armtemplate.json

{
  "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.11.1.770",
      "templateHash": "14662597527208625730"
    }
  },
  "parameters": {
    "virtualNetworkResourceGroupName": {
      "type": "string",
      "defaultValue": "rg-networking",
      "metadata": {
        "description": "The name of the resource group to create the virtual network in."
      },
      "maxLength": 90
    },
    "deployExistingVnet": {
      "type": "bool",
      "defaultValue": true
    }
  },
  "resources": [
    {
      "type": "Microsoft.Resources/deployments",
      "apiVersion": "2020-10-01",
      "name": "deployNetworkingRg",
      "location": "[deployment().location]",
      "properties": {
        "expressionEvaluationOptions": {
          "scope": "inner"
        },
        "mode": "Incremental",
        "parameters": {
          "name": {
            "value": "[parameters('virtualNetworkResourceGroupName')]"
          },
          "location": {
            "value": "southcentralus"
          }
        },
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "metadata": {
            "_generator": {
              "name": "bicep",
              "version": "0.11.1.770",
              "templateHash": "14400340189722329311"
            }
          },
          "parameters": {
            "name": {
              "type": "string",
              "metadata": {
                "description": "Required. The name of the Resource Group."
              }
            },
            "location": {
              "type": "string",
              "defaultValue": "[deployment().location]",
              "metadata": {
                "description": "Optional. Location of the Resource Group. It uses the deployment's location when not provided."
              }
            },
            "lock": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Optional. Specify the type of lock."
              },
              "allowedValues": [
                "",
                "CanNotDelete",
                "ReadOnly"
              ]
            },
            "roleAssignments": {
              "type": "array",
              "defaultValue": [],
              "metadata": {
                "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
              }
            },
            "tags": {
              "type": "object",
              "defaultValue": {},
              "metadata": {
                "description": "Optional. Tags of the storage account resource."
              }
            },
            "enableDefaultTelemetry": {
              "type": "bool",
              "defaultValue": true,
              "metadata": {
                "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)."
              }
            }
          },
          "resources": [
            {
              "condition": "[parameters('enableDefaultTelemetry')]",
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2021-04-01",
              "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
              "location": "[parameters('location')]",
              "properties": {
                "mode": "Incremental",
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "resources": []
                }
              }
            },
            {
              "type": "Microsoft.Resources/resourceGroups",
              "apiVersion": "2019-05-01",
              "name": "[parameters('name')]",
              "location": "[parameters('location')]",
              "tags": "[parameters('tags')]",
              "properties": {}
            },
            {
              "condition": "[not(empty(parameters('lock')))]",
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2020-10-01",
              "name": "[format('{0}-{1}-Lock', uniqueString(deployment().name, parameters('location')), parameters('lock'))]",
              "resourceGroup": "[parameters('name')]",
              "properties": {
                "expressionEvaluationOptions": {
                  "scope": "inner"
                },
                "mode": "Incremental",
                "parameters": {
                  "level": {
                    "value": "[parameters('lock')]"
                  },
                  "name": {
                    "value": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]"
                  }
                },
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "metadata": {
                    "_generator": {
                      "name": "bicep",
                      "version": "0.11.1.770",
                      "templateHash": "13629280514627887199"
                    }
                  },
                  "parameters": {
                    "name": {
                      "type": "string",
                      "defaultValue": "[format('{0}-lock', parameters('level'))]",
                      "metadata": {
                        "description": "Optional. The name of the lock."
                      }
                    },
                    "level": {
                      "type": "string",
                      "metadata": {
                        "description": "Required. Set lock level."
                      },
                      "allowedValues": [
                        "CanNotDelete",
                        "ReadOnly"
                      ]
                    },
                    "notes": {
                      "type": "string",
                      "defaultValue": "[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]",
                      "metadata": {
                        "description": "Optional. The decription attached to the lock."
                      }
                    },
                    "enableDefaultTelemetry": {
                      "type": "bool",
                      "defaultValue": true,
                      "metadata": {
                        "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)."
