diff --git a/solutions/secure-hybrid-network/README.md b/solutions/secure-hybrid-network/README.md index ad0eea01..a1795e19 100644 --- a/solutions/secure-hybrid-network/README.md +++ b/solutions/secure-hybrid-network/README.md @@ -28,9 +28,15 @@ For detailed information, see the Implement a secure hybrid network: Clone this repo and then run the following commands to initiate the deployment. When prompted, enter values for an admin username and password. These values are used to log into the included virtual machines. -```azurecli-interactive +```bash +## Environment +LOCATION=eastus2 +ONPREM_RESOURCEGROUP_NAME=rg-site-to-site-mock-prem-${LOCATION} +AZURE_NETWORK_RESOURCEGROUP_NAME=rg-site-to-site-azure-network-${LOCATION} + +# Resources will be created on deployment region cd solutions/secure-hybrid-network -az deployment sub create --location eastus --template-file azuredeploy.bicep +az deployment sub create -n secure-hybrid-network --location ${LOCATION} --template-file azuredeploy.bicep -p mocOnPremResourceGroup=${ONPREM_RESOURCEGROUP_NAME} azureNetworkResourceGroup=${AZURE_NETWORK_RESOURCEGROUP_NAME} ``` ## Solution deployment parameters @@ -61,7 +67,7 @@ az deployment sub create --location eastus --template-file azuredeploy.bicep | spokeRoutes | object | Object representing user-defined routes for the spoke subnet. | tableName, routeNameFirewall | | gatewayRoutes | object | Object representing user-defined routes for the gateway network. | tableName, routeNameFirewall | | internalLoadBalancer | object | Object representing the configuration of the application load balancer. | name, backendName, fontendName, probeName | -| location | string | Location to be used for all resources. | null | +| location | string | Location to be used for all resources. | rg location | **nestedtemplates/azure-network-local-gateway.json** @@ -84,7 +90,7 @@ az deployment sub create --location eastus --template-file azuredeploy.bicep | bastionHost | object | Object representing the configuration of the Bastion host. | name, subnetName, subnetPrefix, publicIPAddressName, nsgName | | vmSize | string | Size of the load-balanced virtual machines. | Standard_A1_v2 | | configureSitetosite | bool | Condition for configuring a site-to-site VPN connection. | true | -| location | string | Location to be used for all resources. | null | +| location | string | Location to be used for all resources. | rg location | **nestedtemplates/mock-onprem-local-gateway.json** @@ -96,7 +102,15 @@ az deployment sub create --location eastus --template-file azuredeploy.bicep | gatewayIpAddress | string | Public IP address of the Azure virtual network gateway. | null | | mocOnpremGatewayName | string | Name of the mock on-prem local network gateway. | null | | localNetworkGateway | string | Name of the mock on-prem local network gateway. | local-gateway-moc-prem | -| location | string | Location to be used for all resources. | null | +| location | string | Location to be used for all resources. | rg location | + + +## Clean Up + +```bash +az group delete --name ${ONPREM_RESOURCEGROUP_NAME} --yes +az group delete --name ${AZURE_NETWORK_RESOURCEGROUP_NAME} --yes +``` ## Microsoft Open Source Code of Conduct diff --git a/solutions/secure-hybrid-network/azuredeploy.bicep b/solutions/secure-hybrid-network/azuredeploy.bicep index c66eed21..49729fee 100644 --- a/solutions/secure-hybrid-network/azuredeploy.bicep +++ b/solutions/secure-hybrid-network/azuredeploy.bicep @@ -8,16 +8,16 @@ param adminUserName string @description('The admin password for both the Windows and Linux virtual machines.') @secure() param adminPassword string -param resourceGrouplocation string = 'eastus' +param location string = deployment().location resource mocOnPremResourceGroup_resource 'Microsoft.Resources/resourceGroups@2022-09-01' = { name: mocOnPremResourceGroup - location: resourceGrouplocation + location: location } resource azureNetworkResourceGroup_resource 'Microsoft.Resources/resourceGroups@2022-09-01' = { name: azureNetworkResourceGroup - location: resourceGrouplocation + location: location } module onPremMock 'nestedtemplates/mock-onprem-azuredeploy.bicep' = { @@ -26,7 +26,7 @@ module onPremMock 'nestedtemplates/mock-onprem-azuredeploy.bicep' = { params: { adminUserName: adminUserName adminPassword: adminPassword - location: resourceGrouplocation + location: location } } @@ -36,7 +36,7 @@ module azureNetwork 'nestedtemplates/azure-network-azuredeploy.bicep' = { params: { adminUserName: adminUserName adminPassword: adminPassword - location: resourceGrouplocation + location: location } } @@ -48,7 +48,7 @@ module mockOnPremLocalGateway 'nestedtemplates/mock-onprem-local-gateway.bicep' azureCloudVnetPrefix: azureNetwork.outputs.mocOnpremNetwork spokeNetworkAddressPrefix: azureNetwork.outputs.spokeNetworkAddressPrefix mocOnpremGatewayName: onPremMock.outputs.mocOnpremGatewayName - location: resourceGrouplocation + location: location } } @@ -59,6 +59,6 @@ module