-
Notifications
You must be signed in to change notification settings - Fork 6
/
azfwpolicy.bicep
82 lines (74 loc) · 1.74 KB
/
azfwpolicy.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
@description('Name of the Azure Firewall Policy')
param policyName string
param location string = resourceGroup().location
param deployVWAN bool = false
resource policy 'Microsoft.Network/firewallPolicies@2021-08-01' = {
location: location
name: policyName
properties: {
dnsSettings: {
enableProxy: true
}
sku: {
tier: 'Standard'
}
threatIntelMode: 'Alert'
}
}
module globalRCG './rcg-global.bicep' = {
name: 'rcg-global'
params: {
policyName: policy.name
rcgName: 'rcg-global'
}
}
module app01 '../../app01/bicep/rcgwrapper-app01.bicep' = {
name: 'app01'
params: {
policyName: policy.name
prefix: 'app01b'
location: location
}
}
module app02 '../../app02/bicep/rcgwrapper-app02.bicep' = {
name: 'app02'
params: {
policyName: policy.name
prefix: 'app02b'
location: location
}
// RCGs should be deployed sequentially
dependsOn: [app01]
}
module app03 '../../app03/bicep/rcgwrapper-app03.bicep' = {
name: 'app03'
params: {
policyName: policy.name
prefix: 'app03b'
}
// RCGs should be deployed sequentially
dependsOn: [app02]
}
// This module exists in a different repo, the syntax highlighting error is expected
module app04 '../../app04/app04/azfw-app04.bicep' = {
name: 'app04'
params: {
policyName: policy.name
prefix: 'app04b'
}
// RCGs should be deployed sequentially
dependsOn: [app03]
}
// Deploy VWAN with Firewalls associated to the policy
module vwan './vwan/vwan.bicep' = if(deployVWAN) {
name: 'vwan'
params: {
vWANlocation: location
hub1Location: location
hub2Location: location
firewallTier: 'Standard'
FirewallPolicyId: policy.id
}
// To deploy VWAN after the policy is finished
dependsOn: [app04]
}