diff --git a/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep b/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep index 11d4134e3..2b3d0131c 100644 --- a/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep +++ b/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep @@ -26,7 +26,7 @@ param parAcrSku string = 'Basic' @sys.description('Tags to be applied to resource when deployed. Default: None') param parTags object ={} -resource resAzureContainerRegistry 'Microsoft.ContainerRegistry/registries@2022-12-01' = { +resource resAzureContainerRegistry 'Microsoft.ContainerRegistry/registries@2023-07-01' = { name: parAcrName tags: parTags location: parLocation diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking-multiRegion.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking-multiRegion.bicep index 6a0aa8163..366c97c46 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking-multiRegion.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking-multiRegion.bicep @@ -682,14 +682,14 @@ var varAzFirewallUseCustomPublicIps = length(parAzFirewallCustomPublicIps) > 0 var varAzFirewallUseCustomPublicIpsSecondaryLocation = length(parAzFirewallCustomPublicIpsSecondaryLocation) > 0 //DDos Protection plan will only be enabled if parDdosEnabled is true. -resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2023-02-01' = if (parDdosEnabled) { +resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2024-05-01' = if (parDdosEnabled) { name: parDdosPlanName location: parLocation tags: parTags } //DDos Protection plan will only be enabled if parDdosEnabled is true. -resource resDdosProtectionPlanSecondaryLocation 'Microsoft.Network/ddosProtectionPlans@2023-02-01' = if (parDdosEnabledSecondaryLocation) { +resource resDdosProtectionPlanSecondaryLocation 'Microsoft.Network/ddosProtectionPlans@2024-05-01' = if (parDdosEnabledSecondaryLocation) { name: parDdosPlanNameSecondaryLocation location: parSecondaryLocation tags: parTags @@ -715,7 +715,7 @@ resource resDDoSProtectionPlanLockSecondaryLocation 'Microsoft.Authorization/loc } } -resource resHubVnet 'Microsoft.Network/virtualNetworks@2024-01-01' = { +resource resHubVnet 'Microsoft.Network/virtualNetworks@2024-05-01' = { dependsOn: [ resBastionNsg ] @@ -741,7 +741,7 @@ resource resHubVnet 'Microsoft.Network/virtualNetworks@2024-01-01' = { } } -resource resHubVnetSecondaryLocation 'Microsoft.Network/virtualNetworks@2024-01-01' = { +resource resHubVnetSecondaryLocation 'Microsoft.Network/virtualNetworks@2024-05-01' = { dependsOn: [ resBastionNsgSecondaryLocation ] @@ -849,17 +849,17 @@ module modBastionPublicIpSecondaryLocation '../publicIp/publicIp.bicep' = if (pa } } -resource resBastionSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzBastionEnabled) { +resource resBastionSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzBastionEnabled) { parent: resHubVnet name: 'AzureBastionSubnet' } -resource resBastionSubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzBastionEnabledSecondaryLocation) { +resource resBastionSubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzBastionEnabledSecondaryLocation) { parent: resHubVnetSecondaryLocation name: 'AzureBastionSubnet' } -resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2024-01-01' = if (parAzBastionEnabled) { +resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2024-05-01' = if (parAzBastionEnabled) { name: parAzBastionNsgName location: parLocation tags: parTags @@ -1008,7 +1008,7 @@ resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2024-01-01' = if } } -resource resBastionNsgSecondaryLocation 'Microsoft.Network/networkSecurityGroups@2024-01-01' = if (parAzBastionEnabledSecondaryLocation) { +resource resBastionNsgSecondaryLocation 'Microsoft.Network/networkSecurityGroups@2024-05-01' = if (parAzBastionEnabledSecondaryLocation) { name: parAzBastionNsgNameSecondaryLocation location: parSecondaryLocation tags: parTags @@ -1180,7 +1180,7 @@ resource resBastionNsgLockSecondaryLocation 'Microsoft.Authorization/locks@2020- // AzureBastionSubnet is required to deploy Bastion service. This subnet must exist in the parsubnets array