esPaToken]", "principalId": "[steps('lzDevOps').spnSection.esServicePrincipal.objectId]", diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index 4af83ed6..7fad607c 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -503,6 +503,14 @@ "type": "string", "defaultValue": "" }, + "firewallSku": { + "type": "string", + "allowedValues": [ + "Standard", + "Premium" + ], + "defaultValue": "Standard" + }, "firewallZones": { "type": "array", "defaultValue": [] @@ -1442,6 +1450,9 @@ "subnetMaskForGw": { "value": "[parameters('subnetMaskForGw')]" }, + "firewallSku": { + "value": "[parameters('firewallSku')]" + }, "firewallZones": { "value": "[parameters('firewallZones')]" }, @@ -1575,6 +1586,9 @@ "enableAzFw": { "value": "[parameters('enableAzFw')]" }, + "firewallSku": { + "value": "[parameters('firewallSku')]" + }, "addressPrefix": { "value": "[parameters('addressPrefix')]" }, @@ -3141,6 +3155,9 @@ "subnetMaskForGw": { "value": "[parameters('subnetMaskForGw')]" }, + "firewallSku": { + "value": "[parameters('firewallSku')]" + }, "firewallZones": { "value": "[parameters('firewallZones')]" }, @@ -3278,6 +3295,9 @@ "enableAzFw": { "value": "[parameters('enableAzFw')]" }, + "firewallSku": { + "value": "[parameters('firewallSku')]" + }, "addressPrefix": { "value": "[parameters('addressPrefix')]" }, diff --git a/eslzArm/subscriptionTemplates/hubspoke-connectivity.json b/eslzArm/subscriptionTemplates/hubspoke-connectivity.json index 8b9a6e4d..cb1a4c04 100644 --- a/eslzArm/subscriptionTemplates/hubspoke-connectivity.json +++ b/eslzArm/subscriptionTemplates/hubspoke-connectivity.json @@ -111,6 +111,14 @@ "description": "Provide subnet for VPN/ER." } }, + "firewallSku": { + "type": "string", + "allowedValues": [ + "Standard", + "Premium" + ], + "defaultValue": "Standard" + }, "firewallZones": { "type": "array", "defaultValue": [] @@ -410,6 +418,10 @@ "[concat('Microsoft.Network/virtualNetworks/', variables('hubName'))]" ], "properties": { + "sku": { + "name": "AZFW_VNet", + "tier": "[parameters('firewallSku')]" + }, "ipConfigurations": [ { "name": "[variables('azFwIpName')]", diff --git a/eslzArm/subscriptionTemplates/vwan-connectivity.json b/eslzArm/subscriptionTemplates/vwan-connectivity.json index fc117d91..09bfc2dc 100644 --- a/eslzArm/subscriptionTemplates/vwan-connectivity.json +++ b/eslzArm/subscriptionTemplates/vwan-connectivity.json @@ -41,6 +41,14 @@ ], "defaultValue": "No" }, + "firewallSku": { + "type": "string", + "allowedValues": [ + "Standard", + "Premium" + ], + "defaultValue": "Standard" + }, "enableVpnGw": { "type": "string", "allowedValues": [ @@ -198,7 +206,7 @@ "properties": { "sku": { "Name": "AZFW_Hub", - "Tier": "Standard" + "Tier": "[parameters('firewallSku')]" }, "hubIPAddresses": { "publicIPs": {