From 910430d4712d0a6ea2a924c9ec6d40c1ecc8f1fd Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Fri, 11 Nov 2022 16:45:15 +0000 Subject: [PATCH] Add DDoS & Custom DNS Support (#22) --- README.md | 2 + docs/wiki/Example-1-Hub-and-Spoke.md | 9 +++ docs/wiki/Example-2-Virtual-WAN.md | 9 +++ ...ample-3-Use-With-Existing-Subscriptions.md | 9 +++ main.bicep | 43 ++++++++++--- main.bicep.parameters.md | 63 ++++++++++++++----- src/self/subResourceWrapper/deploy.bicep | 8 +++ src/self/subResourceWrapper/readme.md | 20 ++++++ 8 files changed, 142 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index a7c9375e..3dd2bf67 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,8 @@ This is currently split logically into the following capabilities: - Networking - deploy a Virtual Network with, optional: - Hub & spoke connectivity (peering to a hub Virtual Network) - Virtual WAN connectivity (peering to a Virtual Hub via a Virtual Hub Connection) + - Link to existing DDoS Network Protection Plan + - Specify Custom DNS Servers - Role assignments - Tags diff --git a/docs/wiki/Example-1-Hub-and-Spoke.md b/docs/wiki/Example-1-Hub-and-Spoke.md index 98eb1a7e..aa38ad8b 100644 --- a/docs/wiki/Example-1-Hub-and-Spoke.md +++ b/docs/wiki/Example-1-Hub-and-Spoke.md @@ -72,6 +72,15 @@ Here is a simple example parameter file for deploying a landing zone (Subscripti "10.0.0.0/16" ] }, + "virtualNetworkDnsServers": { + "value": [ + "10.4.1.4", + "10.2.1.5" + ] + }, + "virtualNetworkDdosPlanId": { + "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-hub-network-001/providers/Microsoft.Network/ddosProtectionPlans/ddos-001" + }, "virtualNetworkPeeringEnabled": { "value": true }, diff --git a/docs/wiki/Example-2-Virtual-WAN.md b/docs/wiki/Example-2-Virtual-WAN.md index 9e97f824..75db9529 100644 --- a/docs/wiki/Example-2-Virtual-WAN.md +++ b/docs/wiki/Example-2-Virtual-WAN.md @@ -74,6 +74,15 @@ Here is a simple example parameter file for deploying a landing zone (Subscripti "10.1.0.0/24" ] }, + "virtualNetworkDnsServers": { + "value": [ + "10.4.1.4", + "10.2.1.5" + ] + }, + "virtualNetworkDdosPlanId": { + "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-hub-network-001/providers/Microsoft.Network/ddosProtectionPlans/ddos-001" + }, "virtualNetworkPeeringEnabled": { "value": true }, diff --git a/docs/wiki/Example-3-Use-With-Existing-Subscriptions.md b/docs/wiki/Example-3-Use-With-Existing-Subscriptions.md index 3d25697b..af3e0e6c 100644 --- a/docs/wiki/Example-3-Use-With-Existing-Subscriptions.md +++ b/docs/wiki/Example-3-Use-With-Existing-Subscriptions.md @@ -74,6 +74,15 @@ Here is a simple example parameter file for deploying a landing zone (Subscripti "10.0.0.0/16" ] }, + "virtualNetworkDnsServers": { + "value": [ + "10.4.1.4", + "10.2.1.5" + ] + }, + "virtualNetworkDdosPlanId": { + "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-hub-network-001/providers/Microsoft.Network/ddosProtectionPlans/ddos-001" + }, "virtualNetworkPeeringEnabled": { "value": true }, diff --git a/main.bicep b/main.bicep index 1448e67d..04db029f 100644 --- a/main.bicep +++ b/main.bicep @@ -32,7 +32,7 @@ The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). T > The value for this parameter and the parameter named `subscriptionAliasName` are usually set to the same value for simplicity. But they can be different if required for a reason. -> **Not required when providing an exisiting Subscription ID via the paramater `existingSubscriptionId`** +> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`** - Type: String - Default value: `''` *(empty string)* @@ -47,7 +47,7 @@ param subscriptionDisplayName string = '' The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters. -> **Not required when providing an exisiting Subscription ID via the paramater `existingSubscriptionId`** +> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`** - Type: String - Default value: `''` *(empty string)* @@ -63,7 +63,7 @@ A valid Billing Scope starts with `/providers/Microsoft.Billing/billingAccounts/ > See below [example in parameter file](#parameter-file) for an example -> **Not required when providing an exisiting Subscription ID via the paramater `existingSubscriptionId`** +> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`** - Type: String - Default value: `''` *(empty string)* @@ -79,7 +79,7 @@ param subscriptionBillingScope string = '' ]) @sys.description('''The workload type can be either `Production` or `DevTest` and is case