Removed commented code

Prekshith-Microsoft · Prekshith-Microsoft · commit 4b7993fb29da · 2025-10-14T17:09:43.000+05:30
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -328,290 +328,6 @@ module userAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned-id
   }
 }
 
-// ========== Network Security Groups ========== //
-// WAF best practices for virtual networks: https://learn.microsoft.com/en-us/azure/well-architected/service-guides/virtual-network
-// WAF recommendations for networking and connectivity: https://learn.microsoft.com/en-us/azure/well-architected/security/networking
-// var networkSecurityGroupBackendResourceName = 'nsg-${solutionSuffix}-backend'
-// module networkSecurityGroupBackend 'br/public:avm/res/network/network-security-group:0.5.1' = if (enablePrivateNetworking) {
-//   name: take('avm.res.network.network-security-group.${networkSecurityGroupBackendResourceName}', 64)
-//   params: {
-//     name: networkSecurityGroupBackendResourceName
-//     location: location
-//     tags: tags
-//     enableTelemetry: enableTelemetry
-//     diagnosticSettings: enableMonitoring ? [{ workspaceResourceId: logAnalyticsWorkspaceResourceId }] : null
-//     securityRules: [
-//       {
-//         name: 'deny-hop-outbound'
-//         properties: {
-//           access: 'Deny'
-//           destinationAddressPrefix: '*'
-//           destinationPortRanges: [
-//             '22'
-//             '3389'
-//           ]
-//           direction: 'Outbound'
-//           priority: 200
-//           protocol: 'Tcp'
-//           sourceAddressPrefix: 'VirtualNetwork'
-//           sourcePortRange: '*'
-//         }
-//       }
-//     ]
-//   }
-// }
-
-// var networkSecurityGroupBastionResourceName = 'nsg-${solutionSuffix}-bastion'
-// module networkSecurityGroupBastion 'br/public:avm/res/network/network-security-group:0.5.1' = if (enablePrivateNetworking) {
-//   name: take('avm.res.network.network-security-group.${networkSecurityGroupBastionResourceName}', 64)
-//   params: {
-//     name: networkSecurityGroupBastionResourceName
-//     location: location
-//     tags: tags
-//     enableTelemetry: enableTelemetry
-//     diagnosticSettings: enableMonitoring ? [{ workspaceResourceId: logAnalyticsWorkspaceResourceId }] : null
-//     securityRules: [
-//       {
-//         name: 'AllowHttpsInBound'
-//         properties: {
-//           protocol: 'Tcp'
-//           sourcePortRange: '*'
-//           sourceAddressPrefix: 'Internet'
-//           destinationPortRange: '443'
-//           destinationAddressPrefix: '*'
-//           access: 'Allow'
-//           priority: 100
-//           direction: 'Inbound'
-//         }
-//       }
-//       {
-//         name: 'AllowGatewayManagerInBound'
-//         properties: {
-//           protocol: 'Tcp'
-//           sourcePortRange: '*'
-//           sourceAddressPrefix: 'GatewayManager'
-//           destinationPortRange: '443'
-//           destinationAddressPrefix: '*'
-//           access: 'Allow'
-//           priority: 110
-//           direction: 'Inbound'
-//         }
-//       }
-//       {
-//         name: 'AllowLoadBalancerInBound'
-//         properties: {
-//           protocol: 'Tcp'
-//           sourcePortRange: '*'
-//           sourceAddressPrefix: 'AzureLoadBalancer'
-//           destinationPortRange: '443'
-//           destinationAddressPrefix: '*'
-//           access: 'Allow'
-//           priority: 120
-//           direction: 'Inbound'
-//         }
-//       }
-//       {
-//         name: 'AllowBastionHostCommunicationInBound'
-//         properties: {
-//           protocol: '*'
-//           sourcePortRange: '*'
-//           sourceAddressPrefix: 'VirtualNetwork'
-//           destinationPortRanges: [
-//             '8080'
-//             '5701'
-//           ]
-//           destinationAddressPrefix: 'VirtualNetwork'
-//           access: 'Allow'
-//           priority: 130
-//           direction: 'Inbound'
-//         }
-//       }
-//       {
-//         name: 'DenyAllInBound'
-//         properties: {
-//           protocol: '*'
-//           sourcePortRange: '*'
-//           sourceAddressPrefix: '*'
-//           destinationPortRange: '*'
-//           destinationAddressPrefix: '*'
-//           access: 'Deny'
-//           priority: 1000
-//           direction: 'Inbound'
-//         }
-//       }
-//       {
-//         name: 'AllowSshRdpOutBound'
-//         properties: {
-//           protocol: 'Tcp'
