appservice-landing-zone-accelerator/scenarios/secure-baseline-multitenant/bicep/main.parameters.jsonc at main · githubabcs-devops/appservice-landing-zone-accelerator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        // max length: 10. Suffix that will be used to name the resources in a pattern like <resourceAbbreviation>-<workloadName>
        "workloadName" : {
           "value": "appSvc-LZA"
        },
        //Required. The name of the environmentName (e.g. "dev", "test", "prod", "preprod", "staging", "uat", "dr", "qa"). Up to 8 characters long.
        "environmentName": {
            "value": "dev"
        },
        //If empty, then a new hub will be deployed. If given, no new hub will be created and we create the peering between spoke and and existing hub vnet
        "vnetHubResourceId": {
            "value": ""
        },
        //If vnetHubResourceId empty, this value is irrelevant. If vnetHubResourceId has value and we need UDR, then the internal IP of the azFW needs to be set. Otherwise no UDR will be created
        "firewallInternalIp": {
            "value": ""
        },
        "vnetHubAddressSpace": {
            "value": "10.242.0.0/20"
        },
        // Feature Flags
        // set to true if you want to intercept all outbound traffic with azure firewall
        "enableEgressLockdown" : {
            "value": true
        },
        // set to true if you want to a redis cache
        "deployRedis": {
            "value": true
        },
        // set to true if you want to deploy a azure SQL server and default database
        "deployAzureSql": {
            "value": true
        },
        // set to true if you want to deploy application configuration
        "deployAppConfig": {
            "value": true
        },
        // set to true if you want to deploy a jumpbox/devops VM
        "deployJumpHost": {
            "value": true
        },
        // set to true if you want to auto approve the Private Endpoint of the AFD Premium
        "autoApproveAfdPrivateEndpoint": {
            "value": true
        },
        // CIDR of the subnet that will host the azure Firewall
        "subnetHubFirewallAddressSpace": {
            "value": "10.242.0.0/26"
        },
        // CIDR of the subnet that will host the Bastion Service
        "subnetHubBastionAddressSpace": {
            "value": "10.242.0.64/26"
        },
        //CIDR of the spoke vnet that will hold the app services plan and the rest supporting services (and their private endpoints)
        "vnetSpokeAddressSpace": {
            "value": "10.240.0.0/20"
        },
        //CIDR of the subnet that will hold the app services plan
        "subnetSpokeAppSvcAddressSpace": {
            "value": "10.240.0.0/26"
        },
        // //CIDRof the subnet that will hold the private link for the AFD Premium
        // "subnetSpokeAfdIngressAddressSpace": {
        //     "value": "10.240.0.64/26"
        // },
        //CIDR of the subnet that will hold devOps agents etc
        "subnetSpokeDevOpsAddressSpace": {
            "value": "10.240.10.128/26"
        },
        //CIDR of the subnet that will hold the private endpoints of the supporting services
        "subnetSpokePrivateEndpointAddressSpace": {
            "value": "10.240.11.0/24"
        },
        // Defines the name, tier, size, family and capacity of the App Service Plan. Plans ending to _AZ, are deplying at least three instances in three Availability Zones. EP* is only for functions'
        // select one from: 'S1', 'S2', 'S3', 'P1V3', 'P2V3', 'P3V3', 'P1V3_AZ', 'P2V3_AZ', 'P3V3_AZ'
        "webAppPlanSku": {
            "value": "S1"
        },
        // two options: Windows or Linux
        "webAppBaseOs" :
        {
            "value": "Windows"
        },
        // admin username of the VM agent deployed in the Spoke
        "adminUsername": {
            "value": "azureuser"
        },
        // admin password of the VM agent deployed in the Spoke
        "adminPassword": {
            "value": "strongpassword"
        },
        //Resource tags that we might need to add to all resources (i.e. Environment, Cost center, application name etc)
        "resourceTags": {
            "value": {
                "deployment": "bicep"
            }
        },
        // The Azure Active Directory (AAD) administrator group used for SQL Server authentication
        "sqlServerAdministrators": {
            "value": {
                // Azure AD group where your Azure administrators are members
                "login": "Azure AD SQL Admins",
                // Azure AD object ID of the group
                "sid": "xxx-xxxx-xxxx-xxxx",
                // Azure AD tenant ID where the group is located
                "tenantId": "xxxx-xxxxxx-xxxxx-xxxxx-xxx"
            }
        }
    }
}