sensitive. -> **Not required when providing an exisiting Subscription ID via the paramater `existingSubscriptionId`** +> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`** - Type: String ''') @@ -192,7 +192,7 @@ param virtualNetworkResourceGroupLockEnabled bool = true @metadata({ example: 'uksouth' }) -@sys.description('''The location of the virtual network. Use region shortnames e.g. `uksouth`, `eastus`, etc. Defaults to the region where the ARM/Bicep deployment is targetted to unless overridden. +@sys.description('''The location of the virtual network. Use region shortnames e.g. `uksouth`, `eastus`, etc. Defaults to the region where the ARM/Bicep deployment is targeted to unless overridden. - Type: String ''') @@ -217,7 +217,7 @@ param virtualNetworkName string = '' }) @sys.description('''An object of tag key/value pairs to be set on the Virtual Network that is created. -> **NOTE:** Tags will be overwritten on resoruce if any exist already. +> **NOTE:** Tags will be overwritten on resource if any exist already. - Type: `{}` Object - Default value: `{}` *(empty object)* @@ -236,6 +236,33 @@ param virtualNetworkTags object = {} ''') param virtualNetworkAddressSpace array = [] +@metadata({ + example: [ + '10.4.1.4' + '10.2.1.5' + ] +}) +@sys.description('''The custom DNS servers to use on the Virtual Network, e.g. `["10.4.1.4", "10.2.1.5"]`. If left empty (default) then Azure DNS will be used for the Virtual Network. + +- Type: `[]` Array +- Default value: `[]` *(empty array)* +''') +param virtualNetworkDnsServers array = [] + +@metadata({ + example: '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Network/ddosProtectionPlans/xxxxxxxxxx' +}) +@sys.description('''The resource ID of an existing DDoS Network Protection Plan that you wish to link to this Virtual Network. + +**Example Expected Values:** +- `''` (empty string) +- DDoS Netowrk Protection Plan Resource ID: `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Network/ddosProtectionPlans/xxxxxxxxxx` + +- Type: String +- Default value: `''` *(empty string)* +''') +param virtualNetworkDdosPlanId string = '' + @metadata({ example: true }) @@ -373,7 +400,7 @@ param roleAssignments array = [] }) @sys.description('''Disable telemetry collection by this module. -For more information on the telemtery collected by this module, that is controlled by this parameter, see this page in the wiki: [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/bicep-lz-vending/wiki/Telemetry) +For more information on the telemetry collected by this module, that is controlled by this parameter, see this page in the wiki: [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/bicep-lz-vending/wiki/Telemetry) ''') param disableTelemetry bool = false @@ -430,6 +457,8 @@ module createSubscriptionResources 'src/self/subResourceWrapper/deploy.bicep' = virtualNetworkName: virtualNetworkName virtualNetworkTags: virtualNetworkTags virtualNetworkAddressSpace: virtualNetworkAddressSpace + virtualNetworkDnsServers: virtualNetworkDnsServers + virtualNetworkDdosPlanId: virtualNetworkDdosPlanId virtualNetworkPeeringEnabled: virtualNetworkPeeringEnabled hubNetworkResourceId: hubNetworkResourceId virtualNetworkUseRemoteGateways: virtualNetworkUseRemoteGateways diff --git a/main.bicep.parameters.md b/main.bicep.parameters.md index beea487d..c780b59d 100644 --- a/main.bicep.parameters.md +++ b/main.bicep.parameters.md @@ -11,10 +11,10 @@ This is the orchestration module that is used and called by a consumer of the mo Parameter name | Required | Description -------------- | -------- | ----------- subscriptionAliasEnabled | No | Whether to create a new Subscription using the Subscription Alias resource. If `false`, supply an existing Subscription's ID in the parameter named `existingSubscriptionId` instead to deploy resources to an existing Subscription. - Type: Boolean -subscriptionDisplayName | No | The name of the subscription alias. The string must be comprised of a-z, A-Z, 0-9, - and _. The maximum length is 63 characters. The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters. > The value for this parameter and the parameter named `subscriptionAliasName` are usually set to the same value for simplicity. But they can be different if required for a reason. > **Not required when providing an exisiting Subscription ID via the paramater `existingSubscriptionId`** - Type: String - Default value: `''` *(empty string)* -subscriptionAliasName | No | The name of