diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index 7c7b2879d..18710c9fd 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit @@ -121,7 +121,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/.github/workflows/code-review.yml b/.github/workflows/code-review.yml index 9bd890beb..18800cb13 100644 --- a/.github/workflows/code-review.yml +++ b/.github/workflows/code-review.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit @@ -51,7 +51,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit @@ -61,7 +61,7 @@ jobs: fetch-depth: 0 - name: Check links in markdown files - uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec # 1.0.15 + uses: gaurav-nelson/github-action-markdown-link-check@1b916f2cf6c36510a6059943104e3c42ce6c16bc # 1.0.16 with: config-file: ".github/actions-config/mlc_config.json" use-verbose-mode: "yes" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 922916c51..1b495dbce 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml index 75260bd9f..1809316bd 100644 --- a/.github/workflows/pr-title-check.yml +++ b/.github/workflows/pr-title-check.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/.github/workflows/psdocs-mdtogit.yml b/.github/workflows/psdocs-mdtogit.yml index 48941495c..d51906f4b 100644 --- a/.github/workflows/psdocs-mdtogit.yml +++ b/.github/workflows/psdocs-mdtogit.yml @@ -30,7 +30,7 @@ jobs: environment: BicepUpdateDocumentation steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/.github/workflows/release-tests.yml b/.github/workflows/release-tests.yml index 68ad06924..eeb0e934b 100644 --- a/.github/workflows/release-tests.yml +++ b/.github/workflows/release-tests.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d53ff4378..2fa0668dd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/.github/workflows/scheduled-bicep-build.yml b/.github/workflows/scheduled-bicep-build.yml index db221f951..f1b740d0a 100644 --- a/.github/workflows/scheduled-bicep-build.yml +++ b/.github/workflows/scheduled-bicep-build.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 49d519449..a56e1602b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -31,7 +31,7 @@ jobs: # actions: read steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/.github/workflows/update-policy-china.yml b/.github/workflows/update-policy-china.yml index b2fa1a41f..548a328b3 100644 --- a/.github/workflows/update-policy-china.yml +++ b/.github/workflows/update-policy-china.yml @@ -26,7 +26,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/.github/workflows/update-policy.yml b/.github/workflows/update-policy.yml index bc33ef3a0..77309b792 100644 --- a/.github/workflows/update-policy.yml +++ b/.github/workflows/update-policy.yml @@ -26,7 +26,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/.github/workflows/wiki-sync.yml b/.github/workflows/wiki-sync.yml index f549c5310..a8579f0b1 100644 --- a/.github/workflows/wiki-sync.yml +++ b/.github/workflows/wiki-sync.yml @@ -28,7 +28,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep b/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep index 11d4134e3..2b3d0131c 100644 --- a/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep +++ b/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep @@ -26,7 +26,7 @@ param parAcrSku string = 'Basic' @sys.description('Tags to be applied to resource when deployed. Default: None') param parTags object ={} -resource resAzureContainerRegistry 'Microsoft.ContainerRegistry/registries@2022-12-01' = { +resource resAzureContainerRegistry 'Microsoft.ContainerRegistry/registries@2023-07-01' = { name: parAcrName tags: parTags location: parLocation diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking-multiRegion.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking-multiRegion.bicep index e95ed3412..2b87e4ab8 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking-multiRegion.