Refactored bicep files for enhanced modularity and scalability

kennethcarnes · Feb 14, 2024 · e30e225 · e30e225
1 parent fc5274d
commit e30e225
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 27 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -1,4 +1,4 @@
-name: Azure Deployment 
+name: Azure Deployment
 
 on:
   push:
@@ -10,17 +10,16 @@ jobs:
     runs-on: ubuntu-latest
     environment: development
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Azure Login
         uses: azure/login@v1
         with:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
 
       - name: Deploy Azure Resources
-        run: | 
+        run: |
           az deployment group create \
+          --name deployment-${{ github.run_id }} \
           --resource-group "${{ secrets.RESOURCE_GROUP_NAME }}" \
-          --template-file ./bicep/main.bicep \
-          # --verbose
-          # --debug
+          --template-file ./bicep/main.bicep
diff --git a/bicep/firewall.bicep b/bicep/firewall.bicep
@@ -1,6 +1,6 @@
 param location string
 param hubVnetName string
-param firewallPrivateIp string
+param firewallPrivateIp string = '10.0.0.4'
 
 resource firewallPublicIP 'Microsoft.Network/publicIPAddresses@2021-05-01' = {
   name: '${hubVnetName}-fw-pip'
@@ -71,7 +71,7 @@ resource routeTable 'Microsoft.Network/routeTables@2023-04-01' = {
 }
 
 resource firewallPolicy 'Microsoft.Network/firewallPolicies@2023-06-01' = {
-  name: 'myFirewallPolicy'
+  name: '${hubVnetName}FirewallPolicy'
   location: location
   properties: {
     threatIntelMode: 'Alert'
@@ -132,20 +132,14 @@ resource networkRuleCollection 'Microsoft.Network/firewallPolicies/ruleCollectio
         rules: [
           {
             name: 'Allow-DNS'
-            ruleType: 'ApplicationRule'
+            ruleType: 'NetworkRule'
             sourceAddresses: [
               '10.0.2.0/24'
             ]
             destinationAddresses: [
               '209.244.0.3'
               '209.244.0.4'
             ]
-            protocols: [
-              {
-                protocolType: 'Udp'
-                port: 53
-              }
-            ]
           }
         ]
       }

diff --git a/bicep/main.bicep b/bicep/main.bicep
@@ -34,19 +34,16 @@ module vnets './vnets.bicep' = {
   }
 }
 
-// In main.bicep
 module firewall './firewall.bicep' = {
   name: 'firewallDeployment'
   params: {
     location: location
     hubVnetName: hubVnetName
     firewallPrivateIp: '10.0.0.4'
-    // workloadSubnetId parameter removed as it's not used in the updated configuration
   }
   dependsOn: [
     vnets
   ]
 }
 
-
 output hubVnetId string = vnets.outputs.hubVnetId
diff --git a/bicep/vnets.bicep b/bicep/vnets.bicep
@@ -5,7 +5,6 @@ param hubSubnet2Prefix string = '10.0.2.0/24'
 param spokeVnetDetails array
 param AzureFirewallSubnet string = '10.0.0.0/24'
 
-// Hub Virtual Network
 resource hubVnet 'Microsoft.Network/virtualNetworks@2021-02-01' = {
   name: hubVnetName
   location: location
@@ -32,13 +31,11 @@ resource hubVnet 'Microsoft.Network/virtualNetworks@2021-02-01' = {
           addressPrefix: hubSubnet2Prefix
         }
       }
-      // ... other subnets if needed ...
     ]
   }
 }
 
-// Spoke Virtual Networks
-resource spokeVnets 'Microsoft.Network/virtualNetworks@2021-02-01' = [for (spokeVnetDetail, i) in spokeVnetDetails: {
+resource spokeVnets 'Microsoft.Network/virtualNetworks@2021-02-01' = [for spokeVnetDetail in spokeVnetDetails: {
   name: spokeVnetDetail.name
   location: location
   properties: {
@@ -62,8 +59,8 @@ resource spokeVnets 'Microsoft.Network/virtualNetworks@2021-02-01' = [for (spoke
   }
 }]
 
-resource vnetPeerings 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2021-02-01' = [for i in range(0, length(spokeVnetDetails)): {
-  name: '${spokeVnetDetails[i].name}/peerTo${hubVnetName}'
+resource vnetPeerings 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2021-02-01' = [for (spokeVnetDetail, i) in spokeVnetDetails: {
+  name: '${spokeVnetDetail.name}/peerTo${hubVnetName}'
   properties: {
     allowVirtualNetworkAccess: true
     remoteVirtualNetwork: {
@@ -75,6 +72,4 @@ resource vnetPeerings 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@
   ]
 }]
 
-// Outputs
 output hubVnetId string = hubVnet.id
-output workloadSubnetId string = spokeVnets[0].properties.subnets[0].id
diff --git a/readme.md b/readme.md
@@ -4,7 +4,7 @@ This project automates the deployment of scalable network infrastructure using A
 ## Structure
 
 - `.github/workflows/deploy.yml`: CI/CD workflow for deploying resources on Azure.
-- `bicep/`: Bicep templates for network, firewall, and routing configurations.
+- `bicep/`: Bicep templates for networking resources.
 - `scripts/`: Setup scripts for Azure and GitHub configurations.
 
 ## Features