the Subscription Alias, that will be created by this module. The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters. > **Not required when providing an exisiting Subscription ID via the paramater `existingSubscriptionId`** - Type: String - Default value: `''` *(empty string)* -subscriptionBillingScope | No | The Billing Scope for the new Subscription alias, that will be created by this module. A valid Billing Scope starts with `/providers/Microsoft.Billing/billingAccounts/` and is case sensitive. > See below [example in parameter file](#parameter-file) for an example > **Not required when providing an exisiting Subscription ID via the paramater `existingSubscriptionId`** - Type: String - Default value: `''` *(empty string)* -subscriptionWorkload | No | The workload type can be either `Production` or `DevTest` and is case sensitive. > **Not required when providing an exisiting Subscription ID via the paramater `existingSubscriptionId`** - Type: String +subscriptionDisplayName | No | The name of the subscription alias. The string must be comprised of a-z, A-Z, 0-9, - and _. The maximum length is 63 characters. The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters. > The value for this parameter and the parameter named `subscriptionAliasName` are usually set to the same value for simplicity. But they can be different if required for a reason. > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`** - Type: String - Default value: `''` *(empty string)* +subscriptionAliasName | No | The name of the Subscription Alias, that will be created by this module. The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters. > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`** - Type: String - Default value: `''` *(empty string)* +subscriptionBillingScope | No | The Billing Scope for the new Subscription alias, that will be created by this module. A valid Billing Scope starts with `/providers/Microsoft.Billing/billingAccounts/` and is case sensitive. > See below [example in parameter file](#parameter-file) for an example > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`** - Type: String - Default value: `''` *(empty string)* +subscriptionWorkload | No | The workload type can be either `Production` or `DevTest` and is case sensitive. > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`** - Type: String existingSubscriptionId | No | An existing subscription ID. Use this when you do not want the module to create a new subscription. But do want to manage the management group membership. A subscription ID should be provided in the example format `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`. - Type: String - Default value: `''` *(empty string)* subscriptionManagementGroupAssociationEnabled | No | Whether to move the Subscription to the specified Management Group supplied in the parameter `subscriptionManagementGroupId`. - Type: Boolean subscriptionManagementGroupId | No | The destination Management Group ID for the new Subscription that will be created by this module (or the existing one provided in the parameter `existingSubscriptionId`). **IMPORTANT:** Do not supply the display name of the Management Group. The Management Group ID forms part of the Azure Resource ID. e.g., `/providers/Microsoft.Management/managementGroups/{managementGroupId}`. > See below [example in parameter file](#parameter-file) for an example - Type: String - Default value: `''` *(empty string)* @@ -23,10 +23,12 @@ virtualNetworkEnabled | No | Whether to create a Virtual Network or not. virtualNetworkResourceGroupName | No | The name of the Resource Group to create the Virtual Network in that is created by this module. - Type: String - Default value: `''` *(empty string)* virtualNetworkResourceGroupTags | No | An object of Tag key & value pairs to be appended to the Resource Group that the Virtual Network is created in. > **NOTE:** Tags will only be overwritten if existing tag exists with same key as provided in this parameter; values provided here win. - Type: `{}` Object - Default value: `{}` *(empty object)* virtualNetworkResourceGroupLockEnabled | No | Enables the deployment of a `CanNotDelete` resource locks to the Virtual Networks Resource Group that is created by this module. - Type: Boolean -virtualNetworkLocation | No | The location of the virtual network. Use region shortnames e.g. `uksouth`, `eastus`, etc. Defaults to the region where the ARM/Bicep deployment is targetted to unless