From fdd68623d8b47c9939e098b8e46afcf347f58f09 Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 11:36:45 -0400 Subject: [PATCH 01/14] Update udr schema type --- .../landingzones/lz-generic-subscription.json | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/schemas/latest/landingzones/lz-generic-subscription.json b/schemas/latest/landingzones/lz-generic-subscription.json index f69ecfa1..31a931cb 100644 --- a/schemas/latest/landingzones/lz-generic-subscription.json +++ b/schemas/latest/landingzones/lz-generic-subscription.json @@ -216,6 +216,19 @@ ], "title": "Nsg" }, + "Udr": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "title": "Udr" + }, "Subnet": { "type": "object", "additionalProperties": false, @@ -233,7 +246,7 @@ "$ref": "#/definitions/Nsg" }, "udr": { - "$ref": "#/definitions/Nsg" + "$ref": "#/definitions/Udr" }, "delegations": { "$ref": "#/definitions/Delegations" From 27d65e7bd71e43b86ab17f5b298bca3b35c4f75d Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 11:56:06 -0400 Subject: [PATCH 02/14] Support for optional subnets --- ...cbed91ab29a7_healthcare_canadacentral.json | 3 +- ...04f2c98_machinelearning_canadacentral.json | 3 +- ...1dd0e27_machinelearning_canadacentral.json | 3 +- ...5b60c30_machinelearning_canadacentral.json | 3 +- ...8a144aa_machinelearning_canadacentral.json | 3 +- landingzones/lz-healthcare/networking.bicep | 187 ++++++++------ .../lz-machinelearning/networking.bicep | 233 ++++++++++-------- .../latest/landingzones/lz-healthcare.json | 80 +++++- .../landingzones/lz-machinelearning.json | 80 +++++- .../deployment-tests/test-runner.bicep | 1 + .../deployment-tests/test-runner.bicep | 1 + .../schemas/lz-healthcare/BudgetIsFalse.json | 3 +- tests/schemas/lz-healthcare/BudgetIsTrue.json | 3 +- .../lz-healthcare/EmptyResourceTags.json | 3 +- .../lz-healthcare/EmptySubscriptionTags.json | 3 +- .../FullDeployment-With-Hub.json | 3 +- .../FullDeployment-With-Location.json | 3 +- .../FullDeployment-Without-Hub.json | 3 +- .../lz-healthcare/SQLDB-aadAuthOnly.json | 3 +- .../lz-healthcare/SQLDB-mixedAuth.json | 3 +- .../schemas/lz-healthcare/SQLDB-sqlAuth.json | 3 +- tests/schemas/lz-healthcare/SQLDBIsFalse.json | 3 +- .../lz-healthcare/Synapse-aadAuthOnly.json | 3 +- .../lz-healthcare/Synapse-mixedAuth.json | 3 +- .../lz-healthcare/Synapse-sqlAuth.json | 3 +- tests/schemas/lz-healthcare/WithoutCMK.json | 3 +- .../AKS-AzureCNI-AzureNP.json | 3 +- .../AKS-AzureCNI-Calico.json | 3 +- .../AKS-Kubenet-Calico.json | 3 +- .../lz-machinelearning/AKSIsFalse.json | 3 +- .../AppServiceLinuxContainerIsFalse.json | 3 +- ...eLinuxContainerPrivateEndpointIsFalse.json | 3 +- .../lz-machinelearning/BudgetIsFalse.json | 3 +- .../lz-machinelearning/BudgetIsTrue.json | 3 +- .../lz-machinelearning/EmptyResourceTags.json | 3 +- .../EmptySubscriptionTags.json | 3 +- .../FullDeployment-With-Hub.json | 3 +- .../FullDeployment-With-Location.json | 3 +- .../FullDeployment-Without-Hub.json | 3 +- .../lz-machinelearning/SQLDB-aadAuthOnly.json | 3 +- .../lz-machinelearning/SQLDB-mixedAuth.json | 3 +- .../lz-machinelearning/SQLDB-sqlAuth.json | 3 +- .../lz-machinelearning/SQLDBIsFalse.json | 3 +- .../lz-machinelearning/SQLMIIsFalse.json | 3 +- .../lz-machinelearning/WithoutCMK.json | 3 +- 45 files changed, 488 insertions(+), 211 deletions(-) diff --git a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json index 88ba9628..daaf0c60 100644 --- a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json +++ b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json @@ -144,7 +144,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json index 274370e8..2b2e213b 100644 --- a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json +++ b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json @@ -172,7 +172,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.6.10.0/25" - } + }, + "optional": [] } } } diff --git a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json index 804b6f3a..91a6bcac 100644 --- a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json +++ b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json @@ -176,7 +176,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json index ebd743ac..be16832c 100644 --- a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json +++ b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json @@ -176,7 +176,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.3.10.0/25" - } + }, + "optional": [] } } } diff --git a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json index 6f5885da..9b7dbb5d 100644 --- a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json +++ b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json @@ -177,7 +177,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.4.10.0/25" - } + }, + "optional": [] } } } diff --git a/landingzones/lz-healthcare/networking.bicep b/landingzones/lz-healthcare/networking.bicep index 83165c18..d4d56784 100644 --- a/landingzones/lz-healthcare/networking.bicep +++ b/landingzones/lz-healthcare/networking.bicep @@ -117,7 +117,6 @@ param network object var hubVnetIdSplit = split(hubNetwork.virtualNetworkId, '/') var usingCustomDNSServers = length(network.dnsServers) > 0 -/* var routesToHub = [ // Force Routes to Hub IPs (RFC1918 range) via FW despite knowing that route via peering { @@ -146,9 +145,16 @@ var routesToHub = [ } } ] -*/ // Network Security Groups +resource nsg 'Microsoft.Network/networkSecurityGroups@2021-02-01' = [for subnet in network.optional: if (subnet.nsg.enabled) { + name: '${subnet.name}Nsg' + location: location + properties: { + securityRules: [] + } +}] + module nsgDatabricks '../../azresources/network/nsg/nsg-databricks.bicep' = { name: 'deploy-nsg-databricks' params: { @@ -171,6 +177,14 @@ module nsgWebApp '../../azresources/network/nsg/nsg-empty.bicep' = { } // Route Tables +resource udr 'Microsoft.Network/routeTables@2021-02-01' = { + name: 'RouteTable' + location: location + properties: { + routes: network.peerToHubVirtualNetwork ? routesToHub : null + } +} + module udrDatabricksPublic '../../azresources/network/udr/udr-databricks-public.bicep' = { name: 'deploy-route-table-databricks-public' params: { @@ -200,90 +214,115 @@ module udrWebApp '../../azresources/network/udr/udr-custom.bicep' = { } // Virtual Network -resource vnet 'Microsoft.Network/virtualNetworks@2021-02-01' = { - name: network.name - location: location - properties: { - dhcpOptions: { - dnsServers: network.dnsServers - } - addressSpace: { - addressPrefixes: network.addressPrefixes - } - subnets: [ - { - name: network.subnets.privateEndpoints.name - properties: { - addressPrefix: network.subnets.privateEndpoints.addressPrefix - privateEndpointNetworkPolicies: 'Disabled' - serviceEndpoints: [ - { - service: 'Microsoft.Storage' - } - ] +var requiredSubnets = [ + { + name: network.subnets.privateEndpoints.name + properties: { + addressPrefix: network.subnets.privateEndpoints.addressPrefix + privateEndpointNetworkPolicies: 'Disabled' + serviceEndpoints: [ + { + service: 'Microsoft.Storage' } + ] + } + } + { + name: network.subnets.web.name + properties: { + addressPrefix: network.subnets.web.addressPrefix + networkSecurityGroup: { + id: nsgWebApp.outputs.nsgId } - { - name: network.subnets.web.name - properties: { - addressPrefix: network.subnets.web.addressPrefix - networkSecurityGroup: { - id: nsgWebApp.outputs.nsgId - } - routeTable: { - id: udrWebApp.outputs.udrId + routeTable: { + id: udrWebApp.outputs.udrId + } + delegations: [ + { + name: 'webapp' + properties: { + serviceName: 'Microsoft.Web/serverFarms' } - delegations: [ - { - name: 'webapp' - properties: { - serviceName: 'Microsoft.Web/serverFarms' - } - } - ] } + ] + } + } + { + name: network.subnets.databricksPublic.name + properties: { + addressPrefix: network.subnets.databricksPublic.addressPrefix + networkSecurityGroup: { + id: nsgDatabricks.outputs.publicNsgId } - { - name: network.subnets.databricksPublic.name - properties: { - addressPrefix: network.subnets.databricksPublic.addressPrefix - networkSecurityGroup: { - id: nsgDatabricks.outputs.publicNsgId - } - routeTable: { - id: udrDatabricksPublic.outputs.udrId + routeTable: { + id: udrDatabricksPublic.outputs.udrId + } + delegations: [ + { + name: 'databricks-delegation-public' + properties: { + serviceName: 'Microsoft.Databricks/workspaces' } - delegations: [ - { - name: 'databricks-delegation-public' - properties: { - serviceName: 'Microsoft.Databricks/workspaces' - } - } - ] } + ] + } + } + { + name: network.subnets.databricksPrivate.name + properties: { + addressPrefix: network.subnets.databricksPrivate.addressPrefix + networkSecurityGroup: { + id: nsgDatabricks.outputs.privateNsgId + } + routeTable: { + id: udrDatabricksPrivate.outputs.udrId } + delegations: [ + { + name: 'databricks-delegation-private' + properties: { + serviceName: 'Microsoft.Databricks/workspaces' + } + } + ] + } + } +] + +var optionalSubnets = [for (subnet, i) in network.optional: { + name: subnet.name + properties: { + addressPrefix: subnet.addressPrefix + networkSecurityGroup: (subnet.nsg.enabled) ? { + id: nsg[i].id + } : null + routeTable: (subnet.udr.enabled) ? { + id: udr.id + } : null + delegations: contains(subnet, 'delegations') ? [ { - name: network.subnets.databricksPrivate.name + name: replace(subnet.delegations.serviceName, '/', '.') properties: { - addressPrefix: network.subnets.databricksPrivate.addressPrefix - networkSecurityGroup: { - id: nsgDatabricks.outputs.privateNsgId - } - routeTable: { - id: udrDatabricksPrivate.outputs.udrId - } - delegations: [ - { - name: 'databricks-delegation-private' - properties: { - serviceName: 'Microsoft.Databricks/workspaces' - } - } - ] + serviceName: subnet.delegations.serviceName } } - ] + ] : null + } +}] + +var allSubnets = union(requiredSubnets, optionalSubnets) + +resource vnet 'Microsoft.Network/virtualNetworks@2021-02-01' = { + name: network.name + location: location + properties: { + dhcpOptions: { + dnsServers: network.dnsServers + } + addressSpace: { + addressPrefixes: network.addressPrefixes + } + subnets: allSubnets } } diff --git a/landingzones/lz-machinelearning/networking.bicep b/landingzones/lz-machinelearning/networking.bicep index 90a62fbf..54e5e2d0 100644 --- a/landingzones/lz-machinelearning/networking.bicep +++ b/landingzones/lz-machinelearning/networking.bicep @@ -168,6 +168,14 @@ var routesToHub = [ ] // Network Security Groups +resource nsg 'Microsoft.Network/networkSecurityGroups@2021-02-01' = [for subnet in network.optional: if (subnet.nsg.enabled) { + name: '${subnet.name}Nsg' + location: location + properties: { + securityRules: [] + } +}] + module nsgDatabricks '../../azresources/network/nsg/nsg-databricks.bicep' = { name: 'deploy-nsg-databricks' params: { @@ -194,6 +202,14 @@ module nsgAppService '../../azresources/network/nsg/nsg-empty.bicep' = { } // Route Tables +resource udr 'Microsoft.Network/routeTables@2021-02-01' = { + name: 'RouteTable' + location: location + properties: { + routes: network.peerToHubVirtualNetwork ? routesToHub : null + } +} + resource udrAKS 'Microsoft.Network/routeTables@2021-02-01' = { name: '${network.subnets.aks.name}Udr' location: location @@ -235,120 +251,145 @@ module udrAppService '../../azresources/network/udr/udr-custom.bicep' = { } // Virtual Network -resource vnet 'Microsoft.Network/virtualNetworks@2021-02-01' = { - name: network.name - location: location - properties: { - dhcpOptions: { - dnsServers: network.dnsServers +var requiredSubnets = [ + { + name: network.subnets.privateEndpoints.name + properties: { + addressPrefix: network.subnets.privateEndpoints.addressPrefix + privateEndpointNetworkPolicies: 'Disabled' } - addressSpace: { - addressPrefixes: network.addressPrefixes + } + { + name: network.subnets.aks.name + properties: { + addressPrefix: network.subnets.aks.addressPrefix + routeTable: { + id: udrAKS.id + } + privateEndpointNetworkPolicies: 'Disabled' } - subnets: [ - { - name: network.subnets.privateEndpoints.name - properties: { - addressPrefix: network.subnets.privateEndpoints.addressPrefix - privateEndpointNetworkPolicies: 'Disabled' - } + } + { + name: network.subnets.appService.name + properties: { + addressPrefix: network.subnets.appService.addressPrefix + networkSecurityGroup: { + id: nsgAppService.outputs.nsgId } - { - name: network.subnets.aks.name - properties: { - addressPrefix: network.subnets.aks.addressPrefix - routeTable: { - id: udrAKS.id + routeTable: { + id: udrAppService.outputs.udrId + } + delegations: [ + { + name: 'app-service-delegation' + properties: { + serviceName: 'Microsoft.Web/serverFarms' } - privateEndpointNetworkPolicies: 'Disabled' } + ] + } + } + { + name: network.subnets.databricksPublic.name + properties: { + addressPrefix: network.subnets.databricksPublic.addressPrefix + networkSecurityGroup: { + id: nsgDatabricks.outputs.publicNsgId } - { - name: network.subnets.appService.name - properties: { - addressPrefix: network.subnets.appService.addressPrefix - networkSecurityGroup: { - id: nsgAppService.outputs.nsgId - } - routeTable: { - id: udrAppService.outputs.udrId + routeTable: { + id: udrDatabricksPublic.outputs.udrId + } + delegations: [ + { + name: 'databricks-delegation-public' + properties: { + serviceName: 'Microsoft.Databricks/workspaces' } - delegations: [ - { - name: 'app-service-delegation' - properties: { - serviceName: 'Microsoft.Web/serverFarms' - } - } - ] } + ] + } + } + { + name: network.subnets.databricksPrivate.name + properties: { + addressPrefix: network.subnets.databricksPrivate.addressPrefix + networkSecurityGroup: { + id: nsgDatabricks.outputs.privateNsgId } - { - name: network.subnets.databricksPublic.name - properties: { - addressPrefix: network.subnets.databricksPublic.addressPrefix - networkSecurityGroup: { - id: nsgDatabricks.outputs.publicNsgId - } - routeTable: { - id: udrDatabricksPublic.outputs.udrId + routeTable: { + id: udrDatabricksPrivate.outputs.udrId + } + delegations: [ + { + name: 'databricks-delegation-private' + properties: { + serviceName: 'Microsoft.Databricks/workspaces' } - delegations: [ - { - name: 'databricks-delegation-public' - properties: { - serviceName: 'Microsoft.Databricks/workspaces' - } - } - ] } + ] + } + } + { + name: network.subnets.sqlmi.name + properties: { + addressPrefix: network.subnets.sqlmi.addressPrefix + routeTable: { + id: udrSqlMi.outputs.udrId } - { - name: network.subnets.databricksPrivate.name - properties: { - addressPrefix: network.subnets.databricksPrivate.addressPrefix - networkSecurityGroup: { - id: nsgDatabricks.outputs.privateNsgId - } - routeTable: { - id: udrDatabricksPrivate.outputs.udrId + networkSecurityGroup: { + id: nsgSqlMi.outputs.nsgId + } + serviceEndpoints: [ + { + service: 'Microsoft.Storage' + } + ] + delegations: [ + { + name: 'sqlmi-delegation' + properties: { + serviceName: 'Microsoft.Sql/managedInstances' } - delegations: [ - { - name: 'databricks-delegation-private' - properties: { - serviceName: 'Microsoft.Databricks/workspaces' - } - } - ] } - } + ] + } + } +] + +var optionalSubnets = [for (subnet, i) in network.optional: { + name: subnet.name + properties: { + addressPrefix: subnet.addressPrefix + networkSecurityGroup: (subnet.nsg.enabled) ? { + id: nsg[i].id + } : null + routeTable: (subnet.udr.enabled) ? { + id: udr.id + } : null + delegations: contains(subnet, 'delegations') ? [ { - name: network.subnets.sqlmi.name + name: replace(subnet.delegations.serviceName, '/', '.') properties: { - addressPrefix: network.subnets.sqlmi.addressPrefix - routeTable: { - id: udrSqlMi.outputs.udrId - } - networkSecurityGroup: { - id: nsgSqlMi.outputs.nsgId - } - serviceEndpoints: [ - { - service: 'Microsoft.Storage' - } - ] - delegations: [ - { - name: 'sqlmi-delegation' - properties: { - serviceName: 'Microsoft.Sql/managedInstances' - } - } - ] + serviceName: subnet.delegations.serviceName } } - ] + ] : null + } +}] + +var allSubnets = union(requiredSubnets, optionalSubnets) + +resource vnet 'Microsoft.Network/virtualNetworks@2021-02-01' = { + name: network.name + location: location + properties: { + dhcpOptions: { + dnsServers: network.dnsServers + } + addressSpace: { + addressPrefixes: network.addressPrefixes + } + subnets: allSubnets } } diff --git a/schemas/latest/landingzones/lz-healthcare.json b/schemas/latest/landingzones/lz-healthcare.json index 03a98daa..a12b487f 100644 --- a/schemas/latest/landingzones/lz-healthcare.json +++ b/schemas/latest/landingzones/lz-healthcare.json @@ -229,13 +229,20 @@ }, "web": { "$ref": "#/definitions/Subnet" + }, + "optional": { + "type": "array", + "items": { + "$ref": "#/definitions/OptionalSubnet" + } } }, "required": [ "databricksPublic", "databricksPrivate", "privateEndpoints", - "web" + "web", + "optional" ], "title": "Subnets" }, @@ -259,6 +266,77 @@ "name" ], "title": "subnet" + }, + "OptionalSubnet": { + "type": "object", + "additionalProperties": false, + "properties": { + "comments": { + "type": "string" + }, + "name": { + "type": "string" + }, + "addressPrefix": { + "type": "string" + }, + "nsg": { + "$ref": "#/definitions/OptionalSubnetNsg" + }, + "udr": { + "$ref": "#/definitions/OptionalSubnetUdr" + }, + "delegations": { + "$ref": "#/definitions/OptionalSubnetDelegations" + } + }, + "required": [ + "addressPrefix", + "comments", + "name", + "nsg", + "udr" + ], + "title": "OptionalSubnet" + }, + "OptionalSubnetDelegations": { + "type": "object", + "additionalProperties": false, + "properties": { + "serviceName": { + "type": "string" + } + }, + "required": [ + "serviceName" + ], + "title": "OptionalSubnetDelegations" + }, + "OptionalSubnetNsg": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "title": "OptionalSubnetNsg" + }, + "OptionalSubnetUdr": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "title": "OptionalSubnetUdr" } } } \ No newline at end of file diff --git a/schemas/latest/landingzones/lz-machinelearning.json b/schemas/latest/landingzones/lz-machinelearning.json index 49d5affe..065195d6 100644 --- a/schemas/latest/landingzones/lz-machinelearning.json +++ b/schemas/latest/landingzones/lz-machinelearning.json @@ -248,6 +248,12 @@ }, "appService": { "$ref": "#/definitions/Subnet" + }, + "optional": { + "type": "array", + "items": { + "$ref": "#/definitions/OptionalSubnet" + } } }, "required": [ @@ -256,7 +262,8 @@ "databricksPrivate", "privateEndpoints", "aks", - "appService" + "appService", + "optional" ], "title": "Subnets" }, @@ -280,6 +287,77 @@ "name" ], "title": "subnet" + }, + "OptionalSubnet": { + "type": "object", + "additionalProperties": false, + "properties": { + "comments": { + "type": "string" + }, + "name": { + "type": "string" + }, + "addressPrefix": { + "type": "string" + }, + "nsg": { + "$ref": "#/definitions/OptionalSubnetNsg" + }, + "udr": { + "$ref": "#/definitions/OptionalSubnetUdr" + }, + "delegations": { + "$ref": "#/definitions/OptionalSubnetDelegations" + } + }, + "required": [ + "addressPrefix", + "comments", + "name", + "nsg", + "udr" + ], + "title": "OptionalSubnet" + }, + "OptionalSubnetDelegations": { + "type": "object", + "additionalProperties": false, + "properties": { + "serviceName": { + "type": "string" + } + }, + "required": [ + "serviceName" + ], + "title": "OptionalSubnetDelegations" + }, + "OptionalSubnetNsg": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "title": "OptionalSubnetNsg" + }, + "OptionalSubnetUdr": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "title": "OptionalSubnetUdr" } } } \ No newline at end of file diff --git a/tests/landingzones/lz-healthcare/deployment-tests/test-runner.bicep b/tests/landingzones/lz-healthcare/deployment-tests/test-runner.bicep index e5b77384..143e39ae 100644 --- a/tests/landingzones/lz-healthcare/deployment-tests/test-runner.bicep +++ b/tests/landingzones/lz-healthcare/deployment-tests/test-runner.bicep @@ -145,6 +145,7 @@ module test '../../../../landingzones/lz-healthcare/main.bicep' = { name: 'webapp' addressPrefix: '10.1.8.0/25' } + optional: [] } } } diff --git a/tests/landingzones/lz-machinelearning/deployment-tests/test-runner.bicep b/tests/landingzones/lz-machinelearning/deployment-tests/test-runner.bicep index 2e65cf88..57fa2401 100644 --- a/tests/landingzones/lz-machinelearning/deployment-tests/test-runner.bicep +++ b/tests/landingzones/lz-machinelearning/deployment-tests/test-runner.bicep @@ -167,6 +167,7 @@ module test '../../../../landingzones/lz-machinelearning/main.bicep' = { name: 'appService' addressPrefix: '10.2.10.0/25' } + optional: [] } } } diff --git a/tests/schemas/lz-healthcare/BudgetIsFalse.json b/tests/schemas/lz-healthcare/BudgetIsFalse.json index 2b273be1..1afb04bb 100644 --- a/tests/schemas/lz-healthcare/BudgetIsFalse.json +++ b/tests/schemas/lz-healthcare/BudgetIsFalse.json @@ -164,7 +164,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/BudgetIsTrue.json b/tests/schemas/lz-healthcare/BudgetIsTrue.json index ab783c1d..5ca5476d 100644 --- a/tests/schemas/lz-healthcare/BudgetIsTrue.json +++ b/tests/schemas/lz-healthcare/BudgetIsTrue.json @@ -170,7 +170,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/EmptyResourceTags.json b/tests/schemas/lz-healthcare/EmptyResourceTags.json index b858f40c..3e7b5110 100644 --- a/tests/schemas/lz-healthcare/EmptyResourceTags.json +++ b/tests/schemas/lz-healthcare/EmptyResourceTags.json @@ -163,7 +163,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/EmptySubscriptionTags.json b/tests/schemas/lz-healthcare/EmptySubscriptionTags.json index 67ba2a70..22a56d50 100644 --- a/tests/schemas/lz-healthcare/EmptySubscriptionTags.json +++ b/tests/schemas/lz-healthcare/EmptySubscriptionTags.json @@ -168,7 +168,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/FullDeployment-With-Hub.json b/tests/schemas/lz-healthcare/FullDeployment-With-Hub.json index 4da57226..190da480 100644 --- a/tests/schemas/lz-healthcare/FullDeployment-With-Hub.json +++ b/tests/schemas/lz-healthcare/FullDeployment-With-Hub.json @@ -177,7 +177,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/FullDeployment-With-Location.json b/tests/schemas/lz-healthcare/FullDeployment-With-Location.json index b4ddd711..437b85a3 100644 --- a/tests/schemas/lz-healthcare/FullDeployment-With-Location.json +++ b/tests/schemas/lz-healthcare/FullDeployment-With-Location.json @@ -180,7 +180,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/FullDeployment-Without-Hub.json b/tests/schemas/lz-healthcare/FullDeployment-Without-Hub.json index c0f50315..34ec9ca2 100644 --- a/tests/schemas/lz-healthcare/FullDeployment-Without-Hub.json +++ b/tests/schemas/lz-healthcare/FullDeployment-Without-Hub.json @@ -177,7 +177,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/SQLDB-aadAuthOnly.json b/tests/schemas/lz-healthcare/SQLDB-aadAuthOnly.json index dcd0fed9..b7d15b85 100644 --- a/tests/schemas/lz-healthcare/SQLDB-aadAuthOnly.json +++ b/tests/schemas/lz-healthcare/SQLDB-aadAuthOnly.json @@ -174,7 +174,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/SQLDB-mixedAuth.json b/tests/schemas/lz-healthcare/SQLDB-mixedAuth.json index 2bb10338..bd4f1f0d 100644 --- a/tests/schemas/lz-healthcare/SQLDB-mixedAuth.json +++ b/tests/schemas/lz-healthcare/SQLDB-mixedAuth.json @@ -175,7 +175,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/SQLDB-sqlAuth.json b/tests/schemas/lz-healthcare/SQLDB-sqlAuth.json index 26de6568..24d9418f 100644 --- a/tests/schemas/lz-healthcare/SQLDB-sqlAuth.json +++ b/tests/schemas/lz-healthcare/SQLDB-sqlAuth.json @@ -172,7 +172,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/SQLDBIsFalse.json b/tests/schemas/lz-healthcare/SQLDBIsFalse.json index 90155e56..c25e034a 100644 --- a/tests/schemas/lz-healthcare/SQLDBIsFalse.json +++ b/tests/schemas/lz-healthcare/SQLDBIsFalse.json @@ -170,7 +170,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/Synapse-aadAuthOnly.json b/tests/schemas/lz-healthcare/Synapse-aadAuthOnly.json index b3bd4984..fd9f9d9f 100644 --- a/tests/schemas/lz-healthcare/Synapse-aadAuthOnly.json +++ b/tests/schemas/lz-healthcare/Synapse-aadAuthOnly.json @@ -173,7 +173,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/Synapse-mixedAuth.json b/tests/schemas/lz-healthcare/Synapse-mixedAuth.json index e7480425..34ed636f 100644 --- a/tests/schemas/lz-healthcare/Synapse-mixedAuth.json +++ b/tests/schemas/lz-healthcare/Synapse-mixedAuth.json @@ -174,7 +174,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/Synapse-sqlAuth.json b/tests/schemas/lz-healthcare/Synapse-sqlAuth.json index 41ff75fb..ba64811e 100644 --- a/tests/schemas/lz-healthcare/Synapse-sqlAuth.json +++ b/tests/schemas/lz-healthcare/Synapse-sqlAuth.json @@ -171,7 +171,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-healthcare/WithoutCMK.json b/tests/schemas/lz-healthcare/WithoutCMK.json index bede2ce6..3d5b687a 100644 --- a/tests/schemas/lz-healthcare/WithoutCMK.json +++ b/tests/schemas/lz-healthcare/WithoutCMK.json @@ -174,7 +174,8 @@ "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/AKS-AzureCNI-AzureNP.json b/tests/schemas/lz-machinelearning/AKS-AzureCNI-AzureNP.json index fca23c67..eb361daf 100644 --- a/tests/schemas/lz-machinelearning/AKS-AzureCNI-AzureNP.json +++ b/tests/schemas/lz-machinelearning/AKS-AzureCNI-AzureNP.json @@ -208,7 +208,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/AKS-AzureCNI-Calico.json b/tests/schemas/lz-machinelearning/AKS-AzureCNI-Calico.json index 8f64478f..24a82051 100644 --- a/tests/schemas/lz-machinelearning/AKS-AzureCNI-Calico.json +++ b/tests/schemas/lz-machinelearning/AKS-AzureCNI-Calico.json @@ -208,7 +208,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/AKS-Kubenet-Calico.json b/tests/schemas/lz-machinelearning/AKS-Kubenet-Calico.json index 06268056..cdf88260 100644 --- a/tests/schemas/lz-machinelearning/AKS-Kubenet-Calico.json +++ b/tests/schemas/lz-machinelearning/AKS-Kubenet-Calico.json @@ -208,7 +208,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/AKSIsFalse.json b/tests/schemas/lz-machinelearning/AKSIsFalse.json index 670438c2..8a88936f 100644 --- a/tests/schemas/lz-machinelearning/AKSIsFalse.json +++ b/tests/schemas/lz-machinelearning/AKSIsFalse.json @@ -201,7 +201,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/AppServiceLinuxContainerIsFalse.json b/tests/schemas/lz-machinelearning/AppServiceLinuxContainerIsFalse.json index 6c57da0a..94f7ffb2 100644 --- a/tests/schemas/lz-machinelearning/AppServiceLinuxContainerIsFalse.json +++ b/tests/schemas/lz-machinelearning/AppServiceLinuxContainerIsFalse.json @@ -205,7 +205,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/AppServiceLinuxContainerPrivateEndpointIsFalse.json b/tests/schemas/lz-machinelearning/AppServiceLinuxContainerPrivateEndpointIsFalse.json index 04aca39f..7e516b0f 100644 --- a/tests/schemas/lz-machinelearning/AppServiceLinuxContainerPrivateEndpointIsFalse.json +++ b/tests/schemas/lz-machinelearning/AppServiceLinuxContainerPrivateEndpointIsFalse.json @@ -208,7 +208,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/BudgetIsFalse.json b/tests/schemas/lz-machinelearning/BudgetIsFalse.json index cd8f3ee5..c72eebe6 100644 --- a/tests/schemas/lz-machinelearning/BudgetIsFalse.json +++ b/tests/schemas/lz-machinelearning/BudgetIsFalse.json @@ -198,7 +198,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/BudgetIsTrue.json b/tests/schemas/lz-machinelearning/BudgetIsTrue.json index b041b2b3..b5561870 100644 --- a/tests/schemas/lz-machinelearning/BudgetIsTrue.json +++ b/tests/schemas/lz-machinelearning/BudgetIsTrue.json @@ -204,7 +204,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/EmptyResourceTags.json b/tests/schemas/lz-machinelearning/EmptyResourceTags.json index bc867e33..a68fe7f6 100644 --- a/tests/schemas/lz-machinelearning/EmptyResourceTags.json +++ b/tests/schemas/lz-machinelearning/EmptyResourceTags.json @@ -197,7 +197,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/EmptySubscriptionTags.json b/tests/schemas/lz-machinelearning/EmptySubscriptionTags.json index f4073a7a..d6fda18c 100644 --- a/tests/schemas/lz-machinelearning/EmptySubscriptionTags.json +++ b/tests/schemas/lz-machinelearning/EmptySubscriptionTags.json @@ -202,7 +202,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/FullDeployment-With-Hub.json b/tests/schemas/lz-machinelearning/FullDeployment-With-Hub.json index 2f38fe25..0eccb3bf 100644 --- a/tests/schemas/lz-machinelearning/FullDeployment-With-Hub.json +++ b/tests/schemas/lz-machinelearning/FullDeployment-With-Hub.json @@ -209,7 +209,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/FullDeployment-With-Location.json b/tests/schemas/lz-machinelearning/FullDeployment-With-Location.json index f799a46d..f0e40685 100644 --- a/tests/schemas/lz-machinelearning/FullDeployment-With-Location.json +++ b/tests/schemas/lz-machinelearning/FullDeployment-With-Location.json @@ -212,7 +212,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/FullDeployment-Without-Hub.json b/tests/schemas/lz-machinelearning/FullDeployment-Without-Hub.json index 8cc52ccc..fa5aa444 100644 --- a/tests/schemas/lz-machinelearning/FullDeployment-Without-Hub.json +++ b/tests/schemas/lz-machinelearning/FullDeployment-Without-Hub.json @@ -207,7 +207,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/SQLDB-aadAuthOnly.json b/tests/schemas/lz-machinelearning/SQLDB-aadAuthOnly.json index 5476763f..0e2dbf56 100644 --- a/tests/schemas/lz-machinelearning/SQLDB-aadAuthOnly.json +++ b/tests/schemas/lz-machinelearning/SQLDB-aadAuthOnly.json @@ -206,7 +206,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/SQLDB-mixedAuth.json b/tests/schemas/lz-machinelearning/SQLDB-mixedAuth.json index 1f70985f..f94dc953 100644 --- a/tests/schemas/lz-machinelearning/SQLDB-mixedAuth.json +++ b/tests/schemas/lz-machinelearning/SQLDB-mixedAuth.json @@ -207,7 +207,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/SQLDB-sqlAuth.json b/tests/schemas/lz-machinelearning/SQLDB-sqlAuth.json index b041b2b3..b5561870 100644 --- a/tests/schemas/lz-machinelearning/SQLDB-sqlAuth.json +++ b/tests/schemas/lz-machinelearning/SQLDB-sqlAuth.json @@ -204,7 +204,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/SQLDBIsFalse.json b/tests/schemas/lz-machinelearning/SQLDBIsFalse.json index 28433217..516cf105 100644 --- a/tests/schemas/lz-machinelearning/SQLDBIsFalse.json +++ b/tests/schemas/lz-machinelearning/SQLDBIsFalse.json @@ -202,7 +202,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/SQLMIIsFalse.json b/tests/schemas/lz-machinelearning/SQLMIIsFalse.json index 27544f62..32632ba2 100644 --- a/tests/schemas/lz-machinelearning/SQLMIIsFalse.json +++ b/tests/schemas/lz-machinelearning/SQLMIIsFalse.json @@ -201,7 +201,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } diff --git a/tests/schemas/lz-machinelearning/WithoutCMK.json b/tests/schemas/lz-machinelearning/WithoutCMK.json index a9d5d55d..be4e4c29 100644 --- a/tests/schemas/lz-machinelearning/WithoutCMK.json +++ b/tests/schemas/lz-machinelearning/WithoutCMK.json @@ -206,7 +206,8 @@ "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.1.10.0/25" - } + }, + "optional": [] } } } From 9d0a8c06a72ca2f90652ee05248eff708b772dc6 Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 11:57:42 -0400 Subject: [PATCH 03/14] Add branch config --- .../logging.parameters.json | 93 ++++++ .../azure-firewall-policy.parameters.json | 22 ++ .../hub-azfw/hub-network.parameters.json | 196 ++++++++++++ .../hub-nva/hub-network.parameters.json | 300 ++++++++++++++++++ ...c0_generic-subscription_canadacentral.json | 171 ++++++++++ ...cbed91ab29a7_healthcare_canadacentral.json | 153 +++++++++ ...04f2c98_machinelearning_canadacentral.json | 181 +++++++++++ ...1dd0e27_machinelearning_canadacentral.json | 185 +++++++++++ ...5b60c30_machinelearning_canadacentral.json | 185 +++++++++++ ...8a144aa_machinelearning_canadacentral.json | 186 +++++++++++ .../CanadaESLZ-archetypeNetworking.yml | 79 +++++ 11 files changed, 1751 insertions(+) create mode 100644 config/logging/CanadaESLZ-archetypeNetworking/logging.parameters.json create mode 100644 config/networking/CanadaESLZ-archetypeNetworking/hub-azfw-policy/azure-firewall-policy.parameters.json create mode 100644 config/networking/CanadaESLZ-archetypeNetworking/hub-azfw/hub-network.parameters.json create mode 100644 config/networking/CanadaESLZ-archetypeNetworking/hub-nva/hub-network.parameters.json create mode 100644 config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/4f9f8765-911a-4a6d-af60-4bc0473268c0_generic-subscription_canadacentral.json create mode 100644 config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json create mode 100644 config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json create mode 100644 config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json create mode 100644 config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json create mode 100644 config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json create mode 100644 config/variables/CanadaESLZ-archetypeNetworking.yml diff --git a/config/logging/CanadaESLZ-archetypeNetworking/logging.parameters.json b/config/logging/CanadaESLZ-archetypeNetworking/logging.parameters.json new file mode 100644 index 00000000..69ff8cae --- /dev/null +++ b/config/logging/CanadaESLZ-archetypeNetworking/logging.parameters.json @@ -0,0 +1,93 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ + "Incident", + "Security" + ], + "regions": [ + "Global", + "Canada East", + "Canada Central" + ], + "receivers": { + "app": [ + "alzcanadapubsec@microsoft.com" + ], + "email": [ + "alzcanadapubsec@microsoft.com" + ], + "sms": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ], + "voice": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ] + }, + "actionGroupName": "ALZ action group", + "actionGroupShortName": "alz-alert", + "alertRuleName": "ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Contributor Role", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": false + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tbd" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "logAnalyticsResourceGroupName": { + "value": "pubsec-central-logging-rg" + }, + "logAnalyticsWorkspaceName": { + "value": "log-analytics-workspace" + }, + "logAnalyticsRetentionInDays": { + "value": 730 + }, + "logAnalyticsAutomationAccountName": { + "value": "automation-account" + } + } +} \ No newline at end of file diff --git a/config/networking/CanadaESLZ-archetypeNetworking/hub-azfw-policy/azure-firewall-policy.parameters.json b/config/networking/CanadaESLZ-archetypeNetworking/hub-azfw-policy/azure-firewall-policy.parameters.json new file mode 100644 index 00000000..9fc52f4c --- /dev/null +++ b/config/networking/CanadaESLZ-archetypeNetworking/hub-azfw-policy/azure-firewall-policy.parameters.json @@ -0,0 +1,22 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "resourceGroupName": { + "value": "pubsec-azure-firewall-policy-rg" + }, + "policyName": { + "value": "pubsecAzureFirewallPolicy" + } + } +} \ No newline at end of file diff --git a/config/networking/CanadaESLZ-archetypeNetworking/hub-azfw/hub-network.parameters.json b/config/networking/CanadaESLZ-archetypeNetworking/hub-azfw/hub-network.parameters.json new file mode 100644 index 00000000..be474d85 --- /dev/null +++ b/config/networking/CanadaESLZ-archetypeNetworking/hub-azfw/hub-network.parameters.json @@ -0,0 +1,196 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ + "Incident", + "Security" + ], + "regions": [ + "Global", + "Canada East", + "Canada Central" + ], + "receivers": { + "app": [ + "alzcanadapubsec@microsoft.com" + ], + "email": [ + "alzcanadapubsec@microsoft.com" + ], + "sms": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ], + "voice": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ] + }, + "actionGroupName": "ALZ action group", + "actionGroupShortName": "alz-alert", + "alertRuleName": "ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Contributor Role", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": false + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tbd" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "deployPrivateDnsZones": { + "value": true + }, + "rgPrivateDnsZonesName": { + "value": "pubsec-dns-rg" + }, + "deployDdosStandard": { + "value": false + }, + "rgDdosName": { + "value": "pubsec-ddos-rg" + }, + "ddosPlanName": { + "value": "ddos-plan" + }, + "bastionName": { + "value": "bastion" + }, + "bastionSku": { + "value": "Standard" + }, + "bastionScaleUnits": { + "value": 