Skip to content

fix: Updated the networking module #703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Parent: fix: Merging dev changes to main branch
merged 1 commit into from
Oct 13, 2025
Merged

fix: Updated the networking module #703

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
125 changes: 106 additions & 19 deletions infra/main.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -387,22 +387,109 @@ module sqlUserAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned
}
}

// ========== Network Module ========== //
module network 'modules/network.bicep' = if (enablePrivateNetworking) {
name: take('network-${solutionSuffix}-deployment', 64)
// ========== Virtual Network and Networking Components ========== //

// Virtual Network with NSGs and Subnets
module virtualNetwork 'modules/virtualNetwork.bicep' = if (enablePrivateNetworking) {
name: take('module.virtualNetwork.${solutionSuffix}', 64)
params: {
resourcesName: solutionSuffix
// logAnalyticsWorkSpaceResourceId: logAnalyticsWorkspace.outputs.resourceId
logAnalyticsWorkSpaceResourceId: logAnalyticsWorkspaceResourceId
vmAdminUsername: vmAdminUsername ?? 'JumpboxAdminUser'
vmAdminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!'
vmSize: vmSize ?? 'Standard_DS2_v2' // Default VM size
name: 'vnet-${solutionSuffix}'
addressPrefixes: ['10.0.0.0/20'] // 4096 addresses (enough for 8 /23 subnets or 16 /24)
location: solutionLocation
tags: allTags
logAnalyticsWorkspaceId: logAnalyticsWorkspaceResourceId
resourceSuffix: solutionSuffix
enableTelemetry: enableTelemetry
}
}
// Azure Bastion Host
var bastionHostName = 'bas-${solutionSuffix}'
module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = if (enablePrivateNetworking) {
name: take('avm.res.network.bastion-host.${bastionHostName}', 64)
params: {
name: bastionHostName
skuName: 'Standard'
location: solutionLocation
virtualNetworkResourceId: virtualNetwork!.outputs.resourceId
diagnosticSettings: [
{
name: 'bastionDiagnostics'
workspaceResourceId: logAnalyticsWorkspaceResourceId
logCategoriesAndGroups: [
{
categoryGroup: 'allLogs'
enabled: true
}
]
}
]
tags: tags
enableTelemetry: enableTelemetry
publicIPAddressObject: {
name: 'pip-${bastionHostName}'
zones: []
}
}
}

// Jumpbox Virtual Machine
var jumpboxVmName = take('vm-jumpbox-${solutionSuffix}', 15)
module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.15.0' = if (enablePrivateNetworking) {
name: take('avm.res.compute.virtual-machine.${jumpboxVmName}', 64)
params: {
name: take(jumpboxVmName, 15) // Shorten VM name to 15 characters to avoid Azure limits
vmSize: vmSize ?? 'Standard_DS2_v2'
location: solutionLocation
adminUsername: vmAdminUsername ?? 'JumpboxAdminUser'
adminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!'
tags: tags
zone: 0
imageReference: {
offer: 'WindowsServer'
publisher: 'MicrosoftWindowsServer'
sku: '2019-datacenter'
version: 'latest'
}
osType: 'Windows'
osDisk: {
name: 'osdisk-${jumpboxVmName}'
managedDisk: {
storageAccountType: 'Standard_LRS'
}
}
encryptionAtHost: false // Some Azure subscriptions do not support encryption at host
nicConfigurations: [
{
name: 'nic-${jumpboxVmName}'
ipConfigurations: [
{
name: 'ipconfig1'
subnetResourceId: virtualNetwork!.outputs.jumpboxSubnetResourceId
}
]
diagnosticSettings: [
{
name: 'jumpboxDiagnostics'
workspaceResourceId: logAnalyticsWorkspaceResourceId
logCategoriesAndGroups: [
{
categoryGroup: 'allLogs'
enabled: true
}
]
metricCategories: [
{
category: 'AllMetrics'
enabled: true
}
]
}
]
}
]
enableTelemetry: enableTelemetry
}
}
// ========== Private DNS Zones ========== //
var privateDnsZones = [
'privatelink.cognitiveservices.azure.com'
Expand Down Expand Up @@ -456,8 +543,8 @@ module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.7.1' = [
enableTelemetry: enableTelemetry
virtualNetworkLinks: [
{
name: take('vnetlink-${network!.outputs.vnetName}-${split(zone, '.')[1]}', 80)
virtualNetworkResourceId: network!.outputs.vnetResourceId
name: take('vnetlink-${virtualNetwork!.outputs.name}-${split(zone, '.')[1]}', 80)
virtualNetworkResourceId: virtualNetwork!.outputs.resourceId
}
]
}
Expand Down Expand Up @@ -497,7 +584,7 @@ module keyvault 'br/public:avm/res/key-vault/vault:0.12.1' = {
]
}
service: 'vault'
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
}
]
: []
Expand Down Expand Up @@ -638,7 +725,7 @@ module aiFoundryAiServices 'modules/ai-services.bicep' = if (aiFoundryAIservices
{
name: 'pep-${aiFoundryAiServicesResourceName}'
customNetworkInterfaceName: 'nic-${aiFoundryAiServicesResourceName}'
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
privateDnsZoneGroup: {
privateDnsZoneGroupConfigs: [
{
Expand Down Expand Up @@ -745,7 +832,7 @@ module cosmosDb 'br/public:avm/res/document-db/database-account:0.15.0' = {
]
}
service: 'Sql'
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
}
]
: []
Expand Down Expand Up @@ -818,7 +905,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
}
]
}
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
service: 'blob'
}
{
Expand All @@ -831,7 +918,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
}
]
}
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
service: 'queue'
}
]
Expand Down Expand Up @@ -940,7 +1027,7 @@ module sqlDBModule 'br/public:avm/res/sql/server:0.20.1' = {
]
}
service: 'sqlServer'
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
tags: tags
}
]
Expand Down Expand Up @@ -1063,7 +1150,7 @@ module webSite 'modules/web-sites.bicep' = {
// WAF aligned configuration for Private Networking
vnetRouteAllEnabled: enablePrivateNetworking ? true : false
vnetImagePullEnabled: enablePrivateNetworking ? true : false
virtualNetworkSubnetId: enablePrivateNetworking ? network!.outputs.subnetWebResourceId : null
virtualNetworkSubnetId: enablePrivateNetworking ? virtualNetwork!.outputs.webSubnetResourceId : null
publicNetworkAccess: 'Enabled'
}
}
Expand Down Expand Up @@ -1145,7 +1232,7 @@ module searchService 'br/public:avm/res/search/search-service:0.11.1' = {
]
}
service: 'searchService'
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
}
]
: []
Expand Down
Loading