                      }
                    }
                  },
                  "resources": [
                    {
                      "condition": "[parameters('enableDefaultTelemetry')]",
                      "type": "Microsoft.Resources/deployments",
                      "apiVersion": "2021-04-01",
                      "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
                      "properties": {
                        "mode": "Incremental",
                        "template": {
                          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                          "contentVersion": "1.0.0.0",
                          "resources": []
                        }
                      }
                    },
                    {
                      "type": "Microsoft.Authorization/locks",
                      "apiVersion": "2017-04-01",
                      "name": "[parameters('name')]",
                      "properties": {
                        "level": "[parameters('level')]",
                        "notes": "[parameters('notes')]"
                      }
                    }
                  ],
                  "outputs": {
                    "name": {
                      "type": "string",
                      "value": "[parameters('name')]",
                      "metadata": {
                        "description": "The name of the lock."
                      }
                    },
                    "resourceId": {
                      "type": "string",
                      "value": "[resourceId('Microsoft.Authorization/locks', parameters('name'))]",
                      "metadata": {
                        "description": "The resource ID of the lock."
                      }
                    },
                    "resourceGroupName": {
                      "type": "string",
                      "value": "[resourceGroup().name]",
                      "metadata": {
                        "description": "The name of the resource group name the lock was applied to."
                      }
                    },
                    "scope": {
                      "type": "string",
                      "value": "[resourceGroup().id]",
                      "metadata": {
                        "description": "The scope this lock applies to."
                      }
                    }
                  }
                }
              },
              "dependsOn": [
                "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name'))]"
              ]
            },
            {
              "copy": {
                "name": "resourceGroup_roleAssignments",
                "count": "[length(parameters('roleAssignments'))]"
              },
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2020-10-01",
              "name": "[format('{0}-RG-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]",
              "resourceGroup": "[parameters('name')]",
              "properties": {
                "expressionEvaluationOptions": {
                  "scope": "inner"
                },
                "mode": "Incremental",
                "parameters": {
                  "description": {
                    "value": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), parameters('roleAssignments')[copyIndex()].description, '')]"
                  },
                  "principalIds": {
                    "value": "[parameters('roleAssignments')[copyIndex()].principalIds]"
                  },
                  "principalType": {
                    "value": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), parameters('roleAssignments')[copyIndex()].principalType, '')]"
                  },
                  "roleDefinitionIdOrName": {
                    "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]"
                  },
                  "condition": {
                    "value": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), parameters('roleAssignments')[copyIndex()].condition, '')]"
                  },
                  "delegatedManagedIdentityResourceId": {
                    "value": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId, '')]"
                  },
                  "resourceId": {
                    "value": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name'))]"
                  }
                },
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "metadata": {
                    "_generator": {
                      "name": "bicep",
                      "version": "0.11.1.770",
                      "templateHash": "12636688686778745340"
                    }
                  },
                  "parameters": {
                    "principalIds": {
                      "type": "array",
                      "metadata": {
                        "description": "Required. The IDs of the principals to assign the role to."
                      }
                    },
                    "roleDefinitionIdOrName": {
                      "type": "string",
                      "metadata": {
                        "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
                      }
                    },
                    "resourceId": {
                      "type": "string",
                      "metadata": {
                        "description": "Required. The resource ID of the resource to apply the role assignment to."
                      }
                    },
                    "principalType": {
                      "type": "string",
                      "defaultValue": "",
                      "allowedValues": [
                        "ServicePrincipal",
                        "Group",
                        "User",
                        "ForeignGroup",
                        "Device",
                        ""
                      ],
                      "metadata": {
                        "description": "Optional. The principal type of the assigned principal ID."
                      }
                    },
                    "description": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Optional. The description of the role assignment."
                      }
                    },
                    "condition": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
                      }
                    },
                    "conditionVersion": {
                      "type": "string",
                      "defaultValue": "2.0",
                      "allowedValues": [
                        "2.0"
                      ],
                      "metadata": {
                        "description": "Optional. Version of the condition."
                      }
                    },
                    "delegatedManagedIdentityResourceId": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Optional. Id of the delegated managed identity resource."