if you enable Bastion Service. // There is a minimum subnet requirement of /27 prefix. // If you are deploying standard this needs to be larger. https://docs.microsoft.com/en-us/azure/bastion/configuration-settings#subnet -resource resBastion 'Microsoft.Network/bastionHosts@2023-02-01' = if (parAzBastionEnabled) { +resource resBastion 'Microsoft.Network/bastionHosts@2024-05-01' = if (parAzBastionEnabled) { location: parLocation name: parAzBastionName tags: parTags @@ -1209,7 +1209,7 @@ resource resBastion 'Microsoft.Network/bastionHosts@2023-02-01' = if (parAzBasti // AzureBastionSubnet is required to deploy Bastion service. This subnet must exist in the parsubnets array if you enable Bastion Service. // There is a minimum subnet requirement of /27 prefix. // If you are deploying standard this needs to be larger. https://docs.microsoft.com/en-us/azure/bastion/configuration-settings#subnet -resource resBastionSecondaryLocation 'Microsoft.Network/bastionHosts@2024-01-01' = if (parAzBastionEnabledSecondaryLocation) { +resource resBastionSecondaryLocation 'Microsoft.Network/bastionHosts@2024-05-01' = if (parAzBastionEnabledSecondaryLocation) { location: parSecondaryLocation name: parAzBastionNameSecondaryLocation tags: parTags @@ -1257,12 +1257,12 @@ resource resBastionLockSecondaryLocation 'Microsoft.Authorization/locks@2020-05- } } -resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parVpnGatewayEnabled || parExpressRouteGatewayEnabled) { +resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parVpnGatewayEnabled || parExpressRouteGatewayEnabled) { parent: resHubVnet name: 'GatewaySubnet' } -resource resGatewaySubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parVpnGatewayEnabledSecondaryLocation || parExpressRouteGatewayEnabledSecondaryLocation) { +resource resGatewaySubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parVpnGatewayEnabledSecondaryLocation || parExpressRouteGatewayEnabledSecondaryLocation) { parent: resHubVnetSecondaryLocation name: 'GatewaySubnet' } @@ -1394,7 +1394,7 @@ module modGatewayPublicIpActiveActiveSecondaryLocation '../publicIp/publicIp.bic ] //Minumum subnet size is /27 supporting documentation https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub -resource resGateway 'Microsoft.Network/virtualNetworkGateways@2024-01-01' = [ +resource resGateway 'Microsoft.Network/virtualNetworkGateways@2024-05-01' = [ for (gateway, i) in varGwConfig: if ((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) { name: gateway.name location: parLocation @@ -1464,7 +1464,7 @@ resource resGateway 'Microsoft.Network/virtualNetworkGateways@2024-01-01' = [ ] //Minumum subnet size is /27 supporting documentation https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub -resource resGatewaySecondaryLocation 'Microsoft.Network/virtualNetworkGateways@2024-01-01' = [ +resource resGatewaySecondaryLocation 'Microsoft.Network/virtualNetworkGateways@2024-05-01' = [ for (gateway, i) in varGwConfigSecondaryLocation: if ((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) { name: gateway.name location: parSecondaryLocation @@ -1557,17 +1557,17 @@ resource resVirtualNetworkGatewayLockSecondaryLocation 'Microsoft.Authorization/ } ] -resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzFirewallEnabled) { +resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzFirewallEnabled) { parent: resHubVnet name: 'AzureFirewallSubnet' } -resource resAzureFirewallSubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzFirewallEnabledSecondaryLocation) { +resource resAzureFirewallSubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzFirewallEnabledSecondaryLocation) { parent: resHubVnetSecondaryLocation name: 'AzureFirewallSubnet' } -resource resAzureFirewallMgmtSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzFirewallEnabled && (contains( +resource resAzureFirewallMgmtSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzFirewallEnabled && (contains( map(parSubnets, subnets => subnets.name), 'AzureFirewallManagementSubnet' ))) { @@ -1575,7 +1575,7 @@ resource resAzureFirewallMgmtSubnetRef 'Microsoft.Network/virtualNetworks/subnet