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking-multiRegion.bicep @@ -737,14 +737,14 @@ var varAzFirewallUseCustomPublicIps = length(parAzFirewallCustomPublicIps) > 0 var varAzFirewallUseCustomPublicIpsSecondaryLocation = length(parAzFirewallCustomPublicIpsSecondaryLocation) > 0 //DDos Protection plan will only be enabled if parDdosEnabled is true. -resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2023-02-01' = if (parDdosEnabled) { +resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2024-05-01' = if (parDdosEnabled) { name: parDdosPlanName location: parLocation tags: parTags } //DDos Protection plan will only be enabled if parDdosEnabled is true. -resource resDdosProtectionPlanSecondaryLocation 'Microsoft.Network/ddosProtectionPlans@2023-02-01' = if (parDdosEnabledSecondaryLocation) { +resource resDdosProtectionPlanSecondaryLocation 'Microsoft.Network/ddosProtectionPlans@2024-05-01' = if (parDdosEnabledSecondaryLocation) { name: parDdosPlanNameSecondaryLocation location: parSecondaryLocation tags: parTags @@ -770,7 +770,7 @@ resource resDDoSProtectionPlanLockSecondaryLocation 'Microsoft.Authorization/loc } } -resource resHubVnet 'Microsoft.Network/virtualNetworks@2024-01-01' = { +resource resHubVnet 'Microsoft.Network/virtualNetworks@2024-05-01' = { dependsOn: [ resBastionNsg ] @@ -796,7 +796,7 @@ resource resHubVnet 'Microsoft.Network/virtualNetworks@2024-01-01' = { } } -resource resHubVnetSecondaryLocation 'Microsoft.Network/virtualNetworks@2024-01-01' = { +resource resHubVnetSecondaryLocation 'Microsoft.Network/virtualNetworks@2024-05-01' = { dependsOn: [ resBastionNsgSecondaryLocation ] @@ -904,17 +904,17 @@ module modBastionPublicIpSecondaryLocation '../publicIp/publicIp.bicep' = if (pa } } -resource resBastionSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzBastionEnabled) { +resource resBastionSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzBastionEnabled) { parent: resHubVnet name: 'AzureBastionSubnet' } -resource resBastionSubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzBastionEnabledSecondaryLocation) { +resource resBastionSubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzBastionEnabledSecondaryLocation) { parent: resHubVnetSecondaryLocation name: 'AzureBastionSubnet' } -resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2024-01-01' = if (parAzBastionEnabled) { +resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2024-05-01' = if (parAzBastionEnabled) { name: parAzBastionNsgName location: parLocation tags: parTags @@ -1063,7 +1063,7 @@ resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2024-01-01' = if } } -resource resBastionNsgSecondaryLocation 'Microsoft.Network/networkSecurityGroups@2024-01-01' = if (parAzBastionEnabledSecondaryLocation) { +resource resBastionNsgSecondaryLocation 'Microsoft.Network/networkSecurityGroups@2024-05-01' = if (parAzBastionEnabledSecondaryLocation) { name: parAzBastionNsgNameSecondaryLocation location: parSecondaryLocation tags: parTags @@ -1235,7 +1235,7 @@ resource resBastionNsgLockSecondaryLocation 'Microsoft.Authorization/locks@2020- // AzureBastionSubnet is required to deploy Bastion service. This subnet must exist in the parsubnets array if you enable Bastion Service. // There is a minimum subnet requirement of /27 prefix. // If you are deploying standard this needs to be larger. https://docs.microsoft.com/en-us/azure/bastion/configuration-settings#subnet -resource resBastion 'Microsoft.Network/bastionHosts@2023-02-01' = if (parAzBastionEnabled) { +resource resBastion 'Microsoft.Network/bastionHosts@2024-05-01' = if (parAzBastionEnabled) { location: parLocation name: parAzBastionName tags: parTags @@ -1264,7 +1264,7 @@ resource resBastion 'Microsoft.Network/bastionHosts@2023-02-01' = if (parAzBasti // AzureBastionSubnet is required to deploy Bastion service. This subnet must exist in the parsubnets array if you enable Bastion Service. // There is a minimum subnet requirement of /27 prefix. // If you are deploying standard this needs to be larger. https://docs.microsoft.com/en-us/azure/bastion/configuration-settings#subnet -resource