Skip to content

Commit 2493f2d

Browse files
Abdul-MicrosoftAbdul-Microsoft
committed
refactor: restructure network module by simplifying Bastion and Jumpbox configurations, removing unused files
1 parent e8b5ebb commit 2493f2d

File tree

6 files changed

+285
-580
lines changed

6 files changed

+285
-580
lines changed

infra/main.bicep

Lines changed: 73 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -139,6 +139,13 @@ param enablePurgeProtection bool = false
139139
param createdBy string = contains(deployer(), 'userPrincipalName')? split(deployer().userPrincipalName, '@')[0]: deployer().objectId
140140

141141

142+
// ============== //
143+
// Imports //
144+
// ============== //
145+
146+
// Import custom types from network modules
147+
import { bastionHostConfigurationType, jumpBoxConfigurationType } from 'modules/network/virtualNetwork.bicep'
148+
142149
// ============== //
143150
// Variables //
144151
// ============== //
@@ -369,19 +376,68 @@ module userAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned-id
369376
}
370377
}
371378

372-
// ========== Network Module ========== //
373-
module network 'modules/network.bicep' = if (enablePrivateNetworking) {
374-
name: take('module.network.${solutionSuffix}', 64)
379+
// ========== Virtual Network and Networking Components ========== //
380+
381+
// Virtual Network with NSGs and Subnets
382+
module virtualNetwork 'modules/network/virtualNetwork.bicep' = if (enablePrivateNetworking) {
383+
name: take('module.virtualNetwork.${solutionSuffix}', 64)
384+
params: {
385+
name: 'vnet-${solutionSuffix}'
386+
addressPrefixes: ['10.0.0.0/20'] // 4096 addresses (enough for 8 /23 subnets or 16 /24)
387+
location: solutionLocation
388+
tags: tags
389+
logAnalyticsWorkspaceId: logAnalyticsWorkspaceResourceId
390+
resourceSuffix: solutionSuffix
391+
enableTelemetry: enableTelemetry
392+
}
393+
}
394+
395+
// Define bastion configuration
396+
var bastionConfiguration = enablePrivateNetworking ? {
397+
name: 'bas-${solutionSuffix}'
398+
} : null
399+
400+
// Define jumpbox configuration
401+
var jumpboxConfiguration = enablePrivateNetworking ? {
402+
name: 'vm-jumpbox-${solutionSuffix}'
403+
size: vmSize ?? 'Standard_DS2_v2'
404+
username: vmAdminUsername ?? 'JumpboxAdminUser'
405+
password: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!'
406+
} : null
407+
408+
// Azure Bastion Host
409+
module bastionHost 'modules/network/bastionHost.bicep' = if (enablePrivateNetworking && !empty(bastionConfiguration)) {
410+
name: take('module.bastionHost.${bastionConfiguration!.name}', 64)
375411
params: {
376-
resourcesName: solutionSuffix
377-
logAnalyticsWorkSpaceResourceId: logAnalyticsWorkspaceResourceId
378-
vmAdminUsername: vmAdminUsername ?? 'JumpboxAdminUser'
379-
vmAdminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!'
380-
vmSize: vmSize ?? 'Standard_DS2_v2' // Default VM size
412+
name: bastionConfiguration!.name
413+
vnetId: virtualNetwork!.outputs.resourceId
381414
location: solutionLocation
415+
logAnalyticsWorkspaceId: logAnalyticsWorkspaceResourceId
382416
tags: tags
383417
enableTelemetry: enableTelemetry
384418
}
419+
dependsOn: [
420+
virtualNetwork
421+
]
422+
}
423+
424+
// Jumpbox Virtual Machine
425+
module jumpbox 'modules/network/jumpbox.bicep' = if (enablePrivateNetworking && !empty(jumpboxConfiguration)) {
426+
name: take('module.jumpbox.${jumpboxConfiguration!.name}', 64)
427+
params: {
428+
name: jumpboxConfiguration!.name
429+
size: jumpboxConfiguration!.size!
430+
subnetResourceId: virtualNetwork!.outputs.jumpboxSubnetResourceId
431+
location: solutionLocation
432+
username: jumpboxConfiguration!.username
433+
password: jumpboxConfiguration!.password
434+
logAnalyticsWorkspaceId: logAnalyticsWorkspaceResourceId
435+
enableTelemetry: enableTelemetry
436+
tags: tags
437+
}
438+
dependsOn: [
439+
virtualNetwork
440+
]
385441
}
386442

387443
// ========== Private DNS Zones ========== //
@@ -425,8 +481,8 @@ module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.7.1' = [
425481
enableTelemetry: enableTelemetry
426482
virtualNetworkLinks: [
427483
{
428-
name: take('vnetlink-${network!.outputs.vnetName}-${split(zone, '.')[1]}', 80)
429-
virtualNetworkResourceId: network!.outputs.vnetResourceId
484+
name: take('vnetlink-${virtualNetwork!.outputs.name}-${split(zone, '.')[1]}', 80)
485+
virtualNetworkResourceId: virtualNetwork!.outputs.resourceId
430486
}
431487
]
432488
}
@@ -539,7 +595,7 @@ module aiFoundryAiServices 'br:mcr.microsoft.com/bicep/avm/res/cognitive-service
539595
{
540596
name: 'pep-${aiFoundryAiServicesResourceName}'
541597
customNetworkInterfaceName: 'nic-${aiFoundryAiServicesResourceName}'
542-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
598+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
543599
privateDnsZoneGroup: {
544600
privateDnsZoneGroupConfigs: [
545601
{
@@ -666,7 +722,7 @@ module aiSearch 'br/public:avm/res/search/search-service:0.11.1' = {
666722
{ privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.searchService]!.outputs.resourceId }
667723
]
668724
}
669-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
725+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
670726
service: 'searchService'
671727
}
672728
]
@@ -756,7 +812,7 @@ module storageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
756812
}
757813
]
758814
}
759-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
815+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
760816
service: 'blob'
761817
}
762818
{
@@ -769,7 +825,7 @@ module storageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
769825
}
770826
]
771827
}
772-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
828+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
773829
service: 'queue'
774830
}
775831
]
@@ -833,7 +889,7 @@ module cosmosDB 'br/public:avm/res/document-db/database-account:0.15.0' = {
833889
]
834890
}
835891
service: 'Sql'
836-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
892+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
837893
}
838894
]
839895
: []
@@ -899,7 +955,7 @@ module keyvault 'br/public:avm/res/key-vault/vault:0.12.1' = {
899955
]
900956
}
901957
service: 'vault'
902-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
958+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
903959
}
904960
]
905961
: []
@@ -1086,7 +1142,7 @@ module webSite 'modules/web-sites.bicep' = {
10861142
// WAF aligned configuration for Private Networking
10871143
vnetRouteAllEnabled: enablePrivateNetworking ? true : false
10881144
vnetImagePullEnabled: enablePrivateNetworking ? true : false
1089-
virtualNetworkSubnetId: enablePrivateNetworking ? network!.outputs.subnetWebResourceId : null
1145+
virtualNetworkSubnetId: enablePrivateNetworking ? virtualNetwork!.outputs.webSubnetResourceId : null
10901146
publicNetworkAccess: 'Enabled'
10911147
}
10921148
}

0 commit comments

Comments
 (0)