diff --git a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Get-Validations.ps1 b/src/bicep/add-ons/azureVirtualDesktop/artifacts/Get-Validations.ps1 index 5a1457b8..fe537411 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Get-Validations.ps1 +++ b/src/bicep/add-ons/azureVirtualDesktop/artifacts/Get-Validations.ps1 @@ -62,7 +62,7 @@ Param( [parameter(Mandatory)] [string] - $WorkspaceNamePrefix, + $WorkspaceFeedName, [parameter(Mandatory)] [string] @@ -237,7 +237,7 @@ try ############################################################## # AVD Workspace Validation ############################################################## - $Workspace = Get-AzResource -ResourceGroupName $WorkspaceResourceGroupName -ResourceName $($WorkspaceNamePrefix + '-feed') + $Workspace = Get-AzResource -ResourceGroupName $WorkspaceResourceGroupName -ResourceName $WorkspaceFeedName Write-Log -Message "Existing Workspace Validation Succeeded" -Type 'INFO' Disconnect-AzAccount | Out-Null diff --git a/src/bicep/add-ons/azureVirtualDesktop/data/locations.json b/src/bicep/add-ons/azureVirtualDesktop/data/locations.json deleted file mode 100644 index 06f20c9e..00000000 --- a/src/bicep/add-ons/azureVirtualDesktop/data/locations.json +++ /dev/null @@ -1,396 +0,0 @@ -{ - "AzureChina": { - "chinaeast": { - "abbreviation": "cne", - "recoveryServicesGeo": "sha", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinaeast2": { - "abbreviation": "cne2", - "recoveryServicesGeo": "sha2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth": { - "abbreviation": "cnn", - "recoveryServicesGeo": "bjb", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth2": { - "abbreviation": "cnn2", - "recoveryServicesGeo": "bjb2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth3": { - "abbreviation": "cnn3", - "recoveryServicesGeo": "", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - } - }, - "AzureCloud": { - "australiacentral": { - "abbreviation": "auc", - "recoveryServicesGeo": "acl", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiacentral2": { - "abbreviation": "auc2", - "recoveryServicesGeo": "acl2", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiaeast": { - "abbreviation": "aue", - "recoveryServicesGeo": "ae", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiasoutheast": { - "abbreviation": "ause", - "recoveryServicesGeo": "ase", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "brazilsouth": { - "abbreviation": "brs", - "recoveryServicesGeo": "brs", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "brazilsoutheast": { - "abbreviation": "brse", - "recoveryServicesGeo": "bse", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "canadacentral": { - "abbreviation": "cac", - "recoveryServicesGeo": "cnc", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "canadaeast": { - "abbreviation": "cae", - "recoveryServicesGeo": "cne", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "centralindia": { - "abbreviation": "inc", - "recoveryServicesGeo": "inc", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "centralus": { - "abbreviation": "usc", - "recoveryServicesGeo": "cus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "eastasia": { - "abbreviation": "ase", - "recoveryServicesGeo": "ea", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "eastus": { - "abbreviation": "use", - "recoveryServicesGeo": "eus", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "eastus2": { - "abbreviation": "use2", - "recoveryServicesGeo": "eus2", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "francecentral": { - "abbreviation": "frc", - "recoveryServicesGeo": "frc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "francesouth": { - "abbreviation": "frs", - "recoveryServicesGeo": "frs", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanynorth": { - "abbreviation": "den", - "recoveryServicesGeo": "gn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanywestcentral": { - "abbreviation": "dewc", - "recoveryServicesGeo": "gwc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "israelcentral": { - "abbreviation": "ilc", - "recoveryServicesGeo": "ilc", - "timeDifference": "+2:00", - "timeZone": "Israel Standard Time" - }, - "italynorth": { - "abbreviation": "itn", - "recoveryServicesGeo": "itn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "japaneast": { - "abbreviation": "jpe", - "recoveryServicesGeo": "jpe", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "japanwest": { - "abbreviation": "jpw", - "recoveryServicesGeo": "jpw", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "jioindiacentral": { - "abbreviation": "injc", - "recoveryServicesGeo": "jic", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "jioindiawest": { - "abbreviation": "injw", - "recoveryServicesGeo": "jiw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "koreacentral": { - "abbreviation": "krc", - "recoveryServicesGeo": "krc", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "koreasouth": { - "abbreviation": "krs", - "recoveryServicesGeo": "krs", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "newzealandnorth": { - "abbreviation": "nzn", - "recoveryServicesGeo": "", - "timeDifference": "+13:00", - "timeZone": "New Zealand Standard Time" - }, - "northcentralus": { - "abbreviation": "usnc", - "recoveryServicesGeo": "ncus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "northeurope": { - "abbreviation": "eun", - "recoveryServicesGeo": "ne", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "norwayeast": { - "abbreviation": "noe", - "recoveryServicesGeo": "nwe", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "norwaywest": { - "abbreviation": "now", - "recoveryServicesGeo": "nww", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "polandcentral": { - "abbreviation": "plc", - "recoveryServicesGeo": "plc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "qatarcentral": { - "abbreviation": "qac", - "recoveryServicesGeo": "qac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "southafricanorth": { - "abbreviation": "zan", - "recoveryServicesGeo": "san", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southafricawest": { - "abbreviation": "zaw", - "recoveryServicesGeo": "saw", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southcentralus": { - "abbreviation": "ussc", - "recoveryServicesGeo": "scus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "southeastasia": { - "abbreviation": "asse", - "recoveryServicesGeo": "sea", - "timeDifference": "+8:00", - "timeZone": "Singapore Standard Time" - }, - "southindia": { - "abbreviation": "ins", - "recoveryServicesGeo": "ins", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "swedencentral": { - "abbreviation": "sec", - "recoveryServicesGeo": "sdc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandnorth": { - "abbreviation": "chn", - "recoveryServicesGeo": "szn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandwest": { - "abbreviation": "chw", - "recoveryServicesGeo": "szw", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "uaecentral": { - "abbreviation": "aec", - "recoveryServicesGeo": "uac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uaenorth": { - "abbreviation": "aen", - "recoveryServicesGeo": "uan", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uksouth": { - "abbreviation": "uks", - "recoveryServicesGeo": "uks", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "ukwest": { - "abbreviation": "ukw", - "recoveryServicesGeo": "ukw", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "westcentralus": { - "abbreviation": "uswc", - "recoveryServicesGeo": "wcus", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "westeurope": { - "abbreviation": "euw", - "recoveryServicesGeo": "we", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "westindia": { - "abbreviation": "inw", - "recoveryServicesGeo": "inw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "westus": { - "abbreviation": "usw", - "recoveryServicesGeo": "wus", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus2": { - "abbreviation": "usw2", - "recoveryServicesGeo": "wus2", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus3": { - "abbreviation": "usw3", - "recoveryServicesGeo": "wus3", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - } - }, - "AzureUSGovernment": { - "usdodcentral": { - "abbreviation": "dodc", - "recoveryServicesGeo": "udc", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usdodeast": { - "abbreviation": "dode", - "recoveryServicesGeo": "ude", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usgovarizona": { - "abbreviation": "az", - "recoveryServicesGeo": "uga", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "usgovtexas": { - "abbreviation": "tx", - "recoveryServicesGeo": "ugt", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usgovvirginia": { - "abbreviation": "va", - "recoveryServicesGeo": "ugv", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - } - }, - "USNat": { - "usnateast": { - "abbreviation": "east", - "recoveryServicesGeo": "exe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usnatwest": { - "abbreviation": "west", - "recoveryServicesGeo": "exw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - }, - "USSec": { - "usseceast": { - "abbreviation": "east", - "recoveryServicesGeo": "rxe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "ussecwest": { - "abbreviation": "west", - "recoveryServicesGeo": "rxw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - } -} \ No newline at end of file diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/controlPlane.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/controlPlane.bicep index a3f6b2fb..0d687e3e 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/controlPlane.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/controlPlane.bicep @@ -8,7 +8,10 @@ param deploymentUserAssignedIdentityClientId string param desktopApplicationGroupName string param desktopFriendlyName string param existingFeedWorkspace bool +param hostPoolDiagnosticSettingName string param hostPoolName string +param hostPoolNetworkInterfaceName string +param hostPoolPrivateEndpointName string param hostPoolPublicNetworkAccess string param hostPoolType string param locationControlPlane string @@ -28,7 +31,10 @@ param timestamp string param validationEnvironment bool param vmTemplate string param workspaceFriendlyName string -param workspaceNamePrefix string +param workspaceFeedName string +param workspaceFeedDiagnoticSettingName string +param workspaceFeedNetworkInterfaceName string +param workspaceFeedPrivateEndpointName string param workspacePublicNetworkAccess string module hostPool 'hostPool.bicep' = { @@ -38,7 +44,10 @@ module hostPool 'hostPool.bicep' = { activeDirectorySolution: activeDirectorySolution avdPrivateDnsZoneResourceId: avdPrivateDnsZoneResourceId customRdpProperty: customRdpProperty + hostPoolDiagnosticSettingName: hostPoolDiagnosticSettingName hostPoolName: hostPoolName + hostPoolNetworkInterfaceName: hostPoolNetworkInterfaceName + hostPoolPrivateEndpointName: hostPoolPrivateEndpointName hostPoolPublicNetworkAccess: hostPoolPublicNetworkAccess hostPoolType: hostPoolType location: locationControlPlane @@ -92,7 +101,10 @@ module workspace 'workspace.bicep' = { tags: tags timestamp: timestamp virtualMachineName: managementVirtualMachineName - workspaceNamePrefix: workspaceNamePrefix + workspaceFeedDiagnoticSettingName: workspaceFeedDiagnoticSettingName + workspaceFeedName: workspaceFeedName + workspaceFeedNetworkInterfaceName: workspaceFeedNetworkInterfaceName + workspaceFeedPrivateEndpointName: workspaceFeedPrivateEndpointName workspacePublicNetworkAccess: workspacePublicNetworkAccess } } diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/hostPool.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/hostPool.bicep index 2bc579b8..1e7fc9fd 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/hostPool.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/hostPool.bicep @@ -1,7 +1,10 @@ param activeDirectorySolution string param avdPrivateDnsZoneResourceId string param customRdpProperty string +param hostPoolDiagnosticSettingName string param hostPoolName string +param hostPoolNetworkInterfaceName string +param hostPoolPrivateEndpointName string param hostPoolPublicNetworkAccess string param hostPoolType string param location string @@ -41,7 +44,6 @@ var hostPoolLogs = [ enabled: true } ] -var privateEndpointName = 'pe-${hostPoolName}' resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' = { name: hostPoolName @@ -69,16 +71,16 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' = { } resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { - name: privateEndpointName + name: hostPoolPrivateEndpointName location: location tags: union({ 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' }, contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {}) properties: { - customNetworkInterfaceName: 'nic-${hostPoolName}' + customNetworkInterfaceName: hostPoolNetworkInterfaceName privateLinkServiceConnections: [ { - name: privateEndpointName + name: hostPoolPrivateEndpointName properties: { privateLinkServiceId: hostPool.id groupIds: [ @@ -108,8 +110,8 @@ resource privateDnsZoneGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneG } } -resource hostPoolDiagnostics 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (monitoring) { - name: 'diag-${hostPoolName}' +resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (monitoring) { + name: hostPoolDiagnosticSettingName scope: hostPool properties: { logs: hostPoolLogs diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/workspace.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/workspace.bicep index b9d766c3..62848543 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/workspace.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/workspace.bicep @@ -14,12 +14,12 @@ param subnetResourceId string param tags object param timestamp string param virtualMachineName string -param workspaceNamePrefix string +param workspaceFeedDiagnoticSettingName string +param workspaceFeedName string +param workspaceFeedNetworkInterfaceName string +param workspaceFeedPrivateEndpointName string param workspacePublicNetworkAccess string -var feedWorkspaceName = '${workspaceNamePrefix}-feed' -var privateEndpointName = 'pe-${feedWorkspaceName}' - module addApplicationGroups '../common/customScriptExtensions.bicep' = if (existing) { scope: resourceGroup(resourceGroupManagement) name: 'AddApplicationGroupReferences_${timestamp}' @@ -28,7 +28,7 @@ module addApplicationGroups '../common/customScriptExtensions.bicep' = if (exist '${artifactsUri}Update-AvdWorkspace.ps1' ] location: locationVirtualMachines - parameters: '-ApplicationGroupReferences "${applicationGroupReferences}" -Environment ${environment().name} -ResourceGroupName ${resourceGroup().name} -SubscriptionId ${subscription().subscriptionId} -TenantId ${tenant().tenantId} -UserAssignedIdentityClientId ${deploymentUserAssignedIdentityClientId} -WorkspaceName ${feedWorkspaceName}' + parameters: '-ApplicationGroupReferences "${applicationGroupReferences}" -Environment ${environment().name} -ResourceGroupName ${resourceGroup().name} -SubscriptionId ${subscription().subscriptionId} -TenantId ${tenant().tenantId} -UserAssignedIdentityClientId ${deploymentUserAssignedIdentityClientId} -WorkspaceName ${workspaceFeedName}' scriptFileName: 'Update-AvdWorkspace.ps1' tags: union({ 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' @@ -39,7 +39,7 @@ module addApplicationGroups '../common/customScriptExtensions.bicep' = if (exist } resource workspace 'Microsoft.DesktopVirtualization/workspaces@2023-09-05' = if (!existing) { - name: feedWorkspaceName + name: workspaceFeedName location: locationControlPlane tags: {} properties: { @@ -50,14 +50,14 @@ resource workspace 'Microsoft.DesktopVirtualization/workspaces@2023-09-05' = if } resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = if (!existing) { - name: privateEndpointName + name: workspaceFeedPrivateEndpointName location: locationControlPlane tags: {} properties: { - customNetworkInterfaceName: 'nic-${feedWorkspaceName}' + customNetworkInterfaceName: workspaceFeedNetworkInterfaceName privateLinkServiceConnections: [ { - name: privateEndpointName + name: workspaceFeedPrivateEndpointName properties: { privateLinkServiceId: workspace.id groupIds: [ @@ -87,8 +87,8 @@ resource privateDnsZoneGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneG } } -resource workspaceDiagnostics 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!existing && monitoring) { - name: 'diag-${feedWorkspaceName}' +resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!existing && monitoring) { + name: workspaceFeedDiagnoticSettingName scope: workspace properties: { logs: [ diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/azureFiles.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/azureFiles.bicep index 4b8a33a2..de97dc6b 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/azureFiles.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/azureFiles.bicep @@ -24,8 +24,11 @@ param resourceGroupManagement string param resourceGroupStorage string param securityPrincipalObjectIds array param securityPrincipalNames array +param serviceName string @minLength(3) param storageAccountNamePrefix string +param storageAccountNetworkInterfaceNamePrefix string +param storageAccountPrivateEndpointNamePrefix string param storageCount int param storageEncryptionKeyName string param storageIndex int @@ -166,14 +169,14 @@ module shares 'shares.bicep' = [for i in range(0, storageCount): { }] resource privateEndpoints 'Microsoft.Network/privateEndpoints@2023-04-01' = [for i in range(0, storageCount): { - name: 'pe-${storageAccountNamePrefix}${padLeft(i + storageIndex, 2, '0')}-file' + name: '${replace(storageAccountPrivateEndpointNamePrefix, serviceName, 'file')}-${padLeft(i + storageIndex, 2, '0')}' location: location tags: tagsPrivateEndpoints properties: { - customNetworkInterfaceName: 'nic-${storageAccountNamePrefix}${padLeft(i + storageIndex, 2, '0')}-file' + customNetworkInterfaceName: '${replace(storageAccountNetworkInterfaceNamePrefix, serviceName, 'file')}-${padLeft(i + storageIndex, 2, '0')}' privateLinkServiceConnections: [ { - name: 'pe-${storageAccounts[i].name}' + name: '${replace(storageAccountPrivateEndpointNamePrefix, serviceName, 'file')}-${padLeft(i + storageIndex, 2, '0')}' properties: { privateLinkServiceId: storageAccounts[i].id groupIds: [ @@ -190,7 +193,7 @@ resource privateEndpoints 'Microsoft.Network/privateEndpoints@2023-04-01' = [for resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2021-08-01' = [for i in range(0, storageCount): { parent: privateEndpoints[i] - name: '${storageAccountNamePrefix}${padLeft(i + storageIndex, 2, '0')}' + name: '${storageAccountNamePrefix}-${padLeft(i + storageIndex, 2, '0')}' properties: { privateDnsZoneConfigs: [ { diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/fslogix.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/fslogix.bicep index 09a07118..e0ba442c 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/fslogix.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/fslogix.bicep @@ -34,8 +34,11 @@ param resourceGroupManagement string param resourceGroupStorage string param securityPrincipalObjectIds array param securityPrincipalNames array +param serviceName string param smbServerLocation string param storageAccountNamePrefix string +param storageAccountNetworkInterfaceNamePrefix string +param storageAccountPrivateEndpointNamePrefix string param storageCount int param storageEncryptionKeyName string param storageIndex int @@ -116,7 +119,10 @@ module azureFiles 'azureFiles/azureFiles.bicep' = if (storageService == 'AzureFi resourceGroupStorage: resourceGroupStorage securityPrincipalNames: securityPrincipalNames securityPrincipalObjectIds: securityPrincipalObjectIds + serviceName: serviceName storageAccountNamePrefix: storageAccountNamePrefix + storageAccountNetworkInterfaceNamePrefix: storageAccountNetworkInterfaceNamePrefix + storageAccountPrivateEndpointNamePrefix: storageAccountPrivateEndpointNamePrefix storageCount: storageCount storageEncryptionKeyName: storageEncryptionKeyName storageIndex: storageIndex diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/hub/hub.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/hub/hub.bicep index 18428d79..dfbbc2ca 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/hub/hub.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/hub/hub.bicep @@ -5,7 +5,9 @@ param globalWorkspacePrivateDnsZoneResourceId string param hubSubnetResourceId string param resourceGroupName string param timestamp string -param workspaceNamePrefix string +param workspaceGlobalName string +param workspaceGlobalNetworkInterfaceName string +param workspaceGlobalPrivateEndpointName string module virtualNetwork 'virtualNetwork.bicep' = if (!existingWorkspace) { scope: resourceGroup(split(hubSubnetResourceId, '/')[4]) @@ -33,7 +35,9 @@ module workspace 'workspace.bicep' = if (!existingWorkspace) { globalWorkspacePrivateDnsZoneResourceId: globalWorkspacePrivateDnsZoneResourceId location: !existingWorkspace ? virtualNetwork.outputs.location : '' subnetResourceId: hubSubnetResourceId - workspaceNamePrefix: workspaceNamePrefix + workspaceGlobalName: workspaceGlobalName + workspaceGlobalNetworkInterfaceName: workspaceGlobalNetworkInterfaceName + workspaceGlobalPrivateEndpointName: workspaceGlobalPrivateEndpointName } dependsOn: [ rg_GlobalWorkspace diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/hub/workspace.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/hub/workspace.bicep index 7c9a762d..eaece986 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/hub/workspace.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/hub/workspace.bicep @@ -1,27 +1,26 @@ param globalWorkspacePrivateDnsZoneResourceId string param location string param subnetResourceId string -param workspaceNamePrefix string - -var globalWorkspaceName = '${workspaceNamePrefix}-global' -var privateEndpointName = 'pe-${globalWorkspaceName}' +param workspaceGlobalName string +param workspaceGlobalNetworkInterfaceName string +param workspaceGlobalPrivateEndpointName string resource workspace 'Microsoft.DesktopVirtualization/workspaces@2023-09-05' = { - name: globalWorkspaceName + name: workspaceGlobalName location: location tags: {} properties: {} } resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { - name: privateEndpointName + name: workspaceGlobalPrivateEndpointName location: location tags: {} properties: { - customNetworkInterfaceName: 'nic-${globalWorkspaceName}' + customNetworkInterfaceName: workspaceGlobalNetworkInterfaceName privateLinkServiceConnections: [ { - name: privateEndpointName + name: workspaceGlobalPrivateEndpointName properties: { privateLinkServiceId: workspace.id groupIds: [ diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/artifacts.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/management/artifacts.bicep index 653f7293..1fa4100d 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/artifacts.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/management/artifacts.bicep @@ -1,12 +1,13 @@ param location string param resourceGroupManagement string +param serviceName string param storageAccountName string param subscriptionId string param tags object param timestamp string param userAssignedIdentityNamePrefix string -var name = '${userAssignedIdentityNamePrefix}-artifacts' +var name = replace(userAssignedIdentityNamePrefix, serviceName, 'artifacts') var roleDefinitionId = '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1' // Storage Blob Data Reader resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' existing = { diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/automationAccount.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/management/automationAccount.bicep index c9a09abf..1abe18de 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/automationAccount.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/management/automationAccount.bicep @@ -1,5 +1,8 @@ +param automationAccountDiagnosticSettingName string param automationAccountName string +param automationAccountNetworkInterfaceName string param automationAccountPrivateDnsZoneResourceId string +param automationAccountPrivateEndpointName string param location string param logAnalyticsWorkspaceResourceId string param monitoring bool @@ -7,8 +10,6 @@ param subnetResourceId string param tags object param virtualMachineName string -var privateEndpointName = 'pe-${automationAccountName}-DSCAndHybridWorker' - resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-07-01' existing = { name: virtualMachineName } @@ -28,14 +29,14 @@ resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' } resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { - name: privateEndpointName + name: automationAccountPrivateEndpointName location: location tags: contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {} properties: { - customNetworkInterfaceName: 'nic-${automationAccountName}-DSCAndHybridWorker' + customNetworkInterfaceName: automationAccountNetworkInterfaceName privateLinkServiceConnections: [ { - name: privateEndpointName + name: automationAccountPrivateEndpointName properties: { privateLinkServiceId: automationAccount.id groupIds: [ @@ -96,9 +97,9 @@ resource extension_HybridWorker 'Microsoft.Compute/virtualMachines/extensions@20 } // Enables logging in a log analytics workspace for alerting and dashboards -resource diagnostics 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if (monitoring) { +resource diagnosticSetting 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if (monitoring) { scope: automationAccount - name: 'diag-${automationAccountName}' + name: automationAccountDiagnosticSettingName properties: { logs: [ { diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/customerManagedKeys.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/management/customerManagedKeys.bicep index ff3039b7..65a965b7 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/customerManagedKeys.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/management/customerManagedKeys.bicep @@ -1,9 +1,11 @@ param diskEncryptionKeyExpirationInDays int = 30 param environment string -param keyVaultAbbreviation string param keyVaultName string +param keyVaultNetworkInterfaceName string +param keyVaultPrivateEndpointName string param keyVaultPrivateDnsZoneResourceId string param location string +param serviceName string param subnetResourceId string param tags object param timestamp string @@ -37,14 +39,14 @@ resource vault 'Microsoft.KeyVault/vaults@2022-07-01' = { } resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { - name: replace(keyVaultName, keyVaultAbbreviation, '${keyVaultAbbreviation}-pe') + name: keyVaultPrivateEndpointName location: location tags: contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {} properties: { - customNetworkInterfaceName: replace(keyVaultName, keyVaultAbbreviation, '${keyVaultAbbreviation}-nic') + customNetworkInterfaceName: keyVaultNetworkInterfaceName privateLinkServiceConnections: [ { - name: replace(keyVaultName, keyVaultAbbreviation, '${keyVaultAbbreviation}-nic') + name: keyVaultPrivateEndpointName properties: { privateLinkServiceId: vault.id groupIds: [ @@ -148,7 +150,7 @@ module userAssignedIdentity 'userAssignedIdentity.bicep' = { name: 'UAI_Encryption_${timestamp}' params: { location: location - name: '${userAssignedIdentityNamePrefix}-encryption' + name: replace(userAssignedIdentityNamePrefix, serviceName, 'encryption') tags: contains(tags, 'Microsoft.ManagedIdentity/userAssignedIdentities') ? tags['Microsoft.ManagedIdentity/userAssignedIdentities'] : {} } } diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/management.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/management/management.bicep index 635789f2..27cde8fd 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/management.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/management/management.bicep @@ -3,8 +3,11 @@ targetScope = 'subscription' param activeDirectorySolution string param artifactsUri string param artifactsStorageAccountResourceId string +param automationAccountDiagnosticSettingName string param automationAccountName string +param automationAccountNetworkInterfaceName string param automationAccountPrivateDnsZoneResourceId string +param automationAccountPrivateEndpointName string param availability string param avdObjectId string param azureBlobsPrivateDnsZoneResourceId string @@ -26,18 +29,22 @@ param fslogixStorageService string param hostPoolName string param hostPoolType string param imageDefinitionResourceId string -param keyVaultAbbreviation string param keyVaultName string +param keyVaultNetworkInterfaceName string param keyVaultPrivateDnsZoneResourceId string +param keyVaultPrivateEndpointName string param locationVirtualMachines string param logAnalyticsWorkspaceName string param logAnalyticsWorkspaceRetention int param logAnalyticsWorkspaceSku string param networkInterfaceNamePrefix string +param networkName string param organizationalUnitPath string param recoveryServices bool param recoveryServicesPrivateDnsZoneResourceId string param recoveryServicesVaultName string +param recoveryServicesVaultNetworkInterfaceName string +param recoveryServicesVaultPrivateEndpointName string param resourceGroupControlPlane string param resourceGroupFeedWorkspace string param resourceGroupHosts string @@ -46,6 +53,7 @@ param resourceGroupStorage string param roleDefinitions object param scalingTool bool param securityLogAnalyticsWorkspaceResourceId string +param serviceName string param sessionHostCount int param storageService string param subnetResourceId string @@ -59,7 +67,7 @@ param virtualMachineNamePrefix string param virtualMachinePassword string param virtualMachineUsername string param virtualMachineSize string -param workspaceNamePrefix string +param workspaceFeedName string var CpuCountMax = contains(hostPoolType, 'Pooled') ? 32 : 128 var CpuCountMin = contains(hostPoolType, 'Pooled') ? 