diff --git a/docs/wiki/Contributing.md b/docs/wiki/Contributing.md index f033cd727..8f85aec82 100644 --- a/docs/wiki/Contributing.md +++ b/docs/wiki/Contributing.md @@ -90,22 +90,8 @@ Throughout the development of Bicep code you should follow the [Bicep Best Pract - Default values should also be documented in the appropriate location - Tab indents should be set to `2` for all Bicep files - Double line-breaks should exist between each element type section -- Each bicep file must contain the below multi-line comment at the very top of the file, with its details filled out: +- When intended for scopes above resource group deployment, targetScope should be indicated at the beginning of the file -```bicep -/* -SUMMARY: A short summary of what the Bicep file does/deploys. -DESCRIPTION: A slightly longer description of what the Bicep file does/deploys and any other important information that should be known upfront. -AUTHOR/S: GitHub Usernames -VERSION: 1.0.0 -*/ - - - -targetScope = ... - -etc... -``` ### Bicep Elements Naming Standards @@ -138,14 +124,6 @@ For all Bicep files created as part of this project they will follow the structu Below is an example of Bicep file complying with the structure and styling guidelines specified above: ```bicep -/* -SUMMARY: An example deployment of a resource group. -DESCRIPTION: Deploy a resource group to UK south taking a naming prefix as it's only parameter. -AUTHOR/S: jtracey93 -VERSION: 1.0.0 -*/ - - // SCOPE targetScope = 'subscription' //Deploying at Subscription scope to allow resource groups to be created and resources in one deployment diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep index 8d4f0628e..5e7fbb1da 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep @@ -1,19 +1,3 @@ -/* -SUMMARY: This module defines custom roles based on the recommendations from the Azure Landing Zone Conceptual Architecture. -DESCRIPTION: - The role definitions are defined in Identity and access management recommendations. Reference: https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/identity-and-access-management - - Module supports the following custom roles: - - * Subscription owner - * Application owners (DevOps/AppOps) - * Network management (NetOps) - * Security operations (SecOps) - -AUTHOR/S: SenthuranSivananthan -VERSION: 1.0.0 -*/ - targetScope = 'managementGroup' @description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition.') diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep index cbd8b73c0..47713abfc 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep @@ -1,22 +1,3 @@ -/* -SUMMARY: This module defines custom roles based on the recommendations from the Azure Landing Zone Conceptual Architecture. -DESCRIPTION: - The role definitions are defined in Identity and access management recommendations. Reference: https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/identity-and-access-management - - Module supports the following custom roles: - - * Subscription owner - * Application owners (DevOps/AppOps) - * Network management (NetOps) - * Security operations (SecOps) - -There are differences for custom roles for Azure China regions due to following resource provider which are not returned in the list of providers from Azure Resource Manager in China. - * Microsoft.Support resource provider is not supported because Azure support in China regions are provided by 21Vianet. - -AUTHOR/S: SenthuranSivananthan, @faister -VERSION: 1.0.0 -*/ - targetScope = 'managementGroup' @description('The management group scope to which the role can be assigned. This management group ID will be used for the assignableScopes property in the role definition.') diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 36bb30b9f..cf1b407dd 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -1,17 +1,3 @@ -/* -SUMMARY: Module to deploy the Hub Network and it's components as per the Azure Landing Zone conceptual architecture -DESCRIPTION: The following components will be options in this deployment - Virtual Network (Vnet) - Subnets - VPN Gateway/ExpressRoute Gateway - Azure Firewall - Private DNS Zones - Details of all the Azure Private DNS zones can be found here --> https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns#azure-services-dns-zone-configuration - DDos Standard Plan - Bastion -AUTHOR/S: aultt, jtracey93, cloudchristoph -VERSION: 1.x.x -*/ - @description('The Azure Region to deploy the resources into. Default: resourceGroup().location') param parLocation string = resourceGroup().location diff --git a/infra-as-code/bicep/modules/logging/logging.bicep b/infra-as-code/bicep/modules/logging/logging.bicep index 1d48fabcc..861f11c48 100644 --- a/infra-as-code/bicep/modules/logging/logging.bicep +++ b/infra-as-code/bicep/modules/logging/logging.bicep @@ -1,29 +1,3 @@ -/* -SUMMARY: Deploys Azure Log Analytics Workspace & Automation Account. -DESCRIPTION: - Deploys Azure Log Analytics Workspace & Automation Account to an existing Resource Group. Automation Account will be linked to Log Analytics Workspace to provide integration for Inventory, Change Tracking and Update Management. - - The module will deploy the following Log Analytics Workspace solutions by default. Solutions can be customized as required: - - * AgentHealthAssessment - * AntiMalware - * AzureActivity - * ChangeTracking - * Security - * SecurityInsights (Azure Sentinel) - * ServiceMap - * SQLAssessment - * Updates - * VMInsights - -AUTHOR/S: SenthuranSivananthan,aultt -VERSION: 1.2.0 - -# Release notes 11/23/2021 - V1.2: - - Changed line 102 from parLogAnalyticsWorkspaceName to resLogAnalyticsWorkspace.name. - - Change is required so the resources are created in the correct order. Without the change the link would fail sporatically. -*/ - @description('Log Analytics Workspace name. - DEFAULT VALUE: alz-log-analytics') param parLogAnalyticsWorkspaceName string = 'alz-log-analytics' diff --git a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep index 48c1d4622..8e9a943aa 100644 --- a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep +++ b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep @@ -1,21 +1,3 @@ -/* -SUMMARY: The Management Groups module deploys a management group hierarchy in a customer's tenant under the 'Tenant Root Group'. -DESCRIPTION: Management Group hierarchy is created through a tenant-scoped Azure Resource Manager (ARM) deployment. The hierarchy is: - * Tenant Root Group - * Top Level Management Group (defined by parameter `parTopLevelManagementGroupPrefix`) - * Platform - * Management - * Connectivity - * Identity - * Landing Zones - * Corp - * Online - * Sandbox - * Decommissioned -AUTHOR/S: SenthuranSivananthan, jtracey93 -VERSION: 1.1.0 -*/ - targetScope = 'tenant' @description('Prefix for the management group hierarchy. This management group will be created as part of the deployment.') diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep index 46dc65246..f9062ffad 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep @@ -1,15 +1,3 @@ -/* - -SUMMARY: This module deploys the default Azure Landing Zone Azure Policy Assignments to the Management Group Hierarchy and also assigns the relevant RBAC. -DESCRIPTION: This module deploys the default Azure Landing Zone Azure Policy Assignments to the Management Group Hierarchy and also assigns the relevant RBAC for the system-assigned Managed Identities created for policies that require them (e.g DeployIfNotExist & Modify effect policies). -AUTHOR/S: jtracey93 -VERSION: 1.0.4 - -*/ - -// **Parameters** -// Parameters are used to pass in values to the various policy assignment modules. - @description('Prefix for the management group hierarchy. DEFAULT VALUE = alz') @minLength(2) @maxLength(10) diff --git a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep index b9daed490..a37b5f728 100644 --- a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep @@ -1,10 +1,3 @@ -/* -SUMMARY: This module assigns Azure Policies to a specified Management Group as well as assigning the Managed Identity to various Management Groups -DESCRIPTION: This module assigns Azure Policies to a specified Management Group. -AUTHOR/S: jtracey93 -VERSION: 1.2.0 -*/ - targetScope = 'managementGroup' @minLength(1) diff --git a/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep b/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep index 373bb39ab..eea6caca4 100644 --- a/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep +++ b/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep @@ -1,10 +1,3 @@ -/* -SUMMARY: This module deploys the custom Azure Policy Definitions & Initiatives supplied by the Enterprise Scale conceptual architecture and reference implementation to a specified Management Group. -DESCRIPTION: This module deploys the custom Azure Policy Definitions & Initiatives supplied by the Enterprise Scale conceptual architecture and reference implementation defined here (https://aka.ms/enterprisescale) to a specified Management Group. -AUTHOR/S: jtracey93 -VERSION: 1.0.1 -*/ - targetScope = 'managementGroup' @description('The management group scope to which the policy definitions are to be created at. DEFAULT VALUE = "alz"') diff --git a/infra-as-code/bicep/modules/policy/definitions/mc-custom-policy-definitions.bicep b/infra-as-code/bicep/modules/policy/definitions/mc-custom-policy-definitions.bicep index e2a71bb7e..45dbed100 100644 --- a/infra-as-code/bicep/modules/policy/definitions/mc-custom-policy-definitions.bicep +++ b/infra-as-code/bicep/modules/policy/definitions/mc-custom-policy-definitions.bicep @@ -1,10 +1,3 @@ -/* -SUMMARY: This module deploys the custom Azure Policy Definitions & Initiatives specific to Azure China regions supplied by the Enterprise Scale conceptual architecture and reference implementation to a specified Management Group. -DESCRIPTION: This module deploys the custom Azure Policy Definitions & Initiatives specific to Azure China regions supplied by the Enterprise Scale conceptual architecture and reference implementation defined here (https://aka.ms/enterprisescale) to a specified Management Group. -AUTHOR/S: faister -VERSION: 1.0.0 -*/ - targetScope = 'managementGroup' @description('The management group scope to which the policy definitions are to be created at. DEFAULT VALUE = "alz"') diff --git a/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep b/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep index cd6b6dc6c..fb5d4409c 100644 --- a/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep +++ b/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep @@ -1,10 +1,3 @@ -/* -SUMMARY: Module to deploy the Private DNS Zones as per the Azure Landing Zone conceptual architecture -DESCRIPTION: