Azure · krbar · Aug 20, 2024 · Mar 25, 2024 · Mar 26, 2024 · Mar 27, 2024
@@ -15,8 +15,8 @@ This module deploys an App Managed Environment (also known as a Container App En
 
 | Resource Type | API Version |
 | :-- | :-- |
-| `Microsoft.App/managedEnvironments` | [2023-11-02-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-11-02-preview/managedEnvironments) |
-| `Microsoft.App/managedEnvironments/storages` | [2023-11-02-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-11-02-preview/managedEnvironments/storages) |
+| `Microsoft.App/managedEnvironments` | [2024-02-02-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2024-02-02-preview/managedEnvironments) |
+| `Microsoft.App/managedEnvironments/storages` | [2024-02-02-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2024-02-02-preview/managedEnvironments/storages) |
 | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
 
@@ -171,6 +171,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:<version>'
         ]
       }
     }
+    peerTrafficEncryption: true
     platformReservedCidr: '172.17.17.0/24'
     platformReservedDnsIP: '172.17.17.17'
     roleAssignments: [
@@ -288,6 +289,9 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:<version>'
         }
       }
     },
+    "peerTrafficEncryption": {
+      "value": true
+    },
     "platformReservedCidr": {
       "value": "172.17.17.0/24"
     },
@@ -542,6 +546,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:<version>'
 | [`logsDestination`](#parameter-logsdestination) | string | Logs destination. |
 | [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. |
 | [`openTelemetryConfiguration`](#parameter-opentelemetryconfiguration) | object | Open Telemetry configuration. |
+| [`peerTrafficEncryption`](#parameter-peertrafficencryption) | bool | Whether or not to encrypt peer traffic. |
 | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. |
 | [`storages`](#parameter-storages) | array | The list of storages to mount on the environment. |
 | [`tags`](#parameter-tags) | object | Tags of the resource. |
@@ -761,6 +766,14 @@ Open Telemetry configuration.
 - Type: object
 - Default: `{}`
 
+### Parameter: `peerTrafficEncryption`
+
+Whether or not to encrypt peer traffic.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
 ### Parameter: `roleAssignments`
 
 Array of role assignments to create.

@@ -53,6 +53,9 @@ param platformReservedCidr string = ''
 @description('Conditional. An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. Required if zoneRedundant is set to true to make the resource WAF compliant.')
 param platformReservedDnsIP string = ''
 
+@description('Optional. Whether or not to encrypt peer traffic.')
+param peerTrafficEncryption bool = false
+
 @description('Optional. Whether or not this Managed Environment is zone-redundant.')
 param zoneRedundant bool = true
 
@@ -146,7 +149,7 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09
   scope: resourceGroup(split(logAnalyticsWorkspaceResourceId, '/')[2], split(logAnalyticsWorkspaceResourceId, '/')[4])
 }
 
-resource managedEnvironment 'Microsoft.App/managedEnvironments@2023-11-02-preview' = {
+resource managedEnvironment 'Microsoft.App/managedEnvironments@2024-02-02-preview' = {
   name: name
   location: location
   tags: tags
@@ -170,6 +173,11 @@ resource managedEnvironment 'Microsoft.App/managedEnvironments@2023-11-02-previe
       dnsSuffix: dnsSuffix
     }
     openTelemetryConfiguration: !empty(openTelemetryConfiguration) ? openTelemetryConfiguration : null
+    peerTrafficConfiguration: {
+      encryption: {
+        enabled: peerTrafficEncryption
+      }
+    }
     vnetConfiguration: {
       internal: internal
       infrastructureSubnetId: !empty(infrastructureSubnetId) ? infrastructureSubnetId : null

