From 5b93178627ab8c4dba83dd611bc11c0a6e4d4391 Mon Sep 17 00:00:00 2001 From: Shenglong Li Date: Tue, 2 Mar 2021 10:30:29 -0800 Subject: [PATCH] Update examples to use decorators --- .../101/1vm-2nics-2subnets-1vnet/main.bicep | 6 +- .../aci-linuxcontainer-public-ip/main.bicep | 15 +- .../main.bicep | 48 +- .../main.json | 272 +- docs/examples/101/aks/main.bicep | 24 +- docs/examples/101/aks/main.json | 184 +- .../api-management-create-with-msi/main.bicep | 31 +- .../main.bicep | 32 +- .../101/azure-search-create/main.bicep | 69 +- .../101/azure-search-create/main.json | 154 +- .../101/basic-batch-account/main.bicep | 13 +- .../101/container-registry/main.bicep | 49 +- .../examples/101/container-registry/main.json | 136 +- .../101/cosmosdb-private-endpoint/main.bicep | 14 +- docs/examples/101/cosmosdb-webapp/main.bicep | 47 +- docs/examples/101/cosmosdb-webapp/main.json | 292 +- .../main.bicep | 14 +- .../101/databricks-workspace/main.bicep | 14 +- .../expressroute-circuit-create/main.bicep | 27 +- .../main.bicep | 16 +- .../101/hdinsight-spark-linux/main.bicep | 71 +- .../101/hdinsight-spark-linux/main.json | 298 +- .../101/key-vault-secret-only/main.bicep | 6 +- docs/examples/101/sql-database/main.bicep | 6 +- docs/examples/101/sqlmi-new-vnet/main.bicep | 52 +- docs/examples/101/sqlmi-new-vnet/main.json | 424 +- .../101/storage-static-website/main.bicep | 17 +- docs/examples/101/vm-simple-linux/main.bicep | 29 +- .../examples/101/vm-simple-windows/main.bicep | 51 +- docs/examples/101/vm-simple-windows/main.json | 442 +-- .../101/webapp-managed-mysql/main.bicep | 98 +- .../101/webapp-managed-mysql/main.json | 350 +- .../main.bicep | 15 +- .../201/1vm-2nics-2subnets-1vnet/main.bicep | 7 +- .../201/1vm-2nics-2subnets-1vnet/vm.bicep | 7 +- docs/examples/201/aci-sftp-files/main.bicep | 7 +- docs/examples/201/aci-wordpress/main.bicep | 19 +- .../linux-vm-az.bicep | 14 +- .../main.bicep | 36 +- .../201/asev2-ilb-with-web-app/main.bicep | 34 +- .../event-hub-and-consumer-group/main.bicep | 29 +- .../firewall-with-ip-from-prefix/main.bicep | 52 +- .../firewall-with-ip-from-prefix/main.json | 280 +- .../main.bicep | 13 +- docs/examples/201/iot-with-storage/main.bicep | 8 +- docs/examples/201/iot-with-storage/main.json | 276 +- .../201/key-vault-secret-create/main.bicep | 106 +- .../201/key-vault-secret-create/main.json | 296 +- .../main.bicep | 5 +- .../main.bicep | 11 +- .../anchored-ppg.bicep | 14 +- .../main.bicep | 18 +- .../201/redis-premium-persistence/main.bicep | 18 +- docs/examples/201/sql/main.bicep | 18 +- docs/examples/201/vm-domain-join/main.bicep | 34 +- docs/examples/201/vm-domain-join/main.json | 392 +- .../vm-new-or-existing-conditions/main.bicep | 191 +- .../vm-new-or-existing-conditions/main.json | 624 +-- .../201/vm-push-cert-windows/main.bicep | 6 +- .../main.bicep | 65 +- .../main.bicep | 7 +- .../201/vmss-windows-autoscale/main.bicep | 39 +- .../201/vmss-windows-autoscale/main.json | 548 +-- docs/examples/201/vnet-to-vnet-bgp/main.bicep | 25 +- .../201/web-app-sql-database/main.bicep | 47 +- .../201/web-app-sql-database/main.json | 302 +- .../main.bicep | 8 +- .../main.bicep | 9 +- .../main.json | 228 +- .../azfw.bicep | 60 +- .../azfw.json | 236 +- .../azfwpip.bicep | 21 +- .../azfwpip.json | 156 +- .../azfwpolicy.bicep | 13 +- .../azfwpolicy.json | 290 +- .../main.bicep | 37 +- .../main.json | 3518 ++++++++--------- .../vhub.bicep | 17 +- .../vhub.json | 122 +- .../vhubvpngw.bicep | 16 +- .../vhubvpngwcon.bicep | 18 +- .../vnet.bicep | 45 +- .../vnet.json | 448 +-- .../vnetsitetosite.bicep | 50 +- .../vnetvpngw.bicep | 16 +- .../vwan.bicep | 17 +- .../vwan.json | 102 +- .../vwanvpnsite.bicep | 40 +- .../nested-vms-in-virtual-network/main.bicep | 79 +- .../nested-vms-in-virtual-network/main.json | 1732 ++++---- .../nested-vms-in-virtual-network/nic.bicep | 14 +- .../main.bicep | 45 +- .../web-app-managed-identity-sql-db/main.json | 368 +- 93 files changed, 7136 insertions(+), 7433 deletions(-) diff --git a/docs/examples/101/1vm-2nics-2subnets-1vnet/main.bicep b/docs/examples/101/1vm-2nics-2subnets-1vnet/main.bicep index 5ac70283f57..2b9a99449a8 100644 --- a/docs/examples/101/1vm-2nics-2subnets-1vnet/main.bicep +++ b/docs/examples/101/1vm-2nics-2subnets-1vnet/main.bicep @@ -1,8 +1,8 @@ param virtualMachineSize string param adminUsername string -param adminPassword string { - secure: true -} + +@secure() +param adminPassword string param storageAccountType string param location string = resourceGroup().location diff --git a/docs/examples/101/aci-linuxcontainer-public-ip/main.bicep b/docs/examples/101/aci-linuxcontainer-public-ip/main.bicep index 212a317bbd4..6f1f1f720fb 100644 --- a/docs/examples/101/aci-linuxcontainer-public-ip/main.bicep +++ b/docs/examples/101/aci-linuxcontainer-public-ip/main.bicep @@ -3,14 +3,13 @@ param image string = 'mcr.microsoft.com/azuredocs/aci-helloworld' param port int = 80 param cpuCores int = 1 param memoryinGb int = 2 -param restartPolicy string { - default: 'Always' - allowed: [ - 'Always' - 'Never' - 'OnFailure' - ] -} + +@allowed([ + 'Always' + 'Never' + 'OnFailure' +]) +param restartPolicy string = 'Always' param location string = resourceGroup().location resource containerGroup 'Microsoft.ContainerInstance/containerGroups@2019-12-01' = { diff --git a/docs/examples/101/aks-vmss-systemassigned-identity/main.bicep b/docs/examples/101/aks-vmss-systemassigned-identity/main.bicep index 0b3690ad556..b971464d1c6 100644 --- a/docs/examples/101/aks-vmss-systemassigned-identity/main.bicep +++ b/docs/examples/101/aks-vmss-systemassigned-identity/main.bicep @@ -1,36 +1,20 @@ // params -param dnsPrefix string { - default: 'cl01' - metadata: { - description: 'The DNS prefix to use with hosted Kubernetes API server FQDN.' - } -} -param clusterName string { - default: 'aks101' - metadata: { - description: 'The name of the Managed Cluster resource.' - } -} -param location string { - default: resourceGroup().location - metadata: { - description: 'Specifies the Azure location where the key vault should be created.' - } -} -param agentCount int { - default: 1 - minValue: 1 - maxValue: 50 - metadata: { - description: 'The number of nodes for the cluster. 1 Node is enough for Dev/Test and minimum 3 nodes, is recommended for Production' - } -} -param agentVMSize string { - default: 'Standard_D2_v3' - metadata: { - description: 'The size of the Virtual Machine.' - } -} +@description('The DNS prefix to use with hosted Kubernetes API server FQDN.') +param dnsPrefix string = 'cl01' + +@description('The name of the Managed Cluster resource.') +param clusterName string = 'aks101' + +@description('Specifies the Azure location where the key vault should be created.') +param location string = resourceGroup().location + +@minValue(1) +@maxValue(50) +@description('The number of nodes for the cluster. 1 Node is enough for Dev/Test and minimum 3 nodes, is recommended for Production') +param agentCount int = 1 + +@description('The size of the Virtual Machine.') +param agentVMSize string = 'Standard_D2_v3' // vars var kubernetesVersion = '1.19.0' diff --git a/docs/examples/101/aks-vmss-systemassigned-identity/main.json b/docs/examples/101/aks-vmss-systemassigned-identity/main.json index fdbbc359874..2084bd206e5 100644 --- a/docs/examples/101/aks-vmss-systemassigned-identity/main.json +++ b/docs/examples/101/aks-vmss-systemassigned-identity/main.json @@ -1,137 +1,137 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "dnsPrefix": { - "type": "string", - "metadata": { - "description": "The DNS prefix to use with hosted Kubernetes API server FQDN." - }, - "defaultValue": "cl01" - }, - "clusterName": { - "type": "string", - "metadata": { - "description": "The name of the Managed Cluster resource." - }, - "defaultValue": "aks101" - }, - "location": { - "type": "string", - "metadata": { - "description": "Specifies the Azure location where the key vault should be created." - }, - "defaultValue": "[resourceGroup().location]" - }, - "agentCount": { - "type": "int", - "minValue": 1, - "maxValue": 50, - "metadata": { - "description": "The number of nodes for the cluster. 1 Node is enough for Dev/Test and minimum 3 nodes, is recommended for Production" - }, - "defaultValue": 1 - }, - "agentVMSize": { - "type": "string", - "metadata": { - "description": "The size of the Virtual Machine." - }, - "defaultValue": "Standard_D2_v3" - } - }, - "functions": [], - "variables": { - "kubernetesVersion": "1.19.0", - "subnetRef": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName')), variables('subnetName'))]", - "addressPrefix": "20.0.0.0/16", - "subnetName": "Subnet01", - "subnetPrefix": "20.0.0.0/24", - "virtualNetworkName": "MyVNET01", - "nodeResourceGroup": "[format('rg-{0}-{1}', parameters('dnsPrefix'), parameters('clusterName'))]", - "tags": { - "environment": "production", - "projectCode": "xyz" - }, - "agentPoolName": "agentpool01" - }, - "resources": [ - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2020-06-01", - "name": "[variables('virtualNetworkName')]", - "location": "[parameters('location')]", - "tags": "[variables('tags')]", - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[variables('addressPrefix')]" - ] - }, - "subnets": [ - { - "name": "[variables('subnetName')]", - "properties": { - "addressPrefix": "[variables('subnetPrefix')]" - } - } - ] - } - }, - { - "type": "Microsoft.ContainerService/managedClusters", - "apiVersion": "2020-09-01", - "name": "[parameters('clusterName')]", - "location": "[parameters('location')]", - "tags": "[variables('tags')]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "kubernetesVersion": "[variables('kubernetesVersion')]", - "enableRBAC": true, - "dnsPrefix": "[parameters('dnsPrefix')]", - "agentPoolProfiles": [ - { - "name": "[variables('agentPoolName')]", - "count": "[parameters('agentCount')]", - "mode": "System", - "vmSize": "[parameters('agentVMSize')]", - "type": "VirtualMachineScaleSets", - "osType": "Linux", - "enableAutoScaling": false, - "vnetSubnetID": "[variables('subnetRef')]" - } - ], - "servicePrincipalProfile": { - "clientId": "msi" - }, - "nodeResourceGroup": "[variables('nodeResourceGroup')]", - "networkProfile": { - "networkPlugin": "azure", - "loadBalancerSku": "standard" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]" - ] - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.ContainerService/managedClusters', parameters('clusterName'))]" - }, - "apiServerAddress": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('clusterName'))).fqdn]" - } - }, - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "6792316880994491377" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "dnsPrefix": { + "type": "string", + "defaultValue": "cl01", + "metadata": { + "description": "The DNS prefix to use with hosted Kubernetes API server FQDN." + } + }, + "clusterName": { + "type": "string", + "defaultValue": "aks101", + "metadata": { + "description": "The name of the Managed Cluster resource." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Specifies the Azure location where the key vault should be created." + } + }, + "agentCount": { + "type": "int", + "defaultValue": 1, + "metadata": { + "description": "The number of nodes for the cluster. 1 Node is enough for Dev/Test and minimum 3 nodes, is recommended for Production" + }, + "maxValue": 50, + "minValue": 1 + }, + "agentVMSize": { + "type": "string", + "defaultValue": "Standard_D2_v3", + "metadata": { + "description": "The size of the Virtual Machine." + } + } + }, + "functions": [], + "variables": { + "kubernetesVersion": "1.19.0", + "subnetRef": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName')), variables('subnetName'))]", + "addressPrefix": "20.0.0.0/16", + "subnetName": "Subnet01", + "subnetPrefix": "20.0.0.0/24", + "virtualNetworkName": "MyVNET01", + "nodeResourceGroup": "[format('rg-{0}-{1}', parameters('dnsPrefix'), parameters('clusterName'))]", + "tags": { + "environment": "production", + "projectCode": "xyz" + }, + "agentPoolName": "agentpool01" + }, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2020-06-01", + "name": "[variables('virtualNetworkName')]", + "location": "[parameters('location')]", + "tags": "[variables('tags')]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetPrefix')]" + } + } + ] + } + }, + { + "type": "Microsoft.ContainerService/managedClusters", + "apiVersion": "2020-09-01", + "name": "[parameters('clusterName')]", + "location": "[parameters('location')]", + "tags": "[variables('tags')]", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "kubernetesVersion": "[variables('kubernetesVersion')]", + "enableRBAC": true, + "dnsPrefix": "[parameters('dnsPrefix')]", + "agentPoolProfiles": [ + { + "name": "[variables('agentPoolName')]", + "count": "[parameters('agentCount')]", + "mode": "System", + "vmSize": "[parameters('agentVMSize')]", + "type": "VirtualMachineScaleSets", + "osType": "Linux", + "enableAutoScaling": false, + "vnetSubnetID": "[variables('subnetRef')]" + } + ], + "servicePrincipalProfile": { + "clientId": "msi" + }, + "nodeResourceGroup": "[variables('nodeResourceGroup')]", + "networkProfile": { + "networkPlugin": "azure", + "loadBalancerSku": "standard" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]" + ] + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.ContainerService/managedClusters', parameters('clusterName'))]" + }, + "apiServerAddress": { + "type": "string", + "value": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('clusterName'))).fqdn]" + } + }, + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "17474268025115212399" + } + } } \ No newline at end of file diff --git a/docs/examples/101/aks/main.bicep b/docs/examples/101/aks/main.bicep index 77be27bb2fa..b824e0dbfa3 100644 --- a/docs/examples/101/aks/main.bicep +++ b/docs/examples/101/aks/main.bicep @@ -3,24 +3,22 @@ param dnsPrefix string param linuxAdminUsername string param sshRSAPublicKey string param servicePrincipalClientId string -param servicePrincipalClientSecret string { - secure: true -} + +@secure() +param servicePrincipalClientSecret string // optional params param clusterName string = 'aks101cluster' param location string = resourceGroup().location -param osDiskSizeGB int { - default: 0 // a value of zero means they will use the default value (which is 128 as of this writing) - minValue: 0 - maxValue: 1023 -} -param agentCount int { - default: 3 - minValue: 1 - maxValue: 50 -} +@minValue(0) +@maxValue(1023) +param osDiskSizeGB int = 0 + +@minValue(1) +@maxValue(50) +param agentCount int = 3 + param agentVMSize string = 'Standard_DS2_v2' // osType was a defaultValue with only one allowedValue, which seems strange?, could be a good TTK test diff --git a/docs/examples/101/aks/main.json b/docs/examples/101/aks/main.json index 3bb40010282..b1c87419421 100644 --- a/docs/examples/101/aks/main.json +++ b/docs/examples/101/aks/main.json @@ -1,93 +1,93 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "dnsPrefix": { - "type": "string" - }, - "linuxAdminUsername": { - "type": "string" - }, - "sshRSAPublicKey": { - "type": "string" - }, - "servicePrincipalClientId": { - "type": "string" - }, - "servicePrincipalClientSecret": { - "type": "secureString" - }, - "clusterName": { - "type": "string", - "defaultValue": "aks101cluster" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "osDiskSizeGB": { - "type": "int", - "minValue": 0, - "maxValue": 1023, - "defaultValue": 0 - }, - "agentCount": { - "type": "int", - "minValue": 1, - "maxValue": 50, - "defaultValue": 3 - }, - "agentVMSize": { - "type": "string", - "defaultValue": "Standard_DS2_v2" - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.ContainerService/managedClusters", - "apiVersion": "2020-09-01", - "name": "[parameters('clusterName')]", - "location": "[parameters('location')]", - "properties": { - "dnsPrefix": "[parameters('dnsPrefix')]", - "agentPoolProfiles": [ - { - "name": "agentpool", - "osDiskSizeGB": "[parameters('osDiskSizeGB')]", - "count": "[parameters('agentCount')]", - "vmSize": "[parameters('agentVMSize')]", - "osType": "Linux" - } - ], - "linuxProfile": { - "adminUsername": "[parameters('linuxAdminUsername')]", - "ssh": { - "publicKeys": [ - { - "keyData": "[parameters('sshRSAPublicKey')]" - } - ] - } - }, - "servicePrincipalProfile": { - "clientId": "[parameters('servicePrincipalClientId')]", - "secret": "[parameters('servicePrincipalClientSecret')]" - } - } - } - ], - "outputs": { - "controlPlaneFQDN": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('clusterName'))).fqdn]" - } - }, - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "10667377863269937066" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "dnsPrefix": { + "type": "string" + }, + "linuxAdminUsername": { + "type": "string" + }, + "sshRSAPublicKey": { + "type": "string" + }, + "servicePrincipalClientId": { + "type": "string" + }, + "servicePrincipalClientSecret": { + "type": "secureString" + }, + "clusterName": { + "type": "string", + "defaultValue": "aks101cluster" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "osDiskSizeGB": { + "type": "int", + "defaultValue": 0, + "maxValue": 1023, + "minValue": 0 + }, + "agentCount": { + "type": "int", + "defaultValue": 3, + "maxValue": 50, + "minValue": 1 + }, + "agentVMSize": { + "type": "string", + "defaultValue": "Standard_DS2_v2" + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.ContainerService/managedClusters", + "apiVersion": "2020-09-01", + "name": "[parameters('clusterName')]", + "location": "[parameters('location')]", + "properties": { + "dnsPrefix": "[parameters('dnsPrefix')]", + "agentPoolProfiles": [ + { + "name": "agentpool", + "osDiskSizeGB": "[parameters('osDiskSizeGB')]", + "count": "[parameters('agentCount')]", + "vmSize": "[parameters('agentVMSize')]", + "osType": "Linux" + } + ], + "linuxProfile": { + "adminUsername": "[parameters('linuxAdminUsername')]", + "ssh": { + "publicKeys": [ + { + "keyData": "[parameters('sshRSAPublicKey')]" + } + ] + } + }, + "servicePrincipalProfile": { + "clientId": "[parameters('servicePrincipalClientId')]", + "secret": "[parameters('servicePrincipalClientSecret')]" + } + } + } + ], + "outputs": { + "controlPlaneFQDN": { + "type": "string", + "value": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('clusterName'))).fqdn]" + } + }, + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "4675384475882014116" + } + } } \ No newline at end of file diff --git a/docs/examples/101/api-management-create-with-msi/main.bicep b/docs/examples/101/api-management-create-with-msi/main.bicep index 5ef7c52fd11..40d15c42002 100644 --- a/docs/examples/101/api-management-create-with-msi/main.bicep +++ b/docs/examples/101/api-management-create-with-msi/main.bicep @@ -1,19 +1,18 @@ -param publisherEmail string { - minLength: 1 -} -param publisherName string { - minLength: 1 -} -param sku string { - default: 'Developer' - allowed: [ - 'Consumption' - 'Developer' - 'Basic' - 'Standard' - 'Premium' - ] -} +@minLength(1) +param publisherEmail string + +@minLength(1) +param publisherName string + +@allowed([ + 'Consumption' + 'Developer' + 'Basic' + 'Standard' + 'Premium' +]) +param sku string = 'Developer' + param skuCount int = 1 param location string = resourceGroup().location diff --git a/docs/examples/101/application-gateway-v2-autoscale-create/main.bicep b/docs/examples/101/application-gateway-v2-autoscale-create/main.bicep index 0d2e455e03f..d1bde97199d 100644 --- a/docs/examples/101/application-gateway-v2-autoscale-create/main.bicep +++ b/docs/examples/101/application-gateway-v2-autoscale-create/main.bicep @@ -7,23 +7,21 @@ param minCapacity int = 2 param maxCapacity int = 10 param frontendPort int = 80 param backendPort int = 80 -param backendIPAddresses array { - default: [ - { - IpAddress: '10.0.0.4' - } - { - IpAddress: '10.0.0.5' - } - ] -} -param cookieBasedAffinity string { - default: 'Disabled' - allowed: [ - 'Enabled' - 'Disabled' - ] -} +param backendIPAddresses array = [ + { + IpAddress: '10.0.0.4' + } + { + IpAddress: '10.0.0.5' + } +] + +@allowed([ + 'Enabled' + 'Disabled' +]) +param cookieBasedAffinity string = 'Disabled' + param location string = resourceGroup().location var appGwPublicIpName = '${applicationGatewayName}-pip' diff --git a/docs/examples/101/azure-search-create/main.bicep b/docs/examples/101/azure-search-create/main.bicep index 123316612e9..ffc4375c0db 100644 --- a/docs/examples/101/azure-search-create/main.bicep +++ b/docs/examples/101/azure-search-create/main.bicep @@ -1,46 +1,37 @@ -param name string { - minLength: 2 - maxLength: 60 -} +@minLength(2) +@maxLength(60) +param name string -param sku string { - default: 'standard' - allowed: [ - 'free' - 'basic' - 'standard' - 'standard2' - 'standard3' - 'storage_optimized_l1' - 'storage_optimized_l2' - ] -} +@allowed([ + 'free' + 'basic' + 'standard' + 'standard2' + 'standard3' + 'storage_optimized_l1' + 'storage_optimized_l2' +]) +param sku string = 'standard' -param replicaCount int { - default: 1 - minValue: 1 - maxValue: 12 -} +@minValue(1) +@maxValue(12) +param replicaCount int = 1 -param partitionCount int { - default: 1 - allowed: [ - 1 - 2 - 3 - 4 - 6 - 12 - ] -} +@allowed([ + 1 + 2 + 3 + 4 + 6 + 12 +]) +param partitionCount int = 1 -param hostingMode string { - default: 'default' - allowed: [ - 'default' - 'highDensity' - ] -} +@allowed([ + 'default' + 'highDensity' +]) +param hostingMode string = 'default' param location string = resourceGroup().location diff --git a/docs/examples/101/azure-search-create/main.json b/docs/examples/101/azure-search-create/main.json index c231ee2432d..49661db0be6 100644 --- a/docs/examples/101/azure-search-create/main.json +++ b/docs/examples/101/azure-search-create/main.json @@ -1,78 +1,78 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "type": "string", - "minLength": 2, - "maxLength": 60 - }, - "sku": { - "type": "string", - "defaultValue": "standard", - "allowedValues": [ - "free", - "basic", - "standard", - "standard2", - "standard3", - "storage_optimized_l1", - "storage_optimized_l2" - ] - }, - "replicaCount": { - "type": "int", - "minValue": 1, - "maxValue": 12, - "defaultValue": 1 - }, - "partitionCount": { - "type": "int", - "defaultValue": 1, - "allowedValues": [ - 1, - 2, - 3, - 4, - 6, - 12 - ] - }, - "hostingMode": { - "type": "string", - "defaultValue": "default", - "allowedValues": [ - "default", - "highDensity" - ] - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Search/searchServices", - "apiVersion": "2020-08-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "sku": { - "name": "[parameters('sku')]" - }, - "properties": { - "replicaCount": "[parameters('replicaCount')]", - "partitionCount": "[parameters('partitionCount')]", - "hostingMode": "[parameters('hostingMode')]" - } - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "5694668277630810018" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "type": "string", + "maxLength": 60, + "minLength": 2 + }, + "sku": { + "type": "string", + "defaultValue": "standard", + "allowedValues": [ + "free", + "basic", + "standard", + "standard2", + "standard3", + "storage_optimized_l1", + "storage_optimized_l2" + ] + }, + "replicaCount": { + "type": "int", + "defaultValue": 1, + "maxValue": 12, + "minValue": 1 + }, + "partitionCount": { + "type": "int", + "defaultValue": 1, + "allowedValues": [ + 1, + 2, + 3, + 4, + 6, + 12 + ] + }, + "hostingMode": { + "type": "string", + "defaultValue": "default", + "allowedValues": [ + "default", + "highDensity" + ] + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Search/searchServices", + "apiVersion": "2020-08-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('sku')]" + }, + "properties": { + "replicaCount": "[parameters('replicaCount')]", + "partitionCount": "[parameters('partitionCount')]", + "hostingMode": "[parameters('hostingMode')]" + } + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "4423472138630897119" + } + } } \ No newline at end of file diff --git a/docs/examples/101/basic-batch-account/main.bicep b/docs/examples/101/basic-batch-account/main.bicep index 21d0bdb6ce4..686165af868 100644 --- a/docs/examples/101/basic-batch-account/main.bicep +++ b/docs/examples/101/basic-batch-account/main.bicep @@ -1,11 +1,10 @@ param batchAccountName string -param allocationMode string { - default: 'BatchService' - allowed: [ - 'BatchService' - 'UserSubscription' - ] -} + +@allowed([ + 'BatchService' + 'UserSubscription' +]) +param allocationMode string = 'BatchService' param location string = resourceGroup().location diff --git a/docs/examples/101/container-registry/main.bicep b/docs/examples/101/container-registry/main.bicep index 9743fb57ca4..32a78cc2acd 100644 --- a/docs/examples/101/container-registry/main.bicep +++ b/docs/examples/101/container-registry/main.bicep @@ -1,35 +1,22 @@ // params -param acrName string { - default: 'acr001${uniqueString(resourceGroup().id)}' // must be globally unique - metadata: { - description: 'Specifies the name of the azure container registry.' - } - minLength: 5 - maxLength: 50 -} -param acrAdminUserEnabled bool { - default: false - metadata: { - description: 'Enable admin user that have push / pull permission to the registry.' - } -} -param location string { - default: resourceGroup().location - metadata: { - description: 'Specifies the Azure location where the key vault should be created.' - } -} -param acrSku string { - default: 'Basic' - allowed: [ - 'Basic' - 'Standard' - 'Premium' - ] - metadata: { - 'description': 'Tier of your Azure Container Registry.' - } -} +@minLength(5) +@maxLength(50) +@description('Specifies the name of the azure container registry.') +param acrName string = 'acr001${uniqueString(resourceGroup().id)}' // must be globally unique + +@description('Enable admin user that have push / pull permission to the registry.') +param acrAdminUserEnabled bool = false + +@description('Specifies the Azure location where the key vault should be created.') +param location string = resourceGroup().location + +@allowed([ + 'Basic' + 'Standard' + 'Premium' +]) +@description('Tier of your Azure Container Registry.') +param acrSku string = 'Basic' // azure container registry resource acr 'Microsoft.ContainerRegistry/registries@2019-12-01-preview' = { diff --git a/docs/examples/101/container-registry/main.json b/docs/examples/101/container-registry/main.json index 00c309d2295..fb7b96b30e1 100644 --- a/docs/examples/101/container-registry/main.json +++ b/docs/examples/101/container-registry/main.json @@ -1,69 +1,69 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "acrName": { - "type": "string", - "minLength": 5, - "maxLength": 50, - "metadata": { - "description": "Specifies the name of the azure container registry." - }, - "defaultValue": "[format('acr001{0}', uniqueString(resourceGroup().id))]" - }, - "acrAdminUserEnabled": { - "type": "bool", - "metadata": { - "description": "Enable admin user that have push / pull permission to the registry." - }, - "defaultValue": false - }, - "location": { - "type": "string", - "metadata": { - "description": "Specifies the Azure location where the key vault should be created." - }, - "defaultValue": "[resourceGroup().location]" - }, - "acrSku": { - "type": "string", - "metadata": { - "description": "Tier of your Azure Container Registry." - }, - "defaultValue": "Basic", - "allowedValues": [ - "Basic", - "Standard", - "Premium" - ] - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.ContainerRegistry/registries", - "apiVersion": "2019-12-01-preview", - "name": "[parameters('acrName')]", - "location": "[parameters('location')]", - "sku": { - "name": "[parameters('acrSku')]" - }, - "properties": { - "adminUserEnabled": "[parameters('acrAdminUserEnabled')]" - } - } - ], - "outputs": { - "acrLoginServer": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ContainerRegistry/registries', parameters('acrName'))).loginServer]" - } - }, - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "1715386603072736945" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "acrName": { + "type": "string", + "defaultValue": "[format('acr001{0}', uniqueString(resourceGroup().id))]", + "metadata": { + "description": "Specifies the name of the azure container registry." + }, + "maxLength": 50, + "minLength": 5 + }, + "acrAdminUserEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Enable admin user that have push / pull permission to the registry." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Specifies the Azure location where the key vault should be created." + } + }, + "acrSku": { + "type": "string", + "defaultValue": "Basic", + "metadata": { + "description": "Tier of your Azure Container Registry." + }, + "allowedValues": [ + "Basic", + "Standard", + "Premium" + ] + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.ContainerRegistry/registries", + "apiVersion": "2019-12-01-preview", + "name": "[parameters('acrName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('acrSku')]" + }, + "properties": { + "adminUserEnabled": "[parameters('acrAdminUserEnabled')]" + } + } + ], + "outputs": { + "acrLoginServer": { + "type": "string", + "value": "[reference(resourceId('Microsoft.ContainerRegistry/registries', parameters('acrName'))).loginServer]" + } + }, + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "3888070285960884108" + } + } } \ No newline at end of file diff --git a/docs/examples/101/cosmosdb-private-endpoint/main.bicep b/docs/examples/101/cosmosdb-private-endpoint/main.bicep index 4f66aa596ee..2e4c440fd02 100644 --- a/docs/examples/101/cosmosdb-private-endpoint/main.bicep +++ b/docs/examples/101/cosmosdb-private-endpoint/main.bicep @@ -1,13 +1,13 @@ param location string = resourceGroup().location param virtualNetworkName string = 'Vnet' param accountName string -param publicNetworkAccess string { - default: 'Enabled' - allowed: [ - 'Enabled' - 'Disabled' - ] -} + +@allowed([ + 'Enabled' + 'Disabled' +]) +param publicNetworkAccess string = 'Enabled' + param privateEndpointName string resource virtualNetwork 'Microsoft.Network/virtualNetworks@2020-06-01' = { diff --git a/docs/examples/101/cosmosdb-webapp/main.bicep b/docs/examples/101/cosmosdb-webapp/main.bicep index 0739fc7a357..dabdbf55290 100644 --- a/docs/examples/101/cosmosdb-webapp/main.bicep +++ b/docs/examples/101/cosmosdb-webapp/main.bicep @@ -1,32 +1,27 @@ -param applicationName string { - default: 'to-do-app${uniqueString(resourceGroup().id)}' - maxLength: 30 -} +@maxLength(30) +param applicationName string = 'to-do-app${uniqueString(resourceGroup().id)}' + param location string = resourceGroup().location -param appServicePlanTier string { - default: 'F1' - allowed: [ - 'F1' - 'D1' - 'B1' - 'B2' - 'B3' - 'S1' - 'S2' - 'S3' - 'P1' - 'P2' - 'P3' - 'P4' - ] -} +@allowed([ + 'F1' + 'D1' + 'B1' + 'B2' + 'B3' + 'S1' + 'S2' + 'S3' + 'P1' + 'P2' + 'P3' + 'P4' +]) +param appServicePlanTier string = 'F1' -param appServicePlanInstances int { - default: 1 - minValue: 1 - maxValue: 3 -} +@minValue(1) +@maxValue(3) +param appServicePlanInstances int = 1 param repositoryUrl string = 'https://github.com/Azure-Samples/cosmos-dotnet-core-todo-app.git' param branch string = 'master' diff --git a/docs/examples/101/cosmosdb-webapp/main.json b/docs/examples/101/cosmosdb-webapp/main.json index 303ad80ffa0..8cc5f86c89c 100644 --- a/docs/examples/101/cosmosdb-webapp/main.json +++ b/docs/examples/101/cosmosdb-webapp/main.json @@ -1,147 +1,147 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "applicationName": { - "type": "string", - "maxLength": 30, - "defaultValue": "[format('to-do-app{0}', uniqueString(resourceGroup().id))]" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "appServicePlanTier": { - "type": "string", - "defaultValue": "F1", - "allowedValues": [ - "F1", - "D1", - "B1", - "B2", - "B3", - "S1", - "S2", - "S3", - "P1", - "P2", - "P3", - "P4" - ] - }, - "appServicePlanInstances": { - "type": "int", - "minValue": 1, - "maxValue": 3, - "defaultValue": 1 - }, - "repositoryUrl": { - "type": "string", - "defaultValue": "https://github.com/Azure-Samples/cosmos-dotnet-core-todo-app.git" - }, - "branch": { - "type": "string", - "defaultValue": "master" - }, - "databaseName": { - "type": "string", - "defaultValue": "Tasks" - }, - "containerName": { - "type": "string", - "defaultValue": "Items" - } - }, - "functions": [], - "variables": { - "cosmosAccountName": "[toLower(parameters('applicationName'))]", - "websiteName": "[parameters('applicationName')]", - "hostingPlanName": "[parameters('applicationName')]" - }, - "resources": [ - { - "type": "Microsoft.DocumentDB/databaseAccounts", - "apiVersion": "2020-04-01", - "name": "[variables('cosmosAccountName')]", - "location": "[parameters('location')]", - "kind": "GlobalDocumentDB", - "properties": { - "consistencyPolicy": { - "defaultConsistencyLevel": "Session" - }, - "locations": [ - { - "locationName": "[parameters('location')]", - "failoverPriority": 0, - "isZoneRedundant": false - } - ], - "databaseAccountOfferType": "Standard" - } - }, - { - "type": "Microsoft.Web/serverfarms", - "apiVersion": "2020-06-01", - "name": "[variables('hostingPlanName')]", - "location": "[parameters('location')]", - "sku": { - "name": "[parameters('appServicePlanTier')]", - "capacity": "[parameters('appServicePlanInstances')]" - }, - "properties": {} - }, - { - "type": "Microsoft.Web/sites", - "apiVersion": "2020-06-01", - "name": "[variables('websiteName')]", - "location": "[parameters('location')]", - "properties": { - "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]", - "siteConfig": { - "appSettings": [ - { - "name": "CosmosDb:Account", - "value": "[reference(resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName'))).documentEndpoint]" - }, - { - "name": "CosmosDb:Key", - "value": "[listKeys(resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName')), '2020-04-01').primaryMasterKey]" - }, - { - "name": "CosmosDb:DatabaseName", - "value": "[parameters('databaseName')]" - }, - { - "name": "CosmosDb:ContainerName", - "value": "[parameters('containerName')]" - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName'))]", - "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]" - ] - }, - { - "type": "Microsoft.Web/sites/sourcecontrols", - "apiVersion": "2020-06-01", - "name": "[format('{0}/web', variables('websiteName'))]", - "properties": { - "repoUrl": "[parameters('repositoryUrl')]", - "branch": "[parameters('branch')]", - "isManualIntegration": true - }, - "dependsOn": [ - "[resourceId('Microsoft.Web/sites', variables('websiteName'))]" - ] - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "14242616916823247017" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "applicationName": { + "type": "string", + "defaultValue": "[format('to-do-app{0}', uniqueString(resourceGroup().id))]", + "maxLength": 30 + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "appServicePlanTier": { + "type": "string", + "defaultValue": "F1", + "allowedValues": [ + "F1", + "D1", + "B1", + "B2", + "B3", + "S1", + "S2", + "S3", + "P1", + "P2", + "P3", + "P4" + ] + }, + "appServicePlanInstances": { + "type": "int", + "defaultValue": 1, + "maxValue": 3, + "minValue": 1 + }, + "repositoryUrl": { + "type": "string", + "defaultValue": "https://github.com/Azure-Samples/cosmos-dotnet-core-todo-app.git" + }, + "branch": { + "type": "string", + "defaultValue": "master" + }, + "databaseName": { + "type": "string", + "defaultValue": "Tasks" + }, + "containerName": { + "type": "string", + "defaultValue": "Items" + } + }, + "functions": [], + "variables": { + "cosmosAccountName": "[toLower(parameters('applicationName'))]", + "websiteName": "[parameters('applicationName')]", + "hostingPlanName": "[parameters('applicationName')]" + }, + "resources": [ + { + "type": "Microsoft.DocumentDB/databaseAccounts", + "apiVersion": "2020-04-01", + "name": "[variables('cosmosAccountName')]", + "location": "[parameters('location')]", + "kind": "GlobalDocumentDB", + "properties": { + "consistencyPolicy": { + "defaultConsistencyLevel": "Session" + }, + "locations": [ + { + "locationName": "[parameters('location')]", + "failoverPriority": 0, + "isZoneRedundant": false + } + ], + "databaseAccountOfferType": "Standard" + } + }, + { + "type": "Microsoft.Web/serverfarms", + "apiVersion": "2020-06-01", + "name": "[variables('hostingPlanName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('appServicePlanTier')]", + "capacity": "[parameters('appServicePlanInstances')]" + }, + "properties": {} + }, + { + "type": "Microsoft.Web/sites", + "apiVersion": "2020-06-01", + "name": "[variables('websiteName')]", + "location": "[parameters('location')]", + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]", + "siteConfig": { + "appSettings": [ + { + "name": "CosmosDb:Account", + "value": "[reference(resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName'))).documentEndpoint]" + }, + { + "name": "CosmosDb:Key", + "value": "[listKeys(resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName')), '2020-04-01').primaryMasterKey]" + }, + { + "name": "CosmosDb:DatabaseName", + "value": "[parameters('databaseName')]" + }, + { + "name": "CosmosDb:ContainerName", + "value": "[parameters('containerName')]" + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName'))]", + "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]" + ] + }, + { + "type": "Microsoft.Web/sites/sourcecontrols", + "apiVersion": "2020-06-01", + "name": "[format('{0}/web', variables('websiteName'))]", + "properties": { + "repoUrl": "[parameters('repositoryUrl')]", + "branch": "[parameters('branch')]", + "isManualIntegration": true + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/sites', variables('websiteName'))]" + ] + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "8006046741903683744" + } + } } \ No newline at end of file diff --git a/docs/examples/101/databricks-all-in-one-template-for-vnet-injection/main.bicep b/docs/examples/101/databricks-all-in-one-template-for-vnet-injection/main.bicep index 7b6aca11af4..0626d7a4cd7 100644 --- a/docs/examples/101/databricks-all-in-one-template-for-vnet-injection/main.bicep +++ b/docs/examples/101/databricks-all-in-one-template-for-vnet-injection/main.bicep @@ -3,13 +3,13 @@ param vnetName string = 'databricks-vnet' param workspaceName string param privateSubnetName string = 'private-subnet' param publicSubnetName string = 'public-subnet' -param pricingTier string { - default: 'premium' - allowed: [ - 'standard' - 'premium' - ] -} + +@allowed([ + 'standard' + 'premium' +]) +param pricingTier string = 'premium' + param location string = resourceGroup().location param vnetCidr string = '10.179.0.0/16' param privateSubnetCidr string = '10.179.0.0/18' diff --git a/docs/examples/101/databricks-workspace/main.bicep b/docs/examples/101/databricks-workspace/main.bicep index 4f9f806feee..93099cd30c3 100644 --- a/docs/examples/101/databricks-workspace/main.bicep +++ b/docs/examples/101/databricks-workspace/main.bicep @@ -1,11 +1,11 @@ param workspaceName string -param pricingTier string { - default: 'premium' - allowed: [ - 'standard' - 'premium' - ] -} + +@allowed([ + 'standard' + 'premium' +]) +param pricingTier string = 'premium' + param location string = resourceGroup().location var managedResourceGroupName = 'databricks-rg-${workspaceName}-${uniqueString(workspaceName, resourceGroup().id)}' diff --git a/docs/examples/101/expressroute-circuit-create/main.bicep b/docs/examples/101/expressroute-circuit-create/main.bicep index a67fb0d2212..a83ef2472e6 100644 --- a/docs/examples/101/expressroute-circuit-create/main.bicep +++ b/docs/examples/101/expressroute-circuit-create/main.bicep @@ -2,20 +2,19 @@ param circuitName string param serviceProviderName string param peeringLocation string param bandwidthInMbps int -param skuTier string { - default: 'Standard' - allowed: [ - 'Standard' - 'Premium' - ] -} -param skuFamily string { - default: 'MeteredData' - allowed: [ - 'MeteredData' - 'UnlimitedData' - ] -} + +@allowed([ + 'Standard' + 'Premium' +]) +param skuTier string = 'Standard' + +@allowed([ + 'MeteredData' + 'UnlimitedData' +]) +param skuFamily string = 'MeteredData' + param location string = resourceGroup().location resource circuit 'Microsoft.Network/expressRouteCircuits@2020-06-01' = { diff --git a/docs/examples/101/function-premium-vnet-integration/main.bicep b/docs/examples/101/function-premium-vnet-integration/main.bicep index cc3d9e6c294..3c2e071ddd1 100644 --- a/docs/examples/101/function-premium-vnet-integration/main.bicep +++ b/docs/examples/101/function-premium-vnet-integration/main.bicep @@ -1,14 +1,14 @@ param location string = resourceGroup().location param runtime string = 'node' param applicationName string = 'app${uniqueString(resourceGroup().name)}' -param storageAccountType string { - default: 'Standard_LRS' - allowed: [ - 'Standard_LRS' - 'Standard_GRS' - 'Standard_RAGRS' - ] -} + +@allowed([ + 'Standard_LRS' + 'Standard_GRS' + 'Standard_RAGRS' +]) +param storageAccountType string = 'Standard_LRS' + param vnetName string param subnetName string diff --git a/docs/examples/101/hdinsight-spark-linux/main.bicep b/docs/examples/101/hdinsight-spark-linux/main.bicep index 79da41be7b1..9f77f6ef155 100644 --- a/docs/examples/101/hdinsight-spark-linux/main.bicep +++ b/docs/examples/101/hdinsight-spark-linux/main.bicep @@ -1,42 +1,43 @@ param clusterName string param clusterLoginUserName string -param clusterLoginPassword string { - minLength: 10 - secure: true -} + +@minLength(10) +@secure() +param clusterLoginPassword string + param sshUserName string -param sshPassword string { - minLength: 6 - maxLength: 72 - secure: true -} + +@minLength(6) +@maxLength(72) +@secure() +param sshPassword string + param location string = resourceGroup().location -param headNodeVirtualMachineSize string { - allowed: [ - 'Standard_A4_v2' - 'Standard_A8_v2' - 'Standard_D3_v2' - 'Standard_D4_v2' - 'Standard_D5_v2' - 'Standard_D12_v2' - 'Standard_D13_v2' - ] - default: 'Standard_D3_v2' -} -param workerNodeVirtualMachineSize string { - allowed: [ - 'Standard_A4_v2' - 'Standard_A8_v2' - 'Standard_D1_v2' - 'Standard_D2_v2' - 'Standard_D3_v2' - 'Standard_D4_v2' - 'Standard_D5_v2' - 'Standard_D12_v2' - 'Standard_D13_v2' - ] - default: 'Standard_D3_v2' -} + +@allowed([ + 'Standard_A4_v2' + 'Standard_A8_v2' + 'Standard_D3_v2' + 'Standard_D4_v2' + 'Standard_D5_v2' + 'Standard_D12_v2' + 'Standard_D13_v2' +]) +param headNodeVirtualMachineSize string = 'Standard_D3_v2' + +@allowed([ + 'Standard_A4_v2' + 'Standard_A8_v2' + 'Standard_D1_v2' + 'Standard_D2_v2' + 'Standard_D3_v2' + 'Standard_D4_v2' + 'Standard_D5_v2' + 'Standard_D12_v2' + 'Standard_D13_v2' +]) +param workerNodeVirtualMachineSize string = 'Standard_D3_v2' + resource defaultStorageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' = { name: 'storage${uniqueString(resourceGroup().id)}' location: location diff --git a/docs/examples/101/hdinsight-spark-linux/main.json b/docs/examples/101/hdinsight-spark-linux/main.json index 05dce942740..ae388a3cf51 100644 --- a/docs/examples/101/hdinsight-spark-linux/main.json +++ b/docs/examples/101/hdinsight-spark-linux/main.json @@ -1,150 +1,150 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "clusterName": { - "type": "string" - }, - "clusterLoginUserName": { - "type": "string" - }, - "clusterLoginPassword": { - "type": "secureString", - "minLength": 10 - }, - "sshUserName": { - "type": "string" - }, - "sshPassword": { - "type": "secureString", - "minLength": 6, - "maxLength": 72 - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "headNodeVirtualMachineSize": { - "type": "string", - "defaultValue": "Standard_D3_v2", - "allowedValues": [ - "Standard_A4_v2", - "Standard_A8_v2", - "Standard_D3_v2", - "Standard_D4_v2", - "Standard_D5_v2", - "Standard_D12_v2", - "Standard_D13_v2" - ] - }, - "workerNodeVirtualMachineSize": { - "type": "string", - "defaultValue": "Standard_D3_v2", - "allowedValues": [ - "Standard_A4_v2", - "Standard_A8_v2", - "Standard_D1_v2", - "Standard_D2_v2", - "Standard_D3_v2", - "Standard_D4_v2", - "Standard_D5_v2", - "Standard_D12_v2", - "Standard_D13_v2" - ] - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2019-06-01", - "name": "[format('storage{0}', uniqueString(resourceGroup().id))]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard_LRS" - }, - "kind": "StorageV2" - }, - { - "type": "Microsoft.HDInsight/clusters", - "apiVersion": "2018-06-01-preview", - "name": "[parameters('clusterName')]", - "location": "[parameters('location')]", - "properties": { - "clusterVersion": "3.6", - "osType": "Linux", - "tier": "Standard", - "clusterDefinition": { - "kind": "spark", - "configurations": { - "gateway": { - "restAuthCredential.isEnabled": true, - "restAuthCredential.username": "[parameters('clusterLoginUserName')]", - "restAuthCredential.password": "[parameters('clusterLoginPassword')]" - } - } - }, - "storageProfile": { - "storageaccounts": [ - { - "name": "[replace(replace(reference(resourceId('Microsoft.Storage/storageAccounts', format('storage{0}', uniqueString(resourceGroup().id)))).primaryEndpoints.blob, 'https://', ''), '/', '')]", - "isDefault": true, - "container": "[parameters('clusterName')]", - "key": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', format('storage{0}', uniqueString(resourceGroup().id))), '2019-06-01').keys[0].value]" - } - ] - }, - "computeProfile": { - "roles": [ - { - "name": "headnode", - "targetInstanceCount": 2, - "hardwareProfile": { - "vmSize": "[parameters('headNodeVirtualMachineSize')]" - }, - "osProfile": { - "linuxOperatingSystemProfile": { - "username": "[parameters('sshUserName')]", - "password": "[parameters('sshPassword')]" - } - } - }, - { - "name": "workernode", - "targetInstanceCount": 2, - "hardwareProfile": { - "vmSize": "[parameters('workerNodeVirtualMachineSize')]" - }, - "osProfile": { - "linuxOperatingSystemProfile": { - "username": "[parameters('sshUserName')]", - "password": "[parameters('sshPassword')]" - } - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', format('storage{0}', uniqueString(resourceGroup().id)))]" - ] - } - ], - "outputs": { - "storageOutput": { - "type": "object", - "value": "[reference(resourceId('Microsoft.Storage/storageAccounts', format('storage{0}', uniqueString(resourceGroup().id))))]" - }, - "clusterOutput": { - "type": "object", - "value": "[reference(resourceId('Microsoft.HDInsight/clusters', parameters('clusterName')))]" - } - }, - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "3663460412733172607" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "clusterName": { + "type": "string" + }, + "clusterLoginUserName": { + "type": "string" + }, + "clusterLoginPassword": { + "type": "secureString", + "minLength": 10 + }, + "sshUserName": { + "type": "string" + }, + "sshPassword": { + "type": "secureString", + "maxLength": 72, + "minLength": 6 + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "headNodeVirtualMachineSize": { + "type": "string", + "defaultValue": "Standard_D3_v2", + "allowedValues": [ + "Standard_A4_v2", + "Standard_A8_v2", + "Standard_D3_v2", + "Standard_D4_v2", + "Standard_D5_v2", + "Standard_D12_v2", + "Standard_D13_v2" + ] + }, + "workerNodeVirtualMachineSize": { + "type": "string", + "defaultValue": "Standard_D3_v2", + "allowedValues": [ + "Standard_A4_v2", + "Standard_A8_v2", + "Standard_D1_v2", + "Standard_D2_v2", + "Standard_D3_v2", + "Standard_D4_v2", + "Standard_D5_v2", + "Standard_D12_v2", + "Standard_D13_v2" + ] + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2019-06-01", + "name": "[format('storage{0}', uniqueString(resourceGroup().id))]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard_LRS" + }, + "kind": "StorageV2" + }, + { + "type": "Microsoft.HDInsight/clusters", + "apiVersion": "2018-06-01-preview", + "name": "[parameters('clusterName')]", + "location": "[parameters('location')]", + "properties": { + "clusterVersion": "3.6", + "osType": "Linux", + "tier": "Standard", + "clusterDefinition": { + "kind": "spark", + "configurations": { + "gateway": { + "restAuthCredential.isEnabled": true, + "restAuthCredential.username": "[parameters('clusterLoginUserName')]", + "restAuthCredential.password": "[parameters('clusterLoginPassword')]" + } + } + }, + "storageProfile": { + "storageaccounts": [ + { + "name": "[replace(replace(reference(resourceId('Microsoft.Storage/storageAccounts', format('storage{0}', uniqueString(resourceGroup().id)))).primaryEndpoints.blob, 'https://', ''), '/', '')]", + "isDefault": true, + "container": "[parameters('clusterName')]", + "key": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', format('storage{0}', uniqueString(resourceGroup().id))), '2019-06-01').keys[0].value]" + } + ] + }, + "computeProfile": { + "roles": [ + { + "name": "headnode", + "targetInstanceCount": 2, + "hardwareProfile": { + "vmSize": "[parameters('headNodeVirtualMachineSize')]" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "[parameters('sshUserName')]", + "password": "[parameters('sshPassword')]" + } + } + }, + { + "name": "workernode", + "targetInstanceCount": 2, + "hardwareProfile": { + "vmSize": "[parameters('workerNodeVirtualMachineSize')]" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "[parameters('sshUserName')]", + "password": "[parameters('sshPassword')]" + } + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', format('storage{0}', uniqueString(resourceGroup().id)))]" + ] + } + ], + "outputs": { + "storageOutput": { + "type": "object", + "value": "[reference(resourceId('Microsoft.Storage/storageAccounts', format('storage{0}', uniqueString(resourceGroup().id))))]" + }, + "clusterOutput": { + "type": "object", + "value": "[reference(resourceId('Microsoft.HDInsight/clusters', parameters('clusterName')))]" + } + }, + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "13254724976206361615" + } + } } \ No newline at end of file diff --git a/docs/examples/101/key-vault-secret-only/main.bicep b/docs/examples/101/key-vault-secret-only/main.bicep index b58157a51cf..d292b8b832a 100644 --- a/docs/examples/101/key-vault-secret-only/main.bicep +++ b/docs/examples/101/key-vault-secret-only/main.bicep @@ -1,9 +1,9 @@ // assumes key vault is in same subscription and rg as deployment param existingKeyVaultName string param secretName string = 'superSecretPassword' -param secretValue string { - secure: true -} + +@secure() +param secretValue string resource secret 'Microsoft.KeyVault/vaults/secrets@2019-09-01' = { name: '${existingKeyVaultName}/${secretName}' diff --git a/docs/examples/101/sql-database/main.bicep b/docs/examples/101/sql-database/main.bicep index 2bd4964f2a9..4b86b106f52 100644 --- a/docs/examples/101/sql-database/main.bicep +++ b/docs/examples/101/sql-database/main.bicep @@ -2,9 +2,9 @@ param serverName string = uniqueString('sql', resourceGroup().id) param sqlDBName string = 'SampleDB' param location string = resourceGroup().location param administratorLogin string -param administratorLoginPassword string { - secure: true -} + +@secure() +param administratorLoginPassword string resource server 'Microsoft.Sql/servers@2019-06-01-preview' = { name: serverName diff --git a/docs/examples/101/sqlmi-new-vnet/main.bicep b/docs/examples/101/sqlmi-new-vnet/main.bicep index f4c5092867a..dc046772bf6 100644 --- a/docs/examples/101/sqlmi-new-vnet/main.bicep +++ b/docs/examples/101/sqlmi-new-vnet/main.bicep @@ -1,37 +1,35 @@ param managedInstanceName string param adminLogin string -param adminPassword string { - secure: true -} + +@secure() +param adminPassword string + param location string = resourceGroup().location param virtualNetworkName string = 'vnet-01' param virtualNetworkPrefix string = '10.0.0.0/16' param subnetName string = 'subnet-01' param subnetPrefix string = '10.0.0.0/24' -param skuName string { - allowed: [ - 'GP_Gen5' - 'BC_Gen5' - ] - default: 'GP_Gen5' -} -param vCores int { - allowed: [ - 8 - 16 - 24 - 32 - 40 - 64 - 80 - ] - default: 8 -} -param storageSizeInGB int { - minValue: 32 - maxValue: 8192 - default: 256 -} + +@allowed([ + 'GP_Gen5' + 'BC_Gen5' +]) +param skuName string = 'GP_Gen5' + +@allowed([ + 8 + 16 + 24 + 32 + 40 + 64 + 80 +]) +param vCores int = 8 + +@minValue(32) +@maxValue(8192) +param storageSizeInGB int = 256 var networkSecurityGroupName = '${managedInstanceName}-nsg' var routeTableName = '${managedInstanceName}-routetable' diff --git a/docs/examples/101/sqlmi-new-vnet/main.json b/docs/examples/101/sqlmi-new-vnet/main.json index b3a22cd05fb..d938c58fbb1 100644 --- a/docs/examples/101/sqlmi-new-vnet/main.json +++ b/docs/examples/101/sqlmi-new-vnet/main.json @@ -1,213 +1,213 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "managedInstanceName": { - "type": "string" - }, - "adminLogin": { - "type": "string" - }, - "adminPassword": { - "type": "secureString" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "virtualNetworkName": { - "type": "string", - "defaultValue": "vnet-01" - }, - "virtualNetworkPrefix": { - "type": "string", - "defaultValue": "10.0.0.0/16" - }, - "subnetName": { - "type": "string", - "defaultValue": "subnet-01" - }, - "subnetPrefix": { - "type": "string", - "defaultValue": "10.0.0.0/24" - }, - "skuName": { - "type": "string", - "defaultValue": "GP_Gen5", - "allowedValues": [ - "GP_Gen5", - "BC_Gen5" - ] - }, - "vCores": { - "type": "int", - "defaultValue": 8, - "allowedValues": [ - 8, - 16, - 24, - 32, - 40, - 64, - 80 - ] - }, - "storageSizeInGB": { - "type": "int", - "minValue": 32, - "maxValue": 8192, - "defaultValue": 256 - } - }, - "functions": [], - "variables": { - "networkSecurityGroupName": "[format('{0}-nsg', parameters('managedInstanceName'))]", - "routeTableName": "[format('{0}-routetable', parameters('managedInstanceName'))]" - }, - "resources": [ - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2020-06-01", - "name": "[variables('networkSecurityGroupName')]", - "location": "[parameters('location')]", - "properties": { - "securityRules": [ - { - "name": "allow_tds_inbound", - "properties": { - "description": "Allow access to data", - "protocol": "Tcp", - "sourcePortRange": "*", - "destinationPortRange": "1433", - "sourceAddressPrefix": "VirtualNetwork", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 1000, - "direction": "Inbound" - } - }, - { - "name": "allow_redirect_inbound", - "properties": { - "description": "Allow inbound redirect traffic to Managed Instance inside the virtual network", - "protocol": "Tcp", - "sourcePortRange": "*", - "destinationPortRange": "11000-11999", - "sourceAddressPrefix": "VirtualNetwork", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 1100, - "direction": "Inbound" - } - }, - { - "name": "deny_all_inbound", - "properties": { - "description": "Deny all other inbound traffic", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Deny", - "priority": 4096, - "direction": "Inbound" - } - }, - { - "name": "deny_all_outbound", - "properties": { - "description": "Deny all other outbound traffic", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Deny", - "priority": 4096, - "direction": "Outbound" - } - } - ] - } - }, - { - "type": "Microsoft.Network/routeTables", - "apiVersion": "2020-06-01", - "name": "[variables('routeTableName')]", - "location": "[parameters('location')]", - "properties": { - "disableBgpRoutePropagation": false - } - }, - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2020-06-01", - "name": "[parameters('virtualNetworkName')]", - "location": "[parameters('location')]", - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[parameters('virtualNetworkPrefix')]" - ] - } - } - }, - { - "type": "Microsoft.Network/virtualNetworks/subnets", - "apiVersion": "2020-06-01", - "name": "[parameters('subnetName')]", - "properties": { - "addressPrefix": "[parameters('subnetPrefix')]", - "routeTable": { - "id": "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]" - }, - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" - }, - "delegations": [ - { - "name": "managedInstanceDelegation", - "properties": { - "serviceName": "Microsoft.Sql/managedInstances" - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]", - "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]" - ] - }, - { - "type": "Microsoft.Sql/managedInstances", - "apiVersion": "2020-02-02-preview", - "name": "[parameters('managedInstanceName')]", - "location": "[parameters('location')]", - "sku": { - "name": "[parameters('skuName')]" - }, - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "administratorLogin": "[parameters('adminLogin')]", - "administratorLoginPassword": "[parameters('adminPassword')]", - "subnetId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(parameters('subnetName'), '/')[0], split(parameters('subnetName'), '/')[1])]", - "storageSizeInGB": "[parameters('storageSizeInGB')]", - "vCores": "[parameters('vCores')]", - "licenseType": "LicenseIncluded" - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(parameters('subnetName'), '/')[0], split(parameters('subnetName'), '/')[1])]" - ] - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "12534528881795377871" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "managedInstanceName": { + "type": "string" + }, + "adminLogin": { + "type": "string" + }, + "adminPassword": { + "type": "secureString" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "virtualNetworkName": { + "type": "string", + "defaultValue": "vnet-01" + }, + "virtualNetworkPrefix": { + "type": "string", + "defaultValue": "10.0.0.0/16" + }, + "subnetName": { + "type": "string", + "defaultValue": "subnet-01" + }, + "subnetPrefix": { + "type": "string", + "defaultValue": "10.0.0.0/24" + }, + "skuName": { + "type": "string", + "defaultValue": "GP_Gen5", + "allowedValues": [ + "GP_Gen5", + "BC_Gen5" + ] + }, + "vCores": { + "type": "int", + "defaultValue": 8, + "allowedValues": [ + 8, + 16, + 24, + 32, + 40, + 64, + 80 + ] + }, + "storageSizeInGB": { + "type": "int", + "defaultValue": 256, + "maxValue": 8192, + "minValue": 32 + } + }, + "functions": [], + "variables": { + "networkSecurityGroupName": "[format('{0}-nsg', parameters('managedInstanceName'))]", + "routeTableName": "[format('{0}-routetable', parameters('managedInstanceName'))]" + }, + "resources": [ + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2020-06-01", + "name": "[variables('networkSecurityGroupName')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": [ + { + "name": "allow_tds_inbound", + "properties": { + "description": "Allow access to data", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "1433", + "sourceAddressPrefix": "VirtualNetwork", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 1000, + "direction": "Inbound" + } + }, + { + "name": "allow_redirect_inbound", + "properties": { + "description": "Allow inbound redirect traffic to Managed Instance inside the virtual network", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "11000-11999", + "sourceAddressPrefix": "VirtualNetwork", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 1100, + "direction": "Inbound" + } + }, + { + "name": "deny_all_inbound", + "properties": { + "description": "Deny all other inbound traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 4096, + "direction": "Inbound" + } + }, + { + "name": "deny_all_outbound", + "properties": { + "description": "Deny all other outbound traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 4096, + "direction": "Outbound" + } + } + ] + } + }, + { + "type": "Microsoft.Network/routeTables", + "apiVersion": "2020-06-01", + "name": "[variables('routeTableName')]", + "location": "[parameters('location')]", + "properties": { + "disableBgpRoutePropagation": false + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2020-06-01", + "name": "[parameters('virtualNetworkName')]", + "location": "[parameters('location')]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('virtualNetworkPrefix')]" + ] + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks/subnets", + "apiVersion": "2020-06-01", + "name": "[parameters('subnetName')]", + "properties": { + "addressPrefix": "[parameters('subnetPrefix')]", + "routeTable": { + "id": "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]" + }, + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" + }, + "delegations": [ + { + "name": "managedInstanceDelegation", + "properties": { + "serviceName": "Microsoft.Sql/managedInstances" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]", + "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]" + ] + }, + { + "type": "Microsoft.Sql/managedInstances", + "apiVersion": "2020-02-02-preview", + "name": "[parameters('managedInstanceName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('skuName')]" + }, + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "administratorLogin": "[parameters('adminLogin')]", + "administratorLoginPassword": "[parameters('adminPassword')]", + "subnetId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(parameters('subnetName'), '/')[0], split(parameters('subnetName'), '/')[1])]", + "storageSizeInGB": "[parameters('storageSizeInGB')]", + "vCores": "[parameters('vCores')]", + "licenseType": "LicenseIncluded" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(parameters('subnetName'), '/')[0], split(parameters('subnetName'), '/')[1])]" + ] + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "3486813932302788383" + } + } } \ No newline at end of file diff --git a/docs/examples/101/storage-static-website/main.bicep b/docs/examples/101/storage-static-website/main.bicep index 47aa931ecb9..1614fe9ec4b 100644 --- a/docs/examples/101/storage-static-website/main.bicep +++ b/docs/examples/101/storage-static-website/main.bicep @@ -4,14 +4,15 @@ param location string param accountName string -param skuName string { - allowed: [ - 'Standard_LRS' - 'Standard_GRS' - 'Standard_ZRS' - 'Premium_LRS' - ] -} + +@allowed([ + 'Standard_LRS' + 'Standard_GRS' + 'Standard_ZRS' + 'Premium_LRS' +]) +param skuName string + param deploymentScriptTimestamp string = utcNow() param indexDocument string = 'index.html' param errorDocument404Path string = 'error.html' diff --git a/docs/examples/101/vm-simple-linux/main.bicep b/docs/examples/101/vm-simple-linux/main.bicep index 207ef162e23..7667cc9fb5f 100644 --- a/docs/examples/101/vm-simple-linux/main.bicep +++ b/docs/examples/101/vm-simple-linux/main.bicep @@ -5,13 +5,12 @@ param vmName string = 'simpleLinuxVM' param adminUsername string // Type of authentication to use on the Virtual Machine. SSH key is recommended. -param authenticationType string { - default: 'password' - allowed: [ - 'sshPublicKey' - 'password' - ] -} + +@allowed([ + 'sshPublicKey' + 'password' +]) +param authenticationType string = 'password' // SSH Key or password for the Virtual Machine. SSH key is recommended. param adminPasswordOrKey string @@ -20,15 +19,13 @@ param adminPasswordOrKey string param dnsLabelPrefix string = toLower('simplelinuxvm-${uniqueString(resourceGroup().id)}') // The Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version. -param ubuntuOSVersion string { - default: '18.04-LTS' - allowed: [ - '12.04.5-LTS' - '14.04.5-LTS' - '16.04.0-LTS' - '18.04-LTS' - ] -} +@allowed([ + '12.04.5-LTS' + '14.04.5-LTS' + '16.04.0-LTS' + '18.04-LTS' +]) +param ubuntuOSVersion string = '18.04-LTS' // Location for all resources. param location string = resourceGroup().location diff --git a/docs/examples/101/vm-simple-windows/main.bicep b/docs/examples/101/vm-simple-windows/main.bicep index 169a20a1340..7466a868b1a 100644 --- a/docs/examples/101/vm-simple-windows/main.bicep +++ b/docs/examples/101/vm-simple-windows/main.bicep @@ -1,36 +1,27 @@ param adminUserName string -param adminPassword string { - secure: true -} + +@secure() +param adminPassword string + param dnsLabelPrefix string -param windowsOSVersion string { - default: '2016-Datacenter' - allowed: [ - '2008-R2-SP1' - '2012-Datacenter' - '2012-R2-Datacenter' - '2016-Nano-Server' - '2016-Datacenter-with-Containers' - '2016-Datacenter' - '2019-Datacenter' - ] - metadata: { - 'description': 'The Windows version for the VM. This will pick a fully patched image of this given Windows version.' - } -} -param vmSize string { - default: 'Standard_D2_v3' - metadata: { - description: 'Size of the virtual machine.' - } -} -param location string { - default: resourceGroup().location - metadata: { - description: 'location for all resources' - } -} +@allowed([ + '2008-R2-SP1' + '2012-Datacenter' + '2012-R2-Datacenter' + '2016-Nano-Server' + '2016-Datacenter-with-Containers' + '2016-Datacenter' + '2019-Datacenter' +]) +@description('The Windows version for the VM. This will pick a fully patched image of this given Windows version.') +param windowsOSVersion string = '2016-Datacenter' + +@description('Size of the virtual machine.') +param vmSize string = 'Standard_D2_v3' + +@description('location for all resources') +param location string = resourceGroup().location var storageAccountName = concat(uniqueString(resourceGroup().id), 'sawinvm') var nicName = 'myVMNic' diff --git a/docs/examples/101/vm-simple-windows/main.json b/docs/examples/101/vm-simple-windows/main.json index 573d94f4b2c..63d3d017a1b 100644 --- a/docs/examples/101/vm-simple-windows/main.json +++ b/docs/examples/101/vm-simple-windows/main.json @@ -1,222 +1,222 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "adminUserName": { - "type": "string" - }, - "adminPassword": { - "type": "secureString" - }, - "dnsLabelPrefix": { - "type": "string" - }, - "windowsOSVersion": { - "type": "string", - "metadata": { - "description": "The Windows version for the VM. This will pick a fully patched image of this given Windows version." - }, - "defaultValue": "2016-Datacenter", - "allowedValues": [ - "2008-R2-SP1", - "2012-Datacenter", - "2012-R2-Datacenter", - "2016-Nano-Server", - "2016-Datacenter-with-Containers", - "2016-Datacenter", - "2019-Datacenter" - ] - }, - "vmSize": { - "type": "string", - "metadata": { - "description": "Size of the virtual machine." - }, - "defaultValue": "Standard_D2_v3" - }, - "location": { - "type": "string", - "metadata": { - "description": "location for all resources" - }, - "defaultValue": "[resourceGroup().location]" - } - }, - "functions": [], - "variables": { - "storageAccountName": "[concat(uniqueString(resourceGroup().id), 'sawinvm')]", - "nicName": "myVMNic", - "addressPrefix": "10.0.0.0/16", - "subnetName": "Subnet", - "subnetPrefix": "10.0.0.0/24", - "publicIPAddressName": "myPublicIP", - "vmName": "SimpleWinVM", - "virtualNetworkName": "MyVNET", - "subnetRef": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName')), variables('subnetName'))]", - "networkSecurityGroupName": "default-NSG" - }, - "resources": [ - { - "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2019-06-01", - "name": "[variables('storageAccountName')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard_LRS" - }, - "kind": "Storage" - }, - { - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2020-06-01", - "name": "[variables('publicIPAddressName')]", - "location": "[parameters('location')]", - "properties": { - "publicIPAllocationMethod": "Dynamic", - "dnsSettings": { - "domainNameLabel": "[parameters('dnsLabelPrefix')]" - } - } - }, - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2020-06-01", - "name": "[variables('networkSecurityGroupName')]", - "location": "[parameters('location')]", - "properties": { - "securityRules": [ - { - "name": "default-allow-3389", - "properties": { - "priority": 1000, - "access": "Allow", - "direction": "Inbound", - "destinationPortRange": "3389", - "protocol": "Tcp", - "sourcePortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*" - } - } - ] - } - }, - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2020-06-01", - "name": "[variables('virtualNetworkName')]", - "location": "[parameters('location')]", - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[variables('addressPrefix')]" - ] - }, - "subnets": [ - { - "name": "[variables('subnetName')]", - "properties": { - "addressPrefix": "[variables('subnetPrefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" - } - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" - ] - }, - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2020-06-01", - "name": "[variables('nicName')]", - "location": "[parameters('location')]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" - }, - "subnet": { - "id": "[variables('subnetRef')]" - } - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]", - "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2020-06-01", - "name": "[variables('vmName')]", - "location": "[parameters('location')]", - "properties": { - "hardwareProfile": { - "vmSize": "[parameters('vmSize')]" - }, - "osProfile": { - "computerName": "[variables('vmName')]", - "adminUsername": "[parameters('adminUserName')]", - "adminPassword": "[parameters('adminPassword')]" - }, - "storageProfile": { - "imageReference": { - "publisher": "MicrosoftWindowsServer", - "offer": "WindowsServer", - "sku": "[parameters('windowsOSVersion')]", - "version": "latest" - }, - "osDisk": { - "createOption": "FromImage" - }, - "dataDisks": [ - { - "diskSizeGB": 1023, - "lun": 0, - "createOption": "Empty" - } - ] - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]" - } - ] - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": true, - "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))).primaryEndpoints.blob]" - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]", - "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" - ] - } - ], - "outputs": { - "hostname": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))).dnsSettings.fqdn]" - } - }, - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "4964071618613583935" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "adminUserName": { + "type": "string" + }, + "adminPassword": { + "type": "secureString" + }, + "dnsLabelPrefix": { + "type": "string" + }, + "windowsOSVersion": { + "type": "string", + "defaultValue": "2016-Datacenter", + "metadata": { + "description": "The Windows version for the VM. This will pick a fully patched image of this given Windows version." + }, + "allowedValues": [ + "2008-R2-SP1", + "2012-Datacenter", + "2012-R2-Datacenter", + "2016-Nano-Server", + "2016-Datacenter-with-Containers", + "2016-Datacenter", + "2019-Datacenter" + ] + }, + "vmSize": { + "type": "string", + "defaultValue": "Standard_D2_v3", + "metadata": { + "description": "Size of the virtual machine." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "location for all resources" + } + } + }, + "functions": [], + "variables": { + "storageAccountName": "[concat(uniqueString(resourceGroup().id), 'sawinvm')]", + "nicName": "myVMNic", + "addressPrefix": "10.0.0.0/16", + "subnetName": "Subnet", + "subnetPrefix": "10.0.0.0/24", + "publicIPAddressName": "myPublicIP", + "vmName": "SimpleWinVM", + "virtualNetworkName": "MyVNET", + "subnetRef": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName')), variables('subnetName'))]", + "networkSecurityGroupName": "default-NSG" + }, + "resources": [ + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2019-06-01", + "name": "[variables('storageAccountName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard_LRS" + }, + "kind": "Storage" + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2020-06-01", + "name": "[variables('publicIPAddressName')]", + "location": "[parameters('location')]", + "properties": { + "publicIPAllocationMethod": "Dynamic", + "dnsSettings": { + "domainNameLabel": "[parameters('dnsLabelPrefix')]" + } + } + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2020-06-01", + "name": "[variables('networkSecurityGroupName')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": [ + { + "name": "default-allow-3389", + "properties": { + "priority": 1000, + "access": "Allow", + "direction": "Inbound", + "destinationPortRange": "3389", + "protocol": "Tcp", + "sourcePortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*" + } + } + ] + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2020-06-01", + "name": "[variables('virtualNetworkName')]", + "location": "[parameters('location')]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" + } + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" + ] + }, + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2020-06-01", + "name": "[variables('nicName')]", + "location": "[parameters('location')]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" + }, + "subnet": { + "id": "[variables('subnetRef')]" + } + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]", + "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2020-06-01", + "name": "[variables('vmName')]", + "location": "[parameters('location')]", + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[variables('vmName')]", + "adminUsername": "[parameters('adminUserName')]", + "adminPassword": "[parameters('adminPassword')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "[parameters('windowsOSVersion')]", + "version": "latest" + }, + "osDisk": { + "createOption": "FromImage" + }, + "dataDisks": [ + { + "diskSizeGB": 1023, + "lun": 0, + "createOption": "Empty" + } + ] + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": true, + "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))).primaryEndpoints.blob]" + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" + ] + } + ], + "outputs": { + "hostname": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))).dnsSettings.fqdn]" + } + }, + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "13965433066055370225" + } + } } \ No newline at end of file diff --git a/docs/examples/101/webapp-managed-mysql/main.bicep b/docs/examples/101/webapp-managed-mysql/main.bicep index 3588cf364c7..10b0f0924be 100644 --- a/docs/examples/101/webapp-managed-mysql/main.bicep +++ b/docs/examples/101/webapp-managed-mysql/main.bicep @@ -1,56 +1,54 @@ param websiteName string param dbAdminLogin string -param dbAdminPassword string { - secure: true - minLength: 8 - maxLength: 128 -} -param dbSkuCapacity int { - default: 2 - allowed: [ - 2 - 4 - 8 - 16 - 32 - ] -} -param dbSkuName string { - default: 'GP_Gen5_2' - allowed: [ - 'GP_Gen5_2' - 'GP_Gen5_4' - 'GP_Gen5_8' - 'GP_Gen5_16' - 'GP_Gen5_32' - 'MO_Gen5_2' - 'MO_Gen5_4' - 'MO_Gen5_8' - 'MO_Gen5_16' - 'MO_Gen5_32' - ] -} -param dbSkuSizeInMB int { - default: 51200 - allowed: [ - 51200 - 102400 - ] -} -param dbSkuTier string { - default: 'GeneralPurpose' - allowed: [ - 'GeneralPurpose' - 'MemoryOptimized' - ] -} + +@secure() +@minLength(8) +@maxLength(128) +param dbAdminPassword string + +@allowed([ + 2 + 4 + 8 + 16 + 32 +]) +param dbSkuCapacity int = 2 + +@allowed([ + 'GP_Gen5_2' + 'GP_Gen5_4' + 'GP_Gen5_8' + 'GP_Gen5_16' + 'GP_Gen5_32' + 'MO_Gen5_2' + 'MO_Gen5_4' + 'MO_Gen5_8' + 'MO_Gen5_16' + 'MO_Gen5_32' +]) +param dbSkuName string = 'GP_Gen5_2' + +@allowed([ + 51200 + 102400 +]) +param dbSkuSizeInMB int = 51200 + +@allowed([ + 'GeneralPurpose' + 'MemoryOptimized' +]) +param dbSkuTier string = 'GeneralPurpose' + param dbSkuFamily string = 'Gen5' -param mySQLVersion string { - allowed: [ - '5.6' - '5.7' - ] -} + +@allowed([ + '5.6' + '5.7' +]) +param mySQLVersion string + param location string = resourceGroup().location var dbName = '${websiteName}-db' diff --git a/docs/examples/101/webapp-managed-mysql/main.json b/docs/examples/101/webapp-managed-mysql/main.json index 802f126c579..ba37ee659f6 100644 --- a/docs/examples/101/webapp-managed-mysql/main.json +++ b/docs/examples/101/webapp-managed-mysql/main.json @@ -1,176 +1,176 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "websiteName": { - "type": "string" - }, - "dbAdminLogin": { - "type": "string" - }, - "dbAdminPassword": { - "type": "secureString", - "minLength": 8, - "maxLength": 128 - }, - "dbSkuCapacity": { - "type": "int", - "defaultValue": 2, - "allowedValues": [ - 2, - 4, - 8, - 16, - 32 - ] - }, - "dbSkuName": { - "type": "string", - "defaultValue": "GP_Gen5_2", - "allowedValues": [ - "GP_Gen5_2", - "GP_Gen5_4", - "GP_Gen5_8", - "GP_Gen5_16", - "GP_Gen5_32", - "MO_Gen5_2", - "MO_Gen5_4", - "MO_Gen5_8", - "MO_Gen5_16", - "MO_Gen5_32" - ] - }, - "dbSkuSizeInMB": { - "type": "int", - "defaultValue": 51200, - "allowedValues": [ - 51200, - 102400 - ] - }, - "dbSkuTier": { - "type": "string", - "defaultValue": "GeneralPurpose", - "allowedValues": [ - "GeneralPurpose", - "MemoryOptimized" - ] - }, - "dbSkuFamily": { - "type": "string", - "defaultValue": "Gen5" - }, - "mySQLVersion": { - "type": "string", - "allowedValues": [ - "5.6", - "5.7" - ] - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - } - }, - "functions": [], - "variables": { - "dbName": "[format('{0}-db', parameters('websiteName'))]", - "dbServerName": "[format('{0}-server', parameters('websiteName'))]", - "serverFarmName": "[format('{0}-serviceplan', parameters('websiteName'))]" - }, - "resources": [ - { - "type": "Microsoft.Web/serverfarms", - "apiVersion": "2020-06-01", - "name": "[variables('serverFarmName')]", - "location": "[parameters('location')]", - "sku": { - "tier": "Standard", - "name": "S1" - } - }, - { - "type": "Microsoft.Web/sites", - "apiVersion": "2020-06-01", - "name": "[parameters('websiteName')]", - "location": "[parameters('location')]", - "properties": { - "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('serverFarmName'))]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', variables('serverFarmName'))]" - ] - }, - { - "type": "Microsoft.Web/sites/config", - "apiVersion": "2020-06-01", - "name": "[format('{0}/connectionString', parameters('websiteName'))]", - "properties": { - "defaultConnection": { - "value": "[format('Database={0};Data Source={1};User Id={2}@{3};Password={4}', variables('dbName'), reference(resourceId('Microsoft.DBForMySQL/servers', variables('dbServerName'))).fullyQualifiedDomainName, parameters('dbAdminLogin'), variables('dbServerName'), parameters('dbAdminPassword'))]", - "type": "MySql" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.DBForMySQL/servers', variables('dbServerName'))]", - "[resourceId('Microsoft.Web/sites', parameters('websiteName'))]" - ] - }, - { - "type": "Microsoft.DBForMySQL/servers", - "apiVersion": "2017-12-01-preview", - "name": "[variables('dbServerName')]", - "location": "[parameters('location')]", - "sku": { - "name": "[parameters('dbSkuName')]", - "tier": "[parameters('dbSkuTier')]", - "capacity": "[parameters('dbSkuCapacity')]", - "size": "[string(parameters('dbSkuSizeInMB'))]", - "family": "[parameters('dbSkuFamily')]" - }, - "properties": { - "createMode": "Default", - "version": "[parameters('mySQLVersion')]", - "administratorLogin": "[parameters('dbAdminLogin')]", - "administratorLoginPassword": "[parameters('dbAdminPassword')]", - "storageProfile": { - "storageMB": "[parameters('dbSkuSizeInMB')]", - "backupRetentionDays": 7, - "geoRedundantBackup": "Disabled" - }, - "sslEnforcement": "Disabled" - } - }, - { - "type": "Microsoft.DBForMySQL/servers/firewallRules", - "apiVersion": "2017-12-01-preview", - "name": "[format('{0}/allowAzureIPs', variables('dbServerName'))]", - "properties": { - "startIpAddress": "0.0.0.0", - "endIpAddress": "0.0.0.0" - }, - "dependsOn": [ - "[resourceId('Microsoft.DBForMySQL/servers', variables('dbServerName'))]" - ] - }, - { - "type": "Microsoft.DBForMySQL/servers/databases", - "apiVersion": "2017-12-01-preview", - "name": "[format('{0}/{1}', variables('dbServerName'), variables('dbName'))]", - "properties": { - "charset": "utf8", - "collation": "utf8_general_ci" - }, - "dependsOn": [ - "[resourceId('Microsoft.DBForMySQL/servers', variables('dbServerName'))]" - ] - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "10938510001943113378" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "websiteName": { + "type": "string" + }, + "dbAdminLogin": { + "type": "string" + }, + "dbAdminPassword": { + "type": "secureString", + "maxLength": 128, + "minLength": 8 + }, + "dbSkuCapacity": { + "type": "int", + "defaultValue": 2, + "allowedValues": [ + 2, + 4, + 8, + 16, + 32 + ] + }, + "dbSkuName": { + "type": "string", + "defaultValue": "GP_Gen5_2", + "allowedValues": [ + "GP_Gen5_2", + "GP_Gen5_4", + "GP_Gen5_8", + "GP_Gen5_16", + "GP_Gen5_32", + "MO_Gen5_2", + "MO_Gen5_4", + "MO_Gen5_8", + "MO_Gen5_16", + "MO_Gen5_32" + ] + }, + "dbSkuSizeInMB": { + "type": "int", + "defaultValue": 51200, + "allowedValues": [ + 51200, + 102400 + ] + }, + "dbSkuTier": { + "type": "string", + "defaultValue": "GeneralPurpose", + "allowedValues": [ + "GeneralPurpose", + "MemoryOptimized" + ] + }, + "dbSkuFamily": { + "type": "string", + "defaultValue": "Gen5" + }, + "mySQLVersion": { + "type": "string", + "allowedValues": [ + "5.6", + "5.7" + ] + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + } + }, + "functions": [], + "variables": { + "dbName": "[format('{0}-db', parameters('websiteName'))]", + "dbServerName": "[format('{0}-server', parameters('websiteName'))]", + "serverFarmName": "[format('{0}-serviceplan', parameters('websiteName'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/serverfarms", + "apiVersion": "2020-06-01", + "name": "[variables('serverFarmName')]", + "location": "[parameters('location')]", + "sku": { + "tier": "Standard", + "name": "S1" + } + }, + { + "type": "Microsoft.Web/sites", + "apiVersion": "2020-06-01", + "name": "[parameters('websiteName')]", + "location": "[parameters('location')]", + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('serverFarmName'))]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', variables('serverFarmName'))]" + ] + }, + { + "type": "Microsoft.Web/sites/config", + "apiVersion": "2020-06-01", + "name": "[format('{0}/connectionString', parameters('websiteName'))]", + "properties": { + "defaultConnection": { + "value": "[format('Database={0};Data Source={1};User Id={2}@{3};Password={4}', variables('dbName'), reference(resourceId('Microsoft.DBForMySQL/servers', variables('dbServerName'))).fullyQualifiedDomainName, parameters('dbAdminLogin'), variables('dbServerName'), parameters('dbAdminPassword'))]", + "type": "MySql" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.DBForMySQL/servers', variables('dbServerName'))]", + "[resourceId('Microsoft.Web/sites', parameters('websiteName'))]" + ] + }, + { + "type": "Microsoft.DBForMySQL/servers", + "apiVersion": "2017-12-01-preview", + "name": "[variables('dbServerName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('dbSkuName')]", + "tier": "[parameters('dbSkuTier')]", + "capacity": "[parameters('dbSkuCapacity')]", + "size": "[string(parameters('dbSkuSizeInMB'))]", + "family": "[parameters('dbSkuFamily')]" + }, + "properties": { + "createMode": "Default", + "version": "[parameters('mySQLVersion')]", + "administratorLogin": "[parameters('dbAdminLogin')]", + "administratorLoginPassword": "[parameters('dbAdminPassword')]", + "storageProfile": { + "storageMB": "[parameters('dbSkuSizeInMB')]", + "backupRetentionDays": 7, + "geoRedundantBackup": "Disabled" + }, + "sslEnforcement": "Disabled" + } + }, + { + "type": "Microsoft.DBForMySQL/servers/firewallRules", + "apiVersion": "2017-12-01-preview", + "name": "[format('{0}/allowAzureIPs', variables('dbServerName'))]", + "properties": { + "startIpAddress": "0.0.0.0", + "endIpAddress": "0.0.0.0" + }, + "dependsOn": [ + "[resourceId('Microsoft.DBForMySQL/servers', variables('dbServerName'))]" + ] + }, + { + "type": "Microsoft.DBForMySQL/servers/databases", + "apiVersion": "2017-12-01-preview", + "name": "[format('{0}/{1}', variables('dbServerName'), variables('dbName'))]", + "properties": { + "charset": "utf8", + "collation": "utf8_general_ci" + }, + "dependsOn": [ + "[resourceId('Microsoft.DBForMySQL/servers', variables('dbServerName'))]" + ] + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "8297474907643471144" + } + } } \ No newline at end of file diff --git a/docs/examples/101/webapp-privateendpoint-vnet-injection/main.bicep b/docs/examples/101/webapp-privateendpoint-vnet-injection/main.bicep index ca13d68b300..25107192fe2 100644 --- a/docs/examples/101/webapp-privateendpoint-vnet-injection/main.bicep +++ b/docs/examples/101/webapp-privateendpoint-vnet-injection/main.bicep @@ -8,14 +8,13 @@ param subnet2Name string = 'Subnet2' param subnet1_CIDR string = '10.200.1.0/24' param subnet2_CIDR string = '10.200.2.0/24' param location string = resourceGroup().location -param skuName string { - default: 'P1v2' - allowed: [ - 'P1v2' - 'P2v2' - 'P3v2' - ] -} + +@allowed([ + 'P1v2' + 'P2v2' + 'P3v2' +]) +param skuName string = 'P1v2' var webapp_dns_name = '.azurewebsites.net' var privateDNSZoneName = 'privatelink.azurewebsites.net' diff --git a/docs/examples/201/1vm-2nics-2subnets-1vnet/main.bicep b/docs/examples/201/1vm-2nics-2subnets-1vnet/main.bicep index 6ee547d0a51..0e828797044 100644 --- a/docs/examples/201/1vm-2nics-2subnets-1vnet/main.bicep +++ b/docs/examples/201/1vm-2nics-2subnets-1vnet/main.bicep @@ -1,8 +1,9 @@ param virtualMachineSize string param adminUsername string -param adminPassword string { - secure: true -} + +@secure() +param adminPassword string + param storageAccountType string param location string = resourceGroup().location diff --git a/docs/examples/201/1vm-2nics-2subnets-1vnet/vm.bicep b/docs/examples/201/1vm-2nics-2subnets-1vnet/vm.bicep index 9c8666d4924..54a4b74b056 100644 --- a/docs/examples/201/1vm-2nics-2subnets-1vnet/vm.bicep +++ b/docs/examples/201/1vm-2nics-2subnets-1vnet/vm.bicep @@ -1,8 +1,9 @@ param virtualMachineSize string param adminUsername string -param adminPassword string { - secure: true -} + +@secure() +param adminPassword string + param location string = resourceGroup().location param virtualMachineName string param nic1Id string diff --git a/docs/examples/201/aci-sftp-files/main.bicep b/docs/examples/201/aci-sftp-files/main.bicep index 26d2ba0db65..75a0c12ae6c 100644 --- a/docs/examples/201/aci-sftp-files/main.bicep +++ b/docs/examples/201/aci-sftp-files/main.bicep @@ -1,9 +1,10 @@ param storageAccountType string = 'Standard_LRS' param fileShareName string = 'sftpfileshare' param sftpUser string -param sftpPassword string { - secure: true -} + +@secure() +param sftpPassword string + param location string = resourceGroup().location var scriptName = 'createFileShare' diff --git a/docs/examples/201/aci-wordpress/main.bicep b/docs/examples/201/aci-wordpress/main.bicep index 999e1167e72..16e2a943994 100644 --- a/docs/examples/201/aci-wordpress/main.bicep +++ b/docs/examples/201/aci-wordpress/main.bicep @@ -1,18 +1,15 @@ -param storageAccountType string { - default: 'Standard_LRS' - allowed: [ - 'Standard_LRS' - 'Standard_GRS' - 'Standard_ZRS' - ] -} +@allowed([ + 'Standard_LRS' + 'Standard_GRS' + 'Standard_ZRS' +]) +param storageAccountType string = 'Standard_LRS' param storageAccountName string = uniqueString(resourceGroup().id) param siteName string = storageAccountName -param mySqlPassword string { - secure: true -} +@secure() +param mySqlPassword string param location string = resourceGroup().location diff --git a/docs/examples/201/anchored-proximity-placement-group/linux-vm-az.bicep b/docs/examples/201/anchored-proximity-placement-group/linux-vm-az.bicep index 46c0edade02..e7992f7b7e4 100644 --- a/docs/examples/201/anchored-proximity-placement-group/linux-vm-az.bicep +++ b/docs/examples/201/anchored-proximity-placement-group/linux-vm-az.bicep @@ -3,13 +3,13 @@ param adminSshKey string param proximityPlacementGroupId string param subnetId string param vmName string -param zone int { - allowed: [ - 1 - 2 - 3 - ] -} + +@allowed([ + 1 + 2 + 3 +]) +param zone int resource pip 'Microsoft.Network/publicIpAddresses@2020-05-01' = { name: '${vmName}-pip' diff --git a/docs/examples/201/api-management-create-all-resources/main.bicep b/docs/examples/201/api-management-create-all-resources/main.bicep index 862ee2f2b56..e383cda41a6 100644 --- a/docs/examples/201/api-management-create-all-resources/main.bicep +++ b/docs/examples/201/api-management-create-all-resources/main.bicep @@ -1,25 +1,27 @@ param publisherEmail string param publisherName string -param sku string { - default: 'Standard' - allowed: [ - 'Developer' - 'Standard' - 'Premium' - ] -} + +@allowed([ + 'Developer' + 'Standard' + 'Premium' +]) +param sku string = 'Standard' + param skuCount int = 1 -param mutualAuthenticationCertificate string { - secure: true -} + +@secure() +param mutualAuthenticationCertificate string + param certificatePassword string param eventHubNamespaceConnectionString string -param googleClientSecret string { - secure: true -} -param openIdConnectClientSecret string { - secure: true -} + +@secure() +param googleClientSecret string + +@secure() +param openIdConnectClientSecret string + param tenantPolicy string