overridden. - Type: String +virtualNetworkLocation | No | The location of the virtual network. Use region shortnames e.g. `uksouth`, `eastus`, etc. Defaults to the region where the ARM/Bicep deployment is targeted to unless overridden. - Type: String virtualNetworkName | No | The name of the virtual network. The string must consist of a-z, A-Z, 0-9, -, _, and . (period) and be between 2 and 64 characters in length. - Type: String - Default value: `''` *(empty string)* -virtualNetworkTags | No | An object of tag key/value pairs to be set on the Virtual Network that is created. > **NOTE:** Tags will be overwritten on resoruce if any exist already. - Type: `{}` Object - Default value: `{}` *(empty object)* +virtualNetworkTags | No | An object of tag key/value pairs to be set on the Virtual Network that is created. > **NOTE:** Tags will be overwritten on resource if any exist already. - Type: `{}` Object - Default value: `{}` *(empty object)* virtualNetworkAddressSpace | No | The address space of the Virtual Network that will be created by this module, supplied as multiple CIDR blocks in an array, e.g. `["10.0.0.0/16","172.16.0.0/12"]` - Type: `[]` Array - Default value: `[]` *(empty array)* +virtualNetworkDnsServers | No | The custom DNS servers to use on the Virtual Network, e.g. `["10.4.1.4", "10.2.1.5"]`. If left empty (default) then Azure DNS will be used for the Virtual Network. - Type: `[]` Array - Default value: `[]` *(empty array)* +virtualNetworkDdosPlanId | No | The resource ID of an existing DDoS Network Protection Plan that you wish to link to this Virtual Network. **Example Expected Values:** - `''` (empty string) - DDoS Netowrk Protection Plan Resource ID: `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Network/ddosProtectionPlans/xxxxxxxxxx` - Type: String - Default value: `''` *(empty string)* virtualNetworkPeeringEnabled | No | Whether to enable peering/connection with the supplied hub Virtual Network or Virtual WAN Virtual Hub. - Type: Boolean hubNetworkResourceId | No | The resource ID of the Virtual Network or Virtual WAN Hub in the hub to which the created Virtual Network, by this module, will be peered/connected to via Virtual Network Peering or a Virtual WAN Virtual Hub Connection. **Example Expected Values:** - `''` (empty string) - Hub Virtual Network Resource ID: `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Network/virtualNetworks/xxxxxxxxxx` - Virtual WAN Virtual Hub Resource ID: `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Network/virtualHubs/xxxxxxxxxx` - Type: String - Default value: `''` *(empty string)* virtualNetworkUseRemoteGateways | No | Enables the use of remote gateways in the specified hub virtual network. > **IMPORTANT:** If no gateways exist in the hub virtual network, set this to `false`, otherwise peering will fail to create. - Type: Boolean @@ -35,7 +37,7 @@ virtualNetworkVwanPropagatedRouteTablesResourceIds | No | An array of of o virtualNetworkVwanPropagatedLabels | No | An array of virtual hub route table labels to propagate routes to. If left blank/empty the default label will be propagated to only. - Type: `[]` Array - Default value: `[]` *(empty array)* roleAssignmentEnabled | No | Whether to create role assignments or not. If true, supply the array of role assignment objects in the parameter called `roleAssignments`. - Type: Boolean roleAssignments | No | Supply an array of objects containing the details of the role assignments to create. Each object must contain the following `keys`: - `principalId` = The Object ID of the User, Group, SPN, Managed Identity to assign the RBAC role too. - `definition` = The Name of built-In RBAC Roles or a Resource ID of a Built-in or custom RBAC Role Definition. - `relativeScope` = 2 options can be provided for input value: 1. `''` *(empty string)* = Make RBAC Role Assignment to Subscription scope 2. `'/resourceGroups/'` = Make RBAC Role Assignment to specified Resource Group > See below [example in parameter file](#parameter-file) of various combinations - Type: `[]` Array - Default value: `[]` *(empty array)* -disableTelemetry | No | Disable telemetry collection by this module. For more information on the telemtery collected by this module, that is controlled by this parameter, see this page in the wiki: [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/bicep-lz-vending/wiki/Telemetry) +disableTelemetry | No | Disable telemetry collection by this module. For more information