From 2f8b02d03815561f9922606c363237122c89a4cd Mon Sep 17 00:00:00 2001 From: Federico Arambarri Date: Fri, 20 Oct 2023 15:20:49 -0300 Subject: [PATCH 1/2] azure-hub-spoke update --- solutions/azure-hub-spoke/azuredeploy.json | 50 +++++++++++----------- solutions/azure-hub-spoke/bicep/main.bicep | 50 +++++++++++----------- 2 files changed, 50 insertions(+), 50 deletions(-) diff --git a/solutions/azure-hub-spoke/azuredeploy.json b/solutions/azure-hub-spoke/azuredeploy.json index 95a23a83..0b71f845 100644 --- a/solutions/azure-hub-spoke/azuredeploy.json +++ b/solutions/azure-hub-spoke/azuredeploy.json @@ -55,7 +55,7 @@ "resources": [ { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('vnet-{0}-hub', parameters('location')), format('to_{0}', format('vnet-{0}-spoke-one', parameters('location'))))]", "properties": { "allowForwardedTraffic": false, @@ -74,7 +74,7 @@ }, { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('vnet-{0}-hub', parameters('location')), format('to_{0}', format('vnet-{0}-spoke-two', parameters('location'))))]", "properties": { "allowForwardedTraffic": false, @@ -93,7 +93,7 @@ }, { "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('fw-policies-{0}', parameters('location')), 'DefaultNetworkRuleCollectionGroup')]", "properties": { "priority": 200, @@ -136,7 +136,7 @@ }, { "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('fw-policies-{0}', parameters('location')), 'DefaultApplicationRuleCollectionGroup')]", "properties": { "priority": 300, @@ -159,7 +159,7 @@ }, { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('vnet-{0}-spoke-one', parameters('location')), format('to_{0}', format('vnet-{0}-hub', parameters('location'))))]", "properties": { "allowForwardedTraffic": false, @@ -177,7 +177,7 @@ }, { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('vnet-{0}-spoke-two', parameters('location')), format('to_{0}', format('vnet-{0}-hub', parameters('location'))))]", "properties": { "allowForwardedTraffic": false, @@ -195,7 +195,7 @@ }, { "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2021-06-01", + "apiVersion": "2022-10-01", "name": "[format('la-hub-{0}-{1}', parameters('location'), variables('suffix'))]", "location": "[parameters('location')]", "properties": { @@ -244,7 +244,7 @@ }, { "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('nsg-{0}-bastion', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -436,7 +436,7 @@ }, { "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('vnet-{0}-hub', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -501,7 +501,7 @@ "count": "[length(range(0, variables('numFirewallIpAddressesToAssign')))]" }, "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('pip-fw-{0}-{1}', parameters('location'), padLeft(range(0, variables('numFirewallIpAddressesToAssign'))[copyIndex()], 2, '0'))]", "location": "[parameters('location')]", "sku": { @@ -549,7 +549,7 @@ }, { "type": "Microsoft.Network/firewallPolicies", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('fw-policies-{0}', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -585,7 +585,7 @@ }, { "type": "Microsoft.Network/azureFirewalls", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('fw-{0}', parameters('location'))]", "location": "[parameters('location')]", "zones": [ @@ -655,7 +655,7 @@ }, { "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('pip-ab-{0}', parameters('location'))]", "location": "[parameters('location')]", "sku": { @@ -702,7 +702,7 @@ }, { "type": "Microsoft.Network/bastionHosts", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('ab-{0}-{1}', parameters('location'), variables('suffix'))]", "location": "[parameters('location')]", "sku": { @@ -760,7 +760,7 @@ { "condition": "[parameters('deployVpnGateway')]", "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('pip-vgw-{0}', parameters('location'))]", "location": "[parameters('location')]", "sku": { @@ -809,7 +809,7 @@ { "condition": "[parameters('deployVpnGateway')]", "type": "Microsoft.Network/virtualNetworkGateways", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('vgw-{0}-hub', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -871,7 +871,7 @@ }, { "type": "Microsoft.Network/routeTables", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('route-to-{0}-hub-fw', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -895,7 +895,7 @@ }, { "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "nsg-spoke-resources", "location": "[parameters('location')]", "properties": { @@ -973,7 +973,7 @@ }, { "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "nsg-spoke-privatelinkendpoints", "location": "[parameters('location')]", "properties": { @@ -1044,7 +1044,7 @@ }, { "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('vnet-{0}-spoke-one', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -1112,7 +1112,7 @@ { "condition": "[parameters('deployVirtualMachines')]", "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('nic-vm-{0}-spoke-one-linux', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -1159,7 +1159,7 @@ { "condition": "[parameters('deployVirtualMachines')]", "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-03-01", + "apiVersion": "2023-03-01", "name": "[format('vm-{0}-spoke-one-linux', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -1227,7 +1227,7 @@ }, { "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('vnet-{0}-spoke-two', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -1295,7 +1295,7 @@ { "condition": "[parameters('deployVirtualMachines')]", "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('nic-vm-{0}-spoke-two-windows', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -1342,7 +1342,7 @@ { "condition": "[parameters('deployVirtualMachines')]", "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-03-01", + "apiVersion": "2023-03-01", "name": "[format('vm-{0}-spoke-two-windows', parameters('location'))]", "location": "[parameters('location')]", "properties": { diff --git a/solutions/azure-hub-spoke/bicep/main.bicep b/solutions/azure-hub-spoke/bicep/main.bicep index 4a89a63b..c369aee8 100644 --- a/solutions/azure-hub-spoke/bicep/main.bicep +++ b/solutions/azure-hub-spoke/bicep/main.bicep @@ -57,7 +57,7 @@ var suffix = uniqueString(subscription().subscriptionId, resourceGroup().id) /*** RESOURCES (HUB) ***/ @description('This Log Analyics Workspace stores logs from the regional hub network, its spokes, and other related resources. Workspaces are regional resource, as such there would be one workspace per hub (region)') -resource laHub 'Microsoft.OperationalInsights/workspaces@2021-06-01' = { +resource laHub 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { name: 'la-hub-${location}-${suffix}' location: location properties: { @@ -99,7 +99,7 @@ resource laHub_diagnosticsSettings 'Microsoft.Insights/diagnosticSettings@2021-0 } @description('The NSG around the Azure Bastion subnet. Source: https://learn.microsoft.com/azure/bastion/bastion-nsg') -resource nsgBastionSubnet 'Microsoft.Network/networkSecurityGroups@2022-01-01' = { +resource nsgBastionSubnet 'Microsoft.Network/networkSecurityGroups@2023-04-01' = { name: 'nsg-${location}-bastion' location: location properties: { @@ -283,7 +283,7 @@ resource nsgBastionSubnet_diagnosticSettings 'Microsoft.Insights/diagnosticSetti } @description('The regional hub network.') -resource vnetHub 'Microsoft.Network/virtualNetworks@2022-01-01' = { +resource vnetHub 'Microsoft.Network/virtualNetworks@2023-04-01' = { name: 'vnet-${location}-hub' location: location properties: { @@ -333,7 +333,7 @@ resource vnetHub 'Microsoft.Network/virtualNetworks@2022-01-01' = { // be handled via Azure Policy or Portal. How virtual networks are peered might // vary from organization to organization. This example simply does it in the most // direct way to simplify ease of deployment. - resource peerToSpokeOne 'virtualNetworkPeerings@2022-01-01' = { + resource peerToSpokeOne 'virtualNetworkPeerings@2023-04-01' = { name: 'to_${vnetSpokeOne.name}' dependsOn: [ vnetSpokeOne::peerToHub // This artificially waits until the spoke peers with the hub first to control order of operations. @@ -350,7 +350,7 @@ resource vnetHub 'Microsoft.Network/virtualNetworks@2022-01-01' = { } // Connect regional hub back to spoke one (created later below). - resource peerToSpokeTwo 'virtualNetworkPeerings@2022-01-01' = { + resource peerToSpokeTwo 'virtualNetworkPeerings@2023-04-01' = { name: 'to_${vnetSpokeTwo.name}' dependsOn: [ vnetSpokeTwo::peerToHub // This artificially waits until the spoke peers with the hub first to control order of operations. @@ -383,7 +383,7 @@ resource vnetHub_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021- // Allocate three IP addresses to the firewall var numFirewallIpAddressesToAssign = 3 -resource pipsAzureFirewall 'Microsoft.Network/publicIPAddresses@2022-01-01' = [for i in range(0, numFirewallIpAddressesToAssign): { +resource pipsAzureFirewall 'Microsoft.Network/publicIPAddresses@2023-04-01' = [for i in range(0, numFirewallIpAddressesToAssign): { name: 'pip-fw-${location}-${padLeft(i, 2, '0')}' location: location sku: { @@ -422,7 +422,7 @@ resource pipsAzureFirewall_diagnosticSetting 'Microsoft.Insights/diagnosticSetti }] @description('Azure Firewall Policy') -resource fwPolicy 'Microsoft.Network/firewallPolicies@2022-01-01' = { +resource fwPolicy 'Microsoft.Network/firewallPolicies@2023-04-01' = { name: 'fw-policies-${location}' location: location properties: { @@ -453,7 +453,7 @@ resource fwPolicy 'Microsoft.Network/firewallPolicies@2022-01-01' = { // This network hub starts out with only supporting external DNS queries. This is only being done for // simplicity in this deployment and is not guidance, please ensure all firewall rules are aligned with // your security standards. - resource defaultNetworkRuleCollectionGroup 'ruleCollectionGroups@2022-01-01' = { + resource defaultNetworkRuleCollectionGroup 'ruleCollectionGroups@2023-04-01' = { name: 'DefaultNetworkRuleCollectionGroup' properties: { priority: 200 @@ -493,7 +493,7 @@ resource fwPolicy 'Microsoft.Network/firewallPolicies@2022-01-01' = { } // Network hub starts out with no allowances for appliction rules - resource defaultApplicationRuleCollectionGroup 'ruleCollectionGroups@2022-01-01' = { + resource defaultApplicationRuleCollectionGroup 'ruleCollectionGroups@2023-04-01' = { name: 'DefaultApplicationRuleCollectionGroup' dependsOn: [ defaultNetworkRuleCollectionGroup @@ -535,7 +535,7 @@ resource fwPolicy 'Microsoft.Network/firewallPolicies@2022-01-01' = { } @description('This is the regional Azure Firewall that all regional spoke networks can egress through.') -resource fwHub 'Microsoft.Network/azureFirewalls@2022-01-01' = { +resource fwHub 'Microsoft.Network/azureFirewalls@2023-04-01' = { name: 'fw-${location}' location: location zones: [ @@ -592,7 +592,7 @@ resource fwHub_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05 } @description('The public IP for the regional hub\'s Azure Bastion service.') -resource pipAzureBastion 'Microsoft.Network/publicIPAddresses@2022-01-01' = { +resource pipAzureBastion 'Microsoft.Network/publicIPAddresses@2023-04-01' = { name: 'pip-ab-${location}' location: location sku: { @@ -631,7 +631,7 @@ resource pipAzureBastion_diagnosticSetting 'Microsoft.Insights/diagnosticSetting } @description('This regional hub\'s Azure Bastion service. NSGs are configured to allow Bastion to