From d02f904ea2cff75b787e651d1c56c22bff1d2600 Mon Sep 17 00:00:00 2001 From: rozkurt <72864397+rozkurt@users.noreply.github.com> Date: Sun, 7 Jan 2024 13:23:15 +0100 Subject: [PATCH] Portal update Private DNS Zone enablement to include a dropdown of services (#1505) Co-authored-by: Recep Ozkurt Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Sacha Narinx Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com> --- docs/wiki/Whats-new.md | 7 + eslzArm/eslz-portal.json | 548 +++++++++++++++++- eslzArm/eslzArm.json | 157 ++--- .../policyDefinitions/policies.json | 4 +- .../customRoleDefinitions.json | 4 +- 5 files changed, 581 insertions(+), 139 deletions(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 61c10919..f69986b0 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -1,6 +1,7 @@ ## In this Section - [Updates](#updates) + - [January 2024](#january-2024) - [December 2023](#december-2023) - [November 2023](#november-2023) - [October 2023](#october-2023) @@ -40,6 +41,12 @@ This article will be updated as and when changes are made to the above and anyth Here's what's changed in Enterprise Scale/Azure Landing Zones: +### January 2024 + +#### Tooling + +- Added drop down selection option for Azure Private Link Private DNS Zones as part of portal based ALZ deployment experience where you can select to deploy or not to deploy a subset of Private Link Private DNS zones. + ### December 2023 #### Tooling diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json index 6baf43b2..edc9da0a 100644 --- a/eslzArm/eslz-portal.json +++ b/eslzArm/eslz-portal.json @@ -1279,7 +1279,7 @@ "label": "Create Private DNS Zones for Azure PaaS services", "defaultValue": "Yes (recommended)", "visible": "[or(equals(steps('connectivity').enableHub, 'vhub'), equals(steps('connectivity').enableHub, 'nva'))]", - "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will create Private DNS Zones for Azure PaaS services", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will create Private DNS Zones for Azure PaaS services based on your selection below", "constraints": { "allowedValues": [ { @@ -1293,6 +1293,503 @@ ] } }, + { + "name": "privateDnsZones", + "type": "Microsoft.Common.DropDown", + "label": "Select Private DNS Zones to create", + "multiselect": true, + "selectAll": true, + "filter": true, + "multiLine": true, + "defaultValue": [ + { + "value": "privatelink.regionGeoShortCode.backup.windowsazure.com" + }, + { + "value": "[format('privatelink.{0}.azmk8s.io', toLower(steps('connectivity').connectivityLocation))]" + }, + { + "value": "[format('privatelink.{0}.batch.azure.com', toLower(steps('connectivity').connectivityLocation))]" + }, + { + "value": "[format('privatelink.{0}.kusto.windows.net', toLower(steps('connectivity').connectivityLocation))]" + }, + { + "value": "privatelink.adf.azure.com" + }, + { + "value": "privatelink.afs.azure.net" + }, + { + "value": "privatelink.agentsvc.azure-automation.net" + }, + { + "value": "privatelink.analysis.windows.net" + }, + { + "value": "privatelink.api.azureml.ms" + }, + { + "value": "privatelink.azconfig.io" + }, + { + "value": "privatelink.azure-api.net" + }, + { + "value": "privatelink.azure-automation.net" + }, + { + "value": "privatelink.azurecr.io" + }, + { + "value": "privatelink.azure-devices.net" + }, + { + "value": "privatelink.azure-devices-provisioning.net" + }, + { + "value": "privatelink.azuredatabricks.net" + }, + { + "value": "privatelink.azurehdinsight.net" + }, + { + "value": "privatelink.azurehealthcareapis.com" + }, + { + "value": "privatelink.azurestaticapps.net" + }, + { + "value": "privatelink.azuresynapse.net" + }, + { + "value": "privatelink.azurewebsites.net" + }, + { + "value": "privatelink.batch.azure.com" + }, + { + "value": "privatelink.blob.core.windows.net" + }, + { + "value": "privatelink.cassandra.cosmos.azure.com" + }, + { + "value": "privatelink.cognitiveservices.azure.com" + }, + { + "value": "privatelink.database.windows.net" + }, + { + "value": "privatelink.datafactory.azure.net" + }, + { + "value": "privatelink.dev.azuresynapse.net" + }, + { + "value": "privatelink.dfs.core.windows.net" + }, + { + "value": "privatelink.dicom.azurehealthcareapis.com" + }, + { + "value": "privatelink.digitaltwins.azure.net" + }, + { + "value": "privatelink.directline.botframework.com" + }, + { + "value": "privatelink.documents.azure.com" + }, + { + "value": "privatelink.eventgrid.azure.net" + }, + { + "value": "privatelink.file.core.windows.net" + }, + { + "value": "privatelink.gremlin.cosmos.azure.com" + }, + { + "value": "privatelink.guestconfiguration.azure.com" + }, + { + "value": "privatelink.his.arc.azure.com" + }, + { + "value": "privatelink.kubernetesconfiguration.azure.com" + }, + { + "value": "privatelink.managedhsm.azure.net" + }, + { + "value": "privatelink.mariadb.database.azure.com" + }, + { + "value": "privatelink.media.azure.net" + }, + { + "value": "privatelink.mongo.cosmos.azure.com" + }, + { + "value": "privatelink.monitor.azure.com" + }, + { + "value": "privatelink.mysql.database.azure.com" + }, + { + "value": "privatelink.notebooks.azure.net" + }, + { + "value": "privatelink.ods.opinsights.azure.com" + }, + { + "value": "privatelink.oms.opinsights.azure.com" + }, + { + "value": "privatelink.pbidedicated.windows.net" + }, + { + "value": "privatelink.postgres.database.azure.com" + }, + { + "value": "privatelink.prod.migration.windowsazure.com" + }, + { + "value": "privatelink.purview.azure.com" + }, + { + "value": "privatelink.purviewstudio.azure.com" + }, + { + "value": "privatelink.queue.core.windows.net" + }, + { + "value": "privatelink.redis.cache.windows.net" + }, + { + "value": "privatelink.redisenterprise.cache.azure.net" + }, + { + "value": "privatelink.search.windows.net" + }, + { + "value": "privatelink.service.signalr.net" + }, + { + "value": "privatelink.servicebus.windows.net" + }, + { + "value": "privatelink.siterecovery.windowsazure.com" + }, + { + "value": "privatelink.sql.azuresynapse.net" + }, + { + "value": "privatelink.table.core.windows.net" + }, + { + "value": "privatelink.table.cosmos.azure.com" + }, + { + "value": "privatelink.tip1.powerquery.microsoft.com" + }, + { + "value": "privatelink.token.botframework.com" + }, + { + "value": "privatelink.vaultcore.azure.net" + }, + { + "value": "privatelink.web.core.windows.net" + }, + { + "value": "privatelink.webpubsub.azure.com" + } + ], + "visible": "[and(or(equals(steps('connectivity').enableHub, 'vhub'), equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enablePrivateDnsZones,'No')))]", + "toolTip": "Select each Private DNS Zone to create which will offer DNS integration with Azure PaaS services where you enable private endpoints.", + "constraints": { + "allowedValues": [ + { + "label": "privatelink.regionGeoShortCode.backup.windowsazure.com", + "value": "privatelink.regionGeoShortCode.backup.windowsazure.com", + "description": "This Private DNS Zone contains an Azure Region's geo short code (e.g. 'uksouth' is 'uks' - list available here) that is based on the region selected above for your hub." + }, + { + "label": "privatelink.region.azmk8s.io", + "value": "[format('privatelink.{0}.azmk8s.io', toLower(steps('connectivity').connectivityLocation))]", + "description": "This Private DNS Zone contains the Azure Region's short name (e.g. 'uksouth') that is based on the region selected above for your hub." + }, + { + "label": "privatelink.region.batch.azure.com", + "value": "[format('privatelink.