resBastionSecondaryLocation 'Microsoft.Network/bastionHosts@2024-01-01' = if (parAzBastionEnabledSecondaryLocation) { +resource resBastionSecondaryLocation 'Microsoft.Network/bastionHosts@2024-05-01' = if (parAzBastionEnabledSecondaryLocation) { location: parSecondaryLocation name: parAzBastionNameSecondaryLocation tags: parTags @@ -1312,12 +1312,12 @@ resource resBastionLockSecondaryLocation 'Microsoft.Authorization/locks@2020-05- } } -resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parVpnGatewayEnabled || parExpressRouteGatewayEnabled) { +resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parVpnGatewayEnabled || parExpressRouteGatewayEnabled) { parent: resHubVnet name: 'GatewaySubnet' } -resource resGatewaySubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parVpnGatewayEnabledSecondaryLocation || parExpressRouteGatewayEnabledSecondaryLocation) { +resource resGatewaySubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parVpnGatewayEnabledSecondaryLocation || parExpressRouteGatewayEnabledSecondaryLocation) { parent: resHubVnetSecondaryLocation name: 'GatewaySubnet' } @@ -1449,7 +1449,7 @@ module modGatewayPublicIpActiveActiveSecondaryLocation '../publicIp/publicIp.bic ] //Minumum subnet size is /27 supporting documentation https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub -resource resGateway 'Microsoft.Network/virtualNetworkGateways@2024-01-01' = [ +resource resGateway 'Microsoft.Network/virtualNetworkGateways@2024-05-01' = [ for (gateway, i) in varGwConfig: if ((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) { name: gateway.name location: parLocation @@ -1519,7 +1519,7 @@ resource resGateway 'Microsoft.Network/virtualNetworkGateways@2024-01-01' = [ ] //Minumum subnet size is /27 supporting documentation https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub -resource resGatewaySecondaryLocation 'Microsoft.Network/virtualNetworkGateways@2024-01-01' = [ +resource resGatewaySecondaryLocation 'Microsoft.Network/virtualNetworkGateways@2024-05-01' = [ for (gateway, i) in varGwConfigSecondaryLocation: if ((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) { name: gateway.name location: parSecondaryLocation @@ -1612,17 +1612,17 @@ resource resVirtualNetworkGatewayLockSecondaryLocation 'Microsoft.Authorization/ } ] -resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzFirewallEnabled) { +resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzFirewallEnabled) { parent: resHubVnet name: 'AzureFirewallSubnet' } -resource resAzureFirewallSubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzFirewallEnabledSecondaryLocation) { +resource resAzureFirewallSubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzFirewallEnabledSecondaryLocation) { parent: resHubVnetSecondaryLocation name: 'AzureFirewallSubnet' } -resource resAzureFirewallMgmtSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzFirewallEnabled && (contains( +resource resAzureFirewallMgmtSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzFirewallEnabled && (contains( map(parSubnets, subnets => subnets.name), 'AzureFirewallManagementSubnet' ))) { @@ -1630,7 +1630,7 @@ resource resAzureFirewallMgmtSubnetRef 'Microsoft.Network/virtualNetworks/subnet name: 'AzureFirewallManagementSubnet' } -resource resAzureFirewallMgmtSubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzFirewallEnabledSecondaryLocation && (contains( +resource resAzureFirewallMgmtSubnetRefSecondaryLocation 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzFirewallEnabledSecondaryLocation && (contains( map(parSubnetsSecondaryLocation, subnets => subnets.name), 'AzureFirewallManagementSubnet' ))) { @@ -1720,7 +1720,7 @@ module modAzureFirewallMgmtPublicIpSecondaryLocation '../publicIp/publicIp.bicep } } -resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2024-01-01' = if (parAzFirewallEnabled && parAzFirewallPoliciesEnabled) { +resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2024-05-01' = if (parAzFirewallEnabled && parAzFirewallPoliciesEnabled) { name: parAzFirewallPoliciesName location: parLocation tags: parTags @@ -1749,7 +1749,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2024-01-01' = i } } -resource resFirewallPoliciesSecondaryLocation 'Microsoft.Network/firewallPolicies@2024-01-01' = if (parAzFirewallEnabledSecondaryLocation && parAzFirewallPoliciesEnabledSecondaryLocation) { +resource resFirewallPoliciesSecondaryLocation 'Microsoft.Network/firewallPolicies@2024-05-01' = if (parAzFirewallEnabledSecondaryLocation && parAzFirewallPoliciesEnabledSecondaryLocation) { name: parAzFirewallPoliciesNameSecondaryLocation location: parSecondaryLocation tags: parTags @@ -1800,7 +1800,7 @@ resource resFirewallPoliciesLockSecondaryLocation 'Microsoft.Authorization/locks // AzureFirewallSubnet is required to deploy Azure Firewall . This subnet must exist in the parsubnets array if you deploy. // There is a minimum subnet requirement of /26 prefix. -resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2024-01-01' = if (parAzFirewallEnabled) { +resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2024-05-01' = if (parAzFirewallEnabled) { dependsOn: [ resGateway ] @@ -1904,7 +1904,7 @@ resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2024-01-01' = if (pa // AzureFirewallSubnet is required to deploy Azure Firewall . This subnet must exist in the parsubnets array if you deploy. // There is a minimum subnet requirement of /26 prefix. -resource resAzureFirewallSecondaryLocation 'Microsoft.Network/azureFirewalls@2024-01-01' = if (parAzFirewallEnabledSecondaryLocation) { +resource resAzureFirewallSecondaryLocation 'Microsoft.Network/azureFirewalls@2024-05-01' = if (parAzFirewallEnabledSecondaryLocation) { dependsOn: [ resGatewaySecondaryLocation ] @@ -2033,7 +2033,7 @@ resource resAzureFirewallLockSecondaryLocation 'Microsoft.Authorization/locks@20 } //If Azure Firewall is enabled we will deploy a RouteTable to redirect Traffic to the Firewall. -resource resHubRouteTable 'Microsoft.Network/routeTables@2024-01-01' = if (parAzFirewallEnabled) { +resource resHubRouteTable 'Microsoft.Network/routeTables@2024-05-01' = if (parAzFirewallEnabled) { name: parHubRouteTableName location: parLocation tags: parTags @@ -2055,7 +2055,7 @@ resource resHubRouteTable 'Microsoft.Network/routeTables@2024-01-01' = if (parAz } //If Azure Firewall is enabled we will deploy a RouteTable to redirect Traffic to the Firewall. -resource resHubRouteTableSecondaryLocation 'Microsoft.Network/routeTables@2024-01-01' = if (parAzFirewallEnabledSecondaryLocation) { +resource resHubRouteTableSecondaryLocation 'Microsoft.Network/routeTables@2024-05-01' = if (parAzFirewallEnabledSecondaryLocation) { name: parHubRouteTableNameSecondaryLocation location: parSecondaryLocation tags: parTags @@ -2096,7 +2096,7 @@ resource resHubRouteTableLockSecondaryLocation 'Microsoft.Authorization/locks@20 } } -module modPrivateDnsZonesAVMRegion1 'br/public:avm/ptn/network/private-link-private-dns-zones:0.2.1' = if (parPrivateDnsZonesEnabled) { +module modPrivateDnsZonesAVMRegion1 'br/public:avm/ptn/network/private-link-private-dns-zones:0.3.0' = if (parPrivateDnsZonesEnabled) { name: 'deploy-Private-DNS-Zones-AVM-${parLocation}' scope: resourceGroup(parPrivateDnsZonesResourceGroup) params: { @@ -2116,7 +2116,7 @@ module modPrivateDnsZonesAVMRegion1 'br/public:avm/ptn/network/private-link-priv } } -module modPrivateDnsZonesAVMRegion2 'br/public:avm/ptn/network/private-link-private-dns-zones:0.2.1' = if (parPrivateDnsZonesEnabled) { +module modPrivateDnsZonesAVMRegion2 'br/public:avm/ptn/network/private-link-private-dns-zones:0.3.0' = if (parPrivateDnsZonesEnabled) { name: 'deploy-Private-DNS-Zones-AVM-Multi-${parSecondaryLocation}' scope: resourceGroup(parPrivateDnsZonesResourceGroup) params: { diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index b93faf9f0..ae17382e4 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -487,7 +487,7 @@ resource resDDoSProtectionPlanLock 