From 0f3de4adb642126683cc105bce14a0697c6f48b6 Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Fri, 13 Dec 2024 18:43:03 +0400 Subject: [PATCH] Cleanup and removing AVNM locations --- eslzArm/eslzArm.json | 6 --- .../avnmConfiguration.json | 51 +++++++------------ eslzArm/subscriptionTemplates/avnmPolicy.json | 2 +- 3 files changed, 19 insertions(+), 40 deletions(-) diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index c0fb7b90c..aa3f2fe4d 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -5221,9 +5221,6 @@ "uri": "[variables('deploymentUris').avnmConnectivityHub]" }, "parameters": { - "topLevelManagementGroupPrefix": { - "value": "[parameters('enterpriseScaleCompanyPrefix')]" - }, "location": { "value": "[parameters('connectivityLocation')]" }, @@ -5233,9 +5230,6 @@ "managementGroupScope": { "value": "[variables('scopes').eslzRootManagementGroup]" }, - "managementSubscriptionId": { - "value": "[parameters('managementSubscriptionId')]" - }, "connectivitySubscriptionId": { "value": "[parameters('connectivitySubscriptionId')]" } diff --git a/eslzArm/subscriptionTemplates/avnmConfiguration.json b/eslzArm/subscriptionTemplates/avnmConfiguration.json index b0224a014..bcf29e737 100644 --- a/eslzArm/subscriptionTemplates/avnmConfiguration.json +++ b/eslzArm/subscriptionTemplates/avnmConfiguration.json @@ -2,14 +2,6 @@ "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { - "topLevelManagementGroupPrefix": { - "type": "string", - "maxLength": 10, - "defaultValue": "eslz", - "metadata": { - "description": "Provide a prefix (max 10 characters, unique at tenant-scope) for the Management Group hierarchy and other resources created as part of Enterprise-scale." - } - }, "location": { "type": "string", "metadata": { @@ -33,13 +25,6 @@ "description": "Management group scope for AVNM. Intermediate root management group is the default." } }, - "managementSubscriptionId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "SubscriptionId for the management subscription. Used to get the user assigned identity." - } - }, "connectivitySubscriptionId": { "type": "string", "metadata": { @@ -51,7 +36,7 @@ "variables": { "rgName": "rg-alz-avnm", "resourceDeploymentName": "[take(concat(deployment().name, '-avnm', parameters('location')), 64)]", - "configIds": "[resourceId(parameters('connectivitySubscriptionId'), variables('rgName'), 'Microsoft.Network/networkManagers/securityAdminConfigurations', 'avnm', format('sac-{0}', parameters('location')))]" + "configIds": "[resourceId(parameters('connectivitySubscriptionId'), variables('rgName'), 'Microsoft.Network/networkManagers/securityAdminConfigurations', 'avnm', 'sac-alz')]" }, "resources": [ { @@ -119,7 +104,7 @@ { "type": "Microsoft.Network/networkManagers/networkGroups", "apiVersion": "2024-03-01", - "name": "[format('{0}/{1}', 'avnm', format('ng-{0}-static', parameters('location')))]", + "name": "[format('{0}/{1}', 'avnm', 'ng-static']", "properties": { "memberType": "VirtualNetwork", "description": "Network Group - Static" @@ -134,7 +119,7 @@ { "type": "Microsoft.Network/networkManagers/networkGroups", "apiVersion": "2024-03-01", - "name": "[format('{0}/{1}', 'avnm', format('ng-{0}-dynamic', parameters('location')))]", + "name": "[format('{0}/{1}', 'avnm', 'ng-dynamic')]", "properties": { "memberType": "VirtualNetwork", "description": "Network Group - Dynamic" @@ -149,7 +134,7 @@ { "type": "Microsoft.Network/networkManagers/securityAdminConfigurations", "apiVersion": "2023-11-01", - "name": "[format('{0}/{1}', 'avnm', format('sac-{0}', parameters('location')))]", + "name": "[format('{0}/{1}', 'avnm', 'sac-alz')]", "dependsOn": [ "[resourceId('Microsoft.Network/networkManagers', 'avnm')]" ], @@ -160,19 +145,19 @@ { "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections", "apiVersion": "2024-03-01", - "name": "[format('{0}/{1}/{2}', 'avnm', format('sac-{0}', parameters('location')), 'rc-ALZ')]", + "name": "[format('{0}/{1}/{2}', 'avnm', 'sac-alz', 'rc-ALZ')]", "dependsOn": [ - "[resourceId('Microsoft.Network/networkManagers/securityAdminConfigurations', 