                      }
                    }
                  },
                  "variables": {
                    "builtInRoleNames": {
                      "AcrDelete": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c2f4ef07-c644-48eb-af81-4b1b4947fb11')]",
                      "AcrImageSigner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6cef56e8-d556-48e5-a04f-b8e64114680f')]",
                      "AcrPull": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')]",
                      "AcrPush": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8311e382-0749-4cb8-b61a-304f252e45ec')]",
                      "AcrQuarantineReader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'cdda3590-29a3-44f6-95f2-9f980659eb04')]",
                      "AcrQuarantineWriter": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c8d4ff99-41c3-41a8-9f60-21dfdad59608')]",
                      "API Management Service Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '312a565d-c81f-4fd8-895a-4e21e48d571c')]",
                      "API Management Service Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e022efe7-f5ba-4159-bbe4-b44f577e9b61')]",
                      "API Management Service Reader Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '71522526-b88f-4d52-b57f-d31fc3546d0d')]",
                      "App Configuration Data Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b')]",
                      "App Configuration Data Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '516239f1-63e1-4d78-a4de-a74fb236a071')]",
                      "Application Insights Component Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ae349356-3a1b-4a5e-921d-050484c6347e')]",
                      "Application Insights Snapshot Debugger": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '08954f03-6346-4c2e-81c0-ec3a5cfae23b')]",
                      "Attestation Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'bbf86eb8-f7b4-4cce-96e4-18cddf81d86e')]",
                      "Attestation Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fd1bd22b-8476-40bc-a0bc-69b95687b9f3')]",
                      "Automation Job Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4fe576fe-1146-4730-92eb-48519fa6bf9f')]",
                      "Automation Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd3881f73-407a-4167-8283-e981cbba0404')]",
                      "Automation Runbook Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5fb5aef8-1081-4b8e-bb16-9d5d0385bab5')]",
                      "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]",
                      "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]",
                      "Azure Connected Machine Onboarding": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b64e21ea-ac4e-4cdf-9dc9-5b892992bee7')]",
                      "Azure Connected Machine Resource Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'cd570a14-e51a-42ad-bac8-bafd67325302')]",
                      "Azure Digital Twins Owner (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'bcd981a7-7f74-457b-83e1-cceb9e632ffe')]",
                      "Azure Digital Twins Reader (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd57506d4-4c8d-48b1-8587-93c323f6a5a3')]",
                      "Azure Event Hubs Data Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f526a384-b230-433a-b45c-95f59c4a2dec')]",
                      "Azure Event Hubs Data Receiver": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a638d3c7-ab3a-418d-83e6-5f17a39d4fde')]",
                      "Azure Event Hubs Data Sender": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2b629674-e913-4c01-ae53-ef4638d8f975')]",
                      "Azure Kubernetes Service Cluster Admin Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8')]",
                      "Azure Kubernetes Service Cluster User Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4abbcc35-e782-43d8-92c5-2d3f1bd2253f')]",
                      "Azure Kubernetes Service Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8')]",
                      "Azure Maps Data Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204')]",
                      "Azure Maps Data Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '423170ca-a8f6-4b0f-8487-9e4eb8f49bfa')]",
                      "Azure Sentinel Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ab8e14d6-4a74-4a29-9ba8-549422addade')]",
                      "Azure Sentinel Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8d289c81-5878-46d4-8554-54e1e3d8b5cb')]",
                      "Azure Sentinel Responder": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e150937-b8fe-4cfb-8069-0eaf05ecd056')]",
                      "Azure Service Bus Data Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419')]",
                      "Azure Service Bus Data Receiver": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0')]",
                      "Azure Service Bus Data Sender": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '69a216fc-b8fb-44d8-bc22-1f3c2cd27a39')]",
                      "Azure Stack Registration Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6f12a6df-dd06-4f3e-bcb1-ce8be600526a')]",
                      "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]",
                      "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]",
                      "Backup Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a795c7a0-d4a2-40c1-ae25-d81f01202912')]",
                      "Billing Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64')]",
                      "BizTalk Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e3c6656-6cfa-4708-81fe-0de47ac73342')]",
                      "Blockchain Member Node Access (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '31a002a1-acaf-453e-8a5b-297c9ca1ea24')]",
                      "Blueprint Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '41077137-e803-4205-871c-5a86e6a753b4')]",
                      "Blueprint Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '437d2ced-4a38-4302-8479-ed2bcb43d090')]",
                      "CDN Endpoint Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '426e0c7f-0c7e-4658-b36f-ff54d6c29b45')]",