4 : 2 @@ -135,7 +143,7 @@ module deploymentUserAssignedIdentity 'userAssignedIdentity.bicep' = { name: 'UserAssignedIdentity_${timestamp}' params: { location: locationVirtualMachines - name: '${userAssignedIdentityNamePrefix}-deployment' + name: replace(userAssignedIdentityNamePrefix, serviceName, 'deployment') tags: contains(tags, 'Microsoft.ManagedIdentity/userAssignedIdentities') ? tags['Microsoft.ManagedIdentity/userAssignedIdentities'] : {} } } @@ -167,6 +175,7 @@ module artifacts 'artifacts.bicep' = { params: { location: locationVirtualMachines resourceGroupManagement: resourceGroupManagement + serviceName: serviceName storageAccountName: split(artifactsStorageAccountResourceId, '/')[8] subscriptionId: subscription().subscriptionId tags: tags @@ -181,10 +190,12 @@ module customerManagedKeys 'customerManagedKeys.bicep' = { scope: resourceGroup(resourceGroupManagement) params: { environment: environmentShortName - keyVaultAbbreviation: keyVaultAbbreviation keyVaultName: keyVaultName + keyVaultNetworkInterfaceName: keyVaultNetworkInterfaceName keyVaultPrivateDnsZoneResourceId: keyVaultPrivateDnsZoneResourceId + keyVaultPrivateEndpointName: keyVaultPrivateEndpointName location: locationVirtualMachines + serviceName: serviceName subnetResourceId: subnetResourceId tags: tags timestamp: timestamp @@ -223,8 +234,10 @@ module virtualMachine 'virtualMachine.bicep' = { domainName: domainName location: locationVirtualMachines networkInterfaceNamePrefix: networkInterfaceNamePrefix + networkName: networkName organizationalUnitPath: organizationalUnitPath securityLogAnalyticsWorkspaceResourceId: securityLogAnalyticsWorkspaceResourceId + serviceName: serviceName subnet: split(subnetResourceId, '/')[10] tagsNetworkInterfaces: contains(tags, 'Microsoft.Network/networkInterfaces') ? tags['Microsoft.Network/networkInterfaces'] : {} tagsVirtualMachines: contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {} @@ -247,7 +260,7 @@ module validations '../common/customScriptExtensions.bicep' = { '${artifactsUri}Get-Validations.ps1' ] location: locationVirtualMachines - parameters: '-ActiveDirectorySolution ${activeDirectorySolution} -CpuCountMax ${CpuCountMax} -CpuCountMin ${CpuCountMin} -DomainName ${empty(domainName) ? 'NotApplicable' : domainName} -Environment ${environment().name} -ImageDefinitionResourceId ${empty(imageDefinitionResourceId) ? 'NotApplicable' : imageDefinitionResourceId} -Location ${locationVirtualMachines} -SessionHostCount ${sessionHostCount} -StorageService ${storageService} -SubscriptionId ${subscription().subscriptionId} -TenantId ${tenant().tenantId} -UserAssignedIdentityClientId ${deploymentUserAssignedIdentity.outputs.clientId} -VirtualMachineSize ${virtualMachineSize} -VirtualNetworkName ${VirtualNetworkName} -VirtualNetworkResourceGroupName ${VirtualNetworkResourceGroupName} -WorkspaceNamePrefix ${workspaceNamePrefix} -WorkspaceResourceGroupName ${resourceGroupFeedWorkspace}' + parameters: '-ActiveDirectorySolution ${activeDirectorySolution} -CpuCountMax ${CpuCountMax} -CpuCountMin ${CpuCountMin} -DomainName ${empty(domainName) ? 'NotApplicable' : domainName} -Environment ${environment().name} -ImageDefinitionResourceId ${empty(imageDefinitionResourceId) ? 'NotApplicable' : imageDefinitionResourceId} -Location ${locationVirtualMachines} -SessionHostCount ${sessionHostCount} -StorageService ${storageService} -SubscriptionId ${subscription().subscriptionId} -TenantId ${tenant().tenantId} -UserAssignedIdentityClientId ${deploymentUserAssignedIdentity.outputs.clientId} -VirtualMachineSize ${virtualMachineSize} -VirtualNetworkName ${VirtualNetworkName} -VirtualNetworkResourceGroupName ${VirtualNetworkResourceGroupName} -WorkspaceFeedName ${workspaceFeedName} -WorkspaceResourceGroupName ${resourceGroupFeedWorkspace}' scriptFileName: 'Get-Validations.ps1' tags: contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {} userAssignedIdentityClientId: deploymentUserAssignedIdentity.outputs.clientId @@ -287,8 +300,11 @@ module automationAccount 'automationAccount.bicep' = if (scalingTool || fslogixS name: 'AutomationAccount_${timestamp}' scope: resourceGroup(resourceGroupManagement) params: { + automationAccountDiagnosticSettingName: automationAccountDiagnosticSettingName automationAccountName: automationAccountName + automationAccountNetworkInterfaceName: automationAccountNetworkInterfaceName automationAccountPrivateDnsZoneResourceId: automationAccountPrivateDnsZoneResourceId + automationAccountPrivateEndpointName: automationAccountPrivateEndpointName location: locationVirtualMachines logAnalyticsWorkspaceResourceId: enableMonitoring ? monitoring.outputs.logAnalyticsWorkspaceResourceId : '' monitoring: enableMonitoring @@ -308,6 +324,8 @@ module recoveryServicesVault 'recoveryServicesVault.bicep' = if (recoveryService azureQueueStoragePrivateDnsZoneResourceId: azureQueueStoragePrivateDnsZoneResourceId recoveryServicesPrivateDnsZoneResourceId: recoveryServicesPrivateDnsZoneResourceId recoveryServicesVaultName: recoveryServicesVaultName + recoveryServicesVaultNetworkInterfaceName: recoveryServicesVaultNetworkInterfaceName + recoveryServicesVaultPrivateEndpointName: recoveryServicesVaultPrivateEndpointName storageService: storageService subnetId: subnetResourceId tags: tags diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/recoveryServicesVault.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/management/recoveryServicesVault.bicep index ea684d69..141c3911 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/recoveryServicesVault.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/management/recoveryServicesVault.bicep @@ -4,6 +4,8 @@ param fslogix bool param location string param recoveryServicesPrivateDnsZoneResourceId string param recoveryServicesVaultName string +param recoveryServicesVaultNetworkInterfaceName string +param recoveryServicesVaultPrivateEndpointName string param storageService string param subnetId string param tags object @@ -86,14 +88,14 @@ resource backupPolicy_Vm 'Microsoft.RecoveryServices/vaults/backupPolicies@2022- } resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { - name: 'pe-${recoveryServicesVaultName}' + name: recoveryServicesVaultPrivateEndpointName location: location tags: contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {} properties: { - customNetworkInterfaceName: 'nic-${recoveryServicesVaultName}' + customNetworkInterfaceName: recoveryServicesVaultNetworkInterfaceName privateLinkServiceConnections: [ { - name: 'pe-${recoveryServicesVaultName}' + name: recoveryServicesVaultPrivateEndpointName properties: { privateLinkServiceId: vault.id groupIds: [ diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/virtualMachine.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/management/virtualMachine.bicep index ecf2bb03..2834b549 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/virtualMachine.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/management/virtualMachine.bicep @@ -11,8 +11,10 @@ param domainJoinUserPrincipalName string param domainName string param location string param networkInterfaceNamePrefix string +param networkName string param organizationalUnitPath string param securityLogAnalyticsWorkspaceResourceId string +param serviceName string param subnet string param tagsNetworkInterfaces object param tagsVirtualMachines object @@ -25,12 +27,12 @@ param virtualMachineNamePrefix string param virtualMachinePassword string param virtualMachineUsername string -var networkInterfaceName = '${networkInterfaceNamePrefix}mgt' +var networkInterfaceName = replace(networkInterfaceNamePrefix, serviceName, 'mgt-vm') var securitylogAnalyticsWorkspaceName = securityMonitoring ? split(securityLogAnalyticsWorkspaceResourceId, '/')[8] : '' var securityLogAnalyticsWorkspaceResourceGroupName = securityMonitoring ? split(securityLogAnalyticsWorkspaceResourceId, '/')[4] : resourceGroup().name var securityLogAnalyticsWorkspaceSubscriptionId = securityMonitoring ? split(securityLogAnalyticsWorkspaceResourceId, '/')[2] : subscription().subscriptionId var securityMonitoring = empty(securityLogAnalyticsWorkspaceResourceId) ? false : true -var virtualMachineName = '${virtualMachineNamePrefix}mgt' +var virtualMachineName = replace(replace(virtualMachineNamePrefix, serviceName, 'mgt'), networkName, '') resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = if (securityMonitoring) { scope: resourceGroup(securityLogAnalyticsWorkspaceSubscriptionId, securityLogAnalyticsWorkspaceResourceGroupName) @@ -86,7 +88,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-11-01' = { } storageAccountType: diskSku } - name: '${diskNamePrefix}mgt' + name: replace(diskNamePrefix, serviceName, 'mgt-vm') } dataDisks: [] } diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/resourceNames.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/resourceNames.bicep index 66fc6989..66ab323d 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/resourceNames.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/resourceNames.bicep @@ -9,9 +9,13 @@ param stampIndex int // NAMING CONVENTIONS // All the resources are named using the following variables // Modify the components of the naming convention to suit your needs -var namingConvention = '${identifier}-${stampIndex}-resourceType-${environmentShortName}-location' -var namingConvention_Global = 'resourceType-${environmentShortName}-location' -var namingConvention_Shared = '${identifier}-resourceType-${environmentShortName}-location' +var resourceAbbreviation = 'resourceAbbreviation' +var serviceName = 'serviceName' +var networkName = 'avd' +var locationAbbreviation = 'locationAbbreviation' +var namingConvention = '${identifier}-${stampIndex}-${resourceAbbreviation}-${serviceName}-${networkName}-${environmentShortName}-${locationAbbreviation}' +var namingConvention_Global = '${resourceAbbreviation}-${serviceName}-${networkName}-${environmentShortName}-${locationAbbreviation}' +var namingConvention_Shared = '${identifier}-${resourceAbbreviation}-${serviceName}-${networkName}-${environmentShortName}-${locationAbbreviation}' // SUPPORTING DATA var cloudEndpointSuffix = replace(replace(environment().resourceManager, 'https://management.', ''), '/', '') @@ -31,25 +35,28 @@ var privateDnsZoneSuffixes_Monitor = { AzureCloud: 'azure.com' AzureUSGovernment: 'azure.us' } -var locations = (loadJsonContent('../data/locations.json'))[environment().name] -var resourceAbbreviations = loadJsonContent('../data/resourceAbbreviations.json') +var locations = (loadJsonContent('../../../data/locations.json'))[environment().name] +var resourceAbbreviations = loadJsonContent('../../../data/resourceAbbreviations.json') // RESOURCE NAMES AND PREFIXES var agentSvcPrivateDnsZoneName = 'privatelink.agentsvc.azure-automation.${privateDnsZoneSuffixes_AzureAutomation[environment().name] ?? cloudEndpointSuffix}' -var automationAccountName = replace(replace(namingConvention, 'resourceType', resourceAbbreviations.automationAccounts), 'location', locations[locationVirtualMachines].abbreviation) -var availabilitySetNamePrefix = '${replace(replace(namingConvention, 'resourceType', resourceAbbreviations.availabilitySets), 'location', locations[locationVirtualMachines].abbreviation)}-' +var automationAccountDiagnosticSettingName = replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.diagnosticSettings), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var automationAccountName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.automationAccounts), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var automationAccountNetworkInterfaceName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.networkInterfaces), serviceName, 'DSCAndHybridWorker-${resourceAbbreviations.automationAccounts}' ), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var automationAccountPrivateEndpointName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.privateEndpoints), serviceName, 'DSCAndHybridWorker-${resourceAbbreviations.automationAccounts}' ), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var availabilitySetNamePrefix = '${replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.availabilitySets), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation)}-' var avdGlobalPrivateDnsZoneName = 'privatelink-global.wvd.${privateDnsZoneSuffixes_AzureVirtualDesktop[environment().name] ?? cloudEndpointSuffix}' var avdPrivateDnsZoneName = 'privatelink.wvd.${privateDnsZoneSuffixes_AzureVirtualDesktop[environment().name] ?? cloudEndpointSuffix}' var azureAutomationPrivateDnsZoneName = 'privatelink.azure-automation.${privateDnsZoneSuffixes_AzureAutomation[environment().name] ?? cloudEndpointSuffix}' var backupPrivateDnsZoneName = 'privatelink.${locations[locationVirtualMachines].recoveryServicesGeo}.backup.${privateDnsZoneSuffixes_Backup[environment().name] ?? cloudEndpointSuffix}' var blobPrivateDnsZoneName = 'privatelink.blob.${environment().suffixes.storage}' -var dataCollectionRuleAssociationName = '${replace(replace(namingConvention, 'resourceType', resourceAbbreviations.dataCollectionRuleAssociations), 'location', locations[locationVirtualMachines].abbreviation)}-avdi' +var dataCollectionRuleAssociationName = '${replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.dataCollectionRuleAssociations), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation)}-avdi' var dataCollectionRuleName = 'microsoft-avdi-${locations[locationVirtualMachines].abbreviation}' -var desktopApplicationGroupName = replace(replace(namingConvention, 'resourceType', resourceAbbreviations.desktopApplicationGroups), 'location', locations[locationControlPlane].abbreviation) -var diskAccessName = replace(replace(namingConvention, 'resourceType', resourceAbbreviations.diskAccesses), 'location', locations[locationVirtualMachines].abbreviation) -var diskEncryptionSetName = replace(replace(namingConvention, 'resourceType', resourceAbbreviations.diskEncryptionSets), 'location', locations[locationVirtualMachines].abbreviation) -var diskNamePrefix = '${replace(replace(namingConvention, 'resourceType', resourceAbbreviations.disks), 'location', locations[locationVirtualMachines].abbreviation)}-' +var desktopApplicationGroupName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.desktopApplicationGroups), '-${serviceName}', ''), locationAbbreviation, locations[locationControlPlane].abbreviation) +var diskAccessName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.diskAccesses), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var diskEncryptionSetName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.diskEncryptionSets), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var diskNamePrefix = replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.disks), locationAbbreviation, locations[locationVirtualMachines].abbreviation) var filePrivateDnsZoneName = 'privatelink.file.${environment().suffixes.storage}' var fileShareNames = { CloudCacheProfileContainer: [ @@ -67,48 +74,65 @@ var fileShareNames = { 'profile-containers' ] } -var hostPoolName = replace(replace(namingConvention, 'resourceType', resourceAbbreviations.hostPools), 'location', locations[locationControlPlane].abbreviation) -var keyVaultName = replace(replace(namingConvention, 'resourceType', resourceAbbreviations.keyVaults), 'location', locations[locationVirtualMachines].abbreviation) +var hostPoolDiagnosticSettingName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.diagnosticSettings), serviceName, resourceAbbreviations.hostPools), locationAbbreviation, locations[locationControlPlane].abbreviation) +var hostPoolName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.hostPools), '-${serviceName}', ''), locationAbbreviation, locations[locationControlPlane].abbreviation) +var hostPoolNetworkInterfaceName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.networkInterfaces), serviceName, resourceAbbreviations.hostPools), locationAbbreviation, locations[locationControlPlane].abbreviation) +var hostPoolPrivateEndpointName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.privateEndpoints), serviceName, resourceAbbreviations.hostPools), locationAbbreviation, locations[locationControlPlane].abbreviation) +var keyVaultName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.keyVaults), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var keyVaultNetworkInterfaceName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.networkInterfaces), serviceName, resourceAbbreviations.keyVaults), locationAbbreviation, locations[locationVirtualMachines].abbreviation) var keyVaultPrivateDnsZoneName = replace('privatelink${environment().suffixes.keyvaultDns}', 'vault', 'vaultcore') -var logAnalyticsWorkspaceName = replace(replace(namingConvention, 'resourceType', resourceAbbreviations.logAnalyticsWorkspaces), 'location', locations[locationVirtualMachines].abbreviation) -var netAppAccountName = replace(replace(namingConvention, 'resourceType', resourceAbbreviations.netAppAccounts), 'location', locations[locationVirtualMachines].abbreviation) -var netAppCapacityPoolName = replace(replace(namingConvention, 'resourceType', resourceAbbreviations.netAppCapacityPools), 'location', locations[locationVirtualMachines].abbreviation) -var networkInterfaceNamePrefix = '${replace(replace(namingConvention, 'resourceType', resourceAbbreviations.networkInterfaces), 'location', locations[locationVirtualMachines].abbreviation)}-' +var keyVaultPrivateEndpointName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.privateEndpoints), serviceName, resourceAbbreviations.keyVaults), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var logAnalyticsWorkspaceName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.logAnalyticsWorkspaces), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var netAppAccountName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.netAppAccounts), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var netAppCapacityPoolName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.netAppCapacityPools), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var networkInterfaceNamePrefix = replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.networkInterfaces), locationAbbreviation, locations[locationVirtualMachines].abbreviation) var networkSecurityGroupNames = [ - replace(replace(namingConvention, 'resourceType', resourceAbbreviations.networkSecurityGroups), 'location', locations[locationControlPlane].abbreviation) - replace(replace(namingConvention, 'resourceType', resourceAbbreviations.networkSecurityGroups), 'location', locations[locationVirtualMachines].abbreviation) + replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.networkSecurityGroups), '-${serviceName}', ''), locationAbbreviation, locations[locationControlPlane].abbreviation) + replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.networkSecurityGroups), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation) ] var monitorPrivateDnsZoneName = 'privatelink.monitor.${privateDnsZoneSuffixes_Monitor[environment().name] ?? cloudEndpointSuffix}' var odsOpinsightsPrivateDnsZoneName = 'privatelink.ods.opinsights.${privateDnsZoneSuffixes_Monitor[environment().name] ?? cloudEndpointSuffix}' var omsOpinsightsPrivateDnsZoneName = 'privatelink.oms.opinsights.${privateDnsZoneSuffixes_Monitor[environment().name] ?? cloudEndpointSuffix}' var queuePrivateDnsZoneName = 'privatelink.queue.${environment().suffixes.storage}' -var recoveryServicesVaultName = replace(replace(namingConvention, 'resourceType', resourceAbbreviations.recoveryServicesVaults), 'location', locations[locationVirtualMachines].abbreviation) -var resourceGroupControlPlane = '${replace(replace(namingConvention, 'resourceType', resourceAbbreviations.resourceGroups), 'location', locations[locationControlPlane].abbreviation)}-avd-controlPlane' -var resourceGroupFeedWorkspace = '${replace(replace(namingConvention_Shared, 'resourceType', resourceAbbreviations.resourceGroups), 'location', locations[locationControlPlane].abbreviation)}-avd-feedWorkspace' -var resourceGroupGlobalWorkspace = '${replace(replace(namingConvention_Global, 'resourceType', resourceAbbreviations.resourceGroups), 'location', locations[locationControlPlane].abbreviation)}-avd-globalWorkspace' -var resourceGroupHosts = '${replace(replace(namingConvention, 'resourceType', resourceAbbreviations.resourceGroups), 'location', locations[locationVirtualMachines].abbreviation)}-avd-sessionHosts' -var resourceGroupManagement = '${replace(replace(namingConvention, 'resourceType', resourceAbbreviations.resourceGroups), 'location', locations[locationVirtualMachines].abbreviation)}-avd-management' +var recoveryServicesVaultName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.recoveryServicesVaults), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var recoveryServicesVaultNetworkInterfaceName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.networkInterfaces), serviceName, resourceAbbreviations.recoveryServicesVaults), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var recoveryServicesVaultPrivateEndpointName = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.privateEndpoints), serviceName, resourceAbbreviations.recoveryServicesVaults), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var resourceGroupControlPlane = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.resourceGroups), serviceName, 'controlPlane'), locationAbbreviation, locations[locationControlPlane].abbreviation) +var resourceGroupFeedWorkspace = replace(replace(replace(namingConvention_Shared, resourceAbbreviation, resourceAbbreviations.resourceGroups), serviceName, 'feedWorkspace'), locationAbbreviation, locations[locationControlPlane].abbreviation) +var resourceGroupGlobalWorkspace = replace(replace(replace(namingConvention_Global, resourceAbbreviation, resourceAbbreviations.resourceGroups), serviceName, 'globalWorkspace'), locationAbbreviation, locations[locationControlPlane].abbreviation) +var resourceGroupHosts = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.resourceGroups), serviceName, 'sessionHosts'), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var resourceGroupManagement = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.resourceGroups), serviceName, 'management'), locationAbbreviation, locations[locationVirtualMachines].abbreviation) var resourceGroupsNetwork = [ - '${replace(replace(namingConvention, 'resourceType', resourceAbbreviations.resourceGroups), 'location', locations[locationControlPlane].abbreviation)}-avd-network' - '${replace(replace(namingConvention, 'resourceType', resourceAbbreviations.resourceGroups), 'location', locations[locationVirtualMachines].abbreviation)}-avd-network' + replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.resourceGroups), serviceName, 'network'), locationAbbreviation, locations[locationControlPlane].abbreviation) + replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.resourceGroups), serviceName, 'network'), locationAbbreviation, locations[locationVirtualMachines].abbreviation) ] -var resourceGroupStorage = '${replace(replace(namingConvention, 'resourceType', resourceAbbreviations.resourceGroups), 'location', locations[locationVirtualMachines].abbreviation)}-avd-profileStorage' +var resourceGroupStorage = replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.resourceGroups), serviceName, 'profileStorage'), locationAbbreviation, locations[locationVirtualMachines].abbreviation) var routeTables = [ - replace(replace(namingConvention, 'resourceType', resourceAbbreviations.routeTables), 'location', locations[locationControlPlane].abbreviation) - replace(replace(namingConvention, 'resourceType', resourceAbbreviations.routeTables), 'location', locations[locationVirtualMachines].abbreviation) + replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.routeTables), '-${serviceName}', ''), locationAbbreviation, locations[locationControlPlane].abbreviation) + replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.routeTables), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation) ] -var storageAccountNamePrefix = replace(replace(replace(replace(namingConvention, 'resourceType', resourceAbbreviations.storageAccounts), 'location', locations[locationVirtualMachines].abbreviation), environmentShortName, first(environmentShortName)), '-', '') -var userAssignedIdentityNamePrefix = replace(replace(namingConvention, 'resourceType', resourceAbbreviations.userAssignedIdentities), 'location', locations[locationVirtualMachines].abbreviation) -var virtualMachineNamePrefix = replace(replace(replace(replace(namingConvention, 'resourceType', resourceAbbreviations.virtualMachines), 'location', locations[locationVirtualMachines].abbreviation), environmentShortName, first(environmentShortName)), '-', '') +var storageAccountNamePrefix = replace(replace(replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.storageAccounts), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation), environmentShortName, first(environmentShortName)), '-', '') +var storageAccountNetworkInterfaceNamePrefix = replace(replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.networkInterfaces), serviceName, resourceAbbreviations.storageAccounts), locationAbbreviation, locations[locationVirtualMachines].abbreviation), environmentShortName, first(environmentShortName)) +var storageAccountPrivateEndpointNamePrefix = replace(replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.privateEndpoints), serviceName, resourceAbbreviations.storageAccounts), locationAbbreviation, locations[locationVirtualMachines].abbreviation), environmentShortName, first(environmentShortName)) +var userAssignedIdentityNamePrefix = replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.userAssignedIdentities), locationAbbreviation, locations[locationVirtualMachines].abbreviation) +var virtualMachineNamePrefix = replace(replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.virtualMachines), locationAbbreviation, locations[locationVirtualMachines].abbreviation), environmentShortName, first(environmentShortName)), '-', '') var virtualNetworkNames = [ - replace(replace(namingConvention, 'resourceType', resourceAbbreviations.virtualNetworks), 'location', locations[locationControlPlane].abbreviation) - replace(replace(namingConvention, 'resourceType', resourceAbbreviations.virtualNetworks), 'location', locations[locationVirtualMachines].abbreviation) + replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.virtualNetworks), '-${serviceName}', ''), locationAbbreviation, locations[locationControlPlane].abbreviation) + replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.virtualNetworks), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation) ] -var workspaceFeedNamePrefix = replace(replace(namingConvention_Shared, 'resourceType', resourceAbbreviations.workspaces), 'location', locations[locationControlPlane].abbreviation) -var workspaceGlobalNamePrefix = replace(replace(namingConvention_Global, 'resourceType', resourceAbbreviations.workspaces), 'location', locations[locationControlPlane].abbreviation) +var workspaceFeedDiagnosticSettingName = replace(replace(replace(namingConvention_Shared, resourceAbbreviation, resourceAbbreviations.diagnosticSettings), serviceName, 'feed-${resourceAbbreviations.workspaces}'), locationAbbreviation, locations[locationControlPlane].abbreviation) +var workspaceFeedName = replace(replace(replace(namingConvention_Shared, resourceAbbreviation, 'feed-${resourceAbbreviations.workspaces}'), '-${serviceName}', ''), locationAbbreviation, locations[locationControlPlane].abbreviation) +var workspaceFeedNetworkInterfaceName = replace(replace(replace(namingConvention_Shared, resourceAbbreviation, resourceAbbreviations.networkInterfaces), serviceName, 'feed-${resourceAbbreviations.workspaces}'), locationAbbreviation, locations[locationControlPlane].abbreviation) +var workspaceFeedPrivateEndpointName = replace(replace(replace(namingConvention_Shared, resourceAbbreviation, resourceAbbreviations.privateEndpoints), serviceName, 'feed-${resourceAbbreviations.workspaces}'), locationAbbreviation, locations[locationControlPlane].abbreviation) +var workspaceGlobalName = replace(replace(replace(namingConvention_Global, resourceAbbreviation, 'global-${resourceAbbreviations.workspaces}'), '-${serviceName}', ''), locationAbbreviation, locations[locationControlPlane].abbreviation) +var workspaceGlobalNetworkInterfaceName = replace(replace(replace(namingConvention_Global, resourceAbbreviation, resourceAbbreviations.networkInterfaces), serviceName, 'global-${resourceAbbreviations.workspaces}'), locationAbbreviation, locations[locationControlPlane].abbreviation) +var workspaceGlobalPrivateEndpointName = replace(replace(replace(namingConvention_Global, resourceAbbreviation, resourceAbbreviations.privateEndpoints), serviceName, 'global-${resourceAbbreviations.workspaces}'), locationAbbreviation, locations[locationControlPlane].abbreviation) output agentSvcPrivateDnsZoneName string = agentSvcPrivateDnsZoneName +output automationAccountDiagnosticSettingName string = automationAccountDiagnosticSettingName output automationAccountName string = automationAccountName +output automationAccountNetworkInterfaceName string = automationAccountNetworkInterfaceName +output automationAccountPrivateEndpointName string = automationAccountPrivateEndpointName output availabilitySetNamePrefix string = availabilitySetNamePrefix output avdGlobalPrivateDnsZoneName string = avdGlobalPrivateDnsZoneName output avdPrivateDnsZoneName string = avdPrivateDnsZoneName @@ -123,9 +147,14 @@ output diskEncryptionSetName string = diskEncryptionSetName output diskNamePrefix string = diskNamePrefix output filePrivateDnsZoneName string = filePrivateDnsZoneName output fileShareNames object = fileShareNames +output hostPoolDiagnosticSettingName string = hostPoolDiagnosticSettingName output hostPoolName string = hostPoolName +output hostPoolNetworkInterfaceName string = hostPoolNetworkInterfaceName +output hostPoolPrivateEndpointName string = hostPoolPrivateEndpointName output keyVaultName string = keyVaultName +output keyVaultNetworkInterfaceName string = keyVaultNetworkInterfaceName output keyVaultPrivateDnsZoneName string = keyVaultPrivateDnsZoneName +output keyVaultPrivateEndpointName string = keyVaultPrivateEndpointName output locations object = locations output logAnalyticsWorkspaceName string = logAnalyticsWorkspaceName output monitorPrivateDnsZoneName string = monitorPrivateDnsZoneName @@ -134,9 +163,12 @@ output omsOpinsightsPrivateDnsZoneName string = omsOpinsightsPrivateDnsZoneName output netAppAccountName string = netAppAccountName output netAppCapacityPoolName string = netAppCapacityPoolName output networkInterfaceNamePrefix string = networkInterfaceNamePrefix +output networkName string = networkName output networkSecurityGroupNames array = networkSecurityGroupNames output queuePrivateDnsZoneName string = queuePrivateDnsZoneName output recoveryServicesVaultName string = recoveryServicesVaultName +output recoveryServicesVaultNetworkInterfaceName string = recoveryServicesVaultNetworkInterfaceName +output recoveryServicesVaultPrivateEndpointName string = recoveryServicesVaultPrivateEndpointName output resourceAbbreviations object = resourceAbbreviations output resourceGroupControlPlane string = resourceGroupControlPlane output resourceGroupFeedWorkspace string = resourceGroupFeedWorkspace @@ -146,9 +178,17 @@ output resourceGroupManagement string = resourceGroupManagement output resourceGroupsNetwork array = resourceGroupsNetwork output resourceGroupStorage string = resourceGroupStorage output routeTables array = routeTables +output serviceName string = serviceName output storageAccountNamePrefix string = storageAccountNamePrefix +output storageAccountNetworkInterfaceNamePrefix string = storageAccountNetworkInterfaceNamePrefix +output storageAccountPrivateEndpointNamePrefix string = storageAccountPrivateEndpointNamePrefix output userAssignedIdentityNamePrefix string = userAssignedIdentityNamePrefix output virtualMachineNamePrefix string = virtualMachineNamePrefix output virtulNetworkNames array = virtualNetworkNames -output workspaceFeedNamePrefix string = workspaceFeedNamePrefix -output workspaceGlobalNamePrefix string = workspaceGlobalNamePrefix +output workspaceFeedDiagnosticSettingName string = workspaceFeedDiagnosticSettingName +output workspaceFeedName string = workspaceFeedName +output workspaceFeedNetworkInterfaceName string = workspaceFeedNetworkInterfaceName +output workspaceFeedPrivateEndpointName string = workspaceFeedPrivateEndpointName +output workspaceGlobalName string = workspaceGlobalName +output workspaceGlobalNetworkInterfaceName string = workspaceGlobalNetworkInterfaceName +output workspaceGlobalPrivateEndpointName string = workspaceGlobalPrivateEndpointName diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/sessionHosts.