From 6b6e7402ba84bc478e5e0f3ed0865b4b2a508acc Mon Sep 17 00:00:00 2001
From: Vidya Bala <vidbala@microsoft.com>
Date: Fri, 19 Nov 2021 12:23:15 -0500
Subject: [PATCH] Remove default NSG rules for 22 and 3389 from Bicep
 deployment (#538)

* Modify NSG in hub Resource Group #443

* GitHub Action: Build Bicep to JSON

Co-authored-by: github-actions <github-actions@github.com>
---
 src/bicep/mlz.bicep | 31 +------------------------------
 src/bicep/mlz.json  | 31 +------------------------------
 2 files changed, 2 insertions(+), 60 deletions(-)

diff --git a/src/bicep/mlz.bicep b/src/bicep/mlz.bicep
index aa0b50d41..3a28d1015 100644
--- a/src/bicep/mlz.bicep
+++ b/src/bicep/mlz.bicep
@@ -325,36 +325,7 @@ param hubSubnetAddressPrefix string = '10.0.100.128/27'
 param hubVirtualNetworkDiagnosticsLogs array = []
 param hubVirtualNetworkDiagnosticsMetrics array = []
 param hubNetworkSecurityGroupName string = 'hub-nsg'
-param hubNetworkSecurityGroupRules array = [
-  {
-    name: 'allow_ssh'
-    properties: {
-      description: 'Allow SSH access from anywhere'
-      access: 'Allow'
-      priority: 100
-      protocol: 'Tcp'
-      direction: 'Inbound'
-      sourcePortRange: '*'
-      sourceAddressPrefix: '*'
-      destinationPortRange: '22'
-      destinationAddressPrefix: '*'
-    }
-  }
-  {
-    name: 'allow_rdp'
-    properties: {
-      description: 'Allow RDP access from anywhere'
-      access: 'Allow'
-      priority: 200
-      protocol: 'Tcp'
-      direction: 'Inbound'
-      sourcePortRange: '*'
-      sourceAddressPrefix: '*'
-      destinationPortRange: '3389'
-      destinationAddressPrefix: '*'
-    }
-  }
-]
+param hubNetworkSecurityGroupRules array = []
 param hubNetworkSecurityGroupDiagnosticsLogs array = [
   {
     category: 'NetworkSecurityGroupEvent'
diff --git a/src/bicep/mlz.json b/src/bicep/mlz.json
index 77938fd74..b6e5ed9b2 100644
--- a/src/bicep/mlz.json
+++ b/src/bicep/mlz.json
@@ -80,36 +80,7 @@
     },
     "hubNetworkSecurityGroupRules": {
       "type": "array",
-      "defaultValue": [
-        {
-          "name": "allow_ssh",
-          "properties": {
-            "description": "Allow SSH access from anywhere",
-            "access": "Allow",
-            "priority": 100,
-            "protocol": "Tcp",
-            "direction": "Inbound",
-            "sourcePortRange": "*",
-            "sourceAddressPrefix": "*",
-            "destinationPortRange": "22",
-            "destinationAddressPrefix": "*"
-          }
-        },
-        {
-          "name": "allow_rdp",
-          "properties": {
-            "description": "Allow RDP access from anywhere",
-            "access": "Allow",
-            "priority": 200,
-            "protocol": "Tcp",
-            "direction": "Inbound",
-            "sourcePortRange": "*",
-            "sourceAddressPrefix": "*",
-            "destinationPortRange": "3389",
-            "destinationAddressPrefix": "*"
-          }
-        }
-      ]
+      "defaultValue": []
     },
     "hubNetworkSecurityGroupDiagnosticsLogs": {
       "type": "array",