azureNetworkLocalGateway 'nestedtemplates/azure-network-local-gateway.bic azureCloudVnetPrefix: onPremMock.outputs.mocOnpremNetworkPrefix gatewayIpAddress: onPremMock.outputs.vpnIp azureNetworkGatewayName: azureNetwork.outputs.azureGatewayName - location: resourceGrouplocation + location: location } } diff --git a/solutions/secure-hybrid-network/nestedtemplates/azure-network-azuredeploy.bicep b/solutions/secure-hybrid-network/nestedtemplates/azure-network-azuredeploy.bicep index 89bf4a4e..d07a4a0a 100644 --- a/solutions/secure-hybrid-network/nestedtemplates/azure-network-azuredeploy.bicep +++ b/solutions/secure-hybrid-network/nestedtemplates/azure-network-azuredeploy.bicep @@ -51,11 +51,9 @@ param internalLoadBalancer object = { fontendName: 'lb-frontend' probeName: 'lb-probe' } -param location string +param location string = resourceGroup().location var logAnalyticsWorkspaceName = 'la-${uniqueString(subscription().subscriptionId, resourceGroup().id)}' -var peering_name_hub_to_spoke = 'hub-to-spoke' -var peering_name_spoke_to_hub = 'spoke-to-hub' var nicNameWebName = 'nic-web-server' var vmNameWebName = 'vm-web-server' var windowsOSVersion = '2012-R2-Datacenter' @@ -386,15 +384,19 @@ resource spokeNetwork_name_Microsoft_Insights_default_logAnalyticsWorkspace 'Mic } } -resource vpnGateway_publicIPAddress 'Microsoft.Network/publicIPAddresses@2023-04-01' = if (configureSitetosite) { +resource vpnGateway_publicIPAddress 'Microsoft.Network/publicIPAddresses@2023-11-01' = if (configureSitetosite) { name: vpnGateway.publicIPAddressName location: location + sku: { + name: 'Standard' + tier: 'Regional' + } properties: { - publicIPAllocationMethod: 'Dynamic' + publicIPAllocationMethod: 'Static' } } -resource vpnGatewayResource 'Microsoft.Network/virtualNetworkGateways@2023-04-01' = if (configureSitetosite) { +resource vpnGatewayResource 'Microsoft.Network/virtualNetworkGateways@2023-11-01' = if (configureSitetosite) { name: vpnGateway.name location: location properties: { diff --git a/solutions/secure-hybrid-network/nestedtemplates/azure-network-local-gateway.bicep b/solutions/secure-hybrid-network/nestedtemplates/azure-network-local-gateway.bicep index 421b11c3..e21b7755 100644 --- a/solutions/secure-hybrid-network/nestedtemplates/azure-network-local-gateway.bicep +++ b/solutions/secure-hybrid-network/nestedtemplates/azure-network-local-gateway.bicep @@ -3,7 +3,7 @@ param gatewayIpAddress string param azureCloudVnetPrefix string param azureNetworkGatewayName string param localNetworkGatewayName string = 'local-gateway-azure-network' -param location string +param location string = resourceGroup().location resource localNetworkGateway 'Microsoft.Network/localNetworkGateways@2023-04-01' = { name: localNetworkGatewayName diff --git a/solutions/secure-hybrid-network/nestedtemplates/mock-onprem-azuredeploy.bicep b/solutions/secure-hybrid-network/nestedtemplates/mock-onprem-azuredeploy.bicep index 5b9259a6..9247723c 100644 --- a/solutions/secure-hybrid-network/nestedtemplates/mock-onprem-azuredeploy.bicep +++ b/solutions/secure-hybrid-network/nestedtemplates/mock-onprem-azuredeploy.bicep @@ -23,7 +23,7 @@ param bastionHost object = { } param vmSize string = 'Standard_A1_v2' param configureSitetosite bool = true -param location string +param location string = resourceGroup().location var nicNameWindowsName = 'nic-windows' var vmNameWindowsName = 'vm-windows' @@ -61,15 +61,19 @@ resource mocOnpremNetworkResource 'Microsoft.Network/virtualNetworks@2023-04-01' } } -resource mocOnpremGateway_publicIPAddress 'Microsoft.Network/publicIPAddresses@2023-04-01' = if (configureSitetosite) { +resource mocOnpremGateway_publicIPAddress 'Microsoft.Network/publicIPAddresses@2023-11-01' = if (configureSitetosite) { name: mocOnpremGateway.publicIPAddressName location: location + sku: { + name: 'Standard' + tier: 'Regional' + } properties: { - publicIPAllocationMethod: 'Dynamic' + publicIPAllocationMethod: 'Static' } } -resource mocOnpremGatewayResource 'Microsoft.Network/virtualNetworkGateways@2023-04-01' = if (configureSitetosite) { +resource mocOnpremGatewayResource 'Microsoft.Network/virtualNetworkGateways@2023-11-01' = if (configureSitetosite) { name: mocOnpremGateway.name location: location properties: { diff --git a/solutions/secure-hybrid-network/nestedtemplates/mock-onprem-local-gateway.bicep b/solutions/secure-hybrid-network/nestedtemplates/mock-onprem-local-gateway.bicep index d12ffc50..22800408 100644 --- a/solutions/secure-hybrid-network/nestedtemplates/mock-onprem-local-gateway.bicep +++ b/solutions/secure-hybrid-network/nestedtemplates/mock-onprem-local-gateway.bicep @@ -4,7 +4,7 @@ param spokeNetworkAddressPrefix string param gatewayIpAddress string param mocOnpremGatewayName string param localNetworkGateway string = 'local-gateway-moc-prem' -param location string +param location string = resourceGroup().location resource localNetworkGateway_resource 'Microsoft.Network/localNetworkGateways@2023-04-01' = { name: localNetworkGateway