name: 'AzureFirewallManagementSubnet' } -resource resAzureFirewallMgmtSubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzFirewallEnabledSecondaryLocation && (contains( +resource resAzureFirewallMgmtSubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzFirewallEnabledSecondaryLocation && (contains( map(parSubnetsSecondaryLocation, subnets => subnets.name), 'AzureFirewallManagementSubnet' ))) { @@ -1665,7 +1665,7 @@ module modAzureFirewallMgmtPublicIpSecondaryLocation '../publicIp/publicIp.bicep } } -resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2024-01-01' = if (parAzFirewallEnabled && parAzFirewallPoliciesEnabled) { +resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2024-05-01' = if (parAzFirewallEnabled && parAzFirewallPoliciesEnabled) { name: parAzFirewallPoliciesName location: parLocation tags: parTags @@ -1694,7 +1694,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2024-01-01' = i } } -resource resFirewallPoliciesSecondaryLocation 'Microsoft.Network/firewallPolicies@2024-01-01' = if (parAzFirewallEnabledSecondaryLocation && parAzFirewallPoliciesEnabledSecondaryLocation) { +resource resFirewallPoliciesSecondaryLocation 'Microsoft.Network/firewallPolicies@2024-05-01' = if (parAzFirewallEnabledSecondaryLocation && parAzFirewallPoliciesEnabledSecondaryLocation) { name: parAzFirewallPoliciesNameSecondaryLocation location: parSecondaryLocation tags: parTags @@ -1745,7 +1745,7 @@ resource resFirewallPoliciesLockSecondaryLocation 'Microsoft.Authorization/locks // AzureFirewallSubnet is required to deploy Azure Firewall . This subnet must exist in the parsubnets array if you deploy. // There is a minimum subnet requirement of /26 prefix. -resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2024-01-01' = if (parAzFirewallEnabled) { +resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2024-05-01' = if (parAzFirewallEnabled) { dependsOn: [ resGateway ] @@ -1849,7 +1849,7 @@ resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2024-01-01' = if (pa // AzureFirewallSubnet is required to deploy Azure Firewall . This subnet must exist in the parsubnets array if you deploy. // There is a minimum subnet requirement of /26 prefix. -resource resAzureFirewallSecondaryLocation 'Microsoft.Network/azureFirewalls@2024-01-01' = if (parAzFirewallEnabledSecondaryLocation) { +resource resAzureFirewallSecondaryLocation 'Microsoft.Network/azureFirewalls@2024-05-01' = if (parAzFirewallEnabledSecondaryLocation) { dependsOn: [ resGatewaySecondaryLocation ] @@ -1978,7 +1978,7 @@ resource resAzureFirewallLockSecondaryLocation 'Microsoft.Authorization/locks@20 } //If Azure Firewall is enabled we will deploy a RouteTable to redirect Traffic to the Firewall. -resource resHubRouteTable 'Microsoft.Network/routeTables@2024-01-01' = if (parAzFirewallEnabled) { +resource resHubRouteTable 'Microsoft.Network/routeTables@2024-05-01' = if (parAzFirewallEnabled) { name: parHubRouteTableName location: parLocation tags: parTags @@ -2000,7 +2000,7 @@ resource resHubRouteTable 'Microsoft.Network/routeTables@2024-01-01' = if (parAz } //If Azure Firewall is enabled we will deploy a RouteTable to redirect Traffic to the Firewall. -resource resHubRouteTableSecondaryLocation 'Microsoft.Network/routeTables@2024-01-01' = if (parAzFirewallEnabledSecondaryLocation) { +resource resHubRouteTableSecondaryLocation 'Microsoft.Network/routeTables@2024-05-01' = if (parAzFirewallEnabledSecondaryLocation) { name: parHubRouteTableNameSecondaryLocation location: parSecondaryLocation tags: parTags @@ -2041,7 +2041,7 @@ resource resHubRouteTableLockSecondaryLocation 'Microsoft.Authorization/locks@20 } } -module modPrivateDnsZonesAVMRegion1 'br/public:avm/ptn/network/private-link-private-dns-zones:0.2.1' = if (parPrivateDnsZonesEnabled) { +module modPrivateDnsZonesAVMRegion1 'br/public:avm/ptn/network/private-link-private-dns-zones:0.3.0' = if (parPrivateDnsZonesEnabled) { name: 'deploy-Private-DNS-Zones-AVM-${parLocation}' scope: resourceGroup(parPrivateDnsZonesResourceGroup) params: { @@ -2061,7 +2061,7 @@ module modPrivateDnsZonesAVMRegion1 'br/public:avm/ptn/network/private-link-priv } } -module modPrivateDnsZonesAVMRegion2 'br/public:avm/ptn/network/private-link-private-dns-zones:0.2.1' = if (parPrivateDnsZonesEnabled) { +module modPrivateDnsZonesAVMRegion2 'br/public:avm/ptn/network/private-link-private-dns-zones:0.3.0' = if (parPrivateDnsZonesEnabled) { name: 'deploy-Private-DNS-Zones-AVM-Multi-${parSecondaryLocation}' scope: resourceGroup(parPrivateDnsZonesResourceGroup) params: { diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index e383a279e..0fff24a22 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -432,7 +432,7 @@ resource resDDoSProtectionPlanLock 'Microsoft.Authorization/locks@2020-05-01' = } } -resource resHubVnet 'Microsoft.Network/virtualNetworks@2023-02-01' = { +resource resHubVnet 'Microsoft.Network/virtualNetworks@2024-05-01' = { dependsOn: [ resBastionNsg ] @@ -486,12 +486,12 @@ module modBastionPublicIp '../publicIp/publicIp.bicep' = if (parAzBastionEnabled } } -resource resBastionSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzBastionEnabled) { +resource resBastionSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzBastionEnabled) { parent: resHubVnet name: 'AzureBastionSubnet' } -resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2024-01-01' = if (parAzBastionEnabled) { +resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2024-05-01' = if (parAzBastionEnabled) { name: parAzBastionNsgName location: parLocation tags: parTags @@ -653,7 +653,7 @@ resource resBastionNsgLock 'Microsoft.Authorization/locks@2020-05-01' = if (parA // AzureBastionSubnet is required to deploy Bastion service. This subnet must exist in the parsubnets array if you enable Bastion Service. // There is a minimum subnet requirement of /27 prefix. // If you are deploying standard this needs to be larger. https://docs.microsoft.com/en-us/azure/bastion/configuration-settings#subnet -resource resBastion 'Microsoft.Network/bastionHosts@2024-01-01' = if (parAzBastionEnabled) { +resource resBastion 'Microsoft.Network/bastionHosts@2024-05-01' = if (parAzBastionEnabled) { location: parLocation name: parAzBastionName tags: parTags @@ -689,7 +689,7 @@ resource resBastionLock 'Microsoft.Authorization/locks@2020-05-01' = if (parAzBa } } -resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parVpnGatewayEnabled || parExpressRouteGatewayEnabled) { +resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parVpnGatewayEnabled || parExpressRouteGatewayEnabled) { parent: resHubVnet name: 'GatewaySubnet' } @@ -758,7 +758,7 @@ module modGatewayPublicIpActiveActive '../publicIp/publicIp.bicep' = [ ] //Minumum subnet size is /27 supporting documentation https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub -resource resGateway 'Microsoft.Network/virtualNetworkGateways@2024-01-01' = [ +resource resGateway 'Microsoft.Network/virtualNetworkGateways@2024-05-01' = [ for (gateway, i) in varGwConfig: if ((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) { name: gateway.name location: parLocation @@ -840,12 +840,12 @@ resource resVirtualNetworkGatewayLock 'Microsoft.Authorization/locks@2020-05-01' } ] -resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzFirewallEnabled) { +resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzFirewallEnabled) { parent: resHubVnet name: 'AzureFirewallSubnet' } -resource resAzureFirewallMgmtSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzFirewallEnabled && (contains( +resource resAzureFirewallMgmtSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzFirewallEnabled && (contains( map(parSubnets, subnets => subnets.name), 'AzureFirewallManagementSubnet' ))) { @@ -894,7 +894,7 @@ module modAzureFirewallMgmtPublicIp '../publicIp/publicIp.bicep' = if (parAzFire } } -resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2024-01-01' = if (parAzFirewallEnabled && parAzFirewallPoliciesEnabled) { +resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2024-05-01' = if (parAzFirewallEnabled && parAzFirewallPoliciesEnabled) { name: parAzFirewallPoliciesName location: parLocation tags: parTags @@ -935,7 +935,7 @@ resource resFirewallPoliciesLock 'Microsoft.Authorization/locks@2020-05-01' = if // AzureFirewallSubnet is required to deploy Azure Firewall . This subnet must exist in the parsubnets array if you deploy. // There is a minimum subnet requirement of /26 prefix. -resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2024-01-01' = if (parAzFirewallEnabled) { +resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2024-05-01' = if (parAzFirewallEnabled) { dependsOn: [ resGateway ] @@ -1048,7 +1048,7 @@ resource resAzureFirewallLock 'Microsoft.Authorization/locks@2020-05-01' = if (p } //If Azure Firewall is enabled we will deploy a RouteTable to redirect Traffic to the Firewall. -resource resHubRouteTable 'Microsoft.Network/routeTables@2024-01-01' = if (parAzFirewallEnabled) { +resource resHubRouteTable 'Microsoft.Network/routeTables@2024-05-01' = if (parAzFirewallEnabled) { name: parHubRouteTableName location: parLocation tags: parTags @@ -1079,7 +1079,7 @@ resource resHubRouteTableLock 'Microsoft.Authorization/locks@2020-05-01' = if (p } } -module modPrivateDnsZonesAVM 'br/public:avm/ptn/network/private-link-private-dns-zones:0.2.1' = if (parPrivateDnsZonesEnabled) { +module modPrivateDnsZonesAVM 'br/public:avm/ptn/network/private-link-private-dns-zones:0.3.0' = if (parPrivateDnsZonesEnabled) { name: 'deploy-Private-DNS-Zones-AVM-Single' scope: resourceGroup(parPrivateDnsZonesResourceGroup) params: { diff --git a/infra-as-code/bicep/modules/logging/logging.bicep b/infra-as-code/bicep/modules/logging/logging.bicep index 57e2777db..b514b412a 100644 --- a/infra-as-code/bicep/modules/logging/logging.bicep +++ b/infra-as-code/bicep/modules/logging/logging.bicep @@ -218,7 +218,7 @@ resource resAutomationAccountLock 'Microsoft.Authorization/locks@2020-05-01' = i } } -resource resLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { +resource resLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { name: parLogAnalyticsWorkspaceName location: parLogAnalyticsWorkspaceLocation tags: parLogAnalyticsWorkspaceTags @@ -680,7 +680,7 @@ resource resLogAnalyticsWorkspaceSolutionsLock 'Microsoft.Authorization/locks@20 } }] -resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.OperationalInsights/workspaces/linkedServices@2020-08-01' = if (parLogAnalyticsWorkspaceLinkAutomationAccount) { +resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.OperationalInsights/workspaces/linkedServices@2023-09-01' = if (parLogAnalyticsWorkspaceLinkAutomationAccount) { parent: resLogAnalyticsWorkspace name: parLogAnalyticsLinkedServiceAutomationAccountName properties: { diff --git a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep index 9c48aeae5..d52675179 100644 --- a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep @@ -81,7 +81,7 @@ var varPolicyAssignmentIdentityRoleAssignmentsMgsConverged = parPolicyAssignment // Customer Usage Attribution Id var varCuaid = '78001e36-9738-429c-a343-45cc84e8a527' -resource resPolicyAssignment 'Microsoft.Authorization/policyAssignments@2024-04-01' = { +resource resPolicyAssignment 'Microsoft.Authorization/policyAssignments@2025-01-01' = { name: parPolicyAssignmentName properties: { displayName: parPolicyAssignmentDisplayName diff --git a/infra-as-code/bicep/modules/publicIp/publicIp.bicep b/infra-as-code/bicep/modules/publicIp/publicIp.bicep index c7fc3ef57..e0ae8b886 100644 --- a/infra-as-code/bicep/modules/publicIp/publicIp.bicep +++ b/infra-as-code/bicep/modules/publicIp/publicIp.bicep @@ -52,7 +52,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = '3f85b84c-6bad-4c42-86bf-11c233241c22' -resource resPublicIp 'Microsoft.Network/publicIPAddresses@2023-02-01' = { +resource resPublicIp 'Microsoft.Network/publicIPAddresses@2024-05-01' = { name: parPublicIpName tags: parTags location: parLocation diff --git a/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep b/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep index 76b8f3b25..7b87c13de 100644 --- a/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep +++ b/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep @@ -40,7 +40,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = 'b6718c54-b49e-4748-a466-88e3d7c789c8' -resource resResourceGroup 