Updated bastion & firewall to default with IP

modules/network/azure-firewall/.test/custompip/main.test.bicep

@@ -68,6 +68,7 @@ module testDeployment '../../main.bicep' = {
  publicIPAddressObject: {
  name: 'new-${namePrefix}-pip-${serviceShort}'
  publicIPAllocationMethod: 'Static'
+ publicIPPrefixResourceId: ''
  roleAssignments: [
  {
  roleDefinitionIdOrName: 'Reader'

modules/network/azure-firewall/README.md

@@ -469,6 +469,7 @@ module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = {
  ]
  name: 'new-pip-nafcstpip'
  publicIPAllocationMethod: 'Static'
+ publicIPPrefixResourceId: ''
  roleAssignments: [
  {
  principalId: '<principalId>'
@@ -527,6 +528,7 @@ module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = {
  ],
  "name": "new-pip-nafcstpip",
  "publicIPAllocationMethod": "Static",
+ "publicIPPrefixResourceId": "",
  "roleAssignments": [
  {
  "principalId": "<principalId>",
@@ -778,7 +780,7 @@ module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = {
 | [`managementIPResourceID`](#parameter-managementipresourceid) | string | The Management Public IP resource ID to associate to the AzureFirewallManagementSubnet. If empty, then the Management Public IP that is created as part of this module will be applied to the AzureFirewallManagementSubnet. |
 | [`natRuleCollections`](#parameter-natrulecollections) | array | Collection of NAT rule collections used by Azure Firewall. |
 | [`networkRuleCollections`](#parameter-networkrulecollections) | array | Collection of network rule collections used by Azure Firewall. |
-| [`publicIPAddressObject`](#parameter-publicipaddressobject) | object | Specifies the properties of the Public IP to create and be used by Azure Firewall. If it's not provided and publicIPResourceID is empty, a '-pip' suffix will be appended to the Firewall's name. |
+| [`publicIPAddressObject`](#parameter-publicipaddressobject) | object | Specifies the properties of the Public IP to create and be used by the Firewall, if no existing public IP was provided. |
 | [`publicIPResourceID`](#parameter-publicipresourceid) | string | The Public IP resource ID to associate to the AzureFirewallSubnet. If empty, then the Public IP that is created as part of this module will be applied to the AzureFirewallSubnet. |
 | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
 | [`tags`](#parameter-tags) | object | Tags of the Azure Firewall resource. |
@@ -1013,7 +1015,7 @@ Collection of network rule collections used by Azure Firewall.
 
 ### Parameter: `publicIPAddressObject`
 
-Specifies the properties of the Public IP to create and be used by Azure Firewall. If it's not provided and publicIPResourceID is empty, a '-pip' suffix will be appended to the Firewall's name.
+Specifies the properties of the Public IP to create and be used by the Firewall, if no existing public IP was provided.
 - Required: No
 - Type: object
 - Default: `{object}`

modules/network/azure-firewall/main.bicep

@@ -22,8 +22,10 @@ param publicIPResourceID string = ''
 @description('Optional. This is to add any additional Public IP configurations on top of the Public IP with subnet IP configuration.')
 param additionalPublicIpConfigurations array = []
 
-@description('Optional. Specifies the properties of the Public IP to create and be used by Azure Firewall. If it\'s not provided and publicIPResourceID is empty, a \'-pip\' suffix will be appended to the Firewall\'s name.')
-param publicIPAddressObject object = {}
+@description('Optional. Specifies the properties of the Public IP to create and be used by the Firewall, if no existing public IP was provided.')
+param publicIPAddressObject object = {
+ name: '${name}-pip'
+}
 
 @description('Optional. The Management Public IP resource ID to associate to the AzureFirewallManagementSubnet. If empty, then the Management Public IP that is created as part of this module will be applied to the AzureFirewallManagementSubnet.')
 param managementIPResourceID string = ''
@@ -159,11 +161,10 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
  }
 }
 
-// create a Public IP address if one is not provided and the flag is true
-module publicIPAddress '../../network/public-ip-address/main.bicep' = if (!empty(publicIPAddressObject) && azureSkuName == 'AZFW_VNet') {
+module publicIPAddress '../../network/public-ip-address/main.bicep' = if (empty(publicIPResourceID) && azureSkuName == 'AZFW_VNet') {
  name: '${uniqueString(deployment().name, location)}-Firewall-PIP'
  params: {
- name: contains(publicIPAddressObject, 'name') ? (!(empty(publicIPAddressObject.name)) ? publicIPAddressObject.name : '${name}-pip') : '${name}-pip'
+ name: publicIPAddressObject.name
  publicIPPrefixResourceId: contains(publicIPAddressObject, 'publicIPPrefixResourceId') ? (!(empty(publicIPAddressObject.publicIPPrefixResourceId)) ? publicIPAddressObject.publicIPPrefixResourceId : '') : ''
  publicIPAllocationMethod: contains(publicIPAddressObject, 'publicIPAllocationMethod') ? (!(empty(publicIPAddressObject.publicIPAllocationMethod)) ? publicIPAddressObject.publicIPAllocationMethod : 'Static') : 'Static'
  skuName: contains(publicIPAddressObject, 'skuName') ? (!(empty(publicIPAddressObject.skuName)) ? publicIPAddressObject.skuName : 'Standard') : 'Standard'
@@ -228,10 +229,6 @@ resource azureFirewall 'Microsoft.Network/azureFirewalls@2023-04-01' = {
  id: virtualHubId
  } : null
  }
- dependsOn: [
- publicIPAddress
- managementIPAddress
- ]
 }
 