'Microsoft.Authorization/locks@2020-05-01' = } } -resource resHubVnet 'Microsoft.Network/virtualNetworks@2023-02-01' = { +resource resHubVnet 'Microsoft.Network/virtualNetworks@2024-05-01' = { dependsOn: [ resBastionNsg ] @@ -541,12 +541,12 @@ module modBastionPublicIp '../publicIp/publicIp.bicep' = if (parAzBastionEnabled } } -resource resBastionSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzBastionEnabled) { +resource resBastionSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzBastionEnabled) { parent: resHubVnet name: 'AzureBastionSubnet' } -resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2024-01-01' = if (parAzBastionEnabled) { +resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2024-05-01' = if (parAzBastionEnabled) { name: parAzBastionNsgName location: parLocation tags: parTags @@ -708,7 +708,7 @@ resource resBastionNsgLock 'Microsoft.Authorization/locks@2020-05-01' = if (parA // AzureBastionSubnet is required to deploy Bastion service. This subnet must exist in the parsubnets array if you enable Bastion Service. // There is a minimum subnet requirement of /27 prefix. // If you are deploying standard this needs to be larger. https://docs.microsoft.com/en-us/azure/bastion/configuration-settings#subnet -resource resBastion 'Microsoft.Network/bastionHosts@2024-01-01' = if (parAzBastionEnabled) { +resource resBastion 'Microsoft.Network/bastionHosts@2024-05-01' = if (parAzBastionEnabled) { location: parLocation name: parAzBastionName tags: parTags @@ -744,7 +744,7 @@ resource resBastionLock 'Microsoft.Authorization/locks@2020-05-01' = if (parAzBa } } -resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parVpnGatewayEnabled || parExpressRouteGatewayEnabled) { +resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parVpnGatewayEnabled || parExpressRouteGatewayEnabled) { parent: resHubVnet name: 'GatewaySubnet' } @@ -813,7 +813,7 @@ module modGatewayPublicIpActiveActive '../publicIp/publicIp.bicep' = [ ] //Minumum subnet size is /27 supporting documentation https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub -resource resGateway 'Microsoft.Network/virtualNetworkGateways@2024-01-01' = [ +resource resGateway 'Microsoft.Network/virtualNetworkGateways@2024-05-01' = [ for (gateway, i) in varGwConfig: if ((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) { name: gateway.name location: parLocation @@ -895,12 +895,12 @@ resource resVirtualNetworkGatewayLock 'Microsoft.Authorization/locks@2020-05-01' } ] -resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzFirewallEnabled) { +resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzFirewallEnabled) { parent: resHubVnet name: 'AzureFirewallSubnet' } -resource resAzureFirewallMgmtSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = if (parAzFirewallEnabled && (contains( +resource resAzureFirewallMgmtSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existing = if (parAzFirewallEnabled && (contains( map(parSubnets, subnets => subnets.name), 'AzureFirewallManagementSubnet' ))) { @@ -949,7 +949,7 @@ module modAzureFirewallMgmtPublicIp '../publicIp/publicIp.bicep' = if (parAzFire } } -resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2024-01-01' = if (parAzFirewallEnabled && parAzFirewallPoliciesEnabled) { +resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2024-05-01' = if (parAzFirewallEnabled && parAzFirewallPoliciesEnabled) { name: parAzFirewallPoliciesName location: parLocation tags: parTags @@ -990,7 +990,7 @@ resource resFirewallPoliciesLock 'Microsoft.Authorization/locks@2020-05-01' = if // AzureFirewallSubnet is required to deploy Azure Firewall . This subnet must exist in the parsubnets array if you deploy. // There is a minimum subnet requirement of /26 prefix. -resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2024-01-01' = if (parAzFirewallEnabled) { +resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2024-05-01' = if (parAzFirewallEnabled) { dependsOn: [ resGateway ] @@ -1103,7 +1103,7 @@ resource