param apiPolicy string param operationPolicy string diff --git a/docs/examples/201/asev2-ilb-with-web-app/main.bicep b/docs/examples/201/asev2-ilb-with-web-app/main.bicep index caee6f93d90..f525710c051 100644 --- a/docs/examples/201/asev2-ilb-with-web-app/main.bicep +++ b/docs/examples/201/asev2-ilb-with-web-app/main.bicep @@ -1,26 +1,26 @@ param location string = resourceGroup().location param aseName string -param internalLoadBalancingMode string { - default: 'Web,Publishing' - allowed: [ - 'None' - 'Publishing' - 'Web' - 'Web,Publishing' - ] -} + +@allowed([ + 'None' + 'Publishing' + 'Web' + 'Web,Publishing' +]) +param internalLoadBalancingMode string = 'Web,Publishing' + param dnsSuffix string param websiteName string param appServicePlanName string param numberOfWorkers int = 1 -param workerPool string { - default: '1' - allowed: [ - '1' - '2' - '3' - ] -} + +@allowed([ + '1' + '2' + '3' +]) +param workerPool string = '1' + resource virtualNetwork 'Microsoft.Network/virtualNetworks@2020-06-01' = { name: 'vnet-01' location: location diff --git a/docs/examples/201/event-hub-and-consumer-group/main.bicep b/docs/examples/201/event-hub-and-consumer-group/main.bicep index b1a4a2b01f0..74d16fbfa5d 100644 --- a/docs/examples/201/event-hub-and-consumer-group/main.bicep +++ b/docs/examples/201/event-hub-and-consumer-group/main.bicep @@ -1,19 +1,18 @@ param namespaceName string -param eventHubSku string { - default: 'Standard' - allowed: [ - 'Standard' - 'Basic' - ] -} -param skuCapacity int { - default: 1 - allowed: [ - 1 - 2 - 4 - ] -} + +@allowed([ + 'Standard' + 'Basic' +]) +param eventHubSku string = 'Standard' + +@allowed([ + 1 + 2 + 4 +]) +param skuCapacity int = 1 + param eventHubName string param consumerGroupName string param location string = resourceGroup().location diff --git a/docs/examples/201/firewall-with-ip-from-prefix/main.bicep b/docs/examples/201/firewall-with-ip-from-prefix/main.bicep index 3c13142f923..b90f31b5e48 100644 --- a/docs/examples/201/firewall-with-ip-from-prefix/main.bicep +++ b/docs/examples/201/firewall-with-ip-from-prefix/main.bicep @@ -1,43 +1,23 @@ -param location string { - default: resourceGroup().location - metadata: { - description: 'Specifies the Azure location where the key vault should be created.' - } -} +@description('Specifies the Azure location where the key vault should be created.') +param location string = resourceGroup().location -param vnetname string { - default: '${location}-azfw-sample-vnet' - metadata: { - description: 'Specifies the name of the VNet.' - } -} +@description('Specifies the name of the VNet.') +param vnetname string = '${location}-azfw-sample-vnet' -param vnetaddressprefix string { - default: '10.0.0.0/24' - metadata: { - description: 'Specifies the address prefix to use for the VNet.' - } -} +@description('Specifies the address prefix to use for the VNet.') +param vnetaddressprefix string = '10.0.0.0/24' -param firewallsubnetprefix string { - default: '10.0.0.0/26' - metadata: { - description: 'Specifies the address prefix to use for the AzureFirewallSubnet' - } -} +@description('Specifies the address prefix to use for the AzureFirewallSubnet') +param firewallsubnetprefix string = '10.0.0.0/26' -param ipprefixlength int { - default: 31 - allowed: [ - 28 - 29 - 30 - 31 - ] - metadata: { - description: 'Specifies the size of the Public IP Prefix' - } -} +@allowed([ + 28 + 29 + 30 + 31 +]) +@description('Specifies the size of the Public IP Prefix') +param ipprefixlength int = 31 var firewallname = '${vnetname}-fw' var publicipname = '${vnetname}-pip' diff --git a/docs/examples/201/firewall-with-ip-from-prefix/main.json b/docs/examples/201/firewall-with-ip-from-prefix/main.json index 0748c88bc23..38154c47f75 100644 --- a/docs/examples/201/firewall-with-ip-from-prefix/main.json +++ b/docs/examples/201/firewall-with-ip-from-prefix/main.json @@ -1,141 +1,141 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "metadata": { - "description": "Specifies the Azure location where the key vault should be created." - }, - "defaultValue": "[resourceGroup().location]" - }, - "vnetname": { - "type": "string", - "metadata": { - "description": "Specifies the name of the VNet." - }, - "defaultValue": "[format('{0}-azfw-sample-vnet', parameters('location'))]" - }, - "vnetaddressprefix": { - "type": "string", - "metadata": { - "description": "Specifies the address prefix to use for the VNet." - }, - "defaultValue": "10.0.0.0/24" - }, - "firewallsubnetprefix": { - "type": "string", - "metadata": { - "description": "Specifies the address prefix to use for the AzureFirewallSubnet" - }, - "defaultValue": "10.0.0.0/26" - }, - "ipprefixlength": { - "type": "int", - "metadata": { - "description": "Specifies the size of the Public IP Prefix" - }, - "defaultValue": 31, - "allowedValues": [ - 28, - 29, - 30, - 31 - ] - } - }, - "functions": [], - "variables": { - "firewallname": "[format('{0}-fw', parameters('vnetname'))]", - "publicipname": "[format('{0}-pip', parameters('vnetname'))]", - "ipprefixname": "[format('{0}-ipprefix', parameters('vnetname'))]" - }, - "resources": [ - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2020-05-01", - "name": "[parameters('vnetname')]", - "location": "[parameters('location')]", - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[parameters('vnetaddressprefix')]" - ] - }, - "subnets": [ - { - "name": "AzureFirewallSubnet", - "properties": { - "addressPrefix": "[parameters('firewallsubnetprefix')]" - } - } - ] - } - }, - { - "type": "Microsoft.Network/publicIPPrefixes", - "apiVersion": "2020-05-01", - "name": "[variables('ipprefixname')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard" - }, - "properties": { - "prefixLength": "[parameters('ipprefixlength')]", - "publicIPAddressVersion": "IPv4", - "ipTags": [] - } - }, - { - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2020-05-01", - "name": "[variables('publicipname')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard" - }, - "properties": { - "publicIPAllocationMethod": "Static", - "publicIPPrefix": { - "id": "[resourceId('Microsoft.Network/publicIPPrefixes', variables('ipprefixname'))]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPPrefixes', variables('ipprefixname'))]" - ] - }, - { - "type": "Microsoft.Network/azureFirewalls", - "apiVersion": "2020-05-01", - "name": "[variables('firewallname')]", - "location": "[parameters('location')]", - "properties": { - "threatIntelMode": "Alert", - "ipConfigurations": [ - { - "name": "[format('{0}-vnetIpconf', variables('firewallname'))]", - "properties": { - "subnet": { - "id": "[format('{0}/subnets/AzureFirewallSubnet', resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname')))]" - }, - "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicipname'))]" - } - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicipname'))]", - "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))]" - ] - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "385151546875596961" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Specifies the Azure location where the key vault should be created." + } + }, + "vnetname": { + "type": "string", + "defaultValue": "[format('{0}-azfw-sample-vnet', parameters('location'))]", + "metadata": { + "description": "Specifies the name of the VNet." + } + }, + "vnetaddressprefix": { + "type": "string", + "defaultValue": "10.0.0.0/24", + "metadata": { + "description": "Specifies the address prefix to use for the VNet." + } + }, + "firewallsubnetprefix": { + "type": "string", + "defaultValue": "10.0.0.0/26", + "metadata": { + "description": "Specifies the address prefix to use for the AzureFirewallSubnet" + } + }, + "ipprefixlength": { + "type": "int", + "defaultValue": 31, + "metadata": { + "description": "Specifies the size of the Public IP Prefix" + }, + "allowedValues": [ + 28, + 29, + 30, + 31 + ] + } + }, + "functions": [], + "variables": { + "firewallname": "[format('{0}-fw', parameters('vnetname'))]", + "publicipname": "[format('{0}-pip', parameters('vnetname'))]", + "ipprefixname": "[format('{0}-ipprefix', parameters('vnetname'))]" + }, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2020-05-01", + "name": "[parameters('vnetname')]", + "location": "[parameters('location')]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('vnetaddressprefix')]" + ] + }, + "subnets": [ + { + "name": "AzureFirewallSubnet", + "properties": { + "addressPrefix": "[parameters('firewallsubnetprefix')]" + } + } + ] + } + }, + { + "type": "Microsoft.Network/publicIPPrefixes", + "apiVersion": "2020-05-01", + "name": "[variables('ipprefixname')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "properties": { + "prefixLength": "[parameters('ipprefixlength')]", + "publicIPAddressVersion": "IPv4", + "ipTags": [] + } + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2020-05-01", + "name": "[variables('publicipname')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "properties": { + "publicIPAllocationMethod": "Static", + "publicIPPrefix": { + "id": "[resourceId('Microsoft.Network/publicIPPrefixes', variables('ipprefixname'))]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPPrefixes', variables('ipprefixname'))]" + ] + }, + { + "type": "Microsoft.Network/azureFirewalls", + "apiVersion": "2020-05-01", + "name": "[variables('firewallname')]", + "location": "[parameters('location')]", + "properties": { + "threatIntelMode": "Alert", + "ipConfigurations": [ + { + "name": "[format('{0}-vnetIpconf', variables('firewallname'))]", + "properties": { + "subnet": { + "id": "[format('{0}/subnets/AzureFirewallSubnet', resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname')))]" + }, + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicipname'))]" + } + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicipname'))]", + "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))]" + ] + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "8332572898430366495" + } + } } \ No newline at end of file diff --git a/docs/examples/201/front-door-with-webapplication-firewall/main.bicep b/docs/examples/201/front-door-with-webapplication-firewall/main.bicep index dbd755db393..92192161b6a 100644 --- a/docs/examples/201/front-door-with-webapplication-firewall/main.bicep +++ b/docs/examples/201/front-door-with-webapplication-firewall/main.bicep @@ -4,13 +4,12 @@ param healthProbe1EnabledState bool = false param frontDoorWafDeployed bool = false // Used for conditions once available in bicep 0.3 param frontDoorWafNamePrefix string = 'AzFdWafTestingBicep' param frontDoorWafEnabledState bool = true -param frontDoorWafMode string { - allowed: [ - 'Prevention' - 'Detection' - ] - default: 'Prevention' -} + +@allowed([ + 'Prevention' + 'Detection' +]) +param frontDoorWafMode string = 'Prevention' var frontDoorNameLower = toLower(frontDoorName) var backendPool1Name = '${frontDoorNameLower}-backendPool1' diff --git a/docs/examples/201/iot-with-storage/main.bicep b/docs/examples/201/iot-with-storage/main.bicep index eacc1bcce19..91e132c169e 100644 --- a/docs/examples/201/iot-with-storage/main.bicep +++ b/docs/examples/201/iot-with-storage/main.bicep @@ -1,9 +1,7 @@ // from quickstart docs for IOT: https://docs.microsoft.com/en-us/azure/iot-hub/horizontal-arm-route-messages -param projectName string { - default: 'contoso' - minLength: 1 - maxLength: 11 -} +@minLength(1) +@maxLength(11) +param projectName string = 'contoso' param location string = resourceGroup().location param skuName string = 'S1' diff --git a/docs/examples/201/iot-with-storage/main.json b/docs/examples/201/iot-with-storage/main.json index 78abcbd1e03..c96241d6bce 100644 --- a/docs/examples/201/iot-with-storage/main.json +++ b/docs/examples/201/iot-with-storage/main.json @@ -1,139 +1,139 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "projectName": { - "type": "string", - "minLength": 1, - "maxLength": 11, - "defaultValue": "contoso" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "skuName": { - "type": "string", - "defaultValue": "S1" - }, - "skuUnits": { - "type": "int", - "defaultValue": 1 - }, - "d2cPartitions": { - "type": "int", - "defaultValue": 4 - } - }, - "functions": [], - "variables": { - "unique": "[uniqueString(resourceGroup().id)]", - "iotHubName": "[format('{0}Hub{1}', parameters('projectName'), variables('unique'))]", - "storageAccountName": "[format('{0}{1}', toLower(parameters('projectName')), variables('unique'))]", - "storageEndpoint": "[format('{0}StorageEndpoint', parameters('projectName'))]", - "storageContainerName": "[format('{0}results', toLower(parameters('projectName')))]" - }, - "resources": [ - { - "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2019-06-01", - "name": "[variables('storageAccountName')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard_LRS" - }, - "kind": "Storage" - }, - { - "type": "Microsoft.Storage/storageAccounts/blobServices/containers", - "apiVersion": "2019-06-01", - "name": "[format('{0}/default/{1}', variables('storageAccountName'), variables('storageContainerName'))]", - "properties": { - "publicAccess": "None" - }, - "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" - ] - }, - { - "type": "Microsoft.Devices/IotHubs", - "apiVersion": "2020-03-01", - "name": "[variables('iotHubName')]", - "location": "[parameters('location')]", - "sku": { - "name": "[parameters('skuName')]", - "capacity": "[parameters('skuUnits')]" - }, - "properties": { - "eventHubEndpoints": { - "events": { - "retentionTimeInDays": 1, - "partitionCount": "[parameters('d2cPartitions')]" - } - }, - "routing": { - "endpoints": { - "storageContainers": [ - { - "connectionString": "[format('DefaultEndpointsProtocol=https;AccountName={0};EndpointSuffix={1};AccountKey={2}', variables('storageAccountName'), environment().suffixes.storage, listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2019-06-01').keys[0].value)]", - "containerName": "[variables('storageContainerName')]", - "fileNameFormat": "{iothub}/{partition}/{YYYY}/{MM}/{DD}/{HH}/{mm}", - "batchFrequencyInSeconds": 100, - "maxChunkSizeInBytes": 104857600, - "encoding": "JSON", - "name": "[variables('storageEndpoint')]" - } - ] - }, - "routes": [ - { - "name": "ContosoStorageRoute", - "source": "DeviceMessages", - "condition": "level=\"storage\"", - "endpointNames": [ - "[variables('storageEndpoint')]" - ], - "isEnabled": true - } - ], - "fallbackRoute": { - "name": "$fallback", - "source": "DeviceMessages", - "condition": "true", - "endpointNames": [ - "events" - ], - "isEnabled": true - } - }, - "messagingEndpoints": { - "fileNotifications": { - "lockDurationAsIso8601": "PT1M", - "ttlAsIso8601": "PT1H", - "maxDeliveryCount": 10 - } - }, - "enableFileUploadNotifications": false, - "cloudToDevice": { - "maxDeliveryCount": 10, - "defaultTtlAsIso8601": "PT1H", - "feedback": { - "lockDurationAsIso8601": "PT1M", - "ttlAsIso8601": "PT1H", - "maxDeliveryCount": 10 - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" - ] - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "14223046919089114320" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "projectName": { + "type": "string", + "defaultValue": "contoso", + "maxLength": 11, + "minLength": 1 + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "skuName": { + "type": "string", + "defaultValue": "S1" + }, + "skuUnits": { + "type": "int", + "defaultValue": 1 + }, + "d2cPartitions": { + "type": "int", + "defaultValue": 4 + } + }, + "functions": [], + "variables": { + "unique": "[uniqueString(resourceGroup().id)]", + "iotHubName": "[format('{0}Hub{1}', parameters('projectName'), variables('unique'))]", + "storageAccountName": "[format('{0}{1}', toLower(parameters('projectName')), variables('unique'))]", + "storageEndpoint": "[format('{0}StorageEndpoint', parameters('projectName'))]", + "storageContainerName": "[format('{0}results', toLower(parameters('projectName')))]" + }, + "resources": [ + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2019-06-01", + "name": "[variables('storageAccountName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard_LRS" + }, + "kind": "Storage" + }, + { + "type": "Microsoft.Storage/storageAccounts/blobServices/containers", + "apiVersion": "2019-06-01", + "name": "[format('{0}/default/{1}', variables('storageAccountName'), variables('storageContainerName'))]", + "properties": { + "publicAccess": "None" + }, + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" + ] + }, + { + "type": "Microsoft.Devices/IotHubs", + "apiVersion": "2020-03-01", + "name": "[variables('iotHubName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('skuName')]", + "capacity": "[parameters('skuUnits')]" + }, + "properties": { + "eventHubEndpoints": { + "events": { + "retentionTimeInDays": 1, + "partitionCount": "[parameters('d2cPartitions')]" + } + }, + "routing": { + "endpoints": { + "storageContainers": [ + { + "connectionString": "[format('DefaultEndpointsProtocol=https;AccountName={0};EndpointSuffix={1};AccountKey={2}', variables('storageAccountName'), environment().suffixes.storage, listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2019-06-01').keys[0].value)]", + "containerName": "[variables('storageContainerName')]", + "fileNameFormat": "{iothub}/{partition}/{YYYY}/{MM}/{DD}/{HH}/{mm}", + "batchFrequencyInSeconds": 100, + "maxChunkSizeInBytes": 104857600, + "encoding": "JSON", + "name": "[variables('storageEndpoint')]" + } + ] + }, + "routes": [ + { + "name": "ContosoStorageRoute", + "source": "DeviceMessages", + "condition": "level=\"storage\"", + "endpointNames": [ + "[variables('storageEndpoint')]" + ], + "isEnabled": true + } + ], + "fallbackRoute": { + "name": "$fallback", + "source": "DeviceMessages", + "condition": "true", + "endpointNames": [ + "events" + ], + "isEnabled": true + } + }, + "messagingEndpoints": { + "fileNotifications": { + "lockDurationAsIso8601": "PT1M", + "ttlAsIso8601": "PT1H", + "maxDeliveryCount": 10 + } + }, + "enableFileUploadNotifications": false, + "cloudToDevice": { + "maxDeliveryCount": 10, + "defaultTtlAsIso8601": "PT1H", + "feedback": { + "lockDurationAsIso8601": "PT1M", + "ttlAsIso8601": "PT1H", + "maxDeliveryCount": 10 + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" + ] + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "12929368963968965092" + } + } } \ No newline at end of file diff --git a/docs/examples/201/key-vault-secret-create/main.bicep b/docs/examples/201/key-vault-secret-create/main.bicep index 46b65ad0bc6..e5194c85bad 100644 --- a/docs/examples/201/key-vault-secret-create/main.bicep +++ b/docs/examples/201/key-vault-secret-create/main.bicep @@ -1,87 +1,45 @@ -param keyVaultName string { - metadata: { - description: 'Specifies the name of the key vault.' - } -} +@description('Specifies the name of the key vault.') +param keyVaultName string -param location string { - default: resourceGroup().location - metadata: { - description: 'Specifies the Azure location where the key vault should be created.' - } -} +@description('Specifies the Azure location where the key vault should be created.') +param location string = resourceGroup().location -param enabledForDeployment bool { - default: false - metadata: { - description: 'Specifies whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.' - } -} +@description('Specifies whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.') +param enabledForDeployment bool = false -param enabledForDiskEncryption bool { - default: false - metadata: { - description: 'Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.' - } -} +@description('Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.') +param enabledForDiskEncryption bool = false -param enabledForTemplateDeployment bool { - default: false - metadata: { - description: 'Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault.' - } -} +@description('Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault.') +param enabledForTemplateDeployment bool = false -param tenantId string { - default: subscription().tenantId - metadata: { - description: 'Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet.' - } -} +@description('Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet.') +param tenantId string = subscription().tenantId -param objectId string { - metadata: { - description: 'Specifies the object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Get it by using Get-AzADUser or Get-AzADServicePrincipal cmdlets.' - } -} +@description('Specifies the object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Get it by using Get-AzADUser or Get-AzADServicePrincipal cmdlets.') +param objectId string -param keysPermissions array { - default: [ - 'list' - ] - metadata: { - description: 'Specifies the permissions to keys in the vault. Valid values are: all, encrypt, decrypt, wrapKey, unwrapKey, sign, verify, get, list, create, update, import, delete, backup, restore, recover, and purge.' - } -} +@description('Specifies the permissions to keys in the vault. Valid values are: all, encrypt, decrypt, wrapKey, unwrapKey, sign, verify, get, list, create, update, import, delete, backup, restore, recover, and purge.') +param keysPermissions array = [ + 'list' +] -param secretsPermissions array { - default: [ - 'list' - ] - metadata: { - description: 'Specifies the permissions to secrets in the vault. Valid values are: all, get, list, set, delete, backup, restore, recover, and purge.' - } -} +@description('Specifies the permissions to secrets in the vault. Valid values are: all, get, list, set, delete, backup, restore, recover, and purge.') +param secretsPermissions array = [ + 'list' +] -param skuName string { - default: 'standard' - allowed: [ - 'standard' - 'premium' - ] - metadata: { - description: 'Specifies whether the key vault is a standard vault or a premium vault.' - } -} +@allowed([ + 'standard' + 'premium' +]) +@description('Specifies whether the key vault is a standard vault or a premium vault.') +param skuName string = 'standard' -param secretsObject object { - secure: true - default: { - secrets: [] - } - metadata: { - description: 'Specifies all secrets {"secretName":"","secretValue":""} wrapped in a secure object.' - } +@secure() +@description('Specifies all secrets {"secretName":"","secretValue":""} wrapped in a secure object.') +param secretsObject object = { + secrets: [] } resource vault 'Microsoft.KeyVault/vaults@2019-09-01' = { diff --git a/docs/examples/201/key-vault-secret-create/main.json b/docs/examples/201/key-vault-secret-create/main.json index 0783e139181..d4e77929492 100644 --- a/docs/examples/201/key-vault-secret-create/main.json +++ b/docs/examples/201/key-vault-secret-create/main.json @@ -1,149 +1,149 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "keyVaultName": { - "type": "string", - "metadata": { - "description": "Specifies the name of the key vault." - } - }, - "location": { - "type": "string", - "metadata": { - "description": "Specifies the Azure location where the key vault should be created." - }, - "defaultValue": "[resourceGroup().location]" - }, - "enabledForDeployment": { - "type": "bool", - "metadata": { - "description": "Specifies whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault." - }, - "defaultValue": false - }, - "enabledForDiskEncryption": { - "type": "bool", - "metadata": { - "description": "Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys." - }, - "defaultValue": false - }, - "enabledForTemplateDeployment": { - "type": "bool", - "metadata": { - "description": "Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault." - }, - "defaultValue": false - }, - "tenantId": { - "type": "string", - "metadata": { - "description": "Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet." - }, - "defaultValue": "[subscription().tenantId]" - }, - "objectId": { - "type": "string", - "metadata": { - "description": "Specifies the object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Get it by using Get-AzADUser or Get-AzADServicePrincipal cmdlets." - } - }, - "keysPermissions": { - "type": "array", - "metadata": { - "description": "Specifies the permissions to keys in the vault. Valid values are: all, encrypt, decrypt, wrapKey, unwrapKey, sign, verify, get, list, create, update, import, delete, backup, restore, recover, and purge." - }, - "defaultValue": [ - "list" - ] - }, - "secretsPermissions": { - "type": "array", - "metadata": { - "description": "Specifies the permissions to secrets in the vault. Valid values are: all, get, list, set, delete, backup, restore, recover, and purge." - }, - "defaultValue": [ - "list" - ] - }, - "skuName": { - "type": "string", - "metadata": { - "description": "Specifies whether the key vault is a standard vault or a premium vault." - }, - "defaultValue": "standard", - "allowedValues": [ - "standard", - "premium" - ] - }, - "secretsObject": { - "type": "secureObject", - "metadata": { - "description": "Specifies all secrets {\"secretName\":\"\",\"secretValue\":\"\"} wrapped in a secure object." - }, - "defaultValue": { - "secrets": [] - } - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2019-09-01", - "name": "[parameters('keyVaultName')]", - "location": "[parameters('location')]", - "tags": { - "displayName": "KeyVault" - }, - "properties": { - "enabledForDeployment": "[parameters('enabledForDeployment')]", - "enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]", - "enabledForDiskEncryption": "[parameters('enabledForDiskEncryption')]", - "tenantId": "[parameters('tenantId')]", - "accessPolicies": [ - { - "objectId": "[parameters('objectId')]", - "tenantId": "[parameters('tenantId')]", - "permissions": { - "keys": "[parameters('keysPermissions')]", - "secrets": "[parameters('secretsPermissions')]" - } - } - ], - "sku": { - "name": "[parameters('skuName')]", - "family": "A" - }, - "networkAcls": { - "defaultAction": "Allow", - "bypass": "AzureServices" - } - } - }, - { - "copy": { - "name": "secrets", - "count": "[length(parameters('secretsObject').secrets)]" - }, - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2018-02-14", - "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('secretsObject').secrets[copyIndex()].secretName)]", - "properties": { - "value": "[parameters('secretsObject').secrets[copyIndex()].secretValue]" - }, - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" - ] - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "3958365733885473830" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "keyVaultName": { + "type": "string", + "metadata": { + "description": "Specifies the name of the key vault." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Specifies the Azure location where the key vault should be created." + } + }, + "enabledForDeployment": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Specifies whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault." + } + }, + "enabledForDiskEncryption": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys." + } + }, + "enabledForTemplateDeployment": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault." + } + }, + "tenantId": { + "type": "string", + "defaultValue": "[subscription().tenantId]", + "metadata": { + "description": "Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet." + } + }, + "objectId": { + "type": "string", + "metadata": { + "description": "Specifies the object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Get it by using Get-AzADUser or Get-AzADServicePrincipal cmdlets." + } + }, + "keysPermissions": { + "type": "array", + "defaultValue": [ + "list" + ], + "metadata": { + "description": "Specifies the permissions to keys in the vault. Valid values are: all, encrypt, decrypt, wrapKey, unwrapKey, sign, verify, get, list, create, update, import, delete, backup, restore, recover, and purge." + } + }, + "secretsPermissions": { + "type": "array", + "defaultValue": [ + "list" + ], + "metadata": { + "description": "Specifies the permissions to secrets in the vault. Valid values are: all, get, list, set, delete, backup, restore, recover, and purge." + } + }, + "skuName": { + "type": "string", + "defaultValue": "standard", + "metadata": { + "description": "Specifies whether the key vault is a standard vault or a premium vault." + }, + "allowedValues": [ + "standard", + "premium" + ] + }, + "secretsObject": { + "type": "secureObject", + "defaultValue": { + "secrets": [] + }, + "metadata": { + "description": "Specifies all secrets {\"secretName\":\"\",\"secretValue\":\"\"} wrapped in a secure object." + } + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2019-09-01", + "name": "[parameters('keyVaultName')]", + "location": "[parameters('location')]", + "tags": { + "displayName": "KeyVault" + }, + "properties": { + "enabledForDeployment": "[parameters('enabledForDeployment')]", + "enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]", + "enabledForDiskEncryption": "[parameters('enabledForDiskEncryption')]", + "tenantId": "[parameters('tenantId')]", + "accessPolicies": [ + { + "objectId": "[parameters('objectId')]", + "tenantId": "[parameters('tenantId')]", + "permissions": { + "keys": "[parameters('keysPermissions')]", + "secrets": "[parameters('secretsPermissions')]" + } + } + ], + "sku": { + "name": "[parameters('skuName')]", + "family": "A" + }, + "networkAcls": { + "defaultAction": "Allow", + "bypass": "AzureServices" + } + } + }, + { + "copy": { + "name": "secrets", + "count": "[length(parameters('secretsObject').secrets)]" + }, + "type": "Microsoft.KeyVault/vaults/secrets", + "apiVersion": "2018-02-14", + "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('secretsObject').secrets[copyIndex()].secretName)]", + "properties": { + "value": "[parameters('secretsObject').secrets[copyIndex()].secretValue]" + }, + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ] + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "14392977102697811712" + } + } } \ No newline at end of file diff --git a/docs/examples/201/log-analytics-with-solutions-and-diagnostics/main.bicep b/docs/examples/201/log-analytics-with-solutions-and-diagnostics/main.bicep index 2f4b295c963..4c8bbac110b 100644 --- a/docs/examples/201/log-analytics-with-solutions-and-diagnostics/main.bicep +++ b/docs/examples/201/log-analytics-with-solutions-and-diagnostics/main.bicep @@ -1,7 +1,4 @@ -param location string { - default: resourceGroup().location -} - +param location string = resourceGroup().location param logAnalyticsWorkspaceName string = 'la-${uniqueString(resourceGroup().id)}' var vmInsights = { diff --git a/docs/examples/201/policy-definition-with-assignment/main.bicep b/docs/examples/201/policy-definition-with-assignment/main.bicep index 4033aaef12d..379e5c22e8c 100644 --- a/docs/examples/201/policy-definition-with-assignment/main.bicep +++ b/docs/examples/201/policy-definition-with-assignment/main.bicep @@ -5,12 +5,11 @@ param listOfAllowedLocations array = [ 'westeurope' ] -param policyEffect string { - allowed: [ - 'Audit' - 'Deny' - ] -} +@allowed([ + 'Audit' + 'Deny' +]) +param policyEffect string resource locationPolicyDefinition 'Microsoft.Authorization/policyDefinitions@2020-09-01' = { name: 'custom-allowed-location' diff --git a/docs/examples/201/proximity-placement-with-multi-resource-groups/anchored-ppg.bicep b/docs/examples/201/proximity-placement-with-multi-resource-groups/anchored-ppg.bicep index ebcab1808b0..bf27055d93c 100644 --- a/docs/examples/201/proximity-placement-with-multi-resource-groups/anchored-ppg.bicep +++ b/docs/examples/201/proximity-placement-with-multi-resource-groups/anchored-ppg.bicep @@ -2,13 +2,13 @@ param location string = resourceGroup().location param adminSshKey string param subnetId string param vmName string -param zone int { - allowed: [ - 1 - 2 - 3 - ] -} + +@allowed([ + 1 + 2 + 3 +]) +param zone int resource ppg 'Microsoft.Compute/proximityPlacementGroups@2020-06-01' = { name: 'Zone-${zone}' diff --git a/docs/examples/201/redis-premium-cluster-diagnostics/main.bicep b/docs/examples/201/redis-premium-cluster-diagnostics/main.bicep index 8a33e2fa48c..16f15f61568 100644 --- a/docs/examples/201/redis-premium-cluster-diagnostics/main.bicep +++ b/docs/examples/201/redis-premium-cluster-diagnostics/main.bicep @@ -5,15 +5,15 @@ param location string = resourceGroup().location // Number of highly available shards to create in the cluster. Requires Premium SKU. param redisShardCount int // The size of the new Azure Redis Cache instance. Valid family and capacity combinations are (C0..C6, P1..P4). -param redisCacheCapacity int { - allowed: [ - 1 - 2 - 3 - 4 - ] - default: 1 -} + +@allowed([ + 1 + 2 + 3 + 4 +]) +param redisCacheCapacity int = 1 + // ResourceId of an existing storage account for diagnostics. Must be in the same subscription. param diagsStorageAccountId string // Set to true to allow access to redis on port 6379, without SSL tunneling (less secure). diff --git a/docs/examples/201/redis-premium-persistence/main.bicep b/docs/examples/201/redis-premium-persistence/main.bicep index 7b8415454ef..981d5d715c1 100644 --- a/docs/examples/201/redis-premium-persistence/main.bicep +++ b/docs/examples/201/redis-premium-persistence/main.bicep @@ -3,15 +3,15 @@ param redisCacheName string // The location of the Redis Cache. For best performance, use the same location as the app to be used with the cache. param location string = resourceGroup().location // The size of the new Azure Redis Cache instance. Valid family and capacity combinations are (C0..C6, P1..P4). -param redisCacheCapacity int { - allowed: [ - 1 - 2 - 3 - 4 - ] - default: 1 -} + +@allowed([ + 1 + 2 + 3 + 4 +]) +param redisCacheCapacity int = 1 + // Name for the resource group containing the storage accounts param storageRgName string = resourceGroup().name // Set to true to allow access to redis on port 6379, without SSL tunneling (less secure). diff --git a/docs/examples/201/sql/main.bicep b/docs/examples/201/sql/main.bicep index f83c58a16a3..8511f7f7d2d 100644 --- a/docs/examples/201/sql/main.bicep +++ b/docs/examples/201/sql/main.bicep @@ -1,15 +1,13 @@ param sqlAdministratorLogin string -param sqlAdministratorLoginPassword string { - secure: true -} -param transparentDataEncryption string { - default: 'Enabled' - allowed: [ - 'Enabled' - 'Disabled' - ] -} +@secure() +param sqlAdministratorLoginPassword string + +@allowed([ + 'Enabled' + 'Disabled' +]) +param transparentDataEncryption string = 'Enabled' param location string = resourceGroup().location diff --git a/docs/examples/201/vm-domain-join/main.bicep b/docs/examples/201/vm-domain-join/main.bicep index 9186fefe379..99601055cef 100644 --- a/docs/examples/201/vm-domain-join/main.bicep +++ b/docs/examples/201/vm-domain-join/main.bicep @@ -1,28 +1,28 @@ param existingVnetName string param existingSubnetName string -param dnsLabelPrefix string { - minLength: 1 - maxLength: 62 -} + +@minLength(1) +@maxLength(62) +param dnsLabelPrefix string + param vmSize string = 'Standard_A2_v2' param domainToJoin string param domainUserName string -param domainPassword string { - secure: true -} + +@secure() +param domainPassword string + param ouPath string -param domainJoinOptions int { - default: 3 - metadata: { - description: 'Set of bit flags that define the join options. Default value of 3 is a combination of NETSETUP_JOIN_DOMAIN (0x00000001) & NETSETUP_ACCT_CREATE (0x00000002) i.e. will join the domain and create the account on the domain. For more information see https://msdn.microsoft.com/en-us/library/aa392154(v=vs.85).aspx' - } -} + +@description('Set of bit flags that define the join options. Default value of 3 is a combination of NETSETUP_JOIN_DOMAIN (0x00000001) & NETSETUP_ACCT_CREATE (0x00000002) i.e. will join the domain and create the account on the domain. For more information see https://msdn.microsoft.com/en-us/library/aa392154(v=vs.85).aspx') +param domainJoinOptions int = 3 + param vmAdminUsername string -param vmAdminPassword string { - secure: true -} -param location string = resourceGroup().location +@secure() +param vmAdminPassword string + +param location string = resourceGroup().location var storageAccountName = uniqueString(resourceGroup().id, deployment().name) var imagePublisher = 'MicrosoftWindowsServer' var imageOffer = 'WindowsServer' diff --git a/docs/examples/201/vm-domain-join/main.json b/docs/examples/201/vm-domain-join/main.json index 41289a7fdff..f9257cc20c7 100644 --- a/docs/examples/201/vm-domain-join/main.json +++ b/docs/examples/201/vm-domain-join/main.json @@ -1,197 +1,197 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "existingVnetName": { - "type": "string" - }, - "existingSubnetName": { - "type": "string" - }, - "dnsLabelPrefix": { - "type": "string", - "minLength": 1, - "maxLength": 62 - }, - "vmSize": { - "type": "string", - "defaultValue": "Standard_A2_v2" - }, - "domainToJoin": { - "type": "string" - }, - "domainUserName": { - "type": "string" - }, - "domainPassword": { - "type": "secureString" - }, - "ouPath": { - "type": "string" - }, - "domainJoinOptions": { - "type": "int", - "metadata": { - "description": "Set of bit flags that define the join options. Default value of 3 is a combination of NETSETUP_JOIN_DOMAIN (0x00000001) & NETSETUP_ACCT_CREATE (0x00000002) i.e. will join the domain and create the account on the domain. For more information see https://msdn.microsoft.com/en-us/library/aa392154(v=vs.85).aspx" - }, - "defaultValue": 3 - }, - "vmAdminUsername": { - "type": "string" - }, - "vmAdminPassword": { - "type": "secureString" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - } - }, - "functions": [], - "variables": { - "storageAccountName": "[uniqueString(resourceGroup().id, deployment().name)]", - "imagePublisher": "MicrosoftWindowsServer", - "imageOffer": "WindowsServer", - "windowsOSVersion": "2019-Datacenter", - "nicName": "[format('{0}-nic', parameters('dnsLabelPrefix'))]", - "publicIpName": "[format('{0}-pip', parameters('dnsLabelPrefix'))]", - "subnetId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('existingVnetName'), parameters('existingSubnetName'))]" - }, - "resources": [ - { - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2020-06-01", - "name": "[variables('publicIpName')]", - "location": "[parameters('location')]", - "properties": { - "publicIPAllocationMethod": "Dynamic", - "dnsSettings": { - "domainNameLabel": "[parameters('dnsLabelPrefix')]" - } - } - }, - { - "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2020-08-01-preview", - "name": "[variables('storageAccountName')]", - "location": "[parameters('location')]", - "kind": "StorageV2", - "sku": { - "name": "Standard_LRS", - "tier": "Standard" - } - }, - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2020-06-01", - "name": "[variables('nicName')]", - "location": "[parameters('location')]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIpName'))]" - }, - "subnet": { - "id": "[variables('subnetId')]" - } - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIpName'))]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2020-06-01", - "name": "[parameters('dnsLabelPrefix')]", - "location": "[parameters('location')]", - "properties": { - "hardwareProfile": { - "vmSize": "[parameters('vmSize')]" - }, - "osProfile": { - "computerName": "[parameters('dnsLabelPrefix')]", - "adminUsername": "[parameters('vmAdminUsername')]", - "adminPassword": "[parameters('vmAdminPassword')]" - }, - "storageProfile": { - "imageReference": { - "publisher": "[variables('imagePublisher')]", - "offer": "[variables('imageOffer')]", - "sku": "[variables('windowsOSVersion')]", - "version": "latest" - }, - "osDisk": { - "name": "[format('{0}-OsDisk', parameters('dnsLabelPrefix'))]", - "caching": "ReadWrite", - "createOption": "FromImage" - }, - "dataDisks": [ - { - "name": "[format('{0}-DataDisk', parameters('dnsLabelPrefix'))]", - "caching": "None", - "createOption": "Empty", - "diskSizeGB": 1024, - "lun": 0 - } - ] - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]" - } - ] - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": true, - "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))).primaryEndpoints.blob]" - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]", - "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2020-06-01", - "name": "[format('{0}/joindomain', parameters('dnsLabelPrefix'))]", - "location": "[parameters('location')]", - "properties": { - "publisher": "Microsoft.Compute", - "type": "JsonADDomainExtension", - "typeHandlerVersion": "1.3", - "autoUpgradeMinorVersion": true, - "settings": { - "name": "[parameters('domainToJoin')]", - "ouPath": "[parameters('ouPath')]", - "user": "[format('{0}\\{1}', parameters('domainToJoin'), parameters('domainUserName'))]", - "restart": true, - "options": "[parameters('domainJoinOptions')]" - }, - "protectedSettings": { - "password": "[parameters('domainPassword')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('dnsLabelPrefix'))]" - ] - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "1089021762594465296" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "existingVnetName": { + "type": "string" + }, + "existingSubnetName": { + "type": "string" + }, + "dnsLabelPrefix": { + "type": "string", + "maxLength": 62, + "minLength": 1 + }, + "vmSize": { + "type": "string", + "defaultValue": "Standard_A2_v2" + }, + "domainToJoin": { + "type": "string" + }, + "domainUserName": { + "type": "string" + }, + "domainPassword": { + "type": "secureString" + }, + "ouPath": { + "type": "string" + }, + "domainJoinOptions": { + "type": "int", + "defaultValue": 3, + "metadata": { + "description": "Set of bit flags that define the join options. Default value of 3 is a combination of NETSETUP_JOIN_DOMAIN (0x00000001) & NETSETUP_ACCT_CREATE (0x00000002) i.e. will join the domain and create the account on the domain. For more information see https://msdn.microsoft.com/en-us/library/aa392154(v=vs.85).aspx" + } + }, + "vmAdminUsername": { + "type": "string" + }, + "vmAdminPassword": { + "type": "secureString" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + } + }, + "functions": [], + "variables": { + "storageAccountName": "[uniqueString(resourceGroup().id, deployment().name)]", + "imagePublisher": "MicrosoftWindowsServer", + "imageOffer": "WindowsServer", + "windowsOSVersion": "2019-Datacenter", + "nicName": "[format('{0}-nic', parameters('dnsLabelPrefix'))]", + "publicIpName": "[format('{0}-pip', parameters('dnsLabelPrefix'))]", + "subnetId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('existingVnetName'), parameters('existingSubnetName'))]" + }, + "resources": [ + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2020-06-01", + "name": "[variables('publicIpName')]", + "location": "[parameters('location')]", + "properties": { + "publicIPAllocationMethod": "Dynamic", + "dnsSettings": { + "domainNameLabel": "[parameters('dnsLabelPrefix')]" + } + } + }, + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2020-08-01-preview", + "name": "[variables('storageAccountName')]", + "location": "[parameters('location')]", + "kind": "StorageV2", + "sku": { + "name": "Standard_LRS", + "tier": "Standard" + } + }, + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2020-06-01", + "name": "[variables('nicName')]", + "location": "[parameters('location')]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIpName'))]" + }, + "subnet": { + "id": "[variables('subnetId')]" + } + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIpName'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2020-06-01", + "name": "[parameters('dnsLabelPrefix')]", + "location": "[parameters('location')]", + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[parameters('dnsLabelPrefix')]", + "adminUsername": "[parameters('vmAdminUsername')]", + "adminPassword": "[parameters('vmAdminPassword')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "[variables('imagePublisher')]", + "offer": "[variables('imageOffer')]", + "sku": "[variables('windowsOSVersion')]", + "version": "latest" + }, + "osDisk": { + "name": "[format('{0}-OsDisk', parameters('dnsLabelPrefix'))]", + "caching": "ReadWrite", + "createOption": "FromImage" + }, + "dataDisks": [ + { + "name": "[format('{0}-DataDisk', parameters('dnsLabelPrefix'))]", + "caching": "None", + "createOption": "Empty", + "diskSizeGB": 1024, + "lun": 0 + } + ] + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": true, + "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))).primaryEndpoints.blob]" + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2020-06-01", + "name": "[format('{0}/joindomain', parameters('dnsLabelPrefix'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "JsonADDomainExtension", + "typeHandlerVersion": "1.3", + "autoUpgradeMinorVersion": true, + "settings": { + "name": "[parameters('domainToJoin')]", + "ouPath": "[parameters('ouPath')]", + "user": "[format('{0}\\{1}', parameters('domainToJoin'), parameters('domainUserName'))]", + "restart": true, + "options": "[parameters('domainJoinOptions')]" + }, + "protectedSettings": { + "password": "[parameters('domainPassword')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('dnsLabelPrefix'))]" + ] + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "10104082696837527939" + } + } } \ No newline at end of file diff --git a/docs/examples/201/vm-new-or-existing-conditions/main.bicep b/docs/examples/201/vm-new-or-existing-conditions/main.bicep index adff99ea53d..651166451de 100644 --- a/docs/examples/201/vm-new-or-existing-conditions/main.bicep +++ b/docs/examples/201/vm-new-or-existing-conditions/main.bicep @@ -1,128 +1,69 @@ -param location string { - metadata: { - description: 'Location to for the resources.' - } - default: resourceGroup().location -} -param vmName string { - metadata: { - description: 'Name for the Virtual Machine.' - } - default: 'linux-vm' -} -param adminUsername string { - metadata: { - description: 'User name for the Virtual Machine.' - } -} -param authenticationType string { - allowed: [ - 'password' - 'sshPublicKey' - ] - metadata: { - description: 'Type of authentication to use on the Virtual Machine.' - } - default: 'sshPublicKey' -} -param adminPasswordOrKey string { - metadata: { - description: 'Password or ssh key for the Virtual Machine.' - } - secure: true -} -param vmSize string { - metadata: { - description: 'Size for the Virtual Machine.' - } - default: 'Standard_A2_v2' -} -param createNewStorageAccount bool { - metadata: { - description: 'Determines whether or not a new storage account should be provisioned.' - } - default: true -} -param storageAccountName string { - metadata: { - description: 'Name of the storage account' - } - default: 'storage${uniqueString(resourceGroup().id)}' -} -param storageAccountType string { - metadata: { - description: 'Storage account type' - } - default: 'Standard_LRS' -} -param storageAccountResourceGroupName string { - metadata: { - description: 'Name of the resource group for the existing storage account' - } - default: resourceGroup().name -} -param createNewVnet bool { - metadata: { - description: 'Determines whether or not a new virtual network should be provisioned.' - } - default: true -} -param vnetName string { - metadata: { - description: 'Name of the virtual network' - } - default: 'VirtualNetwork' -} -param addressPrefixes array { - metadata: { - description: 'Address prefix of the virtual network' - } - default: [ - '10.0.0.0/16' - ] -} -param subnetName string { - metadata: { - description: 'Name of the subnet' - } - default: 'default' -} -param subnetPrefix string { - metadata: { - description: 'Subnet prefix of the virtual network' - } - default: '10.0.0.0/24' -} -param vnetResourceGroupName string { - metadata: { - description: 'Name of the resource group for the existing virtual network' - } - default: resourceGroup().name -} -param createNewPublicIP bool { - metadata: { - description: 'Determines whether or not a new public ip should be provisioned.' - } - default: true -} -param publicIPName string { - metadata: { - description: 'Name of the public ip address' - } - default: 'PublicIp' -} -param publicIPDns string { - metadata: { - description: 'DNS of the public ip address for the VM' - } - default: 'linux-vm-${uniqueString(resourceGroup().id)}' -} -param publicIPResourceGroupName string { - metadata: { - description: 'Name of the resource group for the public ip address' - } - default: resourceGroup().name -} +@description('Location to for the resources.') +param location string = resourceGroup().location + +@description('Name for the Virtual Machine.') +param vmName string = 'linux-vm' + +@description('User name for the Virtual Machine.') +param adminUsername string + +@allowed([ + 'password' + 'sshPublicKey' +]) +@description('Type of authentication to use on the Virtual Machine.') +param authenticationType string = 'sshPublicKey' + +@secure() +@description('Password or ssh key for the Virtual Machine.') +param adminPasswordOrKey string + +@description('Size for the Virtual Machine.') +param vmSize string = 'Standard_A2_v2' + +@description('Determines whether or not a new storage account should be provisioned.') +param createNewStorageAccount bool = true + +@description('Name of the storage account') +param storageAccountName string = 'storage${uniqueString(resourceGroup().id)}' + +@description('Storage account type') +param storageAccountType string = 'Standard_LRS' + +@description('Name of the resource group for the existing storage account') +param storageAccountResourceGroupName string = resourceGroup().name + +@description('Determines whether or not a new virtual network should be provisioned.') +param createNewVnet bool = true + +@description('Name of the virtual network') +param vnetName string = 'VirtualNetwork' + +@description('Address prefix of the virtual network') +param addressPrefixes array = [ + '10.0.0.0/16' +] + +@description('Name of the subnet') +param subnetName string = 'default' + +@description('Subnet prefix of the virtual network') +param subnetPrefix string = '10.0.0.0/24' + +@description('Name of the resource group for the existing virtual network') +param vnetResourceGroupName string = resourceGroup().name + +@description('Determines whether or not a new public ip should be provisioned.') +param createNewPublicIP bool = true + +@description('Name of the public ip address') +param publicIPName string = 'PublicIp' + +@description('DNS of the public ip address for the VM') +param publicIPDns string = 'linux-vm-${uniqueString(resourceGroup().id)}' + +@description('Name of the resource group for the public ip address') +param publicIPResourceGroupName string = resourceGroup().name var storageAccountId = createNewStorageAccount ? storageAccount.id : resourceId(storageAccountResourceGroupName, 'Microsoft.Storage/storageAccounts/', storageAccountName) var subnetId = createNewVnet ? subnet.id : resourceId(vnetResourceGroupName, 'Microsoft.Network/virtualNetworks/subnets', vnetName, subnetName) diff --git a/docs/examples/201/vm-new-or-existing-conditions/main.json b/docs/examples/201/vm-new-or-existing-conditions/main.json index aed5fb96ce8..37ac00fca79 100644 --- a/docs/examples/201/vm-new-or-existing-conditions/main.json +++ b/docs/examples/201/vm-new-or-existing-conditions/main.json @@ -1,313 +1,313 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "metadata": { - "description": "Location to for the resources." - }, - "defaultValue": "[resourceGroup().location]" - }, - "vmName": { - "type": "string", - "metadata": { - "description": "Name for the Virtual Machine." - }, - "defaultValue": "linux-vm" - }, - "adminUsername": { - "type": "string", - "metadata": { - "description": "User name for the Virtual Machine." - } - }, - "authenticationType": { - "type": "string", - "metadata": { - "description": "Type of authentication to use on the Virtual Machine." - }, - "defaultValue": "sshPublicKey", - "allowedValues": [ - "password", - "sshPublicKey" - ] - }, - "adminPasswordOrKey": { - "type": "secureString", - "metadata": { - "description": "Password or ssh key for the Virtual Machine." - } - }, - "vmSize": { - "type": "string", - "metadata": { - "description": "Size for the Virtual Machine." - }, - "defaultValue": "Standard_A2_v2" - }, - "createNewStorageAccount": { - "type": "bool", - "metadata": { - "description": "Determines whether or not a new storage account should be provisioned." - }, - "defaultValue": true - }, - "storageAccountName": { - "type": "string", - "metadata": { - "description": "Name of the storage account" - }, - "defaultValue": "[format('storage{0}', uniqueString(resourceGroup().id))]" - }, - "storageAccountType": { - "type": "string", - "metadata": { - "description": "Storage account type" - }, - "defaultValue": "Standard_LRS" - }, - "storageAccountResourceGroupName": { - "type": "string", - "metadata": { - "description": "Name of the resource group for the existing storage account" - }, - "defaultValue": "[resourceGroup().name]" - }, - "createNewVnet": { - "type": "bool", - "metadata": { - "description": "Determines whether or not a new virtual network should be provisioned." - }, - "defaultValue": true - }, - "vnetName": { - "type": "string", - "metadata": { - "description": "Name of the virtual network" - }, - "defaultValue": "VirtualNetwork" - }, - "addressPrefixes": { - "type": "array", - "metadata": { - "description": "Address prefix of the virtual network" - }, - "defaultValue": [ - "10.0.0.0/16" - ] - }, - "subnetName": { - "type": "string", - "metadata": { - "description": "Name of the subnet" - }, - "defaultValue": "default" - }, - "subnetPrefix": { - "type": "string", - "metadata": { - "description": "Subnet prefix of the virtual network" - }, - "defaultValue": "10.0.0.0/24" - }, - "vnetResourceGroupName": { - "type": "string", - "metadata": { - "description": "Name of the resource group for the existing virtual network" - }, - "defaultValue": "[resourceGroup().name]" - }, - "createNewPublicIP": { - "type": "bool", - "metadata": { - "description": "Determines whether or not a new public ip should be provisioned." - }, - "defaultValue": true - }, - "publicIPName": { - "type": "string", - "metadata": { - "description": "Name of the public ip address" - }, - "defaultValue": "PublicIp" - }, - "publicIPDns": { - "type": "string", - "metadata": { - "description": "DNS of the public ip address for the VM" - }, - "defaultValue": "[format('linux-vm-{0}', uniqueString(resourceGroup().id))]" - }, - "publicIPResourceGroupName": { - "type": "string", - "metadata": { - "description": "Name of the resource group for the public ip address" - }, - "defaultValue": "[resourceGroup().name]" - } - }, - "functions": [], - "variables": { - "storageAccountId": "[if(parameters('createNewStorageAccount'), resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), resourceId(parameters('storageAccountResourceGroupName'), 'Microsoft.Storage/storageAccounts/', parameters('storageAccountName')))]", - "subnetId": "[if(parameters('createNewVnet'), resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('vnetName'), parameters('subnetName')), '/')[0], split(format('{0}/{1}', parameters('vnetName'), parameters('subnetName')), '/')[1]), resourceId(parameters('vnetResourceGroupName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')))]", - "publicIPId": "[if(parameters('createNewPublicIP'), resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPName')), resourceId(parameters('publicIPResourceGroupName'), 'Microsoft.Network/publicIPAddresses', parameters('publicIPName')))]" - }, - "resources": [ - { - "condition": "[parameters('createNewStorageAccount')]", - "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2017-06-01", - "name": "[parameters('storageAccountName')]", - "location": "[parameters('location')]", - "kind": "Storage", - "sku": { - "name": "[parameters('storageAccountType')]" - } - }, - { - "condition": "[parameters('createNewPublicIP')]", - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2017-09-01", - "name": "[parameters('publicIPName')]", - "location": "[parameters('location')]", - "properties": { - "publicIPAllocationMethod": "Dynamic", - "dnsSettings": { - "domainNameLabel": "[parameters('publicIPDns')]" - } - } - }, - { - "condition": "[parameters('createNewVnet')]", - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2019-08-01", - "name": "default-NSG", - "location": "[parameters('location')]", - "properties": { - "securityRules": [ - { - "name": "default-allow-22", - "properties": { - "priority": 1000, - "access": "Allow", - "direction": "Inbound", - "destinationPortRange": "22", - "protocol": "Tcp", - "sourceAddressPrefix": "*", - "sourcePortRange": "*", - "destinationAddressPrefix": "*" - } - } - ] - } - }, - { - "condition": "[parameters('createNewVnet')]", - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2017-09-01", - "name": "[parameters('vnetName')]", - "location": "[parameters('location')]", - "properties": { - "addressSpace": { - "addressPrefixes": "[parameters('addressPrefixes')]" - } - } - }, - { - "condition": "[parameters('createNewVnet')]", - "type": "Microsoft.Network/virtualNetworks/subnets", - "apiVersion": "2017-09-01", - "name": "[format('{0}/{1}', parameters('vnetName'), parameters('subnetName'))]", - "properties": { - "addressPrefix": "[parameters('subnetPrefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'default-NSG')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', 'default-NSG')]", - "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]" - ] - }, - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2017-09-01", - "name": "[format('{0}-nic', parameters('vmName'))]", - "location": "[parameters('location')]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[variables('subnetId')]" - }, - "publicIPAddress": { - "id": "[variables('publicIPId')]" - } - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPName'))]", - "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('vnetName'), parameters('subnetName')), '/')[0], split(format('{0}/{1}', parameters('vnetName'), parameters('subnetName')), '/')[1])]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2017-03-30", - "name": "[parameters('vmName')]", - "location": "[parameters('location')]", - "properties": { - "hardwareProfile": { - "vmSize": "[parameters('vmSize')]" - }, - "osProfile": { - "computerName": "[parameters('vmName')]", - "adminUsername": "[parameters('adminUsername')]", - "adminPassword": "[parameters('adminPasswordOrKey')]", - "linuxConfiguration": "[if(not(equals(parameters('authenticationType'), 'password')), createObject('disablePasswordAuthentication', true(), 'ssh', createObject('publicKeys', createArray(createObject('path', format('/home/{0}/.ssh/authorized_keys', parameters('adminUsername')), 'keyData', parameters('adminPasswordOrKey'))))), null())]" - }, - "storageProfile": { - "imageReference": { - "publisher": "Canonical", - "offer": "UbuntuServer", - "sku": "16.04-LTS", - "version": "latest" - }, - "osDisk": { - "caching": "ReadWrite", - "createOption": "FromImage" - } - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}-nic', parameters('vmName')))]" - } - ] - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": true, - "storageUri": "[reference(variables('storageAccountId')).primaryEndpoints.blob]" - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', format('{0}-nic', parameters('vmName')))]", - "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]" - ] - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "6390559928971851490" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Location to for the resources." + } + }, + "vmName": { + "type": "string", + "defaultValue": "linux-vm", + "metadata": { + "description": "Name for the Virtual Machine." + } + }, + "adminUsername": { + "type": "string", + "metadata": { + "description": "User name for the Virtual Machine." + } + }, + "authenticationType": { + "type": "string", + "defaultValue": "sshPublicKey", + "metadata": { + "description": "Type of authentication to use on the Virtual Machine." + }, + "allowedValues": [ + "password", + "sshPublicKey" + ] + }, + "adminPasswordOrKey": { + "type": "secureString", + "metadata": { + "description": "Password or ssh key for the Virtual Machine." + } + }, + "vmSize": { + "type": "string", + "defaultValue": "Standard_A2_v2", + "metadata": { + "description": "Size for the Virtual Machine." + } + }, + "createNewStorageAccount": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Determines whether or not a new storage account should be provisioned." + } + }, + "storageAccountName": { + "type": "string", + "defaultValue": "[format('storage{0}', uniqueString(resourceGroup().id))]", + "metadata": { + "description": "Name of the storage account" + } + }, + "storageAccountType": { + "type": "string", + "defaultValue": "Standard_LRS", + "metadata": { + "description": "Storage account type" + } + }, + "storageAccountResourceGroupName": { + "type": "string", + "defaultValue": "[resourceGroup().name]", + "metadata": { + "description": "Name of the resource group for the existing storage account" + } + }, + "createNewVnet": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Determines whether or not a new virtual network should be provisioned." + } + }, + "vnetName": { + "type": "string", + "defaultValue": "VirtualNetwork", + "metadata": { + "description": "Name of the virtual network" + } + }, + "addressPrefixes": { + "type": "array", + "defaultValue": [ + "10.0.0.0/16" + ], + "metadata": { + "description": "Address prefix of the virtual network" + } + }, + "subnetName": { + "type": "string", + "defaultValue": "default", + "metadata": { + "description": "Name of the subnet" + } + }, + "subnetPrefix": { + "type": "string", + "defaultValue": "10.0.0.0/24", + "metadata": { + "description": "Subnet prefix of the virtual network" + } + }, + "vnetResourceGroupName": { + "type": "string", + "defaultValue": "[resourceGroup().name]", + "metadata": { + "description": "Name of the resource group for the existing virtual network" + } + }, + "createNewPublicIP": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Determines whether or not a new public ip should be provisioned." + } + }, + "publicIPName": { + "type": "string", + "defaultValue": "PublicIp", + "metadata": { + "description": "Name of the public ip address" + } + }, + "publicIPDns": { + "type": "string", + "defaultValue": "[format('linux-vm-{0}', uniqueString(resourceGroup().id))]", + "metadata": { + "description": "DNS of the public ip address for the VM" + } + }, + "publicIPResourceGroupName": { + "type": "string", + "defaultValue": "[resourceGroup().name]", + "metadata": { + "description": "Name of the resource group for the public ip address" + } + } + }, + "functions": [], + "variables": { + "storageAccountId": "[if(parameters('createNewStorageAccount'), resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), resourceId(parameters('storageAccountResourceGroupName'), 'Microsoft.Storage/storageAccounts/', parameters('storageAccountName')))]", + "subnetId": "[if(parameters('createNewVnet'), resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('vnetName'), parameters('subnetName')), '/')[0], split(format('{0}/{1}', parameters('vnetName'), parameters('subnetName')), '/')[1]), resourceId(parameters('vnetResourceGroupName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')))]", + "publicIPId": "[if(parameters('createNewPublicIP'), resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPName')), resourceId(parameters('publicIPResourceGroupName'), 'Microsoft.Network/publicIPAddresses', parameters('publicIPName')))]" + }, + "resources": [ + { + "condition": "[parameters('createNewStorageAccount')]", + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2017-06-01", + "name": "[parameters('storageAccountName')]", + "location": "[parameters('location')]", + "kind": "Storage", + "sku": { + "name": "[parameters('storageAccountType')]" + } + }, + { + "condition": "[parameters('createNewPublicIP')]", + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2017-09-01", + "name": "[parameters('publicIPName')]", + "location": "[parameters('location')]", + "properties": { + "publicIPAllocationMethod": "Dynamic", + "dnsSettings": { + "domainNameLabel": "[parameters('publicIPDns')]" + } + } + }, + { + "condition": "[parameters('createNewVnet')]", + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2019-08-01", + "name": "default-NSG", + "location": "[parameters('location')]", + "properties": { + "securityRules": [ + { + "name": "default-allow-22", + "properties": { + "priority": 1000, + "access": "Allow", + "direction": "Inbound", + "destinationPortRange": "22", + "protocol": "Tcp", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + } + ] + } + }, + { + "condition": "[parameters('createNewVnet')]", + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2017-09-01", + "name": "[parameters('vnetName')]", + "location": "[parameters('location')]", + "properties": { + "addressSpace": { + "addressPrefixes": "[parameters('addressPrefixes')]" + } + } + }, + { + "condition": "[parameters('createNewVnet')]", + "type": "Microsoft.Network/virtualNetworks/subnets", + "apiVersion": "2017-09-01", + "name": "[format('{0}/{1}', parameters('vnetName'), parameters('subnetName'))]", + "properties": { + "addressPrefix": "[parameters('subnetPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'default-NSG')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups', 'default-NSG')]", + "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]" + ] + }, + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2017-09-01", + "name": "[format('{0}-nic', parameters('vmName'))]", + "location": "[parameters('location')]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[variables('subnetId')]" + }, + "publicIPAddress": { + "id": "[variables('publicIPId')]" + } + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPName'))]", + "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('vnetName'), parameters('subnetName')), '/')[0], split(format('{0}/{1}', parameters('vnetName'), parameters('subnetName')), '/')[1])]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2017-03-30", + "name": "[parameters('vmName')]", + "location": "[parameters('location')]", + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[parameters('vmName')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPasswordOrKey')]", + "linuxConfiguration": "[if(not(equals(parameters('authenticationType'), 'password')), createObject('disablePasswordAuthentication', true(), 'ssh', createObject('publicKeys', createArray(createObject('path', format('/home/{0}/.ssh/authorized_keys', parameters('adminUsername')), 'keyData', parameters('adminPasswordOrKey'))))), null())]" + }, + "storageProfile": { + "imageReference": { + "publisher": "Canonical", + "offer": "UbuntuServer", + "sku": "16.04-LTS", + "version": "latest" + }, + "osDisk": { + "caching": "ReadWrite", + "createOption": "FromImage" + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}-nic', parameters('vmName')))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": true, + "storageUri": "[reference(variables('storageAccountId')).primaryEndpoints.blob]" + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', format('{0}-nic', parameters('vmName')))]", + "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]" + ] + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "6634282571995574505" + } + } } \ No newline at end of file diff --git a/docs/examples/201/vm-push-cert-windows/main.bicep b/docs/examples/201/vm-push-cert-windows/main.bicep index 52cc97d0116..fbbe1c02116 100644 --- a/docs/examples/201/vm-push-cert-windows/main.bicep +++ b/docs/examples/201/vm-push-cert-windows/main.bicep @@ -4,9 +4,9 @@ param location string = resourceGroup().location param vmName string = 'WindowsVM' param vmSize string = 'Standard_DS2_v2' param adminUsername string -param adminPassword string { - secure: true -} + +@secure() +param adminPassword string param keyVaultName string param subId string = subscription().subscriptionId diff --git a/docs/examples/201/vm-windows-with-custom-script-extension/main.bicep b/docs/examples/201/vm-windows-with-custom-script-extension/main.bicep index 448975d7f1f..f0c8e952108 100644 --- a/docs/examples/201/vm-windows-with-custom-script-extension/main.bicep +++ b/docs/examples/201/vm-windows-with-custom-script-extension/main.bicep @@ -15,45 +15,42 @@ param virtualNetworkSubnetPrefix string = '10.0.0.0/24' // Username for the Virtual Machine. param virtualMachineAdminUsername string + // Password for the Virtual Machine. -param virtualMachineAdminPassword string { - secure: true -} +@secure() +param virtualMachineAdminPassword string + // Size of the Virtual Machine. -param virtualMachineSize string { - allowed: [ - 'Standard_D2s_v3' - 'Standard_D4s_v3' - 'Standard_D8s_v3' - ] - default: 'Standard_D8s_v3' -} +@allowed([ + 'Standard_D2s_v3' + 'Standard_D4s_v3' + 'Standard_D8s_v3' +]) +param virtualMachineSize string = 'Standard_D8s_v3' + // The publisher of the Virtual Machine. -param virtualMachinePublisher string { - allowed: [ - 'MicrosoftVisualStudio' - 'MicrosoftWindowsDesktop' - ] - default: 'MicrosoftWindowsDesktop' -} +@allowed([ + 'MicrosoftVisualStudio' + 'MicrosoftWindowsDesktop' +]) +param virtualMachinePublisher string = 'MicrosoftWindowsDesktop' + // The offer of the Virtual Machine -param virtualMachineOffer string { - allowed: [ - 'visualstudio2019latest' - 'Windows-10' - ] - default: 'Windows-10' -} +@allowed([ + 'visualstudio2019latest' + 'Windows-10' +]) +param virtualMachineOffer string = 'Windows-10' + // The Windows version for the VM. This will pick a fully patched image of this given Windows version. -param virtualMachineSku string { - allowed: [ - 'vs-2019-comm-latest-ws2019' - 'vs-2019-ent-latest-ws2019' - '20h1-pro-g2' - '20h1-ent-g2' - ] - default: '20h1-pro-g2' -} +@allowed([ + 'vs-2019-comm-latest-ws2019' + 'vs-2019-ent-latest-ws2019' + '20h1-pro-g2' + '20h1-ent-g2' +]) +param virtualMachineSku string = '20h1-pro-g2' + // The URI of the PowerShell Custom Script. param virtualMachineExtensionCustomScriptUri string = 'https://raw.githubusercontent.com/Azure/bicep/main/docs/examples/201/vm-windows-with-custom-script-extension/install.ps1' diff --git a/docs/examples/201/vm-windows10-with-nvidia-gpu-extension-and-condition/main.bicep b/docs/examples/201/vm-windows10-with-nvidia-gpu-extension-and-condition/main.bicep index 39d325e60b4..8c58532c4c8 100644 --- a/docs/examples/201/vm-windows10-with-nvidia-gpu-extension-and-condition/main.bicep +++ b/docs/examples/201/vm-windows10-with-nvidia-gpu-extension-and-condition/main.bicep @@ -1,8 +1,9 @@ //define parameters param localAdminName string = 'localadmin' -param localAdminPassword string { - secure: true -} + +@secure() +param localAdminPassword string + param vnetName string = 'bicep-demo-vnet' param vmSku string = 'Standard_NV6' param vmOS string = '20h2-ent' diff --git a/docs/examples/201/vmss-windows-autoscale/main.bicep b/docs/examples/201/vmss-windows-autoscale/main.bicep index 00c299f4f10..5fc235ce981 100644 --- a/docs/examples/201/vmss-windows-autoscale/main.bicep +++ b/docs/examples/201/vmss-windows-autoscale/main.bicep @@ -1,24 +1,25 @@ param vmSku string = 'Standard_A1_v2' -param windowsOSVersion string { - default: '2019-Datacenter' - allowed: [ - '2019-Datacenter' - '2016-Datacenter' - '2012-R2-Datacenter' - '2012-Datacenter' - ] -} -param vmssName string { - maxLength: 61 -} -param instanceCount int { - maxValue: 100 - minValue: 1 -} + +@allowed([ + '2019-Datacenter' + '2016-Datacenter' + '2012-R2-Datacenter' + '2012-Datacenter' +]) +param windowsOSVersion string = '2019-Datacenter' + +@maxLength(61) +param vmssName string + +@minValue(1) +@maxValue(100) +param instanceCount int + param adminUsername string -param adminPassword string { - secure: true -} + +@secure() +param adminPassword string + param location string = resourceGroup().location var namingInfix = toLower(substring('${vmssName}${uniqueString(resourceGroup().id)}', 0, 9)) diff --git a/docs/examples/201/vmss-windows-autoscale/main.json b/docs/examples/201/vmss-windows-autoscale/main.json index 0ba5a499356..57c5aeff2f0 100644 --- a/docs/examples/201/vmss-windows-autoscale/main.json +++ b/docs/examples/201/vmss-windows-autoscale/main.json @@ -1,275 +1,275 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "vmSku": { - "type": "string", - "defaultValue": "Standard_A1_v2" - }, - "windowsOSVersion": { - "type": "string", - "defaultValue": "2019-Datacenter", - "allowedValues": [ - "2019-Datacenter", - "2016-Datacenter", - "2012-R2-Datacenter", - "2012-Datacenter" - ] - }, - "vmssName": { - "type": "string", - "maxLength": 61 - }, - "instanceCount": { - "type": "int", - "minValue": 1, - "maxValue": 100 - }, - "adminUsername": { - "type": "string" - }, - "adminPassword": { - "type": "secureString" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - } - }, - "functions": [], - "variables": { - "namingInfix": "[toLower(substring(format('{0}{1}', parameters('vmssName'), uniqueString(resourceGroup().id)), 0, 9))]", - "longNamingInfix": "[toLower(parameters('vmssName'))]", - "addressPrefix": "10.0.0.0/16", - "subnetPrefix": "10.0.0.0/24", - "virtualNetworkName": "[format('{0}vnet', variables('namingInfix'))]", - "publicIPAddressName": "[format('{0}pip', variables('namingInfix'))]", - "subnetName": "[format('{0}subnet', variables('namingInfix'))]", - "loadBalancerName": "[format('{0}lb', variables('namingInfix'))]", - "natPoolName": "[format('{0}natpool', variables('namingInfix'))]", - "bePoolName": "[format('{0}bepool', variables('namingInfix'))]", - "natStartPort": 50000, - "natEndPort": 50119, - "natBackendPort": 3389, - "nicname": "[format('{0}nic', variables('namingInfix'))]", - "ipConfigName": "[format('{0}ipconfig', variables('namingInfix'))]", - "osType": { - "publisher": "MicrosoftWindowsServer", - "offer": "WindowsServer", - "sku": "[parameters('windowsOSVersion')]", - "version": "latest" - }, - "imageReference": "[variables('osType')]" - }, - "resources": [ - { - "type": "Microsoft.Network/virtualnetworks", - "apiVersion": "2015-05-01-preview", - "name": "[variables('virtualNetworkName')]", - "location": "[parameters('location')]", - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[variables('addressPrefix')]" - ] - }, - "subnets": [ - { - "name": "[variables('subnetName')]", - "properties": { - "addressPrefix": "[variables('subnetPrefix')]" - } - } - ] - } - }, - { - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2020-06-01", - "name": "[variables('publicIPAddressName')]", - "location": "[parameters('location')]", - "properties": { - "publicIPAllocationMethod": "Dynamic", - "dnsSettings": { - "domainNameLabel": "[variables('longNamingInfix')]" - } - } - }, - { - "type": "Microsoft.Network/loadBalancers", - "apiVersion": "2020-06-01", - "name": "[variables('loadBalancerName')]", - "location": "[parameters('location')]", - "properties": { - "frontendIPConfigurations": [ - { - "name": "LoadBalancerFrontEnd", - "properties": { - "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" - } - } - } - ], - "backendAddressPools": [ - { - "name": "[variables('bePoolName')]" - } - ], - "inboundNatPools": [ - { - "name": "[variables('natPoolName')]", - "properties": { - "frontendIPConfiguration": { - "id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', variables('loadBalancerName'), 'loadBalancerFrontEnd')]" - }, - "protocol": "Tcp", - "frontendPortRangeStart": "[variables('natStartPort')]", - "frontendPortRangeEnd": "[variables('natEndPort')]", - "backendPort": "[variables('natBackendPort')]" - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachineScaleSets", - "apiVersion": "2020-06-01", - "name": "[parameters('vmssName')]", - "location": "[parameters('location')]", - "sku": { - "name": "[parameters('vmSku')]", - "tier": "Standard", - "capacity": "[parameters('instanceCount')]" - }, - "properties": { - "overprovision": true, - "upgradePolicy": { - "mode": "Manual" - }, - "virtualMachineProfile": { - "storageProfile": { - "osDisk": { - "createOption": "FromImage", - "caching": "ReadWrite" - }, - "imageReference": "[variables('imageReference')]" - }, - "osProfile": { - "computerNamePrefix": "[variables('namingInfix')]", - "adminUsername": "[parameters('adminUsername')]", - "adminPassword": "[parameters('adminPassword')]" - }, - "networkProfile": { - "networkInterfaceConfigurations": [ - { - "name": "[variables('nicname')]", - "properties": { - "primary": true, - "ipConfigurations": [ - { - "name": "[variables('ipConfigName')]", - "properties": { - "subnet": { - "id": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualnetworks', variables('virtualNetworkName')), variables('subnetName'))]" - }, - "loadBalancerBackendAddressPools": [ - { - "id": "[format('{0}/backendAddressPools/{1}', resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), variables('bePoolName'))]" - } - ], - "loadBalancerInboundNatPools": [ - { - "id": "[format('{0}/inboundNatPools/{1}', resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), variables('natPoolName'))]" - } - ] - } - } - ] - } - } - ] - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName'))]", - "[resourceId('Microsoft.Network/virtualnetworks', variables('virtualNetworkName'))]" - ] - }, - { - "type": "microsoft.insights/autoscalesettings", - "apiVersion": "2015-04-01", - "name": "cpuautoscale", - "location": "[parameters('location')]", - "properties": { - "name": "cpuautoscale", - "targetResourceUri": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName'))]", - "enabled": true, - "profiles": [ - { - "name": "Profile1", - "capacity": { - "minimum": "1", - "maximum": "10", - "default": "1" - }, - "rules": [ - { - "metricTrigger": { - "metricName": "Percentage CPU", - "metricNamespace": "", - "metricResourceUri": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName'))]", - "timeGrain": "PT1M", - "timeWindow": "PT5M", - "timeAggregation": "Average", - "operator": "GreaterThan", - "threshold": 50, - "statistic": "Average" - }, - "scaleAction": { - "direction": "Increase", - "type": "ChangeCount", - "value": "1", - "cooldown": "PT5M" - } - }, - { - "metricTrigger": { - "metricName": "Percentage CPU", - "metricNamespace": "", - "metricResourceUri": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName'))]", - "timeGrain": "PT1M", - "timeWindow": "PT5M", - "timeAggregation": "Average", - "operator": "LessThan", - "threshold": 30, - "statistic": "Average" - }, - "scaleAction": { - "direction": "Decrease", - "type": "ChangeCount", - "value": "1", - "cooldown": "PT5M" - } - } - ] - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName'))]" - ] - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "4611734565961028292" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vmSku": { + "type": "string", + "defaultValue": "Standard_A1_v2" + }, + "windowsOSVersion": { + "type": "string", + "defaultValue": "2019-Datacenter", + "allowedValues": [ + "2019-Datacenter", + "2016-Datacenter", + "2012-R2-Datacenter", + "2012-Datacenter" + ] + }, + "vmssName": { + "type": "string", + "maxLength": 61 + }, + "instanceCount": { + "type": "int", + "maxValue": 100, + "minValue": 1 + }, + "adminUsername": { + "type": "string" + }, + "adminPassword": { + "type": "secureString" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + } + }, + "functions": [], + "variables": { + "namingInfix": "[toLower(substring(format('{0}{1}', parameters('vmssName'), uniqueString(resourceGroup().id)), 0, 9))]", + "longNamingInfix": "[toLower(parameters('vmssName'))]", + "addressPrefix": "10.0.0.0/16", + "subnetPrefix": "10.0.0.0/24", + "virtualNetworkName": "[format('{0}vnet', variables('namingInfix'))]", + "publicIPAddressName": "[format('{0}pip', variables('namingInfix'))]", + "subnetName": "[format('{0}subnet', variables('namingInfix'))]", + "loadBalancerName": "[format('{0}lb', variables('namingInfix'))]", + "natPoolName": "[format('{0}natpool', variables('namingInfix'))]", + "bePoolName": "[format('{0}bepool', variables('namingInfix'))]", + "natStartPort": 50000, + "natEndPort": 50119, + "natBackendPort": 3389, + "nicname": "[format('{0}nic', variables('namingInfix'))]", + "ipConfigName": "[format('{0}ipconfig', variables('namingInfix'))]", + "osType": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "[parameters('windowsOSVersion')]", + "version": "latest" + }, + "imageReference": "[variables('osType')]" + }, + "resources": [ + { + "type": "Microsoft.Network/virtualnetworks", + "apiVersion": "2015-05-01-preview", + "name": "[variables('virtualNetworkName')]", + "location": "[parameters('location')]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetPrefix')]" + } + } + ] + } + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2020-06-01", + "name": "[variables('publicIPAddressName')]", + "location": "[parameters('location')]", + "properties": { + "publicIPAllocationMethod": "Dynamic", + "dnsSettings": { + "domainNameLabel": "[variables('longNamingInfix')]" + } + } + }, + { + "type": "Microsoft.Network/loadBalancers", + "apiVersion": "2020-06-01", + "name": "[variables('loadBalancerName')]", + "location": "[parameters('location')]", + "properties": { + "frontendIPConfigurations": [ + { + "name": "LoadBalancerFrontEnd", + "properties": { + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" + } + } + } + ], + "backendAddressPools": [ + { + "name": "[variables('bePoolName')]" + } + ], + "inboundNatPools": [ + { + "name": "[variables('natPoolName')]", + "properties": { + "frontendIPConfiguration": { + "id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', variables('loadBalancerName'), 'loadBalancerFrontEnd')]" + }, + "protocol": "Tcp", + "frontendPortRangeStart": "[variables('natStartPort')]", + "frontendPortRangeEnd": "[variables('natEndPort')]", + "backendPort": "[variables('natBackendPort')]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachineScaleSets", + "apiVersion": "2020-06-01", + "name": "[parameters('vmssName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('vmSku')]", + "tier": "Standard", + "capacity": "[parameters('instanceCount')]" + }, + "properties": { + "overprovision": true, + "upgradePolicy": { + "mode": "Manual" + }, + "virtualMachineProfile": { + "storageProfile": { + "osDisk": { + "createOption": "FromImage", + "caching": "ReadWrite" + }, + "imageReference": "[variables('imageReference')]" + }, + "osProfile": { + "computerNamePrefix": "[variables('namingInfix')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]" + }, + "networkProfile": { + "networkInterfaceConfigurations": [ + { + "name": "[variables('nicname')]", + "properties": { + "primary": true, + "ipConfigurations": [ + { + "name": "[variables('ipConfigName')]", + "properties": { + "subnet": { + "id": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualnetworks', variables('virtualNetworkName')), variables('subnetName'))]" + }, + "loadBalancerBackendAddressPools": [ + { + "id": "[format('{0}/backendAddressPools/{1}', resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), variables('bePoolName'))]" + } + ], + "loadBalancerInboundNatPools": [ + { + "id": "[format('{0}/inboundNatPools/{1}', resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), variables('natPoolName'))]" + } + ] + } + } + ] + } + } + ] + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName'))]", + "[resourceId('Microsoft.Network/virtualnetworks', variables('virtualNetworkName'))]" + ] + }, + { + "type": "microsoft.insights/autoscalesettings", + "apiVersion": "2015-04-01", + "name": "cpuautoscale", + "location": "[parameters('location')]", + "properties": { + "name": "cpuautoscale", + "targetResourceUri": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName'))]", + "enabled": true, + "profiles": [ + { + "name": "Profile1", + "capacity": { + "minimum": "1", + "maximum": "10", + "default": "1" + }, + "rules": [ + { + "metricTrigger": { + "metricName": "Percentage CPU", + "metricNamespace": "", + "metricResourceUri": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName'))]", + "timeGrain": "PT1M", + "timeWindow": "PT5M", + "timeAggregation": "Average", + "operator": "GreaterThan", + "threshold": 50, + "statistic": "Average" + }, + "scaleAction": { + "direction": "Increase", + "type": "ChangeCount", + "value": "1", + "cooldown": "PT5M" + } + }, + { + "metricTrigger": { + "metricName": "Percentage CPU", + "metricNamespace": "", + "metricResourceUri": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName'))]", + "timeGrain": "PT1M", + "timeWindow": "PT5M", + "timeAggregation": "Average", + "operator": "LessThan", + "threshold": 30, + "statistic": "Average" + }, + "scaleAction": { + "direction": "Decrease", + "type": "ChangeCount", + "value": "1", + "cooldown": "PT5M" + } + } + ] + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName'))]" + ] + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "12362748810483649058" + } + } } \ No newline at end of file diff --git a/docs/examples/201/vnet-to-vnet-bgp/main.bicep b/docs/examples/201/vnet-to-vnet-bgp/main.bicep index 2bddca8d1a7..8b34b2030b3 100644 --- a/docs/examples/201/vnet-to-vnet-bgp/main.bicep +++ b/docs/examples/201/vnet-to-vnet-bgp/main.bicep @@ -1,17 +1,16 @@ // converted from https://github.com/Azure/azure-quickstart-templates/tree/master/201-vnet-to-vnet-bgp -param sharedKey string { - secure: true -} -param gatewaySku string { - allowed: [ - 'Standard' - 'HighPerformance' - 'VpnGw1' - 'VpnGw2' - 'VpnGw3' - ] - default: 'VpnGw1' -} +@secure() +param sharedKey string + +@allowed([ + 'Standard' + 'HighPerformance' + 'VpnGw1' + 'VpnGw2' + 'VpnGw3' +]) +param gatewaySku string = 'VpnGw1' + param location string = resourceGroup().location var vnet1cfg = { diff --git a/docs/examples/201/web-app-sql-database/main.bicep b/docs/examples/201/web-app-sql-database/main.bicep index 19d45b89786..dd52fa3bcf0 100644 --- a/docs/examples/201/web-app-sql-database/main.bicep +++ b/docs/examples/201/web-app-sql-database/main.bicep @@ -1,28 +1,27 @@ -param skuName string { - allowed: [ - 'F1' - 'D1' - 'B1' - 'B2' - 'B3' - 'S1' - 'S2' - 'S3' - 'P1' - 'P2' - 'P3' - 'P4' - ] - default: 'F1' -} -param skuCapacity int { - minValue: 1 - default: 1 -} +@allowed([ + 'F1' + 'D1' + 'B1' + 'B2' + 'B3' + 'S1' + 'S2' + 'S3' + 'P1' + 'P2' + 'P3' + 'P4' +]) +param skuName string = 'F1' + +@minValue(1) +param skuCapacity int = 1 + param sqlAdministratorLogin string -param sqlAdministratorLoginPassword string { - secure: true -} + +@secure() +param sqlAdministratorLoginPassword string + param location string = resourceGroup().location var hostingPlanName = 'hostingplan${uniqueString(resourceGroup().id)}' diff --git a/docs/examples/201/web-app-sql-database/main.json b/docs/examples/201/web-app-sql-database/main.json index 4a98fc145fb..963a2e5fd68 100644 --- a/docs/examples/201/web-app-sql-database/main.json +++ b/docs/examples/201/web-app-sql-database/main.json @@ -1,152 +1,152 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "skuName": { - "type": "string", - "defaultValue": "F1", - "allowedValues": [ - "F1", - "D1", - "B1", - "B2", - "B3", - "S1", - "S2", - "S3", - "P1", - "P2", - "P3", - "P4" - ] - }, - "skuCapacity": { - "type": "int", - "minValue": 1, - "defaultValue": 1 - }, - "sqlAdministratorLogin": { - "type": "string" - }, - "sqlAdministratorLoginPassword": { - "type": "secureString" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - } - }, - "functions": [], - "variables": { - "hostingPlanName": "[format('hostingplan{0}', uniqueString(resourceGroup().id))]", - "webSiteName": "[format('webSite{0}', uniqueString(resourceGroup().id))]", - "sqlserverName": "[format('sqlserver{0}', uniqueString(resourceGroup().id))]", - "databaseName": "sampledb" - }, - "resources": [ - { - "type": "Microsoft.Sql/servers", - "apiVersion": "2019-06-01-preview", - "name": "[variables('sqlserverName')]", - "location": "[parameters('location')]", - "properties": { - "administratorLogin": "[parameters('sqlAdministratorLogin')]", - "administratorLoginPassword": "[parameters('sqlAdministratorLoginPassword')]", - "version": "12.0" - } - }, - { - "type": "Microsoft.Sql/servers/databases", - "apiVersion": "2020-08-01-preview", - "name": "[format('{0}/{1}', variables('sqlserverName'), variables('databaseName'))]", - "location": "[parameters('location')]", - "sku": { - "name": "Basic" - }, - "properties": { - "collation": "SQL_Latin1_General_CP1_CI_AS", - "maxSizeBytes": 1073741824 - }, - "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]" - ] - }, - { - "type": "Microsoft.Sql/servers/firewallRules", - "apiVersion": "2014-04-01", - "name": "[format('{0}/AllowAllWindowsAzureIps', variables('sqlserverName'))]", - "properties": { - "endIpAddress": "0.0.0.0", - "startIpAddress": "0.0.0.0" - }, - "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]" - ] - }, - { - "type": "Microsoft.Web/serverfarms", - "apiVersion": "2020-06-01", - "name": "[variables('hostingPlanName')]", - "location": "[parameters('location')]", - "sku": { - "name": "[parameters('skuName')]", - "capacity": "[parameters('skuCapacity')]" - } - }, - { - "type": "Microsoft.Web/sites", - "apiVersion": "2020-06-01", - "name": "[variables('webSiteName')]", - "location": "[parameters('location')]", - "tags": { - "[format('hidden-related:{0}', resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName')))]": "empty", - "displayName": "Website" - }, - "properties": { - "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]" - ] - }, - { - "type": "Microsoft.Web/sites/config", - "apiVersion": "2020-06-01", - "name": "[format('{0}/connectionstrings', variables('webSiteName'))]", - "properties": { - "DefaultConnection": { - "value": "[format('Data Source=tcp:{0},1433;Initial Catalog={1};User Id={2}@{3};Password={4};', reference(resourceId('Microsoft.Sql/servers', variables('sqlserverName'))).fullyQualifiedDomainName, variables('databaseName'), parameters('sqlAdministratorLogin'), reference(resourceId('Microsoft.Sql/servers', variables('sqlserverName'))).fullyQualifiedDomainName, parameters('sqlAdministratorLoginPassword'))]", - "type": "SQLAzure" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]", - "[resourceId('Microsoft.Web/sites', variables('webSiteName'))]" - ] - }, - { - "type": "Microsoft.Insights/components", - "apiVersion": "2018-05-01-preview", - "name": "[format('AppInsights{0}', variables('webSiteName'))]", - "location": "[parameters('location')]", - "tags": { - "[format('hidden-link:{0}', resourceId('Microsoft.Web/sites', variables('webSiteName')))]": "Resource", - "displayName": "AppInsightsComponent" - }, - "kind": "web", - "properties": { - "Application_Type": "web" - }, - "dependsOn": [ - "[resourceId('Microsoft.Web/sites', variables('webSiteName'))]" - ] - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "10086225423190726705" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "skuName": { + "type": "string", + "defaultValue": "F1", + "allowedValues": [ + "F1", + "D1", + "B1", + "B2", + "B3", + "S1", + "S2", + "S3", + "P1", + "P2", + "P3", + "P4" + ] + }, + "skuCapacity": { + "type": "int", + "defaultValue": 1, + "minValue": 1 + }, + "sqlAdministratorLogin": { + "type": "string" + }, + "sqlAdministratorLoginPassword": { + "type": "secureString" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + } + }, + "functions": [], + "variables": { + "hostingPlanName": "[format('hostingplan{0}', uniqueString(resourceGroup().id))]", + "webSiteName": "[format('webSite{0}', uniqueString(resourceGroup().id))]", + "sqlserverName": "[format('sqlserver{0}', uniqueString(resourceGroup().id))]", + "databaseName": "sampledb" + }, + "resources": [ + { + "type": "Microsoft.Sql/servers", + "apiVersion": "2019-06-01-preview", + "name": "[variables('sqlserverName')]", + "location": "[parameters('location')]", + "properties": { + "administratorLogin": "[parameters('sqlAdministratorLogin')]", + "administratorLoginPassword": "[parameters('sqlAdministratorLoginPassword')]", + "version": "12.0" + } + }, + { + "type": "Microsoft.Sql/servers/databases", + "apiVersion": "2020-08-01-preview", + "name": "[format('{0}/{1}', variables('sqlserverName'), variables('databaseName'))]", + "location": "[parameters('location')]", + "sku": { + "name": "Basic" + }, + "properties": { + "collation": "SQL_Latin1_General_CP1_CI_AS", + "maxSizeBytes": 1073741824 + }, + "dependsOn": [ + "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]" + ] + }, + { + "type": "Microsoft.Sql/servers/firewallRules", + "apiVersion": "2014-04-01", + "name": "[format('{0}/AllowAllWindowsAzureIps', variables('sqlserverName'))]", + "properties": { + "endIpAddress": "0.0.0.0", + "startIpAddress": "0.0.0.0" + }, + "dependsOn": [ + "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]" + ] + }, + { + "type": "Microsoft.Web/serverfarms", + "apiVersion": "2020-06-01", + "name": "[variables('hostingPlanName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('skuName')]", + "capacity": "[parameters('skuCapacity')]" + } + }, + { + "type": "Microsoft.Web/sites", + "apiVersion": "2020-06-01", + "name": "[variables('webSiteName')]", + "location": "[parameters('location')]", + "tags": { + "[format('hidden-related:{0}', resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName')))]": "empty", + "displayName": "Website" + }, + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]" + ] + }, + { + "type": "Microsoft.Web/sites/config", + "apiVersion": "2020-06-01", + "name": "[format('{0}/connectionstrings', variables('webSiteName'))]", + "properties": { + "DefaultConnection": { + "value": "[format('Data Source=tcp:{0},1433;Initial Catalog={1};User Id={2}@{3};Password={4};', reference(resourceId('Microsoft.Sql/servers', variables('sqlserverName'))).fullyQualifiedDomainName, variables('databaseName'), parameters('sqlAdministratorLogin'), reference(resourceId('Microsoft.Sql/servers', variables('sqlserverName'))).fullyQualifiedDomainName, parameters('sqlAdministratorLoginPassword'))]", + "type": "SQLAzure" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]", + "[resourceId('Microsoft.Web/sites', variables('webSiteName'))]" + ] + }, + { + "type": "Microsoft.Insights/components", + "apiVersion": "2018-05-01-preview", + "name": "[format('AppInsights{0}', variables('webSiteName'))]", + "location": "[parameters('location')]", + "tags": { + "[format('hidden-link:{0}', resourceId('Microsoft.Web/sites', variables('webSiteName')))]": "Resource", + "displayName": "AppInsightsComponent" + }, + "kind": "web", + "properties": { + "Application_Type": "web" + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/sites', variables('webSiteName'))]" + ] + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "5125986164896305619" + } + } } \ No newline at end of file diff --git a/docs/examples/301/function-app-with-custom-domain-managed-certificate/main.bicep b/docs/examples/301/function-app-with-custom-domain-managed-certificate/main.bicep index 3e5ee44d1f6..51ff885b64e 100644 --- a/docs/examples/301/function-app-with-custom-domain-managed-certificate/main.bicep +++ b/docs/examples/301/function-app-with-custom-domain-managed-certificate/main.bicep @@ -1,9 +1,7 @@ param applicationName string -param dnsZone string { - metadata: { - description: 'Existing Azure DNS zone in target resource group' - } -} + +@description('Existing Azure DNS zone in target resource group') +param dnsZone string var location = resourceGroup().location var componentBase = '${substring(uniqueString(resourceGroup().id), 4)}-${applicationName}' diff --git a/docs/examples/301/insights-alertrules-application-insights/main.bicep b/docs/examples/301/insights-alertrules-application-insights/main.bicep index fa872d88f38..dacfc1e2093 100644 --- a/docs/examples/301/insights-alertrules-application-insights/main.bicep +++ b/docs/examples/301/insights-alertrules-application-insights/main.bicep @@ -1,11 +1,10 @@ param workspaceName string param applicationInsightsName string param location string = resourceGroup().location -param responseTimeThreshold int { - default: 3 - minValue: 1 - maxValue: 10000 -} + +@minValue(1) +@maxValue(10000) +param responseTimeThreshold int = 3 var responseAlertName = 'ResponseTime-${applicationInsightsName}' diff --git a/docs/examples/301/insights-alertrules-application-insights/main.json b/docs/examples/301/insights-alertrules-application-insights/main.json index aeb9a6ce14f..38203e38401 100644 --- a/docs/examples/301/insights-alertrules-application-insights/main.json +++ b/docs/examples/301/insights-alertrules-application-insights/main.json @@ -1,115 +1,115 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "workspaceName": { - "type": "string" - }, - "applicationInsightsName": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "responseTimeThreshold": { - "type": "int", - "minValue": 1, - "maxValue": 10000, - "defaultValue": 3 - } - }, - "functions": [], - "variables": { - "responseAlertName": "[format('ResponseTime-{0}', parameters('applicationInsightsName'))]" - }, - "resources": [ - { - "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2020-10-01", - "name": "[parameters('workspaceName')]", - "location": "[parameters('location')]", - "properties": { - "sku": { - "name": "Free" - } - } - }, - { - "type": "Microsoft.Insights/components", - "apiVersion": "2020-02-02-preview", - "name": "[parameters('applicationInsightsName')]", - "location": "[parameters('location')]", - "kind": "web", - "properties": { - "Application_Type": "web", - "WorkspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName'))]" - }, - "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName'))]" - ] - }, - { - "type": "Microsoft.Insights/metricAlerts", - "apiVersion": "2018-03-01", - "name": "[variables('responseAlertName')]", - "location": "global", - "properties": { - "description": "Response time alert", - "severity": 0, - "enabled": true, - "scopes": [ - "[resourceId('Microsoft.Insights/components', parameters('applicationInsightsName'))]" - ], - "evaluationFrequency": "PT1M", - "windowSize": "PT5M", - "criteria": { - "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria", - "allOf": [ - { - "name": "1st criterion", - "metricName": "requests/duration", - "operator": "GreaterThan", - "threshold": "[parameters('responseTimeThreshold')]", - "timeAggregation": "Average", - "criterionType": "StaticThresholdCriterion" - } - ] - }, - "actions": [ - { - "actionGroupId": "[resourceId('microsoft.insights/actionGroups', 'emailActionGroup')]" - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Insights/components', parameters('applicationInsightsName'))]", - "[resourceId('microsoft.insights/actionGroups', 'emailActionGroup')]" - ] - }, - { - "type": "microsoft.insights/actionGroups", - "apiVersion": "2019-06-01", - "name": "emailActionGroup", - "location": "global", - "properties": { - "groupShortName": "string", - "enabled": true, - "emailReceivers": [ - { - "name": "Example", - "emailAddress": "example@test.com", - "useCommonAlertSchema": true - } - ] - } - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "7148710910195702585" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "workspaceName": { + "type": "string" + }, + "applicationInsightsName": { + "type": "string" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "responseTimeThreshold": { + "type": "int", + "defaultValue": 3, + "maxValue": 10000, + "minValue": 1 + } + }, + "functions": [], + "variables": { + "responseAlertName": "[format('ResponseTime-{0}', parameters('applicationInsightsName'))]" + }, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces", + "apiVersion": "2020-10-01", + "name": "[parameters('workspaceName')]", + "location": "[parameters('location')]", + "properties": { + "sku": { + "name": "Free" + } + } + }, + { + "type": "Microsoft.Insights/components", + "apiVersion": "2020-02-02-preview", + "name": "[parameters('applicationInsightsName')]", + "location": "[parameters('location')]", + "kind": "web", + "properties": { + "Application_Type": "web", + "WorkspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName'))]" + }, + "dependsOn": [ + "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName'))]" + ] + }, + { + "type": "Microsoft.Insights/metricAlerts", + "apiVersion": "2018-03-01", + "name": "[variables('responseAlertName')]", + "location": "global", + "properties": { + "description": "Response time alert", + "severity": 0, + "enabled": true, + "scopes": [ + "[resourceId('Microsoft.Insights/components', parameters('applicationInsightsName'))]" + ], + "evaluationFrequency": "PT1M", + "windowSize": "PT5M", + "criteria": { + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria", + "allOf": [ + { + "name": "1st criterion", + "metricName": "requests/duration", + "operator": "GreaterThan", + "threshold": "[parameters('responseTimeThreshold')]", + "timeAggregation": "Average", + "criterionType": "StaticThresholdCriterion" + } + ] + }, + "actions": [ + { + "actionGroupId": "[resourceId('microsoft.insights/actionGroups', 'emailActionGroup')]" + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Insights/components', parameters('applicationInsightsName'))]", + "[resourceId('microsoft.insights/actionGroups', 'emailActionGroup')]" + ] + }, + { + "type": "microsoft.insights/actionGroups", + "apiVersion": "2019-06-01", + "name": "emailActionGroup", + "location": "global", + "properties": { + "groupShortName": "string", + "enabled": true, + "emailReceivers": [ + { + "name": "Example", + "emailAddress": "example@test.com", + "useCommonAlertSchema": true + } + ] + } + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "14666046413195078371" + } + } } \ No newline at end of file diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfw.bicep b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfw.bicep index 4c4d8ddc57d..c1d2862f14b 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfw.bicep +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfw.bicep @@ -1,43 +1,27 @@ param location string = resourceGroup().location param fwname string -param fwtype string { - allowed: [ - 'VNet' - 'vWAN' - ] - metadata: { - description: 'Specify if the Azure Firewall should be deployed to VNet or Virtual WAN Hub' - } -} -param fwpolicyid string { - metadata: { - description: 'Resoruce ID to the Firewall Policy to associate with the Azure Firewall' - } -} -param hubid string { - default: '' - metadata: { - description: 'Virtual Hub Resource ID, used when deploying Azure Firewall to Virtual WAN' - } -} -param hubpublicipcount int { - default: 1 - metadata: { - description: 'Specifies the number of public IPs to allocate to the firewall when deploying Azure Firewall to Virtual WAN' - } -} -param subnetid string { - default: '' - metadata: { - description: 'AzureFirewallSubnet ID, used when deploying Azure Firewall to Virtual Network' - } -} -param publicipid string { - default: '' - metadata: { - description: 'Azure Firewall Public IP ID, used when deploying Azure Firewall to Virtual Network' - } -} + +@allowed([ + 'VNet' + 'vWAN' +]) +@description('Specify if the Azure Firewall should be deployed to VNet or Virtual WAN Hub') +param fwtype string + +@description('Resoruce ID to the Firewall Policy to associate with the Azure Firewall') +param fwpolicyid string + +@description('Virtual Hub Resource ID, used when deploying Azure Firewall to Virtual WAN') +param hubid string = '' + +@description('Specifies the number of public IPs to allocate to the firewall when deploying Azure Firewall to Virtual WAN') +param hubpublicipcount int = 1 + +@description('AzureFirewallSubnet ID, used when deploying Azure Firewall to Virtual Network') +param subnetid string = '' + +@description('Azure Firewall Public IP ID, used when deploying Azure Firewall to Virtual Network') +param publicipid string = '' var hubfwproperties = { properties: { diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfw.json b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfw.json index b529d79000d..cfbf5dc4242 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfw.json +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfw.json @@ -1,119 +1,119 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "fwname": { - "type": "string" - }, - "fwtype": { - "type": "string", - "metadata": { - "description": "Specify if the Azure Firewall should be deployed to VNet or Virtual WAN Hub" - }, - "allowedValues": [ - "VNet", - "vWAN" - ] - }, - "fwpolicyid": { - "type": "string", - "metadata": { - "description": "Resoruce ID to the Firewall Policy to associate with the Azure Firewall" - } - }, - "hubid": { - "type": "string", - "metadata": { - "description": "Virtual Hub Resource ID, used when deploying Azure Firewall to Virtual WAN" - }, - "defaultValue": "" - }, - "hubpublicipcount": { - "type": "int", - "metadata": { - "description": "Specifies the number of public IPs to allocate to the firewall when deploying Azure Firewall to Virtual WAN" - }, - "defaultValue": 1 - }, - "subnetid": { - "type": "string", - "metadata": { - "description": "AzureFirewallSubnet ID, used when deploying Azure Firewall to Virtual Network" - }, - "defaultValue": "" - }, - "publicipid": { - "type": "string", - "metadata": { - "description": "Azure Firewall Public IP ID, used when deploying Azure Firewall to Virtual Network" - }, - "defaultValue": "" - } - }, - "functions": [], - "variables": { - "hubfwproperties": { - "properties": { - "sku": { - "name": "AZFW_Hub", - "tier": "Standard" - }, - "virtualHub": { - "id": "[parameters('hubid')]" - }, - "hubIPAddresses": { - "publicIPs": { - "count": "[parameters('hubpublicipcount')]" - } - }, - "firewallPolicy": { - "id": "[parameters('fwpolicyid')]" - } - } - }, - "vnetfwproperties": { - "properties": { - "sku": { - "name": "AZFW_VNet", - "tier": "Standard" - }, - "ipConfigurations": [ - { - "name": "[format('{0}-vnetIPConf', parameters('fwname'))]", - "properties": { - "subnet": { - "id": "[parameters('subnetid')]" - }, - "publicIPAddress": { - "id": "[parameters('publicipid')]" - } - } - } - ], - "firewallPolicy": { - "id": "[parameters('fwpolicyid')]" - } - } - } - }, - "resources": [ - { - "type": "Microsoft.Network/azureFirewalls", - "apiVersion": "2020-06-01", - "name": "[parameters('fwname')]", - "location": "[parameters('location')]", - "properties": "[if(equals(parameters('fwtype'), 'VNet'), variables('vnetfwproperties').properties, if(equals(parameters('fwtype'), 'vWAN'), variables('hubfwproperties').properties, null()))]" - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "12898515349131983239" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "fwname": { + "type": "string" + }, + "fwtype": { + "type": "string", + "metadata": { + "description": "Specify if the Azure Firewall should be deployed to VNet or Virtual WAN Hub" + }, + "allowedValues": [ + "VNet", + "vWAN" + ] + }, + "fwpolicyid": { + "type": "string", + "metadata": { + "description": "Resoruce ID to the Firewall Policy to associate with the Azure Firewall" + } + }, + "hubid": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Virtual Hub Resource ID, used when deploying Azure Firewall to Virtual WAN" + } + }, + "hubpublicipcount": { + "type": "int", + "defaultValue": 1, + "metadata": { + "description": "Specifies the number of public IPs to allocate to the firewall when deploying Azure Firewall to Virtual WAN" + } + }, + "subnetid": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "AzureFirewallSubnet ID, used when deploying Azure Firewall to Virtual Network" + } + }, + "publicipid": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Azure Firewall Public IP ID, used when deploying Azure Firewall to Virtual Network" + } + } + }, + "functions": [], + "variables": { + "hubfwproperties": { + "properties": { + "sku": { + "name": "AZFW_Hub", + "tier": "Standard" + }, + "virtualHub": { + "id": "[parameters('hubid')]" + }, + "hubIPAddresses": { + "publicIPs": { + "count": "[parameters('hubpublicipcount')]" + } + }, + "firewallPolicy": { + "id": "[parameters('fwpolicyid')]" + } + } + }, + "vnetfwproperties": { + "properties": { + "sku": { + "name": "AZFW_VNet", + "tier": "Standard" + }, + "ipConfigurations": [ + { + "name": "[format('{0}-vnetIPConf', parameters('fwname'))]", + "properties": { + "subnet": { + "id": "[parameters('subnetid')]" + }, + "publicIPAddress": { + "id": "[parameters('publicipid')]" + } + } + } + ], + "firewallPolicy": { + "id": "[parameters('fwpolicyid')]" + } + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/azureFirewalls", + "apiVersion": "2020-06-01", + "name": "[parameters('fwname')]", + "location": "[parameters('location')]", + "properties": "[if(equals(parameters('fwtype'), 'VNet'), variables('vnetfwproperties').properties, if(equals(parameters('fwtype'), 'vWAN'), variables('hubfwproperties').properties, null()))]" + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "797249695265074914" + } + } } \ No newline at end of file diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpip.bicep b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpip.bicep index 8ca18b51fb8..b250e5a93a2 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpip.bicep +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpip.bicep @@ -1,18 +1,15 @@ param location string = resourceGroup().location param pipname string = 'firewall-pip' param ipprefixname string = 'firewall-ipprefix' -param ipprefixlength int { - default: 31 - allowed: [ - 28 - 29 - 30 - 31 - ] - metadata: { - description: 'Specifies the size of the Public IP Prefix' - } -} + +@allowed([ + 28 + 29 + 30 + 31 +]) +@description('Specifies the size of the Public IP Prefix') +param ipprefixlength int = 31 resource fwipprefix 'Microsoft.Network/publicIPPrefixes@2020-06-01' = { name: ipprefixname diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpip.json b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpip.json index 61e4dfb2c2e..ec0ed017f88 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpip.json +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpip.json @@ -1,79 +1,79 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "pipname": { - "type": "string", - "defaultValue": "firewall-pip" - }, - "ipprefixname": { - "type": "string", - "defaultValue": "firewall-ipprefix" - }, - "ipprefixlength": { - "type": "int", - "metadata": { - "description": "Specifies the size of the Public IP Prefix" - }, - "defaultValue": 31, - "allowedValues": [ - 28, - 29, - 30, - 31 - ] - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/publicIPPrefixes", - "apiVersion": "2020-06-01", - "name": "[parameters('ipprefixname')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard" - }, - "properties": { - "prefixLength": "[parameters('ipprefixlength')]", - "publicIPAddressVersion": "IPv4", - "ipTags": [] - } - }, - { - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2020-06-01", - "name": "[parameters('pipname')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard" - }, - "properties": { - "publicIPAllocationMethod": "Static", - "publicIPPrefix": { - "id": "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('ipprefixname'))]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('ipprefixname'))]" - ] - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('pipname'))]" - } - }, - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "11163344508924143275" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "pipname": { + "type": "string", + "defaultValue": "firewall-pip" + }, + "ipprefixname": { + "type": "string", + "defaultValue": "firewall-ipprefix" + }, + "ipprefixlength": { + "type": "int", + "defaultValue": 31, + "metadata": { + "description": "Specifies the size of the Public IP Prefix" + }, + "allowedValues": [ + 28, + 29, + 30, + 31 + ] + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/publicIPPrefixes", + "apiVersion": "2020-06-01", + "name": "[parameters('ipprefixname')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "properties": { + "prefixLength": "[parameters('ipprefixlength')]", + "publicIPAddressVersion": "IPv4", + "ipTags": [] + } + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2020-06-01", + "name": "[parameters('pipname')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "properties": { + "publicIPAllocationMethod": "Static", + "publicIPPrefix": { + "id": "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('ipprefixname'))]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('ipprefixname'))]" + ] + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('pipname'))]" + } + }, + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "18185474887077886884" + } + } } \ No newline at end of file diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpolicy.bicep b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpolicy.bicep index 396664004b4..d7474d3b839 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpolicy.bicep +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpolicy.bicep @@ -1,13 +1,10 @@ param location string = resourceGroup().location param policyname string -param dnsservers array { - default: [ - '168.63.129.16' - ] - metadata: { - description: 'Specify custom DNS Servers for Azure Firewall' - } -} + +@description('Specify custom DNS Servers for Azure Firewall') +param dnsservers array = [ + '168.63.129.16' +] resource policy 'Microsoft.Network/firewallPolicies@2020-06-01' = { name: policyname diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpolicy.json b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpolicy.json index 2aaf5527e1f..3f9289d5968 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpolicy.json +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/azfwpolicy.json @@ -1,146 +1,146 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "policyname": { - "type": "string" - }, - "dnsservers": { - "type": "array", - "metadata": { - "description": "Specify custom DNS Servers for Azure Firewall" - }, - "defaultValue": [ - "168.63.129.16" - ] - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/firewallPolicies", - "apiVersion": "2020-06-01", - "name": "[parameters('policyname')]", - "location": "[parameters('location')]", - "properties": { - "threatIntelMode": "Alert", - "dnsSettings": { - "servers": "[parameters('dnsservers')]", - "enableProxy": true - } - } - }, - { - "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups", - "apiVersion": "2020-06-01", - "name": "[format('{0}/Platform-Rules', parameters('policyname'))]", - "properties": { - "priority": 100, - "ruleCollections": [ - { - "ruleCollectionType": "FirewallPolicyFilterRuleCollection", - "name": "Allow-Azure-KMS", - "priority": 100, - "action": { - "type": "Allow" - }, - "rules": [ - { - "ruleType": "NetworkRule", - "name": "Azure-KMS-Service", - "description": "Allow traffic from all Address Spaces to Azure platform KMS Service", - "sourceAddresses": [ - "*" - ], - "sourceIpGroups": [], - "ipProtocols": [ - "TCP" - ], - "destinationPorts": [ - "1688" - ], - "destinationIpGroups": [], - "destinationAddresses": [], - "destinationFqdns": [ - "kms.core.windows.net" - ] - } - ] - }, - { - "ruleCollectionType": "FirewallPolicyFilterRuleCollection", - "name": "Allow-Windows-Update", - "priority": 200, - "action": { - "type": "Allow" - }, - "rules": [ - { - "ruleType": "ApplicationRule", - "name": "Http", - "description": "Allow traffic from all sources to Azure platform KMS Service", - "sourceAddresses": [ - "*" - ], - "sourceIpGroups": [], - "protocols": [ - { - "protocolType": "Http", - "port": 80 - } - ], - "targetFqdns": [], - "fqdnTags": [ - "WindowsUpdate" - ] - }, - { - "ruleType": "ApplicationRule", - "name": "Https", - "description": "Allow traffic from all sources to Azure platform KMS Service", - "sourceAddresses": [ - "*" - ], - "sourceIpGroups": [], - "protocols": [ - { - "protocolType": "Https", - "port": 443 - } - ], - "targetFqdns": [], - "fqdnTags": [ - "WindowsUpdate" - ] - } - ] - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/firewallPolicies', parameters('policyname'))]" - ] - } - ], - "outputs": { - "name": { - "type": "string", - "value": "[parameters('policyname')]" - }, - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/firewallPolicies', parameters('policyname'))]" - } - }, - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "12627680286591408003" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "policyname": { + "type": "string" + }, + "dnsservers": { + "type": "array", + "defaultValue": [ + "168.63.129.16" + ], + "metadata": { + "description": "Specify custom DNS Servers for Azure Firewall" + } + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/firewallPolicies", + "apiVersion": "2020-06-01", + "name": "[parameters('policyname')]", + "location": "[parameters('location')]", + "properties": { + "threatIntelMode": "Alert", + "dnsSettings": { + "servers": "[parameters('dnsservers')]", + "enableProxy": true + } + } + }, + { + "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups", + "apiVersion": "2020-06-01", + "name": "[format('{0}/Platform-Rules', parameters('policyname'))]", + "properties": { + "priority": 100, + "ruleCollections": [ + { + "ruleCollectionType": "FirewallPolicyFilterRuleCollection", + "name": "Allow-Azure-KMS", + "priority": 100, + "action": { + "type": "Allow" + }, + "rules": [ + { + "ruleType": "NetworkRule", + "name": "Azure-KMS-Service", + "description": "Allow traffic from all Address Spaces to Azure platform KMS Service", + "sourceAddresses": [ + "*" + ], + "sourceIpGroups": [], + "ipProtocols": [ + "TCP" + ], + "destinationPorts": [ + "1688" + ], + "destinationIpGroups": [], + "destinationAddresses": [], + "destinationFqdns": [ + "kms.core.windows.net" + ] + } + ] + }, + { + "ruleCollectionType": "FirewallPolicyFilterRuleCollection", + "name": "Allow-Windows-Update", + "priority": 200, + "action": { + "type": "Allow" + }, + "rules": [ + { + "ruleType": "ApplicationRule", + "name": "Http", + "description": "Allow traffic from all sources to Azure platform KMS Service", + "sourceAddresses": [ + "*" + ], + "sourceIpGroups": [], + "protocols": [ + { + "protocolType": "Http", + "port": 80 + } + ], + "targetFqdns": [], + "fqdnTags": [ + "WindowsUpdate" + ] + }, + { + "ruleType": "ApplicationRule", + "name": "Https", + "description": "Allow traffic from all sources to Azure platform KMS Service", + "sourceAddresses": [ + "*" + ], + "sourceIpGroups": [], + "protocols": [ + { + "protocolType": "Https", + "port": 443 + } + ], + "targetFqdns": [], + "fqdnTags": [ + "WindowsUpdate" + ] + } + ] + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/firewallPolicies', parameters('policyname'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "value": "[parameters('policyname')]" + }, + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/firewallPolicies', parameters('policyname'))]" + } + }, + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "5030222466979303740" + } + } } \ No newline at end of file diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/main.bicep b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/main.bicep index bc4469136ac..3830e9aea8b 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/main.bicep +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/main.bicep @@ -1,30 +1,17 @@ targetScope = 'subscription' -param location string { - default: 'westeurope' - metadata: { - description: 'Specify the location for the hub Virtual Network and its related resources' - } -} -param vwanlocation string { - default: 'eastus' - metadata: { - description: 'Specify the location for the vWAN and its related resources' - } -} -param nameprefix string { - default: 'contoso' - metadata: { - description: 'Specify the name prefix for all resources and resource groups' - } -} -param psk string { - secure: true - default: uniqueString(subscription().id) - metadata: { - 'description': 'Pre-Shared Key used to establish the site to site tunnel between the Virtual Hub and On-Prem VNet' - } -} +@description('Specify the location for the hub Virtual Network and its related resources') +param location string = 'westeurope' + +@description('Specify the location for the vWAN and its related resources') +param vwanlocation string = 'eastus' + +@description('Specify the name prefix for all resources and resource groups') +param nameprefix string = 'contoso' + +@secure() +@description('Pre-Shared Key used to establish the site to site tunnel between the Virtual Hub and On-Prem VNet') +param psk string = uniqueString(subscription().id) var vnetname = '${nameprefix}-vnet' var vpngwname = '${vnetname}-vpn-gw' diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/main.json b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/main.json index 72a0342f5cd..4a43c95b9c6 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/main.json +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/main.json @@ -1,1760 +1,1760 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "metadata": { - "description": "Specify the location for the hub Virtual Network and its related resources" - }, - "defaultValue": "westeurope" - }, - "vwanlocation": { - "type": "string", - "metadata": { - "description": "Specify the location for the vWAN and its related resources" - }, - "defaultValue": "eastus" - }, - "nameprefix": { - "type": "string", - "metadata": { - "description": "Specify the name prefix for all resources and resource groups" - }, - "defaultValue": "contoso" - }, - "psk": { - "type": "secureString", - "metadata": { - "description": "Pre-Shared Key used to establish the site to site tunnel between the Virtual Hub and On-Prem VNet" - }, - "defaultValue": "[uniqueString(subscription().id)]" - } - }, - "functions": [], - "variables": { - "vnetname": "[format('{0}-vnet', parameters('nameprefix'))]", - "vpngwname": "[format('{0}-vpn-gw', variables('vnetname'))]", - "vpngwpipname": "[format('{0}-vpn-gw', variables('vnetname'))]", - "vpnconname": "[format('{0}-to-{1}-cn', variables('vnetname'), variables('vhubname'))]", - "lgwname": "[format('{0}-site-lgw', parameters('vwanlocation'))]", - "fwname": "[format('{0}-fw', variables('vnetname'))]", - "fwpolicyname": "[format('{0}-{1}-fw-policy', parameters('nameprefix'), parameters('location'))]", - "fwpipname": "[format('{0}-fw-pip', variables('vnetname'))]", - "fwprefixname": "[format('{0}-fw-ipprefix', variables('vnetname'))]", - "vwanname": "[format('{0}-vwan', parameters('nameprefix'))]", - "vhubname": "[format('{0}-vhub-{1}', parameters('nameprefix'), parameters('vwanlocation'))]", - "vhubfwname": "[format('{0}-fw', variables('vhubname'))]", - "vhubfwpolicyname": "[format('{0}-{1}-fw-policy', parameters('nameprefix'), parameters('vwanlocation'))]", - "vhubvpngwname": "[format('{0}-vpn-gw', variables('vhubname'))]" - }, - "resources": [ - { - "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2020-06-01", - "name": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", - "location": "[parameters('vwanlocation')]" - }, - { - "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2020-06-01", - "name": "[format('{0}-vwan-rg', parameters('nameprefix'))]", - "location": "[parameters('location')]" - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "[variables('vnetname')]", - "resourceGroup": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "vnetname": { - "value": "[variables('vnetname')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "addressprefix": { - "value": "10.0.0.0/20" - }, - "serversubnetprefix": { - "value": "10.0.0.0/24" - }, - "bastionsubnetprefix": { - "value": "10.0.1.0/24" - }, - "firewallsubnetprefix": { - "value": "10.0.2.0/24" - }, - "gatewaysubnetprefix": { - "value": "10.0.3.0/24" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "vnetname": { - "type": "string" - }, - "addressprefix": { - "type": "string", - "metadata": { - "description": "Specifies the VNet Address Prefix." - }, - "defaultValue": "10.0.1.0/24" - }, - "serversubnetprefix": { - "type": "string", - "metadata": { - "description": "Specifies the Subnet Address Prefix for the server subnet" - }, - "defaultValue": "10.0.1.0/26" - }, - "bastionsubnetprefix": { - "type": "string", - "metadata": { - "description": "Specifies the Subnet Address Prefix for the bastion subnet" - }, - "defaultValue": "10.0.1.64/26" - }, - "gatewaysubnetprefix": { - "type": "string", - "metadata": { - "description": "Specifies the Subnet Address Prefix for the GatewaySubnet" - }, - "defaultValue": "10.0.1.128/26" - }, - "firewallsubnetprefix": { - "type": "string", - "metadata": { - "description": "Specifies the Subnet Address Prefix for the AzureFirewallSubnet" - }, - "defaultValue": "10.0.1.192/26" - } - }, - "functions": [], - "variables": { - "servernsgname": "[format('{0}-snet-servers-nsg', parameters('vnetname'))]", - "bastionnsgname": "[format('{0}-AzureBastionSubnet-nsg', parameters('vnetname'))]", - "bastionnsgrules": { - "securityRules": [ - { - "name": "bastion-in-allow", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "sourceAddressPrefix": "*", - "destinationPortRange": "443", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 100, - "direction": "Inbound" - } - }, - { - "name": "bastion-control-in-allow", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "sourceAddressPrefix": "GatewayManager", - "destinationPortRanges": [ - "443", - "4443" - ], - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 120, - "direction": "Inbound" - } - }, - { - "name": "bastion-in-deny", - "properties": { - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Deny", - "priority": 4096, - "direction": "Inbound" - } - }, - { - "name": "bastion-vnet-ssh-out-allow", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "sourceAddressPrefix": "*", - "destinationPortRange": "22", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 100, - "direction": "Outbound" - } - }, - { - "name": "bastion-vnet-rdp-out-allow", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "sourceAddressPrefix": "*", - "destinationPortRange": "3389", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 110, - "direction": "Outbound" - } - }, - { - "name": "bastion-azure-out-allow", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "sourceAddressPrefix": "*", - "destinationPortRange": "443", - "destinationAddressPrefix": "AzureCloud", - "access": "Allow", - "priority": 120, - "direction": "Outbound" - } - } - ] - } - }, - "resources": [ - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2020-05-01", - "name": "[variables('servernsgname')]", - "location": "[parameters('location')]" - }, - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2020-06-01", - "name": "[variables('bastionnsgname')]", - "location": "[parameters('location')]", - "properties": { - "securityRules": "[variables('bastionnsgrules').securityRules]" - } - }, - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2020-05-01", - "name": "[parameters('vnetname')]", - "location": "[parameters('location')]", - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[parameters('addressprefix')]" - ] - }, - "subnets": [ - { - "name": "snet-servers", - "properties": { - "addressPrefix": "[parameters('serversubnetprefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('servernsgname'))]" - } - } - }, - { - "name": "AzureBastionSubnet", - "properties": { - "addressPrefix": "[parameters('bastionsubnetprefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('bastionnsgname'))]" - } - } - }, - { - "name": "GatewaySubnet", - "properties": { - "addressPrefix": "[parameters('gatewaysubnetprefix')]" - } - }, - { - "name": "AzureFirewallSubnet", - "properties": { - "addressPrefix": "[parameters('firewallsubnetprefix')]" - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('bastionnsgname'))]", - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('servernsgname'))]" - ] - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))]" - }, - "subnets": { - "type": "array", - "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))).subnets]" - }, - "vnetaddress": { - "type": "array", - "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))).addressSpace.addressPrefixes]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-hubvnet-rg', parameters('nameprefix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "vpngw-deploy", - "resourceGroup": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "vpngwname": { - "value": "[variables('vpngwname')]" - }, - "subnetref": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', variables('vnetname')), '2019-10-01').outputs.subnets.value[2].id]" - }, - "vpngwpipname": { - "value": "[variables('vpngwpipname')]" - }, - "asn": { - "value": 65010 - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "vpngwpipname": { - "type": "string" - }, - "vpngwname": { - "type": "string" - }, - "subnetref": { - "type": "string", - "metadata": { - "description": "Specifies the resource id of the subnet to connect the VM to." - } - }, - "asn": { - "type": "int", - "metadata": { - "description": "BGP AS-number to use for the VPN Gateway" - } - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2020-06-01", - "name": "[parameters('vpngwpipname')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard" - }, - "properties": { - "publicIPAllocationMethod": "Static" - } - }, - { - "type": "Microsoft.Network/virtualNetworkGateways", - "apiVersion": "2020-06-01", - "name": "[parameters('vpngwname')]", - "location": "[parameters('location')]", - "properties": { - "gatewayType": "Vpn", - "ipConfigurations": [ - { - "name": "default", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[parameters('subnetref')]" - }, - "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('vpngwpipname'))]" - } - } - } - ], - "activeActive": false, - "enableBgp": true, - "bgpSettings": { - "asn": "[parameters('asn')]" - }, - "vpnType": "RouteBased", - "vpnGatewayGeneration": "Generation1", - "sku": { - "name": "VpnGw1AZ", - "tier": "VpnGw1AZ" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('vpngwpipname'))]" - ] - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/virtualNetworkGateways', parameters('vpngwname'))]" - }, - "vpngwip": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('vpngwpipname'))).ipAddress]" - }, - "vpngwbgpaddress": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/virtualNetworkGateways', parameters('vpngwname'))).bgpSettings.bgpPeeringAddress]" - }, - "bgpasn": { - "type": "int", - "value": "[reference(resourceId('Microsoft.Network/virtualNetworkGateways', parameters('vpngwname'))).bgpSettings.asn]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-hubvnet-rg', parameters('nameprefix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', variables('vnetname'))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "fwpolicy-deploy", - "resourceGroup": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "policyname": { - "value": "[variables('fwpolicyname')]" - }, - "location": { - "value": "[parameters('location')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "policyname": { - "type": "string" - }, - "dnsservers": { - "type": "array", - "metadata": { - "description": "Specify custom DNS Servers for Azure Firewall" - }, - "defaultValue": [ - "168.63.129.16" - ] - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/firewallPolicies", - "apiVersion": "2020-06-01", - "name": "[parameters('policyname')]", - "location": "[parameters('location')]", - "properties": { - "threatIntelMode": "Alert", - "dnsSettings": { - "servers": "[parameters('dnsservers')]", - "enableProxy": true - } - } - }, - { - "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups", - "apiVersion": "2020-06-01", - "name": "[format('{0}/Platform-Rules', parameters('policyname'))]", - "properties": { - "priority": 100, - "ruleCollections": [ - { - "ruleCollectionType": "FirewallPolicyFilterRuleCollection", - "name": "Allow-Azure-KMS", - "priority": 100, - "action": { - "type": "Allow" - }, - "rules": [ - { - "ruleType": "NetworkRule", - "name": "Azure-KMS-Service", - "description": "Allow traffic from all Address Spaces to Azure platform KMS Service", - "sourceAddresses": [ - "*" - ], - "sourceIpGroups": [], - "ipProtocols": [ - "TCP" - ], - "destinationPorts": [ - "1688" - ], - "destinationIpGroups": [], - "destinationAddresses": [], - "destinationFqdns": [ - "kms.core.windows.net" - ] - } - ] - }, - { - "ruleCollectionType": "FirewallPolicyFilterRuleCollection", - "name": "Allow-Windows-Update", - "priority": 200, - "action": { - "type": "Allow" - }, - "rules": [ - { - "ruleType": "ApplicationRule", - "name": "Http", - "description": "Allow traffic from all sources to Azure platform KMS Service", - "sourceAddresses": [ - "*" - ], - "sourceIpGroups": [], - "protocols": [ - { - "protocolType": "Http", - "port": 80 - } - ], - "targetFqdns": [], - "fqdnTags": [ - "WindowsUpdate" - ] - }, - { - "ruleType": "ApplicationRule", - "name": "Https", - "description": "Allow traffic from all sources to Azure platform KMS Service", - "sourceAddresses": [ - "*" - ], - "sourceIpGroups": [], - "protocols": [ - { - "protocolType": "Https", - "port": 443 - } - ], - "targetFqdns": [], - "fqdnTags": [ - "WindowsUpdate" - ] - } - ] - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/firewallPolicies', parameters('policyname'))]" - ] - } - ], - "outputs": { - "name": { - "type": "string", - "value": "[parameters('policyname')]" - }, - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/firewallPolicies', parameters('policyname'))]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-hubvnet-rg', parameters('nameprefix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "pip-deploy", - "resourceGroup": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "pipname": { - "value": "[variables('fwpipname')]" - }, - "ipprefixlength": { - "value": 31 - }, - "ipprefixname": { - "value": "[variables('fwprefixname')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "pipname": { - "type": "string", - "defaultValue": "firewall-pip" - }, - "ipprefixname": { - "type": "string", - "defaultValue": "firewall-ipprefix" - }, - "ipprefixlength": { - "type": "int", - "metadata": { - "description": "Specifies the size of the Public IP Prefix" - }, - "defaultValue": 31, - "allowedValues": [ - 28, - 29, - 30, - 31 - ] - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/publicIPPrefixes", - "apiVersion": "2020-06-01", - "name": "[parameters('ipprefixname')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard" - }, - "properties": { - "prefixLength": "[parameters('ipprefixlength')]", - "publicIPAddressVersion": "IPv4", - "ipTags": [] - } - }, - { - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2020-06-01", - "name": "[parameters('pipname')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard" - }, - "properties": { - "publicIPAllocationMethod": "Static", - "publicIPPrefix": { - "id": "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('ipprefixname'))]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('ipprefixname'))]" - ] - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('pipname'))]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-hubvnet-rg', parameters('nameprefix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "fw-deploy", - "resourceGroup": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "fwname": { - "value": "[variables('fwname')]" - }, - "fwtype": { - "value": "VNet" - }, - "fwpolicyid": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'fwpolicy-deploy'), '2019-10-01').outputs.id.value]" - }, - "publicipid": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'pip-deploy'), '2019-10-01').outputs.id.value]" - }, - "subnetid": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', variables('vnetname')), '2019-10-01').outputs.subnets.value[3].id]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "fwname": { - "type": "string" - }, - "fwtype": { - "type": "string", - "metadata": { - "description": "Specify if the Azure Firewall should be deployed to VNet or Virtual WAN Hub" - }, - "allowedValues": [ - "VNet", - "vWAN" - ] - }, - "fwpolicyid": { - "type": "string", - "metadata": { - "description": "Resoruce ID to the Firewall Policy to associate with the Azure Firewall" - } - }, - "hubid": { - "type": "string", - "metadata": { - "description": "Virtual Hub Resource ID, used when deploying Azure Firewall to Virtual WAN" - }, - "defaultValue": "" - }, - "hubpublicipcount": { - "type": "int", - "metadata": { - "description": "Specifies the number of public IPs to allocate to the firewall when deploying Azure Firewall to Virtual WAN" - }, - "defaultValue": 1 - }, - "subnetid": { - "type": "string", - "metadata": { - "description": "AzureFirewallSubnet ID, used when deploying Azure Firewall to Virtual Network" - }, - "defaultValue": "" - }, - "publicipid": { - "type": "string", - "metadata": { - "description": "Azure Firewall Public IP ID, used when deploying Azure Firewall to Virtual Network" - }, - "defaultValue": "" - } - }, - "functions": [], - "variables": { - "hubfwproperties": { - "properties": { - "sku": { - "name": "AZFW_Hub", - "tier": "Standard" - }, - "virtualHub": { - "id": "[parameters('hubid')]" - }, - "hubIPAddresses": { - "publicIPs": { - "count": "[parameters('hubpublicipcount')]" - } - }, - "firewallPolicy": { - "id": "[parameters('fwpolicyid')]" - } - } - }, - "vnetfwproperties": { - "properties": { - "sku": { - "name": "AZFW_VNet", - "tier": "Standard" - }, - "ipConfigurations": [ - { - "name": "[format('{0}-vnetIPConf', parameters('fwname'))]", - "properties": { - "subnet": { - "id": "[parameters('subnetid')]" - }, - "publicIPAddress": { - "id": "[parameters('publicipid')]" - } - } - } - ], - "firewallPolicy": { - "id": "[parameters('fwpolicyid')]" - } - } - } - }, - "resources": [ - { - "type": "Microsoft.Network/azureFirewalls", - "apiVersion": "2020-06-01", - "name": "[parameters('fwname')]", - "location": "[parameters('location')]", - "properties": "[if(equals(parameters('fwtype'), 'VNet'), variables('vnetfwproperties').properties, if(equals(parameters('fwtype'), 'vWAN'), variables('hubfwproperties').properties, null()))]" - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'pip-deploy')]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'fwpolicy-deploy')]", - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-hubvnet-rg', parameters('nameprefix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', variables('vnetname'))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "vwan-deploy", - "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('vwanlocation')]" - }, - "wanname": { - "value": "[variables('vwanname')]" - }, - "wantype": { - "value": "Standard" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "wanname": { - "type": "string" - }, - "wantype": { - "type": "string", - "metadata": { - "description": "Specifies the type of Virtual WAN." - }, - "defaultValue": "Standard", - "allowedValues": [ - "Standard", - "Basic" - ] - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/virtualWans", - "apiVersion": "2020-06-01", - "name": "[parameters('wanname')]", - "location": "[parameters('location')]", - "properties": { - "type": "[parameters('wantype')]", - "disableVpnEncryption": false, - "allowBranchToBranchTraffic": true, - "office365LocalBreakoutCategory": "None" - } - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/virtualWans', parameters('wanname'))]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "vhub-deploy", - "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('vwanlocation')]" - }, - "hubname": { - "value": "[variables('vhubname')]" - }, - "hubaddressprefix": { - "value": "10.10.0.0/24" - }, - "wanid": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vwan-deploy'), '2019-10-01').outputs.id.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "hubname": { - "type": "string" - }, - "hubaddressprefix": { - "type": "string", - "metadata": { - "description": "Specifies the Virtual Hub Address Prefix." - }, - "defaultValue": "10.10.0.0/24" - }, - "wanid": { - "type": "string", - "metadata": { - "description": "Virtual WAN ID" - } - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/virtualHubs", - "apiVersion": "2020-06-01", - "name": "[parameters('hubname')]", - "location": "[parameters('location')]", - "properties": { - "addressPrefix": "[parameters('hubaddressprefix')]", - "virtualWan": { - "id": "[parameters('wanid')]" - } - } - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/virtualHubs', parameters('hubname'))]" - }, - "name": { - "type": "string", - "value": "[parameters('hubname')]" - }, - "vhubaddress": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/virtualHubs', parameters('hubname'))).addressPrefix]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vwan-deploy')]", - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "vhubfwpolicy-deploy", - "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "policyname": { - "value": "[variables('vhubfwpolicyname')]" - }, - "location": { - "value": "[parameters('vwanlocation')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "policyname": { - "type": "string" - }, - "dnsservers": { - "type": "array", - "metadata": { - "description": "Specify custom DNS Servers for Azure Firewall" - }, - "defaultValue": [ - "168.63.129.16" - ] - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/firewallPolicies", - "apiVersion": "2020-06-01", - "name": "[parameters('policyname')]", - "location": "[parameters('location')]", - "properties": { - "threatIntelMode": "Alert", - "dnsSettings": { - "servers": "[parameters('dnsservers')]", - "enableProxy": true - } - } - }, - { - "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups", - "apiVersion": "2020-06-01", - "name": "[format('{0}/Platform-Rules', parameters('policyname'))]", - "properties": { - "priority": 100, - "ruleCollections": [ - { - "ruleCollectionType": "FirewallPolicyFilterRuleCollection", - "name": "Allow-Azure-KMS", - "priority": 100, - "action": { - "type": "Allow" - }, - "rules": [ - { - "ruleType": "NetworkRule", - "name": "Azure-KMS-Service", - "description": "Allow traffic from all Address Spaces to Azure platform KMS Service", - "sourceAddresses": [ - "*" - ], - "sourceIpGroups": [], - "ipProtocols": [ - "TCP" - ], - "destinationPorts": [ - "1688" - ], - "destinationIpGroups": [], - "destinationAddresses": [], - "destinationFqdns": [ - "kms.core.windows.net" - ] - } - ] - }, - { - "ruleCollectionType": "FirewallPolicyFilterRuleCollection", - "name": "Allow-Windows-Update", - "priority": 200, - "action": { - "type": "Allow" - }, - "rules": [ - { - "ruleType": "ApplicationRule", - "name": "Http", - "description": "Allow traffic from all sources to Azure platform KMS Service", - "sourceAddresses": [ - "*" - ], - "sourceIpGroups": [], - "protocols": [ - { - "protocolType": "Http", - "port": 80 - } - ], - "targetFqdns": [], - "fqdnTags": [ - "WindowsUpdate" - ] - }, - { - "ruleType": "ApplicationRule", - "name": "Https", - "description": "Allow traffic from all sources to Azure platform KMS Service", - "sourceAddresses": [ - "*" - ], - "sourceIpGroups": [], - "protocols": [ - { - "protocolType": "Https", - "port": 443 - } - ], - "targetFqdns": [], - "fqdnTags": [ - "WindowsUpdate" - ] - } - ] - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/firewallPolicies', parameters('policyname'))]" - ] - } - ], - "outputs": { - "name": { - "type": "string", - "value": "[parameters('policyname')]" - }, - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/firewallPolicies', parameters('policyname'))]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "vhubfw-deploy", - "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('vwanlocation')]" - }, - "fwname": { - "value": "[variables('vhubfwname')]" - }, - "fwtype": { - "value": "vWAN" - }, - "hubid": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhub-deploy'), '2019-10-01').outputs.id.value]" - }, - "hubpublicipcount": { - "value": 1 - }, - "fwpolicyid": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubfwpolicy-deploy'), '2019-10-01').outputs.id.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "fwname": { - "type": "string" - }, - "fwtype": { - "type": "string", - "metadata": { - "description": "Specify if the Azure Firewall should be deployed to VNet or Virtual WAN Hub" - }, - "allowedValues": [ - "VNet", - "vWAN" - ] - }, - "fwpolicyid": { - "type": "string", - "metadata": { - "description": "Resoruce ID to the Firewall Policy to associate with the Azure Firewall" - } - }, - "hubid": { - "type": "string", - "metadata": { - "description": "Virtual Hub Resource ID, used when deploying Azure Firewall to Virtual WAN" - }, - "defaultValue": "" - }, - "hubpublicipcount": { - "type": "int", - "metadata": { - "description": "Specifies the number of public IPs to allocate to the firewall when deploying Azure Firewall to Virtual WAN" - }, - "defaultValue": 1 - }, - "subnetid": { - "type": "string", - "metadata": { - "description": "AzureFirewallSubnet ID, used when deploying Azure Firewall to Virtual Network" - }, - "defaultValue": "" - }, - "publicipid": { - "type": "string", - "metadata": { - "description": "Azure Firewall Public IP ID, used when deploying Azure Firewall to Virtual Network" - }, - "defaultValue": "" - } - }, - "functions": [], - "variables": { - "hubfwproperties": { - "properties": { - "sku": { - "name": "AZFW_Hub", - "tier": "Standard" - }, - "virtualHub": { - "id": "[parameters('hubid')]" - }, - "hubIPAddresses": { - "publicIPs": { - "count": "[parameters('hubpublicipcount')]" - } - }, - "firewallPolicy": { - "id": "[parameters('fwpolicyid')]" - } - } - }, - "vnetfwproperties": { - "properties": { - "sku": { - "name": "AZFW_VNet", - "tier": "Standard" - }, - "ipConfigurations": [ - { - "name": "[format('{0}-vnetIPConf', parameters('fwname'))]", - "properties": { - "subnet": { - "id": "[parameters('subnetid')]" - }, - "publicIPAddress": { - "id": "[parameters('publicipid')]" - } - } - } - ], - "firewallPolicy": { - "id": "[parameters('fwpolicyid')]" - } - } - } - }, - "resources": [ - { - "type": "Microsoft.Network/azureFirewalls", - "apiVersion": "2020-06-01", - "name": "[parameters('fwname')]", - "location": "[parameters('location')]", - "properties": "[if(equals(parameters('fwtype'), 'VNet'), variables('vnetfwproperties').properties, if(equals(parameters('fwtype'), 'vWAN'), variables('hubfwproperties').properties, null()))]" - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhub-deploy')]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubfwpolicy-deploy')]", - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "vhubvpngw", - "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('vwanlocation')]" - }, - "hubvpngwname": { - "value": "[variables('vhubvpngwname')]" - }, - "hubid": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhub-deploy'), '2019-10-01').outputs.id.value]" - }, - "asn": { - "value": 65515 - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "hubvpngwname": { - "type": "string" - }, - "hubid": { - "type": "string", - "metadata": { - "description": "Virtual Hub ID" - } - }, - "asn": { - "type": "int", - "metadata": { - "description": "BGP AS-number for the VPN Gateway" - } - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/vpnGateways", - "apiVersion": "2020-06-01", - "name": "[parameters('hubvpngwname')]", - "location": "[parameters('location')]", - "properties": { - "virtualHub": { - "id": "[parameters('hubid')]" - }, - "bgpSettings": { - "asn": "[parameters('asn')]" - } - } - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/vpnGateways', parameters('hubvpngwname'))]" - }, - "name": { - "type": "string", - "value": "[parameters('hubvpngwname')]" - }, - "gwpublicip": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/vpnGateways', parameters('hubvpngwname'))).ipConfigurations[0].publicIpAddress]" - }, - "gwprivateip": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/vpnGateways', parameters('hubvpngwname'))).ipConfigurations[0].privateIpAddress]" - }, - "bgpasn": { - "type": "int", - "value": "[reference(resourceId('Microsoft.Network/vpnGateways', parameters('hubvpngwname'))).bgpSettings.asn]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhub-deploy')]", - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "vwanvpnsite-deploy", - "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "vpnsitename": { - "value": "[format('{0}-vpnsite', parameters('location'))]" - }, - "location": { - "value": "[parameters('vwanlocation')]" - }, - "addressprefix": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', variables('vnetname')), '2019-10-01').outputs.vnetaddress.value[0]]" - }, - "bgppeeringpddress": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vpngw-deploy'), '2019-10-01').outputs.vpngwbgpaddress.value]" - }, - "ipaddress": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vpngw-deploy'), '2019-10-01').outputs.vpngwip.value]" - }, - "remotesiteasn": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vpngw-deploy'), '2019-10-01').outputs.bgpasn.value]" - }, - "wanid": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vwan-deploy'), '2019-10-01').outputs.id.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "vpnsitename": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "addressprefix": { - "type": "string", - "metadata": { - "description": "Specifices the VPN Sites local IP Addresses" - } - }, - "bgppeeringpddress": { - "type": "string", - "metadata": { - "description": "Specifices the VPN Sites BGP Peering IP Addresses" - } - }, - "ipaddress": { - "type": "string", - "metadata": { - "description": "Specifices the VPN Sites VPN Device IP Address" - } - }, - "wanid": { - "type": "string", - "metadata": { - "description": "Specifices the resource ID of the Virtual WAN where the VPN Site should be created" - } - }, - "remotesiteasn": { - "type": "int", - "metadata": { - "description": "BGP AS-Number used by the remote site" - } - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/vpnSites", - "apiVersion": "2020-06-01", - "name": "[parameters('vpnsitename')]", - "location": "[parameters('location')]", - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[parameters('addressprefix')]" - ] - }, - "bgpProperties": { - "asn": "[parameters('remotesiteasn')]", - "bgpPeeringAddress": "[parameters('bgppeeringpddress')]", - "peerWeight": 0 - }, - "deviceProperties": { - "linkSpeedInMbps": 0 - }, - "ipAddress": "[parameters('ipaddress')]", - "virtualWan": { - "id": "[parameters('wanid')]" - } - } - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/vpnSites', parameters('vpnsitename'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', variables('vnetname'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vpngw-deploy')]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vwan-deploy')]", - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "vhubs2s-deploy", - "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "hubvpngwname": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubvpngw'), '2019-10-01').outputs.name.value]" - }, - "psk": { - "value": "[parameters('psk')]" - }, - "vpnsiteid": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vwanvpnsite-deploy'), '2019-10-01').outputs.id.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "hubvpngwname": { - "type": "string" - }, - "psk": { - "type": "secureString", - "metadata": { - "description": "Specifies the pre-shared key to use for the VPN Connection" - } - }, - "vpnsiteid": { - "type": "string", - "metadata": { - "description": "Specifies the resource id to the VWAN Vpn Site to connect to" - } - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/vpnGateways/vpnConnections", - "apiVersion": "2020-05-01", - "name": "[format('{0}/HubToOnPremConnection', parameters('hubvpngwname'))]", - "properties": { - "connectionBandwidth": 10, - "enableBgp": true, - "sharedKey": "[parameters('psk')]", - "remoteVpnSite": { - "id": "[parameters('vpnsiteid')]" - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubvpngw')]", - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vwanvpnsite-deploy')]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "vnets2s-deploy", - "resourceGroup": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "localnetworkgwname": { - "value": "[variables('lgwname')]" - }, - "addressprefixes": { - "value": [ - "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhub-deploy'), '2019-10-01').outputs.vhubaddress.value]" - ] - }, - "connectionname": { - "value": "[variables('vpnconname')]" - }, - "bgppeeringpddress": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubvpngw'), '2019-10-01').outputs.gwprivateip.value]" - }, - "gwipaddress": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubvpngw'), '2019-10-01').outputs.gwpublicip.value]" - }, - "remotesiteasn": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubvpngw'), '2019-10-01').outputs.bgpasn.value]" - }, - "psk": { - "value": "[parameters('psk')]" - }, - "vpngwid": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vpngw-deploy'), '2019-10-01').outputs.id.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "localnetworkgwname": { - "type": "string" - }, - "connectionname": { - "type": "string", - "defaultValue": "onprem-hub-cn" - }, - "addressprefixes": { - "type": "array", - "metadata": { - "description": "Specifices the address prefixes of the remote site" - } - }, - "bgppeeringpddress": { - "type": "string", - "metadata": { - "description": "Specifices the VPN Sites BGP Peering IP Addresses" - } - }, - "gwipaddress": { - "type": "string", - "metadata": { - "description": "Specifices the VPN Sites VPN Device IP Address" - } - }, - "vpngwid": { - "type": "string", - "metadata": { - "description": "Specifices the resource ID of the VPN Gateway to connect to the site to site vpn" - } - }, - "psk": { - "type": "secureString", - "metadata": { - "description": "Specifies the pre-shared key to use for the VPN Connection" - } - }, - "remotesiteasn": { - "type": "int", - "metadata": { - "description": "BGP AS-number used by the remote site" - } - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/localNetworkGateways", - "apiVersion": "2020-06-01", - "name": "[parameters('localnetworkgwname')]", - "location": "[parameters('location')]", - "properties": { - "localNetworkAddressSpace": { - "addressPrefixes": "[parameters('addressprefixes')]" - }, - "gatewayIpAddress": "[parameters('gwipaddress')]", - "bgpSettings": { - "asn": "[parameters('remotesiteasn')]", - "bgpPeeringAddress": "[parameters('bgppeeringpddress')]" - } - } - }, - { - "type": "Microsoft.Network/connections", - "apiVersion": "2020-06-01", - "name": "[parameters('connectionname')]", - "location": "[parameters('location')]", - "properties": { - "connectionType": "IPsec", - "connectionProtocol": "IKEv2", - "virtualNetworkGateway1": { - "id": "[parameters('vpngwid')]", - "properties": {} - }, - "enableBgp": true, - "sharedKey": "[parameters('psk')]", - "localNetworkGateway2": { - "id": "[resourceId('Microsoft.Network/localNetworkGateways', parameters('localnetworkgwname'))]", - "properties": {} - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/localNetworkGateways', parameters('localnetworkgwname'))]" - ] - } - ] - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-hubvnet-rg', parameters('nameprefix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhub-deploy')]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubvpngw')]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vpngw-deploy')]" - ] - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "5987788707490908447" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "westeurope", + "metadata": { + "description": "Specify the location for the hub Virtual Network and its related resources" + } + }, + "vwanlocation": { + "type": "string", + "defaultValue": "eastus", + "metadata": { + "description": "Specify the location for the vWAN and its related resources" + } + }, + "nameprefix": { + "type": "string", + "defaultValue": "contoso", + "metadata": { + "description": "Specify the name prefix for all resources and resource groups" + } + }, + "psk": { + "type": "secureString", + "defaultValue": "[uniqueString(subscription().id)]", + "metadata": { + "description": "Pre-Shared Key used to establish the site to site tunnel between the Virtual Hub and On-Prem VNet" + } + } + }, + "functions": [], + "variables": { + "vnetname": "[format('{0}-vnet', parameters('nameprefix'))]", + "vpngwname": "[format('{0}-vpn-gw', variables('vnetname'))]", + "vpngwpipname": "[format('{0}-vpn-gw', variables('vnetname'))]", + "vpnconname": "[format('{0}-to-{1}-cn', variables('vnetname'), variables('vhubname'))]", + "lgwname": "[format('{0}-site-lgw', parameters('vwanlocation'))]", + "fwname": "[format('{0}-fw', variables('vnetname'))]", + "fwpolicyname": "[format('{0}-{1}-fw-policy', parameters('nameprefix'), parameters('location'))]", + "fwpipname": "[format('{0}-fw-pip', variables('vnetname'))]", + "fwprefixname": "[format('{0}-fw-ipprefix', variables('vnetname'))]", + "vwanname": "[format('{0}-vwan', parameters('nameprefix'))]", + "vhubname": "[format('{0}-vhub-{1}', parameters('nameprefix'), parameters('vwanlocation'))]", + "vhubfwname": "[format('{0}-fw', variables('vhubname'))]", + "vhubfwpolicyname": "[format('{0}-{1}-fw-policy', parameters('nameprefix'), parameters('vwanlocation'))]", + "vhubvpngwname": "[format('{0}-vpn-gw', variables('vhubname'))]" + }, + "resources": [ + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2020-06-01", + "name": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", + "location": "[parameters('vwanlocation')]" + }, + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2020-06-01", + "name": "[format('{0}-vwan-rg', parameters('nameprefix'))]", + "location": "[parameters('location')]" + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "[variables('vnetname')]", + "resourceGroup": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "vnetname": { + "value": "[variables('vnetname')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "addressprefix": { + "value": "10.0.0.0/20" + }, + "serversubnetprefix": { + "value": "10.0.0.0/24" + }, + "bastionsubnetprefix": { + "value": "10.0.1.0/24" + }, + "firewallsubnetprefix": { + "value": "10.0.2.0/24" + }, + "gatewaysubnetprefix": { + "value": "10.0.3.0/24" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "vnetname": { + "type": "string" + }, + "addressprefix": { + "type": "string", + "defaultValue": "10.0.1.0/24", + "metadata": { + "description": "Specifies the VNet Address Prefix." + } + }, + "serversubnetprefix": { + "type": "string", + "defaultValue": "10.0.1.0/26", + "metadata": { + "description": "Specifies the Subnet Address Prefix for the server subnet" + } + }, + "bastionsubnetprefix": { + "type": "string", + "defaultValue": "10.0.1.64/26", + "metadata": { + "description": "Specifies the Subnet Address Prefix for the bastion subnet" + } + }, + "gatewaysubnetprefix": { + "type": "string", + "defaultValue": "10.0.1.128/26", + "metadata": { + "description": "Specifies the Subnet Address Prefix for the GatewaySubnet" + } + }, + "firewallsubnetprefix": { + "type": "string", + "defaultValue": "10.0.1.192/26", + "metadata": { + "description": "Specifies the Subnet Address Prefix for the AzureFirewallSubnet" + } + } + }, + "functions": [], + "variables": { + "servernsgname": "[format('{0}-snet-servers-nsg', parameters('vnetname'))]", + "bastionnsgname": "[format('{0}-AzureBastionSubnet-nsg', parameters('vnetname'))]", + "bastionnsgrules": { + "securityRules": [ + { + "name": "bastion-in-allow", + "properties": { + "protocol": "Tcp", + "sourcePortRange": "*", + "sourceAddressPrefix": "*", + "destinationPortRange": "443", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + } + }, + { + "name": "bastion-control-in-allow", + "properties": { + "protocol": "Tcp", + "sourcePortRange": "*", + "sourceAddressPrefix": "GatewayManager", + "destinationPortRanges": [ + "443", + "4443" + ], + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 120, + "direction": "Inbound" + } + }, + { + "name": "bastion-in-deny", + "properties": { + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 4096, + "direction": "Inbound" + } + }, + { + "name": "bastion-vnet-ssh-out-allow", + "properties": { + "protocol": "Tcp", + "sourcePortRange": "*", + "sourceAddressPrefix": "*", + "destinationPortRange": "22", + "destinationAddressPrefix": "VirtualNetwork", + "access": "Allow", + "priority": 100, + "direction": "Outbound" + } + }, + { + "name": "bastion-vnet-rdp-out-allow", + "properties": { + "protocol": "Tcp", + "sourcePortRange": "*", + "sourceAddressPrefix": "*", + "destinationPortRange": "3389", + "destinationAddressPrefix": "VirtualNetwork", + "access": "Allow", + "priority": 110, + "direction": "Outbound" + } + }, + { + "name": "bastion-azure-out-allow", + "properties": { + "protocol": "Tcp", + "sourcePortRange": "*", + "sourceAddressPrefix": "*", + "destinationPortRange": "443", + "destinationAddressPrefix": "AzureCloud", + "access": "Allow", + "priority": 120, + "direction": "Outbound" + } + } + ] + } + }, + "resources": [ + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2020-05-01", + "name": "[variables('servernsgname')]", + "location": "[parameters('location')]" + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2020-06-01", + "name": "[variables('bastionnsgname')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": "[variables('bastionnsgrules').securityRules]" + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2020-05-01", + "name": "[parameters('vnetname')]", + "location": "[parameters('location')]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('addressprefix')]" + ] + }, + "subnets": [ + { + "name": "snet-servers", + "properties": { + "addressPrefix": "[parameters('serversubnetprefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('servernsgname'))]" + } + } + }, + { + "name": "AzureBastionSubnet", + "properties": { + "addressPrefix": "[parameters('bastionsubnetprefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('bastionnsgname'))]" + } + } + }, + { + "name": "GatewaySubnet", + "properties": { + "addressPrefix": "[parameters('gatewaysubnetprefix')]" + } + }, + { + "name": "AzureFirewallSubnet", + "properties": { + "addressPrefix": "[parameters('firewallsubnetprefix')]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('bastionnsgname'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('servernsgname'))]" + ] + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))]" + }, + "subnets": { + "type": "array", + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))).subnets]" + }, + "vnetaddress": { + "type": "array", + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))).addressSpace.addressPrefixes]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-hubvnet-rg', parameters('nameprefix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "vpngw-deploy", + "resourceGroup": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "vpngwname": { + "value": "[variables('vpngwname')]" + }, + "subnetref": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', variables('vnetname')), '2019-10-01').outputs.subnets.value[2].id]" + }, + "vpngwpipname": { + "value": "[variables('vpngwpipname')]" + }, + "asn": { + "value": 65010 + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "vpngwpipname": { + "type": "string" + }, + "vpngwname": { + "type": "string" + }, + "subnetref": { + "type": "string", + "metadata": { + "description": "Specifies the resource id of the subnet to connect the VM to." + } + }, + "asn": { + "type": "int", + "metadata": { + "description": "BGP AS-number to use for the VPN Gateway" + } + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2020-06-01", + "name": "[parameters('vpngwpipname')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "properties": { + "publicIPAllocationMethod": "Static" + } + }, + { + "type": "Microsoft.Network/virtualNetworkGateways", + "apiVersion": "2020-06-01", + "name": "[parameters('vpngwname')]", + "location": "[parameters('location')]", + "properties": { + "gatewayType": "Vpn", + "ipConfigurations": [ + { + "name": "default", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[parameters('subnetref')]" + }, + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('vpngwpipname'))]" + } + } + } + ], + "activeActive": false, + "enableBgp": true, + "bgpSettings": { + "asn": "[parameters('asn')]" + }, + "vpnType": "RouteBased", + "vpnGatewayGeneration": "Generation1", + "sku": { + "name": "VpnGw1AZ", + "tier": "VpnGw1AZ" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('vpngwpipname'))]" + ] + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/virtualNetworkGateways', parameters('vpngwname'))]" + }, + "vpngwip": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('vpngwpipname'))).ipAddress]" + }, + "vpngwbgpaddress": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/virtualNetworkGateways', parameters('vpngwname'))).bgpSettings.bgpPeeringAddress]" + }, + "bgpasn": { + "type": "int", + "value": "[reference(resourceId('Microsoft.Network/virtualNetworkGateways', parameters('vpngwname'))).bgpSettings.asn]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-hubvnet-rg', parameters('nameprefix')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', variables('vnetname'))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "fwpolicy-deploy", + "resourceGroup": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "policyname": { + "value": "[variables('fwpolicyname')]" + }, + "location": { + "value": "[parameters('location')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "policyname": { + "type": "string" + }, + "dnsservers": { + "type": "array", + "defaultValue": [ + "168.63.129.16" + ], + "metadata": { + "description": "Specify custom DNS Servers for Azure Firewall" + } + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/firewallPolicies", + "apiVersion": "2020-06-01", + "name": "[parameters('policyname')]", + "location": "[parameters('location')]", + "properties": { + "threatIntelMode": "Alert", + "dnsSettings": { + "servers": "[parameters('dnsservers')]", + "enableProxy": true + } + } + }, + { + "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups", + "apiVersion": "2020-06-01", + "name": "[format('{0}/Platform-Rules', parameters('policyname'))]", + "properties": { + "priority": 100, + "ruleCollections": [ + { + "ruleCollectionType": "FirewallPolicyFilterRuleCollection", + "name": "Allow-Azure-KMS", + "priority": 100, + "action": { + "type": "Allow" + }, + "rules": [ + { + "ruleType": "NetworkRule", + "name": "Azure-KMS-Service", + "description": "Allow traffic from all Address Spaces to Azure platform KMS Service", + "sourceAddresses": [ + "*" + ], + "sourceIpGroups": [], + "ipProtocols": [ + "TCP" + ], + "destinationPorts": [ + "1688" + ], + "destinationIpGroups": [], + "destinationAddresses": [], + "destinationFqdns": [ + "kms.core.windows.net" + ] + } + ] + }, + { + "ruleCollectionType": "FirewallPolicyFilterRuleCollection", + "name": "Allow-Windows-Update", + "priority": 200, + "action": { + "type": "Allow" + }, + "rules": [ + { + "ruleType": "ApplicationRule", + "name": "Http", + "description": "Allow traffic from all sources to Azure platform KMS Service", + "sourceAddresses": [ + "*" + ], + "sourceIpGroups": [], + "protocols": [ + { + "protocolType": "Http", + "port": 80 + } + ], + "targetFqdns": [], + "fqdnTags": [ + "WindowsUpdate" + ] + }, + { + "ruleType": "ApplicationRule", + "name": "Https", + "description": "Allow traffic from all sources to Azure platform KMS Service", + "sourceAddresses": [ + "*" + ], + "sourceIpGroups": [], + "protocols": [ + { + "protocolType": "Https", + "port": 443 + } + ], + "targetFqdns": [], + "fqdnTags": [ + "WindowsUpdate" + ] + } + ] + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/firewallPolicies', parameters('policyname'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "value": "[parameters('policyname')]" + }, + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/firewallPolicies', parameters('policyname'))]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-hubvnet-rg', parameters('nameprefix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "pip-deploy", + "resourceGroup": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "pipname": { + "value": "[variables('fwpipname')]" + }, + "ipprefixlength": { + "value": 31 + }, + "ipprefixname": { + "value": "[variables('fwprefixname')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "pipname": { + "type": "string", + "defaultValue": "firewall-pip" + }, + "ipprefixname": { + "type": "string", + "defaultValue": "firewall-ipprefix" + }, + "ipprefixlength": { + "type": "int", + "defaultValue": 31, + "metadata": { + "description": "Specifies the size of the Public IP Prefix" + }, + "allowedValues": [ + 28, + 29, + 30, + 31 + ] + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/publicIPPrefixes", + "apiVersion": "2020-06-01", + "name": "[parameters('ipprefixname')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "properties": { + "prefixLength": "[parameters('ipprefixlength')]", + "publicIPAddressVersion": "IPv4", + "ipTags": [] + } + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2020-06-01", + "name": "[parameters('pipname')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "properties": { + "publicIPAllocationMethod": "Static", + "publicIPPrefix": { + "id": "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('ipprefixname'))]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('ipprefixname'))]" + ] + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('pipname'))]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-hubvnet-rg', parameters('nameprefix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "fw-deploy", + "resourceGroup": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "fwname": { + "value": "[variables('fwname')]" + }, + "fwtype": { + "value": "VNet" + }, + "fwpolicyid": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'fwpolicy-deploy'), '2019-10-01').outputs.id.value]" + }, + "publicipid": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'pip-deploy'), '2019-10-01').outputs.id.value]" + }, + "subnetid": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', variables('vnetname')), '2019-10-01').outputs.subnets.value[3].id]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "fwname": { + "type": "string" + }, + "fwtype": { + "type": "string", + "metadata": { + "description": "Specify if the Azure Firewall should be deployed to VNet or Virtual WAN Hub" + }, + "allowedValues": [ + "VNet", + "vWAN" + ] + }, + "fwpolicyid": { + "type": "string", + "metadata": { + "description": "Resoruce ID to the Firewall Policy to associate with the Azure Firewall" + } + }, + "hubid": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Virtual Hub Resource ID, used when deploying Azure Firewall to Virtual WAN" + } + }, + "hubpublicipcount": { + "type": "int", + "defaultValue": 1, + "metadata": { + "description": "Specifies the number of public IPs to allocate to the firewall when deploying Azure Firewall to Virtual WAN" + } + }, + "subnetid": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "AzureFirewallSubnet ID, used when deploying Azure Firewall to Virtual Network" + } + }, + "publicipid": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Azure Firewall Public IP ID, used when deploying Azure Firewall to Virtual Network" + } + } + }, + "functions": [], + "variables": { + "hubfwproperties": { + "properties": { + "sku": { + "name": "AZFW_Hub", + "tier": "Standard" + }, + "virtualHub": { + "id": "[parameters('hubid')]" + }, + "hubIPAddresses": { + "publicIPs": { + "count": "[parameters('hubpublicipcount')]" + } + }, + "firewallPolicy": { + "id": "[parameters('fwpolicyid')]" + } + } + }, + "vnetfwproperties": { + "properties": { + "sku": { + "name": "AZFW_VNet", + "tier": "Standard" + }, + "ipConfigurations": [ + { + "name": "[format('{0}-vnetIPConf', parameters('fwname'))]", + "properties": { + "subnet": { + "id": "[parameters('subnetid')]" + }, + "publicIPAddress": { + "id": "[parameters('publicipid')]" + } + } + } + ], + "firewallPolicy": { + "id": "[parameters('fwpolicyid')]" + } + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/azureFirewalls", + "apiVersion": "2020-06-01", + "name": "[parameters('fwname')]", + "location": "[parameters('location')]", + "properties": "[if(equals(parameters('fwtype'), 'VNet'), variables('vnetfwproperties').properties, if(equals(parameters('fwtype'), 'vWAN'), variables('hubfwproperties').properties, null()))]" + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'pip-deploy')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'fwpolicy-deploy')]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-hubvnet-rg', parameters('nameprefix')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', variables('vnetname'))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "vwan-deploy", + "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('vwanlocation')]" + }, + "wanname": { + "value": "[variables('vwanname')]" + }, + "wantype": { + "value": "Standard" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "wanname": { + "type": "string" + }, + "wantype": { + "type": "string", + "defaultValue": "Standard", + "metadata": { + "description": "Specifies the type of Virtual WAN." + }, + "allowedValues": [ + "Standard", + "Basic" + ] + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/virtualWans", + "apiVersion": "2020-06-01", + "name": "[parameters('wanname')]", + "location": "[parameters('location')]", + "properties": { + "type": "[parameters('wantype')]", + "disableVpnEncryption": false, + "allowBranchToBranchTraffic": true, + "office365LocalBreakoutCategory": "None" + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/virtualWans', parameters('wanname'))]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "vhub-deploy", + "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('vwanlocation')]" + }, + "hubname": { + "value": "[variables('vhubname')]" + }, + "hubaddressprefix": { + "value": "10.10.0.0/24" + }, + "wanid": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vwan-deploy'), '2019-10-01').outputs.id.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "hubname": { + "type": "string" + }, + "hubaddressprefix": { + "type": "string", + "defaultValue": "10.10.0.0/24", + "metadata": { + "description": "Specifies the Virtual Hub Address Prefix." + } + }, + "wanid": { + "type": "string", + "metadata": { + "description": "Virtual WAN ID" + } + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/virtualHubs", + "apiVersion": "2020-06-01", + "name": "[parameters('hubname')]", + "location": "[parameters('location')]", + "properties": { + "addressPrefix": "[parameters('hubaddressprefix')]", + "virtualWan": { + "id": "[parameters('wanid')]" + } + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/virtualHubs', parameters('hubname'))]" + }, + "name": { + "type": "string", + "value": "[parameters('hubname')]" + }, + "vhubaddress": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/virtualHubs', parameters('hubname'))).addressPrefix]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vwan-deploy')]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "vhubfwpolicy-deploy", + "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "policyname": { + "value": "[variables('vhubfwpolicyname')]" + }, + "location": { + "value": "[parameters('vwanlocation')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "policyname": { + "type": "string" + }, + "dnsservers": { + "type": "array", + "defaultValue": [ + "168.63.129.16" + ], + "metadata": { + "description": "Specify custom DNS Servers for Azure Firewall" + } + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/firewallPolicies", + "apiVersion": "2020-06-01", + "name": "[parameters('policyname')]", + "location": "[parameters('location')]", + "properties": { + "threatIntelMode": "Alert", + "dnsSettings": { + "servers": "[parameters('dnsservers')]", + "enableProxy": true + } + } + }, + { + "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups", + "apiVersion": "2020-06-01", + "name": "[format('{0}/Platform-Rules', parameters('policyname'))]", + "properties": { + "priority": 100, + "ruleCollections": [ + { + "ruleCollectionType": "FirewallPolicyFilterRuleCollection", + "name": "Allow-Azure-KMS", + "priority": 100, + "action": { + "type": "Allow" + }, + "rules": [ + { + "ruleType": "NetworkRule", + "name": "Azure-KMS-Service", + "description": "Allow traffic from all Address Spaces to Azure platform KMS Service", + "sourceAddresses": [ + "*" + ], + "sourceIpGroups": [], + "ipProtocols": [ + "TCP" + ], + "destinationPorts": [ + "1688" + ], + "destinationIpGroups": [], + "destinationAddresses": [], + "destinationFqdns": [ + "kms.core.windows.net" + ] + } + ] + }, + { + "ruleCollectionType": "FirewallPolicyFilterRuleCollection", + "name": "Allow-Windows-Update", + "priority": 200, + "action": { + "type": "Allow" + }, + "rules": [ + { + "ruleType": "ApplicationRule", + "name": "Http", + "description": "Allow traffic from all sources to Azure platform KMS Service", + "sourceAddresses": [ + "*" + ], + "sourceIpGroups": [], + "protocols": [ + { + "protocolType": "Http", + "port": 80 + } + ], + "targetFqdns": [], + "fqdnTags": [ + "WindowsUpdate" + ] + }, + { + "ruleType": "ApplicationRule", + "name": "Https", + "description": "Allow traffic from all sources to Azure platform KMS Service", + "sourceAddresses": [ + "*" + ], + "sourceIpGroups": [], + "protocols": [ + { + "protocolType": "Https", + "port": 443 + } + ], + "targetFqdns": [], + "fqdnTags": [ + "WindowsUpdate" + ] + } + ] + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/firewallPolicies', parameters('policyname'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "value": "[parameters('policyname')]" + }, + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/firewallPolicies', parameters('policyname'))]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "vhubfw-deploy", + "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('vwanlocation')]" + }, + "fwname": { + "value": "[variables('vhubfwname')]" + }, + "fwtype": { + "value": "vWAN" + }, + "hubid": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhub-deploy'), '2019-10-01').outputs.id.value]" + }, + "hubpublicipcount": { + "value": 1 + }, + "fwpolicyid": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubfwpolicy-deploy'), '2019-10-01').outputs.id.