reach any resource subnet in peered spokes.') -resource azureBastion 'Microsoft.Network/bastionHosts@2022-01-01' = { +resource azureBastion 'Microsoft.Network/bastionHosts@2023-04-01' = { name: 'ab-${location}-${suffix}' location: location sku: { @@ -676,7 +676,7 @@ resource azureBastion_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@ } @description('The public IPs for the regional VPN gateway. Only deployed if requested.') -resource pipVpnGateway 'Microsoft.Network/publicIPAddresses@2022-01-01' = if (deployVpnGateway) { +resource pipVpnGateway 'Microsoft.Network/publicIPAddresses@2023-04-01' = if (deployVpnGateway) { name: 'pip-vgw-${location}' location: location sku: { @@ -715,7 +715,7 @@ resource pipVpnGateway_diagnosticSetting 'Microsoft.Insights/diagnosticSettings@ } @description('The is the regional VPN gateway, configured with basic settings. Only deployed if requested.') -resource vgwHub 'Microsoft.Network/virtualNetworkGateways@2022-01-01' = if (deployVpnGateway) { +resource vgwHub 'Microsoft.Network/virtualNetworkGateways@2023-04-01' = if (deployVpnGateway) { name: 'vgw-${location}-hub' location: location properties: { @@ -766,7 +766,7 @@ resource vgwHub_diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05 /*** RESOURCES (ALL SPOKES) ***/ @description('Next hop to the regional hub\'s Azure Firewall') -resource routeNextHopToFirewall 'Microsoft.Network/routeTables@2022-01-01' = { +resource routeNextHopToFirewall 'Microsoft.Network/routeTables@2023-04-01' = { name: 'route-to-${location}-hub-fw' location: location properties: { @@ -784,7 +784,7 @@ resource routeNextHopToFirewall 'Microsoft.Network/routeTables@2022-01-01' = { } @description('NSG on the resource subnet (just using a common one for all as an example, but usually would be based on the specific needs of the spoke).') -resource nsgResourcesSubnet 'Microsoft.Network/networkSecurityGroups@2022-01-01' = { +resource nsgResourcesSubnet 'Microsoft.Network/networkSecurityGroups@2023-04-01' = { name: 'nsg-spoke-resources' location: location properties: { @@ -852,7 +852,7 @@ resource nsgResourcesSubnet_diagnosticsSettings 'Microsoft.Insights/diagnosticSe } @description('NSG on the Private Link subnet (just using a common one for all as an example, but usually would be based on the specific needs of the spoke).') -resource nsgPrivateLinkEndpointsSubnet 'Microsoft.Network/networkSecurityGroups@2022-01-01' = { +resource nsgPrivateLinkEndpointsSubnet 'Microsoft.Network/networkSecurityGroups@2023-04-01' = { name: 'nsg-spoke-privatelinkendpoints' location: location properties: { @@ -916,7 +916,7 @@ resource nsgPrivateLinkEndpointsSubnet_diagnosticsSettings 'Microsoft.Insights/d /*** RESOURCES (SPOKE ONE) ***/ -resource vnetSpokeOne 'Microsoft.Network/virtualNetworks@2022-01-01' = { +resource vnetSpokeOne 'Microsoft.Network/virtualNetworks@2023-04-01' = { name: 'vnet-${location}-spoke-one' location: location properties: { @@ -962,7 +962,7 @@ resource vnetSpokeOne 'Microsoft.Network/virtualNetworks@2022-01-01' = { } // Peer to regional hub (hub to spoke peering is in the hub resource) - resource peerToHub 'virtualNetworkPeerings@2022-01-01' = { + resource peerToHub 'virtualNetworkPeerings@2023-04-01' = { name: 'to_${vnetHub.name}' properties: { allowForwardedTraffic: false @@ -991,7 +991,7 @@ resource vnetSpokeOne_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@ } @description('The private Network Interface Card for the linux VM in spoke one.') -resource nicVmSpokeOneLinux 'Microsoft.Network/networkInterfaces@2022-01-01' = if (deployVirtualMachines) { +resource nicVmSpokeOneLinux 'Microsoft.Network/networkInterfaces@2023-04-01' = if (deployVirtualMachines) { name: 'nic-vm-${location}-spoke-one-linux' location: location properties: { @@ -1025,7 +1025,7 @@ resource nicVmSpokeOneLinux_diagnosticSettings 'Microsoft.Insights/diagnosticSet } @description('A basic Linux virtual machine that will be attached to spoke one.') -resource vmSpokeOneLinux 'Microsoft.Compute/virtualMachines@2022-03-01' = if (deployVirtualMachines) { +resource vmSpokeOneLinux 'Microsoft.Compute/virtualMachines@2023-03-01' = if (deployVirtualMachines) { name: 'vm-${location}-spoke-one-linux' location: location properties: { @@ -1088,7 +1088,7 @@ resource vmSpokeOneLinux 'Microsoft.Compute/virtualMachines@2022-03-01' = if (de /*** RESOURCES (SPOKE TWO) ***/ -resource vnetSpokeTwo 'Microsoft.Network/virtualNetworks@2022-01-01' = { +resource vnetSpokeTwo 'Microsoft.Network/virtualNetworks@2023-04-01' = { name: 'vnet-${location}-spoke-two' location: location properties: { @@ -1134,7 +1134,7 @@ resource vnetSpokeTwo 'Microsoft.Network/virtualNetworks@2022-01-01' = { } // Peer to regional hub (hub to spoke peering is in the hub resource) - resource peerToHub 'virtualNetworkPeerings@2022-01-01' = { + resource peerToHub 'virtualNetworkPeerings@2023-04-01' = { name: 'to_${vnetHub.name}' properties: { allowForwardedTraffic: false @@ -1163,7 +1163,7 @@ resource vnetSpokeTwo_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@ } @description('The private Network Interface Card for the Windows VM in spoke two.') -resource nicVmSpokeTwoLinux 'Microsoft.Network/networkInterfaces@2022-01-01' = if (deployVirtualMachines) { +resource nicVmSpokeTwoLinux 'Microsoft.Network/networkInterfaces@2023-04-01' = if (deployVirtualMachines) { name: 'nic-vm-${location}-spoke-two-windows' location: location properties: { @@ -1197,7 +1197,7 @@ resource nicVmSpokeTwoLinux_diagnosticSettings 'Microsoft.Insights/diagnosticSet } @description('A basic Windows virtual machine that will be attached to spoke two.') -resource vmSpokeTwoWindows 'Microsoft.Compute/virtualMachines@2022-03-01' = if (deployVirtualMachines) { +resource vmSpokeTwoWindows 'Microsoft.Compute/virtualMachines@2023-03-01' = if (deployVirtualMachines) { name: 'vm-${location}-spoke-two-windows' location: location properties: { From a8f3da60ba85b68788f49e8bd1491744fc76d26c Mon Sep 17 00:00:00 2001 From: Federico Arambarri Date: Fri, 20 Oct 2023 17:19:17 -0300 Subject: [PATCH 2/2] azure-hub-spoke-connected-group --- .../azuredeploy.json | 84 +++++++++---------- .../bicep/main.bicep | 6 +- .../bicep/modules/avnm.bicep | 28 +++---- .../bicep/modules/hub.bicep | 24 +++--- .../bicep/modules/spoke.bicep | 8 +- 5 files changed, 75 insertions(+), 75 deletions(-) diff --git a/solutions/azure-hub-spoke-connected-group/azuredeploy.json b/solutions/azure-hub-spoke-connected-group/azuredeploy.json index 5c7288d7..f4cc1c13 100644 --- a/solutions/azure-hub-spoke-connected-group/azuredeploy.json +++ b/solutions/azure-hub-spoke-connected-group/azuredeploy.json @@ -65,7 +65,7 @@ "resources": [ { "type": "Microsoft.Network/routeTables", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('route-to-{0}-hub-fw', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -89,7 +89,7 @@ }, { "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('nsg-{0}-spoke-resources', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -161,7 +161,7 @@ }, { "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('nsg-{0}-spoke-privatelinkendpoint', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -264,7 +264,7 @@ "resources": [ { "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('fw-policies-{0}', parameters('location')), 'DefaultNetworkRuleCollectionGroup')]", "properties": { "priority": 200, @@ -307,7 +307,7 @@ }, { "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('fw-policies-{0}', parameters('location')), 'DefaultApplicationRuleCollectionGroup')]", "properties": { "priority": 300, @@ -330,7 +330,7 @@ }, { "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2021-06-01", + "apiVersion": "2022-10-01", "name": "[format('la-hub-{0}', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -379,7 +379,7 @@ }, { "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('nsg-{0}-bastion', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -571,7 +571,7 @@ }, { "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('vnet-{0}-hub', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -636,7 +636,7 @@ "count": "[length(range(0, variables('numFirewallIpAddressesToAssign')))]" }, "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('pip-fw-{0}-{1}', parameters('location'), padLeft(range(0, variables('numFirewallIpAddressesToAssign'))[copyIndex()], 2, '0'))]", "location": "[parameters('location')]", "sku": { @@ -684,7 +684,7 @@ }, { "type": "Microsoft.Network/firewallPolicies", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('fw-policies-{0}', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -711,7 +711,7 @@ }, { "type": "Microsoft.Network/azureFirewalls", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('fw-{0}', parameters('location'))]", "location": "[parameters('location')]", "zones": [ @@ -782,7 +782,7 @@ { "condition": "[parameters('deployAzureBastion')]", "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('pip-ab-{0}', parameters('location'))]", "location": "[parameters('location')]", "sku": { @@ -831,7 +831,7 @@ { "condition": "[parameters('deployAzureBastion')]", "type": "Microsoft.Network/bastionHosts", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('ab-{0}', parameters('location'))]", "location": "[parameters('location')]", "sku": { @@ -884,7 +884,7 @@ { "condition": "[parameters('deployVpnGateway')]", "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('pip-vgw-{0}', parameters('location'))]", "location": "[parameters('location')]", "sku": { @@ -933,7 +933,7 @@ { "condition": "[parameters('deployVpnGateway')]", "type": "Microsoft.Network/virtualNetworkGateways", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('vgw-{0}-hub', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -1101,7 +1101,7 @@ "resources": [ { "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('vnet-{0}-spoke-{1}', parameters('location'), parameters('spokeName'))]", "location": "[parameters('location')]", "properties": { @@ -1163,7 +1163,7 @@ { "condition": "[parameters('deployVirtualMachines')]", "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('nic-vm-{0}-{1}-ubuntu', parameters('location'), parameters('spokeName'))]", "location": "[parameters('location')]", "properties": { @@ -1209,7 +1209,7 @@ { "condition": "[parameters('deployVirtualMachines')]", "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-03-01", + "apiVersion": "2023-03-01", "name": "[format('vm-{0}-spoke-{1}-ubuntu', parameters('location'), parameters('spokeName'))]", "location": "[parameters('location')]", "properties": { @@ -1370,7 +1370,7 @@ "resources": [ { "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('vnet-{0}-spoke-{1}', parameters('location'), parameters('spokeName'))]", "location": "[parameters('location')]", "properties": { @@ -1432,7 +1432,7 @@ { "condition": "[parameters('deployVirtualMachines')]", "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('nic-vm-{0}-{1}-ubuntu', parameters('location'), parameters('spokeName'))]", "location": "[parameters('location')]", "properties": { @@ -1478,7 +1478,7 @@ { "condition": "[parameters('deployVirtualMachines')]", "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-03-01", + "apiVersion": "2023-03-01", "name": "[format('vm-{0}-spoke-{1}-ubuntu', parameters('location'), parameters('spokeName'))]", "location": "[parameters('location')]", "properties": { @@ -1639,7 +1639,7 @@ "resources": [ { "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('vnet-{0}-spoke-{1}', parameters('location'), parameters('spokeName'))]", "location": "[parameters('location')]", "properties": { @@ -1701,7 +1701,7 @@ { "condition": "[parameters('deployVirtualMachines')]", "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('nic-vm-{0}-{1}-ubuntu', parameters('location'), parameters('spokeName'))]", "location": "[parameters('location')]", "properties": { @@ -1747,7 +1747,7 @@ { "condition": "[parameters('deployVirtualMachines')]", "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-03-01", + "apiVersion": "2023-03-01", "name": "[format('vm-{0}-spoke-{1}-ubuntu', parameters('location'), parameters('spokeName'))]", "location": "[parameters('location')]", "properties": { @@ -1908,7 +1908,7 @@ "resources": [ { "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('vnet-{0}-spoke-{1}', parameters('location'), parameters('spokeName'))]", "location": "[parameters('location')]", "properties": { @@ -1970,7 +1970,7 @@ { "condition": "[parameters('deployVirtualMachines')]", "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2022-01-01", + "apiVersion": "2023-04-01", "name": "[format('nic-vm-{0}-{1}-ubuntu', parameters('location'), parameters('spokeName'))]", "location": "[parameters('location')]", "properties": { @@ -2016,7 +2016,7 @@ { "condition": "[parameters('deployVirtualMachines')]", "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-03-01", + "apiVersion": "2023-03-01", "name": "[format('vm-{0}-spoke-{1}-ubuntu', parameters('location'), parameters('spokeName'))]", "location": "[parameters('location')]", "properties": { @@ -2258,7 +2258,7 @@ }, { "type": "Microsoft.Network/networkManagers", - "apiVersion": "2022-05-01", + "apiVersion": "2023-04-01", "name": "[format('avnm-{0}', parameters('location'))]", "location": "[parameters('location')]", "properties": { @@ -2279,7 +2279,7 @@ }, { "type": "Microsoft.Network/networkManagers/networkGroups", - "apiVersion": "2022-05-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('avnm-{0}', parameters('location')), format('ng-{0}-spokes-prod', parameters('location')))]", "properties": { "description": "Prod Spoke VNETs Network Group" @@ -2293,7 +2293,7 @@ }, { "type": "Microsoft.Network/networkManagers/networkGroups", - "apiVersion": "2022-05-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('avnm-{0}', parameters('location')), format('ng-{0}-spokes-nonprod', parameters('location')))]", "properties": { "description": "Non-prod Spoke VNETs Network Group" @@ -2307,7 +2307,7 @@ }, { "type": "Microsoft.Network/networkManagers/networkGroups", - "apiVersion": "2022-05-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('avnm-{0}', parameters('location')), format('ng-{0}-all', parameters('location')))]", "properties": { "description": "All VNETs Network Group (for Security Configurations)" @@ -2321,7 +2321,7 @@ }, { "type": "Microsoft.Network/networkManagers/connectivityConfigurations", - "apiVersion": "2022-05-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('avnm-{0}', parameters('location')), format('cc-{0}-spokesnonprod', parameters('location')))]", "properties": { "description": "Non-prod poke-to-spoke connectivity configuration", @@ -2356,7 +2356,7 @@ }, { "type": "Microsoft.Network/networkManagers/connectivityConfigurations", - "apiVersion": "2022-05-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('avnm-{0}', parameters('location')), format('cc-{0}-spokesprod', parameters('location')))]", "properties": { "description": "Prod spoke-to-spoke connectivity configuration (through hub)", @@ -2391,7 +2391,7 @@ }, { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2022-01-31-preview", + "apiVersion": "2023-01-31", "name": "[format('uai-{0}', parameters('location'))]", "location": "[parameters('location')]", "metadata": { @@ -2400,7 +2400,7 @@ }, { "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2020-04-01-preview", + "apiVersion": "2022-04-01", "name": "[guid(resourceGroup().id, format('uai-{0}', parameters('location')))]", "properties": { "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", @@ -2416,7 +2416,7 @@ }, { "type": "Microsoft.Network/networkManagers/securityAdminConfigurations", - "apiVersion": "2022-05-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', format('avnm-{0}', parameters('location')), format('sg-{0}', parameters('location')))]", "properties": { "applyOnNetworkIntentPolicyBasedServices": [ @@ -2433,7 +2433,7 @@ }, { "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections", - "apiVersion": "2022-05-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}/{2}', format('avnm-{0}', parameters('location')), format('sg-{0}', parameters('location')), format('rc-{0}', parameters('location')))]", "properties": { "appliesToGroups": [ @@ -2453,7 +2453,7 @@ { "condition": "[parameters('deployDefaultDenySecurityAdminRules')]", "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules", - "apiVersion": "2022-05-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}/{2}/{3}', format('avnm-{0}', parameters('location')), format('sg-{0}', parameters('location')), format('rc-{0}', parameters('location')), format('r-tcp-{0}', parameters('location')))]", "kind": "Custom", "properties": { @@ -2503,7 +2503,7 @@ }, { "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules", - "apiVersion": "2022-05-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}/{2}/{3}', format('avnm-{0}', parameters('location')), format('sg-{0}', parameters('location')), format('rc-{0}', parameters('location')), format('r-tcp-udp-{0}', parameters('location')))]", "kind": "Custom", "properties": { @@ -2544,7 +2544,7 @@ }, { "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules", - "apiVersion": "2022-05-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}/{2}/{3}', format('avnm-{0}', parameters('location')), format('sg-{0}', parameters('location')), format('rc-{0}', parameters('location')), format('r-udp-{0}', parameters('location')))]", "kind": "Custom", "properties": { @@ -2582,7 +2582,7 @@ }, { "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules", - "apiVersion": "2022-05-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}/{2}/{3}', format('avnm-{0}', parameters('location')), format('sg-{0}', parameters('location')), format('rc-{0}', parameters('location')), format('r-alwaysallow-{0}', parameters('location')))]", "kind": "Custom", "properties": { @@ -2619,7 +2619,7 @@ }, { "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules", - "apiVersion": "2022-05-01", + "apiVersion": "2023-04-01", "name": "[format('{0}/{1}/{2}/{3}', format('avnm-{0}', parameters('location')), format('sg-{0}', parameters('location')), format('rc-{0}', parameters('location')), format('r-allowsql-{0}', parameters('location')))]", "kind": "Custom", "properties": { diff --git a/solutions/azure-hub-spoke-connected-group/bicep/main.bicep b/solutions/azure-hub-spoke-connected-group/bicep/main.bicep index acab531a..0baea88d 100644 --- a/solutions/azure-hub-spoke-connected-group/bicep/main.bicep +++ b/solutions/azure-hub-spoke-connected-group/bicep/main.bicep @@ -71,7 +71,7 @@ module hub 'modules/hub.bicep' = { /*** RESOURCES (ALL SPOKES) ***/ @description('Next hop to the regional hub\'s Azure Firewall') -resource routeNextHopToFirewall 'Microsoft.Network/routeTables@2022-01-01' = { +resource routeNextHopToFirewall 'Microsoft.Network/routeTables@2023-04-01' = { name: 'route-to-${location}-hub-fw' location: location properties: { @@ -89,7 +89,7 @@ resource routeNextHopToFirewall 'Microsoft.Network/routeTables@2022-01-01' = { } @description('NSG on the resource subnet (just using a common one for all as an example, but usually would be based on the specific needs of the spoke).') -resource nsgResourcesSubnet 'Microsoft.Network/networkSecurityGroups@2022-01-01' = { +resource nsgResourcesSubnet 'Microsoft.Network/networkSecurityGroups@2023-04-01' = { name: 'nsg-${location}-spoke-resources' location: location properties: { @@ -156,7 +156,7 @@ resource nsgResourcesSubnet 'Microsoft.Network/networkSecurityGroups@2022-01-01' } @description('NSG on the Private Link subnet (just using a common one for all as an example, but usually would be based on the specific needs of the spoke).') -resource nsgPrivateLinkEndpointsSubnet 'Microsoft.Network/networkSecurityGroups@2022-01-01' = { +resource nsgPrivateLinkEndpointsSubnet 'Microsoft.Network/networkSecurityGroups@2023-04-01' = { name: 'nsg-${location}-spoke-privatelinkendpoint' location: location properties: { diff --git a/solutions/azure-hub-spoke-connected-group/bicep/modules/avnm.bicep b/solutions/azure-hub-spoke-connected-group/bicep/modules/avnm.bicep index e3c27cdc..7c1cdbf9 100644 --- a/solutions/azure-hub-spoke-connected-group/bicep/modules/avnm.bicep +++ b/solutions/azure-hub-spoke-connected-group/bicep/modules/avnm.bicep @@ -27,7 +27,7 @@ resource networkManager 'Microsoft.Network/networkManagers@2022-05-01' = { // for production deployments, consider using Azure Policy to dynamically bring VNETs under // AVNM management. see https://learn.microsoft.com/azure/virtual-network-manager/concept-azure-policy-integration @description('This is the static network group for the production spoke VNETs.') - resource networkGroupProd 'Microsoft.Network/networkManagers/networkGroups@2022-05-01' = { + resource networkGroupProd 'Microsoft.Network/networkManagers/networkGroups@2023-04-01' = { name: 'ng-${location}-spokes-prod' parent: networkManager properties: { @@ -47,7 +47,7 @@ resource networkManager 'Microsoft.Network/networkManagers@2022-05-01' = { } } @description('This is the static network group for the non-production spoke VNETs.') - resource networkGroupNonProd 'Microsoft.Network/networkManagers/networkGroups@2022-05-01' = { + resource networkGroupNonProd 'Microsoft.Network/networkManagers/networkGroups@2023-04-01' = { name: 'ng-${location}-spokes-nonprod' parent: networkManager properties: { @@ -67,7 +67,7 @@ resource networkManager 'Microsoft.Network/networkManagers@2022-05-01' = { } } @description('This is the static network group for all VNETs.') - resource networkGroupAll 'Microsoft.Network/networkManagers/networkGroups@2022-05-01' = { + resource networkGroupAll 'Microsoft.Network/networkManagers/networkGroups@2023-04-01' = { name: 'ng-${location}-all' parent: networkManager properties: { @@ -106,7 +106,7 @@ resource networkManager 'Microsoft.Network/networkManagers@2022-05-01' = { } @description('This connectivity configuration defines the connectivity between the spokes.') -resource connectivityConfigurationNonProd 'Microsoft.Network/networkManagers/connectivityConfigurations@2022-05-01' = { +resource connectivityConfigurationNonProd 'Microsoft.Network/networkManagers/connectivityConfigurations@2023-04-01' = { name: 'cc-${location}-spokesnonprod' parent: networkManager dependsOn: [ @@ -137,7 +137,7 @@ resource connectivityConfigurationNonProd 'Microsoft.Network/networkManagers/con } @description('This connectivity configuration defines the connectivity between the spokes.') -resource connectivityConfigurationProd 'Microsoft.Network/networkManagers/connectivityConfigurations@2022-05-01' = { +resource connectivityConfigurationProd 'Microsoft.Network/networkManagers/connectivityConfigurations@2023-04-01' = { name: 'cc-${location}-spokesprod' parent: networkManager dependsOn: [ @@ -168,13 +168,13 @@ resource connectivityConfigurationProd 'Microsoft.Network/networkManagers/connec } @description('This user assigned identity is used by the Deployment Script resource to interact with Azure resources.') -resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2022-01-31-preview' = { +resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { name: 'uai-${location}' location: location } @description('This role assignment grants the user assigned identity the Contributor role on the resource group.') -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(resourceGroup().id, userAssignedIdentity.name) properties: { roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') // Contributor: b24988ac-6180-42a0-ab88-20f7382dd24c @@ -184,7 +184,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-prev } @description('This is the securityadmin configuration assigned to the AVNM') -resource securityConfig 'Microsoft.Network/networkManagers/securityAdminConfigurations@2022-05-01' = { +resource securityConfig 'Microsoft.Network/networkManagers/securityAdminConfigurations@2023-04-01' = { name: 'sg-${location}' parent: networkManager properties: { @@ -194,7 +194,7 @@ resource securityConfig 'Microsoft.Network/networkManagers/securityAdminConfigur } @description('This is the rules collection for the security admin config assigned to the AVNM') -resource rulesCollection 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections@2022-05-01' = { +resource rulesCollection 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections@2023-04-01' = { name: 'rc-${location}' parent: securityConfig properties: { @@ -207,7 +207,7 @@ resource rulesCollection 'Microsoft.Network/networkManagers/securityAdminConfigu } @description('This example rule contains all denied inbound TCP ports') -resource rule1 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2022-05-01' = if (deployDefaultDenySecurityAdminRules) { +resource rule1 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2023-04-01' = if (deployDefaultDenySecurityAdminRules) { name: 'r-tcp-${location}' kind: 'Custom' parent: rulesCollection @@ -235,7 +235,7 @@ resource rule1 'Microsoft.Network/networkManagers/securityAdminConfigurations/ru } @description('This example rule contains all denied inbound TCP or UDP ports') -resource rule2 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2022-05-01' = { +resource rule2 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2023-04-01' = { name: 'r-tcp-udp-${location}' kind: 'Custom' parent: rulesCollection @@ -263,7 +263,7 @@ resource rule2 'Microsoft.Network/networkManagers/securityAdminConfigurations/ru } @description('This example rule contains all denied inbound UDP ports') -resource rule3 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2022-05-01' = { +resource rule3 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2023-04-01' = { name: 'r-udp-${location}' kind: 'Custom' parent: rulesCollection @@ -291,7 +291,7 @@ resource rule3 'Microsoft.Network/networkManagers/securityAdminConfigurations/ru } @description('This example rule always allows outbound traffic to Azure Active Directory, overriding NSG outbound restrictions') -resource rule4 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2022-05-01' = { +resource rule4 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2023-04-01' = { name: 'r-alwaysallow-${location}' kind: 'Custom' parent: rulesCollection @@ -319,7 +319,7 @@ resource rule4 'Microsoft.Network/networkManagers/securityAdminConfigurations/ru } @description('This example rule allows outbound traffic to Azure SQL, unless an NSG in the path denies it') -resource rule5 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2022-05-01' = { +resource rule5 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2023-04-01' = { name: 'r-allowsql-${location}' kind: 'Custom' parent: rulesCollection diff --git a/solutions/azure-hub-spoke-connected-group/bicep/modules/hub.bicep b/solutions/azure-hub-spoke-connected-group/bicep/modules/hub.bicep index e9e9697b..6bb3931b 100644 --- a/solutions/azure-hub-spoke-connected-group/bicep/modules/hub.bicep +++ b/solutions/azure-hub-spoke-connected-group/bicep/modules/hub.bicep @@ -4,7 +4,7 @@ param deployVpnGateway bool param deployVirtualMachines bool @description('This Log Analyics Workspace stores logs from the regional hub network, its spokes, and other related resources. Workspaces are regional resource, as such there would be one workspace per hub (region)') -resource laHub 'Microsoft.OperationalInsights/workspaces@2021-06-01' = { +resource laHub 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { name: 'la-hub-${location}' location: location properties: { @@ -46,7 +46,7 @@ resource laHub_diagnosticsSettings 'Microsoft.Insights/diagnosticSettings@2021-0 } @description('The NSG around the Azure Bastion subnet. Source: https://learn.microsoft.com/azure/bastion/bastion-nsg') -resource nsgBastionSubnet 'Microsoft.Network/networkSecurityGroups@2022-01-01' = { +resource nsgBastionSubnet 'Microsoft.Network/networkSecurityGroups@2023-04-01' = { name: 'nsg-${location}-bastion' location: location properties: { @@ -230,7 +230,7 @@ resource nsgBastionSubnet_diagnosticSettings 'Microsoft.Insights/diagnosticSetti } @description('The regional hub network.') -resource vnetHub 'Microsoft.Network/virtualNetworks@2022-01-01' = { +resource vnetHub 'Microsoft.Network/virtualNetworks@2023-04-01' = { name: 'vnet-${location}-hub' location: location properties: { @@ -293,7 +293,7 @@ resource vnetHub_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021- // Allocate three IP addresses to the firewall var numFirewallIpAddressesToAssign = 3 -resource pipsAzureFirewall 