2 + }, + "rgPazName": { + "value": "pubsec-public-access-zone-rg" + }, + "rgMrzName": { + "value": "pubsec-management-restricted-zone-rg" + }, + "mrzVnetName": { + "value": "management-restricted-vnet" + }, + "mrzVnetAddressPrefixRFC1918": { + "value": "10.18.4.0/22" + }, + "mrzMazSubnetName": { + "value": "MazSubnet" + }, + "mrzMazSubnetAddressPrefix": { + "value": "10.18.4.0/25" + }, + "mrzInfSubnetName": { + "value": "InfSubnet" + }, + "mrzInfSubnetAddressPrefix": { + "value": "10.18.4.128/25" + }, + "mrzSecSubnetName": { + "value": "SecSubnet" + }, + "mrzSecSubnetAddressPrefix": { + "value": "10.18.5.0/26" + }, + "mrzLogSubnetName": { + "value": "LogSubnet" + }, + "mrzLogSubnetAddressPrefix": { + "value": "10.18.5.64/26" + }, + "mrzMgmtSubnetName": { + "value": "MgmtSubnet" + }, + "mrzMgmtSubnetAddressPrefix": { + "value": "10.18.5.128/26" + }, + "rgHubName": { + "value": "pubsec-hub-networking-rg" + }, + "hubVnetName": { + "value": "hub-vnet" + }, + "hubVnetAddressPrefixRFC1918": { + "value": "10.18.0.0/22" + }, + "hubVnetAddressPrefixRFC6598": { + "value": "100.60.0.0/16" + }, + "hubVnetAddressPrefixBastion": { + "value": "192.168.0.0/16" + }, + "hubPazSubnetName": { + "value": "PAZSubnet" + }, + "hubPazSubnetAddressPrefix": { + "value": "100.60.1.0/24" + }, + "hubGatewaySubnetAddressPrefix": { + "value": "10.18.0.0/27" + }, + "hubAzureFirewallSubnetAddressPrefix": { + "value": "10.18.1.0/24" + }, + "hubAzureFirewallManagementSubnetAddressPrefix": { + "value": "10.18.2.0/26" + }, + "hubBastionSubnetAddressPrefix": { + "value": "192.168.0.0/24" + }, + "azureFirewallName": { + "value": "pubsecAzureFirewall" + }, + "azureFirewallZones": { + "value": [ + "1", + "2", + "3" + ] + }, + "azureFirewallForcedTunnelingEnabled": { + "value": false + }, + "azureFirewallForcedTunnelingNextHop": { + "value": "10.17.1.4" + } + } +} \ No newline at end of file diff --git a/config/networking/CanadaESLZ-archetypeNetworking/hub-nva/hub-network.parameters.json b/config/networking/CanadaESLZ-archetypeNetworking/hub-nva/hub-network.parameters.json new file mode 100644 index 00000000..1cf88142 --- /dev/null +++ b/config/networking/CanadaESLZ-archetypeNetworking/hub-nva/hub-network.parameters.json @@ -0,0 +1,300 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ + "Incident", + "Security" + ], + "regions": [ + "Global", + "Canada East", + "Canada Central" + ], + "receivers": { + "app": [ + "alzcanadapubsec@microsoft.com" + ], + "email": [ + "alzcanadapubsec@microsoft.com" + ], + "sms": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ], + "voice": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ] + }, + "actionGroupName": "ALZ action group", + "actionGroupShortName": "alz-alert", + "alertRuleName": "ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Contributor Role", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": false + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tbd" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "deployPrivateDnsZones": { + "value": true + }, + "rgPrivateDnsZonesName": { + "value": "pubsec-dns-rg" + }, + "deployDdosStandard": { + "value": false + }, + "rgDdosName": { + "value": "pubsec-ddos-rg" + }, + "ddosPlanName": { + "value": "ddos-plan" + }, + "bastionName": { + "value": "bastion" + }, + "bastionSku": { + "value": "Standard" + }, + "bastionScaleUnits": { + "value": 2 + }, + "rgPazName": { + "value": "pubsec-public-access-zone-rg" + }, + "rgMrzName": { + "value": "pubsec-management-restricted-zone-rg" + }, + "mrzVnetName": { + "value": "management-restricted-vnet" + }, + "mrzVnetAddressPrefixRFC1918": { + "value": "10.18.4.0/22" + }, + "mrzMazSubnetName": { + "value": "MazSubnet" + }, + "mrzMazSubnetAddressPrefix": { + "value": "10.18.4.0/25" + }, + "mrzInfSubnetName": { + "value": "InfSubnet" + }, + "mrzInfSubnetAddressPrefix": { + "value": "10.18.4.128/25" + }, + "mrzSecSubnetName": { + "value": "SecSubnet" + }, + "mrzSecSubnetAddressPrefix": { + "value": "10.18.5.0/26" + }, + "mrzLogSubnetName": { + "value": "LogSubnet" + }, + "mrzLogSubnetAddressPrefix": { + "value": "10.18.5.64/26" + }, + "mrzMgmtSubnetName": { + "value": "MgmtSubnet" + }, + "mrzMgmtSubnetAddressPrefix": { + "value": "10.18.5.128/26" + }, + "rgHubName": { + "value": "pubsec-hub-networking-rg" + }, + "hubVnetName": { + "value": "hub-vnet" + }, + "hubVnetAddressPrefixRFC1918": { + "value": "10.18.0.0/22" + }, + "hubVnetAddressPrefixRFC6598": { + "value": "100.60.0.0/16" + }, + "hubVnetAddressPrefixBastion": { + "value": "192.168.0.0/16" + }, + "hubEanSubnetName": { + "value": "EanSubnet" + }, + "hubEanSubnetAddressPrefix": { + "value": "10.18.0.0/27" + }, + "hubPublicSubnetName": { + "value": "PublicSubnet" + }, + "hubPublicSubnetAddressPrefix": { + "value": "100.60.0.0/24" + }, + "hubPazSubnetName": { + "value": "PAZSubnet" + }, + "hubPazSubnetAddressPrefix": { + "value": "100.60.1.0/24" + }, + "hubDevIntSubnetName": { + "value": "DevIntSubnet" + }, + "hubDevIntSubnetAddressPrefix": { + "value": "10.18.0.64/27" + }, + "hubProdIntSubnetName": { + "value": "PrdIntSubnet" + }, + "hubProdIntSubnetAddressPrefix": { + "value": "10.18.0.32/27" + }, + "hubMrzIntSubnetName": { + "value": "MrzSubnet" + }, + "hubMrzIntSubnetAddressPrefix": { + "value": "10.18.0.96/27" + }, + "hubHASubnetName": { + "value": "HASubnet" + }, + "hubHASubnetAddressPrefix": { + "value": "10.18.0.128/28" + }, + "hubGatewaySubnetPrefix": { + "value": "10.18.1.0/27" + }, + "hubBastionSubnetAddressPrefix": { + "value": "192.168.0.0/24" + }, + "deployFirewallVMs": { + "value": false + }, + "useFortigateFW": { + "value": false + }, + "fwDevILBName": { + "value": "pubsecDevFWILB" + }, + "fwDevVMSku": { + "value": "Standard_D8s_v4" + }, + "fwDevVM1Name": { + "value": "pubsecDevFW1" + }, + "fwDevVM2Name": { + "value": "pubsecDevFW2" + }, + "fwDevILBExternalFacingIP": { + "value": "100.60.0.7" + }, + "fwDevVM1ExternalFacingIP": { + "value": "100.60.0.8" + }, + "fwDevVM2ExternalFacingIP": { + "value": "100.60.0.9" + }, + "fwDevVM1MrzIntIP": { + "value": "10.18.0.104" + }, + "fwDevVM2MrzIntIP": { + "value": "10.18.0.105" + }, + "fwDevILBDevIntIP": { + "value": "10.18.0.68" + }, + "fwDevVM1DevIntIP": { + "value": "10.18.0.69" + }, + "fwDevVM2DevIntIP": { + "value": "10.18.0.70" + }, + "fwDevVM1HAIP": { + "value": "10.18.0.134" + }, + "fwDevVM2HAIP": { + "value": "10.18.0.135" + }, + "fwProdILBName": { + "value": "pubsecProdFWILB" + }, + "fwProdVMSku": { + "value": "Standard_F8s_v2" + }, + "fwProdVM1Name": { + "value": "pubsecProdFW1" + }, + "fwProdVM2Name": { + "value": "pubsecProdFW2" + }, + "fwProdILBExternalFacingIP": { + "value": "100.60.0.4" + }, + "fwProdVM1ExternalFacingIP": { + "value": "100.60.0.5" + }, + "fwProdVM2ExternalFacingIP": { + "value": "100.60.0.6" + }, + "fwProdVM1MrzIntIP": { + "value": "10.18.0.101" + }, + "fwProdVM2MrzIntIP": { + "value": "10.18.0.102" + }, + "fwProdILBPrdIntIP": { + "value": "10.18.0.36" + }, + "fwProdVM1PrdIntIP": { + "value": "10.18.0.37" + }, + "fwProdVM2PrdIntIP": { + "value": "10.18.0.38" + }, + "fwProdVM1HAIP": { + "value": "10.18.0.132" + }, + "fwProdVM2HAIP": { + "value": "10.18.0.133" + } + } +} \ No newline at end of file diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/4f9f8765-911a-4a6d-af60-4bc0473268c0_generic-subscription_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/4f9f8765-911a-4a6d-af60-4bc0473268c0_generic-subscription_canadacentral.json new file mode 100644 index 00000000..066fd3ca --- /dev/null +++ b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/4f9f8765-911a-4a6d-af60-4bc0473268c0_generic-subscription_canadacentral.json @@ -0,0 +1,171 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "value": "canadacentral" + }, + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ "Incident", "Security" ], + "regions": [ "Global", "Canada East", "Canada Central" ], + "receivers": { + "app": [ "alzcanadapubsec@microsoft.com" ], + "email": [ "alzcanadapubsec@microsoft.com" ], + "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], + "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] + }, + "actionGroupName": "Sub1 ALZ action group", + "actionGroupShortName": "sub1-alert", + "alertRuleName": "Sub1 ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Role: Contributor", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + }, + { + "comments": "Custom Role: Landing Zone Application Owner", + "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": false + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tag" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "resourceGroups": { + "value": { + "automation": "rgAutomation2022Q1", + "networking": "rgVnet2022Q1", + "networkWatcher": "NetworkWatcherRG", + "backupRecoveryVault":"rgRecoveryVault2022Q1" + } + }, + "automation": { + "value": { + "name": "automation" + } + }, + "backupRecoveryVault":{ + "value": { + "enabled":true, + "name":"bkupvault" + } + }, + "hubNetwork": { + "value": { + "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", + "rfc1918IPRange": "10.18.0.0/22", + "rfc6598IPRange": "100.60.0.0/16", + "egressVirtualApplianceIp": "10.18.1.4" + } + }, + "network": { + "value": { + "deployVnet": true, + "peerToHubVirtualNetwork": true, + "useRemoteGateway": false, + "name": "vnet", + "dnsServers": [ + "10.18.1.4" + ], + "addressPrefixes": [ + "10.2.0.0/16" + ], + "subnets": [ + { + "comments": "App Management Zone (OZ)", + "name": "appManagement", + "addressPrefix": "10.2.1.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Presentation Zone (PAZ)", + "name": "web", + "addressPrefix": "10.2.2.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Application Zone (RZ)", + "name": "app", + "addressPrefix": "10.2.3.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Data Zone (HRZ)", + "name": "data", + "addressPrefix": "10.2.4.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" + } + } + ] + } + } + } +} \ No newline at end of file diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json new file mode 100644 index 00000000..daaf0c60 --- /dev/null +++ b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json @@ -0,0 +1,153 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ "Incident", "Security" ], + "regions": [ "Global", "Canada East", "Canada Central" ], + "receivers": { + "app": [ "alzcanadapubsec@microsoft.com" ], + "email": [ "alzcanadapubsec@microsoft.com" ], + "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], + "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] + }, + "actionGroupName": "Sub2 ALZ action group", + "actionGroupShortName": "sub2-alert", + "alertRuleName": "Sub2 ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Role: Contributor", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + }, + { + "comments": "Custom Role: Landing Zone Application Owner", + "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": false + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tag" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "resourceGroups": { + "value": { + "automation": "health2022Q1Automation", + "compute": "health2022Q1Compute", + "monitor": "health2022Q1Monitor", + "networking": "health2022Q1Network", + "networkWatcher": "NetworkWatcherRG", + "security": "health2022Q1Security", + "storage": "health2022Q1Storage" + } + }, + "useCMK": { + "value": true + }, + "keyVault": { + "value": { + "secretExpiryInDays": 3650 + } + }, + "automation": { + "value": { + "name": "health2022Q1automation" + } + }, + "sqldb": { + "value": { + "enabled": true, + "sqlAuthenticationUsername": "azadmin", + "aadAuthenticationOnly":false + } + }, + "synapse": { + "value": { + "aadAuthenticationOnly": true, + "aadLoginName": "az.admins", + "aadLoginObjectID": "e0357d81-55d8-44e9-9d9c-ab09dc710785", + "aadLoginType":"Group" + } + }, + "hubNetwork": { + "value": { + "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", + "rfc1918IPRange": "10.18.0.0/22", + "rfc6598IPRange": "100.60.0.0/16", + "egressVirtualApplianceIp": "10.18.1.4", + "privateDnsManagedByHub": true, + "privateDnsManagedByHubSubscriptionId": "ed7f4eed-9010-4227-b115-2a5e37728f27", + "privateDnsManagedByHubResourceGroupName": "pubsec-dns-rg" + } + }, + "network": { + "value": { + "peerToHubVirtualNetwork": true, + "useRemoteGateway": false, + "name": "health2022Q1vnet", + "dnsServers": [ + "10.18.1.4" + ], + "addressPrefixes": [ + "10.5.0.0/16" + ], + "subnets": { + "databricksPublic": { + "comments": "Databricks Public Delegated Subnet", + "name": "databrickspublic", + "addressPrefix": "10.5.5.0/25" + }, + "databricksPrivate": { + "comments": "Databricks Private Delegated Subnet", + "name": "databricksprivate", + "addressPrefix": "10.5.6.0/25" + }, + "privateEndpoints": { + "comments": "Private Endpoints Subnet", + "name": "privateendpoints", + "addressPrefix": "10.5.7.0/25" + }, + "web": { + "comments": "Azure Web App Delegated Subnet", + "name": "webapp", + "addressPrefix": "10.5.8.0/25" + }, + "optional": [] + } + } + } + } +} \ No newline at end of file diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json new file mode 100644 index 00000000..2b2e213b --- /dev/null +++ b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json @@ -0,0 +1,181 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ "Incident", "Security" ], + "regions": [ "Global", "Canada East", "Canada Central" ], + "receivers": { + "app": [ "alzcanadapubsec@microsoft.com" ], + "email": [ "alzcanadapubsec@microsoft.com" ], + "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], + "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] + }, + "actionGroupName": "Sub5 ALZ action group", + "actionGroupShortName": "sub5-alert", + "alertRuleName": "Sub5 ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Role: Contributor", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": false + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tag" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "resourceGroups": { + "value": { + "automation": "azmlsqlauth2022Q1Automation", + "compute": "azmlsqlauth2022Q1Compute", + "monitor": "azmlsqlauth2022Q1Monitor", + "networking": "azmlsqlauth2022Q1Network", + "networkWatcher": "NetworkWatcherRG", + "security": "azmlsqlauth2022Q1Security", + "storage": "azmlsqlauth2022Q1Storage" + } + }, + "useCMK": { + "value": false + }, + "automation": { + "value": { + "name": "azmlsqlauth2022Q1automation" + } + }, + "keyVault": { + "value": { + "secretExpiryInDays": 3650 + } + }, + "aks": { + "value": { + "version": "1.22.6", + "enabled": true, + "networkPlugin": "kubenet" , + "networkPolicy": "calico", + "podCidr": "11.0.0.0/16", + "serviceCidr": "20.0.0.0/16" , + "dnsServiceIP": "20.0.0.10", + "dockerBridgeCidr": "30.0.0.1/16" + } + }, + "appServiceLinuxContainer": { + "value": { + "enabled": true, + "skuName": "P1V2", + "skuTier": "Premium", + "enablePrivateEndpoint": true + } + }, + "sqldb": { + "value": { + "enabled": true, + "sqlAuthenticationUsername": "azadmin", + "aadAuthenticationOnly": false, + "aadLoginName":"DBA Security Group", + "aadLoginObjectID":"e0357d81-55d8-44e9-9d9c-ab09dc710785", + "aadLoginType":"Group" + } + }, + "sqlmi": { + "value": { + "enabled": false + } + }, + "aml": { + "value": { + "enableHbiWorkspace": false + } + }, + "hubNetwork": { + "value": { + "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", + "rfc1918IPRange": "10.18.0.0/22", + "rfc6598IPRange": "100.60.0.0/16", + "egressVirtualApplianceIp": "10.18.1.4", + "privateDnsManagedByHub": true, + "privateDnsManagedByHubSubscriptionId": "ed7f4eed-9010-4227-b115-2a5e37728f27", + "privateDnsManagedByHubResourceGroupName": "pubsec-dns-rg" + } + }, + "network": { + "value": { + "peerToHubVirtualNetwork": true, + "useRemoteGateway": false, + "name": "azmlsqlauth2022Q1vnet", + "dnsServers": [ + "10.18.1.4" + ], + "addressPrefixes": [ + "10.6.0.0/16" + ], + "subnets": { + "sqlmi": { + "comments": "SQL Managed Instances Delegated Subnet", + "name": "sqlmi", + "addressPrefix": "10.6.5.0/25" + }, + "databricksPublic": { + "comments": "Databricks Public Delegated Subnet", + "name": "databrickspublic", + "addressPrefix": "10.6.6.0/25" + }, + "databricksPrivate": { + "comments": "Databricks Private Delegated Subnet", + "name": "databricksprivate", + "addressPrefix": "10.6.7.0/25" + }, + "privateEndpoints": { + "comments": "Private Endpoints Subnet", + "name": "privateendpoints", + "addressPrefix": "10.6.8.0/25" + }, + "aks": { + "comments": "AKS Subnet", + "name": "aks", + "addressPrefix": "10.6.9.0/25" + }, + "appService": { + "comments": "App Service Subnet", + "name": "appService", + "addressPrefix": "10.6.10.0/25" + }, + "optional": [] + } + } + } + } +} diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json new file mode 100644 index 00000000..91a6bcac --- /dev/null +++ b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json @@ -0,0 +1,185 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ "Incident", "Security" ], + "regions": [ "Global", "Canada East", "Canada Central" ], + "receivers": { + "app": [ "alzcanadapubsec@microsoft.com" ], + "email": [ "alzcanadapubsec@microsoft.com" ], + "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], + "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] + }, + "actionGroupName": "Sub3 ALZ action group", + "actionGroupShortName": "sub3-alert", + "alertRuleName": "Sub3 ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Role: Contributor", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + }, + { + "comments": "Custom Role: Landing Zone Application Owner", + "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": false + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tag" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "resourceGroups": { + "value": { + "automation": "azmlcmk2022Q1Automation", + "compute": "azmlcmk2022Q1Compute", + "monitor": "azmlcmk2022Q1Monitor", + "networking": "azmlcmk2022Q1Network", + "networkWatcher": "NetworkWatcherRG", + "security": "azmlcmk2022Q1Security", + "storage": "azmlcmk2022Q1Storage" + } + }, + "useCMK": { + "value": true + }, + "automation": { + "value": { + "name": "azmlcmk2022Q1automation" + } + }, + "keyVault": { + "value": { + "secretExpiryInDays": 