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "fwname": { + "type": "string" + }, + "fwtype": { + "type": "string", + "metadata": { + "description": "Specify if the Azure Firewall should be deployed to VNet or Virtual WAN Hub" + }, + "allowedValues": [ + "VNet", + "vWAN" + ] + }, + "fwpolicyid": { + "type": "string", + "metadata": { + "description": "Resoruce ID to the Firewall Policy to associate with the Azure Firewall" + } + }, + "hubid": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Virtual Hub Resource ID, used when deploying Azure Firewall to Virtual WAN" + } + }, + "hubpublicipcount": { + "type": "int", + "defaultValue": 1, + "metadata": { + "description": "Specifies the number of public IPs to allocate to the firewall when deploying Azure Firewall to Virtual WAN" + } + }, + "subnetid": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "AzureFirewallSubnet ID, used when deploying Azure Firewall to Virtual Network" + } + }, + "publicipid": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Azure Firewall Public IP ID, used when deploying Azure Firewall to Virtual Network" + } + } + }, + "functions": [], + "variables": { + "hubfwproperties": { + "properties": { + "sku": { + "name": "AZFW_Hub", + "tier": "Standard" + }, + "virtualHub": { + "id": "[parameters('hubid')]" + }, + "hubIPAddresses": { + "publicIPs": { + "count": "[parameters('hubpublicipcount')]" + } + }, + "firewallPolicy": { + "id": "[parameters('fwpolicyid')]" + } + } + }, + "vnetfwproperties": { + "properties": { + "sku": { + "name": "AZFW_VNet", + "tier": "Standard" + }, + "ipConfigurations": [ + { + "name": "[format('{0}-vnetIPConf', parameters('fwname'))]", + "properties": { + "subnet": { + "id": "[parameters('subnetid')]" + }, + "publicIPAddress": { + "id": "[parameters('publicipid')]" + } + } + } + ], + "firewallPolicy": { + "id": "[parameters('fwpolicyid')]" + } + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/azureFirewalls", + "apiVersion": "2020-06-01", + "name": "[parameters('fwname')]", + "location": "[parameters('location')]", + "properties": "[if(equals(parameters('fwtype'), 'VNet'), variables('vnetfwproperties').properties, if(equals(parameters('fwtype'), 'vWAN'), variables('hubfwproperties').properties, null()))]" + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhub-deploy')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubfwpolicy-deploy')]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "vhubvpngw", + "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('vwanlocation')]" + }, + "hubvpngwname": { + "value": "[variables('vhubvpngwname')]" + }, + "hubid": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhub-deploy'), '2019-10-01').outputs.id.value]" + }, + "asn": { + "value": 65515 + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "hubvpngwname": { + "type": "string" + }, + "hubid": { + "type": "string", + "metadata": { + "description": "Virtual Hub ID" + } + }, + "asn": { + "type": "int", + "metadata": { + "description": "BGP AS-number for the VPN Gateway" + } + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/vpnGateways", + "apiVersion": "2020-06-01", + "name": "[parameters('hubvpngwname')]", + "location": "[parameters('location')]", + "properties": { + "virtualHub": { + "id": "[parameters('hubid')]" + }, + "bgpSettings": { + "asn": "[parameters('asn')]" + } + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/vpnGateways', parameters('hubvpngwname'))]" + }, + "name": { + "type": "string", + "value": "[parameters('hubvpngwname')]" + }, + "gwpublicip": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/vpnGateways', parameters('hubvpngwname'))).ipConfigurations[0].publicIpAddress]" + }, + "gwprivateip": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/vpnGateways', parameters('hubvpngwname'))).ipConfigurations[0].privateIpAddress]" + }, + "bgpasn": { + "type": "int", + "value": "[reference(resourceId('Microsoft.Network/vpnGateways', parameters('hubvpngwname'))).bgpSettings.asn]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhub-deploy')]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "vwanvpnsite-deploy", + "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "vpnsitename": { + "value": "[format('{0}-vpnsite', parameters('location'))]" + }, + "location": { + "value": "[parameters('vwanlocation')]" + }, + "addressprefix": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', variables('vnetname')), '2019-10-01').outputs.vnetaddress.value[0]]" + }, + "bgppeeringpddress": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vpngw-deploy'), '2019-10-01').outputs.vpngwbgpaddress.value]" + }, + "ipaddress": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vpngw-deploy'), '2019-10-01').outputs.vpngwip.value]" + }, + "remotesiteasn": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vpngw-deploy'), '2019-10-01').outputs.bgpasn.value]" + }, + "wanid": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vwan-deploy'), '2019-10-01').outputs.id.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vpnsitename": { + "type": "string" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "addressprefix": { + "type": "string", + "metadata": { + "description": "Specifices the VPN Sites local IP Addresses" + } + }, + "bgppeeringpddress": { + "type": "string", + "metadata": { + "description": "Specifices the VPN Sites BGP Peering IP Addresses" + } + }, + "ipaddress": { + "type": "string", + "metadata": { + "description": "Specifices the VPN Sites VPN Device IP Address" + } + }, + "wanid": { + "type": "string", + "metadata": { + "description": "Specifices the resource ID of the Virtual WAN where the VPN Site should be created" + } + }, + "remotesiteasn": { + "type": "int", + "metadata": { + "description": "BGP AS-Number used by the remote site" + } + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/vpnSites", + "apiVersion": "2020-06-01", + "name": "[parameters('vpnsitename')]", + "location": "[parameters('location')]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('addressprefix')]" + ] + }, + "bgpProperties": { + "asn": "[parameters('remotesiteasn')]", + "bgpPeeringAddress": "[parameters('bgppeeringpddress')]", + "peerWeight": 0 + }, + "deviceProperties": { + "linkSpeedInMbps": 0 + }, + "ipAddress": "[parameters('ipaddress')]", + "virtualWan": { + "id": "[parameters('wanid')]" + } + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/vpnSites', parameters('vpnsitename'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', variables('vnetname'))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vpngw-deploy')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vwan-deploy')]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "vhubs2s-deploy", + "resourceGroup": "[format('{0}-vwan-rg', parameters('nameprefix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "hubvpngwname": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubvpngw'), '2019-10-01').outputs.name.value]" + }, + "psk": { + "value": "[parameters('psk')]" + }, + "vpnsiteid": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vwanvpnsite-deploy'), '2019-10-01').outputs.id.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "hubvpngwname": { + "type": "string" + }, + "psk": { + "type": "secureString", + "metadata": { + "description": "Specifies the pre-shared key to use for the VPN Connection" + } + }, + "vpnsiteid": { + "type": "string", + "metadata": { + "description": "Specifies the resource id to the VWAN Vpn Site to connect to" + } + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/vpnGateways/vpnConnections", + "apiVersion": "2020-05-01", + "name": "[format('{0}/HubToOnPremConnection', parameters('hubvpngwname'))]", + "properties": { + "connectionBandwidth": 10, + "enableBgp": true, + "sharedKey": "[parameters('psk')]", + "remoteVpnSite": { + "id": "[parameters('vpnsiteid')]" + } + } + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubvpngw')]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-vwan-rg', parameters('nameprefix')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vwanvpnsite-deploy')]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "vnets2s-deploy", + "resourceGroup": "[format('{0}-hubvnet-rg', parameters('nameprefix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "localnetworkgwname": { + "value": "[variables('lgwname')]" + }, + "addressprefixes": { + "value": [ + "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhub-deploy'), '2019-10-01').outputs.vhubaddress.value]" + ] + }, + "connectionname": { + "value": "[variables('vpnconname')]" + }, + "bgppeeringpddress": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubvpngw'), '2019-10-01').outputs.gwprivateip.value]" + }, + "gwipaddress": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubvpngw'), '2019-10-01').outputs.gwpublicip.value]" + }, + "remotesiteasn": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubvpngw'), '2019-10-01').outputs.bgpasn.value]" + }, + "psk": { + "value": "[parameters('psk')]" + }, + "vpngwid": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vpngw-deploy'), '2019-10-01').outputs.id.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "localnetworkgwname": { + "type": "string" + }, + "connectionname": { + "type": "string", + "defaultValue": "onprem-hub-cn" + }, + "addressprefixes": { + "type": "array", + "metadata": { + "description": "Specifices the address prefixes of the remote site" + } + }, + "bgppeeringpddress": { + "type": "string", + "metadata": { + "description": "Specifices the VPN Sites BGP Peering IP Addresses" + } + }, + "gwipaddress": { + "type": "string", + "metadata": { + "description": "Specifices the VPN Sites VPN Device IP Address" + } + }, + "vpngwid": { + "type": "string", + "metadata": { + "description": "Specifices the resource ID of the VPN Gateway to connect to the site to site vpn" + } + }, + "psk": { + "type": "secureString", + "metadata": { + "description": "Specifies the pre-shared key to use for the VPN Connection" + } + }, + "remotesiteasn": { + "type": "int", + "metadata": { + "description": "BGP AS-number used by the remote site" + } + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/localNetworkGateways", + "apiVersion": "2020-06-01", + "name": "[parameters('localnetworkgwname')]", + "location": "[parameters('location')]", + "properties": { + "localNetworkAddressSpace": { + "addressPrefixes": "[parameters('addressprefixes')]" + }, + "gatewayIpAddress": "[parameters('gwipaddress')]", + "bgpSettings": { + "asn": "[parameters('remotesiteasn')]", + "bgpPeeringAddress": "[parameters('bgppeeringpddress')]" + } + } + }, + { + "type": "Microsoft.Network/connections", + "apiVersion": "2020-06-01", + "name": "[parameters('connectionname')]", + "location": "[parameters('location')]", + "properties": { + "connectionType": "IPsec", + "connectionProtocol": "IKEv2", + "virtualNetworkGateway1": { + "id": "[parameters('vpngwid')]", + "properties": {} + }, + "enableBgp": true, + "sharedKey": "[parameters('psk')]", + "localNetworkGateway2": { + "id": "[resourceId('Microsoft.Network/localNetworkGateways', parameters('localnetworkgwname'))]", + "properties": {} + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/localNetworkGateways', parameters('localnetworkgwname'))]" + ] + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('{0}-hubvnet-rg', parameters('nameprefix')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhub-deploy')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-vwan-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vhubvpngw')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('{0}-hubvnet-rg', parameters('nameprefix'))), 'Microsoft.Resources/deployments', 'vpngw-deploy')]" + ] + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "4227095110153456993" + } + } } \ No newline at end of file diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhub.bicep b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhub.bicep index ea5bab5e444..b4c744abad6 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhub.bicep +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhub.bicep @@ -1,16 +1,11 @@ param location string = resourceGroup().location param hubname string -param hubaddressprefix string { - default: '10.10.0.0/24' - metadata: { - description: 'Specifies the Virtual Hub Address Prefix.' - } -} -param wanid string { - metadata: { - description: 'Virtual WAN ID' - } -} + +@description('Specifies the Virtual Hub Address Prefix.') +param hubaddressprefix string = '10.10.0.0/24' + +@description('Virtual WAN ID') +param wanid string resource hub 'Microsoft.Network/virtualHubs@2020-06-01' = { name: hubname diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhub.json b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhub.json index 13c83b55266..8de5920d5b1 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhub.json +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhub.json @@ -1,62 +1,62 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "hubname": { - "type": "string" - }, - "hubaddressprefix": { - "type": "string", - "metadata": { - "description": "Specifies the Virtual Hub Address Prefix." - }, - "defaultValue": "10.10.0.0/24" - }, - "wanid": { - "type": "string", - "metadata": { - "description": "Virtual WAN ID" - } - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/virtualHubs", - "apiVersion": "2020-06-01", - "name": "[parameters('hubname')]", - "location": "[parameters('location')]", - "properties": { - "addressPrefix": "[parameters('hubaddressprefix')]", - "virtualWan": { - "id": "[parameters('wanid')]" - } - } - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/virtualHubs', parameters('hubname'))]" - }, - "name": { - "type": "string", - "value": "[parameters('hubname')]" - }, - "vhubaddress": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/virtualHubs', parameters('hubname'))).addressPrefix]" - } - }, - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "8037978691182688537" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "hubname": { + "type": "string" + }, + "hubaddressprefix": { + "type": "string", + "defaultValue": "10.10.0.0/24", + "metadata": { + "description": "Specifies the Virtual Hub Address Prefix." + } + }, + "wanid": { + "type": "string", + "metadata": { + "description": "Virtual WAN ID" + } + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/virtualHubs", + "apiVersion": "2020-06-01", + "name": "[parameters('hubname')]", + "location": "[parameters('location')]", + "properties": { + "addressPrefix": "[parameters('hubaddressprefix')]", + "virtualWan": { + "id": "[parameters('wanid')]" + } + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/virtualHubs', parameters('hubname'))]" + }, + "name": { + "type": "string", + "value": "[parameters('hubname')]" + }, + "vhubaddress": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/virtualHubs', parameters('hubname'))).addressPrefix]" + } + }, + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "17814864971989477056" + } + } } \ No newline at end of file diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhubvpngw.bicep b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhubvpngw.bicep index 690433d6f9a..57e3154664b 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhubvpngw.bicep +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhubvpngw.bicep @@ -1,15 +1,11 @@ param location string = resourceGroup().location param hubvpngwname string -param hubid string { - metadata: { - description: 'Virtual Hub ID' - } -} -param asn int { - metadata: { - description: 'BGP AS-number for the VPN Gateway' - } -} + +@description('Virtual Hub ID') +param hubid string + +@description('BGP AS-number for the VPN Gateway') +param asn int resource hubvpngw 'Microsoft.Network/vpnGateways@2020-06-01' = { name: hubvpngwname diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhubvpngwcon.bicep b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhubvpngwcon.bicep index 9f01172d876..d6aa01e0398 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhubvpngwcon.bicep +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vhubvpngwcon.bicep @@ -1,15 +1,11 @@ param hubvpngwname string -param psk string { - secure: true - metadata: { - description: 'Specifies the pre-shared key to use for the VPN Connection' - } -} -param vpnsiteid string { - metadata: { - description: 'Specifies the resource id to the VWAN Vpn Site to connect to' - } -} + +@secure() +@description('Specifies the pre-shared key to use for the VPN Connection') +param psk string + +@description('Specifies the resource id to the VWAN Vpn Site to connect to') +param vpnsiteid string resource hubvpnconnection 'Microsoft.Network/vpnGateways/vpnConnections@2020-05-01' = { name: '${hubvpngwname}/HubToOnPremConnection' diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnet.bicep b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnet.bicep index 1511253160c..28236baab54 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnet.bicep +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnet.bicep @@ -1,35 +1,20 @@ param location string = resourceGroup().location param vnetname string -param addressprefix string { - default: '10.0.1.0/24' - metadata: { - description: 'Specifies the VNet Address Prefix.' - } -} -param serversubnetprefix string { - default: '10.0.1.0/26' - metadata: { - description: 'Specifies the Subnet Address Prefix for the server subnet' - } -} -param bastionsubnetprefix string { - default: '10.0.1.64/26' - metadata: { - description: 'Specifies the Subnet Address Prefix for the bastion subnet' - } -} -param gatewaysubnetprefix string { - default: '10.0.1.128/26' - metadata: { - description: 'Specifies the Subnet Address Prefix for the GatewaySubnet' - } -} -param firewallsubnetprefix string { - default: '10.0.1.192/26' - metadata: { - description: 'Specifies the Subnet Address Prefix for the AzureFirewallSubnet' - } -} + +@description('Specifies the VNet Address Prefix.') +param addressprefix string = '10.0.1.0/24' + +@description('Specifies the Subnet Address Prefix for the server subnet') +param serversubnetprefix string = '10.0.1.0/26' + +@description('Specifies the Subnet Address Prefix for the bastion subnet') +param bastionsubnetprefix string = '10.0.1.64/26' + +@description('Specifies the Subnet Address Prefix for the GatewaySubnet') +param gatewaysubnetprefix string = '10.0.1.128/26' + +@description('Specifies the Subnet Address Prefix for the AzureFirewallSubnet') +param firewallsubnetprefix string = '10.0.1.192/26' var servernsgname = '${vnetname}-snet-servers-nsg' var bastionnsgname = '${vnetname}-AzureBastionSubnet-nsg' diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnet.json b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnet.json index 3afdb628438..765e5068e07 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnet.json +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnet.json @@ -1,225 +1,225 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "vnetname": { - "type": "string" - }, - "addressprefix": { - "type": "string", - "metadata": { - "description": "Specifies the VNet Address Prefix." - }, - "defaultValue": "10.0.1.0/24" - }, - "serversubnetprefix": { - "type": "string", - "metadata": { - "description": "Specifies the Subnet Address Prefix for the server subnet" - }, - "defaultValue": "10.0.1.0/26" - }, - "bastionsubnetprefix": { - "type": "string", - "metadata": { - "description": "Specifies the Subnet Address Prefix for the bastion subnet" - }, - "defaultValue": "10.0.1.64/26" - }, - "gatewaysubnetprefix": { - "type": "string", - "metadata": { - "description": "Specifies the Subnet Address Prefix for the GatewaySubnet" - }, - "defaultValue": "10.0.1.128/26" - }, - "firewallsubnetprefix": { - "type": "string", - "metadata": { - "description": "Specifies the Subnet Address Prefix for the AzureFirewallSubnet" - }, - "defaultValue": "10.0.1.192/26" - } - }, - "functions": [], - "variables": { - "servernsgname": "[format('{0}-snet-servers-nsg', parameters('vnetname'))]", - "bastionnsgname": "[format('{0}-AzureBastionSubnet-nsg', parameters('vnetname'))]", - "bastionnsgrules": { - "securityRules": [ - { - "name": "bastion-in-allow", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "sourceAddressPrefix": "*", - "destinationPortRange": "443", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 100, - "direction": "Inbound" - } - }, - { - "name": "bastion-control-in-allow", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "sourceAddressPrefix": "GatewayManager", - "destinationPortRanges": [ - "443", - "4443" - ], - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 120, - "direction": "Inbound" - } - }, - { - "name": "bastion-in-deny", - "properties": { - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Deny", - "priority": 4096, - "direction": "Inbound" - } - }, - { - "name": "bastion-vnet-ssh-out-allow", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "sourceAddressPrefix": "*", - "destinationPortRange": "22", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 100, - "direction": "Outbound" - } - }, - { - "name": "bastion-vnet-rdp-out-allow", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "sourceAddressPrefix": "*", - "destinationPortRange": "3389", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 110, - "direction": "Outbound" - } - }, - { - "name": "bastion-azure-out-allow", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "sourceAddressPrefix": "*", - "destinationPortRange": "443", - "destinationAddressPrefix": "AzureCloud", - "access": "Allow", - "priority": 120, - "direction": "Outbound" - } - } - ] - } - }, - "resources": [ - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2020-05-01", - "name": "[variables('servernsgname')]", - "location": "[parameters('location')]" - }, - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2020-06-01", - "name": "[variables('bastionnsgname')]", - "location": "[parameters('location')]", - "properties": { - "securityRules": "[variables('bastionnsgrules').securityRules]" - } - }, - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2020-05-01", - "name": "[parameters('vnetname')]", - "location": "[parameters('location')]", - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[parameters('addressprefix')]" - ] - }, - "subnets": [ - { - "name": "snet-servers", - "properties": { - "addressPrefix": "[parameters('serversubnetprefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('servernsgname'))]" - } - } - }, - { - "name": "AzureBastionSubnet", - "properties": { - "addressPrefix": "[parameters('bastionsubnetprefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('bastionnsgname'))]" - } - } - }, - { - "name": "GatewaySubnet", - "properties": { - "addressPrefix": "[parameters('gatewaysubnetprefix')]" - } - }, - { - "name": "AzureFirewallSubnet", - "properties": { - "addressPrefix": "[parameters('firewallsubnetprefix')]" - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('bastionnsgname'))]", - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('servernsgname'))]" - ] - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))]" - }, - "subnets": { - "type": "array", - "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))).subnets]" - }, - "vnetaddress": { - "type": "array", - "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))).addressSpace.addressPrefixes]" - } - }, - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "2338545732531257447" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "vnetname": { + "type": "string" + }, + "addressprefix": { + "type": "string", + "defaultValue": "10.0.1.0/24", + "metadata": { + "description": "Specifies the VNet Address Prefix." + } + }, + "serversubnetprefix": { + "type": "string", + "defaultValue": "10.0.1.0/26", + "metadata": { + "description": "Specifies the Subnet Address Prefix for the server subnet" + } + }, + "bastionsubnetprefix": { + "type": "string", + "defaultValue": "10.0.1.64/26", + "metadata": { + "description": "Specifies the Subnet Address Prefix for the bastion subnet" + } + }, + "gatewaysubnetprefix": { + "type": "string", + "defaultValue": "10.0.1.128/26", + "metadata": { + "description": "Specifies the Subnet Address Prefix for the GatewaySubnet" + } + }, + "firewallsubnetprefix": { + "type": "string", + "defaultValue": "10.0.1.192/26", + "metadata": { + "description": "Specifies the Subnet Address Prefix for the AzureFirewallSubnet" + } + } + }, + "functions": [], + "variables": { + "servernsgname": "[format('{0}-snet-servers-nsg', parameters('vnetname'))]", + "bastionnsgname": "[format('{0}-AzureBastionSubnet-nsg', parameters('vnetname'))]", + "bastionnsgrules": { + "securityRules": [ + { + "name": "bastion-in-allow", + "properties": { + "protocol": "Tcp", + "sourcePortRange": "*", + "sourceAddressPrefix": "*", + "destinationPortRange": "443", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + } + }, + { + "name": "bastion-control-in-allow", + "properties": { + "protocol": "Tcp", + "sourcePortRange": "*", + "sourceAddressPrefix": "GatewayManager", + "destinationPortRanges": [ + "443", + "4443" + ], + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 120, + "direction": "Inbound" + } + }, + { + "name": "bastion-in-deny", + "properties": { + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 4096, + "direction": "Inbound" + } + }, + { + "name": "bastion-vnet-ssh-out-allow", + "properties": { + "protocol": "Tcp", + "sourcePortRange": "*", + "sourceAddressPrefix": "*", + "destinationPortRange": "22", + "destinationAddressPrefix": "VirtualNetwork", + "access": "Allow", + "priority": 100, + "direction": "Outbound" + } + }, + { + "name": "bastion-vnet-rdp-out-allow", + "properties": { + "protocol": "Tcp", + "sourcePortRange": "*", + "sourceAddressPrefix": "*", + "destinationPortRange": "3389", + "destinationAddressPrefix": "VirtualNetwork", + "access": "Allow", + "priority": 110, + "direction": "Outbound" + } + }, + { + "name": "bastion-azure-out-allow", + "properties": { + "protocol": "Tcp", + "sourcePortRange": "*", + "sourceAddressPrefix": "*", + "destinationPortRange": "443", + "destinationAddressPrefix": "AzureCloud", + "access": "Allow", + "priority": 120, + "direction": "Outbound" + } + } + ] + } + }, + "resources": [ + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2020-05-01", + "name": "[variables('servernsgname')]", + "location": "[parameters('location')]" + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2020-06-01", + "name": "[variables('bastionnsgname')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": "[variables('bastionnsgrules').securityRules]" + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2020-05-01", + "name": "[parameters('vnetname')]", + "location": "[parameters('location')]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('addressprefix')]" + ] + }, + "subnets": [ + { + "name": "snet-servers", + "properties": { + "addressPrefix": "[parameters('serversubnetprefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('servernsgname'))]" + } + } + }, + { + "name": "AzureBastionSubnet", + "properties": { + "addressPrefix": "[parameters('bastionsubnetprefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('bastionnsgname'))]" + } + } + }, + { + "name": "GatewaySubnet", + "properties": { + "addressPrefix": "[parameters('gatewaysubnetprefix')]" + } + }, + { + "name": "AzureFirewallSubnet", + "properties": { + "addressPrefix": "[parameters('firewallsubnetprefix')]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('bastionnsgname'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('servernsgname'))]" + ] + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))]" + }, + "subnets": { + "type": "array", + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))).subnets]" + }, + "vnetaddress": { + "type": "array", + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))).addressSpace.addressPrefixes]" + } + }, + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "13901036147917229888" + } + } } \ No newline at end of file diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnetsitetosite.bicep b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnetsitetosite.bicep index 772c57ee335..520691f6f28 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnetsitetosite.bicep +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnetsitetosite.bicep @@ -1,37 +1,25 @@ param location string = resourceGroup().location param localnetworkgwname string param connectionname string = 'onprem-hub-cn' -param addressprefixes array { - metadata: { - description: 'Specifices the address prefixes of the remote site' - } -} -param bgppeeringpddress string { - metadata: { - description: 'Specifices the VPN Sites BGP Peering IP Addresses' - } -} -param gwipaddress string { - metadata: { - description: 'Specifices the VPN Sites VPN Device IP Address' - } -} -param vpngwid string { - metadata: { - description: 'Specifices the resource ID of the VPN Gateway to connect to the site to site vpn' - } -} -param psk string { - secure: true - metadata: { - description: 'Specifies the pre-shared key to use for the VPN Connection' - } -} -param remotesiteasn int { - metadata: { - description: 'BGP AS-number used by the remote site' - } -} + +@description('Specifices the address prefixes of the remote site') +param addressprefixes array + +@description('Specifices the VPN Sites BGP Peering IP Addresses') +param bgppeeringpddress string + +@description('Specifices the VPN Sites VPN Device IP Address') +param gwipaddress string + +@description('Specifices the resource ID of the VPN Gateway to connect to the site to site vpn') +param vpngwid string + +@secure() +@description('Specifies the pre-shared key to use for the VPN Connection') +param psk string + +@description('BGP AS-number used by the remote site') +param remotesiteasn int resource localnetworkgw 'Microsoft.Network/localNetworkGateways@2020-06-01' = { name: localnetworkgwname diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnetvpngw.bicep b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnetvpngw.bicep index 3b9e4917964..43f27896692 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnetvpngw.bicep +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vnetvpngw.bicep @@ -1,16 +1,12 @@ param location string = resourceGroup().location param vpngwpipname string param vpngwname string -param subnetref string { - metadata: { - description: 'Specifies the resource id of the subnet to connect the VM to.' - } -} -param asn int { - metadata: { - description: 'BGP AS-number to use for the VPN Gateway' - } -} + +@description('Specifies the resource id of the subnet to connect the VM to.') +param subnetref string + +@description('BGP AS-number to use for the VPN Gateway') +param asn int resource vpngwpip 'Microsoft.Network/publicIPAddresses@2020-06-01' = { name: vpngwpipname diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vwan.bicep b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vwan.bicep index 281601a3f7a..6413c6070e1 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vwan.bicep +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vwan.bicep @@ -1,15 +1,12 @@ param location string = resourceGroup().location param wanname string -param wantype string { - default: 'Standard' - allowed: [ - 'Standard' - 'Basic' - ] - metadata: { - description: 'Specifies the type of Virtual WAN.' - } -} + +@allowed([ + 'Standard' + 'Basic' +]) +@description('Specifies the type of Virtual WAN.') +param wantype string = 'Standard' resource wan 'Microsoft.Network/virtualWans@2020-06-01' = { name: wanname diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vwan.json b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vwan.json index 601ecfb61a0..70d8ade4415 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vwan.json +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vwan.json @@ -1,52 +1,52 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "wanname": { - "type": "string" - }, - "wantype": { - "type": "string", - "metadata": { - "description": "Specifies the type of Virtual WAN." - }, - "defaultValue": "Standard", - "allowedValues": [ - "Standard", - "Basic" - ] - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/virtualWans", - "apiVersion": "2020-06-01", - "name": "[parameters('wanname')]", - "location": "[parameters('location')]", - "properties": { - "type": "[parameters('wantype')]", - "disableVpnEncryption": false, - "allowBranchToBranchTraffic": true, - "office365LocalBreakoutCategory": "None" - } - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/virtualWans', parameters('wanname'))]" - } - }, - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "9960402964273790596" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "wanname": { + "type": "string" + }, + "wantype": { + "type": "string", + "defaultValue": "Standard", + "metadata": { + "description": "Specifies the type of Virtual WAN." + }, + "allowedValues": [ + "Standard", + "Basic" + ] + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/virtualWans", + "apiVersion": "2020-06-01", + "name": "[parameters('wanname')]", + "location": "[parameters('location')]", + "properties": { + "type": "[parameters('wantype')]", + "disableVpnEncryption": false, + "allowBranchToBranchTraffic": true, + "office365LocalBreakoutCategory": "None" + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/virtualWans', parameters('wanname'))]" + } + }, + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "2228582985603010524" + } + } } \ No newline at end of file diff --git a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vwanvpnsite.bicep b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vwanvpnsite.bicep index 5d78875c29a..39ccafde913 100644 --- a/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vwanvpnsite.bicep +++ b/docs/examples/301/modules-vwan-to-vnet-s2s-with-fw/vwanvpnsite.bicep @@ -1,30 +1,20 @@ param vpnsitename string param location string = resourceGroup().location -param addressprefix string { - metadata: { - description: 'Specifices the VPN Sites local IP Addresses' - } -} -param bgppeeringpddress string { - metadata: { - description: 'Specifices the VPN Sites BGP Peering IP Addresses' - } -} -param ipaddress string { - metadata: { - description: 'Specifices the VPN Sites VPN Device IP Address' - } -} -param wanid string { - metadata: { - description: 'Specifices the resource ID of the Virtual WAN where the VPN Site should be created' - } -} -param remotesiteasn int { - metadata: { - description: 'BGP AS-Number used by the remote site' - } -} + +@description('Specifices the VPN Sites local IP Addresses') +param addressprefix string + +@description('Specifices the VPN Sites BGP Peering IP Addresses') +param bgppeeringpddress string + +@description('Specifices the VPN Sites VPN Device IP Address') +param ipaddress string + +@description('Specifices the resource ID of the Virtual WAN where the VPN Site should be created') +param wanid string + +@description('BGP AS-Number used by the remote site') +param remotesiteasn int resource vpnsite 'Microsoft.Network/vpnSites@2020-06-01' = { name: vpnsitename diff --git a/docs/examples/301/nested-vms-in-virtual-network/main.bicep b/docs/examples/301/nested-vms-in-virtual-network/main.bicep index 25ee3fb0eec..5405eed4931 100644 --- a/docs/examples/301/nested-vms-in-virtual-network/main.bicep +++ b/docs/examples/301/nested-vms-in-virtual-network/main.bicep @@ -1,8 +1,8 @@ param _artifactsLocation string = 'https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/301-nested-vms-in-virtual-network/' -param _artifactsLocationSasToken string { - secure: true - default: '' -} + +@secure() +param _artifactsLocationSasToken string = '' + param location string = resourceGroup().location param HostPublicIPAddressName string = 'HVHOSTPIP' param virtualNetworkName string = 'VirtualNetwork' @@ -18,43 +18,42 @@ param azureVMsSubnetName string = 'Azure-VMs' param azureVMsSubnetPrefix string = '10.0.3.0/24' param HostNetworkInterface1Name string = 'HVHOSTNIC1' param HostNetworkInterface2Name string = 'HVHOSTNIC2' -param HostVirtualMachineName string { - default: 'HVHOST' - maxLength: 15 -} -param HostVirtualMachineSize string { - default: 'Standard_D4s_v3' - allowed: [ - 'Standard_D2_v3' - 'Standard_D4_v3' - 'Standard_D8_v3' - 'Standard_D16_v3' - 'Standard_D32_v3' - 'Standard_D2s_v3' - 'Standard_D4s_v3' - 'Standard_D8s_v3' - 'Standard_D16s_v3' - 'Standard_D32s_v3' - 'Standard_D64_v3' - 'Standard_E2_v3' - 'Standard_E4_v3' - 'Standard_E8_v3' - 'Standard_E16_v3' - 'Standard_E32_v3' - 'Standard_E64_v3' - 'Standard_D64s_v3' - 'Standard_E2s_v3' - 'Standard_E4s_v3' - 'Standard_E8s_v3' - 'Standard_E16s_v3' - 'Standard_E32s_v3' - 'Standard_E64s_v3' - ] -} + +@maxLength(15) +param HostVirtualMachineName string = 'HVHOST' + +@allowed([ + 'Standard_D2_v3' + 'Standard_D4_v3' + 'Standard_D8_v3' + 'Standard_D16_v3' + 'Standard_D32_v3' + 'Standard_D2s_v3' + 'Standard_D4s_v3' + 'Standard_D8s_v3' + 'Standard_D16s_v3' + 'Standard_D32s_v3' + 'Standard_D64_v3' + 'Standard_E2_v3' + 'Standard_E4_v3' + 'Standard_E8_v3' + 'Standard_E16_v3' + 'Standard_E32_v3' + 'Standard_E64_v3' + 'Standard_D64s_v3' + 'Standard_E2s_v3' + 'Standard_E4s_v3' + 'Standard_E8s_v3' + 'Standard_E16s_v3' + 'Standard_E32s_v3' + 'Standard_E64s_v3' +]) +param HostVirtualMachineSize string = 'Standard_D4s_v3' + param HostAdminUsername string -param HostAdminPassword string { - secure: true -} + +@secure() +param HostAdminPassword string var NATSubnetNSGName = '${NATSubnetName}NSG' var hyperVSubnetNSGName = '${hyperVSubnetName}NSG' diff --git a/docs/examples/301/nested-vms-in-virtual-network/main.json b/docs/examples/301/nested-vms-in-virtual-network/main.json index a070628da03..e3dfd36f215 100644 --- a/docs/examples/301/nested-vms-in-virtual-network/main.json +++ b/docs/examples/301/nested-vms-in-virtual-network/main.json @@ -1,867 +1,867 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "_artifactsLocation": { - "type": "string", - "defaultValue": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/301-nested-vms-in-virtual-network/" - }, - "_artifactsLocationSasToken": { - "type": "secureString", - "defaultValue": "" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "HostPublicIPAddressName": { - "type": "string", - "defaultValue": "HVHOSTPIP" - }, - "virtualNetworkName": { - "type": "string", - "defaultValue": "VirtualNetwork" - }, - "virtualNetworkAddressPrefix": { - "type": "string", - "defaultValue": "10.0.0.0/22" - }, - "NATSubnetName": { - "type": "string", - "defaultValue": "NAT" - }, - "NATSubnetPrefix": { - "type": "string", - "defaultValue": "10.0.0.0/24" - }, - "hyperVSubnetName": { - "type": "string", - "defaultValue": "Hyper-V-LAN" - }, - "hyperVSubnetPrefix": { - "type": "string", - "defaultValue": "10.0.1.0/24" - }, - "ghostedSubnetName": { - "type": "string", - "defaultValue": "Ghosted" - }, - "ghostedSubnetPrefix": { - "type": "string", - "defaultValue": "10.0.2.0/24" - }, - "azureVMsSubnetName": { - "type": "string", - "defaultValue": "Azure-VMs" - }, - "azureVMsSubnetPrefix": { - "type": "string", - "defaultValue": "10.0.3.0/24" - }, - "HostNetworkInterface1Name": { - "type": "string", - "defaultValue": "HVHOSTNIC1" - }, - "HostNetworkInterface2Name": { - "type": "string", - "defaultValue": "HVHOSTNIC2" - }, - "HostVirtualMachineName": { - "type": "string", - "maxLength": 15, - "defaultValue": "HVHOST" - }, - "HostVirtualMachineSize": { - "type": "string", - "defaultValue": "Standard_D4s_v3", - "allowedValues": [ - "Standard_D2_v3", - "Standard_D4_v3", - "Standard_D8_v3", - "Standard_D16_v3", - "Standard_D32_v3", - "Standard_D2s_v3", - "Standard_D4s_v3", - "Standard_D8s_v3", - "Standard_D16s_v3", - "Standard_D32s_v3", - "Standard_D64_v3", - "Standard_E2_v3", - "Standard_E4_v3", - "Standard_E8_v3", - "Standard_E16_v3", - "Standard_E32_v3", - "Standard_E64_v3", - "Standard_D64s_v3", - "Standard_E2s_v3", - "Standard_E4s_v3", - "Standard_E8s_v3", - "Standard_E16s_v3", - "Standard_E32s_v3", - "Standard_E64s_v3" - ] - }, - "HostAdminUsername": { - "type": "string" - }, - "HostAdminPassword": { - "type": "secureString" - } - }, - "functions": [], - "variables": { - "NATSubnetNSGName": "[format('{0}NSG', parameters('NATSubnetName'))]", - "hyperVSubnetNSGName": "[format('{0}NSG', parameters('hyperVSubnetName'))]", - "ghostedSubnetNSGName": "[format('{0}NSG', parameters('ghostedSubnetName'))]", - "azureVMsSubnetNSGName": "[format('{0}NSG', parameters('azureVMsSubnetName'))]", - "azureVMsSubnetUDRName": "[format('{0}UDR', parameters('azureVMsSubnetName'))]", - "DSCInstallWindowsFeaturesUri": "[uri(parameters('_artifactsLocation'), format('dsc/dscinstallwindowsfeatures.zip{0}', parameters('_artifactsLocationSasToken')))]", - "HVHostSetupScriptUri": "[uri(parameters('_artifactsLocation'), format('hvhostsetup.ps1{0}', parameters('_artifactsLocationSasToken')))]" - }, - "resources": [ - { - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2019-04-01", - "name": "[parameters('HostPublicIPAddressName')]", - "location": "[parameters('location')]", - "sku": { - "name": "Basic" - }, - "properties": { - "publicIPAllocationMethod": "Dynamic", - "dnsSettings": { - "domainNameLabel": "[toLower(format('{0}-{1}', parameters('HostVirtualMachineName'), uniqueString(resourceGroup().id)))]" - } - } - }, - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2019-04-01", - "name": "[variables('NATSubnetNSGName')]", - "location": "[parameters('location')]", - "properties": {} - }, - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2019-04-01", - "name": "[variables('hyperVSubnetNSGName')]", - "location": "[parameters('location')]", - "properties": {} - }, - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2019-04-01", - "name": "[variables('ghostedSubnetNSGName')]", - "location": "[parameters('location')]", - "properties": {} - }, - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2019-04-01", - "name": "[variables('azureVMsSubnetNSGName')]", - "location": "[parameters('location')]", - "properties": {} - }, - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2019-04-01", - "name": "[parameters('virtualNetworkName')]", - "location": "[parameters('location')]", - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[parameters('virtualNetworkAddressPrefix')]" - ] - }, - "subnets": [ - { - "name": "[parameters('NATSubnetName')]", - "properties": { - "addressPrefix": "[parameters('NATSubnetPrefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('NATSubnetNSGName'))]" - } - } - }, - { - "name": "[parameters('hyperVSubnetName')]", - "properties": { - "addressPrefix": "[parameters('hyperVSubnetPrefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('hyperVSubnetNSGName'))]" - } - } - }, - { - "name": "[parameters('ghostedSubnetName')]", - "properties": { - "addressPrefix": "[parameters('ghostedSubnetPrefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('ghostedSubnetNSGName'))]" - } - } - }, - { - "name": "[parameters('azureVMsSubnetName')]", - "properties": { - "addressPrefix": "[parameters('azureVMsSubnetPrefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('azureVMsSubnetNSGName'))]" - }, - "routeTable": { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'udrDeploy'), '2019-10-01').outputs.udrId.value]" - } - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('azureVMsSubnetNSGName'))]", - "[resourceId('Microsoft.Resources/deployments', 