                      "CDN Endpoint Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '871e35f6-b5c1-49cc-a043-bde969a0f2cd')]",
                      "CDN Profile Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ec156ff8-a8d1-4d15-830c-5b80698ca432')]",
                      "CDN Profile Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8f96442b-4075-438f-813d-ad51ab4019af')]",
                      "Classic Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b34d265f-36f7-4a0d-a4d4-e158ca92e90f')]",
                      "Classic Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '86e8f5dc-a6e9-4c67-9d15-de283e8eac25')]",
                      "Classic Storage Account Key Operator Service Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '985d6b00-f706-48f5-a6fe-d0ca12fb668d')]",
                      "Classic Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd73bb868-a0df-4d4d-bd69-98a00b01fccb')]",
                      "ClearDB MySQL DB Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9106cda0-8a86-4e81-b686-29a22c54effe')]",
                      "Cognitive Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68')]",
                      "Cognitive Services Custom Vision Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c1ff6cc2-c111-46fe-8896-e0ef812ad9f3')]",
                      "Cognitive Services Custom Vision Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5c4089e1-6d96-4d2f-b296-c1bc7137275f')]",
                      "Cognitive Services Custom Vision Labeler": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '88424f51-ebe7-446f-bc41-7fa16989e96c')]",
                      "Cognitive Services Custom Vision Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '93586559-c37d-4a6b-ba08-b9f0940c2d73')]",
                      "Cognitive Services Custom Vision Trainer": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a5ae4ab-0d65-4eeb-be61-29fc9b54394b')]",
                      "Cognitive Services Data Reader (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b59867f0-fa02-499b-be73-45a86b5b3e1c')]",
                      "Cognitive Services QnA Maker Editor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f4cc2bf9-21be-47a1-bdf1-5c5804381025')]",
                      "Cognitive Services QnA Maker Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '466ccd10-b268-4a11-b098-b4849f024126')]",
                      "Cognitive Services User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a97b65f3-24c7-4388-baec-2e87135dc908')]",
                      "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
                      "Cosmos DB Account Reader Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fbdf93bf-df7d-467e-a4d2-9458aa1360c8')]",
                      "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]",
                      "CosmosBackupOperator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'db7b14f2-5adf-42da-9f96-f2ee17bab5cb')]",
                      "Cost Management Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '434105ed-43f6-45c7-a02f-909b2ba83430')]",
                      "Cost Management Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '72fafb9e-0641-4937-9268-a91bfd8191a3')]",
                      "Data Box Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'add466c9-e687-43fc-8d98-dfcf8d720be5')]",
                      "Data Box Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027')]",
                      "Data Factory Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '673868aa-7521-48a0-acc6-0f60742d39f5')]",
                      "Data Lake Analytics Developer": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '47b7735b-770e-4598-a7da-8b91488b4c88')]",
                      "Data Purger": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '150f5e0c-0603-4f03-8c7f-cf70034c4e90')]",
                      "Desktop Virtualization User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63')]",
                      "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]",
                      "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]",
                      "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]",
                      "EventGrid EventSubscription Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '428e0ff0-5e57-4d9c-a221-2c70d0e0a443')]",
                      "EventGrid EventSubscription Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2414bbcf-6497-4faf-8c65-045460748405')]",
                      "Experimentation Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f646f1b-fa08-80eb-a33b-edd6ce5c915c')]",
                      "Experimentation Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f646f1b-fa08-80eb-a22b-edd6ce5c915c')]",
                      "Experimentation Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '49632ef5-d9ac-41f4-b8e7-bbe587fa74a1')]",
                      "FHIR Data Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5a1fc7df-4bf1-4951-a576-89034ee01acd')]",
                      "FHIR Data Exporter": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3db33094-8700-4567-8da5-1501d4e7e843')]",
                      "FHIR Data Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4c8d0bbc-75d3-4935-991f-5f3c56d81508')]",
                      "FHIR Data Writer": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3f88fce4-5892-4214-ae73-ba5294559913')]",
                      "Graph Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b60367af-1334-4454-b71e-769d9a4f83d9')]",
                      "HDInsight Cluster Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '61ed4efc-fab3-44fd-b111-e24485cc132a')]",
                      "HDInsight Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8d8d5a11-05d3-4bda-a417-a08778121c7c')]",
                      "Hierarchy Settings Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '350f8d15-c687-4448-8ae1-157740a3936d')]",
                      "Hybrid Server Onboarding": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb')]",
                      "Hybrid Server Resource Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '48b40c6e-82e0-4eb3-90d5-19e40f49b624')]",
                      "Integration Service Environment Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a41e2c5b-bd99-4a07-88f4-9bf657a760b8')]",