3650 + } + }, + "aks": { + "value": { + "version": "1.22.6", + "enabled": true, + "networkPlugin": "kubenet" , + "networkPolicy": "calico", + "podCidr": "11.0.0.0/16", + "serviceCidr": "20.0.0.0/16" , + "dnsServiceIP": "20.0.0.10", + "dockerBridgeCidr": "30.0.0.1/16" + } + }, + "appServiceLinuxContainer": { + "value": { + "enabled": true, + "skuName": "P1V2", + "skuTier": "Premium", + "enablePrivateEndpoint": true + } + }, + "sqldb": { + "value": { + "enabled": true, + "sqlAuthenticationUsername": "azadmin", + "aadAuthenticationOnly":false + } + }, + "sqlmi": { + "value": { + "enabled": false + } + }, + "aml": { + "value": { + "enableHbiWorkspace": false + } + }, + "hubNetwork": { + "value": { + "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", + "rfc1918IPRange": "10.18.0.0/22", + "rfc6598IPRange": "100.60.0.0/16", + "egressVirtualApplianceIp": "10.18.1.4", + "privateDnsManagedByHub": true, + "privateDnsManagedByHubSubscriptionId": "ed7f4eed-9010-4227-b115-2a5e37728f27", + "privateDnsManagedByHubResourceGroupName": "pubsec-dns-rg" + } + }, + "network": { + "value": { + "peerToHubVirtualNetwork": true, + "useRemoteGateway": false, + "name": "azmlcmk2022Q1vnet", + "dnsServers": [ + "10.18.1.4" + ], + "addressPrefixes": [ + "10.1.0.0/16" + ], + "subnets": { + "sqlmi": { + "comments": "SQL Managed Instances Delegated Subnet", + "name": "sqlmi", + "addressPrefix": "10.1.5.0/25" + }, + "databricksPublic": { + "comments": "Databricks Public Delegated Subnet", + "name": "databrickspublic", + "addressPrefix": "10.1.6.0/25" + }, + "databricksPrivate": { + "comments": "Databricks Private Delegated Subnet", + "name": "databricksprivate", + "addressPrefix": "10.1.7.0/25" + }, + "privateEndpoints": { + "comments": "Private Endpoints Subnet", + "name": "privateendpoints", + "addressPrefix": "10.1.8.0/25" + }, + "aks": { + "comments": "AKS Subnet", + "name": "aks", + "addressPrefix": "10.1.9.0/25" + }, + "appService": { + "comments": "App Service Subnet", + "name": "appService", + "addressPrefix": "10.1.10.0/25" + }, + "optional": [] + } + } + } + } +} \ No newline at end of file diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json new file mode 100644 index 00000000..be16832c --- /dev/null +++ b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json @@ -0,0 +1,185 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ "Incident", "Security" ], + "regions": [ "Global", "Canada East", "Canada Central" ], + "receivers": { + "app": [ "alzcanadapubsec@microsoft.com" ], + "email": [ "alzcanadapubsec@microsoft.com" ], + "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], + "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] + }, + "actionGroupName": "Sub4 ALZ action group", + "actionGroupShortName": "sub4-alert", + "alertRuleName": "Sub4 ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Role: Contributor", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + }, + { + "comments": "Custom Role: Landing Zone Application Owner", + "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": false + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tag" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "resourceGroups": { + "value": { + "automation": "azmlnocmk2022Q1Automation", + "compute": "azmlnocmk2022Q1Compute", + "monitor": "azmlnocmk2022Q1Monitor", + "networking": "azmlnocmk2022Q1Network", + "networkWatcher": "NetworkWatcherRG", + "security": "azmlnocmk2022Q1Security", + "storage": "azmlnocmk2022Q1Storage" + } + }, + "useCMK": { + "value": false + }, + "automation": { + "value": { + "name": "azmlnocmk2022Q1automation" + } + }, + "keyVault": { + "value": { + "secretExpiryInDays": 3650 + } + }, + "aks": { + "value": { + "version": "1.22.6", + "enabled": true, + "networkPlugin": "kubenet" , + "networkPolicy": "calico", + "podCidr": "11.0.0.0/16", + "serviceCidr": "20.0.0.0/16" , + "dnsServiceIP": "20.0.0.10", + "dockerBridgeCidr": "30.0.0.1/16" + } + }, + "appServiceLinuxContainer": { + "value": { + "enabled": true, + "skuName": "P1V2", + "skuTier": "Premium", + "enablePrivateEndpoint": true + } + }, + "sqldb": { + "value": { + "enabled": true, + "sqlAuthenticationUsername": "azadmin", + "aadAuthenticationOnly":false + } + }, + "sqlmi": { + "value": { + "enabled": false + } + }, + "aml": { + "value": { + "enableHbiWorkspace": false + } + }, + "hubNetwork": { + "value": { + "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", + "rfc1918IPRange": "10.18.0.0/22", + "rfc6598IPRange": "100.60.0.0/16", + "egressVirtualApplianceIp": "10.18.1.4", + "privateDnsManagedByHub": true, + "privateDnsManagedByHubSubscriptionId": "ed7f4eed-9010-4227-b115-2a5e37728f27", + "privateDnsManagedByHubResourceGroupName": "pubsec-dns-rg" + } + }, + "network": { + "value": { + "peerToHubVirtualNetwork": true, + "useRemoteGateway": false, + "name": "azmlnocmk2022Q1vnet", + "dnsServers": [ + "10.18.1.4" + ], + "addressPrefixes": [ + "10.3.0.0/16" + ], + "subnets": { + "sqlmi": { + "comments": "SQL Managed Instances Delegated Subnet", + "name": "sqlmi", + "addressPrefix": "10.3.5.0/25" + }, + "databricksPublic": { + "comments": "Databricks Public Delegated Subnet", + "name": "databrickspublic", + "addressPrefix": "10.3.6.0/25" + }, + "databricksPrivate": { + "comments": "Databricks Private Delegated Subnet", + "name": "databricksprivate", + "addressPrefix": "10.3.7.0/25" + }, + "privateEndpoints": { + "comments": "Private Endpoints Subnet", + "name": "privateendpoints", + "addressPrefix": "10.3.8.0/25" + }, + "aks": { + "comments": "AKS Subnet", + "name": "aks", + "addressPrefix": "10.3.9.0/25" + }, + "appService": { + "comments": "App Service Subnet", + "name": "appService", + "addressPrefix": "10.3.10.0/25" + }, + "optional": [] + } + } + } + } +} \ No newline at end of file diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json new file mode 100644 index 00000000..9b7dbb5d --- /dev/null +++ b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json @@ -0,0 +1,186 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ "Incident", "Security" ], + "regions": [ "Global", "Canada East", "Canada Central" ], + "receivers": { + "app": [ "alzcanadapubsec@microsoft.com" ], + "email": [ "alzcanadapubsec@microsoft.com" ], + "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], + "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] + }, + "actionGroupName": "Sub5 ALZ action group", + "actionGroupShortName": "sub5-alert", + "alertRuleName": "Sub5 ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Role: Contributor", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + }, + { + "comments": "Custom Role: Landing Zone Application Owner", + "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": false + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tag" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "resourceGroups": { + "value": { + "automation": "azmlcmksqlmi2022Q1Automation", + "compute": "azmlcmksqlmi2022Q1Compute", + "monitor": "azmlcmksqlmi2022Q1Monitor", + "networking": "azmlcmksqlmi2022Q1Network", + "networkWatcher": "NetworkWatcherRG", + "security": "azmlcmksqlmi2022Q1Security", + "storage": "azmlcmksqlmi2022Q1Storage" + } + }, + "useCMK": { + "value": true + }, + "automation": { + "value": { + "name": "azmlcmksqlmi2022Q1automation" + } + }, + "keyVault": { + "value": { + "secretExpiryInDays": 3650 + } + }, + "aks": { + "value": { + "version": "1.22.6", + "enabled": true, + "networkPlugin": "kubenet" , + "networkPolicy": "calico", + "podCidr": "11.0.0.0/16", + "serviceCidr": "20.0.0.0/16" , + "dnsServiceIP": "20.0.0.10", + "dockerBridgeCidr": "30.0.0.1/16" + } + }, + "appServiceLinuxContainer": { + "value": { + "enabled": true, + "skuName": "P1V2", + "skuTier": "Premium", + "enablePrivateEndpoint": true + } + }, + "sqldb": { + "value": { + "enabled": true, + "sqlAuthenticationUsername": "azadmin", + "aadAuthenticationOnly":false + } + }, + "sqlmi": { + "value": { + "enabled": true, + "username": "azadmin" + } + }, + "aml": { + "value": { + "enableHbiWorkspace": false + } + }, + "hubNetwork": { + "value": { + "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", + "rfc1918IPRange": "10.18.0.0/22", + "rfc6598IPRange": "100.60.0.0/16", + "egressVirtualApplianceIp": "10.18.1.4", + "privateDnsManagedByHub": true, + "privateDnsManagedByHubSubscriptionId": "ed7f4eed-9010-4227-b115-2a5e37728f27", + "privateDnsManagedByHubResourceGroupName": "pubsec-dns-rg" + } + }, + "network": { + "value": { + "peerToHubVirtualNetwork": true, + "useRemoteGateway": false, + "name": "azmlcmksqlmi2022Q1vnet", + "dnsServers": [ + "10.18.1.4" + ], + "addressPrefixes": [ + "10.4.0.0/16" + ], + "subnets": { + "sqlmi": { + "comments": "SQL Managed Instances Delegated Subnet", + "name": "sqlmi", + "addressPrefix": "10.4.5.0/25" + }, + "databricksPublic": { + "comments": "Databricks Public Delegated Subnet", + "name": "databrickspublic", + "addressPrefix": "10.4.6.0/25" + }, + "databricksPrivate": { + "comments": "Databricks Private Delegated Subnet", + "name": "databricksprivate", + "addressPrefix": "10.4.7.0/25" + }, + "privateEndpoints": { + "comments": "Private Endpoints Subnet", + "name": "privateendpoints", + "addressPrefix": "10.4.8.0/25" + }, + "aks": { + "comments": "AKS Subnet", + "name": "aks", + "addressPrefix": "10.4.9.0/25" + }, + "appService": { + "comments": "App Service Subnet", + "name": "appService", + "addressPrefix": "10.4.10.0/25" + }, + "optional": [] + } + } + } + } +} \ No newline at end of file diff --git a/config/variables/CanadaESLZ-archetypeNetworking.yml b/config/variables/CanadaESLZ-archetypeNetworking.yml new file mode 100644 index 00000000..0d22f73e --- /dev/null +++ b/config/variables/CanadaESLZ-archetypeNetworking.yml @@ -0,0 +1,79 @@ +# ---------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT license. +# +# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. +# ---------------------------------------------------------------------------------- + +# Environment YAML files can be used to supplement +# the variables specified in 'config/variables/common.yml'. You can: +# * Override existing common-vars.yml variable value settings, and +# * Create new variable values not present in common-vars.yml +# +# The naming convention for these YAML files is: +# {organization}-{branch}.yml +# +# where {organization} is the organization variable from the +# common.yml file +# and {branch} is the Azure Repos branch name used by the +# currently executing pipeline. + +variables: + + # Management Groups + var-managementgroup-hierarchy: > + { + "name": "Tenant Root Group", + "id": "343ddfdb-bef5-46d9-99cf-ed67d5948783", + "children": [ + { + "name": "Azure Landing Zones for Canadian Public Sector", + "id": "pubsec", + "children": [ + { + "name": "Platform", "id": "pubsecPlatform", + "children": [ + { "name": "Identity", "id": "pubsecPlatformIdentity", "children": [] }, + { "name": "Connectivity", "id": "pubsecPlatformConnectivity", "children": [] }, + { "name": "Management", "id": "pubsecPlatformManagement", "children": [] } + ] + }, + { + "name": "LandingZones", "id": "pubsecLandingZones", + "children": [ + { "name": "DevTest", "id": "pubsecLandingZonesDevTest", "children": [] }, + { "name": "QA", "id": "pubsecLandingZonesQA", "children": [] }, + { "name": "Prod", "id": "pubsecLandingZonesProd", "children": [] } + ] + }, + { + "name": "Sandbox", "id": "pubsecSandbox", + "children": [] + } + ] + } + ] + } + + # Logging + var-logging-region: $(deploymentRegion) + var-logging-managementGroupId: pubsecPlatformManagement + var-logging-subscriptionId: bc0a4f9f-07fa-4284-b1bd-fbad38578d3a + var-logging-configurationFileName: logging.parameters.json + + ## This parameter is only used for HIPAA/HITRUST Policy Assignment + var-logging-diagnosticSettingsforNetworkSecurityGroupsStoragePrefix: pubsecnsg + + # Hub Networking + var-hubnetwork-region: $(deploymentRegion) + var-hubnetwork-managementGroupId: pubsecPlatformConnectivity + var-hubnetwork-subscriptionId: ed7f4eed-9010-4227-b115-2a5e37728f27 + + ## Hub Network configuration using Azure Firewall - required when Azure Firewall is used + var-hubnetwork-azfwPolicy-configurationFileName: hub-azfw-policy/azure-firewall-policy.parameters.json + var-hubnetwork-azfw-configurationFileName: hub-azfw/hub-network.parameters.json + + ## Hub Network configuration using Network Virtual Appliance (NVA) - required when Network Virtual Appliance (NVA) like Fortigate Firewalls are used + var-hubnetwork-nva-configurationFileName: hub-nva/hub-network.parameters.json \ No newline at end of file From 0d73095cee9e450dd636a660c63ca66863ce2068 Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 12:22:42 -0400 Subject: [PATCH 04/14] Update references to optional subnets --- landingzones/lz-healthcare/main.bicep | 2 +- landingzones/lz-healthcare/networking.bicep | 6 +++--- landingzones/lz-machinelearning/main.bicep | 2 +- landingzones/lz-machinelearning/networking.bicep | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/landingzones/lz-healthcare/main.bicep b/landingzones/lz-healthcare/main.bicep index eafb7137..6ca0e2aa 100644 --- a/landingzones/lz-healthcare/main.bicep +++ b/landingzones/lz-healthcare/main.bicep @@ -76,7 +76,7 @@ param synapse object @description('Hub Network configuration that includes virtualNetworkId, rfc1918IPRange, rfc6598IPRange, egressVirtualApplianceIp, privateDnsManagedByHub flag, privateDnsManagedByHubSubscriptionId and privateDnsManagedByHubResourceGroupName.') param hubNetwork object -@description('Network configuration. Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, databricksPublic, databricksPrivate, web) ') +@description('Network configuration. Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, databricksPublic, databricksPrivate, web, optional [array of optional subnets]) ') param network object // Telemetry - Azure customer usage attribution diff --git a/landingzones/lz-healthcare/networking.bicep b/landingzones/lz-healthcare/networking.bicep index d4d56784..21bd7cf5 100644 --- a/landingzones/lz-healthcare/networking.bicep +++ b/landingzones/lz-healthcare/networking.bicep @@ -111,7 +111,7 @@ param hubNetwork object // } // } // } -@description('Network configuration. Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, databricksPublic, databricksPrivate, web) ') +@description('Network configuration. Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, databricksPublic, databricksPrivate, web, optional [array of optional subnets]).') param network object var hubVnetIdSplit = split(hubNetwork.virtualNetworkId, '/') @@ -147,7 +147,7 @@ var routesToHub = [ ] // Network Security Groups -resource nsg 'Microsoft.Network/networkSecurityGroups@2021-02-01' = [for subnet in network.optional: if (subnet.nsg.enabled) { +resource nsg 'Microsoft.Network/networkSecurityGroups@2021-02-01' = [for subnet in network.subnets.optional: if (subnet.nsg.enabled) { name: '${subnet.name}Nsg' location: location properties: { @@ -289,7 +289,7 @@ var requiredSubnets = [ } ] -var optionalSubnets = [for (subnet, i) in network.optional: { +var optionalSubnets = [for (subnet, i) in network.subnets.optional: { name: subnet.name properties: { addressPrefix: subnet.addressPrefix diff --git a/landingzones/lz-machinelearning/main.bicep b/landingzones/lz-machinelearning/main.bicep index a16f5601..3b3c5553 100644 --- a/landingzones/lz-machinelearning/main.bicep +++ b/landingzones/lz-machinelearning/main.bicep @@ -89,7 +89,7 @@ param aml object param hubNetwork object // Example (JSON) -@description('Network configuration. Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, sqlmi, databricksPublic, databricksPrivate, aks, appService) ') +@description('Network configuration. Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, sqlmi, databricksPublic, databricksPrivate, aks, appService, optional [array of optional subnets]).') param network object // Telemetry - Azure customer usage attribution diff --git a/landingzones/lz-machinelearning/networking.bicep b/landingzones/lz-machinelearning/networking.bicep index 54e5e2d0..ba2bba1d 100644 --- a/landingzones/lz-machinelearning/networking.bicep +++ b/landingzones/lz-machinelearning/networking.bicep @@ -132,7 +132,7 @@ param hubNetwork object // } // } // } -@description('Network configuration. Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, sqlmi, databricksPublic, databricksPrivate, aks, appService) ') +@description('Network configuration. Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, sqlmi, databricksPublic, databricksPrivate, aks, appService, optional [array of optional subnets]).) ') param network object var hubVnetIdSplit = split(hubNetwork.virtualNetworkId, '/') @@ -168,7 +168,7 @@ var routesToHub = [ ] // Network Security Groups -resource nsg 'Microsoft.Network/networkSecurityGroups@2021-02-01' = [for subnet in network.optional: if (subnet.nsg.enabled) { +resource nsg 'Microsoft.Network/networkSecurityGroups@2021-02-01' = [for subnet in network.subnets.optional: if (subnet.nsg.enabled) { name: '${subnet.name}Nsg' location: location properties: { @@ -356,7 +356,7 @@ var requiredSubnets = [ } ] -var optionalSubnets = [for (subnet, i) in network.optional: { +var optionalSubnets = [for (subnet, i) in network.subnets.optional: { name: subnet.name properties: { addressPrefix: subnet.addressPrefix From 8cff80de98a1b3cad3f7ed36b00cd51a89af36d4 Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 12:37:13 -0400 Subject: [PATCH 05/14] Add optional subnets --- ...04f2c98_machinelearning_canadacentral.json | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json index 2b2e213b..4ebc97e2 100644 --- a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json +++ b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json @@ -173,7 +173,33 @@ "name": "appService", "addressPrefix": "10.6.10.0/25" }, - "optional": [] + "optional": [ + { + "comments": "Optional Subnet 1", + "name": "virtualMachines", + "addressPrefix": "10.6.11.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Optional Subnet 2", + "name": "NetappVolumes", + "addressPrefix": "10.6.12.