'udrDeploy')]", - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('ghostedSubnetNSGName'))]", - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('hyperVSubnetNSGName'))]", - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('NATSubnetNSGName'))]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2019-03-01", - "name": "[parameters('HostVirtualMachineName')]", - "location": "[parameters('location')]", - "properties": { - "hardwareProfile": { - "vmSize": "[parameters('HostVirtualMachineSize')]" - }, - "storageProfile": { - "imageReference": { - "publisher": "MicrosoftWindowsServer", - "offer": "WindowsServer", - "sku": "2016-Datacenter", - "version": "latest" - }, - "osDisk": { - "name": "[format('{0}OsDisk', parameters('HostVirtualMachineName'))]", - "createOption": "FromImage", - "managedDisk": { - "storageAccountType": "Premium_LRS" - }, - "caching": "ReadWrite" - }, - "dataDisks": [ - { - "lun": 0, - "name": "[format('{0}DataDisk1', parameters('HostVirtualMachineName'))]", - "createOption": "Empty", - "diskSizeGB": 1024, - "caching": "ReadOnly", - "managedDisk": { - "storageAccountType": "Premium_LRS" - } - } - ] - }, - "osProfile": { - "computerName": "[parameters('HostVirtualMachineName')]", - "adminUsername": "[parameters('HostAdminUsername')]", - "adminPassword": "[parameters('HostAdminPassword')]" - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'createNic1'), '2019-10-01').outputs.nicId.value]", - "properties": { - "primary": true - } - }, - { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'createNic2'), '2019-10-01').outputs.nicId.value]", - "properties": { - "primary": false - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'createNic1')]", - "[resourceId('Microsoft.Resources/deployments', 'createNic2')]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2019-03-01", - "name": "[format('{0}/InstallWindowsFeatures', parameters('HostVirtualMachineName'))]", - "location": "[parameters('location')]", - "properties": { - "publisher": "Microsoft.Powershell", - "type": "DSC", - "typeHandlerVersion": "2.77", - "autoUpgradeMinorVersion": true, - "settings": { - "wmfVersion": "latest", - "configuration": { - "url": "[variables('DSCInstallWindowsFeaturesUri')]", - "script": "DSCInstallWindowsFeatures.ps1", - "function": "InstallWindowsFeatures" - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('HostVirtualMachineName'))]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2019-03-01", - "name": "[format('{0}/HVHOSTSetup', parameters('HostVirtualMachineName'))]", - "location": "[parameters('location')]", - "properties": { - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.9", - "autoUpgradeMinorVersion": true, - "settings": { - "fileUris": [ - "[variables('HVHostSetupScriptUri')]" - ], - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File HVHostSetup.ps1 -NIC1IPAddress {0} -NIC2IPAddress {1} -GhostedSubnetPrefix {2} -VirtualNetworkPrefix {3}', reference(resourceId('Microsoft.Resources/deployments', 'createNic1'), '2019-10-01').outputs.assignedIp.value, reference(resourceId('Microsoft.Resources/deployments', 'createNic2'), '2019-10-01').outputs.assignedIp.value, parameters('ghostedSubnetPrefix'), parameters('virtualNetworkAddressPrefix'))]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'createNic1')]", - "[resourceId('Microsoft.Resources/deployments', 'createNic2')]", - "[resourceId('Microsoft.Compute/virtualMachines', parameters('HostVirtualMachineName'))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "createNic1", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "nicName": { - "value": "[parameters('HostNetworkInterface1Name')]" - }, - "subnetId": { - "value": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')), parameters('NATSubnetName'))]" - }, - "pipId": { - "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('HostPublicIPAddressName'))]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "nicName": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "subnetId": { - "type": "string" - }, - "pipId": { - "type": "string", - "defaultValue": "" - }, - "ipAllocationMethod": { - "type": "string", - "defaultValue": "Dynamic", - "allowedValues": [ - "Dynamic", - "Static" - ] - }, - "staticIpAddress": { - "type": "string", - "defaultValue": "" - }, - "enableIPForwarding": { - "type": "bool", - "defaultValue": false - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2020-06-01", - "name": "[parameters('nicName')]", - "location": "[parameters('location')]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig", - "properties": { - "primary": true, - "privateIPAllocationMethod": "[parameters('ipAllocationMethod')]", - "privateIPAddress": "[if(equals(parameters('pipId'), ''), null(), parameters('staticIpAddress'))]", - "subnet": { - "id": "[parameters('subnetId')]" - }, - "publicIPAddress": "[if(equals(parameters('pipId'), ''), null(), createObject('id', parameters('pipId')))]" - } - } - ], - "enableIPForwarding": "[parameters('enableIPForwarding')]" - } - } - ], - "outputs": { - "nicId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))]" - }, - "assignedIp": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))).ipConfigurations[0].properties.privateIPAddress]" - } - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('HostPublicIPAddressName'))]", - "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "createNic2", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "nicName": { - "value": "[parameters('HostNetworkInterface2Name')]" - }, - "enableIPForwarding": { - "value": true - }, - "subnetId": { - "value": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')), parameters('hyperVSubnetName'))]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "nicName": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "subnetId": { - "type": "string" - }, - "pipId": { - "type": "string", - "defaultValue": "" - }, - "ipAllocationMethod": { - "type": "string", - "defaultValue": "Dynamic", - "allowedValues": [ - "Dynamic", - "Static" - ] - }, - "staticIpAddress": { - "type": "string", - "defaultValue": "" - }, - "enableIPForwarding": { - "type": "bool", - "defaultValue": false - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2020-06-01", - "name": "[parameters('nicName')]", - "location": "[parameters('location')]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig", - "properties": { - "primary": true, - "privateIPAllocationMethod": "[parameters('ipAllocationMethod')]", - "privateIPAddress": "[if(equals(parameters('pipId'), ''), null(), parameters('staticIpAddress'))]", - "subnet": { - "id": "[parameters('subnetId')]" - }, - "publicIPAddress": "[if(equals(parameters('pipId'), ''), null(), createObject('id', parameters('pipId')))]" - } - } - ], - "enableIPForwarding": "[parameters('enableIPForwarding')]" - } - } - ], - "outputs": { - "nicId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))]" - }, - "assignedIp": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))).ipConfigurations[0].properties.privateIPAddress]" - } - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "updateNic1", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "ipAllocationMethod": { - "value": "Static" - }, - "staticIpAddress": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'createNic1'), '2019-10-01').outputs.assignedIp.value]" - }, - "nicName": { - "value": "[parameters('HostNetworkInterface1Name')]" - }, - "subnetId": { - "value": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')), parameters('NATSubnetName'))]" - }, - "pipId": { - "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('HostPublicIPAddressName'))]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "nicName": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "subnetId": { - "type": "string" - }, - "pipId": { - "type": "string", - "defaultValue": "" - }, - "ipAllocationMethod": { - "type": "string", - "defaultValue": "Dynamic", - "allowedValues": [ - "Dynamic", - "Static" - ] - }, - "staticIpAddress": { - "type": "string", - "defaultValue": "" - }, - "enableIPForwarding": { - "type": "bool", - "defaultValue": false - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2020-06-01", - "name": "[parameters('nicName')]", - "location": "[parameters('location')]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig", - "properties": { - "primary": true, - "privateIPAllocationMethod": "[parameters('ipAllocationMethod')]", - "privateIPAddress": "[if(equals(parameters('pipId'), ''), null(), parameters('staticIpAddress'))]", - "subnet": { - "id": "[parameters('subnetId')]" - }, - "publicIPAddress": "[if(equals(parameters('pipId'), ''), null(), createObject('id', parameters('pipId')))]" - } - } - ], - "enableIPForwarding": "[parameters('enableIPForwarding')]" - } - } - ], - "outputs": { - "nicId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))]" - }, - "assignedIp": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))).ipConfigurations[0].properties.privateIPAddress]" - } - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'createNic1')]", - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('HostPublicIPAddressName'))]", - "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "updateNic2", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "ipAllocationMethod": { - "value": "Static" - }, - "staticIpAddress": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'createNic2'), '2019-10-01').outputs.assignedIp.value]" - }, - "nicName": { - "value": "[parameters('HostNetworkInterface2Name')]" - }, - "enableIPForwarding": { - "value": true - }, - "subnetId": { - "value": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')), parameters('hyperVSubnetName'))]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "nicName": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "subnetId": { - "type": "string" - }, - "pipId": { - "type": "string", - "defaultValue": "" - }, - "ipAllocationMethod": { - "type": "string", - "defaultValue": "Dynamic", - "allowedValues": [ - "Dynamic", - "Static" - ] - }, - "staticIpAddress": { - "type": "string", - "defaultValue": "" - }, - "enableIPForwarding": { - "type": "bool", - "defaultValue": false - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2020-06-01", - "name": "[parameters('nicName')]", - "location": "[parameters('location')]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig", - "properties": { - "primary": true, - "privateIPAllocationMethod": "[parameters('ipAllocationMethod')]", - "privateIPAddress": "[if(equals(parameters('pipId'), ''), null(), parameters('staticIpAddress'))]", - "subnet": { - "id": "[parameters('subnetId')]" - }, - "publicIPAddress": "[if(equals(parameters('pipId'), ''), null(), createObject('id', parameters('pipId')))]" - } - } - ], - "enableIPForwarding": "[parameters('enableIPForwarding')]" - } - } - ], - "outputs": { - "nicId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))]" - }, - "assignedIp": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))).ipConfigurations[0].properties.privateIPAddress]" - } - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'createNic2')]", - "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "udrDeploy", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "udrName": { - "value": "[variables('azureVMsSubnetUDRName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "udrName": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "addressPrefix": { - "type": "string", - "defaultValue": "" - }, - "nextHopAddress": { - "type": "string", - "defaultValue": "" - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/routeTables", - "apiVersion": "2020-06-01", - "name": "[parameters('udrName')]", - "location": "[parameters('location')]", - "properties": { - "routes": "[if(equals(parameters('addressPrefix'), ''), null(), createArray(createObject('name', 'Nested-VMs', 'properties', createObject('addressPrefix', parameters('addressPrefix'), 'nextHopType', 'VirtualAppliance', 'nextHopIpAddress', parameters('nextHopAddress')))))]" - } - } - ], - "outputs": { - "udrId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/routeTables', parameters('udrName'))]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "udrUpdate", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "udrName": { - "value": "[variables('azureVMsSubnetUDRName')]" - }, - "addressPrefix": { - "value": "[parameters('ghostedSubnetPrefix')]" - }, - "nextHopAddress": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'createNic2'), '2019-10-01').outputs.assignedIp.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "udrName": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "addressPrefix": { - "type": "string", - "defaultValue": "" - }, - "nextHopAddress": { - "type": "string", - "defaultValue": "" - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/routeTables", - "apiVersion": "2020-06-01", - "name": "[parameters('udrName')]", - "location": "[parameters('location')]", - "properties": { - "routes": "[if(equals(parameters('addressPrefix'), ''), null(), createArray(createObject('name', 'Nested-VMs', 'properties', createObject('addressPrefix', parameters('addressPrefix'), 'nextHopType', 'VirtualAppliance', 'nextHopIpAddress', parameters('nextHopAddress')))))]" - } - } - ], - "outputs": { - "udrId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/routeTables', parameters('udrName'))]" - } - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'createNic2')]" - ] - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "6333407413510019552" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "_artifactsLocation": { + "type": "string", + "defaultValue": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/301-nested-vms-in-virtual-network/" + }, + "_artifactsLocationSasToken": { + "type": "secureString", + "defaultValue": "" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "HostPublicIPAddressName": { + "type": "string", + "defaultValue": "HVHOSTPIP" + }, + "virtualNetworkName": { + "type": "string", + "defaultValue": "VirtualNetwork" + }, + "virtualNetworkAddressPrefix": { + "type": "string", + "defaultValue": "10.0.0.0/22" + }, + "NATSubnetName": { + "type": "string", + "defaultValue": "NAT" + }, + "NATSubnetPrefix": { + "type": "string", + "defaultValue": "10.0.0.0/24" + }, + "hyperVSubnetName": { + "type": "string", + "defaultValue": "Hyper-V-LAN" + }, + "hyperVSubnetPrefix": { + "type": "string", + "defaultValue": "10.0.1.0/24" + }, + "ghostedSubnetName": { + "type": "string", + "defaultValue": "Ghosted" + }, + "ghostedSubnetPrefix": { + "type": "string", + "defaultValue": "10.0.2.0/24" + }, + "azureVMsSubnetName": { + "type": "string", + "defaultValue": "Azure-VMs" + }, + "azureVMsSubnetPrefix": { + "type": "string", + "defaultValue": "10.0.3.0/24" + }, + "HostNetworkInterface1Name": { + "type": "string", + "defaultValue": "HVHOSTNIC1" + }, + "HostNetworkInterface2Name": { + "type": "string", + "defaultValue": "HVHOSTNIC2" + }, + "HostVirtualMachineName": { + "type": "string", + "defaultValue": "HVHOST", + "maxLength": 15 + }, + "HostVirtualMachineSize": { + "type": "string", + "defaultValue": "Standard_D4s_v3", + "allowedValues": [ + "Standard_D2_v3", + "Standard_D4_v3", + "Standard_D8_v3", + "Standard_D16_v3", + "Standard_D32_v3", + "Standard_D2s_v3", + "Standard_D4s_v3", + "Standard_D8s_v3", + "Standard_D16s_v3", + "Standard_D32s_v3", + "Standard_D64_v3", + "Standard_E2_v3", + "Standard_E4_v3", + "Standard_E8_v3", + "Standard_E16_v3", + "Standard_E32_v3", + "Standard_E64_v3", + "Standard_D64s_v3", + "Standard_E2s_v3", + "Standard_E4s_v3", + "Standard_E8s_v3", + "Standard_E16s_v3", + "Standard_E32s_v3", + "Standard_E64s_v3" + ] + }, + "HostAdminUsername": { + "type": "string" + }, + "HostAdminPassword": { + "type": "secureString" + } + }, + "functions": [], + "variables": { + "NATSubnetNSGName": "[format('{0}NSG', parameters('NATSubnetName'))]", + "hyperVSubnetNSGName": "[format('{0}NSG', parameters('hyperVSubnetName'))]", + "ghostedSubnetNSGName": "[format('{0}NSG', parameters('ghostedSubnetName'))]", + "azureVMsSubnetNSGName": "[format('{0}NSG', parameters('azureVMsSubnetName'))]", + "azureVMsSubnetUDRName": "[format('{0}UDR', parameters('azureVMsSubnetName'))]", + "DSCInstallWindowsFeaturesUri": "[uri(parameters('_artifactsLocation'), format('dsc/dscinstallwindowsfeatures.zip{0}', parameters('_artifactsLocationSasToken')))]", + "HVHostSetupScriptUri": "[uri(parameters('_artifactsLocation'), format('hvhostsetup.ps1{0}', parameters('_artifactsLocationSasToken')))]" + }, + "resources": [ + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2019-04-01", + "name": "[parameters('HostPublicIPAddressName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Basic" + }, + "properties": { + "publicIPAllocationMethod": "Dynamic", + "dnsSettings": { + "domainNameLabel": "[toLower(format('{0}-{1}', parameters('HostVirtualMachineName'), uniqueString(resourceGroup().id)))]" + } + } + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2019-04-01", + "name": "[variables('NATSubnetNSGName')]", + "location": "[parameters('location')]", + "properties": {} + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2019-04-01", + "name": "[variables('hyperVSubnetNSGName')]", + "location": "[parameters('location')]", + "properties": {} + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2019-04-01", + "name": "[variables('ghostedSubnetNSGName')]", + "location": "[parameters('location')]", + "properties": {} + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2019-04-01", + "name": "[variables('azureVMsSubnetNSGName')]", + "location": "[parameters('location')]", + "properties": {} + }, + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2019-04-01", + "name": "[parameters('virtualNetworkName')]", + "location": "[parameters('location')]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('virtualNetworkAddressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[parameters('NATSubnetName')]", + "properties": { + "addressPrefix": "[parameters('NATSubnetPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('NATSubnetNSGName'))]" + } + } + }, + { + "name": "[parameters('hyperVSubnetName')]", + "properties": { + "addressPrefix": "[parameters('hyperVSubnetPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('hyperVSubnetNSGName'))]" + } + } + }, + { + "name": "[parameters('ghostedSubnetName')]", + "properties": { + "addressPrefix": "[parameters('ghostedSubnetPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('ghostedSubnetNSGName'))]" + } + } + }, + { + "name": "[parameters('azureVMsSubnetName')]", + "properties": { + "addressPrefix": "[parameters('azureVMsSubnetPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('azureVMsSubnetNSGName'))]" + }, + "routeTable": { + "id": "[reference(resourceId('Microsoft.Resources/deployments', 'udrDeploy'), '2019-10-01').outputs.udrId.value]" + } + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('azureVMsSubnetNSGName'))]", + "[resourceId('Microsoft.Resources/deployments', 'udrDeploy')]", + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('ghostedSubnetNSGName'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('hyperVSubnetNSGName'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('NATSubnetNSGName'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2019-03-01", + "name": "[parameters('HostVirtualMachineName')]", + "location": "[parameters('location')]", + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('HostVirtualMachineSize')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2016-Datacenter", + "version": "latest" + }, + "osDisk": { + "name": "[format('{0}OsDisk', parameters('HostVirtualMachineName'))]", + "createOption": "FromImage", + "managedDisk": { + "storageAccountType": "Premium_LRS" + }, + "caching": "ReadWrite" + }, + "dataDisks": [ + { + "lun": 0, + "name": "[format('{0}DataDisk1', parameters('HostVirtualMachineName'))]", + "createOption": "Empty", + "diskSizeGB": 1024, + "caching": "ReadOnly", + "managedDisk": { + "storageAccountType": "Premium_LRS" + } + } + ] + }, + "osProfile": { + "computerName": "[parameters('HostVirtualMachineName')]", + "adminUsername": "[parameters('HostAdminUsername')]", + "adminPassword": "[parameters('HostAdminPassword')]" + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[reference(resourceId('Microsoft.Resources/deployments', 'createNic1'), '2019-10-01').outputs.nicId.value]", + "properties": { + "primary": true + } + }, + { + "id": "[reference(resourceId('Microsoft.Resources/deployments', 'createNic2'), '2019-10-01').outputs.nicId.value]", + "properties": { + "primary": false + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', 'createNic1')]", + "[resourceId('Microsoft.Resources/deployments', 'createNic2')]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2019-03-01", + "name": "[format('{0}/InstallWindowsFeatures', parameters('HostVirtualMachineName'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.Powershell", + "type": "DSC", + "typeHandlerVersion": "2.77", + "autoUpgradeMinorVersion": true, + "settings": { + "wmfVersion": "latest", + "configuration": { + "url": "[variables('DSCInstallWindowsFeaturesUri')]", + "script": "DSCInstallWindowsFeatures.ps1", + "function": "InstallWindowsFeatures" + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('HostVirtualMachineName'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2019-03-01", + "name": "[format('{0}/HVHOSTSetup', parameters('HostVirtualMachineName'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.9", + "autoUpgradeMinorVersion": true, + "settings": { + "fileUris": [ + "[variables('HVHostSetupScriptUri')]" + ], + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File HVHostSetup.ps1 -NIC1IPAddress {0} -NIC2IPAddress {1} -GhostedSubnetPrefix {2} -VirtualNetworkPrefix {3}', reference(resourceId('Microsoft.Resources/deployments', 'createNic1'), '2019-10-01').outputs.assignedIp.value, reference(resourceId('Microsoft.Resources/deployments', 'createNic2'), '2019-10-01').outputs.assignedIp.value, parameters('ghostedSubnetPrefix'), parameters('virtualNetworkAddressPrefix'))]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', 'createNic1')]", + "[resourceId('Microsoft.Resources/deployments', 'createNic2')]", + "[resourceId('Microsoft.Compute/virtualMachines', parameters('HostVirtualMachineName'))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "createNic1", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "nicName": { + "value": "[parameters('HostNetworkInterface1Name')]" + }, + "subnetId": { + "value": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')), parameters('NATSubnetName'))]" + }, + "pipId": { + "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('HostPublicIPAddressName'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "nicName": { + "type": "string" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "subnetId": { + "type": "string" + }, + "pipId": { + "type": "string", + "defaultValue": "" + }, + "ipAllocationMethod": { + "type": "string", + "defaultValue": "Dynamic", + "allowedValues": [ + "Dynamic", + "Static" + ] + }, + "staticIpAddress": { + "type": "string", + "defaultValue": "" + }, + "enableIPForwarding": { + "type": "bool", + "defaultValue": false + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2020-06-01", + "name": "[parameters('nicName')]", + "location": "[parameters('location')]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "primary": true, + "privateIPAllocationMethod": "[parameters('ipAllocationMethod')]", + "privateIPAddress": "[if(equals(parameters('pipId'), ''), null(), parameters('staticIpAddress'))]", + "subnet": { + "id": "[parameters('subnetId')]" + }, + "publicIPAddress": "[if(equals(parameters('pipId'), ''), null(), createObject('id', parameters('pipId')))]" + } + } + ], + "enableIPForwarding": "[parameters('enableIPForwarding')]" + } + } + ], + "outputs": { + "nicId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))]" + }, + "assignedIp": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))).ipConfigurations[0].properties.privateIPAddress]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('HostPublicIPAddressName'))]", + "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "createNic2", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "nicName": { + "value": "[parameters('HostNetworkInterface2Name')]" + }, + "enableIPForwarding": { + "value": true + }, + "subnetId": { + "value": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')), parameters('hyperVSubnetName'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "nicName": { + "type": "string" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "subnetId": { + "type": "string" + }, + "pipId": { + "type": "string", + "defaultValue": "" + }, + "ipAllocationMethod": { + "type": "string", + "defaultValue": "Dynamic", + "allowedValues": [ + "Dynamic", + "Static" + ] + }, + "staticIpAddress": { + "type": "string", + "defaultValue": "" + }, + "enableIPForwarding": { + "type": "bool", + "defaultValue": false + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2020-06-01", + "name": "[parameters('nicName')]", + "location": "[parameters('location')]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "primary": true, + "privateIPAllocationMethod": "[parameters('ipAllocationMethod')]", + "privateIPAddress": "[if(equals(parameters('pipId'), ''), null(), parameters('staticIpAddress'))]", + "subnet": { + "id": "[parameters('subnetId')]" + }, + "publicIPAddress": "[if(equals(parameters('pipId'), ''), null(), createObject('id', parameters('pipId')))]" + } + } + ], + "enableIPForwarding": "[parameters('enableIPForwarding')]" + } + } + ], + "outputs": { + "nicId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))]" + }, + "assignedIp": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))).ipConfigurations[0].properties.privateIPAddress]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "updateNic1", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "ipAllocationMethod": { + "value": "Static" + }, + "staticIpAddress": { + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'createNic1'), '2019-10-01').outputs.assignedIp.value]" + }, + "nicName": { + "value": "[parameters('HostNetworkInterface1Name')]" + }, + "subnetId": { + "value": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')), parameters('NATSubnetName'))]" + }, + "pipId": { + "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('HostPublicIPAddressName'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "nicName": { + "type": "string" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "subnetId": { + "type": "string" + }, + "pipId": { + "type": "string", + "defaultValue": "" + }, + "ipAllocationMethod": { + "type": "string", + "defaultValue": "Dynamic", + "allowedValues": [ + "Dynamic", + "Static" + ] + }, + "staticIpAddress": { + "type": "string", + "defaultValue": "" + }, + "enableIPForwarding": { + "type": "bool", + "defaultValue": false + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2020-06-01", + "name": "[parameters('nicName')]", + "location": "[parameters('location')]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "primary": true, + "privateIPAllocationMethod": "[parameters('ipAllocationMethod')]", + "privateIPAddress": "[if(equals(parameters('pipId'), ''), null(), parameters('staticIpAddress'))]", + "subnet": { + "id": "[parameters('subnetId')]" + }, + "publicIPAddress": "[if(equals(parameters('pipId'), ''), null(), createObject('id', parameters('pipId')))]" + } + } + ], + "enableIPForwarding": "[parameters('enableIPForwarding')]" + } + } + ], + "outputs": { + "nicId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))]" + }, + "assignedIp": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))).ipConfigurations[0].properties.privateIPAddress]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', 'createNic1')]", + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('HostPublicIPAddressName'))]", + "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "updateNic2", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "ipAllocationMethod": { + "value": "Static" + }, + "staticIpAddress": { + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'createNic2'), '2019-10-01').outputs.assignedIp.value]" + }, + "nicName": { + "value": "[parameters('HostNetworkInterface2Name')]" + }, + "enableIPForwarding": { + "value": true + }, + "subnetId": { + "value": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')), parameters('hyperVSubnetName'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "nicName": { + "type": "string" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "subnetId": { + "type": "string" + }, + "pipId": { + "type": "string", + "defaultValue": "" + }, + "ipAllocationMethod": { + "type": "string", + "defaultValue": "Dynamic", + "allowedValues": [ + "Dynamic", + "Static" + ] + }, + "staticIpAddress": { + "type": "string", + "defaultValue": "" + }, + "enableIPForwarding": { + "type": "bool", + "defaultValue": false + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2020-06-01", + "name": "[parameters('nicName')]", + "location": "[parameters('location')]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "primary": true, + "privateIPAllocationMethod": "[parameters('ipAllocationMethod')]", + "privateIPAddress": "[if(equals(parameters('pipId'), ''), null(), parameters('staticIpAddress'))]", + "subnet": { + "id": "[parameters('subnetId')]" + }, + "publicIPAddress": "[if(equals(parameters('pipId'), ''), null(), createObject('id', parameters('pipId')))]" + } + } + ], + "enableIPForwarding": "[parameters('enableIPForwarding')]" + } + } + ], + "outputs": { + "nicId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))]" + }, + "assignedIp": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))).ipConfigurations[0].properties.privateIPAddress]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', 'createNic2')]", + "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "udrDeploy", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "udrName": { + "value": "[variables('azureVMsSubnetUDRName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "udrName": { + "type": "string" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "addressPrefix": { + "type": "string", + "defaultValue": "" + }, + "nextHopAddress": { + "type": "string", + "defaultValue": "" + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/routeTables", + "apiVersion": "2020-06-01", + "name": "[parameters('udrName')]", + "location": "[parameters('location')]", + "properties": { + "routes": "[if(equals(parameters('addressPrefix'), ''), null(), createArray(createObject('name', 'Nested-VMs', 'properties', createObject('addressPrefix', parameters('addressPrefix'), 'nextHopType', 'VirtualAppliance', 'nextHopIpAddress', parameters('nextHopAddress')))))]" + } + } + ], + "outputs": { + "udrId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/routeTables', parameters('udrName'))]" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "udrUpdate", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "udrName": { + "value": "[variables('azureVMsSubnetUDRName')]" + }, + "addressPrefix": { + "value": "[parameters('ghostedSubnetPrefix')]" + }, + "nextHopAddress": { + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'createNic2'), '2019-10-01').outputs.assignedIp.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "udrName": { + "type": "string" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "addressPrefix": { + "type": "string", + "defaultValue": "" + }, + "nextHopAddress": { + "type": "string", + "defaultValue": "" + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/routeTables", + "apiVersion": "2020-06-01", + "name": "[parameters('udrName')]", + "location": "[parameters('location')]", + "properties": { + "routes": "[if(equals(parameters('addressPrefix'), ''), null(), createArray(createObject('name', 'Nested-VMs', 'properties', createObject('addressPrefix', parameters('addressPrefix'), 'nextHopType', 'VirtualAppliance', 'nextHopIpAddress', parameters('nextHopAddress')))))]" + } + } + ], + "outputs": { + "udrId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/routeTables', parameters('udrName'))]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', 'createNic2')]" + ] + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "7524364292299147799" + } + } } \ No newline at end of file diff --git a/docs/examples/301/nested-vms-in-virtual-network/nic.bicep b/docs/examples/301/nested-vms-in-virtual-network/nic.bicep index 8be90617efe..2b5b1cfd1eb 100644 --- a/docs/examples/301/nested-vms-in-virtual-network/nic.bicep +++ b/docs/examples/301/nested-vms-in-virtual-network/nic.bicep @@ -2,13 +2,13 @@ param nicName string param location string = resourceGroup().location param subnetId string param pipId string = '' -param ipAllocationMethod string { - default: 'Dynamic' - allowed: [ - 'Dynamic' - 'Static' - ] -} + +@allowed([ + 'Dynamic' + 'Static' +]) +param ipAllocationMethod string = 'Dynamic' + param staticIpAddress string = '' param enableIPForwarding bool = false diff --git a/docs/examples/301/web-app-managed-identity-sql-db/main.bicep b/docs/examples/301/web-app-managed-identity-sql-db/main.bicep index a471fe82d51..a056118106a 100644 --- a/docs/examples/301/web-app-managed-identity-sql-db/main.bicep +++ b/docs/examples/301/web-app-managed-identity-sql-db/main.bicep @@ -4,33 +4,30 @@ param location string = resourceGroup().location // Web App params -param skuName string { - allowed: [ - 'F1' - 'D1' - 'B1' - 'B2' - 'B3' - 'S1' - 'S2' - 'S3' - 'P1' - 'P2' - 'P3' - 'P4' - ] - default: 'F1' -} -param skuCapacity int { - minValue: 1 - default: 1 -} +@allowed([ + 'F1' + 'D1' + 'B1' + 'B2' + 'B3' + 'S1' + 'S2' + 'S3' + 'P1' + 'P2' + 'P3' + 'P4' +]) +param skuName string = 'F1' + +@minValue(1) +param skuCapacity int = 1 // Data params param sqlAdministratorLogin string -param sqlAdministratorLoginPassword string { - secure: true -} + +@secure() +param sqlAdministratorLoginPassword string // Managed Identity params param managedIdentityName string diff --git a/docs/examples/301/web-app-managed-identity-sql-db/main.json b/docs/examples/301/web-app-managed-identity-sql-db/main.json index 5719a422491..d90c20c9378 100644 --- a/docs/examples/301/web-app-managed-identity-sql-db/main.json +++ b/docs/examples/301/web-app-managed-identity-sql-db/main.json @@ -1,185 +1,185 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "skuName": { - "type": "string", - "defaultValue": "F1", - "allowedValues": [ - "F1", - "D1", - "B1", - "B2", - "B3", - "S1", - "S2", - "S3", - "P1", - "P2", - "P3", - "P4" - ] - }, - "skuCapacity": { - "type": "int", - "minValue": 1, - "defaultValue": 1 - }, - "sqlAdministratorLogin": { - "type": "string" - }, - "sqlAdministratorLoginPassword": { - "type": "secureString" - }, - "managedIdentityName": { - "type": "string" - }, - "roleDefinitionId": { - "type": "string", - "defaultValue": "b24988ac-6180-42a0-ab88-20f7382dd24c" - } - }, - "functions": [], - "variables": { - "hostingPlanName": "[format('hostingplan{0}', uniqueString(resourceGroup().id))]", - "webSiteName": "[format('webSite{0}', uniqueString(resourceGroup().id))]", - "sqlserverName": "[format('sqlserver{0}', uniqueString(resourceGroup().id))]", - "databaseName": "sampledb" - }, - "resources": [ - { - "type": "Microsoft.Sql/servers", - "apiVersion": "2019-06-01-preview", - "name": "[variables('sqlserverName')]", - "location": "[parameters('location')]", - "properties": { - "administratorLogin": "[parameters('sqlAdministratorLogin')]", - "administratorLoginPassword": "[parameters('sqlAdministratorLoginPassword')]", - "version": "12.0" - } - }, - { - "type": "Microsoft.Sql/servers/databases", - "apiVersion": "2020-08-01-preview", - "name": "[format('{0}/{1}', variables('sqlserverName'), variables('databaseName'))]", - "location": "[parameters('location')]", - "sku": { - "name": "Basic" - }, - "properties": { - "collation": "SQL_Latin1_General_CP1_CI_AS", - "maxSizeBytes": 1073741824 - }, - "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]" - ] - }, - { - "type": "Microsoft.Sql/servers/firewallRules", - "apiVersion": "2014-04-01", - "name": "[format('{0}/AllowAllWindowsAzureIps', variables('sqlserverName'))]", - "properties": { - "endIpAddress": "0.0.0.0", - "startIpAddress": "0.0.0.0" - }, - "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]" - ] - }, - { - "type": "Microsoft.Web/serverfarms", - "apiVersion": "2020-06-01", - "name": "[variables('hostingPlanName')]", - "location": "[parameters('location')]", - "sku": { - "name": "[parameters('skuName')]", - "capacity": "[parameters('skuCapacity')]" - } - }, - { - "type": "Microsoft.Web/sites", - "apiVersion": "2020-06-01", - "name": "[variables('webSiteName')]", - "location": "[parameters('location')]", - "tags": { - "[format('hidden-related:{0}', resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName')))]": "empty", - "displayName": "Website" - }, - "properties": { - "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]" - }, - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName'))]": {} - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]", - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName'))]" - ] - }, - { - "type": "Microsoft.Web/sites/config", - "apiVersion": "2020-06-01", - "name": "[format('{0}/connectionstrings', variables('webSiteName'))]", - "properties": { - "DefaultConnection": { - "value": "[format('Data Source=tcp:{0},1433;Initial Catalog={1};User Id={2}@{3};Password={4};', reference(resourceId('Microsoft.Sql/servers', variables('sqlserverName'))).fullyQualifiedDomainName, variables('databaseName'), parameters('sqlAdministratorLogin'), reference(resourceId('Microsoft.Sql/servers', variables('sqlserverName'))).fullyQualifiedDomainName, parameters('sqlAdministratorLoginPassword'))]", - "type": "SQLAzure" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]", - "[resourceId('Microsoft.Web/sites', variables('webSiteName'))]" - ] - }, - { - "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2018-11-30", - "name": "[parameters('managedIdentityName')]", - "location": "[parameters('location')]" - }, - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2020-04-01-preview", - "name": "[guid(parameters('roleDefinitionId'), resourceGroup().id)]", - "properties": { - "principalType": "ServicePrincipal", - "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]", - "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName'))).principalId]" - }, - "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName'))]" - ] - }, - { - "type": "Microsoft.Insights/components", - "apiVersion": "2018-05-01-preview", - "name": "[format('AppInsights{0}', variables('webSiteName'))]", - "location": "[parameters('location')]", - "tags": { - "[format('hidden-link:{0}', resourceId('Microsoft.Web/sites', variables('webSiteName')))]": "Resource", - "displayName": "AppInsightsComponent" - }, - "kind": "web", - "properties": { - "Application_Type": "web" - }, - "dependsOn": [ - "[resourceId('Microsoft.Web/sites', variables('webSiteName'))]" - ] - } - ], - "metadata": { - "_generator": { - "name": "bicep", - "version": "dev", - "templateHash": "12165021661873143399" - } - } +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "skuName": { + "type": "string", + "defaultValue": "F1", + "allowedValues": [ + "F1", + "D1", + "B1", + "B2", + "B3", + "S1", + "S2", + "S3", + "P1", + "P2", + "P3", + "P4" + ] + }, + "skuCapacity": { + "type": "int", + "defaultValue": 1, + "minValue": 1 + }, + "sqlAdministratorLogin": { + "type": "string" + }, + "sqlAdministratorLoginPassword": { + "type": "secureString" + }, + "managedIdentityName": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string", + "defaultValue": "b24988ac-6180-42a0-ab88-20f7382dd24c" + } + }, + "functions": [], + "variables": { + "hostingPlanName": "[format('hostingplan{0}', uniqueString(resourceGroup().id))]", + "webSiteName": "[format('webSite{0}', uniqueString(resourceGroup().id))]", + "sqlserverName": "[format('sqlserver{0}', uniqueString(resourceGroup().id))]", + "databaseName": "sampledb" + }, + "resources": [ + { + "type": "Microsoft.Sql/servers", + "apiVersion": "2019-06-01-preview", + "name": "[variables('sqlserverName')]", + "location": "[parameters('location')]", + "properties": { + "administratorLogin": "[parameters('sqlAdministratorLogin')]", + "administratorLoginPassword": "[parameters('sqlAdministratorLoginPassword')]", + "version": "12.0" + } + }, + { + "type": "Microsoft.Sql/servers/databases", + "apiVersion": "2020-08-01-preview", + "name": "[format('{0}/{1}', variables('sqlserverName'), variables('databaseName'))]", + "location": "[parameters('location')]", + "sku": { + "name": "Basic" + }, + "properties": { + "collation": "SQL_Latin1_General_CP1_CI_AS", + "maxSizeBytes": 1073741824 + }, + "dependsOn": [ + "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]" + ] + }, + { + "type": "Microsoft.Sql/servers/firewallRules", + "apiVersion": "2014-04-01", + "name": "[format('{0}/AllowAllWindowsAzureIps', variables('sqlserverName'))]", + "properties": { + "endIpAddress": "0.0.0.0", + "startIpAddress": "0.0.0.0" + }, + "dependsOn": [ + "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]" + ] + }, + { + "type": "Microsoft.Web/serverfarms", + "apiVersion": "2020-06-01", + "name": "[variables('hostingPlanName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('skuName')]", + "capacity": "[parameters('skuCapacity')]" + } + }, + { + "type": "Microsoft.Web/sites", + "apiVersion": "2020-06-01", + "name": "[variables('webSiteName')]", + "location": "[parameters('location')]", + "tags": { + "[format('hidden-related:{0}', resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName')))]": "empty", + "displayName": "Website" + }, + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]" + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName'))]": {} + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]", + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName'))]" + ] + }, + { + "type": "Microsoft.Web/sites/config", + "apiVersion": "2020-06-01", + "name": "[format('{0}/connectionstrings', variables('webSiteName'))]", + "properties": { + "DefaultConnection": { + "value": "[format('Data Source=tcp:{0},1433;Initial Catalog={1};User Id={2}@{3};Password={4};', reference(resourceId('Microsoft.Sql/servers', variables('sqlserverName'))).fullyQualifiedDomainName, variables('databaseName'), parameters('sqlAdministratorLogin'), reference(resourceId('Microsoft.Sql/servers', variables('sqlserverName'))).fullyQualifiedDomainName, parameters('sqlAdministratorLoginPassword'))]", + "type": "SQLAzure" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]", + "[resourceId('Microsoft.Web/sites', variables('webSiteName'))]" + ] + }, + { + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2018-11-30", + "name": "[parameters('managedIdentityName')]", + "location": "[parameters('location')]" + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(parameters('roleDefinitionId'), resourceGroup().id)]", + "properties": { + "principalType": "ServicePrincipal", + "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]", + "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName'))).principalId]" + }, + "dependsOn": [ + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName'))]" + ] + }, + { + "type": "Microsoft.Insights/components", + "apiVersion": "2018-05-01-preview", + "name": "[format('AppInsights{0}', variables('webSiteName'))]", + "location": "[parameters('location')]", + "tags": { + "[format('hidden-link:{0}', resourceId('Microsoft.Web/sites', variables('webSiteName')))]": "Resource", + "displayName": "AppInsightsComponent" + }, + "kind": "web", + "properties": { + "Application_Type": "web" + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/sites', variables('webSiteName'))]" + ] + } + ], + "metadata": { + "_generator": { + "name": "bicep", + "version": "dev", + "templateHash": "16780435478716734303" + } + } } \ No newline at end of file