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/sessionHosts.bicep index d70e547b..a20db53f 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/sessionHosts.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/sessionHosts.bicep @@ -41,6 +41,7 @@ param maxResourcesPerTemplateDeployment int param monitoring bool param netAppFileShares array param networkInterfaceNamePrefix string +param networkName string param organizationalUnitPath string param pooledHostPool bool param enableRecoveryServices bool @@ -57,6 +58,7 @@ param scalingMinimumNumberOfRdsh string param scalingSessionThresholdPerCPU string param securityPrincipalObjectIds array param securityLogAnalyticsWorkspaceResourceId string +param serviceName string param sessionHostBatchCount int param sessionHostIndex int param storageAccountPrefix string @@ -148,10 +150,12 @@ module virtualMachines 'virtualMachines.bicep' = [for i in range(1, sessionHostB monitoring: monitoring netAppFileShares: netAppFileShares networkInterfaceNamePrefix: networkInterfaceNamePrefix + networkName: networkName organizationalUnitPath: organizationalUnitPath resourceGroupControlPlane: resourceGroupControlPlane resourceGroupManagement: resourceGroupManagement securityLogAnalyticsWorkspaceResourceId: securityLogAnalyticsWorkspaceResourceId + serviceName: serviceName sessionHostCount: i == sessionHostBatchCount && divisionRemainderValue > 0 ? divisionRemainderValue : maxResourcesPerTemplateDeployment sessionHostIndex: i == 1 ? sessionHostIndex : ((i - 1) * maxResourcesPerTemplateDeployment) + sessionHostIndex storageAccountPrefix: storageAccountPrefix diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/virtualMachines.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/virtualMachines.bicep index e6955f4f..a6244624 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/virtualMachines.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/virtualMachines.bicep @@ -34,10 +34,12 @@ param managementVirtualMachineName string param monitoring bool param netAppFileShares array param networkInterfaceNamePrefix string +param networkName string param organizationalUnitPath string param resourceGroupControlPlane string param resourceGroupManagement string param securityLogAnalyticsWorkspaceResourceId string +param serviceName string param sessionHostCount int param sessionHostIndex int param storageAccountPrefix string @@ -105,6 +107,7 @@ var securityLogAnalyticsWorkspaceResourceGroupName = securityMonitoring ? split( var securityLogAnalyticsWorkspaceSubscriptionId = securityMonitoring ? split(securityLogAnalyticsWorkspaceResourceId, '/')[2] : subscription().subscriptionId var securityMonitoring = empty(securityLogAnalyticsWorkspaceResourceId) ? false : true var securityWorkspaceKey = securityMonitoring ? listKeys(securityLogAnalyticsWorkspaceResourceId, '2021-06-01').primarySharedKey : 'NotApplicable' +var sessionHostNamePrefix = replace(virtualMachineNamePrefix, '${serviceName}${networkName}', '') resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (securityMonitoring) { name: securitylogAnalyticsWorkspaceName @@ -112,7 +115,7 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06 } resource networkInterface 'Microsoft.Network/networkInterfaces@2020-05-01' = [for i in range(0, sessionHostCount): { - name: '${networkInterfaceNamePrefix}${padLeft((i + sessionHostIndex), 4, '0')}' + name: '${replace(networkInterfaceNamePrefix, '-${serviceName}', '')}-${padLeft((i + sessionHostIndex), 4, '0')}' location: location tags: tagsNetworkInterfaces properties: { @@ -135,7 +138,7 @@ resource networkInterface 'Microsoft.Network/networkInterfaces@2020-05-01' = [fo }] resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-03-01' = [for i in range(0, sessionHostCount): { - name: '${virtualMachineNamePrefix}${padLeft((i + sessionHostIndex), 4, '0')}' + name: '${sessionHostNamePrefix}${padLeft((i + sessionHostIndex), 4, '0')}' location: location tags: tagsVirtualMachines zones: availability == 'AvailabilityZones' ? [ @@ -157,7 +160,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-03-01' = [for i storageProfile: { imageReference: imageReference osDisk: { - name: '${diskNamePrefix}${padLeft((i + sessionHostIndex), 4, '0')}' + name: '${replace(diskNamePrefix, '-${serviceName}', '')}-${padLeft((i + sessionHostIndex), 4, '0')}' osType: 'Windows' createOption: 'FromImage' caching: 'ReadWrite' @@ -172,7 +175,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-03-01' = [for i dataDisks: [] } osProfile: { - computerName: '${virtualMachineNamePrefix}${padLeft((i + sessionHostIndex), 4, '0')}' + computerName: '${sessionHostNamePrefix}${padLeft((i + sessionHostIndex), 4, '0')}' adminUsername: virtualMachineUsername adminPassword: virtualMachinePassword windowsConfiguration: { @@ -185,7 +188,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-03-01' = [for i networkProfile: { networkInterfaces: [ { - id: resourceId('Microsoft.Network/networkInterfaces', '${networkInterfaceNamePrefix}${padLeft((i + sessionHostIndex), 4, '0')}') + id: networkInterface[i].id properties: { deleteOption: 'Delete' } @@ -353,7 +356,7 @@ module drainMode '../common/customScriptExtensions.bicep' = if (enableDrainMode) '${artifactsUri}Set-AvdDrainMode.ps1' ] location: location - parameters: '-Environment ${environment().name} -hostPoolName ${hostPoolName} -HostPoolResourceGroupName ${resourceGroupControlPlane} -sessionHostCount ${sessionHostCount} -sessionHostIndex ${sessionHostIndex} -SubscriptionId ${subscription().subscriptionId} -TenantId ${tenant().tenantId} -userAssignedidentityClientId ${deploymentUserAssignedidentityClientId} -virtualMachineNamePrefix ${virtualMachineNamePrefix}' + parameters: '-Environment ${environment().name} -hostPoolName ${hostPoolName} -HostPoolResourceGroupName ${resourceGroupControlPlane} -sessionHostCount ${sessionHostCount} -sessionHostIndex ${sessionHostIndex} -SubscriptionId ${subscription().subscriptionId} -TenantId ${tenant().tenantId} -userAssignedidentityClientId ${deploymentUserAssignedidentityClientId} -virtualMachineNamePrefix ${sessionHostNamePrefix}' scriptFileName: 'Set-AvdDrainMode.ps1' tags: tagsVirtualMachines userAssignedIdentityClientId: deploymentUserAssignedidentityClientId diff --git a/src/bicep/add-ons/azureVirtualDesktop/solution.bicep b/src/bicep/add-ons/azureVirtualDesktop/solution.bicep index dd837de9..b636486a 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/solution.bicep +++ b/src/bicep/add-ons/azureVirtualDesktop/solution.bicep @@ -378,18 +378,21 @@ module network_hosts 'modules/network/networking.bicep' = if (length(deploymentL module management 'modules/management/management.bicep' = { name: 'Management_${timestamp}' params: { + //diskAccessName: resourceNames.outputs.diskAccessName activeDirectorySolution: activeDirectorySolution artifactsStorageAccountResourceId: artifactsStorageAccountResourceId artifactsUri: artifactsUri + automationAccountDiagnosticSettingName: resourceNames.outputs.automationAccountDiagnosticSettingName automationAccountName: resourceNames.outputs.automationAccountName + automationAccountNetworkInterfaceName: resourceNames.outputs.automationAccountNetworkInterfaceName automationAccountPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${resourceNames.outputs.azureAutomationPrivateDnsZoneName}' + automationAccountPrivateEndpointName: resourceNames.outputs.automationAccountPrivateEndpointName availability: availability avdObjectId: avdObjectId azureBlobsPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${resourceNames.outputs.blobPrivateDnsZoneName}' azurePowerShellModuleMsiName: azurePowerShellModuleMsiName azureQueueStoragePrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${resourceNames.outputs.queuePrivateDnsZoneName}' dataCollectionRuleName: resourceNames.outputs.dataCollectionRuleName - //diskAccessName: resourceNames.outputs.diskAccessName diskEncryptionSetName: resourceNames.outputs.diskEncryptionSetName diskNamePrefix: resourceNames.outputs.diskNamePrefix diskSku: diskSku @@ -403,18 +406,22 @@ module management 'modules/management/management.bicep' = { hostPoolName: resourceNames.outputs.hostPoolName hostPoolType: hostPoolType imageDefinitionResourceId: imageDefinitionResourceId - keyVaultAbbreviation: resourceNames.outputs.resourceAbbreviations.keyVaults keyVaultName: resourceNames.outputs.keyVaultName + keyVaultNetworkInterfaceName: resourceNames.outputs.keyVaultNetworkInterfaceName keyVaultPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${resourceNames.outputs.keyVaultPrivateDnsZoneName}' + keyVaultPrivateEndpointName: resourceNames.outputs.keyVaultPrivateEndpointName locationVirtualMachines: locationVirtualMachines logAnalyticsWorkspaceName: resourceNames.outputs.logAnalyticsWorkspaceName logAnalyticsWorkspaceRetention: logAnalyticsWorkspaceRetention logAnalyticsWorkspaceSku: logAnalyticsWorkspaceSku networkInterfaceNamePrefix: resourceNames.outputs.networkInterfaceNamePrefix + networkName: resourceNames.outputs.networkName organizationalUnitPath: organizationalUnitPath recoveryServices: recoveryServices recoveryServicesPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${resourceNames.outputs.backupPrivateDnsZoneName}' recoveryServicesVaultName: resourceNames.outputs.recoveryServicesVaultName + recoveryServicesVaultNetworkInterfaceName: resourceNames.outputs.recoveryServicesVaultNetworkInterfaceName + recoveryServicesVaultPrivateEndpointName: resourceNames.outputs.recoveryServicesVaultPrivateEndpointName resourceGroupControlPlane: resourceNames.outputs.resourceGroupControlPlane resourceGroupFeedWorkspace: resourceNames.outputs.resourceGroupFeedWorkspace resourceGroupHosts: resourceNames.outputs.resourceGroupHosts @@ -423,6 +430,7 @@ module management 'modules/management/management.bicep' = { roleDefinitions: logic.outputs.roleDefinitions scalingTool: scalingTool securityLogAnalyticsWorkspaceResourceId: securityLogAnalyticsWorkspaceResourceId + serviceName: resourceNames.outputs.serviceName sessionHostCount: sessionHostCount storageService: logic.outputs.storageService subnetResourceId: length(deploymentLocations) == 1 ? network_controlPlane.outputs.subnetResourceId : network_hosts.outputs.subnetResourceId @@ -435,7 +443,7 @@ module management 'modules/management/management.bicep' = { virtualMachinePassword: virtualMachinePassword virtualMachineSize: virtualMachineSize virtualMachineUsername: virtualMachineUsername - workspaceNamePrefix: resourceNames.outputs.workspaceFeedNamePrefix + workspaceFeedName: resourceNames.outputs.workspaceFeedName } dependsOn: [ rgs @@ -453,7 +461,9 @@ module hub 'modules/hub/hub.bicep' = { hubSubnetResourceId: hubSubnetResourceId resourceGroupName: resourceNames.outputs.resourceGroupGlobalWorkspace timestamp: timestamp - workspaceNamePrefix: resourceNames.outputs.workspaceGlobalNamePrefix + workspaceGlobalName: resourceNames.outputs.workspaceGlobalName + workspaceGlobalNetworkInterfaceName: resourceNames.outputs.workspaceGlobalNetworkInterfaceName + workspaceGlobalPrivateEndpointName: resourceNames.outputs.workspaceGlobalPrivateEndpointName } } @@ -470,7 +480,10 @@ module controlPlane 'modules/controlPlane/controlPlane.bicep' = { desktopApplicationGroupName: resourceNames.outputs.desktopApplicationGroupName desktopFriendlyName: desktopFriendlyName existingFeedWorkspace: management.outputs.existingFeedWorkspace + hostPoolDiagnosticSettingName: resourceNames.outputs.hostPoolDiagnosticSettingName hostPoolName: resourceNames.outputs.hostPoolName + hostPoolNetworkInterfaceName: resourceNames.outputs.hostPoolNetworkInterfaceName + hostPoolPrivateEndpointName: resourceNames.outputs.hostPoolPrivateEndpointName hostPoolPublicNetworkAccess: hostPoolPublicNetworkAccess hostPoolType: hostPoolType locationControlPlane: locationControlPlane @@ -489,8 +502,11 @@ module controlPlane 'modules/controlPlane/controlPlane.bicep' = { timestamp: timestamp validationEnvironment: validationEnvironment vmTemplate: logic.outputs.vmTemplate + workspaceFeedDiagnoticSettingName: resourceNames.outputs.workspaceFeedDiagnosticSettingName + workspaceFeedName: resourceNames.outputs.workspaceFeedName + workspaceFeedNetworkInterfaceName: resourceNames.outputs.workspaceFeedNetworkInterfaceName + workspaceFeedPrivateEndpointName: resourceNames.outputs.workspaceFeedPrivateEndpointName workspaceFriendlyName: workspaceFriendlyName - workspaceNamePrefix: resourceNames.outputs.workspaceFeedNamePrefix workspacePublicNetworkAccess: workspacePublicNetworkAccess } dependsOn: [ @@ -534,8 +550,11 @@ module fslogix 'modules/fslogix/fslogix.bicep' = { resourceGroupStorage: resourceNames.outputs.resourceGroupStorage securityPrincipalNames: map(securityPrincipals, item => item.name) securityPrincipalObjectIds: map(securityPrincipals, item => item.objectId) + serviceName: resourceNames.outputs.serviceName smbServerLocation: logic.outputs.smbServerLocation storageAccountNamePrefix: resourceNames.outputs.storageAccountNamePrefix + storageAccountNetworkInterfaceNamePrefix: resourceNames.outputs.storageAccountNetworkInterfaceNamePrefix + storageAccountPrivateEndpointNamePrefix: resourceNames.outputs.storageAccountPrivateEndpointNamePrefix storageCount: storageCount storageEncryptionKeyName: management.outputs.storageEncryptionKeyName storageIndex: storageIndex @@ -601,6 +620,7 @@ module sessionHosts 'modules/sessionHosts/sessionHosts.bicep' = { 'None' ] networkInterfaceNamePrefix: resourceNames.outputs.networkInterfaceNamePrefix + networkName: resourceNames.outputs.networkName organizationalUnitPath: organizationalUnitPath pooledHostPool: logic.outputs.pooledHostPool recoveryServicesVaultName: resourceNames.outputs.recoveryServicesVaultName @@ -615,6 +635,7 @@ module sessionHosts 'modules/sessionHosts/sessionHosts.bicep' = { scalingSessionThresholdPerCPU: scalingSessionThresholdPerCPU securityPrincipalObjectIds: map(securityPrincipals, item => item.objectId) securityLogAnalyticsWorkspaceResourceId: securityLogAnalyticsWorkspaceResourceId + serviceName: resourceNames.outputs.serviceName sessionHostBatchCount: logic.outputs.sessionHostBatchCount sessionHostIndex: sessionHostIndex storageAccountPrefix: resourceNames.outputs.storageAccountNamePrefix diff --git a/src/bicep/add-ons/azureVirtualDesktop/solution.json b/src/bicep/add-ons/azureVirtualDesktop/solution.json index 10d44df8..3117b0da 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/solution.json +++ b/src/bicep/add-ons/azureVirtualDesktop/solution.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "12484677965010942290" + "templateHash": "18030163526956675516" } }, "parameters": { @@ -551,7 +551,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "10484903410146163368" + "templateHash": "6308965299810592998" } }, "parameters": { @@ -970,33 +970,39 @@ }, "$fxv#1": { "automationAccounts": "aa", - "availabilitySets": "as", + "availabilitySets": "avail", "dataCollectionRuleAssociations": "dcra", "dataCollectionRules": "dcr", - "desktopApplicationGroups": "dag", + "desktopApplicationGroups": "vdag", + "diagnosticSettings": "diag", "diskAccesses": "da", - "remoteApplicationGroups": "rag", - "disks": "disk", "diskEncryptionSets": "des", - "hostPools": "hp", + "disks": "disk", + "hostPools": "vdpool", "keyVaults": "kv", - "logAnalyticsWorkspaces": "law", + "logAnalyticsWorkspaces": "log", "netAppAccounts": "naa", "netAppCapacityPools": "nacp", "networkInterfaces": "nic", "networkSecurityGroups": "nsg", + "privateEndpoints": "pe", "recoveryServicesVaults": "rsv", + "remoteApplicationGroups": "vdag", "resourceGroups": "rg", "routeTables": "rt", - "storageAccounts": "sa", - "userAssignedIdentities": "uai", + "storageAccounts": "st", + "userAssignedIdentities": "id", "virtualMachines": "vm", "virtualNetworks": "vnet", - "workspaces": "ws" + "workspaces": "vdws" }, - "namingConvention": "[format('{0}-{1}-resourceType-{2}-location', parameters('identifier'), parameters('stampIndex'), parameters('environmentShortName'))]", - "namingConvention_Global": "[format('resourceType-{0}-location', parameters('environmentShortName'))]", - "namingConvention_Shared": "[format('{0}-resourceType-{1}-location', parameters('identifier'), parameters('environmentShortName'))]", + "resourceAbbreviation": "resourceAbbreviation", + "serviceName": "serviceName", + "networkName": "avd", + "locationAbbreviation": "locationAbbreviation", + "namingConvention": "[format('{0}-{1}-{2}-{3}-{4}-{5}-{6}', parameters('identifier'), parameters('stampIndex'), variables('resourceAbbreviation'), variables('serviceName'), variables('networkName'), parameters('environmentShortName'), variables('locationAbbreviation'))]", + "namingConvention_Global": "[format('{0}-{1}-{2}-{3}-{4}', variables('resourceAbbreviation'), variables('serviceName'), variables('networkName'), parameters('environmentShortName'), variables('locationAbbreviation'))]", + "namingConvention_Shared": "[format('{0}-{1}-{2}-{3}-{4}-{5}', parameters('identifier'), variables('resourceAbbreviation'), variables('serviceName'), variables('networkName'), parameters('environmentShortName'), variables('locationAbbreviation'))]", "cloudEndpointSuffix": "[replace(replace(environment().resourceManager, 'https://management.', ''), '/', '')]", "privateDnsZoneSuffixes_AzureAutomation": { "AzureCloud": "net", @@ -1017,19 +1023,22 @@ "locations": "[variables('$fxv#0')[environment().name]]", "resourceAbbreviations": "[variables('$fxv#1')]", "agentSvcPrivateDnsZoneName": "[format('privatelink.agentsvc.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudEndpointSuffix')))]", - "automationAccountName": "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').automationAccounts), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "availabilitySetNamePrefix": "[format('{0}-', replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').availabilitySets), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation))]", + "automationAccountDiagnosticSettingName": "[replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diagnosticSettings), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "automationAccountName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').automationAccounts), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "automationAccountNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), format('DSCAndHybridWorker-{0}', variables('resourceAbbreviations').automationAccounts)), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "automationAccountPrivateEndpointName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), format('DSCAndHybridWorker-{0}', variables('resourceAbbreviations').automationAccounts)), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "availabilitySetNamePrefix": "[format('{0}-', replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').availabilitySets), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation))]", "avdGlobalPrivateDnsZoneName": "[format('privatelink-global.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudEndpointSuffix')))]", "avdPrivateDnsZoneName": "[format('privatelink.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudEndpointSuffix')))]", "azureAutomationPrivateDnsZoneName": "[format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudEndpointSuffix')))]", "backupPrivateDnsZoneName": "[format('privatelink.{0}.backup.{1}', variables('locations')[parameters('locationVirtualMachines')].recoveryServicesGeo, coalesce(variables('privateDnsZoneSuffixes_Backup')[environment().name], variables('cloudEndpointSuffix')))]", "blobPrivateDnsZoneName": "[format('privatelink.blob.{0}', environment().suffixes.storage)]", - "dataCollectionRuleAssociationName": "[format('{0}-avdi', replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').dataCollectionRuleAssociations), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation))]", + "dataCollectionRuleAssociationName": "[format('{0}-avdi', replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').dataCollectionRuleAssociations), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation))]", "dataCollectionRuleName": "[format('microsoft-avdi-{0}', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "desktopApplicationGroupName": "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').desktopApplicationGroups), 'location', variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "diskAccessName": "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').diskAccesses), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "diskEncryptionSetName": "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').diskEncryptionSets), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "diskNamePrefix": "[format('{0}-', replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').disks), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation))]", + "desktopApplicationGroupName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').desktopApplicationGroups), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "diskAccessName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diskAccesses), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "diskEncryptionSetName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diskEncryptionSets), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "diskNamePrefix": "[replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').disks), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", "filePrivateDnsZoneName": "[format('privatelink.file.{0}', environment().suffixes.storage)]", "fileShareNames": { "CloudCacheProfileContainer": [ @@ -1047,45 +1056,59 @@ "profile-containers" ] }, - "hostPoolName": "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').hostPools), 'location', variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "keyVaultName": "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').keyVaults), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "hostPoolDiagnosticSettingName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diagnosticSettings), variables('serviceName'), variables('resourceAbbreviations').hostPools), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "hostPoolName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').hostPools), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "hostPoolNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), variables('resourceAbbreviations').hostPools), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "hostPoolPrivateEndpointName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), variables('resourceAbbreviations').hostPools), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "keyVaultName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').keyVaults), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "keyVaultNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), variables('resourceAbbreviations').keyVaults), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", "keyVaultPrivateDnsZoneName": "[replace(format('privatelink{0}', environment().suffixes.keyvaultDns), 'vault', 'vaultcore')]", - "logAnalyticsWorkspaceName": "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').logAnalyticsWorkspaces), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "netAppAccountName": "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').netAppAccounts), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "netAppCapacityPoolName": "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').netAppCapacityPools), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "networkInterfaceNamePrefix": "[format('{0}-', replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').networkInterfaces), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation))]", + "keyVaultPrivateEndpointName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), variables('resourceAbbreviations').keyVaults), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "logAnalyticsWorkspaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').logAnalyticsWorkspaces), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "netAppAccountName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').netAppAccounts), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "netAppCapacityPoolName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').netAppCapacityPools), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "networkInterfaceNamePrefix": "[replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", "networkSecurityGroupNames": [ - "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').networkSecurityGroups), 'location', variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').networkSecurityGroups), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" + "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkSecurityGroups), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkSecurityGroups), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" ], "monitorPrivateDnsZoneName": "[format('privatelink.monitor.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudEndpointSuffix')))]", "odsOpinsightsPrivateDnsZoneName": "[format('privatelink.ods.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudEndpointSuffix')))]", "omsOpinsightsPrivateDnsZoneName": "[format('privatelink.oms.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudEndpointSuffix')))]", "queuePrivateDnsZoneName": "[format('privatelink.queue.