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.NetApp/volumes" + } + } + ] } } } From 26e7f2a6af6570dd57f5dcff9a81fc069a39d7d8 Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 12:48:26 -0400 Subject: [PATCH 06/14] Add optional subnets --- ...04f2c98_machinelearning_canadacentral.json | 2 +- .../lz-machinelearning/networking.bicep | 54 +++++++++++++++++++ 2 files changed, 55 insertions(+), 1 deletion(-) diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json index 4ebc97e2..f21d1da9 100644 --- a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json +++ b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json @@ -186,7 +186,7 @@ } }, { - "comments": "Optional Subnet 2", + "comments": "Optional Subnet 2 with delegation for NetApp Volumes", "name": "NetappVolumes", "addressPrefix": "10.6.12.0/25", "nsg": { diff --git a/landingzones/lz-machinelearning/networking.bicep b/landingzones/lz-machinelearning/networking.bicep index ba2bba1d..2d5cf79f 100644 --- a/landingzones/lz-machinelearning/networking.bicep +++ b/landingzones/lz-machinelearning/networking.bicep @@ -83,6 +83,33 @@ param hubNetwork object // "name": "appService", // "addressPrefix": "10.2.10.0/25" // } +// "optional": [ +// { +// "comments": "Optional Subnet 1", +// "name": "virtualMachines", +// "addressPrefix": "10.6.11.0/25", +// "nsg": { +// "enabled": true +// }, +// "udr": { +// "enabled": true +// } +// }, +// { +// "comments": "Optional Subnet 2 with delegation for NetApp Volumes", +// "name": "NetappVolumes", +// "addressPrefix": "10.6.12.0/25", +// "nsg": { +// "enabled": false +// }, +// "udr": { +// "enabled": false +// }, +// "delegations": { +// "serviceName": "Microsoft.NetApp/volumes" +// } +// } +// ] // } // } // } @@ -130,6 +157,33 @@ param hubNetwork object // name: 'appService' // addressPrefix: '10.2.10.0/25' // } +// optional: [ +// { +// comments: 'Optional Subnet 1' +// name: 'virtualMachines' +// addressPrefix: '10.6.11.0/25' +// nsg: { +// enabled: true +// }, +// udr: { +// enabled: true +// } +// }, +// { +// comments: 'Optional Subnet 2 with delegation for NetApp Volumes', +// name: 'NetappVolumes' +// addressPrefix: '10.6.12.0/25' +// nsg: { +// enabled: false +// }, +// udr: { +// enabled: false +// }, +// delegations: { +// serviceName: 'Microsoft.NetApp/volumes' +// } +// } +// ] // } // } @description('Network configuration. Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, sqlmi, databricksPublic, databricksPrivate, aks, appService, optional [array of optional subnets]).) ') From 473d1b2e22d3f731aa4b61dd8d2a242925f4f5da Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 12:52:08 -0400 Subject: [PATCH 07/14] Update example --- ...04f2c98_machinelearning_canadacentral.json | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json index 2b2e213b..f21d1da9 100644 --- a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json +++ b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json @@ -173,7 +173,33 @@ "name": "appService", "addressPrefix": "10.6.10.0/25" }, - "optional": [] + "optional": [ + { + "comments": "Optional Subnet 1", + "name": "virtualMachines", + "addressPrefix": "10.6.11.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Optional Subnet 2 with delegation for NetApp Volumes", + "name": "NetappVolumes", + "addressPrefix": "10.6.12.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.NetApp/volumes" + } + } + ] } } } From b21207186c985458c53eb26310aa7ac6348600c4 Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 12:55:13 -0400 Subject: [PATCH 08/14] Add optional subnets --- ...cbed91ab29a7_healthcare_canadacentral.json | 28 +++++++++- ...cbed91ab29a7_healthcare_canadacentral.json | 28 +++++++++- landingzones/lz-healthcare/networking.bicep | 56 ++++++++++++++++++- 3 files changed, 109 insertions(+), 3 deletions(-) diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json index daaf0c60..d5fa7aaf 100644 --- a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json +++ b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json @@ -145,7 +145,33 @@ "name": "webapp", "addressPrefix": "10.5.8.0/25" }, - "optional": [] + "optional": [ + { + "comments": "Optional Subnet 1", + "name": "virtualMachines", + "addressPrefix": "10.5.9.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Optional Subnet 2 with delegation for NetApp Volumes", + "name": "NetappVolumes", + "addressPrefix": "10.5.10.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.NetApp/volumes" + } + } + ] } } } diff --git a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json index daaf0c60..d5fa7aaf 100644 --- a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json +++ b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json @@ -145,7 +145,33 @@ "name": "webapp", "addressPrefix": "10.5.8.0/25" }, - "optional": [] + "optional": [ + { + "comments": "Optional Subnet 1", + "name": "virtualMachines", + "addressPrefix": "10.5.9.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Optional Subnet 2 with delegation for NetApp Volumes", + "name": "NetappVolumes", + "addressPrefix": "10.5.10.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.NetApp/volumes" + } + } + ] } } } diff --git a/landingzones/lz-healthcare/networking.bicep b/landingzones/lz-healthcare/networking.bicep index 21bd7cf5..389d1a23 100644 --- a/landingzones/lz-healthcare/networking.bicep +++ b/landingzones/lz-healthcare/networking.bicep @@ -72,7 +72,34 @@ param hubNetwork object // "comments": "Azure Web App Delegated Subnet", // "name": "webapp", // "addressPrefix": "10.2.8.0/25" -// } +// }, +// "optional": [ +// { +// "comments": "Optional Subnet 1", +// "name": "virtualMachines", +// "addressPrefix": "10.2.9.0/25", +// "nsg": { +// "enabled": true +// }, +// "udr": { +// "enabled": true +// } +// }, +// { +// "comments": "Optional Subnet 2 with delegation for NetApp Volumes", +// "name": "NetappVolumes", +// "addressPrefix": "10.2.10.0/25", +// "nsg": { +// "enabled": false +// }, +// "udr": { +// "enabled": false +// }, +// "delegations": { +// "serviceName": "Microsoft.NetApp/volumes" +// } +// } +// ] // } // } @@ -109,6 +136,33 @@ param hubNetwork object // name: 'webapp' // addressPrefix: '10.2.8.0/25' // } +// optional: [ +// { +// comments: 'Optional Subnet 1' +// name: 'virtualMachines' +// addressPrefix: '10.2.9.0/25' +// nsg: { +// enabled: true +// }, +// udr: { +// enabled: true +// } +// }, +// { +// comments: 'Optional Subnet 2 with delegation for NetApp Volumes', +// name: 'NetappVolumes' +// addressPrefix: '10.2.10.0/25' +// nsg: { +// enabled: false +// }, +// udr: { +// enabled: false +// }, +// delegations: { +// serviceName: 'Microsoft.NetApp/volumes' +// } +// } +// ] // } // } @description('Network configuration. Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, databricksPublic, databricksPrivate, web, optional [array of optional subnets]).') From 3f575ba7ad1c13be8c500b0dee6e968efe6e6dd7 Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 13:00:23 -0400 Subject: [PATCH 09/14] Test cases for optional subnets --- .../FullDeployment-With-OptionalSubnets.json | 212 +++++++++++++++ .../FullDeployment-With-OptionalSubnets.json | 244 ++++++++++++++++++ 2 files changed, 456 insertions(+) create mode 100644 tests/schemas/lz-healthcare/FullDeployment-With-OptionalSubnets.json create mode 100644 tests/schemas/lz-machinelearning/FullDeployment-With-OptionalSubnets.json diff --git a/tests/schemas/lz-healthcare/FullDeployment-With-OptionalSubnets.json b/tests/schemas/lz-healthcare/FullDeployment-With-OptionalSubnets.json new file mode 100644 index 00000000..53f3ff0d --- /dev/null +++ b/tests/schemas/lz-healthcare/FullDeployment-With-OptionalSubnets.json @@ -0,0 +1,212 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ + "Incident", + "Security" + ], + "regions": [ + "Global", + "Canada East", + "Canada Central" + ], + "receivers": { + "app": [ + "alzcanadapubsec@microsoft.com" + ], + "email": [ + "alzcanadapubsec@microsoft.com" + ], + "sms": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ], + "voice": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ] + }, + "actionGroupName": "Sub2 ALZ action group", + "actionGroupShortName": "sub2-alert", + "alertRuleName": "Sub2 ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Role: Contributor", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + }, + { + "comments": "Custom Role: Landing Zone Application Owner", + "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": true, + "name": "MonthlySubscriptionBudget", + "amount": 1000, + "timeGrain": "Monthly", + "contactEmails": [ + "alzcanadapubsec@microsoft.com" + ] + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tag" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "logAnalyticsWorkspaceResourceId": { + "value": "/subscriptions/bc0a4f9f-07fa-4284-b1bd-fbad38578d3a/resourcegroups/pubsec-central-logging-rg/providers/microsoft.operationalinsights/workspaces/log-analytics-workspace" + }, + "resourceGroups": { + "value": { + "automation": "healthAutomation", + "compute": "healthCompute", + "monitor": "healthMonitor", + "networking": "healthNetwork", + "networkWatcher": "NetworkWatcherRG", + "security": "healthSecurity", + "storage": "healthStorage" + } + }, + "useCMK": { + "value": true + }, + "keyVault": { + "value": { + "secretExpiryInDays": 3650 + } + }, + "automation": { + "value": { + "name": "healthautomation" + } + }, + "sqldb": { + "value": { + "enabled": true, + "aadAuthenticationOnly": true, + "aadLoginName": "DBA Group", + "aadLoginObjectID": "4e4ea47c-ee21-4add-ad2f-a75d0d8014e0", + "aadLoginType": "Group" + } + }, + "synapse": { + "value": { + "aadAuthenticationOnly": false, + "sqlAuthenticationUsername": "kubo", + "aadLoginName": "az.admins", + "aadLoginObjectID": "e0357d81-55d8-44e9-9d9c-ab09dc710785", + "aadLoginType": "Group" + } + }, + "hubNetwork": { + "value": { + "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", + "rfc1918IPRange": "10.18.0.0/22", + "rfc6598IPRange": "100.60.0.0/16", + "egressVirtualApplianceIp": "10.18.1.4", + "privateDnsManagedByHub": true, + "privateDnsManagedByHubSubscriptionId": "ed7f4eed-9010-4227-b115-2a5e37728f27", + "privateDnsManagedByHubResourceGroupName": "pubsec-dns-rg" + } + }, + "network": { + "value": { + "peerToHubVirtualNetwork": true, + "useRemoteGateway": false, + "name": "healthvnet", + "dnsServers": [ + "10.18.1.4" + ], + "addressPrefixes": [ + "10.5.0.0/16" + ], + "subnets": { + "databricksPublic": { + "comments": "Databricks Public Delegated Subnet", + "name": "databrickspublic", + "addressPrefix": "10.5.5.0/25" + }, + "databricksPrivate": { + "comments": "Databricks Private Delegated Subnet", + "name": "databricksprivate", + "addressPrefix": "10.5.6.0/25" + }, + "privateEndpoints": { + "comments": "Private Endpoints Subnet", + "name": "privateendpoints", + "addressPrefix": "10.5.7.0/25" + }, + "web": { + "comments": "Azure Web App Delegated Subnet", + "name": "webapp", + "addressPrefix": "10.5.8.0/25" + }, + "optional": [ + { + "comments": "Optional Subnet 1", + "name": "virtualMachines", + "addressPrefix": "10.5.9.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Optional Subnet 2 with delegation for NetApp Volumes", + "name": "NetappVolumes", + "addressPrefix": "10.5.10.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.NetApp/volumes" + } + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/tests/schemas/lz-machinelearning/FullDeployment-With-OptionalSubnets.json b/tests/schemas/lz-machinelearning/FullDeployment-With-OptionalSubnets.json new file mode 100644 index 00000000..2d8335e7 --- /dev/null +++ b/tests/schemas/lz-machinelearning/FullDeployment-With-OptionalSubnets.json @@ -0,0 +1,244 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ + "Incident", + "Security" + ], + "regions": [ + "Global", + "Canada East", + "Canada Central" + ], + "receivers": { + "app": [ + "alzcanadapubsec@microsoft.com" + ], + "email": [ + "alzcanadapubsec@microsoft.com" + ], + "sms": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ], + "voice": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ] + }, + "actionGroupName": "Sub3 ALZ action group", + "actionGroupShortName": "sub3-alert", + "alertRuleName": "Sub3 ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Role: Contributor", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + }, + { + "comments": "Custom Role: Landing Zone Application Owner", + "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": true, + "name": "MonthlySubscriptionBudget", + "amount": 1000, + "timeGrain": "Monthly", + "contactEmails": [ + "alzcanadapubsec@microsoft.com" + ] + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tag" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "logAnalyticsWorkspaceResourceId": { + "value": "/subscriptions/bc0a4f9f-07fa-4284-b1bd-fbad38578d3a/resourcegroups/pubsec-central-logging-rg/providers/microsoft.operationalinsights/workspaces/log-analytics-workspace" + }, + "resourceGroups": { + "value": { + "automation": "azmlcmkAutomation", + "compute": "azmlcmkCompute", + "monitor": "azmlcmkMonitor", + "networking": "azmlcmkNetwork", + "networkWatcher": "NetworkWatcherRG", + "security": "azmlcmkSecurity", + "storage": "azmlcmkStorage" + } + }, + "useCMK": { + "value": true + }, + "automation": { + "value": { + "name": "azmlcmkautomation" + } + }, + "keyVault": { + "value": { + "secretExpiryInDays": 3650 + } + }, + "aks": { + "value": { + "version": "1.21.2", + "enabled": true, + "networkPlugin": "kubenet", + "networkPolicy": "calico", + "podCidr": "11.0.0.0/16", + "serviceCidr": "20.0.0.0/16", + "dnsServiceIP": "20.0.0.10", + "dockerBridgeCidr": "30.0.0.1/16" + } + }, + "appServiceLinuxContainer": { + "value": { + "enabled": true, + "skuName": "P1V2", + "skuTier": "Premium", + "enablePrivateEndpoint": true + } + }, + "sqldb": { + "value": { + "enabled": true, + "aadAuthenticationOnly": true, + "aadLoginName": "DBA Group", + "aadLoginObjectID": "4e4ea47c-ee21-4add-ad2f-a75d0d8014e0", + "aadLoginType": "Group" + } + }, + "sqlmi": { + "value": { + "enabled": true, + "username": "azadmin" + } + }, + "aml": { + "value": { + "enableHbiWorkspace": false + } + }, + "hubNetwork": { + "value": { + "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", + "rfc1918IPRange": "10.18.0.0/22", + "rfc6598IPRange": "100.60.0.0/16", + "egressVirtualApplianceIp": "10.18.1.4", + "privateDnsManagedByHub": true, + "privateDnsManagedByHubSubscriptionId": "ed7f4eed-9010-4227-b115-2a5e37728f27", + "privateDnsManagedByHubResourceGroupName": "pubsec-dns-rg" + } + }, + "network": { + "value": { + "peerToHubVirtualNetwork": true, + "useRemoteGateway": false, + "name": "azmlcmkvnet", + "dnsServers": [ + "10.18.1.4" + ], + "addressPrefixes": [ + "10.1.0.0/16" + ], + "subnets": { + "sqlmi": { + "comments": "SQL Managed Instances Delegated Subnet", + "name": "sqlmi", + "addressPrefix": "10.1.5.0/25" + }, + "databricksPublic": { + "comments": "Databricks Public Delegated Subnet", + "name": "databrickspublic", + "addressPrefix": "10.1.6.0/25" + }, + "databricksPrivate": { + "comments": "Databricks Private Delegated Subnet", + "name": "databricksprivate", + "addressPrefix": "10.1.7.0/25" + }, + "privateEndpoints": { + "comments": "Private Endpoints Subnet", + "name": "privateendpoints", + "addressPrefix": "10.1.8.0/25" + }, + "aks": { + "comments": "AKS Subnet", + "name": "aks", + "addressPrefix": "10.1.9.0/25" + }, + "appService": { + "comments": "App Service Subnet", + "name": "appService", + "addressPrefix": "10.1.10.0/25" + }, + "optional": [ + { + "comments": "Optional Subnet 1", + "name": "virtualMachines", + "addressPrefix": "10.1.11.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Optional Subnet 2 with delegation for NetApp Volumes", + "name": "NetappVolumes", + "addressPrefix": "10.1.12.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.NetApp/volumes" + } + } + ] + } + } + } + } +} \ No newline at end of file From e56a4c31291a9853bdc33cd27816b47dc099bee0 Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 13:07:18 -0400 Subject: [PATCH 10/14] Update schema changelog --- schemas/latest/readme.md | 158 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 158 insertions(+) diff --git a/schemas/latest/readme.md b/schemas/latest/readme.md index 63513b12..eed29978 100644 --- a/schemas/latest/readme.md +++ b/schemas/latest/readme.md @@ -2,6 +2,164 @@ ## Landing Zone Schemas +### April 21, 2022 + +* Schema definition update for Machine Learning & Healthcare archetypes. Expanded the spoke network subnet configuration to contain 0 or more optional subnets. This change enables network configuration to be more flexible. + + * Machine Learning archetype with optional subnets + +
+ Expand/collapse + + ```json + "network": { + "value": { + "peerToHubVirtualNetwork": true, + "useRemoteGateway": false, + "name": "azmlsqlauth2022Q1vnet", + "dnsServers": [ + "10.18.1.4" + ], + "addressPrefixes": [ + "10.6.0.0/16" + ], + "subnets": { + "sqlmi": { + "comments": "SQL Managed Instances Delegated Subnet", + "name": "sqlmi", + "addressPrefix": "10.6.5.0/25" + }, + "databricksPublic": { + "comments": "Databricks Public Delegated Subnet", + "name": "databrickspublic", + "addressPrefix": "10.6.6.0/25" + }, + "databricksPrivate": { + "comments": "Databricks Private Delegated Subnet", + "name": "databricksprivate", + "addressPrefix": "10.6.7.0/25" + }, + "privateEndpoints": { + "comments": "Private Endpoints Subnet", + "name": "privateendpoints", + "addressPrefix": "10.6.8.0/25" + }, + "aks": { + "comments": "AKS Subnet", + "name": "aks", + "addressPrefix": "10.6.9.0/25" + }, + "appService": { + "comments": "App Service Subnet", + "name": "appService", + "addressPrefix": "10.6.10.0/25" + }, + "optional": [ + { + "comments": "Optional Subnet 1", + "name": "virtualMachines", + "addressPrefix": "10.6.11.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Optional Subnet 2 with delegation for NetApp Volumes", + "name": "NetappVolumes", + "addressPrefix": "10.6.12.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.NetApp/volumes" + } + } + ] + } + } + } + ``` + +
+ + * Healthcare archetype with optional subnets + +