-//           sourcePortRange: '*'
-//           sourceAddressPrefix: '*'
-//           destinationPortRanges: [
-//             '22'
-//             '3389'
-//           ]
-//           destinationAddressPrefix: 'VirtualNetwork'
-//           access: 'Allow'
-//           priority: 100
-//           direction: 'Outbound'
-//         }
-//       }
-//       {
-//         name: 'AllowAzureCloudCommunicationOutBound'
-//         properties: {
-//           protocol: 'Tcp'
-//           sourcePortRange: '*'
-//           sourceAddressPrefix: '*'
-//           destinationPortRange: '443'
-//           destinationAddressPrefix: 'AzureCloud'
-//           access: 'Allow'
-//           priority: 110
-//           direction: 'Outbound'
-//         }
-//       }
-//       {
-//         name: 'AllowBastionHostCommunicationOutBound'
-//         properties: {
-//           protocol: '*'
-//           sourcePortRange: '*'
-//           sourceAddressPrefix: 'VirtualNetwork'
-//           destinationPortRanges: [
-//             '8080'
-//             '5701'
-//           ]
-//           destinationAddressPrefix: 'VirtualNetwork'
-//           access: 'Allow'
-//           priority: 120
-//           direction: 'Outbound'
-//         }
-//       }
-//       {
-//         name: 'AllowGetSessionInformationOutBound'
-//         properties: {
-//           protocol: '*'
-//           sourcePortRange: '*'
-//           sourceAddressPrefix: '*'
-//           destinationAddressPrefix: 'Internet'
-//           destinationPortRanges: [
-//             '80'
-//             '443'
-//           ]
-//           access: 'Allow'
-//           priority: 130
-//           direction: 'Outbound'
-//         }
-//       }
-//       {
-//         name: 'DenyAllOutBound'
-//         properties: {
-//           protocol: '*'
-//           sourcePortRange: '*'
-//           destinationPortRange: '*'
-//           sourceAddressPrefix: '*'
-//           destinationAddressPrefix: '*'
-//           access: 'Deny'
-//           priority: 1000
-//           direction: 'Outbound'
-//         }
-//       }
-//     ]
-//   }
-// }
-
-// var networkSecurityGroupAdministrationResourceName = 'nsg-${solutionSuffix}-administration'
-// module networkSecurityGroupAdministration 'br/public:avm/res/network/network-security-group:0.5.1' = if (enablePrivateNetworking) {
-//   name: take('avm.res.network.network-security-group.${networkSecurityGroupAdministrationResourceName}', 64)
-//   params: {
-//     name: networkSecurityGroupAdministrationResourceName
-//     location: location
-//     tags: tags
-//     enableTelemetry: enableTelemetry
-//     diagnosticSettings: enableMonitoring ? [{ workspaceResourceId: logAnalyticsWorkspaceResourceId }] : null
-//     securityRules: [
-//       {
-//         name: 'deny-hop-outbound'
-//         properties: {
-//           access: 'Deny'
-//           destinationAddressPrefix: '*'
-//           destinationPortRanges: [
-//             '22'
-//             '3389'
-//           ]
-//           direction: 'Outbound'
-//           priority: 200
-//           protocol: 'Tcp'
-//           sourceAddressPrefix: 'VirtualNetwork'
-//           sourcePortRange: '*'
-//         }
-//       }
-//     ]
-//   }
-// }
-
-// var networkSecurityGroupContainersResourceName = 'nsg-${solutionSuffix}-containers'
-// module networkSecurityGroupContainers 'br/public:avm/res/network/network-security-group:0.5.1' = if (enablePrivateNetworking) {
-//   name: take('avm.res.network.network-security-group.${networkSecurityGroupContainersResourceName}', 64)
-//   params: {
-//     name: networkSecurityGroupContainersResourceName
-//     location: location
-//     tags: tags
-//     enableTelemetry: enableTelemetry
-//     diagnosticSettings: enableMonitoring ? [{ workspaceResourceId: logAnalyticsWorkspaceResourceId }] : null
-//     securityRules: [
-//       {
-//         name: 'deny-hop-outbound'
-//         properties: {
-//           access: 'Deny'
-//           destinationAddressPrefix: '*'
-//           destinationPortRanges: [
-//             '22'
-//             '3389'
-//           ]
-//           direction: 'Outbound'
-//           priority: 200
-//           protocol: 'Tcp'
-//           sourceAddressPrefix: 'VirtualNetwork'
-//           sourcePortRange: '*'
-//         }
-//       }
-//     ]
-//   }
-// }
-
-// var networkSecurityGroupWebsiteResourceName = 'nsg-${solutionSuffix}-website'