{0}', environment().suffixes.storage)]", - "recoveryServicesVaultName": "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').recoveryServicesVaults), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "resourceGroupControlPlane": "[format('{0}-avd-controlPlane', replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').resourceGroups), 'location', variables('locations')[parameters('locationControlPlane')].abbreviation))]", - "resourceGroupFeedWorkspace": "[format('{0}-avd-feedWorkspace', replace(replace(variables('namingConvention_Shared'), 'resourceType', variables('resourceAbbreviations').resourceGroups), 'location', variables('locations')[parameters('locationControlPlane')].abbreviation))]", - "resourceGroupGlobalWorkspace": "[format('{0}-avd-globalWorkspace', replace(replace(variables('namingConvention_Global'), 'resourceType', variables('resourceAbbreviations').resourceGroups), 'location', variables('locations')[parameters('locationControlPlane')].abbreviation))]", - "resourceGroupHosts": "[format('{0}-avd-sessionHosts', replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').resourceGroups), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation))]", - "resourceGroupManagement": "[format('{0}-avd-management', replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').resourceGroups), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation))]", + "recoveryServicesVaultName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').recoveryServicesVaults), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "recoveryServicesVaultNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), variables('resourceAbbreviations').recoveryServicesVaults), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "recoveryServicesVaultPrivateEndpointName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), variables('resourceAbbreviations').recoveryServicesVaults), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "resourceGroupControlPlane": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'controlPlane'), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "resourceGroupFeedWorkspace": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'feedWorkspace'), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "resourceGroupGlobalWorkspace": "[replace(replace(replace(variables('namingConvention_Global'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'globalWorkspace'), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "resourceGroupHosts": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'sessionHosts'), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "resourceGroupManagement": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'management'), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", "resourceGroupsNetwork": [ - "[format('{0}-avd-network', replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').resourceGroups), 'location', variables('locations')[parameters('locationControlPlane')].abbreviation))]", - "[format('{0}-avd-network', replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').resourceGroups), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation))]" + "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'network'), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'network'), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" ], - "resourceGroupStorage": "[format('{0}-avd-profileStorage', replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').resourceGroups), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation))]", + "resourceGroupStorage": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'profileStorage'), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", "routeTables": [ - "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').routeTables), 'location', variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').routeTables), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" + "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').routeTables), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').routeTables), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" ], - "storageAccountNamePrefix": "[replace(replace(replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').storageAccounts), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentShortName'), first(parameters('environmentShortName'))), '-', '')]", - "userAssignedIdentityNamePrefix": "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').userAssignedIdentities), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "virtualMachineNamePrefix": "[replace(replace(replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').virtualMachines), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentShortName'), first(parameters('environmentShortName'))), '-', '')]", + "storageAccountNamePrefix": "[replace(replace(replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').storageAccounts), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentShortName'), first(parameters('environmentShortName'))), '-', '')]", + "storageAccountNetworkInterfaceNamePrefix": "[replace(replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), variables('resourceAbbreviations').storageAccounts), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentShortName'), first(parameters('environmentShortName')))]", + "storageAccountPrivateEndpointNamePrefix": "[replace(replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), variables('resourceAbbreviations').storageAccounts), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentShortName'), first(parameters('environmentShortName')))]", + "userAssignedIdentityNamePrefix": "[replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').userAssignedIdentities), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", + "virtualMachineNamePrefix": "[replace(replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').virtualMachines), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentShortName'), first(parameters('environmentShortName'))), '-', '')]", "virtualNetworkNames": [ - "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').virtualNetworks), 'location', variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "[replace(replace(variables('namingConvention'), 'resourceType', variables('resourceAbbreviations').virtualNetworks), 'location', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" + "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').virtualNetworks), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').virtualNetworks), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" ], - "workspaceFeedNamePrefix": "[replace(replace(variables('namingConvention_Shared'), 'resourceType', variables('resourceAbbreviations').workspaces), 'location', variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceGlobalNamePrefix": "[replace(replace(variables('namingConvention_Global'), 'resourceType', variables('resourceAbbreviations').workspaces), 'location', variables('locations')[parameters('locationControlPlane')].abbreviation)]" + "workspaceFeedDiagnosticSettingName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diagnosticSettings), variables('serviceName'), format('feed-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "workspaceFeedName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), format('feed-{0}', variables('resourceAbbreviations').workspaces)), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "workspaceFeedNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), format('feed-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "workspaceFeedPrivateEndpointName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), format('feed-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "workspaceGlobalName": "[replace(replace(replace(variables('namingConvention_Global'), variables('resourceAbbreviation'), format('global-{0}', variables('resourceAbbreviations').workspaces)), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "workspaceGlobalNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention_Global'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), format('global-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", + "workspaceGlobalPrivateEndpointName": "[replace(replace(replace(variables('namingConvention_Global'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), format('global-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]" }, "resources": [], "outputs": { @@ -1093,10 +1116,22 @@ "type": "string", "value": "[variables('agentSvcPrivateDnsZoneName')]" }, + "automationAccountDiagnosticSettingName": { + "type": "string", + "value": "[variables('automationAccountDiagnosticSettingName')]" + }, "automationAccountName": { "type": "string", "value": "[variables('automationAccountName')]" }, + "automationAccountNetworkInterfaceName": { + "type": "string", + "value": "[variables('automationAccountNetworkInterfaceName')]" + }, + "automationAccountPrivateEndpointName": { + "type": "string", + "value": "[variables('automationAccountPrivateEndpointName')]" + }, "availabilitySetNamePrefix": { "type": "string", "value": "[variables('availabilitySetNamePrefix')]" @@ -1153,18 +1188,38 @@ "type": "object", "value": "[variables('fileShareNames')]" }, + "hostPoolDiagnosticSettingName": { + "type": "string", + "value": "[variables('hostPoolDiagnosticSettingName')]" + }, "hostPoolName": { "type": "string", "value": "[variables('hostPoolName')]" }, + "hostPoolNetworkInterfaceName": { + "type": "string", + "value": "[variables('hostPoolNetworkInterfaceName')]" + }, + "hostPoolPrivateEndpointName": { + "type": "string", + "value": "[variables('hostPoolPrivateEndpointName')]" + }, "keyVaultName": { "type": "string", "value": "[variables('keyVaultName')]" }, + "keyVaultNetworkInterfaceName": { + "type": "string", + "value": "[variables('keyVaultNetworkInterfaceName')]" + }, "keyVaultPrivateDnsZoneName": { "type": "string", "value": "[variables('keyVaultPrivateDnsZoneName')]" }, + "keyVaultPrivateEndpointName": { + "type": "string", + "value": "[variables('keyVaultPrivateEndpointName')]" + }, "locations": { "type": "object", "value": "[variables('locations')]" @@ -1197,6 +1252,10 @@ "type": "string", "value": "[variables('networkInterfaceNamePrefix')]" }, + "networkName": { + "type": "string", + "value": "[variables('networkName')]" + }, "networkSecurityGroupNames": { "type": "array", "value": "[variables('networkSecurityGroupNames')]" @@ -1209,6 +1268,14 @@ "type": "string", "value": "[variables('recoveryServicesVaultName')]" }, + "recoveryServicesVaultNetworkInterfaceName": { + "type": "string", + "value": "[variables('recoveryServicesVaultNetworkInterfaceName')]" + }, + "recoveryServicesVaultPrivateEndpointName": { + "type": "string", + "value": "[variables('recoveryServicesVaultPrivateEndpointName')]" + }, "resourceAbbreviations": { "type": "object", "value": "[variables('resourceAbbreviations')]" @@ -1245,10 +1312,22 @@ "type": "array", "value": "[variables('routeTables')]" }, + "serviceName": { + "type": "string", + "value": "[variables('serviceName')]" + }, "storageAccountNamePrefix": { "type": "string", "value": "[variables('storageAccountNamePrefix')]" }, + "storageAccountNetworkInterfaceNamePrefix": { + "type": "string", + "value": "[variables('storageAccountNetworkInterfaceNamePrefix')]" + }, + "storageAccountPrivateEndpointNamePrefix": { + "type": "string", + "value": "[variables('storageAccountPrivateEndpointNamePrefix')]" + }, "userAssignedIdentityNamePrefix": { "type": "string", "value": "[variables('userAssignedIdentityNamePrefix')]" @@ -1261,13 +1340,33 @@ "type": "array", "value": "[variables('virtualNetworkNames')]" }, - "workspaceFeedNamePrefix": { + "workspaceFeedDiagnosticSettingName": { "type": "string", - "value": "[variables('workspaceFeedNamePrefix')]" + "value": "[variables('workspaceFeedDiagnosticSettingName')]" }, - "workspaceGlobalNamePrefix": { + "workspaceFeedName": { "type": "string", - "value": "[variables('workspaceGlobalNamePrefix')]" + "value": "[variables('workspaceFeedName')]" + }, + "workspaceFeedNetworkInterfaceName": { + "type": "string", + "value": "[variables('workspaceFeedNetworkInterfaceName')]" + }, + "workspaceFeedPrivateEndpointName": { + "type": "string", + "value": "[variables('workspaceFeedPrivateEndpointName')]" + }, + "workspaceGlobalName": { + "type": "string", + "value": "[variables('workspaceGlobalName')]" + }, + "workspaceGlobalNetworkInterfaceName": { + "type": "string", + "value": "[variables('workspaceGlobalNetworkInterfaceName')]" + }, + "workspaceGlobalPrivateEndpointName": { + "type": "string", + "value": "[variables('workspaceGlobalPrivateEndpointName')]" } } } @@ -2737,12 +2836,21 @@ "artifactsUri": { "value": "[variables('artifactsUri')]" }, + "automationAccountDiagnosticSettingName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.automationAccountDiagnosticSettingName.value]" + }, "automationAccountName": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.automationAccountName.value]" }, + "automationAccountNetworkInterfaceName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.automationAccountNetworkInterfaceName.value]" + }, "automationAccountPrivateDnsZoneResourceId": { "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.azureAutomationPrivateDnsZoneName.value)]" }, + "automationAccountPrivateEndpointName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.automationAccountPrivateEndpointName.value]" + }, "availability": { "value": "[parameters('availability')]" }, @@ -2800,15 +2908,18 @@ "imageDefinitionResourceId": { "value": "[parameters('imageDefinitionResourceId')]" }, - "keyVaultAbbreviation": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceAbbreviations.value.keyVaults]" - }, "keyVaultName": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.keyVaultName.value]" }, + "keyVaultNetworkInterfaceName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.keyVaultNetworkInterfaceName.value]" + }, "keyVaultPrivateDnsZoneResourceId": { "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.keyVaultPrivateDnsZoneName.value)]" }, + "keyVaultPrivateEndpointName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.keyVaultPrivateEndpointName.value]" + }, "locationVirtualMachines": { "value": "[parameters('locationVirtualMachines')]" }, @@ -2824,6 +2935,9 @@ "networkInterfaceNamePrefix": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.networkInterfaceNamePrefix.value]" }, + "networkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.networkName.value]" + }, "organizationalUnitPath": { "value": "[parameters('organizationalUnitPath')]" }, @@ -2836,6 +2950,12 @@ "recoveryServicesVaultName": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.recoveryServicesVaultName.value]" }, + "recoveryServicesVaultNetworkInterfaceName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.recoveryServicesVaultNetworkInterfaceName.value]" + }, + "recoveryServicesVaultPrivateEndpointName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.recoveryServicesVaultPrivateEndpointName.value]" + }, "resourceGroupControlPlane": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceGroupControlPlane.value]" }, @@ -2860,6 +2980,9 @@ "securityLogAnalyticsWorkspaceResourceId": { "value": "[parameters('securityLogAnalyticsWorkspaceResourceId')]" }, + "serviceName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.serviceName.value]" + }, "sessionHostCount": { "value": "[parameters('sessionHostCount')]" }, @@ -2894,8 +3017,8 @@ "virtualMachineUsername": { "value": "[parameters('virtualMachineUsername')]" }, - "workspaceNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.workspaceFeedNamePrefix.value]" + "workspaceFeedName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.workspaceFeedName.value]" } }, "template": { @@ -2905,7 +3028,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "18151695860303397598" + "templateHash": "11487646520353594492" } }, "parameters": { @@ -2918,12 +3041,21 @@ "artifactsStorageAccountResourceId": { "type": "string" }, + "automationAccountDiagnosticSettingName": { + "type": "string" + }, "automationAccountName": { "type": "string" }, + "automationAccountNetworkInterfaceName": { + "type": "string" + }, "automationAccountPrivateDnsZoneResourceId": { "type": "string" }, + "automationAccountPrivateEndpointName": { + "type": "string" + }, "availability": { "type": "string" }, @@ -2981,15 +3113,18 @@ "imageDefinitionResourceId": { "type": "string" }, - "keyVaultAbbreviation": { - "type": "string" - }, "keyVaultName": { "type": "string" }, + "keyVaultNetworkInterfaceName": { + "type": "string" + }, "keyVaultPrivateDnsZoneResourceId": { "type": "string" }, + "keyVaultPrivateEndpointName": { + "type": "string" + }, "locationVirtualMachines": { "type": "string" }, @@ -3005,6 +3140,9 @@ "networkInterfaceNamePrefix": { "type": "string" }, + "networkName": { + "type": "string" + }, "organizationalUnitPath": { "type": "string" }, @@ -3017,6 +3155,12 @@ "recoveryServicesVaultName": { "type": "string" }, + "recoveryServicesVaultNetworkInterfaceName": { + "type": "string" + }, + "recoveryServicesVaultPrivateEndpointName": { + "type": "string" + }, "resourceGroupControlPlane": { "type": "string" }, @@ -3041,6 +3185,9 @@ "securityLogAnalyticsWorkspaceResourceId": { "type": "string" }, + "serviceName": { + "type": "string" + }, "sessionHostCount": { "type": "int" }, @@ -3077,7 +3224,7 @@ "virtualMachineSize": { "type": "string" }, - "workspaceNamePrefix": { + "workspaceFeedName": { "type": "string" } }, @@ -3308,7 +3455,7 @@ "value": "[parameters('locationVirtualMachines')]" }, "name": { - "value": "[format('{0}-deployment', parameters('userAssignedIdentityNamePrefix'))]" + "value": "[replace(parameters('userAssignedIdentityNamePrefix'), parameters('serviceName'), 'deployment')]" }, "tags": "[if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), createObject('value', parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities']), createObject('value', createObject()))]" }, @@ -3442,6 +3589,9 @@ "resourceGroupManagement": { "value": "[parameters('resourceGroupManagement')]" }, + "serviceName": { + "value": "[parameters('serviceName')]" + }, "storageAccountName": { "value": "[split(parameters('artifactsStorageAccountResourceId'), '/')[8]]" }, @@ -3465,7 +3615,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "4306236320133689635" + "templateHash": "7286915926579855408" } }, "parameters": { @@ -3475,6 +3625,9 @@ "resourceGroupManagement": { "type": "string" }, + "serviceName": { + "type": "string" + }, "storageAccountName": { "type": "string" }, @@ -3492,7 +3645,7 @@ } }, "variables": { - "name": "[format('{0}-artifacts', parameters('userAssignedIdentityNamePrefix'))]", + "name": "[replace(parameters('userAssignedIdentityNamePrefix'), parameters('serviceName'), 'artifacts')]", "roleDefinitionId": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1" }, "resources": [ @@ -3609,18 +3762,24 @@ "environment": { "value": "[parameters('environmentShortName')]" }, - "keyVaultAbbreviation": { - "value": "[parameters('keyVaultAbbreviation')]" - }, "keyVaultName": { "value": "[parameters('keyVaultName')]" }, + "keyVaultNetworkInterfaceName": { + "value": "[parameters('keyVaultNetworkInterfaceName')]" + }, "keyVaultPrivateDnsZoneResourceId": { "value": "[parameters('keyVaultPrivateDnsZoneResourceId')]" }, + "keyVaultPrivateEndpointName": { + "value": "[parameters('keyVaultPrivateEndpointName')]" + }, "location": { "value": "[parameters('locationVirtualMachines')]" }, + "serviceName": { + "value": "[parameters('serviceName')]" + }, "subnetResourceId": { "value": "[parameters('subnetResourceId')]" }, @@ -3641,7 +3800,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "8624045572124550938" + "templateHash": "3854212705952648622" } }, "parameters": { @@ -3652,10 +3811,13 @@ "environment": { "type": "string" }, - "keyVaultAbbreviation": { + "keyVaultName": { "type": "string" }, - "keyVaultName": { + "keyVaultNetworkInterfaceName": { + "type": "string" + }, + "keyVaultPrivateEndpointName": { "type": "string" }, "keyVaultPrivateDnsZoneResourceId": { @@ -3664,6 +3826,9 @@ "location": { "type": "string" }, + "serviceName": { + "type": "string" + }, "subnetResourceId": { "type": "string" }, @@ -3709,14 +3874,14 @@ { "type": "Microsoft.Network/privateEndpoints", "apiVersion": "2023-04-01", - "name": "[replace(parameters('keyVaultName'), parameters('keyVaultAbbreviation'), format('{0}-pe', parameters('keyVaultAbbreviation')))]", + "name": "[parameters('keyVaultPrivateEndpointName')]", "location": "[parameters('location')]", "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject())]", "properties": { - "customNetworkInterfaceName": "[replace(parameters('keyVaultName'), parameters('keyVaultAbbreviation'), format('{0}-nic', parameters('keyVaultAbbreviation')))]", + "customNetworkInterfaceName": "[parameters('keyVaultNetworkInterfaceName')]", "privateLinkServiceConnections": [ { - "name": "[replace(parameters('keyVaultName'), parameters('keyVaultAbbreviation'), format('{0}-nic', parameters('keyVaultAbbreviation')))]", + "name": "[parameters('keyVaultPrivateEndpointName')]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]", "groupIds": [ @@ -3736,7 +3901,7 @@ { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2021-08-01", - "name": "[format('{0}/{1}', replace(parameters('keyVaultName'), parameters('keyVaultAbbreviation'), format('{0}-pe', parameters('keyVaultAbbreviation'))), parameters('keyVaultName'))]", + "name": "[format('{0}/{1}', parameters('keyVaultPrivateEndpointName'), parameters('keyVaultName'))]", "properties": { "privateDnsZoneConfigs": [ { @@ -3748,7 +3913,7 @@ ] }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', replace(parameters('keyVaultName'), parameters('keyVaultAbbreviation'), format('{0}-pe', parameters('keyVaultAbbreviation'))))]" + "[resourceId('Microsoft.Network/privateEndpoints', parameters('keyVaultPrivateEndpointName'))]" ] }, { @@ -3841,7 +4006,7 @@ "value": "[parameters('location')]" }, "name": { - "value": "[format('{0}-encryption', parameters('userAssignedIdentityNamePrefix'))]" + "value": "[replace(parameters('userAssignedIdentityNamePrefix'), parameters('serviceName'), 'encryption')]" }, "tags": "[if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), createObject('value', parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities']), createObject('value', createObject()))]" }, @@ -4183,12 +4348,18 @@ "networkInterfaceNamePrefix": { "value": "[parameters('networkInterfaceNamePrefix')]" }, + "networkName": { + "value": "[parameters('networkName')]" + }, "organizationalUnitPath": { "value": "[parameters('organizationalUnitPath')]" }, "securityLogAnalyticsWorkspaceResourceId": { "value": "[parameters('securityLogAnalyticsWorkspaceResourceId')]" }, + "serviceName": { + "value": "[parameters('serviceName')]" + }, "subnet": { "value": "[split(parameters('subnetResourceId'), '/')[10]]" }, @@ -4220,7 +4391,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "1082833111773432320" + "templateHash": "4264665942068044388" } }, "parameters": { @@ -4260,12 +4431,18 @@ "networkInterfaceNamePrefix": { "type": "string" }, + "networkName": { + "type": "string" + }, "organizationalUnitPath": { "type": "string" }, "securityLogAnalyticsWorkspaceResourceId": { "type": "string" }, + "serviceName": { + "type": "string" + }, "subnet": { "type": "string" }, @@ -4299,12 +4476,12 @@ } }, "variables": { - "networkInterfaceName": "[format('{0}mgt', parameters('networkInterfaceNamePrefix'))]", + "networkInterfaceName": "[replace(parameters('networkInterfaceNamePrefix'), parameters('serviceName'), 'mgt-vm')]", "securitylogAnalyticsWorkspaceName": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[8], '')]", "securityLogAnalyticsWorkspaceResourceGroupName": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[4], resourceGroup().name)]", "securityLogAnalyticsWorkspaceSubscriptionId": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[2], subscription().subscriptionId)]", "securityMonitoring": "[if(empty(parameters('securityLogAnalyticsWorkspaceResourceId')), false(), true())]", - "virtualMachineName": "[format('{0}mgt', parameters('virtualMachineNamePrefix'))]" + "virtualMachineName": "[replace(replace(parameters('virtualMachineNamePrefix'), parameters('serviceName'), 'mgt'), parameters('networkName'), '')]" }, "resources": [ { @@ -4359,7 +4536,7 @@ }, "storageAccountType": "[parameters('diskSku')]" }, - "name": "[format('{0}mgt', parameters('diskNamePrefix'))]" + "name": "[replace(parameters('diskNamePrefix'), parameters('serviceName'), 'mgt-vm')]" }, "dataDisks": [] }, @@ -4662,7 +4839,7 @@ "value": "[parameters('locationVirtualMachines')]" }, "parameters": { - "value": "[format('-ActiveDirectorySolution {0} -CpuCountMax {1} -CpuCountMin {2} -DomainName {3} -Environment {4} -ImageDefinitionResourceId {5} -Location {6} -SessionHostCount {7} -StorageService {8} -SubscriptionId {9} -TenantId {10} -UserAssignedIdentityClientId {11} -VirtualMachineSize {12} -VirtualNetworkName {13} -VirtualNetworkResourceGroupName {14} -WorkspaceNamePrefix {15} -WorkspaceResourceGroupName {16}', parameters('activeDirectorySolution'), variables('CpuCountMax'), variables('CpuCountMin'), if(empty(parameters('domainName')), 'NotApplicable', parameters('domainName')), environment().name, if(empty(parameters('imageDefinitionResourceId')), 'NotApplicable', parameters('imageDefinitionResourceId')), parameters('locationVirtualMachines'), parameters('sessionHostCount'), parameters('storageService'), subscription().subscriptionId, tenant().tenantId, reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value, parameters('virtualMachineSize'), variables('VirtualNetworkName'), variables('VirtualNetworkResourceGroupName'), parameters('workspaceNamePrefix'), parameters('resourceGroupFeedWorkspace'))]" + "value": "[format('-ActiveDirectorySolution {0} -CpuCountMax {1} -CpuCountMin {2} -DomainName {3} -Environment {4} -ImageDefinitionResourceId {5} -Location {6} -SessionHostCount {7} -StorageService {8} -SubscriptionId {9} -TenantId {10} -UserAssignedIdentityClientId {11} -VirtualMachineSize {12} -VirtualNetworkName {13} -VirtualNetworkResourceGroupName {14} -WorkspaceFeedName {15} -WorkspaceResourceGroupName {16}', parameters('activeDirectorySolution'), variables('CpuCountMax'), variables('CpuCountMin'), if(empty(parameters('domainName')), 'NotApplicable', parameters('domainName')), environment().name, if(empty(parameters('imageDefinitionResourceId')), 'NotApplicable', parameters('imageDefinitionResourceId')), parameters('locationVirtualMachines'), parameters('sessionHostCount'), parameters('storageService'), subscription().subscriptionId, tenant().tenantId, reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value, parameters('virtualMachineSize'), variables('VirtualNetworkName'), variables('VirtualNetworkResourceGroupName'), parameters('workspaceFeedName'), parameters('resourceGroupFeedWorkspace'))]" }, "scriptFileName": { "value": "Get-Validations.ps1" @@ -5394,12 +5571,21 @@ }, "mode": "Incremental", "parameters": { + "automationAccountDiagnosticSettingName": { + "value": "[parameters('automationAccountDiagnosticSettingName')]" + }, "automationAccountName": { "value": "[parameters('automationAccountName')]" }, + "automationAccountNetworkInterfaceName": { + "value": "[parameters('automationAccountNetworkInterfaceName')]" + }, "automationAccountPrivateDnsZoneResourceId": { "value": "[parameters('automationAccountPrivateDnsZoneResourceId')]" }, + "automationAccountPrivateEndpointName": { + "value": "[parameters('automationAccountPrivateEndpointName')]" + }, "location": { "value": "[parameters('locationVirtualMachines')]" }, @@ -5422,16 +5608,25 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "1888008991553556693" + "templateHash": "9305165629139725573" } }, "parameters": { + "automationAccountDiagnosticSettingName": { + "type": "string" + }, "automationAccountName": { "type": "string" }, + "automationAccountNetworkInterfaceName": { + "type": "string" + }, "automationAccountPrivateDnsZoneResourceId": { "type": "string" }, + "automationAccountPrivateEndpointName": { + "type": "string" + }, "location": { "type": "string" }, @@ -5451,9 +5646,6 @@ "type": "string" } }, - "variables": { - "privateEndpointName": "[format('pe-{0}-DSCAndHybridWorker', parameters('automationAccountName'))]" - }, "resources": [ { "type": "Microsoft.Automation/automationAccounts", @@ -5473,14 +5665,14 @@ { "type": "Microsoft.Network/privateEndpoints", "apiVersion": "2023-04-01", - "name": "[variables('privateEndpointName')]", + "name": "[parameters('automationAccountPrivateEndpointName')]", "location": "[parameters('location')]", "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject())]", "properties": { - "customNetworkInterfaceName": "[format('nic-{0}-DSCAndHybridWorker', parameters('automationAccountName'))]", + "customNetworkInterfaceName": "[parameters('automationAccountNetworkInterfaceName')]", "privateLinkServiceConnections": [ { - "name": "[variables('privateEndpointName')]", + "name": "[parameters('automationAccountPrivateEndpointName')]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]", "groupIds": [ @@ -5500,7 +5692,7 @@ { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', variables('privateEndpointName'), 'default')]", + "name": "[format('{0}/{1}', parameters('automationAccountPrivateEndpointName'), 'default')]", "properties": { "privateDnsZoneConfigs": [ { @@ -5512,7 +5704,7 @@ ] }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]" + "[resourceId('Microsoft.Network/privateEndpoints', parameters('automationAccountPrivateEndpointName'))]" ] }, { @@ -5559,7 +5751,7 @@ "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", "scope": "[format('Microsoft.Automation/automationAccounts/{0}', parameters('automationAccountName'))]", - "name": "[format('diag-{0}', parameters('automationAccountName'))]", + "name": "[parameters('automationAccountDiagnosticSettingName')]", "properties": { "logs": [ { @@ -5625,6 +5817,12 @@ "recoveryServicesVaultName": { "value": "[parameters('recoveryServicesVaultName')]" }, + "recoveryServicesVaultNetworkInterfaceName": { + "value": "[parameters('recoveryServicesVaultNetworkInterfaceName')]" + }, + "recoveryServicesVaultPrivateEndpointName": { + "value": "[parameters('recoveryServicesVaultPrivateEndpointName')]" + }, "storageService": { "value": "[parameters('storageService')]" }, @@ -5645,7 +5843,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "17055881954608987962" + "templateHash": "9227895649697979582" } }, "parameters": { @@ -5667,6 +5865,12 @@ "recoveryServicesVaultName": { "type": "string" }, + "recoveryServicesVaultNetworkInterfaceName": { + "type": "string" + }, + "recoveryServicesVaultPrivateEndpointName": { + "type": "string" + }, "storageService": { "type": "string" }, @@ -5769,14 +5973,14 @@ { "type": "Microsoft.Network/privateEndpoints", "apiVersion": "2023-04-01", - "name": "[format('pe-{0}', parameters('recoveryServicesVaultName'))]", + "name": "[parameters('recoveryServicesVaultPrivateEndpointName')]", "location": "[parameters('location')]", "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject())]", "properties": { - "customNetworkInterfaceName": "[format('nic-{0}', parameters('recoveryServicesVaultName'))]", + "customNetworkInterfaceName": "[parameters('recoveryServicesVaultNetworkInterfaceName')]", "privateLinkServiceConnections": [ { - "name": "[format('pe-{0}', parameters('recoveryServicesVaultName'))]", + "name": "[parameters('recoveryServicesVaultPrivateEndpointName')]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.RecoveryServices/vaults', parameters('recoveryServicesVaultName'))]", "groupIds": [ @@ -5796,7 +6000,7 @@ { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2021-08-01", - "name": "[format('{0}/{1}', format('pe-{0}', parameters('recoveryServicesVaultName')), parameters('recoveryServicesVaultName'))]", + "name": "[format('{0}/{1}', parameters('recoveryServicesVaultPrivateEndpointName'), parameters('recoveryServicesVaultName'))]", "properties": { "privateDnsZoneConfigs": [ { @@ -5820,7 +6024,7 @@ ] }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', format('pe-{0}', parameters('recoveryServicesVaultName')))]", + "[resourceId('Microsoft.Network/privateEndpoints', parameters('recoveryServicesVaultPrivateEndpointName'))]", "[resourceId('Microsoft.RecoveryServices/vaults', parameters('recoveryServicesVaultName'))]" ] } @@ -5956,8 +6160,14 @@ "timestamp": { "value": "[parameters('timestamp')]" }, - "workspaceNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.workspaceGlobalNamePrefix.value]" + "workspaceGlobalName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.workspaceGlobalName.value]" + }, + "workspaceGlobalNetworkInterfaceName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.workspaceGlobalNetworkInterfaceName.value]" + }, + "workspaceGlobalPrivateEndpointName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.workspaceGlobalPrivateEndpointName.value]" } }, "template": { @@ -5967,7 +6177,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "12762424075807203193" + "templateHash": "16994066886051906021" } }, "parameters": { @@ -5986,7 +6196,13 @@ "timestamp": { "type": "string" }, - "workspaceNamePrefix": { + "workspaceGlobalName": { + "type": "string" + }, + "workspaceGlobalNetworkInterfaceName": { + "type": "string" + }, + "workspaceGlobalPrivateEndpointName": { "type": "string" } }, @@ -6108,8 +6324,14 @@ "subnetResourceId": { "value": "[parameters('hubSubnetResourceId')]" }, - "workspaceNamePrefix": { - "value": "[parameters('workspaceNamePrefix')]" + "workspaceGlobalName": { + "value": "[parameters('workspaceGlobalName')]" + }, + "workspaceGlobalNetworkInterfaceName": { + "value": "[parameters('workspaceGlobalNetworkInterfaceName')]" + }, + "workspaceGlobalPrivateEndpointName": { + "value": "[parameters('workspaceGlobalPrivateEndpointName')]" } }, "template": { @@ -6119,7 +6341,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "6673684744673325063" + "templateHash": "8489341796708766292" } }, "parameters": { @@ -6132,19 +6354,21 @@ "subnetResourceId": { "type": "string" }, - "workspaceNamePrefix": { + "workspaceGlobalName": { + "type": "string" + }, + "workspaceGlobalNetworkInterfaceName": { + "type": "string" + }, + "workspaceGlobalPrivateEndpointName": { "type": "string" } }, - "variables": { - "globalWorkspaceName": "[format('{0}-global', parameters('workspaceNamePrefix'))]", - "privateEndpointName": "[format('pe-{0}', variables('globalWorkspaceName'))]" - }, "resources": [ { "type": "Microsoft.DesktopVirtualization/workspaces", "apiVersion": "2023-09-05", - "name": "[variables('globalWorkspaceName')]", + "name": "[parameters('workspaceGlobalName')]", "location": "[parameters('location')]", "tags": {}, "properties": {} @@ -6152,16 +6376,16 @@ { "type": "Microsoft.Network/privateEndpoints", "apiVersion": "2023-04-01", - "name": "[variables('privateEndpointName')]", + "name": "[parameters('workspaceGlobalPrivateEndpointName')]", "location": "[parameters('location')]", "tags": {}, "properties": { - "customNetworkInterfaceName": "[format('nic-{0}', variables('globalWorkspaceName'))]", + "customNetworkInterfaceName": "[parameters('workspaceGlobalNetworkInterfaceName')]", "privateLinkServiceConnections": [ { - "name": "[variables('privateEndpointName')]", + "name": "[parameters('workspaceGlobalPrivateEndpointName')]", "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/workspaces', variables('globalWorkspaceName'))]", + "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceGlobalName'))]", "groupIds": [ "global" ] @@ -6173,13 +6397,13 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/workspaces', variables('globalWorkspaceName'))]" + "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceGlobalName'))]" ] }, { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', variables('privateEndpointName'), 'default')]", + "name": "[format('{0}/{1}', parameters('workspaceGlobalPrivateEndpointName'), 'default')]", "properties": { "privateDnsZoneConfigs": [ { @@ -6191,7 +6415,7 @@ ] }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]" + "[resourceId('Microsoft.Network/privateEndpoints', parameters('workspaceGlobalPrivateEndpointName'))]" ] } ] @@ -6245,9 +6469,18 @@ "existingFeedWorkspace": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.existingFeedWorkspace.value]" }, + "hostPoolDiagnosticSettingName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.hostPoolDiagnosticSettingName.value]" + }, "hostPoolName": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.hostPoolName.value]" }, + "hostPoolNetworkInterfaceName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.hostPoolNetworkInterfaceName.value]" + }, + "hostPoolPrivateEndpointName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.hostPoolPrivateEndpointName.value]" + }, "hostPoolPublicNetworkAccess": { "value": "[parameters('hostPoolPublicNetworkAccess')]" }, @@ -6300,12 +6533,21 @@ "vmTemplate": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.vmTemplate.value]" }, + "workspaceFeedDiagnoticSettingName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.workspaceFeedDiagnosticSettingName.value]" + }, + "workspaceFeedName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.workspaceFeedName.value]" + }, + "workspaceFeedNetworkInterfaceName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.workspaceFeedNetworkInterfaceName.value]" + }, + "workspaceFeedPrivateEndpointName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.workspaceFeedPrivateEndpointName.value]" + }, "workspaceFriendlyName": { "value": "[parameters('workspaceFriendlyName')]" }, - "workspaceNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.workspaceFeedNamePrefix.value]" - }, "workspacePublicNetworkAccess": { "value": "[parameters('workspacePublicNetworkAccess')]" } @@ -6317,7 +6559,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "6802657512862564486" + "templateHash": "13352333195132125801" } }, "parameters": { @@ -6345,9 +6587,18 @@ "existingFeedWorkspace": { "type": "bool" }, + "hostPoolDiagnosticSettingName": { + "type": "string" + }, "hostPoolName": { "type": "string" }, + "hostPoolNetworkInterfaceName": { + "type": "string" + }, + "hostPoolPrivateEndpointName": { + "type": "string" + }, "hostPoolPublicNetworkAccess": { "type": "string" }, @@ -6405,7 +6656,16 @@ "workspaceFriendlyName": { "type": "string" }, - "workspaceNamePrefix": { + "workspaceFeedName": { + "type": "string" + }, + "workspaceFeedDiagnoticSettingName": { + "type": "string" + }, + "workspaceFeedNetworkInterfaceName": { + "type": "string" + }, + "workspaceFeedPrivateEndpointName": { "type": "string" }, "workspacePublicNetworkAccess": { @@ -6433,9 +6693,18 @@ "customRdpProperty": { "value": "[parameters('customRdpProperty')]" }, + "hostPoolDiagnosticSettingName": { + "value": "[parameters('hostPoolDiagnosticSettingName')]" + }, "hostPoolName": { "value": "[parameters('hostPoolName')]" }, + "hostPoolNetworkInterfaceName": { + "value": "[parameters('hostPoolNetworkInterfaceName')]" + }, + "hostPoolPrivateEndpointName": { + "value": "[parameters('hostPoolPrivateEndpointName')]" + }, "hostPoolPublicNetworkAccess": { "value": "[parameters('hostPoolPublicNetworkAccess')]" }, @@ -6474,7 +6743,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "12762592848284809417" + "templateHash": "12706840297032042457" } }, "parameters": { @@ -6487,9 +6756,18 @@ "customRdpProperty": { "type": "string" }, + "hostPoolDiagnosticSettingName": { + "type": "string" + }, "hostPoolName": { "type": "string" }, + "hostPoolNetworkInterfaceName": { + "type": "string" + }, + "hostPoolPrivateEndpointName": { + "type": "string" + }, "hostPoolPublicNetworkAccess": { "type": "string" }, @@ -6552,8 +6830,7 @@ "category": "AgentHealthStatus", "enabled": true } - ], - "privateEndpointName": "[format('pe-{0}', parameters('hostPoolName'))]" + ] }, "resources": [ { @@ -6582,14 +6859,14 @@ { "type": "Microsoft.Network/privateEndpoints", "apiVersion": "2023-04-01", - "name": "[variables('privateEndpointName')]", + "name": "[parameters('hostPoolPrivateEndpointName')]", "location": "[parameters('location')]", "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, resourceGroup().name, parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()))]", "properties": { - "customNetworkInterfaceName": "[format('nic-{0}', parameters('hostPoolName'))]", + "customNetworkInterfaceName": "[parameters('hostPoolNetworkInterfaceName')]", "privateLinkServiceConnections": [ { - "name": "[variables('privateEndpointName')]", + "name": "[parameters('hostPoolPrivateEndpointName')]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostPoolName'))]", "groupIds": [ @@ -6609,7 +6886,7 @@ { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', variables('privateEndpointName'), 'default')]", + "name": "[format('{0}/{1}', parameters('hostPoolPrivateEndpointName'), 'default')]", "properties": { "privateDnsZoneConfigs": [ { @@ -6621,7 +6898,7 @@ ] }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]" + "[resourceId('Microsoft.Network/privateEndpoints', parameters('hostPoolPrivateEndpointName'))]" ] }, { @@ -6629,7 +6906,7 @@ "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", "scope": "[format('Microsoft.DesktopVirtualization/hostPools/{0}', parameters('hostPoolName'))]", - "name": "[format('diag-{0}', parameters('hostPoolName'))]", + "name": "[parameters('hostPoolDiagnosticSettingName')]", "properties": { "logs": "[variables('hostPoolLogs')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]" @@ -6967,8 +7244,17 @@ "virtualMachineName": { "value": "[parameters('managementVirtualMachineName')]" }, - "workspaceNamePrefix": { - "value": "[parameters('workspaceNamePrefix')]" + "workspaceFeedDiagnoticSettingName": { + "value": "[parameters('workspaceFeedDiagnoticSettingName')]" + }, + "workspaceFeedName": { + "value": "[parameters('workspaceFeedName')]" + }, + "workspaceFeedNetworkInterfaceName": { + "value": "[parameters('workspaceFeedNetworkInterfaceName')]" + }, + "workspaceFeedPrivateEndpointName": { + "value": "[parameters('workspaceFeedPrivateEndpointName')]" }, "workspacePublicNetworkAccess": { "value": "[parameters('workspacePublicNetworkAccess')]" @@ -6981,7 +7267,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "5126346577469036138" + "templateHash": "6899448606452743793" } }, "parameters": { @@ -7033,23 +7319,28 @@ "virtualMachineName": { "type": "string" }, - "workspaceNamePrefix": { + "workspaceFeedDiagnoticSettingName": { + "type": "string" + }, + "workspaceFeedName": { + "type": "string" + }, + "workspaceFeedNetworkInterfaceName": { + "type": "string" + }, + "workspaceFeedPrivateEndpointName": { "type": "string" }, "workspacePublicNetworkAccess": { "type": "string" } }, - "variables": { - "feedWorkspaceName": "[format('{0}-feed', parameters('workspaceNamePrefix'))]", - "privateEndpointName": "[format('pe-{0}', variables('feedWorkspaceName'))]" - }, "resources": [ { "condition": "[not(parameters('existing'))]", "type": "Microsoft.DesktopVirtualization/workspaces", "apiVersion": "2023-09-05", - "name": "[variables('feedWorkspaceName')]", + "name": "[parameters('workspaceFeedName')]", "location": "[parameters('locationControlPlane')]", "tags": {}, "properties": { @@ -7062,16 +7353,16 @@ "condition": "[not(parameters('existing'))]", "type": "Microsoft.Network/privateEndpoints", "apiVersion": "2023-04-01", - "name": "[variables('privateEndpointName')]", + "name": "[parameters('workspaceFeedPrivateEndpointName')]", "location": "[parameters('locationControlPlane')]", "tags": {}, "properties": { - "customNetworkInterfaceName": "[format('nic-{0}', variables('feedWorkspaceName'))]", + "customNetworkInterfaceName": "[parameters('workspaceFeedNetworkInterfaceName')]", "privateLinkServiceConnections": [ { - "name": "[variables('privateEndpointName')]", + "name": "[parameters('workspaceFeedPrivateEndpointName')]", "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/workspaces', variables('feedWorkspaceName'))]", + "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceFeedName'))]", "groupIds": [ "feed" ] @@ -7083,14 +7374,14 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/workspaces', variables('feedWorkspaceName'))]" + "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceFeedName'))]" ] }, { "condition": "[not(parameters('existing'))]", "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', variables('privateEndpointName'), 'default')]", + "name": "[format('{0}/{1}', parameters('workspaceFeedPrivateEndpointName'), 'default')]", "properties": { "privateDnsZoneConfigs": [ { @@ -7102,15 +7393,15 @@ ] }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]" + "[resourceId('Microsoft.Network/privateEndpoints', parameters('workspaceFeedPrivateEndpointName'))]" ] }, { "condition": "[and(not(parameters('existing')), parameters('monitoring'))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.DesktopVirtualization/workspaces/{0}', variables('feedWorkspaceName'))]", - "name": "[format('diag-{0}', variables('feedWorkspaceName'))]", + "scope": "[format('Microsoft.DesktopVirtualization/workspaces/{0}', parameters('workspaceFeedName'))]", + "name": "[parameters('workspaceFeedDiagnoticSettingName')]", "properties": { "logs": [ { @@ -7133,7 +7424,7 @@ "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]" }, "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/workspaces', variables('feedWorkspaceName'))]" + "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceFeedName'))]" ] }, { @@ -7157,7 +7448,7 @@ "value": "[parameters('locationVirtualMachines')]" }, "parameters": { - "value": "[format('-ApplicationGroupReferences \"{0}\" -Environment {1} -ResourceGroupName {2} -SubscriptionId {3} -TenantId {4} -UserAssignedIdentityClientId {5} -WorkspaceName {6}', parameters('applicationGroupReferences'), environment().name, resourceGroup().name, subscription().subscriptionId, tenant().tenantId, parameters('deploymentUserAssignedIdentityClientId'), variables('feedWorkspaceName'))]" + "value": "[format('-ApplicationGroupReferences \"{0}\" -Environment {1} -ResourceGroupName {2} -SubscriptionId {3} -TenantId {4} -UserAssignedIdentityClientId {5} -WorkspaceName {6}', parameters('applicationGroupReferences'), environment().name, resourceGroup().name, subscription().subscriptionId, tenant().tenantId, parameters('deploymentUserAssignedIdentityClientId'), parameters('workspaceFeedName'))]" }, "scriptFileName": { "value": "Update-AvdWorkspace.ps1" @@ -7371,12 +7662,21 @@ "securityPrincipalObjectIds": { "value": "[map(parameters('securityPrincipals'), lambda('item', lambdaVariables('item').objectId))]" }, + "serviceName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.serviceName.value]" + }, "smbServerLocation": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.smbServerLocation.value]" }, "storageAccountNamePrefix": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageAccountNamePrefix.value]" }, + "storageAccountNetworkInterfaceNamePrefix": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageAccountNetworkInterfaceNamePrefix.value]" + }, + "storageAccountPrivateEndpointNamePrefix": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageAccountPrivateEndpointNamePrefix.value]" + }, "storageCount": { "value": "[parameters('storageCount')]" }, @@ -7412,7 +7712,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "5718452863906302578" + "templateHash": "1645915380599848712" } }, "parameters": { @@ -7515,12 +7815,21 @@ "securityPrincipalNames": { "type": "array" }, + "serviceName": { + "type": "string" + }, "smbServerLocation": { "type": "string" }, "storageAccountNamePrefix": { "type": "string" }, + "storageAccountNetworkInterfaceNamePrefix": { + "type": "string" + }, + "storageAccountPrivateEndpointNamePrefix": { + "type": "string" + }, "storageCount": { "type": "int" }, @@ -8000,9 +8309,18 @@ "securityPrincipalObjectIds": { "value": "[parameters('securityPrincipalObjectIds')]" }, + "serviceName": { + "value": "[parameters('serviceName')]" + }, "storageAccountNamePrefix": { "value": "[parameters('storageAccountNamePrefix')]" }, + "storageAccountNetworkInterfaceNamePrefix": { + "value": "[parameters('storageAccountNetworkInterfaceNamePrefix')]" + }, + "storageAccountPrivateEndpointNamePrefix": { + "value": "[parameters('storageAccountPrivateEndpointNamePrefix')]" + }, "storageCount": { "value": "[parameters('storageCount')]" }, @@ -8056,7 +8374,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "14793803037488919131" + "templateHash": "16191274975352947860" } }, "parameters": { @@ -8135,10 +8453,19 @@ "securityPrincipalNames": { "type": "array" }, + "serviceName": { + "type": "string" + }, "storageAccountNamePrefix": { "type": "string", "minLength": 3 }, + "storageAccountNetworkInterfaceNamePrefix": { + "type": "string" + }, + "storageAccountPrivateEndpointNamePrefix": { + "type": "string" + }, "storageCount": { "type": "int" }, @@ -8302,14 +8629,14 @@ }, "type": "Microsoft.Network/privateEndpoints", "apiVersion": "2023-04-01", - "name": "[format('pe-{0}{1}-file', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", + "name": "[format('{0}-{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", "location": "[parameters('location')]", "tags": "[parameters('tagsPrivateEndpoints')]", "properties": { - "customNetworkInterfaceName": "[format('nic-{0}{1}-file', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", + "customNetworkInterfaceName": "[format('{0}-{1}', replace(parameters('storageAccountNetworkInterfaceNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", "privateLinkServiceConnections": [ { - "name": "[format('pe-{0}', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]", + "name": "[format('{0}-{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]", "groupIds": [ @@ -8323,7 +8650,6 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]", "[resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]" ] }, @@ -8334,7 +8660,7 @@ }, "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2021-08-01", - "name": "[format('{0}/{1}', format('pe-{0}{1}-file', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')), format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0')))]", + "name": "[format('{0}/{1}', format('{0}-{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')), format('{0}-{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0')))]", "properties": { "privateDnsZoneConfigs": [ { @@ -8346,7 +8672,7 @@ ] }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', format('pe-{0}{1}-file', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]", + "[resourceId('Microsoft.Network/privateEndpoints', format('{0}-{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]", "storageAccounts" ] }, @@ -9392,6 +9718,9 @@ "networkInterfaceNamePrefix": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.networkInterfaceNamePrefix.value]" }, + "networkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.networkName.value]" + }, "organizationalUnitPath": { "value": "[parameters('organizationalUnitPath')]" }, @@ -9434,6 +9763,9 @@ "securityLogAnalyticsWorkspaceResourceId": { "value": "[parameters('securityLogAnalyticsWorkspaceResourceId')]" }, + "serviceName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('ResourceNames_{0}', parameters('timestamp'))), '2022-09-01').outputs.serviceName.value]" + }, "sessionHostBatchCount": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.sessionHostBatchCount.value]" }, @@ -9493,7 +9825,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "5923296477539659124" + "templateHash": "18296710262110720449" } }, "parameters": { @@ -9617,6 +9949,9 @@ "networkInterfaceNamePrefix": { "type": "string" }, + "networkName": { + "type": "string" + }, "organizationalUnitPath": { "type": "string" }, @@ -9665,6 +10000,9 @@ "securityLogAnalyticsWorkspaceResourceId": { "type": "string" }, + "serviceName": { + "type": "string" + }, "sessionHostBatchCount": { "type": "int" }, @@ -9993,6 +10331,9 @@ "networkInterfaceNamePrefix": { "value": "[parameters('networkInterfaceNamePrefix')]" }, + "networkName": { + "value": "[parameters('networkName')]" + }, "organizationalUnitPath": { "value": "[parameters('organizationalUnitPath')]" }, @@ -10005,6 +10346,9 @@ "securityLogAnalyticsWorkspaceResourceId": { "value": "[parameters('securityLogAnalyticsWorkspaceResourceId')]" }, + "serviceName": { + "value": "[parameters('serviceName')]" + }, "sessionHostCount": "[if(and(equals(range(1, parameters('sessionHostBatchCount'))[copyIndex()], parameters('sessionHostBatchCount')), greater(parameters('divisionRemainderValue'), 0)), createObject('value', parameters('divisionRemainderValue')), createObject('value', parameters('maxResourcesPerTemplateDeployment')))]", "sessionHostIndex": "[if(equals(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), createObject('value', parameters('sessionHostIndex')), createObject('value', add(mul(sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('maxResourcesPerTemplateDeployment')), parameters('sessionHostIndex'))))]", "storageAccountPrefix": { @@ -10063,7 +10407,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "17511805322486017859" + "templateHash": "3246449610762803212" } }, "parameters": { @@ -10172,6 +10516,9 @@ "networkInterfaceNamePrefix": { "type": "string" }, + "networkName": { + "type": "string" + }, "organizationalUnitPath": { "type": "string" }, @@ -10184,6 +10531,9 @@ "securityLogAnalyticsWorkspaceResourceId": { "type": "string" }, + "serviceName": { + "type": "string" + }, "sessionHostCount": { "type": "int" }, @@ -10278,7 +10628,8 @@ "securitylogAnalyticsWorkspaceName": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[8], '')]", "securityLogAnalyticsWorkspaceResourceGroupName": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[4], resourceGroup().name)]", "securityLogAnalyticsWorkspaceSubscriptionId": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[2], subscription().subscriptionId)]", - "securityMonitoring": "[if(empty(parameters('securityLogAnalyticsWorkspaceResourceId')), false(), true())]" + "securityMonitoring": "[if(empty(parameters('securityLogAnalyticsWorkspaceResourceId')), false(), true())]", + "sessionHostNamePrefix": "[replace(parameters('virtualMachineNamePrefix'), format('{0}{1}', parameters('serviceName'), parameters('networkName')), '')]" }, "resources": [ { @@ -10288,7 +10639,7 @@ }, "type": "Microsoft.Network/networkInterfaces", "apiVersion": "2020-05-01", - "name": "[format('{0}{1}', parameters('networkInterfaceNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", + "name": "[format('{0}-{1}', replace(parameters('networkInterfaceNamePrefix'), format('-{0}', parameters('serviceName')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", "location": "[parameters('location')]", "tags": "[parameters('tagsNetworkInterfaces')]", "properties": { @@ -10316,7 +10667,7 @@ }, "type": "Microsoft.Compute/virtualMachines", "apiVersion": "2021-03-01", - "name": "[format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", + "name": "[format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", "location": "[parameters('location')]", "tags": "[parameters('tagsVirtualMachines')]", "zones": "[if(equals(parameters('availability'), 'AvailabilityZones'), createArray(parameters('availabilityZones')[mod(range(0, parameters('sessionHostCount'))[copyIndex()], length(parameters('availabilityZones')))]), null())]", @@ -10334,7 +10685,7 @@ "storageProfile": { "imageReference": "[variables('imageReference')]", "osDisk": { - "name": "[format('{0}{1}', parameters('diskNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", + "name": "[format('{0}-{1}', replace(parameters('diskNamePrefix'), format('-{0}', parameters('serviceName')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", "osType": "Windows", "createOption": "FromImage", "caching": "ReadWrite", @@ -10349,7 +10700,7 @@ "dataDisks": [] }, "osProfile": { - "computerName": "[format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", + "computerName": "[format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", "adminUsername": "[parameters('virtualMachineUsername')]", "adminPassword": "[parameters('virtualMachinePassword')]", "windowsConfiguration": { @@ -10362,7 +10713,7 @@ "networkProfile": { "networkInterfaces": [ { - "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}{1}', parameters('networkInterfaceNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0')))]", + "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}-{1}', replace(parameters('networkInterfaceNamePrefix'), format('-{0}', parameters('serviceName')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]", "properties": { "deleteOption": "Delete" } @@ -10395,7 +10746,7 @@ }, "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'IaaSAntimalware')]", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'IaaSAntimalware')]", "location": "[parameters('location')]", "tags": "[parameters('tagsVirtualMachines')]", "properties": { @@ -10417,7 +10768,7 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" ] }, { @@ -10427,7 +10778,7 @@ }, "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'GuestAttestation')]", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'GuestAttestation')]", "location": "[parameters('location')]", "properties": { "publisher": "Microsoft.Azure.Security.WindowsAttestation", @@ -10450,7 +10801,7 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" ] }, { @@ -10461,7 +10812,7 @@ "condition": "[and(parameters('monitoring'), equals(parameters('virtualMachineMonitoringAgent'), 'LogAnalyticsAgent'))]", "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'MicrosoftmonitoringAgent')]", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'MicrosoftmonitoringAgent')]", "location": "[parameters('location')]", "tags": "[parameters('tagsVirtualMachines')]", "properties": { @@ -10478,7 +10829,7 @@ }, "dependsOn": [ "extension_IaasAntimalware", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" ] }, { @@ -10489,7 +10840,7 @@ "condition": "[and(parameters('monitoring'), equals(parameters('virtualMachineMonitoringAgent'), 'AzureMonitorAgent'))]", "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'AzureMonitorWindowsAgent')]", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'AzureMonitorWindowsAgent')]", "location": "[parameters('location')]", "tags": "[parameters('tagsVirtualMachines')]", "properties": { @@ -10500,7 +10851,7 @@ "enableAutomaticUpgrade": true }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" ] }, { @@ -10511,7 +10862,7 @@ "condition": "[and(parameters('monitoring'), equals(parameters('virtualMachineMonitoringAgent'), 'AzureMonitorAgent'))]", "type": "Microsoft.Insights/dataCollectionRuleAssociations", "apiVersion": "2022-06-01", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]", + "scope": "[format('Microsoft.Compute/virtualMachines/{0}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]", "name": "[parameters('dataCollectionRuleAssociationName')]", "properties": { "dataCollectionRuleId": "[parameters('dataCollectionRuleResourceId')]", @@ -10519,7 +10870,7 @@ }, "dependsOn": [ "extension_AzureMonitorWindowsAgent", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" ] }, { @@ -10529,7 +10880,7 @@ }, "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'CustomScriptExtension')]", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'CustomScriptExtension')]", "location": "[parameters('location')]", "tags": "[parameters('tagsVirtualMachines')]", "properties": { @@ -10555,7 +10906,7 @@ "dependsOn": [ "dataCollectionRuleAssociation", "extension_MicrosoftMonitoringAgent", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" ] }, { @@ -10566,7 +10917,7 @@ "condition": "[contains(parameters('activeDirectorySolution'), 'DomainServices')]", "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'JsonADDomainExtension')]", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'JsonADDomainExtension')]", "location": "[parameters('location')]", "tags": "[parameters('tagsVirtualMachines')]", "properties": { @@ -10588,7 +10939,7 @@ }, "dependsOn": [ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CSE_DrainMode_{0}_{1}', parameters('batchCount'), parameters('timestamp')))]", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" ] }, { @@ -10599,7 +10950,7 @@ "condition": "[not(contains(parameters('activeDirectorySolution'), 'DomainServices'))]", "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'AADLoginForWindows')]", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'AADLoginForWindows')]", "location": "[parameters('location')]", "tags": "[parameters('tagsVirtualMachines')]", "properties": { @@ -10611,7 +10962,7 @@ }, "dependsOn": [ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CSE_DrainMode_{0}_{1}', parameters('batchCount'), parameters('timestamp')))]", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" ] }, { @@ -10622,7 +10973,7 @@ "condition": "[variables('amdVmSize')]", "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'AmdGpuDriverWindows')]", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'AmdGpuDriverWindows')]", "location": "[parameters('location')]", "tags": "[parameters('tagsVirtualMachines')]", "properties": { @@ -10635,7 +10986,7 @@ "dependsOn": [ "extension_AADLoginForWindows", "extension_JsonADDomainExtension", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" ] }, { @@ -10646,7 +10997,7 @@ "condition": "[variables('nvidiaVmSize')]", "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'NvidiaGpuDriverWindows')]", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'NvidiaGpuDriverWindows')]", "location": "[parameters('location')]", "tags": "[parameters('tagsVirtualMachines')]", "properties": { @@ -10659,7 +11010,7 @@ "dependsOn": [ "extension_AADLoginForWindows", "extension_JsonADDomainExtension", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" ] }, { @@ -10683,7 +11034,7 @@ "value": "[parameters('location')]" }, "parameters": { - "value": "[format('-Environment {0} -hostPoolName {1} -HostPoolResourceGroupName {2} -sessionHostCount {3} -sessionHostIndex {4} -SubscriptionId {5} -TenantId {6} -userAssignedidentityClientId {7} -virtualMachineNamePrefix {8}', environment().name, parameters('hostPoolName'), parameters('resourceGroupControlPlane'), parameters('sessionHostCount'), parameters('sessionHostIndex'), subscription().subscriptionId, tenant().tenantId, parameters('deploymentUserAssignedidentityClientId'), parameters('virtualMachineNamePrefix'))]" + "value": "[format('-Environment {0} -hostPoolName {1} -HostPoolResourceGroupName {2} -sessionHostCount {3} -sessionHostIndex {4} -SubscriptionId {5} -TenantId {6} -userAssignedidentityClientId {7} -virtualMachineNamePrefix {8}', environment().name, parameters('hostPoolName'), parameters('resourceGroupControlPlane'), parameters('sessionHostCount'), parameters('sessionHostIndex'), subscription().subscriptionId, tenant().tenantId, parameters('deploymentUserAssignedidentityClientId'), variables('sessionHostNamePrefix'))]" }, "scriptFileName": { "value": "Set-AvdDrainMode.ps1" @@ -11415,7 +11766,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "4860825122605188209" + "templateHash": "5188961463339385653" } }, "parameters": { @@ -11471,7 +11822,7 @@ "_generator": { "name": "bicep", "version": "0.25.3.34343", - "templateHash": "4526223439767657363" + "templateHash": "17437045261025244626" } }, "parameters": { @@ -11521,7 +11872,7 @@ } ], "source": { - "script": " param(\n [string]$Environment,\n [string]$ResourceGroupName,\n [string]$SubscriptionId,\n [string]$TenantId,\n [string]$UserAssignedIdentityClientId,\n [string]$VirtualMachineName\n )\n Start-Sleep -Seconds 30\n Connect-AzAccount -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId -Identity -AccountId $UserAssignedIdentityClientId\n Remove-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -NoWait -Force\n " + "script": " param(\r\n [string]$Environment,\r\n [string]$ResourceGroupName,\r\n [string]$SubscriptionId,\r\n [string]$TenantId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$VirtualMachineName\r\n )\r\n Start-Sleep -Seconds 30\r\n Connect-AzAccount -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId -Identity -AccountId $UserAssignedIdentityClientId\r\n Remove-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -NoWait -Force\r\n " } } } diff --git a/src/bicep/core/hub-customer-managed-keys.bicep b/src/bicep/core/hub-customer-managed-keys.bicep index d4a7fcd7..1e94988d 100644 --- a/src/bicep/core/hub-customer-managed-keys.bicep +++ b/src/bicep/core/hub-customer-managed-keys.bicep @@ -6,9 +6,10 @@ Licensed under the MIT License. param diskEncryptionSetName string param deploymentNameSuffix string param keyVaultName string +param keyVaultNetworkInterfaceName string param keyVaultPrivateDnsZoneResourceId string +param keyVaultPrivateEndpointName string param location string -param resourcePrefix string param subnetResourceId string param tags object param userAssignedIdentityName string @@ -17,9 +18,10 @@ module keyVault '../modules/key-vault.bicep' = { name: 'deploy-key-vault-${deploymentNameSuffix}' params: { keyVaultName: keyVaultName + keyVaultNetworkInterfaceName: keyVaultNetworkInterfaceName keyVaultPrivateDnsZoneResourceId: keyVaultPrivateDnsZoneResourceId + keyVaultPrivateEndpointName: keyVaultPrivateEndpointName location: location - resourcePrefix: resourcePrefix subnetResourceId: subnetResourceId tags: tags } diff --git a/src/bicep/core/hub-storage.bicep b/src/bicep/core/hub-storage.bicep index 5c3ee701..43403481 100644 --- a/src/bicep/core/hub-storage.bicep +++ b/src/bicep/core/hub-storage.bicep @@ -7,8 +7,10 @@ param blobsPrivateDnsZoneResourceId string param keyVaultUri string param logStorageAccountName string param logStorageSkuName string +param logStorageAccountNetworkInterfaceNamePrefix string +param logStorageAccountPrivateEndpointNamePrefix string param location string -param resourcePrefix string +param serviceToken string param storageEncryptionKeyName string param subnetResourceId string param tablesPrivateDnsZoneResourceId string @@ -19,16 +21,18 @@ module storageAccount '../modules/storage-account.bicep' = { name: 'storage' params: { blobsPrivateDnsZoneResourceId: blobsPrivateDnsZoneResourceId - userAssignedIdentityResourceId: userAssignedIdentityResourceId keyVaultUri: keyVaultUri location: location - resourcePrefix: resourcePrefix + serviceToken: serviceToken skuName: logStorageSkuName storageAccountName: logStorageAccountName + storageAccountNetworkInterfaceNamePrefix: logStorageAccountNetworkInterfaceNamePrefix + storageAccountPrivateEndpointNamePrefix: logStorageAccountPrivateEndpointNamePrefix storageEncryptionKeyName: storageEncryptionKeyName subnetResourceId: subnetResourceId tablesPrivateDnsZoneResourceId: tablesPrivateDnsZoneResourceId tags: tags + userAssignedIdentityResourceId: userAssignedIdentityResourceId } } diff --git a/src/bicep/core/spoke-storage.bicep b/src/bicep/core/spoke-storage.bicep index a3851e9e..beab6bf5 100644 --- a/src/bicep/core/spoke-storage.bicep +++ b/src/bicep/core/spoke-storage.bicep @@ -7,8 +7,10 @@ param blobsPrivateDnsZoneResourceId string param keyVaultUri string param location string param logStorageAccountName string +param logStorageAccountNetworkInterfaceNamePrefix string +param logStorageAccountPrivateEndpointNamePrefix string param logStorageSkuName string -param resourcePrefix string +param serviceToken string param storageEncryptionKeyName string param subnetResourceId string param tablesPrivateDnsZoneResourceId string @@ -21,9 +23,11 @@ module storageAccount '../modules/storage-account.bicep' = { blobsPrivateDnsZoneResourceId: blobsPrivateDnsZoneResourceId keyVaultUri: keyVaultUri location: location - resourcePrefix: resourcePrefix + serviceToken: serviceToken skuName: logStorageSkuName storageAccountName: logStorageAccountName + storageAccountNetworkInterfaceNamePrefix: logStorageAccountNetworkInterfaceNamePrefix + storageAccountPrivateEndpointNamePrefix: logStorageAccountPrivateEndpointNamePrefix storageEncryptionKeyName: storageEncryptionKeyName subnetResourceId: subnetResourceId tablesPrivateDnsZoneResourceId: tablesPrivateDnsZoneResourceId diff --git a/src/bicep/data/locations.json b/src/bicep/data/locations.json index f23d4d08..06f20c9e 100644 --- a/src/bicep/data/locations.json +++ b/src/bicep/data/locations.json @@ -23,6 +23,12 @@ "recoveryServicesGeo": "bjb2", "timeDifference": "+8:00", "timeZone": "China Standard Time" + }, + "chinanorth3": { + "abbreviation": "cnn3", + "recoveryServicesGeo": "", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" } }, "AzureCloud": { @@ -176,6 +182,12 @@ "timeDifference": "+9:00", "timeZone": "Korea Standard Time" }, + "newzealandnorth": { + "abbreviation": "nzn", + "recoveryServicesGeo": "", + "timeDifference": "+13:00", + "timeZone": "New Zealand Standard Time" + }, "northcentralus": { "abbreviation": "usnc", "recoveryServicesGeo": "ncus", diff --git a/src/bicep/add-ons/azureVirtualDesktop/data/resourceAbbreviations.json b/src/bicep/data/resourceAbbreviations.json similarity index 60% rename from src/bicep/add-ons/azureVirtualDesktop/data/resourceAbbreviations.json rename to src/bicep/data/resourceAbbreviations.json index c2ebdf04..562d3456 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/data/resourceAbbreviations.json +++ b/src/bicep/data/resourceAbbreviations.json @@ -1,26 +1,28 @@ { "automationAccounts": "aa", - "availabilitySets": "as", + "availabilitySets": "avail", "dataCollectionRuleAssociations": "dcra", "dataCollectionRules": "dcr", - "desktopApplicationGroups": "dag", + "desktopApplicationGroups": "vdag", + "diagnosticSettings": "diag", "diskAccesses": "da", - "remoteApplicationGroups": "rag", - "disks": "disk", "diskEncryptionSets": "des", - "hostPools": "hp", + "disks": "disk", + "hostPools": "vdpool", "keyVaults": "kv", - "logAnalyticsWorkspaces": "law", + "logAnalyticsWorkspaces": "log", "netAppAccounts": "naa", "netAppCapacityPools": "nacp", "networkInterfaces": "nic", "networkSecurityGroups": "nsg", + "privateEndpoints": "pe", "recoveryServicesVaults": "rsv", + "remoteApplicationGroups": "vdag", "resourceGroups": "rg", "routeTables": "rt", - "storageAccounts": "sa", - "userAssignedIdentities": "uai", + "storageAccounts": "st", + "userAssignedIdentities": "id", "virtualMachines": "vm", "virtualNetworks": "vnet", - "workspaces": "ws" + "workspaces": "vdws" } \ No newline at end of file diff --git a/src/bicep/form/mlz.portal.json b/src/bicep/form/mlz.portal.json index 1f0ce3d6..bffd3624 100644 --- a/src/bicep/form/mlz.portal.json +++ b/src/bicep/form/mlz.portal.json @@ -234,11 +234,11 @@ } }, { - "name": "resourceSuffix", - "label": "Resource Naming Suffix", + "name": "environmentAbbreviation", + "label": "Environment Abbreviation", "type": "Microsoft.Common.DropDown", "defaultValue": "dev", - "toolTip": "Select a resource naming suffix to append to all resources.", + "toolTip": "Select an abbreviation for the target environment. This value will be used as a component in the naming convention.", "multiselect": false, "selectAll": false, "filter": true, @@ -248,17 +248,17 @@ "allowedValues": [ { "label": "dev", - "description": "Select if you want to append 'dev' to your resources.", + "description": "Development", "value": "dev" }, { "label": "test", - "description": "Select if you want to append 'test' to your resources.", + "description": "Test", "value": "test" }, { "label": "prod", - "description": "Select if you want to append 'prod' to your resources.", + "description": "Production", "value": "prod" } ], @@ -1063,7 +1063,7 @@ "operationsVirtualNetworkAddressPrefix": "[steps('networking').operationsVirtualNetwork.virtualNetworkAddressCidrRange]", "policy": "[steps('compliance').policySection.policy]", "resourcePrefix": "[steps('basics').namingSection.resourcePrefix]", - "resourceSuffix": "[steps('basics').namingSection.resourceSuffix]", + "environmentAbbreviation": "[steps('basics').namingSection.environmentAbbreviation]", "sharedServicesSubnetAddressPrefix": "[steps('networking').sharedServicesVirtualNetwork.subnetAddressCidrRange]", "sharedServicesSubscriptionId": "[replace(steps('basics').sharedServicesSection.sharedServicesSubscriptionId, '/subscriptions/', '')]", "sharedServicesVirtualNetworkAddressPrefix": "[steps('networking').sharedServicesVirtualNetwork.virtualNetworkAddressCidrRange]", diff --git a/src/bicep/mlz.bicep b/src/bicep/mlz.bicep index 9a32638e..8f90ab90 100644 --- a/src/bicep/mlz.bicep +++ b/src/bicep/mlz.bicep @@ -22,10 +22,13 @@ targetScope = 'subscription' @description('A prefix, 3-6 alphanumeric characters without whitespace, used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces') param resourcePrefix string -@minLength(3) -@maxLength(6) -@description('A suffix, 3 to 6 characters in length, to append to resource names (e.g. "dev", "test", "prod", "mlz"). It defaults to "mlz".') -param resourceSuffix string = 'mlz' +@allowed([ + 'dev' + 'prod' + 'test' +]) +@description('The abbreviation for the environment.') +param environmentAbbreviation string = 'dev' @description('The subscription ID for the Hub Network and resources. It defaults to the deployment subscription.') param hubSubscriptionId string = subscription().subscriptionId @@ -513,7 +516,7 @@ param emailSecurityContact string = '' Here we define a naming conventions for resources. - First, we take `resourcePrefix` and `resourceSuffix` by params. + First, we take `resourcePrefix` and `environmentAbbreviation` by params. Then, using string interpolation "${}", we insert those values into a naming convention. */ @@ -521,8 +524,9 @@ param emailSecurityContact string = '' var locations = (loadJsonContent('data/locations.json'))[environment().name] var locationAbbreviation = locations[location].abbreviation var resourceToken = 'resource_token' -var nameToken = 'name_token' -var namingConvention = '${toLower(resourcePrefix)}-${resourceToken}-${nameToken}-${toLower(resourceSuffix)}-${locationAbbreviation}' +var serviceToken = 'service_token' +var networkToken = 'network_token' +var namingConvention = '${toLower(resourcePrefix)}-${resourceToken}-${serviceToken}-${networkToken}-${environmentAbbreviation}-${locationAbbreviation}' /* @@ -534,7 +538,7 @@ var namingConvention = '${toLower(resourcePrefix)}-${resourceToken}-${nameToken} `storageAccountNamingConvention` is a unique naming convention: In an effort to reduce the likelihood of naming collisions, - we replace `unique_token` with a uniqueString() calculated by resourcePrefix, resourceSuffix, and the subscription ID + we replace `unique_token` with a uniqueString() calculated by resourcePrefix, environmentAbbreviation, and the subscription ID */ @@ -545,18 +549,20 @@ var diskEncryptionSetNamingConvention = replace(namingConvention, resourceToken, var diskNamingConvention = replace(namingConvention, resourceToken, 'disk') var firewallNamingConvention = replace(namingConvention, resourceToken, 'afw') var firewallPolicyNamingConvention = replace(namingConvention, resourceToken, 'afwp') -var keyVaultNamingConvention = '${replace(replace(namingConvention, resourceToken, 'kv'), '-', '')}unique_token' var ipConfigurationNamingConvention = replace(namingConvention, resourceToken, 'ipconf') +var keyVaultNamingConvention = '${replace(replace(namingConvention, resourceToken, 'kv'), '-', '')}unique_token' var logAnalyticsWorkspaceNamingConvention = replace(namingConvention, resourceToken, 'log') var networkInterfaceNamingConvention = replace(namingConvention, resourceToken, 'nic') var networkSecurityGroupNamingConvention = replace(namingConvention, resourceToken, 'nsg') var networkWatcherNamingConvention = replace(namingConvention, resourceToken, 'nw') +var privateEndpointNamingConvention = replace(namingConvention, resourceToken, 'pe') +var privateLinkScopeName = replace(namingConvention, resourceToken, 'pls') var publicIpAddressNamingConvention = replace(namingConvention, resourceToken, 'pip') var resourceGroupNamingConvention = replace(namingConvention, resourceToken, 'rg') var routeTableNamingConvention = replace(namingConvention, resourceToken, 'rt') var storageAccountNamingConvention = toLower('${replace(replace(namingConvention, resourceToken, 'st'), '-', '')}unique_token') var subnetNamingConvention = replace(namingConvention, resourceToken, 'snet') -var userAssignedIdentityNamingConvention = replace(namingConvention, resourceToken, 'uaid') +var userAssignedIdentityNamingConvention = replace(namingConvention, resourceToken, 'id') var virtualMachineNamingConvention = replace(namingConvention, resourceToken, 'vm') var virtualNetworkNamingConvention = replace(namingConvention, resourceToken, 'vnet') @@ -564,73 +570,85 @@ var virtualNetworkNamingConvention = replace(namingConvention, resourceToken, 'v var hubName = 'hub' var hubShortName = 'hub' -var hubDiskEncryptionSetName = replace(diskEncryptionSetNamingConvention, nameToken, hubName) +var hubDiskEncryptionSetName = replace(replace(diskEncryptionSetNamingConvention, '-${serviceToken}', ''), networkToken, hubName) var hubKeyVaultName = take(hubKeyVaultUniqueName, 24) -var hubKeyVaultShortName = replace(keyVaultNamingConvention, nameToken, hubShortName) -var hubKeyVaultUniqueName = replace(hubKeyVaultShortName, 'unique_token', uniqueString(resourcePrefix, resourceSuffix, hubSubscriptionId)) +var hubKeyVaultNetworkInterfaceName = replace(replace(networkInterfaceNamingConvention, serviceToken, 'kv'), networkToken, hubName) +var hubKeyVaultPrivateEndpointName = replace(replace(privateEndpointNamingConvention, serviceToken, 'kv'), networkToken, hubName) +var hubKeyVaultShortName = replace(replace(keyVaultNamingConvention, serviceToken, ''), networkToken, hubShortName) +var hubKeyVaultUniqueName = replace(hubKeyVaultShortName, 'unique_token', uniqueString(resourcePrefix, environmentAbbreviation, hubSubscriptionId)) var hubLogStorageAccountName = take(hubLogStorageAccountUniqueName, 24) -var hubLogStorageAccountShortName = replace(storageAccountNamingConvention, nameToken, hubShortName) -var hubLogStorageAccountUniqueName = replace(hubLogStorageAccountShortName, 'unique_token', uniqueString(resourcePrefix, resourceSuffix, hubSubscriptionId)) -var hubNetworkWatcherName = replace(networkWatcherNamingConvention, nameToken, hubName) -var hubNetworkSecurityGroupName = replace(networkSecurityGroupNamingConvention, nameToken, hubName) -var hubResourceGroupName = replace(resourceGroupNamingConvention, nameToken, hubName) -var hubRouteTableName = replace(routeTableNamingConvention, nameToken, hubName) -var hubSubnetName = replace(subnetNamingConvention, nameToken, hubName) -var hubUserAssignedIdentityName = replace(userAssignedIdentityNamingConvention, nameToken, hubName) -var hubVirtualNetworkName = replace(virtualNetworkNamingConvention, nameToken, hubName) +var hubLogStorageAccountNetworkInterfaceNamePrefix = replace(replace(networkInterfaceNamingConvention, serviceToken, '${serviceToken}-st'), networkToken, hubName) +var hubLogStorageAccountPrivateEndpointNamePrefix = replace(replace(privateEndpointNamingConvention, serviceToken, '${serviceToken}-st'), networkToken, hubName) +var hubLogStorageAccountShortName = replace(replace(storageAccountNamingConvention, serviceToken, ''), networkToken, hubShortName) +var hubLogStorageAccountUniqueName = replace(hubLogStorageAccountShortName, 'unique_token', uniqueString(resourcePrefix, environmentAbbreviation, hubSubscriptionId)) +var hubNetworkWatcherName = replace(replace(networkWatcherNamingConvention, '-${serviceToken}', ''), networkToken, hubName) +var hubNetworkSecurityGroupName = replace(replace(networkSecurityGroupNamingConvention, '-${serviceToken}', ''), networkToken, hubName) +var hubResourceGroupName = replace(replace(resourceGroupNamingConvention, '-${serviceToken}', ''), networkToken, hubName) +var hubRouteTableName = replace(replace(routeTableNamingConvention, '-${serviceToken}', ''), networkToken, hubName) +var hubSubnetName = replace(replace(subnetNamingConvention, '-${serviceToken}', ''), networkToken, hubName) +var hubUserAssignedIdentityName = replace(replace(userAssignedIdentityNamingConvention, '-${serviceToken}', ''), networkToken, hubName) +var hubVirtualNetworkName = replace(replace(virtualNetworkNamingConvention, '-${serviceToken}', ''), networkToken, hubName) // IDENTITY NAMES var identityName = 'identity' var identityShortName = 'id' var identityLogStorageAccountName = take(identityLogStorageAccountUniqueName, 24) -var identityLogStorageAccountShortName = replace(storageAccountNamingConvention, nameToken, identityShortName) -var identityLogStorageAccountUniqueName = replace(identityLogStorageAccountShortName, 'unique_token', uniqueString(resourcePrefix, resourceSuffix, identitySubscriptionId)) -var identityNetworkSecurityGroupName = replace(networkSecurityGroupNamingConvention, nameToken, identityName) -var identityResourceGroupName = replace(resourceGroupNamingConvention, nameToken, identityName) -var identityRouteTableName = replace(routeTableNamingConvention, nameToken, identityName) -var identitySubnetName = replace(subnetNamingConvention, nameToken, identityName) -var identityVirtualNetworkName = replace(virtualNetworkNamingConvention, nameToken, identityName) +var identityLogStorageAccountNetworkInterfaceName = replace(replace(networkInterfaceNamingConvention, serviceToken, '${serviceToken}-st'), networkToken, identityName) +var identityLogStorageAccountPrivateEndpointName = replace(replace(privateEndpointNamingConvention, serviceToken, '${serviceToken}-st'), networkToken, identityName) +var identityLogStorageAccountShortName = replace(replace(storageAccountNamingConvention, serviceToken, ''), networkToken, identityShortName) +var identityLogStorageAccountUniqueName = replace(identityLogStorageAccountShortName, 'unique_token', uniqueString(resourcePrefix, environmentAbbreviation, identitySubscriptionId)) +var identityNetworkSecurityGroupName = replace(replace(networkSecurityGroupNamingConvention, '-${serviceToken}', ''), networkToken, identityName) +var identityResourceGroupName = replace(replace(resourceGroupNamingConvention, '-${serviceToken}', ''), networkToken, identityName) +var identityRouteTableName = replace(replace(routeTableNamingConvention, '-${serviceToken}', ''), networkToken, identityName) +var identitySubnetName = replace(replace(subnetNamingConvention, '-${serviceToken}', ''), networkToken, identityName) +var identityVirtualNetworkName = replace(replace(virtualNetworkNamingConvention, '-${serviceToken}', ''), networkToken, identityName) // OPERATIONS NAMES var operationsName = 'operations' var operationsShortName = 'ops' var operationsLogStorageAccountName = take(operationsLogStorageAccountUniqueName, 24) -var operationsLogStorageAccountShortName = replace(storageAccountNamingConvention, nameToken, operationsShortName) -var operationsLogStorageAccountUniqueName = replace(operationsLogStorageAccountShortName, 'unique_token', uniqueString(resourcePrefix, resourceSuffix, operationsSubscriptionId)) -var operationsNetworkSecurityGroupName = replace(networkSecurityGroupNamingConvention, nameToken, operationsName) -var operationsResourceGroupName = replace(resourceGroupNamingConvention, nameToken, operationsName) -var operationsRouteTableName = replace(routeTableNamingConvention, nameToken, operationsName) -var operationsSubnetName = replace(subnetNamingConvention, nameToken, operationsName) - -var operationsVirtualNetworkName = replace(virtualNetworkNamingConvention, nameToken, operationsName) +var operationsLogStorageAccountNetworkInterfaceName = replace(replace(networkInterfaceNamingConvention, serviceToken, '${serviceToken}-st'), networkToken, operationsName) +var operationsLogStorageAccountPrivateEndpointName = replace(replace(privateEndpointNamingConvention, serviceToken, '${serviceToken}-st'), networkToken, operationsName) +var operationsLogStorageAccountShortName = replace(replace(storageAccountNamingConvention, serviceToken, ''), networkToken, operationsShortName) +var operationsLogStorageAccountUniqueName = replace(operationsLogStorageAccountShortName, 'unique_token', uniqueString(resourcePrefix, environmentAbbreviation, operationsSubscriptionId)) +var operationsNetworkSecurityGroupName = replace(replace(networkSecurityGroupNamingConvention, '-${serviceToken}', ''), networkToken, operationsName) +var operationsPrivateLinkScopeName = replace(replace(privateLinkScopeName, '-${serviceToken}', ''), networkToken, operationsName) +var operationsPrivateLinkScopeNetworkInterfaceName = replace(replace(networkInterfaceNamingConvention, serviceToken, 'pls'), networkToken, operationsName) +var operationsPrivateLinkScopePrivateEndpointName = replace(replace(privateEndpointNamingConvention, serviceToken, 'pls'), networkToken, operationsName) +var operationsResourceGroupName = replace(replace(resourceGroupNamingConvention, '-${serviceToken}', ''), networkToken, operationsName) +var operationsRouteTableName = replace(replace(routeTableNamingConvention, '-${serviceToken}', ''), networkToken, operationsName) +var operationsSubnetName = replace(replace(subnetNamingConvention, '-${serviceToken}', ''), networkToken, operationsName) +var operationsVirtualNetworkName = replace(replace(virtualNetworkNamingConvention, '-${serviceToken}', ''), networkToken, operationsName) // SHARED SERVICES NAMES var sharedServicesName = 'sharedServices' var sharedServicesShortName = 'svcs' var sharedServicesLogStorageAccountName = take(sharedServicesLogStorageAccountUniqueName, 24) -var sharedServicesLogStorageAccountShortName = replace(storageAccountNamingConvention, nameToken, sharedServicesShortName) -var sharedServicesLogStorageAccountUniqueName = replace(sharedServicesLogStorageAccountShortName, 'unique_token', uniqueString(resourcePrefix, resourceSuffix, sharedServicesSubscriptionId)) -var sharedServicesNetworkSecurityGroupName = replace(networkSecurityGroupNamingConvention, nameToken, sharedServicesName) -var sharedServicesResourceGroupName = replace(resourceGroupNamingConvention, nameToken, sharedServicesName) -var sharedServicesRouteTableName = replace(routeTableNamingConvention, nameToken, sharedServicesName) -var sharedServicesSubnetName = replace(subnetNamingConvention, nameToken, sharedServicesName) -var sharedServicesVirtualNetworkName = replace(virtualNetworkNamingConvention, nameToken, sharedServicesName) +var sharedServicesLogStorageAccountPrivateEndpointName = replace(replace(privateEndpointNamingConvention, serviceToken, '${serviceToken}-st'), networkToken, sharedServicesName) +var sharedServicesLogStorageAccountNetworkInterfaceName = replace(replace(networkInterfaceNamingConvention, serviceToken, '${serviceToken}-st'), networkToken, sharedServicesName) +var sharedServicesLogStorageAccountShortName = replace(replace(storageAccountNamingConvention, serviceToken, ''), networkToken, sharedServicesShortName) +var sharedServicesLogStorageAccountUniqueName = replace(sharedServicesLogStorageAccountShortName, 'unique_token', uniqueString(resourcePrefix, environmentAbbreviation, sharedServicesSubscriptionId)) +var sharedServicesNetworkSecurityGroupName = replace(replace(networkSecurityGroupNamingConvention, '-${serviceToken}', ''), networkToken, sharedServicesName) +var sharedServicesResourceGroupName = replace(replace(resourceGroupNamingConvention, '-${serviceToken}', ''), networkToken, sharedServicesName) +var sharedServicesRouteTableName = replace(replace(routeTableNamingConvention, '-${serviceToken}', ''), networkToken, sharedServicesName) +var sharedServicesSubnetName = replace(replace(subnetNamingConvention, '-${serviceToken}', ''), networkToken, sharedServicesName) +var sharedServicesVirtualNetworkName = replace(replace(virtualNetworkNamingConvention, '-${serviceToken}', ''), networkToken, sharedServicesName) // LOG ANALYTICS NAMES -var logAnalyticsWorkspaceName = replace(logAnalyticsWorkspaceNamingConvention, nameToken, operationsName) +var logAnalyticsWorkspaceName = replace(replace(logAnalyticsWorkspaceNamingConvention, '-${serviceToken}', ''), networkToken, operationsName) // FIREWALL NAMES -var firewallName = replace(firewallNamingConvention, nameToken, hubName) -var firewallPolicyName = replace(firewallPolicyNamingConvention, nameToken, hubName) -var firewallClientIpConfigurationName = replace(ipConfigurationNamingConvention, nameToken, 'afw-client') -var firewallClientPublicIPAddressName = replace(publicIpAddressNamingConvention, nameToken, 'afw-client') -var firewallManagementIpConfigurationName = replace(ipConfigurationNamingConvention, nameToken, 'afw-mgmt') -var firewallManagementPublicIPAddressName = replace(publicIpAddressNamingConvention, nameToken, 'afw-mgmt') +var firewallName = replace(replace(firewallNamingConvention, '-${serviceToken}', ''), networkToken, hubName) +var firewallPolicyName = replace(replace(firewallPolicyNamingConvention, '-${serviceToken}', ''), networkToken, hubName) +var firewallClientIpConfigurationName = replace(replace(ipConfigurationNamingConvention, serviceToken, 'client-afw'), networkToken, hubName) +var firewallClientPublicIPAddressName = replace(replace(publicIpAddressNamingConvention, serviceToken, 'client-afw'), networkToken, hubName) +var firewallManagementIpConfigurationName = replace(replace(ipConfigurationNamingConvention, serviceToken, 'mgmt-afw'), networkToken, hubName) +var firewallManagementPublicIPAddressName = replace(replace(publicIpAddressNamingConvention, serviceToken, 'mgmt-afw'), networkToken, hubName) // FIREWALL VALUES @@ -641,17 +659,17 @@ var firewallPublicIpAddressAllocationMethod = 'Static' // REMOTE ACCESS NAMES -var bastionHostName = replace(bastionHostNamingConvention, nameToken, hubName) -var bastionHostPublicIPAddressName = replace(publicIpAddressNamingConvention, nameToken, 'bas') -var bastionHostIPConfigurationName = replace(ipConfigurationNamingConvention, nameToken, 'bas') -var linuxDiskName = replace(diskNamingConvention, nameToken, 'bas-linux') -var linuxNetworkInterfaceName = replace(networkInterfaceNamingConvention, nameToken, 'bas-linux') -var linuxNetworkInterfaceIpConfigurationName = replace(ipConfigurationNamingConvention, nameToken, 'bas-linux') -var linuxVmName = replace(virtualMachineNamingConvention, nameToken, 'bas-linux') -var windowsDiskName = replace(diskNamingConvention, nameToken, 'bas-windows') -var windowsNetworkInterfaceName = replace(networkInterfaceNamingConvention, nameToken, 'bas-windows') -var windowsNetworkInterfaceIpConfigurationName = replace(ipConfigurationNamingConvention, nameToken, 'bas-windows') -var windowsVmName = replace(virtualMachineNamingConvention, nameToken, 'bas-windows') +var bastionHostName = replace(replace(bastionHostNamingConvention, '-${serviceToken}', ''), networkToken, hubName) +var bastionHostPublicIPAddressName = replace(replace(publicIpAddressNamingConvention, serviceToken, 'bas'), networkToken, hubName) +var bastionHostIPConfigurationName = replace(replace(ipConfigurationNamingConvention, serviceToken, 'bas'), networkToken, hubName) +var linuxDiskName = replace(replace(diskNamingConvention, serviceToken, 'linux'), networkToken, hubName) +var linuxNetworkInterfaceName = replace(replace(networkInterfaceNamingConvention, serviceToken, 'linux'), networkToken, hubName) +var linuxNetworkInterfaceIpConfigurationName = replace(replace(ipConfigurationNamingConvention, serviceToken, 'linux'), networkToken, hubName) +var linuxVmName = replace(replace(virtualMachineNamingConvention, serviceToken, 'linux'), networkToken, hubName) +var windowsDiskName = replace(replace(diskNamingConvention, serviceToken, 'windows'), networkToken, hubName) +var windowsNetworkInterfaceName = replace(replace(networkInterfaceNamingConvention, serviceToken, 'windows'), networkToken, hubName) +var windowsNetworkInterfaceIpConfigurationName = replace(replace(ipConfigurationNamingConvention, serviceToken, 'windows'), networkToken, hubName) +var windowsVmName = replace(replace(virtualMachineNamingConvention, serviceToken, 'windows'), networkToken, hubName) // BASTION VALUES @@ -667,6 +685,8 @@ var spokesCommon = [ subscriptionId: operationsSubscriptionId resourceGroupName: operationsResourceGroupName logStorageAccountName: operationsLogStorageAccountName + logStorageAccountNetworkInterfaceNamePrefix: operationsLogStorageAccountNetworkInterfaceName + logStorageAccountPrivateEndpointNamePrefix: operationsLogStorageAccountPrivateEndpointName virtualNetworkName: operationsVirtualNetworkName virtualNetworkAddressPrefix: operationsVirtualNetworkAddressPrefix virtualNetworkDiagnosticsLogs: operationsVirtualNetworkDiagnosticsLogs @@ -686,6 +706,8 @@ var spokesCommon = [ subscriptionId: sharedServicesSubscriptionId resourceGroupName: sharedServicesResourceGroupName logStorageAccountName: sharedServicesLogStorageAccountName + logStorageAccountNetworkInterfaceNamePrefix: sharedServicesLogStorageAccountNetworkInterfaceName + logStorageAccountPrivateEndpointNamePrefix: sharedServicesLogStorageAccountPrivateEndpointName virtualNetworkName: sharedServicesVirtualNetworkName virtualNetworkAddressPrefix: sharedServicesVirtualNetworkAddressPrefix virtualNetworkDiagnosticsLogs: sharedServicesVirtualNetworkDiagnosticsLogs @@ -707,6 +729,8 @@ var spokesIdentity = deployIdentity ? [ subscriptionId: identitySubscriptionId resourceGroupName: identityResourceGroupName logStorageAccountName: identityLogStorageAccountName + logStorageAccountNetworkInterfaceNamePrefix: identityLogStorageAccountNetworkInterfaceName + logStorageAccountPrivateEndpointNamePrefix: identityLogStorageAccountPrivateEndpointName virtualNetworkName: identityVirtualNetworkName virtualNetworkAddressPrefix: identityVirtualNetworkAddressPrefix virtualNetworkDiagnosticsLogs: identityVirtualNetworkDiagnosticsLogs @@ -727,7 +751,7 @@ var spokesIdentity = deployIdentity ? [ var defaultTags = { resourcePrefix: resourcePrefix - resourceSuffix: resourceSuffix + environmentAbbreviation: environmentAbbreviation DeploymentType: 'MissionLandingZoneARM' } @@ -914,9 +938,10 @@ module customerManagedKeys './core/hub-customer-managed-keys.bicep' = { deploymentNameSuffix: deploymentNameSuffix diskEncryptionSetName: hubDiskEncryptionSetName keyVaultName: hubKeyVaultName + keyVaultNetworkInterfaceName: hubKeyVaultNetworkInterfaceName keyVaultPrivateDnsZoneResourceId: privateDnsZones.outputs.keyvaultDnsPrivateDnsZoneId + keyVaultPrivateEndpointName: hubKeyVaultPrivateEndpointName location: location - resourcePrefix: resourcePrefix subnetResourceId: hubNetwork.outputs.subnetResourceId tags: calculatedTags userAssignedIdentityName: hubUserAssignedIdentityName @@ -929,16 +954,18 @@ module azureMonitor './modules/azure-monitor.bicep' = if (contains(supportedClou name: 'deploy-azure-monitor-${deploymentNameSuffix}' scope: resourceGroup(operationsSubscriptionId, operationsResourceGroupName) params: { + agentsvcPrivateDnsZoneId: privateDnsZones.outputs.agentsvcPrivateDnsZoneId + location: location logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name logAnalyticsWorkspaceResourceId: logAnalyticsWorkspace.outputs.id monitorPrivateDnsZoneId: privateDnsZones.outputs.monitorPrivateDnsZoneId - omsPrivateDnsZoneId: privateDnsZones.outputs.omsPrivateDnsZoneId odsPrivateDnsZoneId: privateDnsZones.outputs.odsPrivateDnsZoneId - agentsvcPrivateDnsZoneId: privateDnsZones.outputs.agentsvcPrivateDnsZoneId - location: location - tags: tags - resourcePrefix: resourcePrefix + omsPrivateDnsZoneId: privateDnsZones.outputs.omsPrivateDnsZoneId + privateLinkScopeName : operationsPrivateLinkScopeName + privateLinkScopeNetworkInterfaceName: operationsPrivateLinkScopeNetworkInterfaceName + privateLinkScopePrivateEndpointName : operationsPrivateLinkScopePrivateEndpointName subnetResourceId: spokeNetworks[0].outputs.subnetResourceId + tags: tags } dependsOn: [ logAnalyticsWorkspace @@ -1012,8 +1039,10 @@ module hubStorage './core/hub-storage.bicep' = { keyVaultUri: customerManagedKeys.outputs.keyVaultUri location: location logStorageAccountName: hubLogStorageAccountName + logStorageAccountNetworkInterfaceNamePrefix: hubLogStorageAccountNetworkInterfaceNamePrefix + logStorageAccountPrivateEndpointNamePrefix: hubLogStorageAccountPrivateEndpointNamePrefix logStorageSkuName: logStorageSkuName - resourcePrefix: resourcePrefix + serviceToken: serviceToken storageEncryptionKeyName: customerManagedKeys.outputs.storageKeyName subnetResourceId: hubNetwork.outputs.subnetResourceId tablesPrivateDnsZoneResourceId: privateDnsZones.outputs.tablePrivateDnsZoneId @@ -1035,8 +1064,10 @@ module spokeStorage './core/spoke-storage.bicep' = [for (spoke, i) in spokes: { keyVaultUri: customerManagedKeys.outputs.keyVaultUri location: location logStorageAccountName: spoke.logStorageAccountName + logStorageAccountNetworkInterfaceNamePrefix: spoke.logStorageAccountNetworkInterfaceNamePrefix + logStorageAccountPrivateEndpointNamePrefix: spoke.logStorageAccountPrivateEndpointNamePrefix logStorageSkuName: logStorageSkuName - resourcePrefix: resourcePrefix + serviceToken: serviceToken storageEncryptionKeyName: customerManagedKeys.outputs.storageKeyName subnetResourceId: spokeNetworks[i].outputs.subnetResourceId tablesPrivateDnsZoneResourceId: privateDnsZones.outputs.tablePrivateDnsZoneId diff --git a/src/bicep/mlz.json b/src/bicep/mlz.json index cf99a191..92828e02 100644 --- a/src/bicep/mlz.json +++ b/src/bicep/mlz.