+ Expand/collapse + + ```json + "network": { + "value": { + "peerToHubVirtualNetwork": true, + "useRemoteGateway": false, + "name": "health2022Q1vnet", + "dnsServers": [ + "10.18.1.4" + ], + "addressPrefixes": [ + "10.5.0.0/16" + ], + "subnets": { + "databricksPublic": { + "comments": "Databricks Public Delegated Subnet", + "name": "databrickspublic", + "addressPrefix": "10.5.5.0/25" + }, + "databricksPrivate": { + "comments": "Databricks Private Delegated Subnet", + "name": "databricksprivate", + "addressPrefix": "10.5.6.0/25" + }, + "privateEndpoints": { + "comments": "Private Endpoints Subnet", + "name": "privateendpoints", + "addressPrefix": "10.5.7.0/25" + }, + "web": { + "comments": "Azure Web App Delegated Subnet", + "name": "webapp", + "addressPrefix": "10.5.8.0/25" + }, + "optional": [ + { + "comments": "Optional Subnet 1", + "name": "virtualMachines", + "addressPrefix": "10.5.9.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Optional Subnet 2 with delegation for NetApp Volumes", + "name": "NetappVolumes", + "addressPrefix": "10.5.10.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.NetApp/volumes" + } + } + ] + } + } + } + ``` + +
+ ### April 20, 2022 * Schema definition update for Generic Subscription. Spoke network's subnet configuration is now defined as an array. The array can have 0 to many subnet definitions. From 4cbb2a9f270fc58b5283f6447a11694957cded31 Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 13:13:26 -0400 Subject: [PATCH 11/14] Update archetype docs --- docs/archetypes/healthcare.md | 32 ++++++++++++++++++++++++++-- docs/archetypes/machinelearning.md | 34 +++++++++++++++++++++++++++--- 2 files changed, 61 insertions(+), 5 deletions(-) diff --git a/docs/archetypes/healthcare.md b/docs/archetypes/healthcare.md index 5a61945f..1537a661 100644 --- a/docs/archetypes/healthcare.md +++ b/docs/archetypes/healthcare.md @@ -265,6 +265,7 @@ As an administrator, you can lock a subscription, resource group, or resource to | Deployment with Hub Virtual Network | [tests/schemas/lz-healthcare/FullDeployment-With-Hub.json](../../tests/schemas/lz-healthcare/FullDeployment-With-Hub.json) | - | | Deployment with Location | [tests/schemas/lz-healthcare/FullDeployment-With-Location.json](../../tests/schemas/lz-healthcare/FullDeployment-With-Location.json) | `parameters.location.value` is `canadacentral` | | Deployment without Hub Virtual Network | [tests/schemas/lz-healthcare/FullDeployment-Without-Hub.json](../../tests/schemas/lz-healthcare/FullDeployment-Without-Hub.json) | `parameters.hubNetwork.value.*` fields are empty & `parameters.network.value.peerToHubVirtualNetwork` is false. | +| Deployment with optional subnets | [tests/schemas/lz-healthcare/FullDeployment-With-OptionalSubnets.json](../../tests/schemas/lz-healthcare/FullDeployment-With-OptionalSubnets.json) | `parameters.network.subnets.optional` array is set with optional subnets. | | Deployment with subscription budget | [tests/schemas/lz-healthcare/BudgetIsTrue.json](../../tests/schemas/lz-healthcare/BudgetIsTrue.json) | `parameters.subscriptionBudget.value.createBudget` is set to `true` and budget information filled in. | | Deployment without subscription budget | [tests/schemas/lz-healthcare/BudgetIsFalse.json](../../tests/schemas/lz-healthcare/BudgetIsFalse.json) | `parameters.subscriptionBudget.value.createBudget` is set to `false` and budget information removed. | | Deployment without resource tags | [tests/schemas/lz-healthcare/EmptyResourceTags.json](../../tests/schemas/lz-healthcare/EmptyResourceTags.json) | `parameters.resourceTags.value` is an empty object. | @@ -290,7 +291,7 @@ This example configures: 6. Resource Tags (aligned to the default tags defined in [Policies](../../policy/custom/definitions/policyset/Tags.parameters.json)) 7. Log Analytics Workspace integration through Azure Defender for Cloud 8. Automation Account -9. Spoke Virtual Network with Hub-managed DNS, Hub-managed private endpoint DNS Zones, Virtual Network Peering and all required subnets (zones). +9. Spoke Virtual Network with Hub-managed DNS, Hub-managed private endpoint DNS Zones, Virtual Network Peering and all required subnets and 2 optional subnets. 10. Deploys Azure resources with Customer Managed Keys. > **Note 1:** Azure Automation Account is not deployed with Customer Managed Key as it requires an Azure Key Vault instance with public network access. @@ -454,7 +455,34 @@ This example configures: "comments": "Azure Web App Delegated Subnet", "name": "webapp", "addressPrefix": "10.5.8.0/25" - } + }, + "optional": [ + { + "comments": "Optional Subnet 1", + "name": "virtualMachines", + "addressPrefix": "10.5.9.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Optional Subnet 2 with delegation for NetApp Volumes", + "name": "NetappVolumes", + "addressPrefix": "10.5.10.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.NetApp/volumes" + } + } + ] } } } diff --git a/docs/archetypes/machinelearning.md b/docs/archetypes/machinelearning.md index e4459ebc..84f5e70c 100644 --- a/docs/archetypes/machinelearning.md +++ b/docs/archetypes/machinelearning.md @@ -266,6 +266,7 @@ As an administrator, you can lock a subscription, resource group, or resource to | Deployment with Hub Virtual Network | [tests/schemas/lz-machinelearning/FullDeployment-With-Hub.json](../../tests/schemas/lz-machinelearning/FullDeployment-With-Hub.json) | - | | Deployment with Location | [tests/schemas/lz-machinelearning/FullDeployment-With-Location.json](../../tests/schemas/lz-machinelearning/FullDeployment-With-Location.json) | `parameters.location.value` is `canadacentral` | | Deployment without Hub Virtual Network | [tests/schemas/lz-machinelearning/FullDeployment-Without-Hub.json](../../tests/schemas/lz-machinelearning/FullDeployment-Without-Hub.json) | `parameters.hubNetwork.value.*` fields are empty & `parameters.network.value.peerToHubVirtualNetwork` is false. | +| Deployment with optional subnets | [tests/schemas/lz-machinelearning/FullDeployment-With-OptionalSubnets.json](../../tests/schemas/lz-machinelearning/FullDeployment-With-OptionalSubnets.json) | `parameters.network.subnets.optional` array is set with optional subnets. | | Deployment with subscription budget | [tests/schemas/lz-machinelearning/BudgetIsTrue.json](../../tests/schemas/lz-machinelearning/BudgetIsTrue.json) | `parameters.subscriptionBudget.value.createBudget` is set to `true` and budget information filled in. | | Deployment without subscription budget | [tests/schemas/lz-machinelearning/BudgetIsFalse.json](../../tests/schemas/lz-machinelearning/BudgetIsFalse.json) | `parameters.subscriptionBudget.value.createBudget` is set to `false` and budget information removed. | | Deployment without resource tags | [tests/schemas/lz-machinelearning/EmptyResourceTags.json](../../tests/schemas/lz-machinelearning/EmptyResourceTags.json) | `parameters.resourceTags.value` is an empty object. | @@ -295,7 +296,7 @@ This example configures: 6. Resource Tags (aligned to the default tags defined in [Policies](../../policy/custom/definitions/policyset/Tags.parameters.json)) 7. Log Analytics Workspace integration through Azure Defender for Cloud 8. Automation Account -9. Spoke Virtual Network with Hub-managed DNS, Hub-managed private endpoint DNS Zones, Virtual Network Peering and all required subnets (zones). +9. Spoke Virtual Network with Hub-managed DNS, Hub-managed private endpoint DNS Zones, Virtual Network Peering and all required subnets and 2 optional subnets. 10. Deploys Azure resources with Customer Managed Keys. > **Note 1:** Azure Automation Account is not deployed with Customer Managed Key as it requires an Azure Key Vault instance with public network access. @@ -488,12 +489,39 @@ This example configures: "comments": "AKS Subnet", "name": "aks", "addressPrefix": "10.4.9.0/25" - } + }, "appService": { "comments": "App Service Subnet", "name": "appService", "addressPrefix": "10.4.10.0/25" - } + }, + "optional": [ + { + "comments": "Optional Subnet 1", + "name": "virtualMachines", + "addressPrefix": "10.4.11.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Optional Subnet 2 with delegation for NetApp Volumes", + "name": "NetappVolumes", + "addressPrefix": "10.4.12.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.NetApp/volumes" + } + } + ] } } } From e4e12eca72b83bac5f579f79f30d1bc6d7695c26 Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 13:23:58 -0400 Subject: [PATCH 12/14] Update schema changelog --- schemas/latest/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/schemas/latest/readme.md b/schemas/latest/readme.md index eed29978..c5bf2758 100644 --- a/schemas/latest/readme.md +++ b/schemas/latest/readme.md @@ -6,7 +6,7 @@ * Schema definition update for Machine Learning & Healthcare archetypes. Expanded the spoke network subnet configuration to contain 0 or more optional subnets. This change enables network configuration to be more flexible. - * Machine Learning archetype with optional subnets + * Machine Learning archetype network configuration with optional subnets
Expand/collapse @@ -88,7 +88,7 @@
- * Healthcare archetype with optional subnets + * Healthcare archetype network configuration with optional subnets
Expand/collapse From abdb8c6be462b61c64ca18e6bc81c9255ac08b9d Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 13:35:43 -0400 Subject: [PATCH 13/14] Test config without optional subnets --- ...cbed91ab29a7_healthcare_canadacentral.json | 81 +++++++++---------- ...04f2c98_machinelearning_canadacentral.json | 73 ++++++++--------- 2 files changed, 72 insertions(+), 82 deletions(-) diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json index d5fa7aaf..bd9bd518 100644 --- a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json +++ b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json @@ -5,13 +5,34 @@ "serviceHealthAlerts": { "value": { "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ "Incident", "Security" ], - "regions": [ "Global", "Canada East", "Canada Central" ], + "incidentTypes": [ + "Incident", + "Security" + ], + "regions": [ + "Global", + "Canada East", + "Canada Central" + ], "receivers": { - "app": [ "alzcanadapubsec@microsoft.com" ], - "email": [ "alzcanadapubsec@microsoft.com" ], - "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], - "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] + "app": [ + "alzcanadapubsec@microsoft.com" + ], + "email": [ + "alzcanadapubsec@microsoft.com" + ], + "sms": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ], + "voice": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ] }, "actionGroupName": "Sub2 ALZ action group", "actionGroupShortName": "sub2-alert", @@ -89,19 +110,19 @@ }, "sqldb": { "value": { - "enabled": true, - "sqlAuthenticationUsername": "azadmin", - "aadAuthenticationOnly":false + "enabled": true, + "sqlAuthenticationUsername": "azadmin", + "aadAuthenticationOnly": false } - }, - "synapse": { + }, + "synapse": { "value": { - "aadAuthenticationOnly": true, - "aadLoginName": "az.admins", - "aadLoginObjectID": "e0357d81-55d8-44e9-9d9c-ab09dc710785", - "aadLoginType":"Group" + "aadAuthenticationOnly": true, + "aadLoginName": "az.admins", + "aadLoginObjectID": "e0357d81-55d8-44e9-9d9c-ab09dc710785", + "aadLoginType": "Group" } - }, + }, "hubNetwork": { "value": { "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", @@ -145,33 +166,7 @@ "name": "webapp", "addressPrefix": "10.5.8.0/25" }, - "optional": [ - { - "comments": "Optional Subnet 1", - "name": "virtualMachines", - "addressPrefix": "10.5.9.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - { - "comments": "Optional Subnet 2 with delegation for NetApp Volumes", - "name": "NetappVolumes", - "addressPrefix": "10.5.10.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.NetApp/volumes" - } - } - ] + "optional": [] } } } diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json index f21d1da9..d0496960 100644 --- a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json +++ b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json @@ -5,13 +5,34 @@ "serviceHealthAlerts": { "value": { "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ "Incident", "Security" ], - "regions": [ "Global", "Canada East", "Canada Central" ], + "incidentTypes": [ + "Incident", + "Security" + ], + "regions": [ + "Global", + "Canada East", + "Canada Central" + ], "receivers": { - "app": [ "alzcanadapubsec@microsoft.com" ], - "email": [ "alzcanadapubsec@microsoft.com" ], - "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], - "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] + "app": [ + "alzcanadapubsec@microsoft.com" + ], + "email": [ + "alzcanadapubsec@microsoft.com" + ], + "sms": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ], + "voice": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ] }, "actionGroupName": "Sub5 ALZ action group", "actionGroupShortName": "sub5-alert", @@ -84,10 +105,10 @@ "value": { "version": "1.22.6", "enabled": true, - "networkPlugin": "kubenet" , + "networkPlugin": "kubenet", "networkPolicy": "calico", "podCidr": "11.0.0.0/16", - "serviceCidr": "20.0.0.0/16" , + "serviceCidr": "20.0.0.0/16", "dnsServiceIP": "20.0.0.10", "dockerBridgeCidr": "30.0.0.1/16" } @@ -105,9 +126,9 @@ "enabled": true, "sqlAuthenticationUsername": "azadmin", "aadAuthenticationOnly": false, - "aadLoginName":"DBA Security Group", - "aadLoginObjectID":"e0357d81-55d8-44e9-9d9c-ab09dc710785", - "aadLoginType":"Group" + "aadLoginName": "DBA Security Group", + "aadLoginObjectID": "e0357d81-55d8-44e9-9d9c-ab09dc710785", + "aadLoginType": "Group" } }, "sqlmi": { @@ -173,35 +194,9 @@ "name": "appService", "addressPrefix": "10.6.10.0/25" }, - "optional": [ - { - "comments": "Optional Subnet 1", - "name": "virtualMachines", - "addressPrefix": "10.6.11.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - { - "comments": "Optional Subnet 2 with delegation for NetApp Volumes", - "name": "NetappVolumes", - "addressPrefix": "10.6.12.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.NetApp/volumes" - } - } - ] + "optional": [] } } } } -} +} \ No newline at end of file From 60e4166e4af00586681dffc94e61caf41a7d6d41 Mon Sep 17 00:00:00 2001 From: Senthuran Sivananthan Date: Thu, 21 Apr 2022 13:46:51 -0400 Subject: [PATCH 14/14] Remove branch configs --- .../logging.parameters.json | 93 ------ .../azure-firewall-policy.parameters.json | 22 -- .../hub-azfw/hub-network.parameters.json | 196 ------------ .../hub-nva/hub-network.parameters.json | 300 ------------------ ...c0_generic-subscription_canadacentral.json | 171 ---------- ...cbed91ab29a7_healthcare_canadacentral.json | 174 ---------- ...04f2c98_machinelearning_canadacentral.json | 202 ------------ ...1dd0e27_machinelearning_canadacentral.json | 185 ----------- ...5b60c30_machinelearning_canadacentral.json | 185 ----------- ...8a144aa_machinelearning_canadacentral.json | 186 ----------- .../CanadaESLZ-archetypeNetworking.yml | 79 ----- 11 files changed, 1793 deletions(-) delete mode 100644 config/logging/CanadaESLZ-archetypeNetworking/logging.parameters.json delete mode 100644 config/networking/CanadaESLZ-archetypeNetworking/hub-azfw-policy/azure-firewall-policy.parameters.json delete mode 100644 config/networking/CanadaESLZ-archetypeNetworking/hub-azfw/hub-network.parameters.json delete mode 100644 config/networking/CanadaESLZ-archetypeNetworking/hub-nva/hub-network.parameters.json delete mode 100644 config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/4f9f8765-911a-4a6d-af60-4bc0473268c0_generic-subscription_canadacentral.json delete mode 100644 config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json delete mode 100644 config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json delete mode 100644 config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json delete mode 100644 config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json delete mode 100644 config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json delete mode 100644 config/variables/CanadaESLZ-archetypeNetworking.yml diff --git a/config/logging/CanadaESLZ-archetypeNetworking/logging.parameters.json b/config/logging/CanadaESLZ-archetypeNetworking/logging.parameters.json deleted file mode 100644 index 69ff8cae..00000000 --- a/config/logging/CanadaESLZ-archetypeNetworking/logging.parameters.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "serviceHealthAlerts": { - "value": { - "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ - "Incident", - "Security" - ], - "regions": [ - "Global", - "Canada East", - "Canada Central" - ], - "receivers": { - "app": [ - "alzcanadapubsec@microsoft.com" - ], - "email": [ - "alzcanadapubsec@microsoft.com" - ], - "sms": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ], - "voice": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ] - }, - "actionGroupName": "ALZ action group", - "actionGroupShortName": "alz-alert", - "alertRuleName": "ALZ alert rule", - "alertRuleDescription": "Alert rule for Azure Landing Zone" - } - }, - "securityCenter": { - "value": { - "email": "alzcanadapubsec@microsoft.com", - "phone": "5555555555" - } - }, - "subscriptionRoleAssignments": { - "value": [ - { - "comments": "Built-in Contributor Role", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - } - ] - }, - "subscriptionBudget": { - "value": { - "createBudget": false - } - }, - "subscriptionTags": { - "value": { - "ISSO": "isso-tbd" - } - }, - "resourceTags": { - "value": { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - }, - "logAnalyticsResourceGroupName": { - "value": "pubsec-central-logging-rg" - }, - "logAnalyticsWorkspaceName": { - "value": "log-analytics-workspace" - }, - "logAnalyticsRetentionInDays": { - "value": 730 - }, - "logAnalyticsAutomationAccountName": { - "value": "automation-account" - } - } -} \ No newline at end of file diff --git a/config/networking/CanadaESLZ-archetypeNetworking/hub-azfw-policy/azure-firewall-policy.parameters.json b/config/networking/CanadaESLZ-archetypeNetworking/hub-azfw-policy/azure-firewall-policy.parameters.json deleted file mode 100644 index 9fc52f4c..00000000 --- a/config/networking/CanadaESLZ-archetypeNetworking/hub-azfw-policy/azure-firewall-policy.parameters.