'Microsoft.Resources/resourceGroups@2022-09-01' = { +resource resResourceGroup 'Microsoft.Resources/resourceGroups@2024-07-01' = { location: parLocation name: parResourceGroupName tags: parTags diff --git a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep index 29b1fa2ae..88cdaaa1b 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep +++ b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep @@ -80,7 +80,7 @@ var varCuaid = '0c428583-f2a1-4448-975c-2d6262fd193a' //If Ddos parameter is true Ddos will be Enabled on the Virtual Network //If Azure Firewall is enabled and Network DNS Proxy is enabled DNS will be configured to point to AzureFirewall -resource resSpokeVirtualNetwork 'Microsoft.Network/virtualNetworks@2023-02-01' = { +resource resSpokeVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = { name: parSpokeNetworkName location: parLocation tags: parTags diff --git a/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep b/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep index d27fdb1b5..1dcc4c627 100644 --- a/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep +++ b/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep @@ -28,7 +28,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaId = 'ab8e3b12-b0fa-40aa-8630-e3f7699e2142' -resource resVirtualNetworkPeer 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2023-02-01' = { +resource resVirtualNetworkPeer 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2024-05-01' = { name: '${parSourceVirtualNetworkName}/peer-to-${parDestinationVirtualNetworkName}' properties: { allowVirtualNetworkAccess: parAllowVirtualNetworkAccess diff --git a/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep b/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep index d4294af2f..2bb744707 100644 --- a/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep +++ b/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep @@ -22,7 +22,7 @@ var varSpokeVnetName = split(parRemoteVirtualNetworkResourceId, '/')[8] var varVnetPeeringVwanName = '${varVwanHubName}/${parVirtualHubConnectionPrefix}${varSpokeVnetName}${parVirtualHubConnectionSuffix}' -resource resVnetPeeringVwan 'Microsoft.Network/virtualHubs/hubVirtualNetworkConnections@2023-02-01' = if (!empty(parVirtualWanHubResourceId) && !empty(parRemoteVirtualNetworkResourceId)) { +resource resVnetPeeringVwan 'Microsoft.Network/virtualHubs/hubVirtualNetworkConnections@2024-05-01' = if (!empty(parVirtualWanHubResourceId) && !empty(parRemoteVirtualNetworkResourceId)) { name: varVnetPeeringVwanName properties: { remoteVirtualNetwork: { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 4ae57cebd..127b0b5b1 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -291,7 +291,7 @@ var azureFirewallInHubsIndex = [ ] // Virtual WAN resource -resource resVwan 'Microsoft.Network/virtualWans@2023-04-01' = { +resource resVwan 'Microsoft.Network/virtualWans@2024-05-01' = { name: parVirtualWanName location: parLocation tags: parTags @@ -313,7 +313,7 @@ resource resVwanLock 'Microsoft.Authorization/locks@2020-05-01' = if (parGlobalR } } -resource resVhub 'Microsoft.Network/virtualHubs@2023-04-01' = [ +resource resVhub 'Microsoft.Network/virtualHubs@2024-05-01' = [ for hub in parVirtualWanHubs: if (parVirtualHubEnabled && !empty(hub.parVirtualHubAddressPrefix)) { name: hub.?parVirtualWanHubCustomName ?? '${parVirtualWanHubName}-${hub.parHubLocation}' location: hub.parHubLocation @@ -344,7 +344,7 @@ resource resVhubLock 'Microsoft.Authorization/locks@2020-05-01' = [ } ] -resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-04-01' = [ +resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2024-05-01' = [ for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && hub.parAzFirewallEnabled && empty(hub.parVirtualHubRoutingIntentDestinations)) { parent: resVhub[i] name: 'defaultRouteTable' @@ -367,7 +367,7 @@ resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-04 } ] -resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023-04-01' = [ +resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2024-05-01' = [ for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && hub.parAzFirewallEnabled && !empty(hub.parVirtualHubRoutingIntentDestinations)) { parent: resVhub[i] name: !empty(hub.?parVirtualWanHubCustomName) @@ -387,7 +387,7 @@ resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023- } ] -resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [ +resource resVpnGateway 'Microsoft.Network/vpnGateways@2024-05-01' = [ for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parVpnGatewayEnabled)) { dependsOn: resVhub name: hub.?parVpnGatewayCustomName ?? '${parVpnGatewayName}-${hub.parHubLocation}' @@ -419,7 +419,7 @@ resource resVpnGatewayLock 'Microsoft.Authorization/locks@2020-05-01' = [ } ] -resource resErGateway 'Microsoft.Network/expressRouteGateways@2023-02-01' = [ +resource resErGateway 'Microsoft.Network/expressRouteGateways@2024-05-01' = [ for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parExpressRouteGatewayEnabled)) { dependsOn: resVhub name: hub.?parExpressRouteGatewayCustomName ?? '${parExpressRouteGatewayName}-${hub.parHubLocation}' @@ -451,7 +451,7 @@ resource resErGatewayLock 'Microsoft.Authorization/locks@2020-05-01' = [ ] // Create Azure Firewall Policy (per region) resources if parAzFirewallEnabled is true and parAzFirewallPolicyDeploymentStyle is set to PerRegion -resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = [ +resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2024-05-01' = [ for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && parVirtualWanHubs[i].parAzFirewallEnabled && parAzFirewallPolicyDeploymentStyle == 'PerRegion') { name: hub.?parAzFirewallPolicyCustomName ?? '${parAzFirewallPoliciesName}-${hub.parHubLocation}' location: hub.parHubLocation @@ -495,7 +495,7 @@ resource resFirewallPoliciesLock 'Microsoft.Authorization/locks@2020-05-01' = [ ] // Shared Global Azure Firewall Policy -resource resFirewallPoliciesSharedGlobal 'Microsoft.Network/firewallPolicies@2023-02-01' = if (parVirtualHubEnabled && parVirtualWanHubs[0].parAzFirewallEnabled && parAzFirewallPolicyDeploymentStyle == 'SharedGlobal') { +resource resFirewallPoliciesSharedGlobal 'Microsoft.Network/firewallPolicies@2024-05-01' = if (parVirtualHubEnabled && parVirtualWanHubs[0].parAzFirewallEnabled && parAzFirewallPolicyDeploymentStyle == 'SharedGlobal') { name: parVirtualWanHubs[0].?parAzFirewallPolicyCustomName ?? '${parAzFirewallPoliciesName}-${parVirtualWanHubs[0].parHubLocation}' location: parVirtualWanHubs[0].parHubLocation tags: parTags @@ -534,7 +534,7 @@ resource resFirewallPoliciesLockSharedGlobal 'Microsoft.Authorization/locks@2020 } } -resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = [ +resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2024-05-01' = [ for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parAzFirewallEnabled)) { name: hub.?parAzFirewallCustomName ?? '${parAzFirewallName}-${hub.parHubLocation}' location: hub.parHubLocation @@ -575,7 +575,7 @@ resource resAzureFirewallLock 'Microsoft.Authorization/locks@2020-05-01' = [ ] // DDoS plan is deployed even though not supported to attach to Virtual WAN today as per https://docs.microsoft.com/azure/firewall-manager/overview#known-issues - However, it can still be linked via policy to spoke VNets etc. -resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2023-02-01' = if (parDdosEnabled) { +resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2024-05-01' = if (parDdosEnabled) { name: parDdosPlanName location: parLocation tags: parTags @@ -592,7 +592,7 @@ resource resDDoSProtectionPlanLock 'Microsoft.Authorization/locks@2020-05-01' = } // Private DNS Zones cannot be linked to the Virtual WAN Hub today however, they can be linked to spokes as they are normal VNets as per https://docs.microsoft.com/azure/virtual-wan/howto-private-link -module modPrivateDnsZonesAVM 'br/public:avm/ptn/network/private-link-private-dns-zones:0.2.1' = if (parPrivateDnsZonesEnabled) { +module modPrivateDnsZonesAVM 'br/public:avm/ptn/network/private-link-private-dns-zones:0.3.0' = if (parPrivateDnsZonesEnabled) { name: 'deploy-Private-DNS-Zones-AVM-Single' scope: resourceGroup(parPrivateDnsZonesResourceGroup) params: {