'Microsoft.Network/publicIPAddresses@2022-01-01' = [for i in range(0, numFirewallIpAddressesToAssign): { +resource pipsAzureFirewall 'Microsoft.Network/publicIPAddresses@2023-04-01' = [for i in range(0, numFirewallIpAddressesToAssign): { name: 'pip-fw-${location}-${padLeft(i, 2, '0')}' location: location sku: { @@ -332,7 +332,7 @@ resource pipsAzureFirewall_diagnosticSetting 'Microsoft.Insights/diagnosticSetti }] @description('Azure Firewall Policy') -resource fwPolicy 'Microsoft.Network/firewallPolicies@2022-01-01' = { +resource fwPolicy 'Microsoft.Network/firewallPolicies@2023-04-01' = { name: 'fw-policies-${location}' location: location properties: { @@ -354,7 +354,7 @@ resource fwPolicy 'Microsoft.Network/firewallPolicies@2022-01-01' = { // This network hub starts out with only supporting external DNS queries. This is only being done for // simplicity in this deployment and is not guidance, please ensure all firewall rules are aligned with // your security standards. - resource defaultNetworkRuleCollectionGroup 'ruleCollectionGroups@2022-01-01' = { + resource defaultNetworkRuleCollectionGroup 'ruleCollectionGroups@2023-04-01' = { name: 'DefaultNetworkRuleCollectionGroup' properties: { priority: 200 @@ -394,7 +394,7 @@ resource fwPolicy 'Microsoft.Network/firewallPolicies@2022-01-01' = { } // Network hub starts out with no allowances for appliction rules - resource defaultApplicationRuleCollectionGroup 'ruleCollectionGroups@2022-01-01' = { + resource defaultApplicationRuleCollectionGroup 'ruleCollectionGroups@2023-04-01' = { name: 'DefaultApplicationRuleCollectionGroup' dependsOn: [ defaultNetworkRuleCollectionGroup @@ -439,7 +439,7 @@ resource fwPolicy 'Microsoft.Network/firewallPolicies@2022-01-01' = { } @description('This is the regional Azure Firewall that all regional spoke networks can egress through.') -resource fwHub 'Microsoft.Network/azureFirewalls@2022-01-01' = { +resource fwHub 'Microsoft.Network/azureFirewalls@2023-04-01' = { name: 'fw-${location}' location: location zones: [ @@ -497,7 +497,7 @@ resource fwHub_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05 @description('The public IP for the regional hub\'s Azure Bastion service.') -resource pipAzureBastion 'Microsoft.Network/publicIPAddresses@2022-01-01' = if (deployAzureBastion) { +resource pipAzureBastion 'Microsoft.Network/publicIPAddresses@2023-04-01' = if (deployAzureBastion) { name: 'pip-ab-${location}' location: location sku: { @@ -536,7 +536,7 @@ resource pipAzureBastion_diagnosticSetting 'Microsoft.Insights/diagnosticSetting } @description('This regional hub\'s Azure Bastion service. NSGs are configured to allow Bastion to reach any resource subnet in peered spokes.') -resource azureBastion 'Microsoft.Network/bastionHosts@2022-01-01' = if (deployAzureBastion) { +resource azureBastion 'Microsoft.Network/bastionHosts@2023-04-01' = if (deployAzureBastion) { name: 'ab-${location}' location: location sku: { @@ -575,7 +575,7 @@ resource azureBastion_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@ } @description('The public IPs for the regional VPN gateway. Only deployed if requested.') -resource pipVpnGateway 'Microsoft.Network/publicIPAddresses@2022-01-01' = if (deployVpnGateway) { +resource pipVpnGateway 'Microsoft.Network/publicIPAddresses@2023-04-01' = if (deployVpnGateway) { name: 'pip-vgw-${location}' location: location sku: { @@ -614,7 +614,7 @@ resource pipVpnGateway_diagnosticSetting 'Microsoft.Insights/diagnosticSettings@ } @description('The is the regional VPN gateway, configured with basic settings. Only deployed if requested.') -resource vgwHub 'Microsoft.Network/virtualNetworkGateways@2022-01-01' = if (deployVpnGateway) { +resource vgwHub 'Microsoft.Network/virtualNetworkGateways@2023-04-01' = if (deployVpnGateway) { name: 'vgw-${location}-hub' location: location properties: { diff --git a/solutions/azure-hub-spoke-connected-group/bicep/modules/spoke.bicep b/solutions/azure-hub-spoke-connected-group/bicep/modules/spoke.bicep index 49603f5c..c4d2b316 100644 --- a/solutions/azure-hub-spoke-connected-group/bicep/modules/spoke.bicep +++ b/solutions/azure-hub-spoke-connected-group/bicep/modules/spoke.bicep @@ -10,7 +10,7 @@ param nsgPrivateLinkEndpointsSubnetId string @secure() param adminPassword string -resource hubNet 'Microsoft.Network/virtualNetworks@2022-07-01' existing = { +resource hubNet 'Microsoft.Network/virtualNetworks@2023-04-01' existing = { name: 'vnet-${location}-hub' resource azureBastionSubnet 'subnets' existing = { @@ -18,7 +18,7 @@ resource hubNet 'Microsoft.Network/virtualNetworks@2022-07-01' existing = { } } -resource vnet 'Microsoft.Network/virtualNetworks@2022-01-01' = { +resource vnet 'Microsoft.Network/virtualNetworks@2023-04-01' = { name: 'vnet-${location}-spoke-${spokeName}' location: location properties: { @@ -79,7 +79,7 @@ resource vnet_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05- } @description('The private Network Interface Card for the Windows VM in spoke.') -resource nic 'Microsoft.Network/networkInterfaces@2022-01-01' = if (deployVirtualMachines) { +resource nic 'Microsoft.Network/networkInterfaces@2023-04-01' = if (deployVirtualMachines) { name: 'nic-vm-${location}-${spokeName}-ubuntu' location: location properties: { @@ -113,7 +113,7 @@ resource nic_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-0 } @description('A basic Ubuntu Linux virtual machine that will be attached to spoke.') -resource vm 'Microsoft.Compute/virtualMachines@2022-03-01' = if (deployVirtualMachines) { +resource vm 'Microsoft.Compute/virtualMachines@2023-03-01' = if (deployVirtualMachines) { name: 'vm-${location}-spoke-${spokeName}-ubuntu' location: location properties: {