Skip to content

Commit

Permalink
Cleanup and addressing feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
@Springstone
Springstone committed Jan 9, 2025
1 parent c88c96a commit e7b4404
Show file tree
Hide file tree
Showing 3 changed files with 68 additions and 87 deletions.
6 changes: 1 addition & 5 deletions eslzArm/eslzArm.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -382,11 +382,7 @@
},
"deployAVNM": {
"type": "bool",
"defaultValue": false,
"allowedValues": [
true,
false
]
"defaultValue": false
},
"enableDdoS": {
"type": "string",
Expand Down
34 changes: 1 addition & 33 deletions eslzArm/prerequisites/deployPrerequisites.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
},
"location": {
"type": "string",
"minLength": 6,
"metadata": {
"description": "The location of this AVNM instance. All resources will be deployed to this region."
}
Expand Down Expand Up @@ -59,9 +58,6 @@
"location": {
"type": "string"
},
"managementSubscriptionId": {
"type": "string"
},
"resourceGroupName": {
"type": "string"
}
Expand Down Expand Up @@ -89,12 +85,6 @@
"parameters": {
"location": {
"value": "[parameters('location')]"
},
"managementSubscriptionId": {
"value": "[parameters('managementSubscriptionId')]"
},
"resourceGroupName": {
"value": "[parameters('resourceGroupName')]"
}
},
"template": {
Expand All @@ -103,12 +93,6 @@
"parameters": {
"location": {
"type": "string"
},
"managementSubscriptionId": {
"type": "string"
},
"resourceGroupName": {
"type": "string"
}
},
"variables": {},
Expand Down Expand Up @@ -194,9 +178,6 @@
},
"managementSubscriptionId": {
"value": "[parameters('managementSubscriptionId')]"
},
"resourceGroupName": {
"value": "[parameters('resourceGroupName')]"
}
},
"template": {
Expand All @@ -211,9 +192,6 @@
},
"managementSubscriptionId": {
"type": "string"
},
"resourceGroupName": {
"type": "string"
}
},
"resources": [
Expand Down Expand Up @@ -254,18 +232,8 @@
Get-AzResourceProvider -ProviderNamespace $rps | where {$_.RegistrationState -ne \"Registered\"} | Register-AzResourceProvider
}

#Sleep for XX minutes to wait for Management Groups to load to cache before assignments
#Sleep for 15 minutes to wait for Management Groups to load to cache before policy assignments
Start-Sleep -Duration (New-TimeSpan -Minutes 15)