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17762422065056010338" + "version": "0.25.3.34343", + "templateHash": "6655483553945362084" } }, "parameters": { @@ -17,13 +17,16 @@ "description": "A prefix, 3-6 alphanumeric characters without whitespace, used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces" } }, - "resourceSuffix": { + "environmentAbbreviation": { "type": "string", - "defaultValue": "mlz", - "minLength": 3, - "maxLength": 6, + "defaultValue": "dev", + "allowedValues": [ + "dev", + "prod", + "test" + ], "metadata": { - "description": "A suffix, 3 to 6 characters in length, to append to resource names (e.g. \"dev\", \"test\", \"prod\", \"mlz\"). It defaults to \"mlz\"." + "description": "The abbreviation for the environment." } }, "hubSubscriptionId": { @@ -856,6 +859,12 @@ "recoveryServicesGeo": "bjb2", "timeDifference": "+8:00", "timeZone": "China Standard Time" + }, + "chinanorth3": { + "abbreviation": "cnn3", + "recoveryServicesGeo": "", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" } }, "AzureCloud": { @@ -1009,6 +1018,12 @@ "timeDifference": "+9:00", "timeZone": "Korea Standard Time" }, + "newzealandnorth": { + "abbreviation": "nzn", + "recoveryServicesGeo": "", + "timeDifference": "+13:00", + "timeZone": "New Zealand Standard Time" + }, "northcentralus": { "abbreviation": "usnc", "recoveryServicesGeo": "ncus", @@ -1218,94 +1233,110 @@ "locations": "[variables('$fxv#0')[environment().name]]", "locationAbbreviation": "[variables('locations')[parameters('location')].abbreviation]", "resourceToken": "resource_token", - "nameToken": "name_token", - "namingConvention": "[format('{0}-{1}-{2}-{3}-{4}', toLower(parameters('resourcePrefix')), variables('resourceToken'), variables('nameToken'), toLower(parameters('resourceSuffix')), variables('locationAbbreviation'))]", + "serviceToken": "service_token", + "networkToken": "network_token", + "namingConvention": "[format('{0}-{1}-{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), variables('resourceToken'), variables('serviceToken'), variables('networkToken'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", "bastionHostNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'bas')]", "diskEncryptionSetNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'des')]", "diskNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'disk')]", "firewallNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'afw')]", "firewallPolicyNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'afwp')]", - "keyVaultNamingConvention": "[format('{0}unique_token', replace(replace(variables('namingConvention'), variables('resourceToken'), 'kv'), '-', ''))]", "ipConfigurationNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'ipconf')]", + "keyVaultNamingConvention": "[format('{0}unique_token', replace(replace(variables('namingConvention'), variables('resourceToken'), 'kv'), '-', ''))]", "logAnalyticsWorkspaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'log')]", "networkInterfaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'nic')]", "networkSecurityGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'nsg')]", "networkWatcherNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'nw')]", + "privateEndpointNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'pe')]", + "privateLinkScopeName": "[replace(variables('namingConvention'), variables('resourceToken'), 'pls')]", "publicIpAddressNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'pip')]", "resourceGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'rg')]", "routeTableNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'rt')]", "storageAccountNamingConvention": "[toLower(format('{0}unique_token', replace(replace(variables('namingConvention'), variables('resourceToken'), 'st'), '-', '')))]", "subnetNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'snet')]", - "userAssignedIdentityNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'uaid')]", + "userAssignedIdentityNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'id')]", "virtualMachineNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'vm')]", "virtualNetworkNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), 'vnet')]", "hubName": "hub", "hubShortName": "hub", - "hubDiskEncryptionSetName": "[replace(variables('diskEncryptionSetNamingConvention'), variables('nameToken'), variables('hubName'))]", + "hubDiskEncryptionSetName": "[replace(replace(variables('diskEncryptionSetNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('hubName'))]", "hubKeyVaultName": "[take(variables('hubKeyVaultUniqueName'), 24)]", - "hubKeyVaultShortName": "[replace(variables('keyVaultNamingConvention'), variables('nameToken'), variables('hubShortName'))]", - "hubKeyVaultUniqueName": "[replace(variables('hubKeyVaultShortName'), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('resourceSuffix'), parameters('hubSubscriptionId')))]", + "hubKeyVaultNetworkInterfaceName": "[replace(replace(variables('networkInterfaceNamingConvention'), variables('serviceToken'), 'kv'), variables('networkToken'), variables('hubName'))]", + "hubKeyVaultPrivateEndpointName": "[replace(replace(variables('privateEndpointNamingConvention'), variables('serviceToken'), 'kv'), variables('networkToken'), variables('hubName'))]", + "hubKeyVaultShortName": "[replace(replace(variables('keyVaultNamingConvention'), variables('serviceToken'), ''), variables('networkToken'), variables('hubShortName'))]", + "hubKeyVaultUniqueName": "[replace(variables('hubKeyVaultShortName'), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('hubSubscriptionId')))]", "hubLogStorageAccountName": "[take(variables('hubLogStorageAccountUniqueName'), 24)]", - "hubLogStorageAccountShortName": "[replace(variables('storageAccountNamingConvention'), variables('nameToken'), variables('hubShortName'))]", - "hubLogStorageAccountUniqueName": "[replace(variables('hubLogStorageAccountShortName'), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('resourceSuffix'), parameters('hubSubscriptionId')))]", - "hubNetworkWatcherName": "[replace(variables('networkWatcherNamingConvention'), variables('nameToken'), variables('hubName'))]", - "hubNetworkSecurityGroupName": "[replace(variables('networkSecurityGroupNamingConvention'), variables('nameToken'), variables('hubName'))]", - "hubResourceGroupName": "[replace(variables('resourceGroupNamingConvention'), variables('nameToken'), variables('hubName'))]", - "hubRouteTableName": "[replace(variables('routeTableNamingConvention'), variables('nameToken'), variables('hubName'))]", - "hubSubnetName": "[replace(variables('subnetNamingConvention'), variables('nameToken'), variables('hubName'))]", - "hubUserAssignedIdentityName": "[replace(variables('userAssignedIdentityNamingConvention'), variables('nameToken'), variables('hubName'))]", - "hubVirtualNetworkName": "[replace(variables('virtualNetworkNamingConvention'), variables('nameToken'), variables('hubName'))]", + "hubLogStorageAccountNetworkInterfaceNamePrefix": "[replace(replace(variables('networkInterfaceNamingConvention'), variables('serviceToken'), format('{0}-st', variables('serviceToken'))), variables('networkToken'), variables('hubName'))]", + "hubLogStorageAccountPrivateEndpointNamePrefix": "[replace(replace(variables('privateEndpointNamingConvention'), variables('serviceToken'), format('{0}-st', variables('serviceToken'))), variables('networkToken'), variables('hubName'))]", + "hubLogStorageAccountShortName": "[replace(replace(variables('storageAccountNamingConvention'), variables('serviceToken'), ''), variables('networkToken'), variables('hubShortName'))]", + "hubLogStorageAccountUniqueName": "[replace(variables('hubLogStorageAccountShortName'), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('hubSubscriptionId')))]", + "hubNetworkWatcherName": "[replace(replace(variables('networkWatcherNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('hubName'))]", + "hubNetworkSecurityGroupName": "[replace(replace(variables('networkSecurityGroupNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('hubName'))]", + "hubResourceGroupName": "[replace(replace(variables('resourceGroupNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('hubName'))]", + "hubRouteTableName": "[replace(replace(variables('routeTableNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('hubName'))]", + "hubSubnetName": "[replace(replace(variables('subnetNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('hubName'))]", + "hubUserAssignedIdentityName": "[replace(replace(variables('userAssignedIdentityNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('hubName'))]", + "hubVirtualNetworkName": "[replace(replace(variables('virtualNetworkNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('hubName'))]", "identityName": "identity", "identityShortName": "id", "identityLogStorageAccountName": "[take(variables('identityLogStorageAccountUniqueName'), 24)]", - "identityLogStorageAccountShortName": "[replace(variables('storageAccountNamingConvention'), variables('nameToken'), variables('identityShortName'))]", - "identityLogStorageAccountUniqueName": "[replace(variables('identityLogStorageAccountShortName'), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('resourceSuffix'), parameters('identitySubscriptionId')))]", - "identityNetworkSecurityGroupName": "[replace(variables('networkSecurityGroupNamingConvention'), variables('nameToken'), variables('identityName'))]", - "identityResourceGroupName": "[replace(variables('resourceGroupNamingConvention'), variables('nameToken'), variables('identityName'))]", - "identityRouteTableName": "[replace(variables('routeTableNamingConvention'), variables('nameToken'), variables('identityName'))]", - "identitySubnetName": "[replace(variables('subnetNamingConvention'), variables('nameToken'), variables('identityName'))]", - "identityVirtualNetworkName": "[replace(variables('virtualNetworkNamingConvention'), variables('nameToken'), variables('identityName'))]", + "identityLogStorageAccountNetworkInterfaceName": "[replace(replace(variables('networkInterfaceNamingConvention'), variables('serviceToken'), format('{0}-st', variables('serviceToken'))), variables('networkToken'), variables('identityName'))]", + "identityLogStorageAccountPrivateEndpointName": "[replace(replace(variables('privateEndpointNamingConvention'), variables('serviceToken'), format('{0}-st', variables('serviceToken'))), variables('networkToken'), variables('identityName'))]", + "identityLogStorageAccountShortName": "[replace(replace(variables('storageAccountNamingConvention'), variables('serviceToken'), ''), variables('networkToken'), variables('identityShortName'))]", + "identityLogStorageAccountUniqueName": "[replace(variables('identityLogStorageAccountShortName'), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('identitySubscriptionId')))]", + "identityNetworkSecurityGroupName": "[replace(replace(variables('networkSecurityGroupNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('identityName'))]", + "identityResourceGroupName": "[replace(replace(variables('resourceGroupNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('identityName'))]", + "identityRouteTableName": "[replace(replace(variables('routeTableNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('identityName'))]", + "identitySubnetName": "[replace(replace(variables('subnetNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('identityName'))]", + "identityVirtualNetworkName": "[replace(replace(variables('virtualNetworkNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('identityName'))]", "operationsName": "operations", "operationsShortName": "ops", "operationsLogStorageAccountName": "[take(variables('operationsLogStorageAccountUniqueName'), 24)]", - "operationsLogStorageAccountShortName": "[replace(variables('storageAccountNamingConvention'), variables('nameToken'), variables('operationsShortName'))]", - "operationsLogStorageAccountUniqueName": "[replace(variables('operationsLogStorageAccountShortName'), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('resourceSuffix'), parameters('operationsSubscriptionId')))]", - "operationsNetworkSecurityGroupName": "[replace(variables('networkSecurityGroupNamingConvention'), variables('nameToken'), variables('operationsName'))]", - "operationsResourceGroupName": "[replace(variables('resourceGroupNamingConvention'), variables('nameToken'), variables('operationsName'))]", - "operationsRouteTableName": "[replace(variables('routeTableNamingConvention'), variables('nameToken'), variables('operationsName'))]", - "operationsSubnetName": "[replace(variables('subnetNamingConvention'), variables('nameToken'), variables('operationsName'))]", - "operationsVirtualNetworkName": "[replace(variables('virtualNetworkNamingConvention'), variables('nameToken'), variables('operationsName'))]", + "operationsLogStorageAccountNetworkInterfaceName": "[replace(replace(variables('networkInterfaceNamingConvention'), variables('serviceToken'), format('{0}-st', variables('serviceToken'))), variables('networkToken'), variables('operationsName'))]", + "operationsLogStorageAccountPrivateEndpointName": "[replace(replace(variables('privateEndpointNamingConvention'), variables('serviceToken'), format('{0}-st', variables('serviceToken'))), variables('networkToken'), variables('operationsName'))]", + "operationsLogStorageAccountShortName": "[replace(replace(variables('storageAccountNamingConvention'), variables('serviceToken'), ''), variables('networkToken'), variables('operationsShortName'))]", + "operationsLogStorageAccountUniqueName": "[replace(variables('operationsLogStorageAccountShortName'), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('operationsSubscriptionId')))]", + "operationsNetworkSecurityGroupName": "[replace(replace(variables('networkSecurityGroupNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('operationsName'))]", + "operationsPrivateLinkScopeName": "[replace(replace(variables('privateLinkScopeName'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('operationsName'))]", + "operationsPrivateLinkScopeNetworkInterfaceName": "[replace(replace(variables('networkInterfaceNamingConvention'), variables('serviceToken'), 'pls'), variables('networkToken'), variables('operationsName'))]", + "operationsPrivateLinkScopePrivateEndpointName": "[replace(replace(variables('privateEndpointNamingConvention'), variables('serviceToken'), 'pls'), variables('networkToken'), variables('operationsName'))]", + "operationsResourceGroupName": "[replace(replace(variables('resourceGroupNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('operationsName'))]", + "operationsRouteTableName": "[replace(replace(variables('routeTableNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('operationsName'))]", + "operationsSubnetName": "[replace(replace(variables('subnetNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('operationsName'))]", + "operationsVirtualNetworkName": "[replace(replace(variables('virtualNetworkNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('operationsName'))]", "sharedServicesName": "sharedServices", "sharedServicesShortName": "svcs", "sharedServicesLogStorageAccountName": "[take(variables('sharedServicesLogStorageAccountUniqueName'), 24)]", - "sharedServicesLogStorageAccountShortName": "[replace(variables('storageAccountNamingConvention'), variables('nameToken'), variables('sharedServicesShortName'))]", - "sharedServicesLogStorageAccountUniqueName": "[replace(variables('sharedServicesLogStorageAccountShortName'), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('resourceSuffix'), parameters('sharedServicesSubscriptionId')))]", - "sharedServicesNetworkSecurityGroupName": "[replace(variables('networkSecurityGroupNamingConvention'), variables('nameToken'), variables('sharedServicesName'))]", - "sharedServicesResourceGroupName": "[replace(variables('resourceGroupNamingConvention'), variables('nameToken'), variables('sharedServicesName'))]", - "sharedServicesRouteTableName": "[replace(variables('routeTableNamingConvention'), variables('nameToken'), variables('sharedServicesName'))]", - "sharedServicesSubnetName": "[replace(variables('subnetNamingConvention'), variables('nameToken'), variables('sharedServicesName'))]", - "sharedServicesVirtualNetworkName": "[replace(variables('virtualNetworkNamingConvention'), variables('nameToken'), variables('sharedServicesName'))]", - "logAnalyticsWorkspaceName": "[replace(variables('logAnalyticsWorkspaceNamingConvention'), variables('nameToken'), variables('operationsName'))]", - "firewallName": "[replace(variables('firewallNamingConvention'), variables('nameToken'), variables('hubName'))]", - "firewallPolicyName": "[replace(variables('firewallPolicyNamingConvention'), variables('nameToken'), variables('hubName'))]", - "firewallClientIpConfigurationName": "[replace(variables('ipConfigurationNamingConvention'), variables('nameToken'), 'afw-client')]", - "firewallClientPublicIPAddressName": "[replace(variables('publicIpAddressNamingConvention'), variables('nameToken'), 'afw-client')]", - "firewallManagementIpConfigurationName": "[replace(variables('ipConfigurationNamingConvention'), variables('nameToken'), 'afw-mgmt')]", - "firewallManagementPublicIPAddressName": "[replace(variables('publicIpAddressNamingConvention'), variables('nameToken'), 'afw-mgmt')]", + "sharedServicesLogStorageAccountPrivateEndpointName": "[replace(replace(variables('privateEndpointNamingConvention'), variables('serviceToken'), format('{0}-st', variables('serviceToken'))), variables('networkToken'), variables('sharedServicesName'))]", + "sharedServicesLogStorageAccountNetworkInterfaceName": "[replace(replace(variables('networkInterfaceNamingConvention'), variables('serviceToken'), format('{0}-st', variables('serviceToken'))), variables('networkToken'), variables('sharedServicesName'))]", + "sharedServicesLogStorageAccountShortName": "[replace(replace(variables('storageAccountNamingConvention'), variables('serviceToken'), ''), variables('networkToken'), variables('sharedServicesShortName'))]", + "sharedServicesLogStorageAccountUniqueName": "[replace(variables('sharedServicesLogStorageAccountShortName'), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('sharedServicesSubscriptionId')))]", + "sharedServicesNetworkSecurityGroupName": "[replace(replace(variables('networkSecurityGroupNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('sharedServicesName'))]", + "sharedServicesResourceGroupName": "[replace(replace(variables('resourceGroupNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('sharedServicesName'))]", + "sharedServicesRouteTableName": "[replace(replace(variables('routeTableNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('sharedServicesName'))]", + "sharedServicesSubnetName": "[replace(replace(variables('subnetNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('sharedServicesName'))]", + "sharedServicesVirtualNetworkName": "[replace(replace(variables('virtualNetworkNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('sharedServicesName'))]", + "logAnalyticsWorkspaceName": "[replace(replace(variables('logAnalyticsWorkspaceNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('operationsName'))]", + "firewallName": "[replace(replace(variables('firewallNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('hubName'))]", + "firewallPolicyName": "[replace(replace(variables('firewallPolicyNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('hubName'))]", + "firewallClientIpConfigurationName": "[replace(replace(variables('ipConfigurationNamingConvention'), variables('serviceToken'), 'client-afw'), variables('networkToken'), variables('hubName'))]", + "firewallClientPublicIPAddressName": "[replace(replace(variables('publicIpAddressNamingConvention'), variables('serviceToken'), 'client-afw'), variables('networkToken'), variables('hubName'))]", + "firewallManagementIpConfigurationName": "[replace(replace(variables('ipConfigurationNamingConvention'), variables('serviceToken'), 'mgmt-afw'), variables('networkToken'), variables('hubName'))]", + "firewallManagementPublicIPAddressName": "[replace(replace(variables('publicIpAddressNamingConvention'), variables('serviceToken'), 'mgmt-afw'), variables('networkToken'), variables('hubName'))]", "firewallClientPrivateIpAddress": "[variables('firewallClientUsableIpAddresses')[3]]", "firewallPublicIpAddressSkuName": "Standard", "firewallPublicIpAddressAllocationMethod": "Static", - "bastionHostName": "[replace(variables('bastionHostNamingConvention'), variables('nameToken'), variables('hubName'))]", - "bastionHostPublicIPAddressName": "[replace(variables('publicIpAddressNamingConvention'), variables('nameToken'), 'bas')]", - "bastionHostIPConfigurationName": "[replace(variables('ipConfigurationNamingConvention'), variables('nameToken'), 'bas')]", - "linuxDiskName": "[replace(variables('diskNamingConvention'), variables('nameToken'), 'bas-linux')]", - "linuxNetworkInterfaceName": "[replace(variables('networkInterfaceNamingConvention'), variables('nameToken'), 'bas-linux')]", - "linuxNetworkInterfaceIpConfigurationName": "[replace(variables('ipConfigurationNamingConvention'), variables('nameToken'), 'bas-linux')]", - "linuxVmName": "[replace(variables('virtualMachineNamingConvention'), variables('nameToken'), 'bas-linux')]", - "windowsDiskName": "[replace(variables('diskNamingConvention'), variables('nameToken'), 'bas-windows')]", - "windowsNetworkInterfaceName": "[replace(variables('networkInterfaceNamingConvention'), variables('nameToken'), 'bas-windows')]", - "windowsNetworkInterfaceIpConfigurationName": "[replace(variables('ipConfigurationNamingConvention'), variables('nameToken'), 'bas-windows')]", - "windowsVmName": "[replace(variables('virtualMachineNamingConvention'), variables('nameToken'), 'bas-windows')]", + "bastionHostName": "[replace(replace(variables('bastionHostNamingConvention'), format('-{0}', variables('serviceToken')), ''), variables('networkToken'), variables('hubName'))]", + "bastionHostPublicIPAddressName": "[replace(replace(variables('publicIpAddressNamingConvention'), variables('serviceToken'), 'bas'), variables('networkToken'), variables('hubName'))]", + "bastionHostIPConfigurationName": "[replace(replace(variables('ipConfigurationNamingConvention'), variables('serviceToken'), 'bas'), variables('networkToken'), variables('hubName'))]", + "linuxDiskName": "[replace(replace(variables('diskNamingConvention'), variables('serviceToken'), 'linux'), variables('networkToken'), variables('hubName'))]", + "linuxNetworkInterfaceName": "[replace(replace(variables('networkInterfaceNamingConvention'), variables('serviceToken'), 'linux'), variables('networkToken'), variables('hubName'))]", + "linuxNetworkInterfaceIpConfigurationName": "[replace(replace(variables('ipConfigurationNamingConvention'), variables('serviceToken'), 'linux'), variables('networkToken'), variables('hubName'))]", + "linuxVmName": "[replace(replace(variables('virtualMachineNamingConvention'), variables('serviceToken'), 'linux'), variables('networkToken'), variables('hubName'))]", + "windowsDiskName": "[replace(replace(variables('diskNamingConvention'), variables('serviceToken'), 'windows'), variables('networkToken'), variables('hubName'))]", + "windowsNetworkInterfaceName": "[replace(replace(variables('networkInterfaceNamingConvention'), variables('serviceToken'), 'windows'), variables('networkToken'), variables('hubName'))]", + "windowsNetworkInterfaceIpConfigurationName": "[replace(replace(variables('ipConfigurationNamingConvention'), variables('serviceToken'), 'windows'), variables('networkToken'), variables('hubName'))]", + "windowsVmName": "[replace(replace(variables('virtualMachineNamingConvention'), variables('serviceToken'), 'windows'), variables('networkToken'), variables('hubName'))]", "bastionHostPublicIPAddressSkuName": "Standard", "bastionHostPublicIPAddressAllocationMethod": "Static", "spokes": "[union(variables('spokesCommon'), variables('spokesIdentity'))]", @@ -1315,6 +1346,8 @@ "subscriptionId": "[parameters('operationsSubscriptionId')]", "resourceGroupName": "[variables('operationsResourceGroupName')]", "logStorageAccountName": "[variables('operationsLogStorageAccountName')]", + "logStorageAccountNetworkInterfaceNamePrefix": "[variables('operationsLogStorageAccountNetworkInterfaceName')]", + "logStorageAccountPrivateEndpointNamePrefix": "[variables('operationsLogStorageAccountPrivateEndpointName')]", "virtualNetworkName": "[variables('operationsVirtualNetworkName')]", "virtualNetworkAddressPrefix": "[parameters('operationsVirtualNetworkAddressPrefix')]", "virtualNetworkDiagnosticsLogs": "[parameters('operationsVirtualNetworkDiagnosticsLogs')]", @@ -1334,6 +1367,8 @@ "subscriptionId": "[parameters('sharedServicesSubscriptionId')]", "resourceGroupName": "[variables('sharedServicesResourceGroupName')]", "logStorageAccountName": "[variables('sharedServicesLogStorageAccountName')]", + "logStorageAccountNetworkInterfaceNamePrefix": "[variables('sharedServicesLogStorageAccountNetworkInterfaceName')]", + "logStorageAccountPrivateEndpointNamePrefix": "[variables('sharedServicesLogStorageAccountPrivateEndpointName')]", "virtualNetworkName": "[variables('sharedServicesVirtualNetworkName')]", "virtualNetworkAddressPrefix": "[parameters('sharedServicesVirtualNetworkAddressPrefix')]", "virtualNetworkDiagnosticsLogs": "[parameters('sharedServicesVirtualNetworkDiagnosticsLogs')]", @@ -1349,10 +1384,10 @@ "subnetPrivateLinkServiceNetworkPolicies": "Disabled" } ], - "spokesIdentity": "[if(parameters('deployIdentity'), createArray(createObject('name', variables('identityName'), 'subscriptionId', parameters('identitySubscriptionId'), 'resourceGroupName', variables('identityResourceGroupName'), 'logStorageAccountName', variables('identityLogStorageAccountName'), 'virtualNetworkName', variables('identityVirtualNetworkName'), 'virtualNetworkAddressPrefix', parameters('identityVirtualNetworkAddressPrefix'), 'virtualNetworkDiagnosticsLogs', parameters('identityVirtualNetworkDiagnosticsLogs'), 'virtualNetworkDiagnosticsMetrics', parameters('identityVirtualNetworkDiagnosticsMetrics'), 'networkSecurityGroupName', variables('identityNetworkSecurityGroupName'), 'networkSecurityGroupRules', parameters('identityNetworkSecurityGroupRules'), 'networkSecurityGroupDiagnosticsLogs', parameters('identityNetworkSecurityGroupDiagnosticsLogs'), 'networkSecurityGroupDiagnosticsMetrics', parameters('identityNetworkSecurityGroupDiagnosticsMetrics'), 'routeTableName', variables('identityRouteTableName'), 'subnetName', variables('identitySubnetName'), 'subnetAddressPrefix', parameters('identitySubnetAddressPrefix'), 'subnetPrivateEndpointNetworkPolicies', 'Disabled', 'subnetPrivateLinkServiceNetworkPolicies', 'Disabled')), createArray())]", + "spokesIdentity": "[if(parameters('deployIdentity'), createArray(createObject('name', variables('identityName'), 'subscriptionId', parameters('identitySubscriptionId'), 'resourceGroupName', variables('identityResourceGroupName'), 'logStorageAccountName', variables('identityLogStorageAccountName'), 'logStorageAccountNetworkInterfaceNamePrefix', variables('identityLogStorageAccountNetworkInterfaceName'), 'logStorageAccountPrivateEndpointNamePrefix', variables('identityLogStorageAccountPrivateEndpointName'), 'virtualNetworkName', variables('identityVirtualNetworkName'), 'virtualNetworkAddressPrefix', parameters('identityVirtualNetworkAddressPrefix'), 'virtualNetworkDiagnosticsLogs', parameters('identityVirtualNetworkDiagnosticsLogs'), 'virtualNetworkDiagnosticsMetrics', parameters('identityVirtualNetworkDiagnosticsMetrics'), 'networkSecurityGroupName', variables('identityNetworkSecurityGroupName'), 'networkSecurityGroupRules', parameters('identityNetworkSecurityGroupRules'), 'networkSecurityGroupDiagnosticsLogs', parameters('identityNetworkSecurityGroupDiagnosticsLogs'), 'networkSecurityGroupDiagnosticsMetrics', parameters('identityNetworkSecurityGroupDiagnosticsMetrics'), 'routeTableName', variables('identityRouteTableName'), 'subnetName', variables('identitySubnetName'), 'subnetAddressPrefix', parameters('identitySubnetAddressPrefix'), 'subnetPrivateEndpointNetworkPolicies', 'Disabled', 'subnetPrivateLinkServiceNetworkPolicies', 'Disabled')), createArray())]", "defaultTags": { "resourcePrefix": "[parameters('resourcePrefix')]", - "resourceSuffix": "[parameters('resourceSuffix')]", + "environmentAbbreviation": "[parameters('environmentAbbreviation')]", "DeploymentType": "MissionLandingZoneARM" }, "calculatedTags": "[union(parameters('tags'), variables('defaultTags'))]" @@ -1386,8 +1421,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7140967460139920692" + "version": "0.25.3.34343", + "templateHash": "3954446391307870800" } }, "parameters": { @@ -1464,8 +1499,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7140967460139920692" + "version": "0.25.3.34343", + "templateHash": "3954446391307870800" } }, "parameters": { @@ -1550,8 +1585,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9947295372567029530" + "version": "0.25.3.34343", + "templateHash": "17926979782564918809" } }, "parameters": { @@ -1851,8 +1886,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8914523087490010027" + "version": "0.25.3.34343", + "templateHash": "13273071320445166406" } }, "parameters": { @@ -2020,8 +2055,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14964080576155541488" + "version": "0.25.3.34343", + "templateHash": "4012843011849116496" } }, "parameters": { @@ -2101,8 +2136,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3954150695911654455" + "version": "0.25.3.34343", + "templateHash": "13277163680744865049" } }, "parameters": { @@ -2188,8 +2223,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14546557041983787127" + "version": "0.25.3.34343", + "templateHash": "16056308457416753943" } }, "parameters": { @@ -2254,8 +2289,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4828957538822254305" + "version": "0.25.3.34343", + "templateHash": "17577553881951682002" } }, "parameters": { @@ -2360,8 +2395,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6027084282099740925" + "version": "0.25.3.34343", + "templateHash": "4673819478927670268" } }, "parameters": { @@ -2444,8 +2479,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6027084282099740925" + "version": "0.25.3.34343", + "templateHash": "4673819478927670268" } }, "parameters": { @@ -2558,8 +2593,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1302706933422554098" + "version": "0.25.3.34343", + "templateHash": "14848215416839394582" } }, "parameters": { @@ -2950,8 +2985,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3122366333892461351" + "version": "0.25.3.34343", + "templateHash": "6331926500323302733" } }, "parameters": { @@ -3040,8 +3075,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14964080576155541488" + "version": "0.25.3.34343", + "templateHash": "4012843011849116496" } }, "parameters": { @@ -3121,8 +3156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3954150695911654455" + "version": "0.25.3.34343", + "templateHash": "13277163680744865049" } }, "parameters": { @@ -3235,8 +3270,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4828957538822254305" + "version": "0.25.3.34343", + "templateHash": "17577553881951682002" } }, "parameters": { @@ -3378,8 +3413,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9588462177817329290" + "version": "0.25.3.34343", + "templateHash": "11141146466317272450" } }, "parameters": { @@ -3418,8 +3453,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9853575474833495545" + "version": "0.25.3.34343", + "templateHash": "676456583775425194" } }, "parameters": { @@ -3492,8 +3527,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1352997920612289656" + "version": "0.25.3.34343", + "templateHash": "10548088731072497547" } }, "parameters": { @@ -3538,8 +3573,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9853575474833495545" + "version": "0.25.3.34343", + "templateHash": "676456583775425194" } }, "parameters": { @@ -3618,8 +3653,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "556553486991873372" + "version": "0.25.3.34343", + "templateHash": "6659038415017706631" } }, "parameters": { @@ -3684,6 +3719,12 @@ "recoveryServicesGeo": "bjb2", "timeDifference": "+8:00", "timeZone": "China Standard Time" + }, + "chinanorth3": { + "abbreviation": "cnn3", + "recoveryServicesGeo": "", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" } }, "AzureCloud": { @@ -3837,6 +3878,12 @@ "timeDifference": "+9:00", "timeZone": "Korea Standard Time" }, + "newzealandnorth": { + "abbreviation": "nzn", + "recoveryServicesGeo": "", + "timeDifference": "+13:00", + "timeZone": "New Zealand Standard Time" + }, "northcentralus": { "abbreviation": "usnc", "recoveryServicesGeo": "ncus", @@ -4111,8 +4158,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3715367426949365008" + "version": "0.25.3.34343", + "templateHash": "12902381778845067338" } }, "parameters": { @@ -4239,15 +4286,18 @@ "keyVaultName": { "value": "[variables('hubKeyVaultName')]" }, + "keyVaultNetworkInterfaceName": { + "value": "[variables('hubKeyVaultNetworkInterfaceName')]" + }, "keyVaultPrivateDnsZoneResourceId": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyvaultDnsPrivateDnsZoneId.value]" }, + "keyVaultPrivateEndpointName": { + "value": "[variables('hubKeyVaultPrivateEndpointName')]" + }, "location": { "value": "[parameters('location')]" }, - "resourcePrefix": { - "value": "[parameters('resourcePrefix')]" - }, "subnetResourceId": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, @@ -4264,8 +4314,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15205511176758446611" + "version": "0.25.3.34343", + "templateHash": "9567928427713235122" } }, "parameters": { @@ -4278,13 +4328,16 @@ "keyVaultName": { "type": "string" }, + "keyVaultNetworkInterfaceName": { + "type": "string" + }, "keyVaultPrivateDnsZoneResourceId": { "type": "string" }, - "location": { + "keyVaultPrivateEndpointName": { "type": "string" }, - "resourcePrefix": { + "location": { "type": "string" }, "subnetResourceId": { @@ -4311,15 +4364,18 @@ "keyVaultName": { "value": "[parameters('keyVaultName')]" }, + "keyVaultNetworkInterfaceName": { + "value": "[parameters('keyVaultNetworkInterfaceName')]" + }, "keyVaultPrivateDnsZoneResourceId": { "value": "[parameters('keyVaultPrivateDnsZoneResourceId')]" }, + "keyVaultPrivateEndpointName": { + "value": "[parameters('keyVaultPrivateEndpointName')]" + }, "location": { "value": "[parameters('location')]" }, - "resourcePrefix": { - "value": "[parameters('resourcePrefix')]" - }, "subnetResourceId": { "value": "[parameters('subnetResourceId')]" }, @@ -4333,8 +4389,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8627782382405074284" + "version": "0.25.3.34343", + "templateHash": "14463009798885962371" } }, "parameters": { @@ -4345,13 +4401,16 @@ "keyVaultName": { "type": "string" }, + "keyVaultNetworkInterfaceName": { + "type": "string" + }, "keyVaultPrivateDnsZoneResourceId": { "type": "string" }, - "location": { + "keyVaultPrivateEndpointName": { "type": "string" }, - "resourcePrefix": { + "location": { "type": "string" }, "subnetResourceId": { @@ -4393,14 +4452,14 @@ { "type": "Microsoft.Network/privateEndpoints", "apiVersion": "2023-04-01", - "name": "[replace(parameters('keyVaultName'), parameters('resourcePrefix'), format('{0}-pe', parameters('resourcePrefix')))]", + "name": "[parameters('keyVaultPrivateEndpointName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", "properties": { - "customNetworkInterfaceName": "[replace(parameters('keyVaultName'), parameters('resourcePrefix'), format('{0}-nic', parameters('resourcePrefix')))]", + "customNetworkInterfaceName": "[parameters('keyVaultNetworkInterfaceName')]", "privateLinkServiceConnections": [ { - "name": "[replace(parameters('keyVaultName'), parameters('resourcePrefix'), format('{0}-nic', parameters('resourcePrefix')))]", + "name": "[parameters('keyVaultPrivateEndpointName')]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]", "groupIds": [ @@ -4420,7 +4479,7 @@ { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2021-08-01", - "name": "[format('{0}/{1}', replace(parameters('keyVaultName'), parameters('resourcePrefix'), format('{0}-pe', parameters('resourcePrefix'))), parameters('keyVaultName'))]", + "name": "[format('{0}/{1}', parameters('keyVaultPrivateEndpointName'), parameters('keyVaultName'))]", "properties": { "privateDnsZoneConfigs": [ { @@ -4432,7 +4491,7 @@ ] }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', replace(parameters('keyVaultName'), parameters('resourcePrefix'), format('{0}-pe', parameters('resourcePrefix'))))]" + "[resourceId('Microsoft.Network/privateEndpoints', parameters('keyVaultPrivateEndpointName'))]" ] }, { @@ -4566,8 +4625,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "168612721220957252" + "version": "0.25.3.34343", + "templateHash": "15192708120419122545" } }, "parameters": { @@ -4640,8 +4699,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8686326864657481429" + "version": "0.25.3.34343", + "templateHash": "13423711781167051036" } }, "parameters": { @@ -4727,8 +4786,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10179940749207677256" + "version": "0.25.3.34343", + "templateHash": "15730861210086861424" } }, "parameters": { @@ -4779,8 +4838,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8686326864657481429" + "version": "0.25.3.34343", + "templateHash": "13423711781167051036" } }, "parameters": { @@ -4876,6 +4935,12 @@ }, "mode": "Incremental", "parameters": { + "agentsvcPrivateDnsZoneId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.agentsvcPrivateDnsZoneId.value]" + }, + "location": { + "value": "[parameters('location')]" + }, "logAnalyticsWorkspaceName": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), variables('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, @@ -4885,26 +4950,26 @@ "monitorPrivateDnsZoneId": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.monitorPrivateDnsZoneId.value]" }, - "omsPrivateDnsZoneId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.omsPrivateDnsZoneId.value]" - }, "odsPrivateDnsZoneId": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.odsPrivateDnsZoneId.value]" }, - "agentsvcPrivateDnsZoneId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.agentsvcPrivateDnsZoneId.value]" + "omsPrivateDnsZoneId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.omsPrivateDnsZoneId.value]" }, - "location": { - "value": "[parameters('location')]" + "privateLinkScopeName": { + "value": "[variables('operationsPrivateLinkScopeName')]" }, - "tags": { - "value": "[parameters('tags')]" + "privateLinkScopeNetworkInterfaceName": { + "value": "[variables('operationsPrivateLinkScopeNetworkInterfaceName')]" }, - "resourcePrefix": { - "value": "[parameters('resourcePrefix')]" + "privateLinkScopePrivateEndpointName": { + "value": "[variables('operationsPrivateLinkScopePrivateEndpointName')]" }, "subnetResourceId": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[0].subscriptionId, variables('spokes')[0].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[0].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + }, + "tags": { + "value": "[parameters('tags')]" } }, "template": { @@ -4913,8 +4978,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8449324246862763859" + "version": "0.25.3.34343", + "templateHash": "12054843220401518818" } }, "parameters": { @@ -4940,7 +5005,13 @@ "omsPrivateDnsZoneId": { "type": "string" }, - "resourcePrefix": { + "privateLinkScopeName": { + "type": "string" + }, + "privateLinkScopeNetworkInterfaceName": { + "type": "string" + }, + "privateLinkScopePrivateEndpointName": { "type": "string" }, "subnetResourceId": { @@ -4950,16 +5021,11 @@ "type": "object" } }, - "variables": { - "privateEndpointName": "[replace(parameters('logAnalyticsWorkspaceName'), parameters('resourcePrefix'), format('{0}-pe', parameters('resourcePrefix')))]", - "privateEndpointNetworkInterfaceName": "[replace(parameters('logAnalyticsWorkspaceName'), parameters('resourcePrefix'), format('{0}-nic', parameters('resourcePrefix')))]", - "privateLinkScopeName": "[replace(parameters('logAnalyticsWorkspaceName'), parameters('resourcePrefix'), format('{0}-pls', parameters('resourcePrefix')))]" - }, "resources": [ { "type": "microsoft.insights/privateLinkScopes", "apiVersion": "2021-09-01", - "name": "[variables('privateLinkScopeName')]", + "name": "[parameters('privateLinkScopeName')]", "location": "global", "properties": { "accessModeSettings": { @@ -4971,27 +5037,27 @@ { "type": "Microsoft.Insights/privateLinkScopes/scopedResources", "apiVersion": "2021-09-01", - "name": "[format('{0}/{1}', variables('privateLinkScopeName'), parameters('logAnalyticsWorkspaceName'))]", + "name": "[format('{0}/{1}', parameters('privateLinkScopeName'), parameters('logAnalyticsWorkspaceName'))]", "properties": { "linkedResourceId": "[parameters('logAnalyticsWorkspaceResourceId')]" }, "dependsOn": [ - "[resourceId('microsoft.insights/privateLinkScopes', variables('privateLinkScopeName'))]" + "[resourceId('microsoft.insights/privateLinkScopes', parameters('privateLinkScopeName'))]" ] }, { "type": "Microsoft.Network/privateEndpoints", "apiVersion": "2023-04-01", - "name": "[variables('privateEndpointName')]", + "name": "[parameters('privateLinkScopePrivateEndpointName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", "properties": { - "customNetworkInterfaceName": "[variables('privateEndpointNetworkInterfaceName')]", + "customNetworkInterfaceName": "[parameters('privateLinkScopeNetworkInterfaceName')]", "privateLinkServiceConnections": [ { - "name": "[variables('privateEndpointNetworkInterfaceName')]", + "name": "[parameters('privateLinkScopePrivateEndpointName')]", "properties": { - "privateLinkServiceId": "[resourceId('microsoft.insights/privateLinkScopes', variables('privateLinkScopeName'))]", + "privateLinkServiceId": "[resourceId('microsoft.insights/privateLinkScopes', parameters('privateLinkScopeName'))]", "groupIds": [ "azuremonitor" ] @@ -5003,14 +5069,14 @@ } }, "dependsOn": [ - "[resourceId('microsoft.insights/privateLinkScopes', variables('privateLinkScopeName'))]", - "[resourceId('Microsoft.Insights/privateLinkScopes/scopedResources', variables('privateLinkScopeName'), parameters('logAnalyticsWorkspaceName'))]" + "[resourceId('microsoft.insights/privateLinkScopes', parameters('privateLinkScopeName'))]", + "[resourceId('Microsoft.Insights/privateLinkScopes/scopedResources', parameters('privateLinkScopeName'), parameters('logAnalyticsWorkspaceName'))]" ] }, { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', variables('privateEndpointName'), variables('privateEndpointName'))]", + "name": "[format('{0}/{1}', parameters('privateLinkScopePrivateEndpointName'), parameters('privateLinkScopePrivateEndpointName'))]", "properties": { "privateDnsZoneConfigs": [ { @@ -5040,7 +5106,7 @@ ] }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]" + "[resourceId('Microsoft.Network/privateEndpoints', parameters('privateLinkScopePrivateEndpointName'))]" ] } ] @@ -5201,8 +5267,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3162099420723273910" + "version": "0.25.3.34343", + "templateHash": "9703655683774660490" } }, "parameters": { @@ -5387,8 +5453,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "11993026043185066546" + "version": "0.25.3.34343", + "templateHash": "6758174473664282786" } }, "parameters": { @@ -5502,8 +5568,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16624262267285514706" + "version": "0.25.3.34343", + "templateHash": "4736320911732618289" } }, "parameters": { @@ -5636,8 +5702,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8511457086563424614" + "version": "0.25.3.34343", + "templateHash": "9369570144636987714" } }, "parameters": { @@ -5928,8 +5994,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16624262267285514706" + "version": "0.25.3.34343", + "templateHash": "4736320911732618289" } }, "parameters": { @@ -6062,8 +6128,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5793129099305307535" + "version": "0.25.3.34343", + "templateHash": "10984565982367480987" } }, "parameters": { @@ -6328,11 +6394,17 @@ "logStorageAccountName": { "value": "[variables('hubLogStorageAccountName')]" }, + "logStorageAccountNetworkInterfaceNamePrefix": { + "value": "[variables('hubLogStorageAccountNetworkInterfaceNamePrefix')]" + }, + "logStorageAccountPrivateEndpointNamePrefix": { + "value": "[variables('hubLogStorageAccountPrivateEndpointNamePrefix')]" + }, "logStorageSkuName": { "value": "[parameters('logStorageSkuName')]" }, - "resourcePrefix": { - "value": "[parameters('resourcePrefix')]" + "serviceToken": { + "value": "[variables('serviceToken')]" }, "storageEncryptionKeyName": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" @@ -6356,8 +6428,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3711120774165826362" + "version": "0.25.3.34343", + "templateHash": "731609973799317176" } }, "parameters": { @@ -6373,10 +6445,16 @@ "logStorageSkuName": { "type": "string" }, + "logStorageAccountNetworkInterfaceNamePrefix": { + "type": "string" + }, + "logStorageAccountPrivateEndpointNamePrefix": { + "type": "string" + }, "location": { "type": "string" }, - "resourcePrefix": { + "serviceToken": { "type": "string" }, "storageEncryptionKeyName": { @@ -6409,17 +6487,14 @@ "blobsPrivateDnsZoneResourceId": { "value": "[parameters('blobsPrivateDnsZoneResourceId')]" }, - "userAssignedIdentityResourceId": { - "value": "[parameters('userAssignedIdentityResourceId')]" - }, "keyVaultUri": { "value": "[parameters('keyVaultUri')]" }, "location": { "value": "[parameters('location')]" }, - "resourcePrefix": { - "value": "[parameters('resourcePrefix')]" + "serviceToken": { + "value": "[parameters('serviceToken')]" }, "skuName": { "value": "[parameters('logStorageSkuName')]" @@ -6427,6 +6502,12 @@ "storageAccountName": { "value": "[parameters('logStorageAccountName')]" }, + "storageAccountNetworkInterfaceNamePrefix": { + "value": "[parameters('logStorageAccountNetworkInterfaceNamePrefix')]" + }, + "storageAccountPrivateEndpointNamePrefix": { + "value": "[parameters('logStorageAccountPrivateEndpointNamePrefix')]" + }, "storageEncryptionKeyName": { "value": "[parameters('storageEncryptionKeyName')]" }, @@ -6438,6 +6519,9 @@ }, "tags": { "value": "[parameters('tags')]" + }, + "userAssignedIdentityResourceId": { + "value": "[parameters('userAssignedIdentityResourceId')]" } }, "template": { @@ -6446,8 +6530,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "234191582863282012" + "version": "0.25.3.34343", + "templateHash": "15653504711976838150" } }, "parameters": { @@ -6460,7 +6544,7 @@ "location": { "type": "string" }, - "resourcePrefix": { + "serviceToken": { "type": "string" }, "skuName": { @@ -6469,6 +6553,12 @@ "storageAccountName": { "type": "string" }, + "storageAccountNetworkInterfaceNamePrefix": { + "type": "string" + }, + "storageAccountPrivateEndpointNamePrefix": { + "type": "string" + }, "storageEncryptionKeyName": { "type": "string" }, @@ -6563,14 +6653,14 @@ }, "type": "Microsoft.Network/privateEndpoints", "apiVersion": "2023-04-01", - "name": "[format('{0}-{1}', replace(parameters('storageAccountName'), parameters('resourcePrefix'), format('{0}-pe-', parameters('resourcePrefix'))), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "name": "[replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", "properties": { - "customNetworkInterfaceName": "[format('{0}-{1}', replace(parameters('storageAccountName'), parameters('resourcePrefix'), format('{0}-nic-', parameters('resourcePrefix'))), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "customNetworkInterfaceName": "[replace(parameters('storageAccountNetworkInterfaceNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", "privateLinkServiceConnections": [ { - "name": "[format('{0}-{1}', replace(parameters('storageAccountName'), parameters('resourcePrefix'), format('{0}-nic-', parameters('resourcePrefix'))), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "name": "[replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]", "groupIds": [ @@ -6594,7 +6684,7 @@ }, "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2021-08-01", - "name": "[format('{0}/{1}', format('{0}-{1}', replace(parameters('storageAccountName'), parameters('resourcePrefix'), format('{0}-pe-', parameters('resourcePrefix'))), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]), parameters('storageAccountName'))]", + "name": "[format('{0}/{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]), parameters('storageAccountName'))]", "properties": { "privateDnsZoneConfigs": [ { @@ -6606,7 +6696,7 @@ ] }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', format('{0}-{1}', replace(parameters('storageAccountName'), parameters('resourcePrefix'), format('{0}-pe-', parameters('resourcePrefix'))), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]))]" + "[resourceId('Microsoft.Network/privateEndpoints', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]))]" ] } ], @@ -6663,11 +6753,17 @@ "logStorageAccountName": { "value": "[variables('spokes')[copyIndex()].logStorageAccountName]" }, + "logStorageAccountNetworkInterfaceNamePrefix": { + "value": "[variables('spokes')[copyIndex()].logStorageAccountNetworkInterfaceNamePrefix]" + }, + "logStorageAccountPrivateEndpointNamePrefix": { + "value": "[variables('spokes')[copyIndex()].logStorageAccountPrivateEndpointNamePrefix]" + }, "logStorageSkuName": { "value": "[parameters('logStorageSkuName')]" }, - "resourcePrefix": { - "value": "[parameters('resourcePrefix')]" + "serviceToken": { + "value": "[variables('serviceToken')]" }, "storageEncryptionKeyName": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" @@ -6691,8 +6787,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6037549614709568341" + "version": "0.25.3.34343", + "templateHash": "7202575809788947481" } }, "parameters": { @@ -6708,10 +6804,16 @@ "logStorageAccountName": { "type": "string" }, + "logStorageAccountNetworkInterfaceNamePrefix": { + "type": "string" + }, + "logStorageAccountPrivateEndpointNamePrefix": { + "type": "string" + }, "logStorageSkuName": { "type": "string" }, - "resourcePrefix": { + "serviceToken": { "type": "string" }, "storageEncryptionKeyName": { @@ -6750,8 +6852,8 @@ "location": { "value": "[parameters('location')]" }, - "resourcePrefix": { - "value": "[parameters('resourcePrefix')]" + "serviceToken": { + "value": "[parameters('serviceToken')]" }, "skuName": { "value": "[parameters('logStorageSkuName')]" @@ -6759,6 +6861,12 @@ "storageAccountName": { "value": "[parameters('logStorageAccountName')]" }, + "storageAccountNetworkInterfaceNamePrefix": { + "value": "[parameters('logStorageAccountNetworkInterfaceNamePrefix')]" + }, + "storageAccountPrivateEndpointNamePrefix": { + "value": "[parameters('logStorageAccountPrivateEndpointNamePrefix')]" + }, "storageEncryptionKeyName": { "value": "[parameters('storageEncryptionKeyName')]" }, @@ -6781,8 +6889,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "234191582863282012" + "version": "0.25.3.34343", + "templateHash": "15653504711976838150" } }, "parameters": { @@ -6795,7 +6903,7 @@ "location": { "type": "string" }, - "resourcePrefix": { + "serviceToken": { "type": "string" }, "skuName": { @@ -6804,6 +6912,12 @@ "storageAccountName": { "type": "string" }, + "storageAccountNetworkInterfaceNamePrefix": { + "type": "string" + }, + "storageAccountPrivateEndpointNamePrefix": { + "type": "string" + }, "storageEncryptionKeyName": { "type": "string" }, @@ -6898,14 +7012,14 @@ }, "type": "Microsoft.Network/privateEndpoints", "apiVersion": "2023-04-01", - "name": "[format('{0}-{1}', replace(parameters('storageAccountName'), parameters('resourcePrefix'), format('{0}-pe-', parameters('resourcePrefix'))), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "name": "[replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", "properties": { - "customNetworkInterfaceName": "[format('{0}-{1}', replace(parameters('storageAccountName'), parameters('resourcePrefix'), format('{0}-nic-', parameters('resourcePrefix'))), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "customNetworkInterfaceName": "[replace(parameters('storageAccountNetworkInterfaceNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", "privateLinkServiceConnections": [ { - "name": "[format('{0}-{1}', replace(parameters('storageAccountName'), parameters('resourcePrefix'), format('{0}-nic-', parameters('resourcePrefix'))), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "name": "[replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]", "groupIds": [ @@ -6929,7 +7043,7 @@ }, "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2021-08-01", - "name": "[format('{0}/{1}', format('{0}-{1}', replace(parameters('storageAccountName'), parameters('resourcePrefix'), format('{0}-pe-', parameters('resourcePrefix'))), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]), parameters('storageAccountName'))]", + "name": "[format('{0}/{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]), parameters('storageAccountName'))]", "properties": { "privateDnsZoneConfigs": [ { @@ -6941,7 +7055,7 @@ ] }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', format('{0}-{1}', replace(parameters('storageAccountName'), parameters('resourcePrefix'), format('{0}-pe-', parameters('resourcePrefix'))), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]))]" + "[resourceId('Microsoft.Network/privateEndpoints', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]))]" ] } ], @@ -7034,8 +7148,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5804157384629948286" + "version": "0.25.3.34343", + "templateHash": "18436014008263544552" } }, "parameters": { @@ -7115,8 +7229,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7786315125053139576" + "version": "0.25.3.34343", + "templateHash": "9563059298737306397" } }, "parameters": { @@ -7185,8 +7299,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15623637455522175927" + "version": "0.25.3.34343", + "templateHash": "6200146705689087632" } }, "parameters": { @@ -7259,8 +7373,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8851210835492653728" + "version": "0.25.3.34343", + "templateHash": "766442199540765035" } }, "parameters": { @@ -7329,8 +7443,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9632306168160596389" + "version": "0.25.3.34343", + "templateHash": "18346348356547245491" } }, "parameters": { @@ -7429,8 +7543,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1181334419264940080" + "version": "0.25.3.34343", + "templateHash": "16798197829440450501" } }, "parameters": { @@ -7492,8 +7606,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7786315125053139576" + "version": "0.25.3.34343", + "templateHash": "9563059298737306397" } }, "parameters": { @@ -7562,8 +7676,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15623637455522175927" + "version": "0.25.3.34343", + "templateHash": "6200146705689087632" } }, "parameters": { @@ -7635,8 +7749,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3850477028148266020" + "version": "0.25.3.34343", + "templateHash": "7553758682045649435" } }, "parameters": { @@ -7736,8 +7850,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3850477028148266020" + "version": "0.25.3.34343", + "templateHash": "7553758682045649435" } }, "parameters": { @@ -7832,8 +7946,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6866155279282592403" + "version": "0.25.3.34343", + "templateHash": "5825314222840544285" } }, "parameters": { @@ -7918,8 +8032,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16693295535307781768" + "version": "0.25.3.34343", + "templateHash": "12378909274661835693" } }, "parameters": { @@ -8100,8 +8214,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8686326864657481429" + "version": "0.25.3.34343", + "templateHash": "13423711781167051036" } }, "parameters": { @@ -8194,8 +8308,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16693295535307781768" + "version": "0.25.3.34343", + "templateHash": "12378909274661835693" } }, "parameters": { @@ -8376,8 +8490,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8686326864657481429" + "version": "0.25.3.34343", + "templateHash": "13423711781167051036" } }, "parameters": { @@ -8460,8 +8574,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17349871984393503749" + "version": "0.25.3.34343", + "templateHash": "2484276713853548833" } }, "parameters": { @@ -8611,8 +8725,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17349871984393503749" + "version": "0.25.3.34343", + "templateHash": "2484276713853548833" } }, "parameters": { diff --git a/src/bicep/modules/azure-monitor.bicep b/src/bicep/modules/azure-monitor.bicep index f1f4adfa..d739137f 100644 --- a/src/bicep/modules/azure-monitor.bicep +++ b/src/bicep/modules/azure-monitor.bicep @@ -10,14 +10,12 @@ param logAnalyticsWorkspaceResourceId string param monitorPrivateDnsZoneId string param odsPrivateDnsZoneId string param omsPrivateDnsZoneId string -param resourcePrefix string +param privateLinkScopeName string +param privateLinkScopeNetworkInterfaceName string +param privateLinkScopePrivateEndpointName string param subnetResourceId string param tags object -var privateEndpointName = replace(logAnalyticsWorkspaceName, resourcePrefix, '${resourcePrefix}-pe') -var privateEndpointNetworkInterfaceName = replace(logAnalyticsWorkspaceName, resourcePrefix, '${resourcePrefix}-nic') -var privateLinkScopeName = replace(logAnalyticsWorkspaceName, resourcePrefix, '${resourcePrefix}-pls') - resource privateLinkScope 'microsoft.insights/privateLinkScopes@2021-09-01' = { name: privateLinkScopeName location: 'global' @@ -38,14 +36,14 @@ resource scopedResource 'Microsoft.Insights/privateLinkScopes/scopedResources@20 } resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { - name: privateEndpointName + name: privateLinkScopePrivateEndpointName location: location tags: tags properties: { - customNetworkInterfaceName: privateEndpointNetworkInterfaceName + customNetworkInterfaceName: privateLinkScopeNetworkInterfaceName privateLinkServiceConnections: [ { - name: privateEndpointNetworkInterfaceName + name: privateLinkScopePrivateEndpointName properties: { privateLinkServiceId: privateLinkScope.id groupIds: [ @@ -64,7 +62,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { } resource privateDnsZoneGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2023-04-01' = { - name: privateEndpointName + name: privateLinkScopePrivateEndpointName parent: privateEndpoint properties: { privateDnsZoneConfigs: [ diff --git a/src/bicep/modules/key-vault.bicep b/src/bicep/modules/key-vault.bicep index e86482f3..954bd33f 100644 --- a/src/bicep/modules/key-vault.bicep +++ b/src/bicep/modules/key-vault.bicep @@ -1,8 +1,9 @@ param diskEncryptionKeyExpirationInDays int = 30 param keyVaultName string +param keyVaultNetworkInterfaceName string param keyVaultPrivateDnsZoneResourceId string +param keyVaultPrivateEndpointName string param location string -param resourcePrefix string param subnetResourceId string param tags object @@ -34,14 +35,14 @@ resource vault 'Microsoft.KeyVault/vaults@2022-07-01' = { } resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { - name: replace(keyVaultName, resourcePrefix, '${resourcePrefix}-pe') + name: keyVaultPrivateEndpointName location: location tags: tags properties: { - customNetworkInterfaceName: replace(keyVaultName, resourcePrefix, '${resourcePrefix}-nic') + customNetworkInterfaceName: keyVaultNetworkInterfaceName privateLinkServiceConnections: [ { - name: replace(keyVaultName, resourcePrefix, '${resourcePrefix}-nic') + name: keyVaultPrivateEndpointName properties: { privateLinkServiceId: vault.id groupIds: [ diff --git a/src/bicep/modules/storage-account.bicep b/src/bicep/modules/storage-account.bicep index 315e2c74..37c495d3 100644 --- a/src/bicep/modules/storage-account.bicep +++ b/src/bicep/modules/storage-account.bicep @@ -6,9 +6,11 @@ Licensed under the MIT License. param blobsPrivateDnsZoneResourceId string param keyVaultUri string param location string -param resourcePrefix string +param serviceToken string param skuName string param storageAccountName string +param storageAccountNetworkInterfaceNamePrefix string +param storageAccountPrivateEndpointNamePrefix string param storageEncryptionKeyName string param subnetResourceId string param tablesPrivateDnsZoneResourceId string @@ -84,14 +86,14 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = { } resource privateEndpoints 'Microsoft.Network/privateEndpoints@2023-04-01' = [for (zone, i) in zones: { - name: '${replace(storageAccountName, resourcePrefix, '${resourcePrefix}-pe-')}-${split(split(zone, '/')[8], '.')[1]}' + name: replace(storageAccountPrivateEndpointNamePrefix, serviceToken, split(split(zone, '/')[8], '.')[1]) location: location tags: tags properties: { - customNetworkInterfaceName: '${replace(storageAccountName, resourcePrefix, '${resourcePrefix}-nic-')}-${split(split(zone, '/')[8], '.')[1]}' + customNetworkInterfaceName: replace(storageAccountNetworkInterfaceNamePrefix, serviceToken, split(split(zone, '/')[8], '.')[1]) privateLinkServiceConnections: [ { - name: '${replace(storageAccountName, resourcePrefix, '${resourcePrefix}-nic-')}-${split(split(zone, '/')[8], '.')[1]}' + name: replace(storageAccountPrivateEndpointNamePrefix, serviceToken, split(split(zone, '/')[8], '.')[1]) properties: { privateLinkServiceId: storageAccount.id groupIds: [