The following components will deployed - Private DNS Zones - Details of all the Azure Private DNS zones can be found here --> https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns#azure-services-dns-zone-configuration -AUTHOR/S: aultt, jtracey93, cloudchristoph -VERSION: 1.x.x -*/ @description('The Azure Region to deploy the resources into. Default: resourceGroup().location') param parLocation string = resourceGroup().location diff --git a/infra-as-code/bicep/modules/publicIp/publicIp.bicep b/infra-as-code/bicep/modules/publicIp/publicIp.bicep index 15029c4c7..401cd75f5 100644 --- a/infra-as-code/bicep/modules/publicIp/publicIp.bicep +++ b/infra-as-code/bicep/modules/publicIp/publicIp.bicep @@ -1,11 +1,3 @@ -/* -SUMMARY: Module to deploy create a public IP address -DESCRIPTION: The following components will be options in this deployment - Public IP Address -AUTHOR/S: aultt, jtracey93 -VERSION: 1.0.1 -*/ - @description('Name of Public IP to create in Azure. Default: None') param parPublicIPName string diff --git a/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep b/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep index f63562796..e0c4851fa 100644 --- a/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep +++ b/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep @@ -1,13 +1,3 @@ -/* -SUMMARY: Module to deploy a resource group to the subscription specified. -DESCRIPTION: The following components will be required parameters in this deployment - parLocation - parResourceGroupName -AUTHOR/S: aultt, johnlokerse -VERSION: 1.1.0 - - Added outputs for resource group name and resource group id -*/ - targetScope = 'subscription' @description('Azure Region where Resource Group will be created. No Default') diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep index fe1da9a0e..19abfd7e6 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep @@ -1,15 +1,3 @@ -/* -SUMMARY: Role Assignments for one Management Group -DESCRIPTION: - Module provides role assignment capabilities for Management Groups. The role assignments can be performed for: - - * Managed Identities (System and User Assigned) - * Service Principals - * Security Groups - -AUTHOR/S: SenthuranSivananthan -VERSION: 1.0.0 -*/ targetScope = 'managementGroup' @description('A GUID representing the role assignment name. Default: guid(managementGroup().name, parRoleDefinitionId, parAssigneeObjectId)') diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroupMany.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroupMany.bicep index 19736610f..5d92ff59d 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroupMany.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroupMany.bicep @@ -1,15 +1,3 @@ -/* -SUMMARY: Role Assignments for 1 or more Management Groups -DESCRIPTION: - Module provides role assignment capabilities for Management Groups. The role assignments can be performed for: - - * Managed Identities (System and User Assigned) - * Service Principals - * Security Groups - -AUTHOR/S: SenthuranSivananthan, jtracey93 -VERSION: 1.1.0 -*/ targetScope = 'managementGroup' @description('A list of management group scopes that will be used for role assignment (i.e. [alz-platform-connectivity, alz-platform-identity]). Default = []') diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep index e5f6755f5..e8f759705 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep @@ -1,15 +1,3 @@ -/* -SUMMARY: Role Assignments for 1 Subscriptions -DESCRIPTION: - Module provides role assignment capabilities for Subscriptions. The role assignments can be performed for: - - * Managed Identities (System and User Assigned) - * Service Principals - * Security Groups - -AUTHOR/S: SenthuranSivananthan -VERSION: 1.0.0 -*/ targetScope = 'subscription' @description('A GUID representing the role assignment name. Default: guid(subscription().subscriptionId, parRoleDefinitionId, parAssigneeObjectId)') diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscriptionMany.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscriptionMany.bicep index 83a374d3c..86efe58ab 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscriptionMany.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscriptionMany.bicep @@ -1,15 +1,3 @@ -/* -SUMMARY: Role Assignments for 1 or more Subscriptions -DESCRIPTION: - Module provides role assignment capabilities for Subscriptions. The role assignments can be performed for: - - * Managed Identities (System and User Assigned) - * Service Principals - * Security Groups - -AUTHOR/S: SenthuranSivananthan, jtracey93 -VERSION: 1.1.0 -*/ targetScope = 'managementGroup' @description('A list of subscription IDs that will be used for role assignment (i.e. 4f9f8765-911a-4a6d-af60-4bc0473268c0) Default = []') diff --git a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep index be13adc16..40826e46c 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep +++ b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep @@ -1,18 +1,3 @@ -/* -SUMMARY: Module to deploy ALZ Spoke Network -DESCRIPTION: The following components will be options in this deployment - VirtualNetwork(Spoke Vnet) - Subnets - UDR - if Firewall is enabled - Private DNS Link -AUTHOR/S: aultt, jtracey93 -VERSION: 1.2.0 - - Changed default value of parNetworkDNSEnableProxy to false. Defaulting to false allow for testing on its own - - Changed