-// module networkSecurityGroupWebsite 'br/public:avm/res/network/network-security-group:0.5.1' = if (enablePrivateNetworking) {
-//   name: take('avm.res.network.network-security-group.${networkSecurityGroupWebsiteResourceName}', 64)
-//   params: {
-//     name: networkSecurityGroupWebsiteResourceName
-//     location: location
-//     tags: tags
-//     enableTelemetry: enableTelemetry
-//     diagnosticSettings: enableMonitoring ? [{ workspaceResourceId: logAnalyticsWorkspaceResourceId }] : null
-//     securityRules: [
-//       {
-//         name: 'deny-hop-outbound'
-//         properties: {
-//           access: 'Deny'
-//           destinationAddressPrefix: '*'
-//           destinationPortRanges: [
-//             '22'
-//             '3389'
-//           ]
-//           direction: 'Outbound'
-//           priority: 200
-//           protocol: 'Tcp'
-//           sourceAddressPrefix: 'VirtualNetwork'
-//           sourcePortRange: '*'
-//         }
-//       }
-//     ]
-//   }
-// }
-
-// ========== Virtual Network ========== //
-// WAF best practices for virtual networks: https://learn.microsoft.com/en-us/azure/well-architected/service-guides/virtual-network
-// WAF recommendations for networking and connectivity: https://learn.microsoft.com/en-us/azure/well-architected/security/networking
-
-// Virtual Network configuration is now handled by the virtualNetwork.bicep module
 var virtualNetworkResourceName = 'vnet-${solutionSuffix}'
 module virtualNetwork 'modules/virtualNetwork.bicep' = if (enablePrivateNetworking) {
   name: take('module.virtualNetwork.${solutionSuffix}', 64)
@@ -626,51 +342,6 @@ module virtualNetwork 'modules/virtualNetwork.bicep' = if (enablePrivateNetworki
   }
 }
 
-/* 
-    subnets: [
-      {
-        name: 'backend'
-        addressPrefix: '10.0.0.0/27'
-        //defaultOutboundAccess: false TODO: check this configuration for a more restricted outbound access
-        networkSecurityGroupResourceId: networkSecurityGroupBackend!.outputs.resourceId
-      }
-      {
-        name: 'administration'
-        addressPrefix: '10.0.0.32/27'
-        networkSecurityGroupResourceId: networkSecurityGroupAdministration!.outputs.resourceId
-        //defaultOutboundAccess: false TODO: check this configuration for a more restricted outbound access
-        //natGatewayResourceId: natGateway.outputs.resourceId
-      }
-      {
-        // For Azure Bastion resources deployed on or after November 2, 2021, the minimum AzureBastionSubnet size is /26 or larger (/25, /24, etc.).
-        // https://learn.microsoft.com/en-us/azure/bastion/configuration-settings#subnet
-        name: 'AzureBastionSubnet' //This exact name is required for Azure Bastion
-        addressPrefix: '10.0.0.64/26'
-        networkSecurityGroupResourceId: networkSecurityGroupBastion!.outputs.resourceId
-      }
-      {
-        // If you use your own vnw, you need to provide a subnet that is dedicated exclusively to the Container App environment you deploy. This subnet isn't available to other services
-        // https://learn.microsoft.com/en-us/azure/container-apps/networking?tabs=workload-profiles-env%2Cazure-cli#custom-vnw-configuration
-        name: 'containers'
-        addressPrefix: '10.0.2.0/23' //subnet of size /23 is required for container app
-        delegation: 'Microsoft.App/environments'
-        networkSecurityGroupResourceId: networkSecurityGroupContainers!.outputs.resourceId
-        privateEndpointNetworkPolicies: 'Enabled'
-        privateLinkServiceNetworkPolicies: 'Enabled'
-      }
-      {
-        // If you use your own vnw, you need to provide a subnet that is dedicated exclusively to the App Environment you deploy. This subnet isn't available to other services
-        // https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration#subnet-requirements
-        name: 'webserverfarm'
-        addressPrefix: '10.0.4.0/27' //When you're creating subnets in Azure portal as part of integrating with the virtual network, a minimum size of /27 is required
-        delegation: 'Microsoft.Web/serverfarms'
-        networkSecurityGroupResourceId: networkSecurityGroupWebsite!.outputs.resourceId
-        privateEndpointNetworkPolicies: 'Enabled'
-        privateLinkServiceNetworkPolicies: 'Enabled'
-      }
-    ]
-*/
-
 var bastionResourceName = 'bas-${solutionSuffix}'
 // ========== Bastion host ========== //
 // WAF best practices for virtual networks: https://learn.microsoft.com/en-us/azure/well-architected/service-guides/virtual-network