                      "Integration Service Environment Developer": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7aa55d3-1abb-444a-a5ca-5e51e485d6ec')]",
                      "Intelligent Systems Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '03a6d094-3444-4b3d-88af-7477090a9e5e')]",
                      "Key Vault Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f25e0fa2-a7c8-4377-a976-54943a77a395')]",
                      "Knowledge Consumer": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ee361c5d-f7b5-4119-b4b6-892157c8f64c')]",
                      "Kubernetes Cluster - Azure Arc Onboarding": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '34e09817-6cbe-4d01-b1a2-e0eac5743d41')]",
                      "Lab Creator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b97fb8bc-a8b2-4522-a38b-dd33c7e65ead')]",
                      "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]",
                      "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]",
                      "Logic App Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '87a39d53-fc1b-424a-814c-f7e04687dc9e')]",
                      "Logic App Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '515c2055-d9d4-4321-b1b9-bd0c9a0f79fe')]",
                      "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]",
                      "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]",
                      "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]",
                      "Managed Identity Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e40ec5ca-96e0-45a2-b4ff-59039f2c2b59')]",
                      "Managed Identity Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f1a07417-d97a-45cb-824c-7a7467783830')]",
                      "Managed Services Registration assignment Delete ": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '91c1777a-f3dc-4fae-b103-61d183457e46')]",
                      "Management Group Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c')]",
                      "Management Group Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ac63b705-f282-497d-ac71-919bf39d939d')]",
                      "Marketplace Admin": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'dd920d6d-f481-47f1-b461-f338c46b2d9f')]",
                      "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]",
                      "Monitoring Metrics Publisher": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')]",
                      "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]",
                      "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
                      "New Relic APM Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5d28c62d-5b37-4476-8438-e587778df237')]",
                      "Object Understanding Account Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4dd61c23-6743-42fe-a388-d8bdd41cb745')]",
                      "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
                      "Policy Insights Data Writer (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '66bb4e9e-b016-4a94-8249-4c0511c2be84')]",
                      "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]",
                      "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
                      "Reader and Data Access": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c12c1c16-33a1-487b-954d-41c89c60f349')]",
                      "Redis Cache Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e0f68234-74aa-48ed-b826-c38b57376e17')]",
                      "Remote Rendering Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3df8b902-2a6f-47c7-8cc5-360e9b272a7e')]",
                      "Remote Rendering Client": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd39065c4-c120-43c9-ab0a-63eed9795f0a')]",
                      "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]",
                      "Scheduler Job Collections Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '188a0f2f-5c9e-469b-ae67-2aa5ce574b94')]",
                      "Search Service Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7ca78c08-252a-4471-8644-bb5ff32d4ba0')]",
                      "Security Admin": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb1c8493-542b-48eb-b624-b4c8fea62acd')]",
                      "Security Assessment Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '612c2aa1-cb24-443b-ac28-3ab7272de6f5')]",
                      "Security Manager (Legacy)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e3d13bf0-dd5a-482e-ba6b-9b8433878d10')]",
                      "Security Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '39bc4728-0917-49c7-9d2c-d95423bc2eb4')]",
                      "SignalR AccessKey Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '04165923-9d83-45d5-8227-78b77b0a687e')]",
                      "SignalR Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761')]",
                      "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]",
                      "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]",
                      "Site Recovery Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'dbaa88c4-0c30-4179-9fb3-46319faa6149')]",
                      "Spatial Anchors Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827')]",
                      "Spatial Anchors Account Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '70bbe301-9835-447d-afdd-19eb3167307c')]",
                      "Spatial Anchors Account Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5d51204f-eb77-4b1c-b86a-2ec626c49413')]",
                      "SQL DB Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9b7fa17d-e63e-47b0-bb0a-15c516ac86ec')]",
                      "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]",
                      "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]",
                      "SQL Server Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437')]",
                      "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]",
                      "Storage Account Key Operator Service Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '81a9662b-bebf-436f-a333-f67b29880f12')]",
                      "Storage Blob Data Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
                      "Storage Blob Data Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b')]",