default value of parDdosEnabled to false. Defaulting to false to allow for testing on its own - - Added parSpokeNetworkName to allow customer input flexibility - - Removed unrequired bool switches -*/ - @description('The Azure Region to deploy the resources into. Default: resourceGroup().location') param parLocation string = resourceGroup().location diff --git a/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep b/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep index 2d5d06b03..d11ee4cce 100644 --- a/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep +++ b/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep @@ -1,13 +1,3 @@ -/* -SUMMARY: Move one or more subscriptions to a new management group. -DESCRIPTION: - Move one or more subscriptions to a new management group. - - Once the subscription(s) are moved, Azure Policies assigned to the new management group or it's parent management group(s) will begin to govern the subscription(s). - -AUTHOR/S: SenthuranSivananthan -VERSION: 1.0.0 -*/ targetScope = 'managementGroup' @description('Array of Subscription Ids that should be moved to the new management group.') diff --git a/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/orch-hubSpoke.bicep b/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/orch-hubSpoke.bicep index 764e073f2..da815ba60 100644 --- a/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/orch-hubSpoke.bicep +++ b/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/orch-hubSpoke.bicep @@ -1,24 +1,3 @@ -/* - -SUMMARY: This module provides orchestration of all the required module deployments to achevie a Azure Landing Zones Hub and Spoke network topology deployment (also known as Adventure Works) -DESCRIPTION: This module provides orchestration of all the required module deployments to achevie a Azure Landing Zones Hub and Spoke network topology deployment (also known as Adventure Works). - It will handle the sequencing and ordering of the following modules: - - Management Groups - - Custom RBAC Role Definitions - - Custom Policy Definitions - - Logging - - Policy Assignments - - Subscription Placement - - Hub Networking - - Spoke Networking (corp connected) - All as outlined in the Deployment Flow wiki page here: https://github.com/Azure/ALZ-Bicep/wiki/DeploymentFlow -AUTHOR/S: jtracey93 -VERSION: 1.0.0 - -*/ - -// **Parameters** -// Generic Parameters - Used in multiple modules @description('The region to deploy all resoruces into. DEFAULTS TO = northeurope') param parLocation string = 'northeurope' diff --git a/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep b/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep index c3d88ff9b..26d8e47de 100644 --- a/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep +++ b/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep @@ -1,11 +1,3 @@ -/* -SUMMARY: Module to connect your spoke virtual network to your Virtual WAN virtual hub/ -DESCRIPTION: The following components will be options in this deployment - Virtual Hub network connection -AUTHOR/S: faister, jtracey93 -VERSION: 1.0.2 -*/ - @description('Virtual WAN Hub resource ID. No default') param parVirtualHubResourceId string diff --git a/infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep b/infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep index f340c7428..1d33ca2b5 100644 --- a/infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep +++ b/infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep @@ -1,11 +1,3 @@ -/* -SUMMARY: Module to perform spoke network peering with the Virtual WAN virtual hub as per the Azure Landing Zone conceptual architecture - https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/virtual-wan-network-topology. This module draws parity with the Enterprise Scale implementation defined in https://github.com/Azure/Enterprise-Scale/blob/main/eslzArm/subscriptionTemplates/vwan-connectivity.json -DESCRIPTION: The peering can be configured using the parameters file: - Virtual network peering with Virtual WAN virtual hub -AUTHOR/S: faister, jtracey93 -VERSION: 1.0.1 -*/ - targetScope = 'subscription' @description('Virtual WAN Hub resource ID. No default') diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index af73d84a2..d1e19542f 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -1,18 +1,3 @@ -/* -SUMMARY: Module to deploy the Virtual WAN network topology and its components as per the Azure Landing Zone conceptual architecture - https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/virtual-wan-network-topology. This module draws parity with the Enterprise Scale implementation defined in https://github.com/Azure/Enterprise-Scale/blob/main/eslzArm/subscriptionTemplates/vwan-connectivity.json -DESCRIPTION: The following Azure resources will be deployed in a single resource group, all of which can be configured using the parameters file: - - Virtual WAN - Virtual Hub. The virtual hub is a prerequisite to connect to either a VPN Gateway, an ExpressRoute Gateway or an Azure Firewall to the virtual WAN - VPN Gateway - ExpressRoute Gateway - Public IP is deployed only if Azure Firewall is enabled - Azure Firewall - Azure Firewall policy -AUTHOR/S: Fai Lai @faister -VERSION: 1.0.0 -*/ - @description('Prefix value which will be prepended to all resource names. Default: alz') param parCompanyPrefix string = 'alz'