#$result = \"\"
#$count = 0

#do {
# $result = Invoke-AzRestMethod -Method POST -Uri \"https://management.azure.com/providers/Microsoft.Management/managementGroups/$eslzRootName/providers/Microsoft.Network/register?api-version=2021-04-01\"
# $count++
# Start-Sleep -Seconds 30
# Write-Host 'MG RP Register - Status Code: ' $result.StatusCode ' Count: ' $count
#} while ($result.StatusCode -ne 200 -and $count -lt 10)
"
},
"metadata": {
Expand Down
115 changes: 66 additions & 49 deletions eslzArm/subscriptionTemplates/avnmConfiguration.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ VNETs in the primary region."
}
},
{
"condition": "[equals(parameters('enableSecondaryRegion'), 'Yes')]",
Expand All @@ -158,7 +161,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ VNETs in the secondary region, if selected."
}
},
{
"type": "Microsoft.Network/networkManagers/networkGroups",
Expand All @@ -170,7 +176,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ CORP VNETs in the primary region."
}
},
{
"condition": "[equals(parameters('enableSecondaryRegion'), 'Yes')]",
Expand All @@ -183,7 +192,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ CORP VNETs in the secondary region, if selected."
}
},
{
"type": "Microsoft.Network/networkManagers/networkGroups",
Expand All @@ -195,7 +207,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ ONLINE VNETs in the primary region."
}
},
{
"condition": "[equals(parameters('enableSecondaryRegion'), 'Yes')]",
Expand All @@ -208,7 +223,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ ONLINE VNETs in the secondary region, if selected."
}
},
{
"type": "Microsoft.Network/networkManagers/networkGroups",
Expand All @@ -220,7 +238,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ IDENTITY VNETs in the primary region."
}
},
{
"condition": "[equals(parameters('enableSecondaryRegion'), 'Yes')]",
Expand All @@ -233,7 +254,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ IDENTITY VNETs in the secondary region, if selected."
}
},
{
"type": "Microsoft.Network/networkManagers/networkGroups",
Expand All @@ -245,7 +269,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ MANAGEMENT VNETs in the primary region."
}
},
{
"condition": "[equals(parameters('enableSecondaryRegion'), 'Yes')]",
Expand All @@ -258,7 +285,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ MANAGEMENT VNETs in the secondary region, if selected."
}
},
{
"type": "Microsoft.Network/networkManagers/networkGroups",
Expand All @@ -270,7 +300,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ CONNECTIVITY VNETs in the primary region."
}
},
{
"condition": "[equals(parameters('enableSecondaryRegion'), 'Yes')]",
Expand All @@ -283,7 +316,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ CONNECTIVITY VNETs in the secondary region, if selected."
}
},
{
"type": "Microsoft.Network/networkManagers/networkGroups",
Expand All @@ -295,7 +331,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ SANDBOX VNETs in the primary region."
}
},
{
"condition": "[equals(parameters('enableSecondaryRegion'), 'Yes')]",
Expand All @@ -308,7 +347,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ SANDBOX VNETs in the secondary region, if selected."
}
},
{
"type": "Microsoft.Network/networkManagers/networkGroups",
Expand All @@ -320,7 +362,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ DECOMMISSIONED VNETs in the primary region."
}
},
{
"condition": "[equals(parameters('enableSecondaryRegion'), 'Yes')]",
Expand All @@ -333,7 +378,10 @@
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', 'avnm')]"
]
],
"metadata": {
"description": "This is the dynamic network group for all ALZ DECOMMISSIONED VNETs in the secondary region, if selected."
}
},
{
"type": "Microsoft.Network/networkManagers/securityAdminConfigurations",
Expand All @@ -353,44 +401,13 @@
"name": "[format('{0}/{1}/{2}', 'avnm', 'sac-alz', 'rc-ALZ')]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers/securityAdminConfigurations', 'avnm', 'sac-alz')]",
"[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', 'avnm-ng-all')]",
"[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-{0}', parameters('location')))]",
"[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-{0}', parameters('locationSecondary')))]"
],
"properties": {
"appliesToGroups": [
{
"networkGroupId": "[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', 'avnm-ng-all')]"
},
{
"networkGroupId": "[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-{0}', parameters('location')))]"
},
{
"networkGroupId": "[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-{0}', parameters('locationSecondary')))]"
}

]
}
},
{
"condition": "[equals(parameters('enableSecondaryRegion'), 'No')]",
"type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections",
"apiVersion": "2024-03-01",
"name": "[format('{0}/{1}/{2}', 'avnm', 'sac-alz', 'rc-ALZ')]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers/securityAdminConfigurations', 'avnm', 'sac-alz')]",
"[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', 'avnm-ng-all')]",
"[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-{0}', parameters('location')))]"
"[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', 'avnm-ng-all')]"
],
"properties": {
"appliesToGroups": [
{
"networkGroupId": "[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', 'avnm-ng-all')]"
},
{
"networkGroupId": "[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-{0}', parameters('location')))]"
}

]
}
},
Expand All @@ -403,7 +420,7 @@
],
"kind": "Custom",
"properties": {
"description": "Deny VM Management inbound traffic",
"description": "Deny VM Management inbound traffic, similar to the ALZ policy https://www.azadvertizer.net/azpolicyadvertizer/Deny-MgmtPorts-From-Internet.html",
"priority": 1000,
"sources": [
{
Expand Down

0 comments on commit e7b4404

Please sign in to comment.