                      "Storage Blob Data Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1')]",
                      "Storage Blob Delegator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'db58b8e5-c6ad-4a2a-8342-4190687cbf4a')]",
                      "Storage File Data SMB Share Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb')]",
                      "Storage File Data SMB Share Elevated Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7264617-510b-434b-a828-9731dc254ea7')]",
                      "Storage File Data SMB Share Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aba4ae5f-2193-4029-9191-0cb91df5e314')]",
                      "Storage Queue Data Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '974c5e8b-45b9-4653-ba55-5f855dd0fb88')]",
                      "Storage Queue Data Message Processor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8a0f0c08-91a1-4084-bc3d-661d67233fed')]",
                      "Storage Queue Data Message Sender": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c6a89b2d-59bc-44d0-9896-0f6e12d7b80a')]",
                      "Storage Queue Data Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '19e7f393-937e-4f77-808e-94535e297925')]",
                      "Support Request Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e')]",
                      "Tag Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4a9ae827-6dc8-4573-8ac7-8239d42aa03f')]",
                      "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]",
                      "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]",
                      "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]",
                      "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]",
                      "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]",
                      "Web Plan Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')]",
                      "Website Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')]",
                      "Workbook Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e8ddcd69-c73f-4f9f-9844-4100522f16ad')]",
                      "Workbook Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b279062a-9be3-42a0-92ae-8b3cf002ec4d')]"
                    }
                  },
                  "resources": [
                    {
                      "copy": {
                        "name": "roleAssignment",
                        "count": "[length(parameters('principalIds'))]"
                      },
                      "type": "Microsoft.Authorization/roleAssignments",
                      "apiVersion": "2022-04-01",
                      "name": "[guid(last(split(parameters('resourceId'), '/')), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]",
                      "properties": {
                        "description": "[parameters('description')]",
                        "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]",
                        "principalId": "[parameters('principalIds')[copyIndex()]]",
                        "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]",
                        "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]",
                        "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]",
                        "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]"
                      }
                    }
                  ]
                }
              },
              "dependsOn": [
                "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name'))]"
              ]
            }
          ],
          "outputs": {
            "name": {
              "type": "string",
              "value": "[parameters('name')]",
              "metadata": {
                "description": "The name of the resource group."
              }
            },
            "resourceId": {
              "type": "string",
              "value": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name'))]",
              "metadata": {
                "description": "The resource ID of the resource group."
              }
            },
            "location": {
              "type": "string",
              "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').location]",
              "metadata": {
                "description": "The location the resource was deployed into."
              }
            }
          }
        }
      }
    },
    {
      "type": "Microsoft.Resources/deployments",
      "apiVersion": "2020-10-01",
      "name": "networkingSouth",
      "resourceGroup": "[parameters('virtualNetworkResourceGroupName')]",
      "properties": {
        "expressionEvaluationOptions": {
          "scope": "inner"
        },
        "mode": "Incremental",
        "parameters": {
          "addressPrefixes": {
            "value": [
              "10.15.0.0/24"
            ]
          },
          "name": {
            "value": "vnet-spoke-scus"
          },
          "location": {
            "value": "southcentralus"
          },
          "subnets": {
            "value": "[if(parameters('deployExistingVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('virtualNetworkResourceGroupName')), 'Microsoft.Network/virtualNetworks', 'vnet-spoke-scus'), '2022-05-01').subnets, createArray())]"
          }
        },
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "metadata": {
            "_generator": {
              "name": "bicep",
              "version": "0.11.1.770",
              "templateHash": "5908777982241686412"
            }
          },
          "parameters": {
            "name": {
              "type": "string",
              "metadata": {
                "description": "Required. The Virtual Network (vNet) Name."
              }
            },
            "location": {
              "type": "string",
              "defaultValue": "[resourceGroup().location]",
              "metadata": {
                "description": "Optional. Location for all resources."
              }
            },
            "addressPrefixes": {
              "type": "array",
              "metadata": {
                "description": "Required. An Array of 1 or more IP Address Prefixes for the Virtual Network."