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "resourceTags": { - "value": { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - }, - "resourceGroupName": { - "value": "pubsec-azure-firewall-policy-rg" - }, - "policyName": { - "value": "pubsecAzureFirewallPolicy" - } - } -} \ No newline at end of file diff --git a/config/networking/CanadaESLZ-archetypeNetworking/hub-azfw/hub-network.parameters.json b/config/networking/CanadaESLZ-archetypeNetworking/hub-azfw/hub-network.parameters.json deleted file mode 100644 index be474d85..00000000 --- a/config/networking/CanadaESLZ-archetypeNetworking/hub-azfw/hub-network.parameters.json +++ /dev/null @@ -1,196 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "serviceHealthAlerts": { - "value": { - "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ - "Incident", - "Security" - ], - "regions": [ - "Global", - "Canada East", - "Canada Central" - ], - "receivers": { - "app": [ - "alzcanadapubsec@microsoft.com" - ], - "email": [ - "alzcanadapubsec@microsoft.com" - ], - "sms": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ], - "voice": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ] - }, - "actionGroupName": "ALZ action group", - "actionGroupShortName": "alz-alert", - "alertRuleName": "ALZ alert rule", - "alertRuleDescription": "Alert rule for Azure Landing Zone" - } - }, - "securityCenter": { - "value": { - "email": "alzcanadapubsec@microsoft.com", - "phone": "5555555555" - } - }, - "subscriptionRoleAssignments": { - "value": [ - { - "comments": "Built-in Contributor Role", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - } - ] - }, - "subscriptionBudget": { - "value": { - "createBudget": false - } - }, - "subscriptionTags": { - "value": { - "ISSO": "isso-tbd" - } - }, - "resourceTags": { - "value": { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - }, - "deployPrivateDnsZones": { - "value": true - }, - "rgPrivateDnsZonesName": { - "value": "pubsec-dns-rg" - }, - "deployDdosStandard": { - "value": false - }, - "rgDdosName": { - "value": "pubsec-ddos-rg" - }, - "ddosPlanName": { - "value": "ddos-plan" - }, - "bastionName": { - "value": "bastion" - }, - "bastionSku": { - "value": "Standard" - }, - "bastionScaleUnits": { - "value": 2 - }, - "rgPazName": { - "value": "pubsec-public-access-zone-rg" - }, - "rgMrzName": { - "value": "pubsec-management-restricted-zone-rg" - }, - "mrzVnetName": { - "value": "management-restricted-vnet" - }, - "mrzVnetAddressPrefixRFC1918": { - "value": "10.18.4.0/22" - }, - "mrzMazSubnetName": { - "value": "MazSubnet" - }, - "mrzMazSubnetAddressPrefix": { - "value": "10.18.4.0/25" - }, - "mrzInfSubnetName": { - "value": "InfSubnet" - }, - "mrzInfSubnetAddressPrefix": { - "value": "10.18.4.128/25" - }, - "mrzSecSubnetName": { - "value": "SecSubnet" - }, - "mrzSecSubnetAddressPrefix": { - "value": "10.18.5.0/26" - }, - "mrzLogSubnetName": { - "value": "LogSubnet" - }, - "mrzLogSubnetAddressPrefix": { - "value": "10.18.5.64/26" - }, - "mrzMgmtSubnetName": { - "value": "MgmtSubnet" - }, - "mrzMgmtSubnetAddressPrefix": { - "value": "10.18.5.128/26" - }, - "rgHubName": { - "value": "pubsec-hub-networking-rg" - }, - "hubVnetName": { - "value": "hub-vnet" - }, - "hubVnetAddressPrefixRFC1918": { - "value": "10.18.0.0/22" - }, - "hubVnetAddressPrefixRFC6598": { - "value": "100.60.0.0/16" - }, - "hubVnetAddressPrefixBastion": { - "value": "192.168.0.0/16" - }, - "hubPazSubnetName": { - "value": "PAZSubnet" - }, - "hubPazSubnetAddressPrefix": { - "value": "100.60.1.0/24" - }, - "hubGatewaySubnetAddressPrefix": { - "value": "10.18.0.0/27" - }, - "hubAzureFirewallSubnetAddressPrefix": { - "value": "10.18.1.0/24" - }, - "hubAzureFirewallManagementSubnetAddressPrefix": { - "value": "10.18.2.0/26" - }, - "hubBastionSubnetAddressPrefix": { - "value": "192.168.0.0/24" - }, - "azureFirewallName": { - "value": "pubsecAzureFirewall" - }, - "azureFirewallZones": { - "value": [ - "1", - "2", - "3" - ] - }, - "azureFirewallForcedTunnelingEnabled": { - "value": false - }, - "azureFirewallForcedTunnelingNextHop": { - "value": "10.17.1.4" - } - } -} \ No newline at end of file diff --git a/config/networking/CanadaESLZ-archetypeNetworking/hub-nva/hub-network.parameters.json b/config/networking/CanadaESLZ-archetypeNetworking/hub-nva/hub-network.parameters.json deleted file mode 100644 index 1cf88142..00000000 --- a/config/networking/CanadaESLZ-archetypeNetworking/hub-nva/hub-network.parameters.json +++ /dev/null @@ -1,300 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "serviceHealthAlerts": { - "value": { - "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ - "Incident", - "Security" - ], - "regions": [ - "Global", - "Canada East", - "Canada Central" - ], - "receivers": { - "app": [ - "alzcanadapubsec@microsoft.com" - ], - "email": [ - "alzcanadapubsec@microsoft.com" - ], - "sms": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ], - "voice": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ] - }, - "actionGroupName": "ALZ action group", - "actionGroupShortName": "alz-alert", - "alertRuleName": "ALZ alert rule", - "alertRuleDescription": "Alert rule for Azure Landing Zone" - } - }, - "securityCenter": { - "value": { - "email": "alzcanadapubsec@microsoft.com", - "phone": "5555555555" - } - }, - "subscriptionRoleAssignments": { - "value": [ - { - "comments": "Built-in Contributor Role", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - } - ] - }, - "subscriptionBudget": { - "value": { - "createBudget": false - } - }, - "subscriptionTags": { - "value": { - "ISSO": "isso-tbd" - } - }, - "resourceTags": { - "value": { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - }, - "deployPrivateDnsZones": { - "value": true - }, - "rgPrivateDnsZonesName": { - "value": "pubsec-dns-rg" - }, - "deployDdosStandard": { - "value": false - }, - "rgDdosName": { - "value": "pubsec-ddos-rg" - }, - "ddosPlanName": { - "value": "ddos-plan" - }, - "bastionName": { - "value": "bastion" - }, - "bastionSku": { - "value": "Standard" - }, - "bastionScaleUnits": { - "value": 2 - }, - "rgPazName": { - "value": "pubsec-public-access-zone-rg" - }, - "rgMrzName": { - "value": "pubsec-management-restricted-zone-rg" - }, - "mrzVnetName": { - "value": "management-restricted-vnet" - }, - "mrzVnetAddressPrefixRFC1918": { - "value": "10.18.4.0/22" - }, - "mrzMazSubnetName": { - "value": "MazSubnet" - }, - "mrzMazSubnetAddressPrefix": { - "value": "10.18.4.0/25" - }, - "mrzInfSubnetName": { - "value": "InfSubnet" - }, - "mrzInfSubnetAddressPrefix": { - "value": "10.18.4.128/25" - }, - "mrzSecSubnetName": { - "value": "SecSubnet" - }, - "mrzSecSubnetAddressPrefix": { - "value": "10.18.5.0/26" - }, - "mrzLogSubnetName": { - "value": "LogSubnet" - }, - "mrzLogSubnetAddressPrefix": { - "value": "10.18.5.64/26" - }, - "mrzMgmtSubnetName": { - "value": "MgmtSubnet" - }, - "mrzMgmtSubnetAddressPrefix": { - "value": "10.18.5.128/26" - }, - "rgHubName": { - "value": "pubsec-hub-networking-rg" - }, - "hubVnetName": { - "value": "hub-vnet" - }, - "hubVnetAddressPrefixRFC1918": { - "value": "10.18.0.0/22" - }, - "hubVnetAddressPrefixRFC6598": { - "value": "100.60.0.0/16" - }, - "hubVnetAddressPrefixBastion": { - "value": "192.168.0.0/16" - }, - "hubEanSubnetName": { - "value": "EanSubnet" - }, - "hubEanSubnetAddressPrefix": { - "value": "10.18.0.0/27" - }, - "hubPublicSubnetName": { - "value": "PublicSubnet" - }, - "hubPublicSubnetAddressPrefix": { - "value": "100.60.0.0/24" - }, - "hubPazSubnetName": { - "value": "PAZSubnet" - }, - "hubPazSubnetAddressPrefix": { - "value": "100.60.1.0/24" - }, - "hubDevIntSubnetName": { - "value": "DevIntSubnet" - }, - "hubDevIntSubnetAddressPrefix": { - "value": "10.18.0.64/27" - }, - "hubProdIntSubnetName": { - "value": "PrdIntSubnet" - }, - "hubProdIntSubnetAddressPrefix": { - "value": "10.18.0.32/27" - }, - "hubMrzIntSubnetName": { - "value": "MrzSubnet" - }, - "hubMrzIntSubnetAddressPrefix": { - "value": "10.18.0.96/27" - }, - "hubHASubnetName": { - "value": "HASubnet" - }, - "hubHASubnetAddressPrefix": { - "value": "10.18.0.128/28" - }, - "hubGatewaySubnetPrefix": { - "value": "10.18.1.0/27" - }, - "hubBastionSubnetAddressPrefix": { - "value": "192.168.0.0/24" - }, - "deployFirewallVMs": { - "value": false - }, - "useFortigateFW": { - "value": false - }, - "fwDevILBName": { - "value": "pubsecDevFWILB" - }, - "fwDevVMSku": { - "value": "Standard_D8s_v4" - }, - "fwDevVM1Name": { - "value": "pubsecDevFW1" - }, - "fwDevVM2Name": { - "value": "pubsecDevFW2" - }, - "fwDevILBExternalFacingIP": { - "value": "100.60.0.7" - }, - "fwDevVM1ExternalFacingIP": { - "value": "100.60.0.8" - }, - "fwDevVM2ExternalFacingIP": { - "value": "100.60.0.9" - }, - "fwDevVM1MrzIntIP": { - "value": "10.18.0.104" - }, - "fwDevVM2MrzIntIP": { - "value": "10.18.0.105" - }, - "fwDevILBDevIntIP": { - "value": "10.18.0.68" - }, - "fwDevVM1DevIntIP": { - "value": "10.18.0.69" - }, - "fwDevVM2DevIntIP": { - "value": "10.18.0.70" - }, - "fwDevVM1HAIP": { - "value": "10.18.0.134" - }, - "fwDevVM2HAIP": { - "value": "10.18.0.135" - }, - "fwProdILBName": { - "value": "pubsecProdFWILB" - }, - "fwProdVMSku": { - "value": "Standard_F8s_v2" - }, - "fwProdVM1Name": { - "value": "pubsecProdFW1" - }, - "fwProdVM2Name": { - "value": "pubsecProdFW2" - }, - "fwProdILBExternalFacingIP": { - "value": "100.60.0.4" - }, - "fwProdVM1ExternalFacingIP": { - "value": "100.60.0.5" - }, - "fwProdVM2ExternalFacingIP": { - "value": "100.60.0.6" - }, - "fwProdVM1MrzIntIP": { - "value": "10.18.0.101" - }, - "fwProdVM2MrzIntIP": { - "value": "10.18.0.102" - }, - "fwProdILBPrdIntIP": { - "value": "10.18.0.36" - }, - "fwProdVM1PrdIntIP": { - "value": "10.18.0.37" - }, - "fwProdVM2PrdIntIP": { - "value": "10.18.0.38" - }, - "fwProdVM1HAIP": { - "value": "10.18.0.132" - }, - "fwProdVM2HAIP": { - "value": "10.18.0.133" - } - } -} \ No newline at end of file diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/4f9f8765-911a-4a6d-af60-4bc0473268c0_generic-subscription_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/4f9f8765-911a-4a6d-af60-4bc0473268c0_generic-subscription_canadacentral.json deleted file mode 100644 index 066fd3ca..00000000 --- a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/4f9f8765-911a-4a6d-af60-4bc0473268c0_generic-subscription_canadacentral.json +++ /dev/null @@ -1,171 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "value": "canadacentral" - }, - "serviceHealthAlerts": { - "value": { - "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ "Incident", "Security" ], - "regions": [ "Global", "Canada East", "Canada Central" ], - "receivers": { - "app": [ "alzcanadapubsec@microsoft.com" ], - "email": [ "alzcanadapubsec@microsoft.com" ], - "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], - "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] - }, - "actionGroupName": "Sub1 ALZ action group", - "actionGroupShortName": "sub1-alert", - "alertRuleName": "Sub1 ALZ alert rule", - "alertRuleDescription": "Alert rule for Azure Landing Zone" - } - }, - "securityCenter": { - "value": { - "email": "alzcanadapubsec@microsoft.com", - "phone": "5555555555" - } - }, - "subscriptionRoleAssignments": { - "value": [ - { - "comments": "Built-in Role: Contributor", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - }, - { - "comments": "Custom Role: Landing Zone Application Owner", - "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - } - ] - }, - "subscriptionBudget": { - "value": { - "createBudget": false - } - }, - "subscriptionTags": { - "value": { - "ISSO": "isso-tag" - } - }, - "resourceTags": { - "value": { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - }, - "resourceGroups": { - "value": { - "automation": "rgAutomation2022Q1", - "networking": "rgVnet2022Q1", - "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault2022Q1" - } - }, - "automation": { - "value": { - "name": "automation" - } - }, - "backupRecoveryVault":{ - "value": { - "enabled":true, - "name":"bkupvault" - } - }, - "hubNetwork": { - "value": { - "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", - "rfc1918IPRange": "10.18.0.0/22", - "rfc6598IPRange": "100.60.0.0/16", - "egressVirtualApplianceIp": "10.18.1.4" - } - }, - "network": { - "value": { - "deployVnet": true, - "peerToHubVirtualNetwork": true, - "useRemoteGateway": false, - "name": "vnet", - "dnsServers": [ - "10.18.1.4" - ], - "addressPrefixes": [ - "10.2.0.0/16" - ], - "subnets": [ - { - "comments": "App Management Zone (OZ)", - "name": "appManagement", - "addressPrefix": "10.2.1.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - { - "comments": "Presentation Zone (PAZ)", - "name": "web", - "addressPrefix": "10.2.2.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - { - "comments": "Application Zone (RZ)", - "name": "app", - "addressPrefix": "10.2.3.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - { - "comments": "Data Zone (HRZ)", - "name": "data", - "addressPrefix": "10.2.4.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } - } - ] - } - } - } -} \ No newline at end of file diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json deleted file mode 100644 index bd9bd518..00000000 --- a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/82f7705e-3386-427b-95b7-cbed91ab29a7_healthcare_canadacentral.json +++ /dev/null @@ -1,174 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "serviceHealthAlerts": { - "value": { - "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ - "Incident", - "Security" - ], - "regions": [ - "Global", - "Canada East", - "Canada Central" - ], - "receivers": { - "app": [ - "alzcanadapubsec@microsoft.com" - ], - "email": [ - "alzcanadapubsec@microsoft.com" - ], - "sms": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ], - "voice": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ] - }, - "actionGroupName": "Sub2 ALZ action group", - "actionGroupShortName": "sub2-alert", - "alertRuleName": "Sub2 ALZ alert rule", - "alertRuleDescription": "Alert rule for Azure Landing Zone" - } - }, - "securityCenter": { - "value": { - "email": "alzcanadapubsec@microsoft.com", - "phone": "5555555555" - } - }, - "subscriptionRoleAssignments": { - "value": [ - { - "comments": "Built-in Role: Contributor", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - }, - { - "comments": "Custom Role: Landing Zone Application Owner", - "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - } - ] - }, - "subscriptionBudget": { - "value": { - "createBudget": false - } - }, - "subscriptionTags": { - "value": { - "ISSO": "isso-tag" - } - }, - "resourceTags": { - "value": { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - }, - "resourceGroups": { - "value": { - "automation": "health2022Q1Automation", - "compute": "health2022Q1Compute", - "monitor": "health2022Q1Monitor", - "networking": "health2022Q1Network", - "networkWatcher": "NetworkWatcherRG", - "security": "health2022Q1Security", - "storage": "health2022Q1Storage" - } - }, - "useCMK": { - "value": true - }, - "keyVault": { - "value": { - "secretExpiryInDays": 3650 - } - }, - "automation": { - "value": { - "name": "health2022Q1automation" - } - }, - "sqldb": { - "value": { - "enabled": true, - "sqlAuthenticationUsername": "azadmin", - "aadAuthenticationOnly": false - } - }, - "synapse": { - "value": { - "aadAuthenticationOnly": true, - "aadLoginName": "az.admins", - "aadLoginObjectID": "e0357d81-55d8-44e9-9d9c-ab09dc710785", - "aadLoginType": "Group" - } - }, - "hubNetwork": { - "value": { - "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", - "rfc1918IPRange": "10.18.0.0/22", - "rfc6598IPRange": "100.60.0.0/16", - "egressVirtualApplianceIp": "10.18.1.4", - "privateDnsManagedByHub": true, - "privateDnsManagedByHubSubscriptionId": "ed7f4eed-9010-4227-b115-2a5e37728f27", - "privateDnsManagedByHubResourceGroupName": "pubsec-dns-rg" - } - }, - "network": { - "value": { - "peerToHubVirtualNetwork": true, - "useRemoteGateway": false, - "name": "health2022Q1vnet", - "dnsServers": [ - "10.18.1.4" - ], - "addressPrefixes": [ - "10.5.0.0/16" - ], - "subnets": { - "databricksPublic": { - "comments": "Databricks Public Delegated Subnet", - "name": "databrickspublic", - "addressPrefix": "10.5.5.0/25" - }, - "databricksPrivate": { - "comments": "Databricks Private Delegated Subnet", - "name": "databricksprivate", - "addressPrefix": "10.5.6.0/25" - }, - "privateEndpoints": { - "comments": "Private Endpoints Subnet", - "name": "privateendpoints", - "addressPrefix": "10.5.7.0/25" - }, - "web": { - "comments": "Azure Web App Delegated Subnet", - "name": "webapp", - "addressPrefix": "10.5.8.0/25" - }, - "optional": [] - } - } - } - } -} \ No newline at end of file diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json deleted file mode 100644 index d0496960..00000000 --- a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json +++ /dev/null @@ -1,202 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "serviceHealthAlerts": { - "value": { - "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ - "Incident", - "Security" - ], - "regions": [ - "Global", - "Canada East", - "Canada Central" - ], - "receivers": { - "app": [ - "alzcanadapubsec@microsoft.com" - ], - "email": [ - "alzcanadapubsec@microsoft.com" - ], - "sms": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ], - "voice": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ] - }, - "actionGroupName": "Sub5 ALZ action group", - "actionGroupShortName": "sub5-alert", - "alertRuleName": "Sub5 ALZ alert rule", - "alertRuleDescription": "Alert rule for Azure Landing Zone" - } - }, - "securityCenter": { - "value": { - "email": "alzcanadapubsec@microsoft.com", - "phone": "5555555555" - } - }, - "subscriptionRoleAssignments": { - "value": [ - { - "comments": "Built-in Role: Contributor", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - } - ] - }, - "subscriptionBudget": { - "value": { - "createBudget": false - } - }, - "subscriptionTags": { - "value": { - "ISSO": "isso-tag" - } - }, - "resourceTags": { - "value": { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - }, - "resourceGroups": { - "value": { - "automation": "azmlsqlauth2022Q1Automation", - "compute": "azmlsqlauth2022Q1Compute", - "monitor": "azmlsqlauth2022Q1Monitor", - "networking": "azmlsqlauth2022Q1Network", - "networkWatcher": "NetworkWatcherRG", - "security": "azmlsqlauth2022Q1Security", - "storage": "azmlsqlauth2022Q1Storage" - } - }, - "useCMK": { - "value": false - }, - "automation": { - "value": { - "name": "azmlsqlauth2022Q1automation" - } - }, - "keyVault": { - "value": { - "secretExpiryInDays": 3650 - } - }, - "aks": { - "value": { - "version": "1.22.6", - "enabled": true, - "networkPlugin": "kubenet", - "networkPolicy": "calico", - "podCidr": "11.0.0.0/16", - "serviceCidr": "20.0.0.0/16", - "dnsServiceIP": "20.0.0.10", - "dockerBridgeCidr": "30.0.0.1/16" - } - }, - "appServiceLinuxContainer": { - "value": { - "enabled": true, - "skuName": "P1V2", - "skuTier": "Premium", - "enablePrivateEndpoint": true - } - }, - "sqldb": { - "value": { - "enabled": true, - "sqlAuthenticationUsername": "azadmin", - "aadAuthenticationOnly": false, - "aadLoginName": "DBA Security Group", - "aadLoginObjectID": "e0357d81-55d8-44e9-9d9c-ab09dc710785", - "aadLoginType": "Group" - } - }, - "sqlmi": { - "value": { - "enabled": false - } - }, - "aml": { - "value": { - "enableHbiWorkspace": false - } - }, - "hubNetwork": { - "value": { - "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", - "rfc1918IPRange": "10.18.0.0/22", - "rfc6598IPRange": "100.60.0.0/16", - "egressVirtualApplianceIp": "10.18.1.4", - "privateDnsManagedByHub": true, - "privateDnsManagedByHubSubscriptionId": "ed7f4eed-9010-4227-b115-2a5e37728f27", - "privateDnsManagedByHubResourceGroupName": "pubsec-dns-rg" - } - }, - "network": { - "value": { - "peerToHubVirtualNetwork": true, - "useRemoteGateway": false, - "name": "azmlsqlauth2022Q1vnet", - "dnsServers": [ - "10.18.1.4" - ], - "addressPrefixes": [ - "10.6.0.0/16" - ], - "subnets": { - "sqlmi": { - "comments": "SQL Managed Instances Delegated Subnet", - "name": "sqlmi", - "addressPrefix": "10.6.5.0/25" - }, - "databricksPublic": { - "comments": "Databricks Public Delegated Subnet", - "name": "databrickspublic", - "addressPrefix": "10.6.6.0/25" - }, - "databricksPrivate": { - "comments": "Databricks Private Delegated Subnet", - "name": "databricksprivate", - "addressPrefix": "10.6.7.0/25" - }, - "privateEndpoints": { - "comments": "Private Endpoints Subnet", - "name": "privateendpoints", - "addressPrefix": "10.6.8.0/25" - }, - "aks": { - "comments": "AKS Subnet", - "name": "aks", - "addressPrefix": "10.6.9.0/25" - }, - "appService": { - "comments": "App Service Subnet", - "name": "appService", - "addressPrefix": "10.6.10.0/25" - }, - "optional": [] - } - } - } - } -} \ No newline at end of file diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json deleted file mode 100644 index 91a6bcac..00000000 --- a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json +++ /dev/null @@ -1,185 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "serviceHealthAlerts": { - "value": { - "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ "Incident", "Security" ], - "regions": [ "Global", "Canada East", "Canada Central" ], - "receivers": { - "app": [ "alzcanadapubsec@microsoft.com" ], - "email": [ "alzcanadapubsec@microsoft.com" ], - "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], - "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] - }, - "actionGroupName": "Sub3 ALZ action group", - "actionGroupShortName": "sub3-alert", - "alertRuleName": "Sub3 ALZ alert rule", - "alertRuleDescription": "Alert rule for Azure Landing Zone" - } - }, - "securityCenter": { - "value": { - "email": "alzcanadapubsec@microsoft.com", - "phone": "5555555555" - } - }, - "subscriptionRoleAssignments": { - "value": [ - { - "comments": "Built-in Role: Contributor", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - }, - { - "comments": "Custom Role: Landing Zone Application Owner", - "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - } - ] - }, - "subscriptionBudget": { - "value": { - "createBudget": false - } - }, - "subscriptionTags": { - "value": { - "ISSO": "isso-tag" - } - }, - "resourceTags": { - "value": { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - }, - "resourceGroups": { - "value": { - "automation": "azmlcmk2022Q1Automation", - "compute": "azmlcmk2022Q1Compute", - "monitor": "azmlcmk2022Q1Monitor", - "networking": "azmlcmk2022Q1Network", - "networkWatcher": "NetworkWatcherRG", - "security": "azmlcmk2022Q1Security", - "storage": "azmlcmk2022Q1Storage" - } - }, - "useCMK": { - "value": true - }, - "automation": { - "value": { - "name": "azmlcmk2022Q1automation" - } - }, - "keyVault": { - "value": { - "secretExpiryInDays": 3650 - } - }, - "aks": { - "value": { - "version": "1.22.6", - "enabled": true, - "networkPlugin": "kubenet" , - "networkPolicy": "calico", - "podCidr": "11.0.0.0/16", - "serviceCidr": "20.0.0.0/16" , - "dnsServiceIP": "20.0.0.10", - "dockerBridgeCidr": "30.0.0.1/16" - } - }, - "appServiceLinuxContainer": { - "value": { - "enabled": true, - "skuName": "P1V2", - "skuTier": "Premium", - "enablePrivateEndpoint": true - } - }, - "sqldb": { - "value": { - "enabled": true, - "sqlAuthenticationUsername": "azadmin", - "aadAuthenticationOnly":false - } - }, - "sqlmi": { - "value": { - "enabled": false - } - }, - "aml": { - "value": { - "enableHbiWorkspace": false - } - }, - "hubNetwork": { - "value": { - "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", - "rfc1918IPRange": "10.18.0.0/22", - "rfc6598IPRange": "100.60.0.0/16", - "egressVirtualApplianceIp": "10.18.1.4", - "privateDnsManagedByHub": true, - "privateDnsManagedByHubSubscriptionId": "ed7f4eed-9010-4227-b115-2a5e37728f27", - "privateDnsManagedByHubResourceGroupName": "pubsec-dns-rg" - } - }, - "network": { - "value": { - "peerToHubVirtualNetwork": true, - "useRemoteGateway": false, - "name": "azmlcmk2022Q1vnet", - "dnsServers": [ - "10.18.1.4" - ], - "addressPrefixes": [ - "10.1.0.0/16" - ], - "subnets": { - "sqlmi": { - "comments": "SQL Managed Instances Delegated Subnet", - "name": "sqlmi", - "addressPrefix": "10.1.5.0/25" - }, - "databricksPublic": { - "comments": "Databricks Public Delegated Subnet", - "name": "databrickspublic", - "addressPrefix": "10.1.6.0/25" - }, - "databricksPrivate": { - "comments": "Databricks Private Delegated Subnet", - "name": "databricksprivate", - "addressPrefix": "10.1.7.0/25" - }, - "privateEndpoints": { - "comments": "Private Endpoints Subnet", - "name": "privateendpoints", - "addressPrefix": "10.1.8.0/25" - }, - "aks": { - "comments": "AKS Subnet", - "name": "aks", - "addressPrefix": "10.1.9.0/25" - }, - "appService": { - "comments": "App Service Subnet", - "name": "appService", - "addressPrefix": "10.1.10.0/25" - }, - "optional": [] - } - } - } - } -} \ No newline at end of file diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json deleted file mode 100644 index be16832c..00000000 --- a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json +++ /dev/null @@ -1,185 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "serviceHealthAlerts": { - "value": { - "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ "Incident", "Security" ], - "regions": [ "Global", "Canada East", "Canada Central" ], - "receivers": { - "app": [ "alzcanadapubsec@microsoft.com" ], - "email": [ "alzcanadapubsec@microsoft.com" ], - "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], - "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] - }, - "actionGroupName": "Sub4 ALZ action group", - "actionGroupShortName": "sub4-alert", - "alertRuleName": "Sub4 ALZ alert rule", - "alertRuleDescription": "Alert rule for Azure Landing Zone" - } - }, - "securityCenter": { - "value": { - "email": "alzcanadapubsec@microsoft.com", - "phone": "5555555555" - } - }, - "subscriptionRoleAssignments": { - "value": [ - { - "comments": "Built-in Role: Contributor", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - }, - { - "comments": "Custom Role: Landing Zone Application Owner", - "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - } - ] - }, - "subscriptionBudget": { - "value": { - "createBudget": false - } - }, - "subscriptionTags": { - "value": { - "ISSO": "isso-tag" - } - }, - "resourceTags": { - "value": { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - }, - "resourceGroups": { - "value": { - "automation": "azmlnocmk2022Q1Automation", - "compute": "azmlnocmk2022Q1Compute", - "monitor": "azmlnocmk2022Q1Monitor", - "networking": "azmlnocmk2022Q1Network", - "networkWatcher": "NetworkWatcherRG", - "security": "azmlnocmk2022Q1Security", - "storage": "azmlnocmk2022Q1Storage" - } - }, - "useCMK": { - "value": false - }, - "automation": { - "value": { - "name": "azmlnocmk2022Q1automation" - } - }, - "keyVault": { - "value": { - "secretExpiryInDays": 3650 - } - }, - "aks": { - "value": { - "version": "1.22.6", - "enabled": true, - "networkPlugin": "kubenet" , - "networkPolicy": "calico", - "podCidr": "11.0.0.0/16", - "serviceCidr": "20.0.0.0/16" , - "dnsServiceIP": "20.0.0.10", - "dockerBridgeCidr": "30.0.0.1/16" - } - }, - "appServiceLinuxContainer": { - "value": { - "enabled": true, - "skuName": "P1V2", - "skuTier": "Premium", - "enablePrivateEndpoint": true - } - }, - "sqldb": { - "value": { - "enabled": true, - "sqlAuthenticationUsername": "azadmin", - "aadAuthenticationOnly":false - } - }, - "sqlmi": { - "value": { - "enabled": false - } - }, - "aml": { - "value": { - "enableHbiWorkspace": false - } - }, - "hubNetwork": { - "value": { - "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", - "rfc1918IPRange": "10.18.0.0/22", - "rfc6598IPRange": "100.60.0.0/16", - "egressVirtualApplianceIp": "10.18.1.4", - "privateDnsManagedByHub": true, - "privateDnsManagedByHubSubscriptionId": "ed7f4eed-9010-4227-b115-2a5e37728f27", - "privateDnsManagedByHubResourceGroupName": "pubsec-dns-rg" - } - }, - "network": { - "value": { - "peerToHubVirtualNetwork": true, - "useRemoteGateway": false, - "name": "azmlnocmk2022Q1vnet", - "dnsServers": [ - "10.18.1.4" - ], - "addressPrefixes": [ - "10.3.0.0/16" - ], - "subnets": { - "sqlmi": { - "comments": "SQL Managed Instances Delegated Subnet", - "name": "sqlmi", - "addressPrefix": "10.3.5.0/25" - }, - "databricksPublic": { - "comments": "Databricks Public Delegated Subnet", - "name": "databrickspublic", - "addressPrefix": "10.3.6.0/25" - }, - "databricksPrivate": { - "comments": "Databricks Private Delegated Subnet", - "name": "databricksprivate", - "addressPrefix": "10.3.7.0/25" - }, - "privateEndpoints": { - "comments": "Private Endpoints Subnet", - "name": "privateendpoints", - "addressPrefix": "10.3.8.0/25" - }, - "aks": { - "comments": "AKS Subnet", - "name": "aks", - "addressPrefix": "10.3.9.0/25" - }, - "appService": { - "comments": "App Service Subnet", - "name": "appService", - "addressPrefix": "10.3.10.0/25" - }, - "optional": [] - } - } - } - } -} \ No newline at end of file diff --git a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json b/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json deleted file mode 100644 index 9b7dbb5d..00000000 --- a/config/subscriptions/CanadaESLZ-archetypeNetworking/pubsec/LandingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json +++ /dev/null @@ -1,186 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "serviceHealthAlerts": { - "value": { - "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ "Incident", "Security" ], - "regions": [ "Global", "Canada East", "Canada Central" ], - "receivers": { - "app": [ "alzcanadapubsec@microsoft.com" ], - "email": [ "alzcanadapubsec@microsoft.com" ], - "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], - "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] - }, - "actionGroupName": "Sub5 ALZ action group", - "actionGroupShortName": "sub5-alert", - "alertRuleName": "Sub5 ALZ alert rule", - "alertRuleDescription": "Alert rule for Azure Landing Zone" - } - }, - "securityCenter": { - "value": { - "email": "alzcanadapubsec@microsoft.com", - "phone": "5555555555" - } - }, - "subscriptionRoleAssignments": { - "value": [ - { - "comments": "Built-in Role: Contributor", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - }, - { - "comments": "Custom Role: Landing Zone Application Owner", - "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - } - ] - }, - "subscriptionBudget": { - "value": { - "createBudget": false - } - }, - "subscriptionTags": { - "value": { - "ISSO": "isso-tag" - } - }, - "resourceTags": { - "value": { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - }, - "resourceGroups": { - "value": { - "automation": "azmlcmksqlmi2022Q1Automation", - "compute": "azmlcmksqlmi2022Q1Compute", - "monitor": "azmlcmksqlmi2022Q1Monitor", - "networking": "azmlcmksqlmi2022Q1Network", - "networkWatcher": "NetworkWatcherRG", - "security": "azmlcmksqlmi2022Q1Security", - "storage": "azmlcmksqlmi2022Q1Storage" - } - }, - "useCMK": { - "value": true - }, - "automation": { - "value": { - "name": "azmlcmksqlmi2022Q1automation" - } - }, - "keyVault": { - "value": { - "secretExpiryInDays": 3650 - } - }, - "aks": { - "value": { - "version": "1.22.6", - "enabled": true, - "networkPlugin": "kubenet" , - "networkPolicy": "calico", - "podCidr": "11.0.0.0/16", - "serviceCidr": "20.0.0.0/16" , - "dnsServiceIP": "20.0.0.10", - "dockerBridgeCidr": "30.0.0.1/16" - } - }, - "appServiceLinuxContainer": { - "value": { - "enabled": true, - "skuName": "P1V2", - "skuTier": "Premium", - "enablePrivateEndpoint": true - } - }, - "sqldb": { - "value": { - "enabled": true, - "sqlAuthenticationUsername": "azadmin", - "aadAuthenticationOnly":false - } - }, - "sqlmi": { - "value": { - "enabled": true, - "username": "azadmin" - } - }, - "aml": { - "value": { - "enableHbiWorkspace": false - } - }, - "hubNetwork": { - "value": { - "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", - "rfc1918IPRange": "10.18.0.0/22", - "rfc6598IPRange": "100.60.0.0/16", - "egressVirtualApplianceIp": "10.18.1.4", - "privateDnsManagedByHub": true, - "privateDnsManagedByHubSubscriptionId": "ed7f4eed-9010-4227-b115-2a5e37728f27", - "privateDnsManagedByHubResourceGroupName": "pubsec-dns-rg" - } - }, - "network": { - "value": { - "peerToHubVirtualNetwork": true, - "useRemoteGateway": false, - "name": "azmlcmksqlmi2022Q1vnet", - "dnsServers": [ - "10.18.1.4" - ], - "addressPrefixes": [ - "10.4.0.0/16" - ], - "subnets": { - "sqlmi": { - "comments": "SQL Managed Instances Delegated Subnet", - "name": "sqlmi", - "addressPrefix": "10.4.5.0/25" - }, - "databricksPublic": { - "comments": "Databricks Public Delegated Subnet", - "name": "databrickspublic", - "addressPrefix": "10.4.6.0/25" - }, - "databricksPrivate": { - "comments": "Databricks Private Delegated Subnet", - "name": "databricksprivate", - "addressPrefix": "10.4.7.0/25" - }, - "privateEndpoints": { - "comments": "Private Endpoints Subnet", - "name": "privateendpoints", - "addressPrefix": "10.4.8.0/25" - }, - "aks": { - "comments": "AKS Subnet", - "name": "aks", - "addressPrefix": "10.4.9.0/25" - }, - "appService": { - "comments": "App Service Subnet", - "name": "appService", - "addressPrefix": "10.4.10.0/25" - }, - "optional": [] - } - } - } - } -} \ No newline at end of file diff --git a/config/variables/CanadaESLZ-archetypeNetworking.yml b/config/variables/CanadaESLZ-archetypeNetworking.yml deleted file mode 100644 index 0d22f73e..00000000 --- a/config/variables/CanadaESLZ-archetypeNetworking.yml +++ /dev/null @@ -1,79 +0,0 @@ -# ---------------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT license. -# -# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. -# ---------------------------------------------------------------------------------- - -# Environment YAML files can be used to supplement -# the variables specified in 'config/variables/common.yml'. You can: -# * Override existing common-vars.yml variable value settings, and -# * Create new variable values not present in common-vars.yml -# -# The naming convention for these YAML files is: -# {organization}-{branch}.yml -# -# where {organization} is the organization variable from the -# common.yml file -# and {branch} is the Azure Repos branch name used by the -# currently executing pipeline. - -variables: - - # Management Groups - var-managementgroup-hierarchy: > - { - "name": "Tenant Root Group", - "id": "343ddfdb-bef5-46d9-99cf-ed67d5948783", - "children": [ - { - "name": "Azure Landing Zones for Canadian Public Sector", - "id": "pubsec", - "children": [ - { - "name": "Platform", "id": "pubsecPlatform", - "children": [ - { "name": "Identity", "id": "pubsecPlatformIdentity", "children": [] }, - { "name": "Connectivity", "id": "pubsecPlatformConnectivity", "children": [] }, - { "name": "Management", "id": "pubsecPlatformManagement", "children": [] } - ] - }, - { - "name": "LandingZones", "id": "pubsecLandingZones", - "children": [ - { "name": "DevTest", "id": "pubsecLandingZonesDevTest", "children": [] }, - { "name": "QA", "id": "pubsecLandingZonesQA", "children": [] }, - { "name": "Prod", "id": "pubsecLandingZonesProd", "children": [] } - ] - }, - { - "name": "Sandbox", "id": "pubsecSandbox", - "children": [] - } - ] - } - ] - } - - # Logging - var-logging-region: $(deploymentRegion) - var-logging-managementGroupId: pubsecPlatformManagement - var-logging-subscriptionId: bc0a4f9f-07fa-4284-b1bd-fbad38578d3a - var-logging-configurationFileName: logging.parameters.json - - ## This parameter is only used for HIPAA/HITRUST Policy Assignment - var-logging-diagnosticSettingsforNetworkSecurityGroupsStoragePrefix: pubsecnsg - - # Hub Networking - var-hubnetwork-region: $(deploymentRegion) - var-hubnetwork-managementGroupId: pubsecPlatformConnectivity - var-hubnetwork-subscriptionId: ed7f4eed-9010-4227-b115-2a5e37728f27 - - ## Hub Network configuration using Azure Firewall - required when Azure Firewall is used - var-hubnetwork-azfwPolicy-configurationFileName: hub-azfw-policy/azure-firewall-policy.parameters.json - var-hubnetwork-azfw-configurationFileName: hub-azfw/hub-network.parameters.json - - ## Hub Network configuration using Network Virtual Appliance (NVA) - required when Network Virtual Appliance (NVA) like Fortigate Firewalls are used - var-hubnetwork-nva-configurationFileName: hub-nva/hub-network.parameters.json \ No newline at end of file