on the telemetry collected by this module, that is controlled by this parameter, see this page in the wiki: [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/bicep-lz-vending/wiki/Telemetry) ### subscriptionAliasEnabled @@ -58,7 +60,7 @@ The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). T > The value for this parameter and the parameter named `subscriptionAliasName` are usually set to the same value for simplicity. But they can be different if required for a reason. -> **Not required when providing an exisiting Subscription ID via the paramater `existingSubscriptionId`** +> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`** - Type: String - Default value: `''` *(empty string)* @@ -72,7 +74,7 @@ The name of the Subscription Alias, that will be created by this module. The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters. -> **Not required when providing an exisiting Subscription ID via the paramater `existingSubscriptionId`** +> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`** - Type: String - Default value: `''` *(empty string)* @@ -88,7 +90,7 @@ A valid Billing Scope starts with `/providers/Microsoft.Billing/billingAccounts/ > See below [example in parameter file](#parameter-file) for an example -> **Not required when providing an exisiting Subscription ID via the paramater `existingSubscriptionId`** +> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`** - Type: String - Default value: `''` *(empty string)* @@ -100,7 +102,7 @@ A valid Billing Scope starts with `/providers/Microsoft.Billing/billingAccounts/ The workload type can be either `Production` or `DevTest` and is case sensitive. -> **Not required when providing an exisiting Subscription ID via the paramater `existingSubscriptionId`** +> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`** - Type: String @@ -214,7 +216,7 @@ Enables the deployment of a `CanNotDelete` resource locks to the Virtual Network ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -The location of the virtual network. Use region shortnames e.g. `uksouth`, `eastus`, etc. Defaults to the region where the ARM/Bicep deployment is targetted to unless overridden. +The location of the virtual network. Use region shortnames e.g. `uksouth`, `eastus`, etc. Defaults to the region where the ARM/Bicep deployment is targeted to unless overridden. - Type: String @@ -237,7 +239,7 @@ The name of the virtual network. The string must consist of a-z, A-Z, 0-9, -, _, An object of tag key/value pairs to be set on the Virtual Network that is created. -> **NOTE:** Tags will be overwritten on resoruce if any exist already. +> **NOTE:** Tags will be overwritten on resource if any exist already. - Type: `{}` Object - Default value: `{}` *(empty object)* @@ -253,6 +255,30 @@ The address space of the Virtual Network that will be created by this module, su - Default value: `[]` *(empty array)* +### virtualNetworkDnsServers + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +The custom DNS servers to use on the Virtual Network, e.g. `["10.4.1.4", "10.2.1.5"]`. If left empty (default) then Azure DNS will be used for the Virtual Network. + +- Type: `[]` Array +- Default value: `[]` *(empty array)* + + +### virtualNetworkDdosPlanId + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +The resource ID of an existing DDoS Network Protection Plan that you wish to link to this Virtual Network. + +**Example Expected Values:** +- `''` (empty string) +- DDoS Netowrk Protection Plan Resource ID: `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Network/ddosProtectionPlans/xxxxxxxxxx` + +- Type: String +- Default value: `''` *(empty string)* + + ### virtualNetworkPeeringEnabled ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -366,7 +392,7 @@ Each object must contain the following `keys`: Disable telemetry collection by this module. -For more information on the telemtery collected by this module, that is controlled by this parameter, see this page in the wiki: [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/bicep-lz-vending/wiki/Telemetry) +For more information on the telemetry collected by this module, that is controlled by this parameter, see this page in the wiki: [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/bicep-lz-vending/wiki/Telemetry) - Default value: `False` @@ -452,6 +478,15 @@ subscriptionResourceId | string | The Subscription Resource ID that has been cre "10.0.0.0/16" ] }, + "virtualNetworkDnsServers": { + "value": [ + "10.4.1.4", + "10.2.1.5" + ] + }, + "virtualNetworkDdosPlanId": { + "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Network/ddosProtectionPlans/xxxxxxxxxx" + }, "virtualNetworkPeeringEnabled": { "value": true }, diff --git a/src/self/subResourceWrapper/deploy.bicep b/src/self/subResourceWrapper/deploy.bicep index a81bb415..33230bfc 100644 --- a/src/self/subResourceWrapper/deploy.bicep +++ b/src/self/subResourceWrapper/deploy.bicep @@ -50,6 +50,12 @@ param virtualNetworkTags object = {} @sys.description('The address space of the virtual network, supplied as multiple CIDR blocks, e.g. `["10.0.0.0/16","172.16.0.0/12"]`') param virtualNetworkAddressSpace array = [] +@sys.description('The custom DNS servers to use on the virtual network, e.g. `["10.4.1.4", "10.2.1.5"]. If left empty (default) then Azure DNS will be used for the virtual network.`') +param virtualNetworkDnsServers array = [] + +@sys.description('The resoruce ID of an existing DDoS Network Protection Plan that you wish to link to this virtual network.') +param virtualNetworkDdosPlanId string = '' + @sys.description('Whether to enable peering/connection with the supplied hub virtual network or virtual hub.') param virtualNetworkPeeringEnabled bool = false @@ -161,6 +167,8 @@ module createLzVnet '../../carml/v0.6.0/Microsoft.Network/virtualNetworks/deploy tags: virtualNetworkTags location: virtualNetworkLocation addressPrefixes: virtualNetworkAddressSpace + dnsServers: virtualNetworkDnsServers + ddosProtectionPlanId: virtualNetworkDdosPlanId virtualNetworkPeerings: (virtualNetworkPeeringEnabled && !empty(hubVirtualNetworkResourceIdChecked)) ? [ { allowForwardedTraffic: true diff --git a/src/self/subResourceWrapper/readme.md b/src/self/subResourceWrapper/readme.md index 427e90fb..7c6c4faa 100644 --- a/src/self/subResourceWrapper/readme.md +++ b/src/self/subResourceWrapper/readme.md @@ -22,6 +22,8 @@ virtualNetworkLocation | No | The location of the virtual network. Use reg virtualNetworkName | No | The name of the virtual network. The string must consist of a-z, A-Z, 0-9, -, _, and . (period) and be between 2 and 64 characters in length. virtualNetworkTags | No | An object of tag key/value pairs to be set on the Virtual Network that is created. NOTE: Tags will be overwritten on resoruce if any exist already. virtualNetworkAddressSpace | No | The address space of the virtual network, supplied as multiple CIDR blocks, e.g. `["10.0.0.0/16","172.16.0.0/12"]` +virtualNetworkDnsServers | No | The custom DNS servers to use on the virtual network, e.g. `["10.4.1.4", "10.2.1.5"]. If left empty (default) then Azure DNS will be used for the virtual network.` +virtualNetworkDdosPlanId | No | The resoruce ID of an existing DDoS Network Protection Plan that you wish to link to this virtual network. virtualNetworkPeeringEnabled | No | Whether to enable peering/connection with the supplied hub virtual network or virtual hub. hubNetworkResourceId | No | The resource ID of the virtual network or virtual wan hub in the hub to which the created virtual network will be peered/connected to via vitrual network peering or a vitrual hub connection. virtualNetworkUseRemoteGateways | No | Enables the use of remote gateways in the spefcified hub virtual network. If no gateways exsit in the hub virtual network, set this to `false`, otherwise peering will fail to create. Set this to `false` for virtual wan hub connections. @@ -111,6 +113,18 @@ An object of tag key/value pairs to be set on the Virtual Network that is create The address space of the virtual network, supplied as multiple CIDR blocks, e.g. `["10.0.0.0/16","172.16.0.0/12"]` +### virtualNetworkDnsServers + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +The custom DNS servers to use on the virtual network, e.g. `["10.4.1.4", "10.2.1.5"]. If left empty (default) then Azure DNS will be used for the virtual network.` + +### virtualNetworkDdosPlanId + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +The resoruce ID of an existing DDoS Network Protection Plan that you wish to link to this virtual network. + ### virtualNetworkPeeringEnabled ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -213,6 +227,12 @@ Supply an array of objects containing the details of the role assignments to cre "virtualNetworkAddressSpace": { "value": [] }, + "virtualNetworkDnsServers": { + "value": [] + }, + "virtualNetworkDdosPlanId": { + "value": "" + }, "virtualNetworkPeeringEnabled": { "value": false },