{0}.batch.azure.com', toLower(steps('connectivity').connectivityLocation))]", + "description": "This Private DNS Zone contains the Azure Region's short name (e.g. 'uksouth') that is based on the region selected above for your hub." + }, + { + "label": "privatelink.region.kusto.windows.net", + "value": "[format('privatelink.{0}.kusto.windows.net', toLower(steps('connectivity').connectivityLocation))]", + "description": "This Private DNS Zone contains the Azure Region's short name (e.g. 'uksouth') that is based on the region selected above for your hub." + }, + { + "label": "privatelink.adf.azure.com", + "value": "privatelink.adf.azure.com" + }, + { + "label": "privatelink.afs.azure.net", + "value": "privatelink.afs.azure.net" + }, + { + "label": "privatelink.agentsvc.azure-automation.net", + "value": "privatelink.agentsvc.azure-automation.net" + }, + { + "label": "privatelink.analysis.windows.net", + "value": "privatelink.analysis.windows.net" + }, + { + "label": "privatelink.api.azureml.ms", + "value": "privatelink.api.azureml.ms" + }, + { + "label": "privatelink.azconfig.io", + "value": "privatelink.azconfig.io" + }, + { + "label": "privatelink.azure-api.net", + "value": "privatelink.azure-api.net" + }, + { + "label": "privatelink.azure-automation.net", + "value": "privatelink.azure-automation.net" + }, + { + "label": "privatelink.azurecr.io", + "value": "privatelink.azurecr.io" + }, + { + "label": "privatelink.azure-devices.net", + "value": "privatelink.azure-devices.net" + }, + { + "label": "privatelink.azure-devices-provisioning.net", + "value": "privatelink.azure-devices-provisioning.net" + }, + { + "label": "privatelink.azuredatabricks.net", + "value": "privatelink.azuredatabricks.net" + }, + { + "label": "privatelink.azurehdinsight.net", + "value": "privatelink.azurehdinsight.net" + }, + { + "label": "privatelink.azurehealthcareapis.com", + "value": "privatelink.azurehealthcareapis.com" + }, + { + "label": "privatelink.azurestaticapps.net", + "value": "privatelink.azurestaticapps.net" + }, + { + "label": "privatelink.azuresynapse.net", + "value": "privatelink.azuresynapse.net" + }, + { + "label": "privatelink.azurewebsites.net", + "value": "privatelink.azurewebsites.net" + }, + { + "label": "privatelink.batch.azure.com", + "value": "privatelink.batch.azure.com" + }, + { + "label": "privatelink.blob.core.windows.net", + "value": "privatelink.blob.core.windows.net" + }, + { + "label": "privatelink.cassandra.cosmos.azure.com", + "value": "privatelink.cassandra.cosmos.azure.com" + }, + { + "label": "privatelink.cognitiveservices.azure.com", + "value": "privatelink.cognitiveservices.azure.com" + }, + { + "label": "privatelink.database.windows.net", + "value": "privatelink.database.windows.net" + }, + { + "label": "privatelink.datafactory.azure.net", + "value": "privatelink.datafactory.azure.net" + }, + { + "label": "privatelink.dev.azuresynapse.net", + "value": "privatelink.dev.azuresynapse.net" + }, + { + "label": "privatelink.dfs.core.windows.net", + "value": "privatelink.dfs.core.windows.net" + }, + { + "label": "privatelink.dicom.azurehealthcareapis.com", + "value": "privatelink.dicom.azurehealthcareapis.com" + }, + { + "label": "privatelink.digitaltwins.azure.net", + "value": "privatelink.digitaltwins.azure.net" + }, + { + "label": "privatelink.directline.botframework.com", + "value": "privatelink.directline.botframework.com" + }, + { + "label": "privatelink.documents.azure.com", + "value": "privatelink.documents.azure.com" + }, + { + "label": "privatelink.eventgrid.azure.net", + "value": "privatelink.eventgrid.azure.net" + }, + { + "label": "privatelink.file.core.windows.net", + "value": "privatelink.file.core.windows.net" + }, + { + "label": "privatelink.gremlin.cosmos.azure.com", + "value": "privatelink.gremlin.cosmos.azure.com" + }, + { + "label": "privatelink.guestconfiguration.azure.com", + "value": "privatelink.guestconfiguration.azure.com" + }, + { + "label": "privatelink.his.arc.azure.com", + "value": "privatelink.his.arc.azure.com" + }, + { + "label": "privatelink.kubernetesconfiguration.azure.com", + "value": "privatelink.kubernetesconfiguration.azure.com" + }, + { + "label": "privatelink.managedhsm.azure.net", + "value": "privatelink.managedhsm.azure.net" + }, + { + "label": "privatelink.mariadb.database.azure.com", + "value": "privatelink.mariadb.database.azure.com" + }, + { + "label": "privatelink.media.azure.net", + "value": "privatelink.media.azure.net" + }, + { + "label": "privatelink.mongo.cosmos.azure.com", + "value": "privatelink.mongo.cosmos.azure.com" + }, + { + "label": "privatelink.monitor.azure.com", + "value": "privatelink.monitor.azure.com" + }, + { + "label": "privatelink.mysql.database.azure.com", + "value": "privatelink.mysql.database.azure.com" + }, + { + "label": "privatelink.notebooks.azure.net", + "value": "privatelink.notebooks.azure.net" + }, + { + "label": "privatelink.ods.opinsights.azure.com", + "value": "privatelink.ods.opinsights.azure.com" + }, + { + "label": "privatelink.oms.opinsights.azure.com", + "value": "privatelink.oms.opinsights.azure.com" + }, + { + "label": "privatelink.pbidedicated.windows.net", + "value": "privatelink.pbidedicated.windows.net" + }, + { + "label": "privatelink.postgres.database.azure.com", + "value": "privatelink.postgres.database.azure.com" + }, + { + "label": "privatelink.prod.migration.windowsazure.com", + "value": "privatelink.prod.migration.windowsazure.com" + }, + { + "label": "privatelink.purview.azure.com", + "value": "privatelink.purview.azure.com" + }, + { + "label": "privatelink.purviewstudio.azure.com", + "value": "privatelink.purviewstudio.azure.com" + }, + { + "label": "privatelink.queue.core.windows.net", + "value": "privatelink.queue.core.windows.net" + }, + { + "label": "privatelink.redis.cache.windows.net", + "value": "privatelink.redis.cache.windows.net" + }, + { + "label": "privatelink.redisenterprise.cache.azure.net", + "value": "privatelink.redisenterprise.cache.azure.net" + }, + { + "label": "privatelink.search.windows.net", + "value": "privatelink.search.windows.net" + }, + { + "label": "privatelink.service.signalr.net", + "value": "privatelink.service.signalr.net" + }, + { + "label": "privatelink.servicebus.windows.net", + "value": "privatelink.servicebus.windows.net" + }, + { + "label": "privatelink.siterecovery.windowsazure.com", + "value": "privatelink.siterecovery.windowsazure.com" + }, + { + "label": "privatelink.sql.azuresynapse.net", + "value": "privatelink.sql.azuresynapse.net" + }, + { + "label": "privatelink.table.core.windows.net", + "value": "privatelink.table.core.windows.net" + }, + { + "label": "privatelink.table.cosmos.azure.com", + "value": "privatelink.table.cosmos.azure.com" + }, + { + "label": "privatelink.tip1.powerquery.microsoft.com", + "value": "privatelink.tip1.powerquery.microsoft.com" + }, + { + "label": "privatelink.token.botframework.com", + "value": "privatelink.token.botframework.com" + }, + { + "label": "privatelink.vaultcore.azure.net", + "value": "privatelink.vaultcore.azure.net" + }, + { + "label": "privatelink.web.core.windows.net", + "value": "privatelink.web.core.windows.net" + }, + { + "label": "privatelink.webpubsub.azure.com", + "value": "privatelink.webpubsub.azure.com" + } + ] + } + }, { "name": "enableVpnGw", "type": "Microsoft.Common.OptionsGroup", @@ -1998,7 +2495,7 @@ "type": "Microsoft.Common.OptionsGroup", "label": "Select Yes if you want to enable routing intent policy to apply on Internet