resAzureFirewallLock 'Microsoft.Authorization/locks@2020-05-01' = if (p } //If Azure Firewall is enabled we will deploy a RouteTable to redirect Traffic to the Firewall. -resource resHubRouteTable 'Microsoft.Network/routeTables@2024-01-01' = if (parAzFirewallEnabled) { +resource resHubRouteTable 'Microsoft.Network/routeTables@2024-05-01' = if (parAzFirewallEnabled) { name: parHubRouteTableName location: parLocation tags: parTags @@ -1134,7 +1134,7 @@ resource resHubRouteTableLock 'Microsoft.Authorization/locks@2020-05-01' = if (p } } -module modPrivateDnsZonesAVM 'br/public:avm/ptn/network/private-link-private-dns-zones:0.2.1' = if (parPrivateDnsZonesEnabled) { +module modPrivateDnsZonesAVM 'br/public:avm/ptn/network/private-link-private-dns-zones:0.3.0' = if (parPrivateDnsZonesEnabled) { name: 'deploy-Private-DNS-Zones-AVM-Single' scope: resourceGroup(parPrivateDnsZonesResourceGroup) params: { diff --git a/infra-as-code/bicep/modules/logging/logging.bicep b/infra-as-code/bicep/modules/logging/logging.bicep index 57e2777db..b514b412a 100644 --- a/infra-as-code/bicep/modules/logging/logging.bicep +++ b/infra-as-code/bicep/modules/logging/logging.bicep @@ -218,7 +218,7 @@ resource resAutomationAccountLock 'Microsoft.Authorization/locks@2020-05-01' = i } } -resource resLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { +resource resLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { name: parLogAnalyticsWorkspaceName location: parLogAnalyticsWorkspaceLocation tags: parLogAnalyticsWorkspaceTags @@ -680,7 +680,7 @@ resource resLogAnalyticsWorkspaceSolutionsLock 'Microsoft.Authorization/locks@20 } }] -resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.OperationalInsights/workspaces/linkedServices@2020-08-01' = if (parLogAnalyticsWorkspaceLinkAutomationAccount) { +resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.OperationalInsights/workspaces/linkedServices@2023-09-01' = if (parLogAnalyticsWorkspaceLinkAutomationAccount) { parent: resLogAnalyticsWorkspace name: parLogAnalyticsLinkedServiceAutomationAccountName properties: { diff --git a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep index 9c48aeae5..d52675179 100644 --- a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep @@ -81,7 +81,7 @@ var varPolicyAssignmentIdentityRoleAssignmentsMgsConverged = parPolicyAssignment // Customer Usage Attribution Id var varCuaid = '78001e36-9738-429c-a343-45cc84e8a527' -resource resPolicyAssignment 'Microsoft.Authorization/policyAssignments@2024-04-01' = { +resource resPolicyAssignment 'Microsoft.Authorization/policyAssignments@2025-01-01' = { name: parPolicyAssignmentName properties: { displayName: parPolicyAssignmentDisplayName diff --git a/infra-as-code/bicep/modules/publicIp/publicIp.bicep b/infra-as-code/bicep/modules/publicIp/publicIp.bicep index c7fc3ef57..e0ae8b886 100644 --- a/infra-as-code/bicep/modules/publicIp/publicIp.bicep +++ b/infra-as-code/bicep/modules/publicIp/publicIp.bicep @@ -52,7 +52,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = '3f85b84c-6bad-4c42-86bf-11c233241c22' -resource resPublicIp 'Microsoft.Network/publicIPAddresses@2023-02-01' = { +resource resPublicIp 'Microsoft.Network/publicIPAddresses@2024-05-01' = { name: parPublicIpName tags: parTags location: parLocation diff --git a/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep b/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep index 76b8f3b25..7b87c13de 100644 --- a/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep +++ b/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep @@ -40,7 +40,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = 'b6718c54-b49e-4748-a466-88e3d7c789c8' -resource resResourceGroup 'Microsoft.Resources/resourceGroups@2022-09-01' = { +resource resResourceGroup 'Microsoft.Resources/resourceGroups@2024-07-01' = { location: parLocation name: parResourceGroupName tags: parTags diff --git a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep index 29b1fa2ae..88cdaaa1b 