Addressing Multi-region bugs for Virtual WAN (#1743)

Co-authored-by: Sacha Narinx <Springstone@users.noreply.github.com>
2024-09-02 04:50:25 -04:00 · 2024-09-02 04:50:25 -04:00 · d639f5fd96
--- a/docs/wiki/Whats-new.md
+++ b/docs/wiki/Whats-new.md
@ -62,6 +62,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
 - Re-introduced the option to enable "Sentinel" in the portal accelerator.
 - Updated Microsoft Sentinel onboarding (enablement) using the new mechanism that fixes issues after 1 July 2024. Microsoft Sentinel is enabled by default through the portal accelerator as a best practice - we do not however configure any data connectors, we only enable the service. Should you wish to remove this, you can delete the association from the Azure Portal after deployment from the "Sentinel" feature blade.
 - Fixed a bug that would result in a failed deployment if deploying an Express Route Gateway and Basic Firewall SKU through the portal accelerator.
+- Fixed a bug that would result in a failed deployment for some multi-region Virtual WAN scenarios with identity networks and gateways.

 ### July 2024

--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@ -1913,6 +1913,7 @@
            "privateDnsRgResourceId": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').privateDnsRg)]",
            "azFirewallResourceId": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').connectivityRg, '/providers/Microsoft.Network/azureFirewalls/', variables('platformResourceNames').azFwName)]",
            "azFirewallResourceIdSecondary": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').connectivityRgSecondary, '/providers/Microsoft.Network/azureFirewalls/', variables('platformResourceNames').azFwNameSecondary)]",
+            "azFirewallResourceIdSecondaryVwan": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').connectivityRg, '/providers/Microsoft.Network/azureFirewalls/', variables('platformResourceNames').azFwNameSecondary)]",
            "userAssignedIdentityResourceId": "[concat('/subscriptions/', variables('singleVsDedicatedMgmtSub'), '/resourceGroups/', variables('platformRgNames').mgmtRg, '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', variables('platformResourceNames').userAssignedIdentity)]"
        },
        // Declaring deterministic resourceId's for ES Lite platform resources (as they will be consolidated into a single platform subscription)
@ -7185,7 +7186,7 @@
                        "value": "[variables('platformResourceIds').vWanHubResourceIdSecondary]"
                    },
                    "azureFirewallResourceId": {
-                        "value": "[if(equals(parameters('enableAzFwDnsProxySecondary'), 'Yes'), variables('platformResourceIds').azFirewallResourceIdSecondary, '')]"
+                        "value": "[if(equals(parameters('enableAzFwDnsProxySecondary'), 'Yes'), variables('platformResourceIds').azFirewallResourceIdSecondaryVwan, '')]"
                    }
                }
            }
--- a/eslzArm/subscriptionTemplates/vwan-connectivity.json
+++ b/eslzArm/subscriptionTemplates/vwan-connectivity.json
@ -508,7 +508,7 @@
                                            ],
                                            "properties": {
                                                "virtualHub": {
-                                                    "id": "[variables('vwanhub')]"
+                                                    "id": "[variables('vwanhubSecondary')]"
                                                },
                                                "bgpSettings": {
                                                    "asn": "[variables('vpnbgpasn')]"