Traffic", "defaultValue": "No", - "visible":"[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'),equals(steps('connectivity').enablevWANRoutingIntent, 'Yes'))]", + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'),equals(steps('connectivity').enablevWANRoutingIntent, 'Yes'))]", "toolTip": "Enable vWAN Routing Intent for Internet Traffic", "constraints": { "allowedValues": [ @@ -2009,7 +2506,7 @@ { "label": "No", "value": "No" - } + } ] } }, @@ -2018,7 +2515,7 @@ "type": "Microsoft.Common.OptionsGroup", "label": "Select Yes if you want to enable routing intent policy to apply on Private Traffic", "defaultValue": "No", - "visible":"[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'),equals(steps('connectivity').enablevWANRoutingIntent, 'Yes'))]", + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'),equals(steps('connectivity').enablevWANRoutingIntent, 'Yes'))]", "toolTip": "Enable vWAN Routing Intent for Private Traffic", "constraints": { "allowedValues": [ @@ -2029,7 +2526,7 @@ { "label": "No", "value": "No" - } + } ] } }, @@ -2042,24 +2539,24 @@ "selectAll": false, "filter": false, "multiLine": true, - "visible":"[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')))]", - "toolTip":"Preference used in selecting best path when the virtual hub learns multiple paths to the same destination route-prefix.Virtual hub routing preference.", - "constraints":{ - "allowedValues":[ + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')))]", + "toolTip": "Preference used in selecting best path when the virtual hub learns multiple paths to the same destination route-prefix.Virtual hub routing preference.", + "constraints": { + "allowedValues": [ { - "label":"ExpressRoute (default)", - "description":"ExpressRoute is the preferred path. (default)", - "value":"ExpressRoute" + "label": "ExpressRoute (default)", + "description": "ExpressRoute is the preferred path. (default)", + "value": "ExpressRoute" }, { - "label":"VPN", - "description":"VPN is the preferred path", - "value":"VpnGateway" + "label": "VPN", + "description": "VPN is the preferred path", + "value": "VpnGateway" }, { - "label":"AS Path", - "description":"AS Path is the preferred path", - "value":"ASPath" + "label": "AS Path", + "description": "AS Path is the preferred path", + "value": "ASPath" } ] } @@ -2073,7 +2570,7 @@ "selectAll": false, "filter": false, "multiLine": true, - "visible":"[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')))]", + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')))]", "toolTip": "Routing infrastructure units determine the minimum throughput of the Virtual WAN hub router and the number of Virtual Machines that can be deployed in Virtual Networks connected to the Virtual WAN hub. Two routing infrastructure units are included at no extra cost with a deployment of a hub.Virtual Hub Capacity.", "constraints": { "allowedValues": [ @@ -3482,6 +3979,7 @@ "connectivityLocation": "[steps('connectivity').connectivityLocation]", "enableDdoS": "[steps('connectivity').enableDdoS]", "enablePrivateDnsZones": "[steps('connectivity').enablePrivateDnsZones]", + "privateDnsZonesToDeploy": "[steps('connectivity').privateDnsZones]", "enableVpnGw": "[steps('connectivity').enableVpnGw]", "gwRegionalOrAz": "[steps('connectivity').gwRegionalOrAz]", "enableVpnActiveActive": "[steps('connectivity').enableVpnActiveActive]", @@ -3501,11 +3999,11 @@ "firewallZones": "[steps('connectivity').firewallZones]", "subnetMaskForAzFw": "[steps('connectivity').subnetMaskForAzFw]", "subnetMaskForAzFwMgmt": "[steps('connectivity').subnetMaskForAzFwMgmt]", - "enablevWANRoutingIntent":"[steps('connectivity').enablevWANRoutingIntent]", - "internetTrafficRoutingPolicy":"[if(equals(steps('connectivity').vWANRoutingIntentforInternetTraffic, 'Yes'), 'true', 