              }
            },
            "subnets": {
              "type": "array",
              "defaultValue": [],
              "metadata": {
                "description": "Optional. An Array of subnets to deploy to the Virtual Network."
              }
            },
            "dnsServers": {
              "type": "array",
              "defaultValue": [],
              "metadata": {
                "description": "Optional. DNS Servers associated to the Virtual Network."
              }
            },
            "ddosProtectionPlanId": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Optional. Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription."
              }
            },
            "virtualNetworkPeerings": {
              "type": "array",
              "defaultValue": [],
              "metadata": {
                "description": "Optional. Virtual Network Peerings configurations."
              }
            },
            "diagnosticLogsRetentionInDays": {
              "type": "int",
              "defaultValue": 365,
              "maxValue": 365,
              "minValue": 0,
              "metadata": {
                "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely."
              }
            },
            "diagnosticStorageAccountId": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Optional. Resource ID of the diagnostic storage account."
              }
            },
            "diagnosticWorkspaceId": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Optional. Resource ID of the diagnostic log analytics workspace."
              }
            },
            "diagnosticEventHubAuthorizationRuleId": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
              }
            },
            "diagnosticEventHubName": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category."
              }
            },
            "lock": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Optional. Specify the type of lock."
              },
              "allowedValues": [
                "",
                "CanNotDelete",
                "ReadOnly"
              ]
            },
            "roleAssignments": {
              "type": "array",
              "defaultValue": [],
              "metadata": {
                "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
              }
            },
            "tags": {
              "type": "object",
              "defaultValue": {},
              "metadata": {
                "description": "Optional. Tags of the resource."
              }
            },
            "enableDefaultTelemetry": {
              "type": "bool",
              "defaultValue": true,
              "metadata": {
                "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)."
              }
            },
            "diagnosticLogCategoriesToEnable": {
              "type": "array",
              "defaultValue": [
                "VMProtectionAlerts"
              ],
              "allowedValues": [
                "VMProtectionAlerts"
              ],
              "metadata": {
                "description": "Optional. The name of logs that will be streamed."
              }
            },
            "diagnosticMetricsToEnable": {
              "type": "array",
              "defaultValue": [
                "AllMetrics"
              ],
              "allowedValues": [
                "AllMetrics"
              ],
              "metadata": {
                "description": "Optional. The name of metrics that will be streamed."
              }
            },
            "diagnosticSettingsName": {
              "type": "string",
              "defaultValue": "[format('{0}-diagnosticSettings', parameters('name'))]",
              "metadata": {
                "description": "Optional. The name of the diagnostic setting, if deployed."
              }
            }
          },
          "variables": {
            "copy": [
              {
                "name": "diagnosticsLogs",
                "count": "[length(parameters('diagnosticLogCategoriesToEnable'))]",
                "input": {
                  "category": "[parameters('diagnosticLogCategoriesToEnable')[copyIndex('diagnosticsLogs')]]",
                  "enabled": true,
                  "retentionPolicy": {
                    "enabled": true,
                    "days": "[parameters('diagnosticLogsRetentionInDays')]"
                  }
                }
              },
              {
                "name": "diagnosticsMetrics",
                "count": "[length(parameters('diagnosticMetricsToEnable'))]",
                "input": {
                  "category": "[parameters('diagnosticMetricsToEnable')[copyIndex('diagnosticsMetrics')]]",
                  "timeGrain": null,
                  "enabled": true,
                  "retentionPolicy": {
                    "enabled": true,
                    "days": "[parameters('diagnosticLogsRetentionInDays')]"
                  }
                }
              }
            ],
            "dnsServers_var": {
              "dnsServers": "[array(parameters('dnsServers'))]"
            },
            "ddosProtectionPlan": {
              "id": "[parameters('ddosProtectionPlanId')]"
            },
            "enableReferencedModulesTelemetry": false
          },
          "resources": [
            {
              "condition": "[parameters('enableDefaultTelemetry')]",
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2021-04-01",
              "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
              "properties": {