'avnm', format('sac-{0}', parameters('location')))]", - "[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', format('ng-{0}-static', parameters('location')))]", - "[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', format('ng-{0}-dynamic', parameters('location')))]" + "[resourceId('Microsoft.Network/networkManagers/securityAdminConfigurations', 'avnm', 'sac-alz')]", + "[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', 'ng-static']", + "[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', 'ng-dynamic')]" ], "properties": { "appliesToGroups": [ { - "networkGroupId": "[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', format('ng-{0}-static', parameters('location')))]" + "networkGroupId": "[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', 'ng-static']" }, { - "networkGroupId": "[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', format('ng-{0}-dynamic', parameters('location')))]" + "networkGroupId": "[resourceId('Microsoft.Network/networkManagers/networkGroups', 'avnm', 'ng-dynamic')]" } ] @@ -181,9 +166,9 @@ { "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules", "apiVersion": "2024-03-01", - "name": "[format('{0}/{1}/{2}/{3}', 'avnm', format('sac-{0}', parameters('location')), 'rc-ALZ', 'DenyMgmtInbound')]", + "name": "[format('{0}/{1}/{2}/{3}', 'avnm', 'sac-alz', 'rc-ALZ', 'DenyMgmtInbound')]", "dependsOn": [ - "[resourceId('Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections', 'avnm', format('sac-{0}', parameters('location')), 'rc-ALZ')]" + "[resourceId('Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections', 'avnm', 'sac-alz', 'rc-ALZ')]" ], "kind": "Custom", "properties": { @@ -207,9 +192,9 @@ { "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules", "apiVersion": "2024-03-01", - "name": "[format('{0}/{1}/{2}/{3}', 'avnm', format('sac-{0}', parameters('location')), 'rc-ALZ', 'DenyHighRiskInboundTCP')]", + "name": "[format('{0}/{1}/{2}/{3}', 'avnm', 'sac-alz', 'rc-ALZ', 'DenyHighRiskInboundTCP')]", "dependsOn": [ - "[resourceId('Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections', 'avnm', format('sac-{0}', parameters('location')), 'rc-ALZ')]" + "[resourceId('Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections', 'avnm', 'sac-alz', 'rc-ALZ')]" ], "kind": "Custom", "properties": { @@ -242,9 +227,9 @@ { "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules", "apiVersion": "2024-03-01", - "name": "[format('{0}/{1}/{2}/{3}', 'avnm', format('sac-{0}', parameters('location')), 'rc-ALZ', 'DenyHighRiskInboundUDP')]", + "name": "[format('{0}/{1}/{2}/{3}', 'avnm', 'sac-alz', 'rc-ALZ', 'DenyHighRiskInboundUDP')]", "dependsOn": [ - "[resourceId('Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections', 'avnm', format('sac-{0}', parameters('location')), 'rc-ALZ')]" + "[resourceId('Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections', 'avnm', 'sac-alz', 'rc-ALZ')]" ], "kind": "Custom", "properties": { @@ -268,9 +253,9 @@ { "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules", "apiVersion": "2024-03-01", - "name": "[format('{0}/{1}/{2}/{3}', 'avnm', format('sac-{0}', parameters('location')), 'rc-ALZ', 'DenyHighRiskInboundANY')]", + "name": "[format('{0}/{1}/{2}/{3}', 'avnm', 'sac-alz', 'rc-ALZ', 'DenyHighRiskInboundANY')]", "dependsOn": [ - "[resourceId('Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections', 'avnm', format('sac-{0}', parameters('location')), 'rc-ALZ')]" + "[resourceId('Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections', 'avnm', 'sac-alz', 'rc-ALZ')]" ], "kind": "Custom", "properties": { diff --git a/eslzArm/subscriptionTemplates/avnmPolicy.json b/eslzArm/subscriptionTemplates/avnmPolicy.json index 6325d84ec..c01a3313c 100644 --- a/eslzArm/subscriptionTemplates/avnmPolicy.json +++ b/eslzArm/subscriptionTemplates/avnmPolicy.json @@ -25,7 +25,7 @@ } }, "variables": { - "networkGroupId": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('ng-{0}-dynamic', parameters('location')))]" + "networkGroupId": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', 'ng-dynamic')]" }, "resources": [ {