Skip to content

Commit

Permalink
Merge branch 'policy-refresh-q2fy24' into https1423
Browse files Browse the repository at this point in the history
  • Loading branch information
@Springstone
Springstone authored Oct 23, 2023
2 parents d468a1a + df45741 commit 737ed73
Show file tree
Hide file tree
Showing 54 changed files with 1,093 additions and 123 deletions.
6 changes: 3 additions & 3 deletions docs/reference/adventureworks/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@ Please refer to the [Enterprise-Scale Landing Zones User Guide](https://github.c

If customer started with a Enterprise-Scale foundation deployment, and if the business requirements changes over time, such as migration of on-premise applications to Azure that requires hybrid connectivity, you will simply create the **Connectivity** Subscription, place it into the **Platform > Connectivity** Management Group and assign Azure Policy for the hub and spoke network topology.

## Pre-requisites
## Prerequisites

To deploy this ARM template, your user/service principal must have Owner permission at the Tenant root.
See the following [instructions](../../EnterpriseScale-Setup-azure.md) on how to grant access.
To deploy this ARM template, there are a number of prerequisites that must be met.
See [here](../../wiki/Deploying-ALZ-Pre-requisites.md) for more details.

### Optional prerequisites

Expand Down
6 changes: 3 additions & 3 deletions docs/reference/contoso/Readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,10 @@ Please refer to [Enterprise-Scale Landing Zones User Guide](https://github.com/A

If customer started with a Enterprise-Scale foundation deployment, and if the business requirements changes over time, such as migration of on-prem applications to Azure that requires hybrid connectivity, you will simply create the **Connectivity** Subscription and place it into the **Platform > Connectivity** Management Group and assign Azure Policy for the VWAN network topology.

## Pre-requisites
## Prerequisites

To deploy this ARM template, your user/service principal must have Owner permission at the Tenant root.
See the following [instructions](../../EnterpriseScale-Setup-azure.md) on how to grant access.
To deploy this ARM template, there are a number of prerequisites that must be met.
See [here](../../wiki/Deploying-ALZ-Pre-requisites.md) for more details.

### Optional prerequisites

Expand Down
5 changes: 3 additions & 2 deletions docs/reference/treyresearch/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,10 @@ Please refer to [Enterprise-Scale Landing Zones User Guide](https://github.com/A

If the business requirements change over time, the architecture allows for creating additional subscriptions and placing them into the suitable management group and assigning Azure policies. For more details, see the next steps section at the end of this document.

## Pre-requisites
## Prerequisites

To deploy this ARM template, your user/service principal must have Owner permission at the Microsoft Entra Tenant root. See the following [instructions](https://learn.microsoft.com/azure/role-based-access-control/elevate-access-global-admin) on how to grant access before you proceed.
To deploy this ARM template, there are a number of prerequisites that must be met.
See [here](../../wiki/Deploying-ALZ-Pre-requisites.md) for more details.

## Optional pre-requisites

Expand Down
86 changes: 85 additions & 1 deletion docs/reference/treyresearch/armTemplates/auxiliary/hubspoke-connectivity.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,10 @@
"type": "string",
"defaultValue": ""
},
"enableVpnActiveActive": {
"type": "string",
"defaultValue": ""
},
"gwAzSku": {
"type": "string",
"defaultValue": ""
Expand Down Expand Up @@ -147,10 +151,12 @@
"azFwPolicyName": "[concat(parameters('topLevelManagementGroupPrefix'), '-azfwpolicy-', parameters('location'))]",
"hubName": "[concat(parameters('topLevelManagementGroupPrefix'), '-hub-', parameters('location'))]",
"azVpnGwIpName": "[concat(variables('vpngwname'), '-pip')]",
"azVpnGwAAIpName": "[concat(variables('vpngwname'), '-pip-002')]",
"azVpnGwSubnetId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'),'/providers/Microsoft.Network/virtualNetworks/', variables('hubname'), '/subnets/GatewaySubnet')]",
"azFwName": "[concat(parameters('topLevelManagementGroupPrefix'), '-fw-', parameters('location'))]",
"azErGwIpName": "[concat(variables('erGwName'), '-pip')]",
"azVpnGwPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azVpnGwIpName'))]",
"azVpnGwAAPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azVpnGwAAIpName'))]",
"azFwIpName": "[concat(variables('azFwName'), '-pip')]",
"azErGwSubnetId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'),'/providers/Microsoft.Network/virtualNetworks/', variables('hubname'), '/subnets/GatewaySubnet')]",
"azErGwPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azErGwIpName'))]",
Expand Down Expand Up @@ -347,7 +353,20 @@
}
},
{
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
"type": "Microsoft.Network/publicIpAddresses",
"location": "[parameters('location')]",
"name": "[variables('azVpnGwAAIpName')]",
"sku": {
"name": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), 'Standard', 'Basic')]"
},
"properties": {
"publicIPAllocationMethod": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), 'Static', 'Dynamic')]"
}
},
{
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'No'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
"name": "[variables('vpngwname')]",
"type": "Microsoft.Network/virtualNetworkGateways",
Expand All @@ -357,6 +376,7 @@
"[concat('Microsoft.Network/virtualNetworks/', variables('hubName'))]"
],
"properties": {
"activeActive": false,
"gatewayType": "Vpn",
"vpnGatewayGeneration": "Generation2",
"vpnType": "[parameters('vpnGwType')]",
Expand Down Expand Up @@ -396,6 +416,70 @@
}
}
},
{
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
"name": "[variables('vpngwname')]",
"type": "Microsoft.Network/virtualNetworkGateways",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('azVpnGwIpName'))]",
"[concat('Microsoft.Network/publicIPAddresses/', variables('azVpnGwAAIpName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('hubName'))]"
],
"properties": {
"activeActive": true,
"gatewayType": "Vpn",
"vpnGatewayGeneration": "Generation2",
"vpnType": "[parameters('vpnGwType')]",
"ipConfigurations": [
{
"name": "default",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('azVpnGwSubnetId')]"
},
"publicIpAddress": {
"id": "[variables('azVpnGwPipId')]"
}
}
},
{
"name": "activeactive",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('azVpnGwSubnetId')]"
},
"publicIpAddress": {
"id": "[variables('azVpnGwAAPipId')]"
}
}
}
],
"sku": {
"name": "[if(
and(
or(
empty(parameters('gwRegionalSku')),
empty(parameters('gwAzSku'))),
not(
empty(parameters('gwRegionalSku')))),
parameters('gwRegionalSku'),
parameters('gwAzSku'))]",
"tier": "[if(
and(
or(
empty(parameters('gwRegionalSku')),
empty(parameters('gwAzSku'))),
not(
empty(parameters('gwRegionalSku')))),
parameters('gwRegionalSku'),
parameters('gwAzSku'))]"
}
}
},
{
"condition": "[and(equals(parameters('enableErGw'), 'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
Expand Down
11 changes: 11 additions & 0 deletions docs/reference/treyresearch/armTemplates/es-lite.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -350,6 +350,14 @@
"type": "string",
"defaultValue": ""
},
"enableVpnActiveActive": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
]
},
"gwAzSku": {
"type": "string",
"defaultValue": ""
Expand Down Expand Up @@ -825,6 +833,9 @@
"gwRegionalOrAz": {
"value": "[parameters('gwRegionalOrAz')]"
},
"enableVpnActiveActive": {
"value": "[parameters('enableVpnActiveActive')]"
},
"gwAzSku": {
"value": "[parameters('gwAzSku')]"
},
Expand Down
Loading

0 comments on commit 737ed73

Please sign in to comment.