diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index 45029343a..ea33d1054 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -1991,6 +1991,8 @@ "vnetConnectivityRouteTableDeploymentName": "[take(concat('alz-HubRoute', variables('deploymentSuffix')), 64)]", "vnetConnectivityRouteTable2DeploymentName": "[take(concat('alz-HubRoute2', variables('deploymentSuffix')), 64)]", "nvaConnectivityHubLite2DeploymentName": "[take(concat('alz-NVAHubLite2', variables('deploymentSuffix')), 64)]", + "avnmLiteConnectivityHubDeploymentName": "[take(concat('alz-AVNMLite', variables('deploymentSuffix')), 64)]", + "avnmLitePolicyDeploymentName": "[take(concat('alz-AVNMLitePolicy', variables('deploymentSuffix')), 64)]", "ddosRgLiteDeploymentName": "[take(concat('alz-DDoSRgLite', variables('deploymentSuffix')), 64)]", "ddosLiteDeploymentName": "[take(concat('alz-DDoSLite', variables('deploymentSuffix')), 64)]", "ddosHubLitePolicyDeploymentName": "[take(concat('alz-DDoSHubPolicyLite', variables('deploymentSuffix')), 64)]", @@ -2487,6 +2489,37 @@ } } }, + { + // ALZ Pre-Requisites and Azure's Untold Story... LITE + "condition": "[not(empty(parameters('singlePlatformSubscriptionId')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-06-01", + "name": "alz-prerequisites", + "scope": "[variables('scopes').eslzRootManagementGroup]", + "location": "[deployment().location]", + "dependsOn": [ + "[variables('deploymentNames').initiativeDeploymentName]", + "[variables('esLiteDeploymentNames').mgmtGroupLiteDeploymentName]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').preRequisites]" + }, + "parameters": { + "location": { + "value": "[deployment().location]" + }, + "eslzRootName": { + "value": "[parameters('enterpriseScaleCompanyPrefix')]" + }, + "managementSubscriptionId": { + "value": "[parameters('singlePlatformSubscriptionId')]" + } + } + } + }, /* The following deployments will organize the dedicated platform subscriptions into their respective management groups */ @@ -5344,6 +5377,46 @@ } } }, + { + // Deploy AVNM Lite + "condition": "[and(parameters('deployAVNM'), or(equals(parameters('enableHub'), 'vhub'), equals(parameters('enableHub'), 'nva')), not(empty(parameters('singlePlatformSubscriptionId'))))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "subscriptionId": "[parameters('singlePlatformSubscriptionId')]", + "name": "[variables('esLiteDeploymentNames').avnmLiteConnectivityHubDeploymentName]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtGroupDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').mgmtGroupLiteDeploymentName)]", + "dnsZones", + "dnsZonesLite", + "alz-prerequisites" + ], + "location": "[deployment().location]", + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').avnmConnectivityHub]" + }, + "parameters": { + "location": { + "value": "[parameters('connectivityLocation')]" + }, + "locationSecondary": { + "value": "[parameters('connectivityLocationSecondary')]" + }, + "managementGroupScope": { + "value": "[variables('scopes').eslzRootManagementGroup]" + }, + "connectivitySubscriptionId": { + "value": "[parameters('singlePlatformSubscriptionId')]" + }, + "enableSecondaryRegion": { + "value": "[parameters('enableSecondaryRegion')]" + } + } + } + }, { // Deploying AVNM policy - to add virtual networks to AVNM network groups "condition": "[and(parameters('deployAVNM'), or(equals(parameters('enableHub'), 'vhub'), equals(parameters('enableHub'), 'nva')), not(empty(parameters('connectivitySubscriptionId'))))]", @@ -5377,6 +5450,42 @@ } } }, + { + // Deploying AVNM Lite policy - to add virtual networks to AVNM network groups + "condition": "[and(parameters('deployAVNM'), or(equals(parameters('enableHub'), 'vhub'), equals(parameters('enableHub'), 'nva')), not(empty(parameters('singlePlatformSubscriptionId'))))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "[variables('esLiteDeploymentNames').avnmLitePolicyDeploymentName]", + "location": "[deployment().location]", + "scope": "[variables('scopes').eslzRootManagementGroup]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').avnmLiteConnectivityHubDeploymentName)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').avnmPolicy]" + }, + "parameters": { + "topLevelManagementGroupPrefix": { + "value": "[parameters('enterpriseScaleCompanyPrefix')]" + }, + "connectivitySubscriptionId": { + "value": "[parameters('singlePlatformSubscriptionId')]" + }, + "locationSecondary": { + "value": "[parameters('connectivityLocationSecondary')]" + }, + "enableSecondaryRegion": { + "value": "[parameters('enableSecondaryRegion')]" + }, + "dedicatedSubscription": { + "value": false + } + } + } + }, { // Creating resource group for Private DNS Zones "condition": "[and(equals(parameters('enablePrivateDnsZones'), 'Yes'), not(empty(parameters('connectivitySubscriptionId'))))]", diff --git a/eslzArm/subscriptionTemplates/avnmPolicy.json b/eslzArm/subscriptionTemplates/avnmPolicy.json index 597d30b18..2e12a7232 100644 --- a/eslzArm/subscriptionTemplates/avnmPolicy.json +++ b/eslzArm/subscriptionTemplates/avnmPolicy.json @@ -37,6 +37,13 @@ "description": "Enable secondary region for instances deploying in multiple regions" }, "defaultValue": "No" + }, + "dedicatedSubscription": { + "type": "bool", + "metadata": { + "description": "Dedicated subscriptions selected" + }, + "defaultValue": true } }, "variables": { @@ -206,6 +213,7 @@ ] }, { + "condition": "[parameters('dedicatedSubscription')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "policyCorp", @@ -363,6 +371,7 @@ } }, { + "condition": "[parameters('dedicatedSubscription')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "policyOnline", @@ -520,6 +529,7 @@ } }, { + "condition": "[parameters('dedicatedSubscription')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "policyIdentity", @@ -677,6 +687,7 @@ } }, { + "condition": "[parameters('dedicatedSubscription')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "policyManagement", @@ -834,6 +845,7 @@ } }, { + "condition": "[parameters('dedicatedSubscription')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "policyConnectivity", @@ -991,6 +1003,7 @@ } }, { + "condition": "[parameters('dedicatedSubscription')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "policySandbox", @@ -1148,6 +1161,7 @@ } }, { + "condition": "[parameters('dedicatedSubscription')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "policyDecommissioned",