-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnsg.bicep
147 lines (135 loc) · 3.37 KB
/
nsg.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
//This bicep deploys an Network Security Group.
//Scope
targetScope = 'resourceGroup'
//Parameters
param env string
param location string
param larid string
//Resources
//This deploys the Network Security Groups for Main.
resource mainnsg 'Microsoft.Network/networkSecurityGroups@2023-04-01' = {
name: 'nsg-ADXFlowmaster-main-${env}'
location: location
properties: {
securityRules: [
{
name: 'Allow_VNET_Inbound'
properties: {
protocol: '*'
sourcePortRange: '*'
destinationPortRange: '*'
sourceAddressPrefix: 'VirtualNetwork'
destinationAddressPrefix: 'VirtualNetwork'
access: 'Allow'
priority: 800
direction: 'Inbound'
}
}
{
name: 'Allow_VNET_Outbound'
properties: {
protocol: '*'
sourcePortRange: '*'
destinationPortRange: '*'
sourceAddressPrefix: 'VirtualNetwork'
destinationAddressPrefix: 'VirtualNetwork'
access: 'Allow'
priority: 800
direction: 'Outbound'
}
}
{
name: 'Allow_AzureCloud_Outbound'
properties: {
protocol: '*'
sourcePortRange: '*'
destinationPortRange: '*'
sourceAddressPrefix: 'VirtualNetwork'
destinationAddressPrefix: 'AzureCloud'
access: 'Allow'
priority: 900
direction: 'Outbound'
}
}
]
}
}
//Diagnostic settings
resource mainnsgdiag 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: 'Monitor-mainnsg'
scope: mainnsg
properties: {
logs: [
{
categoryGroup: 'allLogs'
enabled: true
}
]
workspaceId: larid
}
}
//This deploys the Network Security Groups for Main.
resource funcnsg 'Microsoft.Network/networkSecurityGroups@2023-04-01' = {
name: 'nsg-ADXFlowmaster-func-${env}'
location: location
properties: {
securityRules: [
{
name: 'Allow_VNET_Inbound'
properties: {
protocol: '*'
sourcePortRange: '*'
destinationPortRange: '*'
sourceAddressPrefix: 'VirtualNetwork'
destinationAddressPrefix: 'VirtualNetwork'
access: 'Allow'
priority: 800
direction: 'Inbound'
}
}
{
name: 'Allow_VNET_Outbound'
properties: {
protocol: '*'
sourcePortRange: '*'
destinationPortRange: '*'
sourceAddressPrefix: 'VirtualNetwork'
destinationAddressPrefix: 'VirtualNetwork'
access: 'Allow'
priority: 800
direction: 'Outbound'
}
}
{
name: 'Allow_AzureCloud_Outbound'
properties: {
protocol: '*'
sourcePortRange: '*'
destinationPortRange: '*'
sourceAddressPrefix: 'VirtualNetwork'
destinationAddressPrefix: 'AzureCloud'
access: 'Allow'
priority: 900
direction: 'Outbound'
}
}
]
}
}
//Diagnostic settings
resource funcnsgdiag 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: 'Monitor-funcnsg'
scope: funcnsg
properties: {
logs: [
{
categoryGroup: 'allLogs'
enabled: true
}
]
workspaceId: larid
}
}
//Outputs
output mainnsgid string = mainnsg.id
output funcnsgid string = funcnsg.id