-
Notifications
You must be signed in to change notification settings - Fork 110
/
main.parameters.jsonc
125 lines (125 loc) · 5.58 KB
/
main.parameters.jsonc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
// max length: 10. Suffix that will be used to name the resources in a pattern like <resourceAbbreviation>-<workloadName>
"workloadName": {
"value": "merge-ase"
// "value": "merge-mul"
},
//Required. The name of the environmentName (e.g. "dev", "test", "prod", "preprod", "staging", "uat", "dr", "qa"). Up to 8 characters long.
"environmentName": {
"value": "dev"
},
//Optional, default is false. Set to true if you want to deploy ASE v3 instead of Multitenant App Service Plan.
"deployAseV3": {
"value": false
},
//If empty, then a new hub will be deployed. If given, no new hub will be created and we create the peering between spoke and and existing hub vnet
"vnetHubResourceId": {
"value": ""
},
//If vnetHubResourceId empty, this value is irrelevant. If vnetHubResourceId has value and we need UDR, then the internal IP of the azFW needs to be set. Otherwise no UDR will be created
"firewallInternalIp": {
"value": "10.242.0.4"
},
"vnetHubAddressSpace": {
"value": "10.242.0.0/20"
},
// Feature Flags
// set to true if you want to intercept all outbound traffic with azure firewall
"enableEgressLockdown": {
"value": true
},
// set to true if you want to a redis cache
"deployRedis": {
"value": false
},
// set to true if you want to deploy a azure SQL server and default database
"deployAzureSql": {
"value": false
},
// set to true if you want to deploy application configuration
"deployAppConfig": {
"value": false
},
// set to true if you want to deploy a jumpbox/devops VM
"deployJumpHost": {
"value": false
},
// Deploy (or not) an Azure OpenAI account. ATTENTION: At the time of writing , OpenAI is in preview and only available in limited regions: look here: https://learn.microsoft.com/azure/ai-services/openai/chatgpt-quickstart#prerequisites
"deployOpenAi": {
"value": false
},
// set to true if you want to auto approve the Private Endpoint of the AFD Premium
"autoApproveAfdPrivateEndpoint": {
"value": false
},
// CIDR of the subnet that will host the azure Firewall
"subnetHubFirewallAddressSpace": {
"value": "10.242.0.0/26" // "10.242.0.0/26"
},
// CIDR to use for the AzureFirewallManagementSubnet, which is required by AzFW Basic
"subnetHubFirewallManagementAddressSpace": {
"value": "10.242.0.64/26" //
},
// CIDR of the subnet that will host the Bastion Service
"subnetHubBastionAddressSpace": {
"value": "10.242.0.128/26" // "10.242.0.64/26"
},
//CIDR of the spoke vnet that will hold the app services plan and the rest supporting services (and their private endpoints)
"vnetSpokeAddressSpace": {
"value": "10.240.0.0/20"
},
//CIDR of the subnet that will hold the app services plan. ATTENTION: ASEv3 needs a /24 network
"subnetSpokeAppSvcAddressSpace": {
"value": "10.240.0.0/26"
},
// //CIDRof the subnet that will hold the private link for the AFD Premium
// "subnetSpokeAfdIngressAddressSpace": {
// "value": "10.240.0.64/26"
// },
//CIDR of the subnet that will hold devOps agents etc
"subnetSpokeDevOpsAddressSpace": {
"value": "10.240.10.128/26"
},
//CIDR of the subnet that will hold the private endpoints of the supporting services
"subnetSpokePrivateEndpointAddressSpace": {
"value": "10.240.11.0/24"
},
// Defines the name, tier, size, family and capacity of the App Service Plan. Plans ending to _AZ, are deploying at least three instances in three Availability Zones. EP* is only for functions'
// select one from: 'S1', 'S2', 'S3', 'P1V3', 'P2V3', 'P3V3', 'P1V3_AZ', 'P2V3_AZ', 'P3V3_AZ', 'EP1', 'EP2', 'EP3', 'ASE_I1V2_AZ', 'ASE_I2V2_AZ', 'ASE_I3V2_AZ', 'ASE_I1V2', 'ASE_I2V2', 'ASE_I3V2'
"webAppPlanSku": {
"value": "S1"
},
// two options: Windows or Linux
"webAppBaseOs": {
"value": "Windows"
},
// admin username of the VM agent deployed in the Spoke
"adminUsername": {
"value": "azureuser"
},
// admin password of the VM agent deployed in the Spoke
"adminPassword": {
"value": "strongpassword"
},
//Resource tags that we might need to add to all resources (i.e. Environment, Cost center, application name etc)
"resourceTags": {
"value": {
"deployment": "bicep"
}
},
// The Microsoft Entra ID administrator group used for SQL Server authentication
"sqlServerAdministrators": {
"value": {
// Microsoft Entra group where your Azure administrators are members
"login": "Microsoft Entra SQL Admins",
// Microsoft Entra object ID of the group
"sid": "xxx-xxxx-xxxx-xxxx",
// Microsoft Entra tenant ID where the group is located
"tenantId": "xxxx-xxxxxx-xxxxx-xxxxx-xxx"
}
}
}
}