зеркало из https://github.com/Azure/vdc.git
2c83f220e1
* AKS Archetype - Initial Commit * Change in pipeline variable group for testing * Corrected dependency to the teardown of validation resource group * Corrected the dependsOn for TearDownValidationResourceGroup * Changed the Azure Subscription * Changed from SharedServices to AKS in pipeline.yml * Added missing Tests folder * Removing duplicate task * Updates to new modules * Separate module for application rule * Update to application rule module * Clean up * Cleaned up security center module * Multiple var groups * Added var groups for AKS * Added env vars for User group IDs * Updated the Packer agent file to include the az cli installation * Splitting into Archetype and LandingZone * Updated the paths in pipeline.yml after restructuring folders * More updates to file paths * AzureSecurityCenter correction * Separate module for updating Azure Firewall * Code fix for prevention of resource group while executing scripts * Corrections to the orchestration and parameters file * Added the Azure Firewall update section to the pipeline yml file * Fixed json parameters file for AKS module that was formatted incorrectly * Minor fixes to Virtual Network * Updated the subscription GUIDs and added a subscription info for AKS * Changed vNet to VirtualNetwork. Also, added dependsOn for AKS Archetype in Orchestration file. * Changed the KeyVault behavior to enable Service EndPoint after Landing Zone deployment. * Orchestration and Pipeline updates for AKS Archetype * AKS Archetype pipeline / orchestration update * Fixed unsupported versions for aks * Changes based on feedback from AKS Archetype review * Minor changes - feedback work continued * Pipeline changes specific to AKS LandingZone * AKS Archetype - Initial Commit * Change in pipeline variable group for testing * Corrected dependency to the teardown of validation resource group * Corrected the dependsOn for TearDownValidationResourceGroup * Changed the Azure Subscription * Changed from SharedServices to AKS in pipeline.yml * Added missing Tests folder * Removing duplicate task * Updates to new modules * Separate module for application rule * Update to application rule module * Clean up * Cleaned up security center module * Multiple var groups * Added var groups for AKS * Added env vars for User group IDs * Updated the Packer agent file to include the az cli installation * Splitting into Archetype and LandingZone * Updated the paths in pipeline.yml after restructuring folders * More updates to file paths * AzureSecurityCenter correction * Separate module for updating Azure Firewall * Code fix for prevention of resource group while executing scripts * Corrections to the orchestration and parameters file * Added the Azure Firewall update section to the pipeline yml file * Fixed json parameters file for AKS module that was formatted incorrectly * Minor fixes to Virtual Network * Updated the subscription GUIDs and added a subscription info for AKS * Changed vNet to VirtualNetwork. Also, added dependsOn for AKS Archetype in Orchestration file. * Changed the KeyVault behavior to enable Service EndPoint after Landing Zone deployment. * Orchestration and Pipeline updates for AKS Archetype * AKS Archetype pipeline / orchestration update * Fixed unsupported versions for aks * Changes based on feedback from AKS Archetype review * Minor changes - feedback work continued * Pipeline changes specific to AKS LandingZone * Changes based on testing firewall rules update logic * Pipeline yml file updated * Minor update * Minor update * Minor update * Minor correction to file path * Minor file path correction * Minor correction * Debug statements added * Fix for Azure Firewall scripts * Updated * Updated * Minor update * Pipeline jobs rearranged. * File path fixed * Fixes to chmod script * Minor fixes * Updated the dependencies * Corrected the bootstrap var in pipeline * Live updates from feedback review * Fixes based on today's review |
||
|---|---|---|
| .. | ||
| Pipeline | ||
| Policy | ||
| RBAC | ||
| Scripts | ||
| Tests | ||
| deploy.json | ||
| readme.md | ||
readme.md
AzureFirewall
This module deploys Azure Firewall.
Resources
- Microsoft.Network/azureFirewalls
- Microsoft.Network/azureFirewalls/providers/diagnosticsettings
- Microsoft.Network/publicIPAddresses
Parameters
| Parameter Name | Default Value | Description |
|---|---|---|
azureFirewallName |
Required. Name of the Azure Firewall. | |
applicationRuleCollections |
Required. Collection of application rule collections used by Azure Firewall. | |
networkRuleCollections |
Required. Collection of network rule collections used by Azure Firewall. | |
vNetId |
Required. Shared services Virtual Network resource Id | |
diagnosticStorageAccountId |
Required. Diagnostic Storage Account resource identifier | |
workspaceId |
Required. Log Analytics workspace resource identifier | |
logsRetentionInDays |
365 |
Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. |
Outputs
| Output Name | Description |
|---|---|
azureFirewallResourceId |
The Resource Id of the Azure Firewall. |
azureFirewallName |
The Name of the Azure Firewall. |
azureFirewallResourceGroup |
The name of the Resource Group the Azure Firewall was created in. |
azureFirewallPrivateIp |
The private IP of the Azure Firewall. |
azureFirewallPublicIp |
The public IP of the Azure Firewall. |
applicationRuleCollections |
List of Application Rule Collections. |
networkRuleCollections |
List of Network Rule Collections. |
Considerations
The applicationRuleCollections parameter accepts a JSON Array of AzureFirewallApplicationRule objects.
The networkRuleCollections parameter accepts a JSON Array of AzureFirewallNetworkRuleCollection objects.