'false')]", - "privateTrafficRoutingPolicy":"[if(equals(steps('connectivity').vWANRoutingIntentforPrivateTraffic, 'Yes'), 'true', 'false')]", - "vWANHubRoutingPreference":"[steps('connectivity').vWANHubRoutingPreference]", - "vWANHubCapacity":"[steps('connectivity').vWANHubCapacity]", + "enablevWANRoutingIntent": "[steps('connectivity').enablevWANRoutingIntent]", + "internetTrafficRoutingPolicy": "[if(equals(steps('connectivity').vWANRoutingIntentforInternetTraffic, 'Yes'), 'true', 'false')]", + "privateTrafficRoutingPolicy": "[if(equals(steps('connectivity').vWANRoutingIntentforPrivateTraffic, 'Yes'), 'true', 'false')]", + "vWANHubRoutingPreference": "[steps('connectivity').vWANHubRoutingPreference]", + "vWANHubCapacity": "[steps('connectivity').vWANHubCapacity]", "identitySubscriptionId": "[if(or(not(equals(steps('identity').esIdentitySubSection.esIdentitySub,steps('management').esMgmtSubSection.esMgmtSub)),not(equals(steps('identity').esIdentitySubSection.esIdentitySub,steps('connectivity').esNwSubSection.esNwSub))),steps('identity').esIdentitySubSection.esIdentitySub,'')]", "denyMgmtPortsForIdentity": "[steps('identity').denyMgmtPortsForIdentity]", "denySubnetWithoutNsgForIdentity": "[steps('identity').denySubnetWithoutNsgForIdentity]", @@ -3546,4 +4044,4 @@ "location": "[steps('basics').resourceScope.location.name]" } } -} \ No newline at end of file +} diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index c5806bbf..81e783f1 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -348,6 +348,10 @@ "No" ] }, + "privateDnsZonesToDeploy": { + "type": "array", + "defaultValue": [] + }, "enableVpnGw": { "type": "string", "defaultValue": "No", @@ -455,41 +459,41 @@ "type": "string", "defaultValue": "" }, - "enablevWANRoutingIntent":{ + "enablevWANRoutingIntent": { "type": "string", "allowedValues": [ "Yes", "No" ], "defaultValue": "No" - }, + }, "internetTrafficRoutingPolicy": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Enable vWAN Routing Intent and Policy for Internet Traffic" - } + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Enable vWAN Routing Intent and Policy for Internet Traffic" + } }, "privateTrafficRoutingPolicy": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Enable vWAN Routing Intent and Policy for Private Traffic" - } + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Enable vWAN Routing Intent and Policy for Private Traffic" + } }, "vWANHubRoutingPreference": { "type": "string", "defaultValue": "ExpressRoute", "metadata": { "description": "vWAN Hub Routing Preference" - } + } }, "vWANHubCapacity": { "type": "string", "defaultValue": "2", "metadata": { "description": "vWAN Hub Capacity" - } + } }, "identitySubscriptionId": { "type": "string", @@ -1091,75 +1095,7 @@ "ddosForConnectivity": "[take(guid(concat(parameters('enterpriseScaleCompanyPrefix'), 'ddos')), 10)]", "backupForIdentity": "[take(guid(concat(parameters('enterpriseScaleCompanyPrefix'), 'idbackup')), 10)]" }, - "privateDnsZones": [ - "[format('privatelink.{0}.azmk8s.io', toLower(parameters('connectivityLocation')))]", - "[format('privatelink.{0}.batch.azure.com', toLower(parameters('connectivityLocation')))]", - "[format('privatelink.{0}.kusto.windows.net', toLower(parameters('connectivityLocation')))]", - "privatelink.adf.azure.com", - "privatelink.afs.azure.net", - "privatelink.agentsvc.azure-automation.net", - "privatelink.analysis.windows.net", - "privatelink.api.azureml.ms", - "privatelink.azconfig.io", - "privatelink.azure-api.net", - "privatelink.azure-automation.net", - "privatelink.azurecr.io", - "privatelink.azure-devices.net", - "privatelink.azure-devices-provisioning.net", - "privatelink.azuredatabricks.net", - "privatelink.azurehdinsight.net", - "privatelink.azurehealthcareapis.com", - "privatelink.azurestaticapps.net", - "privatelink.azuresynapse.net", - "privatelink.azurewebsites.net", - "privatelink.batch.azure.com", - "privatelink.blob.core.windows.net", - "privatelink.cassandra.cosmos.azure.com", - "privatelink.cognitiveservices.azure.com", - "privatelink.database.windows.net", - "privatelink.datafactory.azure.net", - "privatelink.dev.azuresynapse.net", - "privatelink.dfs.core.windows.net", - "privatelink.dicom.azurehealthcareapis.com", - "privatelink.digitaltwins.azure.net", - "privatelink.directline.botframework.com", - "privatelink.documents.azure.com", - "privatelink.eventgrid.azure.net", - "privatelink.file.core.windows.net", - "privatelink.gremlin.cosmos.azure.com", - "privatelink.guestconfiguration.azure.com", - "privatelink.his.arc.azure.com", - "privatelink.kubernetesconfiguration.azure.com", - "privatelink.managedhsm.azure.net", - "privatelink.mariadb.database.azure.com", - "privatelink.media.azure.net", - "privatelink.mongo.cosmos.azure.com", - "privatelink.monitor.azure.com", - "privatelink.mysql.database.azure.com", - "privatelink.notebooks.azure.net", - "privatelink.ods.opinsights.azure.com", - "privatelink.oms.opinsights.azure.com", - "privatelink.pbidedicated.windows.net", - "privatelink.postgres.database.azure.com", - "privatelink.prod.migration.windowsazure.com", - "privatelink.purview.azure.com", - "privatelink.purviewstudio.azure.com", - "privatelink.queue.core.windows.net", - "privatelink.redis.cache.windows.net", - "privatelink.redisenterprise.cache.azure.net", - "privatelink.search.windows.net", - "privatelink.service.signalr.net", - "privatelink.servicebus.windows.net", - "privatelink.siterecovery.windowsazure.com", - "privatelink.sql.azuresynapse.net", - "privatelink.table.core.windows.net", - "privatelink.table.cosmos.azure.com", - "privatelink.tip1.powerquery.microsoft.com", - "privatelink.token.botframework.com", - "privatelink.vaultcore.azure.net", - "privatelink.web.core.windows.net", - "privatelink.webpubsub.azure.com" - ], + "privateDnsZones": "[array(parameters('privateDnsZonesToDeploy'))]", "azBackupGeoCodes": { "australiacentral": "acl", "australiacentral2": "acl2", @@ -1230,7 +1166,8 @@ "germanycentral": "gec", "germanynortheast": "gne" }, - "privateDnsZonesMerge": "[if(contains(variables('azBackupGeoCodes'), parameters('connectivityLocation')), union(variables('privateDnsZones'), createArray(format('privatelink.{0}.backup.windowsazure.com', variables('azBackupGeoCodes')[toLower(parameters('connectivityLocation'))]))), variables('privateDnsZones'))]", + "privateDnsZonesMerge": "[if(and(contains(variables('azBackupGeoCodes'), parameters('connectivityLocation')), contains(variables('privateDnsZones'), 'privatelink.regionGeoShortCode.backup.windowsazure.com')), union(createArray(replace(variables('privateDnsZones')[0], '.regionGeoShortCode.', concat('.', variables('azBackupGeoCodes')[toLower(parameters('connectivityLocation'))], '.'))), variables('privateDnsZones')), variables('privateDnsZones'))]", + "privateDnsZonesMergedWithBackupPlaceholderRemoved": "[filter(variables('privateDnsZonesMerge'), lambda('i', not(equals(lambdaVariables('i'), 'privatelink.regionGeoShortCode.backup.windowsazure.com'))))]", "roleDefinitions": { "networkContributor": "4d97b98b-1d4f-4787-a291-c67834d212e7" }, @@ -2440,20 +2377,20 @@ "vpnGateWayScaleUnit": { "value": "[parameters('vpnGateWayScaleUnit')]" }, - "enablevWANRoutingIntent":{ - "value":"[parameters('enablevWANRoutingIntent')]" + "enablevWANRoutingIntent": { + "value": "[parameters('enablevWANRoutingIntent')]" }, - "internetTrafficRoutingPolicy":{ - "value":"[parameters('internetTrafficRoutingPolicy')]" + "internetTrafficRoutingPolicy": { + "value": "[parameters('internetTrafficRoutingPolicy')]" }, - "privateTrafficRoutingPolicy":{ - "value":"[parameters('privateTrafficRoutingPolicy')]" + "privateTrafficRoutingPolicy": { + "value": "[parameters('privateTrafficRoutingPolicy')]" }, - "vWANHubRoutingPreference":{ - "value":"[parameters('vWANHubRoutingPreference')]" + "vWANHubRoutingPreference": { + "value": "[parameters('vWANHubRoutingPreference')]" }, - "vWanHubCapacity":{ - "value":"[parameters('vWANHubCapacity')]" + "vWanHubCapacity": { + "value": "[parameters('vWANHubCapacity')]" } } } @@ -2511,7 +2448,7 @@ ], "copy": { "name": "dnsZones", - "count": "[length(variables('privateDnsZonesMerge'))]" + "count": "[length(variables('privateDnsZonesMergedWithBackupPlaceholderRemoved'))]" }, "properties": { "mode": "Incremental", @@ -2521,7 +2458,7 @@ }, "parameters": { "privateDnsZoneName": { - "value": "[concat(variables('privateDnsZonesMerge')[copyIndex()])]" + "value": "[concat(variables('privateDnsZonesMergedWithBackupPlaceholderRemoved')[copyIndex()])]" }, "connectivityHubResourceId": { "value": "[variables('platformResourceIds').vNetHubResourceId]" @@ -3068,7 +3005,7 @@ "value": "[parameters('enterpriseScaleCompanyPrefix')]" }, "privateLinkDnsZones": { - "value": "[variables('privateDnsZonesMerge')]" + "value": "[variables('privateDnsZonesMergedWithBackupPlaceholderRemoved')]" }, "enforcementMode": { "value": "[if(equals(parameters('auditPeDnsZones'), 'Yes'), 'Default', 'DoNotEnforce')]" @@ -4106,7 +4043,7 @@ ], "copy": { "name": "dnsZonesLite", - "count": "[length(variables('privateDnsZonesMerge'))]" + "count": "[length(variables('privateDnsZonesMergedWithBackupPlaceholderRemoved'))]" }, "properties": { "mode": "Incremental", @@ -4116,7 +4053,7 @@ }, "parameters": { "privateDnsZoneName": { - "value": "[concat(variables('privateDnsZonesMerge')[copyIndex()])]" + "value": "[concat(variables('privateDnsZonesMergedWithBackupPlaceholderRemoved')[copyIndex()])]" }, "connectivityHubResourceId": { "value": "[variables('platformResourceIds').vNetHubResourceId]" @@ -4396,20 +4333,20 @@ "vpnGateWayScaleUnit": { "value": "[parameters('vpnGateWayScaleUnit')]" }, - "enablevWANRoutingIntent":{ - "value":"[parameters('enablevWANRoutingIntent')]" + "enablevWANRoutingIntent": { + "value": "[parameters('enablevWANRoutingIntent')]" }, - "internetTrafficRoutingPolicy":{ - "value":"[parameters('internetTrafficRoutingPolicy')]" + "internetTrafficRoutingPolicy": { + "value": "[parameters('internetTrafficRoutingPolicy')]" }, - "privateTrafficRoutingPolicy":{ - "value":"[parameters('privateTrafficRoutingPolicy')]" + "privateTrafficRoutingPolicy": { + "value": "[parameters('privateTrafficRoutingPolicy')]" }, - "vWANHubRoutingPreference":{ - "value":"[parameters('vWANHubRoutingPreference')]" + "vWANHubRoutingPreference": { + "value": "[parameters('vWANHubRoutingPreference')]" }, - "vWanHubCapacity":{ - "value":"[parameters('vWANHubCapacity')]" + "vWanHubCapacity": { + "value": "[parameters('vWANHubCapacity')]" } } } @@ -4559,4 +4496,4 @@ "value": "[concat(deployment().name, ' has successfully deployed. Welcome to Azure Landing Zones!')]" } } -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json index f86ae563..310909fb 100644 --- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json +++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "9855730234916336087" + "version": "0.24.24.22086", + "templateHash": "16254215850160470748" } }, "parameters": { diff --git a/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json b/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json index b0575b07..263b8425 100644 --- a/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json +++ b/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "9695945313327552588" + "version": "0.24.24.22086", + "templateHash": "7374068324501208275" } }, "variables": {