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep +++ b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep @@ -80,7 +80,7 @@ var varCuaid = '0c428583-f2a1-4448-975c-2d6262fd193a' //If Ddos parameter is true Ddos will be Enabled on the Virtual Network //If Azure Firewall is enabled and Network DNS Proxy is enabled DNS will be configured to point to AzureFirewall -resource resSpokeVirtualNetwork 'Microsoft.Network/virtualNetworks@2023-02-01' = { +resource resSpokeVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = { name: parSpokeNetworkName location: parLocation tags: parTags diff --git a/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep b/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep index d27fdb1b5..1dcc4c627 100644 --- a/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep +++ b/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep @@ -28,7 +28,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaId = 'ab8e3b12-b0fa-40aa-8630-e3f7699e2142' -resource resVirtualNetworkPeer 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2023-02-01' = { +resource resVirtualNetworkPeer 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2024-05-01' = { name: '${parSourceVirtualNetworkName}/peer-to-${parDestinationVirtualNetworkName}' properties: { allowVirtualNetworkAccess: parAllowVirtualNetworkAccess diff --git a/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep b/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep index d4294af2f..2bb744707 100644 --- a/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep +++ b/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep @@ -22,7 +22,7 @@ var varSpokeVnetName = split(parRemoteVirtualNetworkResourceId, '/')[8] var varVnetPeeringVwanName = '${varVwanHubName}/${parVirtualHubConnectionPrefix}${varSpokeVnetName}${parVirtualHubConnectionSuffix}' -resource resVnetPeeringVwan 'Microsoft.Network/virtualHubs/hubVirtualNetworkConnections@2023-02-01' = if (!empty(parVirtualWanHubResourceId) && !empty(parRemoteVirtualNetworkResourceId)) { +resource resVnetPeeringVwan 'Microsoft.Network/virtualHubs/hubVirtualNetworkConnections@2024-05-01' = if (!empty(parVirtualWanHubResourceId) && !empty(parRemoteVirtualNetworkResourceId)) { name: varVnetPeeringVwanName properties: { remoteVirtualNetwork: { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 4ae57cebd..127b0b5b1 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -291,7 +291,7 @@ var azureFirewallInHubsIndex = [ ] // Virtual WAN resource -resource resVwan 'Microsoft.Network/virtualWans@2023-04-01' = { +resource resVwan 'Microsoft.Network/virtualWans@2024-05-01' = { name: parVirtualWanName location: parLocation tags: parTags @@ -313,7 +313,7 @@ resource resVwanLock 'Microsoft.Authorization/locks@2020-05-01' = if (parGlobalR } } -resource resVhub 'Microsoft.Network/virtualHubs@2023-04-01' = [ +resource resVhub 'Microsoft.Network/virtualHubs@2024-05-01' = [ for hub in parVirtualWanHubs: if (parVirtualHubEnabled && !empty(hub.parVirtualHubAddressPrefix)) { name: hub.?parVirtualWanHubCustomName ?? '${parVirtualWanHubName}-${hub.parHubLocation}' location: hub.parHubLocation @@ -344,7 +344,7 @@ resource resVhubLock 'Microsoft.Authorization/locks@2020-05-01' = [ } ] -resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-04-01' = [ +resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2024-05-01' = [ for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && hub.parAzFirewallEnabled && empty(hub.parVirtualHubRoutingIntentDestinations)) { parent: resVhub[i] name: 'defaultRouteTable' @@ -367,7 +367,7 @@ resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-04 } ] -resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023-04-01' = [ +resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2024-05-01' = [ for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && hub.parAzFirewallEnabled && !empty(hub.parVirtualHubRoutingIntentDestinations)) { parent: resVhub[i] name: !empty(hub.?parVirtualWanHubCustomName) @@ -387,7 +387,7 @@ resource resVhubRoutingIntent 'Microsoft.Network/virtualHubs/routingIntent@2023- } ] -resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [ +resource resVpnGateway 'Microsoft.Network/vpnGateways@2024-05-01' = [ for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parVpnGatewayEnabled)) { dependsOn: resVhub name: hub.?parVpnGatewayCustomName ?? '${parVpnGatewayName}-${hub.parHubLocation}' @@ -419,7 +419,7 @@ resource resVpnGatewayLock 'Microsoft.Authorization/locks@2020-05-01' = [ } ] -resource resErGateway 'Microsoft.Network/expressRouteGateways@2023-02-01' = [ +resource resErGateway 'Microsoft.Network/expressRouteGateways@2024-05-01' = [ for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parExpressRouteGatewayEnabled)) { dependsOn: resVhub name: hub.?parExpressRouteGatewayCustomName ?? '${parExpressRouteGatewayName}-${hub.parHubLocation}' @@ -451,7 +451,7 @@ resource resErGatewayLock 'Microsoft.Authorization/locks@2020-05-01' = [ ] // Create Azure Firewall Policy (per region) resources if parAzFirewallEnabled is true and parAzFirewallPolicyDeploymentStyle is set to PerRegion -resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = [ +resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2024-05-01' = [ for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && parVirtualWanHubs[i].parAzFirewallEnabled && parAzFirewallPolicyDeploymentStyle == 'PerRegion') { name: hub.?parAzFirewallPolicyCustomName ?? '${parAzFirewallPoliciesName}-${hub.parHubLocation}' location: hub.parHubLocation @@ -495,7 +495,7 @@ resource resFirewallPoliciesLock 'Microsoft.Authorization/locks@2020-05-01' = [ ] // Shared Global Azure Firewall Policy -resource resFirewallPoliciesSharedGlobal 'Microsoft.Network/firewallPolicies@2023-02-01' = if (parVirtualHubEnabled && parVirtualWanHubs[0].parAzFirewallEnabled && parAzFirewallPolicyDeploymentStyle == 'SharedGlobal') { +resource resFirewallPoliciesSharedGlobal 'Microsoft.Network/firewallPolicies@2024-05-01' = if (parVirtualHubEnabled && parVirtualWanHubs[0].parAzFirewallEnabled && parAzFirewallPolicyDeploymentStyle == 'SharedGlobal') { name: parVirtualWanHubs[0].?parAzFirewallPolicyCustomName ?? '${parAzFirewallPoliciesName}-${parVirtualWanHubs[0].parHubLocation}' location: parVirtualWanHubs[0].parHubLocation tags: parTags @@ -534,7 +534,7 @@ resource resFirewallPoliciesLockSharedGlobal 'Microsoft.Authorization/locks@2020 } } -resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = [ +resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2024-05-01' = [ for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parAzFirewallEnabled)) { name: hub.?parAzFirewallCustomName ?? '${parAzFirewallName}-${hub.parHubLocation}' location: hub.parHubLocation @@ -575,7 +575,7 @@ resource resAzureFirewallLock 'Microsoft.Authorization/locks@2020-05-01' = [ ] // DDoS plan is deployed even though not supported to attach to Virtual WAN today as per https://docs.microsoft.com/azure/firewall-manager/overview#known-issues - However, it can still be linked via policy to spoke VNets etc. -resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2023-02-01' = if (parDdosEnabled) { +resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2024-05-01' = if (parDdosEnabled) { name: parDdosPlanName location: parLocation tags: parTags @@ -592,7 +592,7 @@ resource resDDoSProtectionPlanLock 'Microsoft.Authorization/locks@2020-05-01' = } // Private DNS Zones cannot be linked to the Virtual WAN Hub today however, they can be linked to spokes as they are normal VNets as per https://docs.microsoft.com/azure/virtual-wan/howto-private-link -module modPrivateDnsZonesAVM 'br/public:avm/ptn/network/private-link-private-dns-zones:0.2.1' = if (parPrivateDnsZonesEnabled) { +module modPrivateDnsZonesAVM 'br/public:avm/ptn/network/private-link-private-dns-zones:0.3.0' = if (parPrivateDnsZonesEnabled) { name: 'deploy-Private-DNS-Zones-AVM-Single' scope: resourceGroup(parPrivateDnsZonesResourceGroup) params: {