@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.29.47.4906",
-      "templateHash": "364014764379639426"
+      "templateHash": "7943835735953238295"
     },
     "name": "App ManagedEnvironments",
     "description": "This module deploys an App Managed Environment (also known as a Container App Environment).",
@@ -285,6 +285,13 @@
         "description": "Conditional. An IP address from the IP range defined by \"platformReservedCidr\" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. Required if zoneRedundant is set to true to make the resource WAF compliant."
       }
     },
+    "peerTrafficEncryption": {
+      "type": "bool",
+      "defaultValue": false,
+      "metadata": {
+        "description": "Optional. Whether or not to encrypt peer traffic."
+      }
+    },
     "zoneRedundant": {
       "type": "bool",
       "defaultValue": true,
@@ -372,7 +379,7 @@
         "count": "[length(coalesce(parameters('storages'), createArray()))]"
       },
       "type": "Microsoft.App/managedEnvironments/storages",
-      "apiVersion": "2023-11-02-preview",
+      "apiVersion": "2024-02-02-preview",
       "name": "[format('{0}/{1}', parameters('name'), coalesce(parameters('storages'), createArray())[copyIndex()].shareName)]",
       "properties": {
         "nfsAzureFile": "[if(equals(coalesce(parameters('storages'), createArray())[copyIndex()].kind, 'NFS'), createObject('accessMode', coalesce(parameters('storages'), createArray())[copyIndex()].accessMode, 'server', format('{0}.file.{1}', coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName, environment().suffixes.storage), 'shareName', format('/{0}/{1}', coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName, coalesce(parameters('storages'), createArray())[copyIndex()].shareName)), null())]",
@@ -413,7 +420,7 @@
     },
     "managedEnvironment": {
       "type": "Microsoft.App/managedEnvironments",
-      "apiVersion": "2023-11-02-preview",
+      "apiVersion": "2024-02-02-preview",
       "name": "[parameters('name')]",
       "location": "[parameters('location')]",
       "tags": "[parameters('tags')]",
@@ -437,6 +444,11 @@
           "dnsSuffix": "[parameters('dnsSuffix')]"
         },
         "openTelemetryConfiguration": "[if(not(empty(parameters('openTelemetryConfiguration'))), parameters('openTelemetryConfiguration'), null())]",
+        "peerTrafficConfiguration": {
+          "encryption": {
+            "enabled": "[parameters('peerTrafficEncryption')]"
+          }
+        },
         "vnetConfiguration": {
           "internal": "[parameters('internal')]",
           "infrastructureSubnetId": "[if(not(empty(parameters('infrastructureSubnetId'))), parameters('infrastructureSubnetId'), null())]",
@@ -502,7 +514,7 @@
       "metadata": {
         "description": "The location the resource was deployed into."
       },
-      "value": "[reference('managedEnvironment', '2023-11-02-preview', 'full').location]"
+      "value": "[reference('managedEnvironment', '2024-02-02-preview', 'full').location]"
     },
     "name": {
       "type": "string",
@@ -523,7 +535,7 @@
       "metadata": {
         "description": "The principal ID of the system assigned identity."
       },
-      "value": "[coalesce(tryGet(tryGet(reference('managedEnvironment', '2023-11-02-preview', 'full'), 'identity'), 'principalId'), '')]"
+      "value": "[coalesce(tryGet(tryGet(reference('managedEnvironment', '2024-02-02-preview', 'full'), 'identity'), 'principalId'), '')]"
     },
     "defaultDomain": {
       "type": "string",

@@ -55,7 +55,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
       {
         name: 'defaultSubnet'
         properties: {
-          addressPrefix: cidrSubnet(addressPrefix, 16, 0)
+          addressPrefix: cidrSubnet(addressPrefix, 23, 0)
           delegations: [
             {
               name: 'Microsoft.App.environments'
@@ -138,4 +138,4 @@ output managedIdentityResourceId string = managedIdentity.id
 output appInsightsConnectionString string = appInsightsComponent.properties.ConnectionString
 
 @description('The name of the created Storage Account.')
-output storageAccountName string = storageAccount.name
+output storageAccountName string = storageAccount.name
@@ -67,6 +67,7 @@ module testDeployment '../../../main.bicep' = [
       ]
       internal: true
       dockerBridgeCidr: '172.16.0.1/28'
+      peerTrafficEncryption: true
       platformReservedCidr: '172.17.17.0/24'
       platformReservedDnsIP: '172.17.17.17'
       infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId

@@ -1,7 +1,7 @@
 {
     "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
-    "version": "0.6",
+    "version": "0.7",
     "pathFilters": [
         "./main.json"
     ]
-}
+}