 resource azureFirewall_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {

modules/network/azure-firewall/main.json

@@ -6,7 +6,7 @@
  "_generator": {
  "name": "bicep",
  "version": "0.22.6.54827",
- "templateHash": "9184001771441710362"
+ "templateHash": "3800476164049795980"
  },
  "name": "Azure Firewalls",
  "description": "This module deploys an Azure Firewall.",
@@ -253,9 +253,11 @@
  },
  "publicIPAddressObject": {
  "type": "object",
- "defaultValue": {},
+ "defaultValue": {
+ "name": "[format('{0}-pip', parameters('name'))]"
+ },
  "metadata": {
- "description": "Optional. Specifies the properties of the Public IP to create and be used by Azure Firewall. If it's not provided and publicIPResourceID is empty, a '-pip' suffix will be appended to the Firewall's name."
+ "description": "Optional. Specifies the properties of the Public IP to create and be used by the Firewall, if no existing public IP was provided."
  }
  },
  "managementIPResourceID": {
@@ -490,7 +492,7 @@
  ]
  },
  "publicIPAddress": {
- "condition": "[and(not(empty(parameters('publicIPAddressObject'))), equals(variables('azureSkuName'), 'AZFW_VNet'))]",
+ "condition": "[and(empty(parameters('publicIPResourceID')), equals(variables('azureSkuName'), 'AZFW_VNet'))]",
  "type": "Microsoft.Resources/deployments",
  "apiVersion": "2022-09-01",
  "name": "[format('{0}-Firewall-PIP', uniqueString(deployment().name, parameters('location')))]",
@@ -500,7 +502,9 @@
  },
  "mode": "Incremental",
  "parameters": {
- "name": "[if(contains(parameters('publicIPAddressObject'), 'name'), if(not(empty(parameters('publicIPAddressObject').name)), createObject('value', parameters('publicIPAddressObject').name), createObject('value', format('{0}-pip', parameters('name')))), createObject('value', format('{0}-pip', parameters('name'))))]",
+ "name": {
+ "value": "[parameters('publicIPAddressObject').name]"
+ },
  "publicIPPrefixResourceId": "[if(contains(parameters('publicIPAddressObject'), 'publicIPPrefixResourceId'), if(not(empty(parameters('publicIPAddressObject').publicIPPrefixResourceId)), createObject('value', parameters('publicIPAddressObject').publicIPPrefixResourceId), createObject('value', '')), createObject('value', ''))]",
  "publicIPAllocationMethod": "[if(contains(parameters('publicIPAddressObject'), 'publicIPAllocationMethod'), if(not(empty(parameters('publicIPAddressObject').publicIPAllocationMethod)), createObject('value', parameters('publicIPAddressObject').publicIPAllocationMethod), createObject('value', 'Static')), createObject('value', 'Static'))]",
  "skuName": "[if(contains(parameters('publicIPAddressObject'), 'skuName'), if(not(empty(parameters('publicIPAddressObject').skuName)), createObject('value', parameters('publicIPAddressObject').skuName), createObject('value', 'Standard')), createObject('value', 'Standard'))]",

modules/network/bastion-host/README.md

@@ -375,7 +375,7 @@ module bastionHost 'br:bicep/modules/network.bastion-host:1.0.0' = {
 | [`enableShareableLink`](#parameter-enableshareablelink) | bool | Choose to disable or enable Shareable Link. |
 | [`location`](#parameter-location) | string | Location for all resources. |
 | [`lock`](#parameter-lock) | object | The lock settings of the service. |
-| [`publicIPAddressObject`](#parameter-publicipaddressobject) | object | Specifies the properties of the Public IP to create and be used by Azure Bastion. If it's not provided and publicIPAddressResourceId is empty, a '-pip' suffix will be appended to the Bastion's name. |
+| [`publicIPAddressObject`](#parameter-publicipaddressobject) | object | Specifies the properties of the Public IP to create and be used by Azure Bastion, if no existing public IP was provided. |
 | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
 | [`scaleUnits`](#parameter-scaleunits) | int | The scale units for the Bastion Host resource. |
 | [`skuName`](#parameter-skuname) | string | The SKU of this Bastion Host. |
@@ -567,7 +567,7 @@ Name of the Azure Bastion resource.
 
 ### Parameter: `publicIPAddressObject`
 
-Specifies the properties of the Public IP to create and be used by Azure Bastion. If it's not provided and publicIPAddressResourceId is empty, a '-pip' suffix will be appended to the Bastion's name.
+Specifies the properties of the Public IP to create and be used by Azure Bastion, if no existing public IP was provided.
 - Required: No
 - Type: object
 - Default: `{object}`