                "mode": "Incremental",
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "resources": []
                }
              }
            },
            {
              "type": "Microsoft.Network/virtualNetworks",
              "apiVersion": "2021-08-01",
              "name": "[parameters('name')]",
              "location": "[parameters('location')]",
              "tags": "[parameters('tags')]",
              "properties": {
                "copy": [
                  {
                    "name": "subnets",
                    "count": "[length(parameters('subnets'))]",
                    "input": {
                      "name": "[parameters('subnets')[copyIndex('subnets')].name]",
                      "properties": {
                        "addressPrefix": "[parameters('subnets')[copyIndex('subnets')].addressPrefix]",
                        "addressPrefixes": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'addressPrefixes'), parameters('subnets')[copyIndex('subnets')].addressPrefixes, createArray())]",
                        "applicationGatewayIpConfigurations": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'applicationGatewayIpConfigurations'), parameters('subnets')[copyIndex('subnets')].applicationGatewayIpConfigurations, createArray())]",
                        "delegations": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'delegations'), parameters('subnets')[copyIndex('subnets')].delegations, createArray())]",
                        "ipAllocations": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'ipAllocations'), parameters('subnets')[copyIndex('subnets')].ipAllocations, createArray())]",
                        "natGateway": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'natGatewayId'), createObject('id', parameters('subnets')[copyIndex('subnets')].natGatewayId), null())]",
                        "networkSecurityGroup": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'networkSecurityGroupId'), createObject('id', parameters('subnets')[copyIndex('subnets')].networkSecurityGroupId), null())]",
                        "privateEndpointNetworkPolicies": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'privateEndpointNetworkPolicies'), parameters('subnets')[copyIndex('subnets')].privateEndpointNetworkPolicies, null())]",
                        "privateLinkServiceNetworkPolicies": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'privateLinkServiceNetworkPolicies'), parameters('subnets')[copyIndex('subnets')].privateLinkServiceNetworkPolicies, null())]",
                        "routeTable": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'routeTableId'), createObject('id', parameters('subnets')[copyIndex('subnets')].routeTableId), null())]",
                        "serviceEndpoints": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'serviceEndpoints'), parameters('subnets')[copyIndex('subnets')].serviceEndpoints, createArray())]",
                        "serviceEndpointPolicies": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'serviceEndpointPolicies'), parameters('subnets')[copyIndex('subnets')].serviceEndpointPolicies, createArray())]"
                      }
                    }
                  }
                ],
                "addressSpace": {
                  "addressPrefixes": "[parameters('addressPrefixes')]"
                },
                "ddosProtectionPlan": "[if(not(empty(parameters('ddosProtectionPlanId'))), variables('ddosProtectionPlan'), null())]",
                "dhcpOptions": "[if(not(empty(parameters('dnsServers'))), variables('dnsServers_var'), null())]",
                "enableDdosProtection": "[not(empty(parameters('ddosProtectionPlanId')))]"
              }
            },
            {
              "condition": "[not(empty(parameters('lock')))]",
              "type": "Microsoft.Authorization/locks",
              "apiVersion": "2017-04-01",
              "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]",
              "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]",
              "properties": {
                "level": "[parameters('lock')]",
                "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]"
              },
              "dependsOn": [
                "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]"
              ]
            },
            {
              "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]",
              "type": "Microsoft.Insights/diagnosticSettings",
              "apiVersion": "2021-05-01-preview",
              "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]",
              "name": "[parameters('diagnosticSettingsName')]",
              "properties": {
                "storageAccountId": "[if(not(empty(parameters('diagnosticStorageAccountId'))), parameters('diagnosticStorageAccountId'), null())]",
                "workspaceId": "[if(not(empty(parameters('diagnosticWorkspaceId'))), parameters('diagnosticWorkspaceId'), null())]",
                "eventHubAuthorizationRuleId": "[if(not(empty(parameters('diagnosticEventHubAuthorizationRuleId'))), parameters('diagnosticEventHubAuthorizationRuleId'), null())]",
                "eventHubName": "[if(not(empty(parameters('diagnosticEventHubName'))), parameters('diagnosticEventHubName'), null())]",
                "metrics": "[variables('diagnosticsMetrics')]",
                "logs": "[variables('diagnosticsLogs')]"
              },
              "dependsOn": [
                "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]"
              ]
            },
            {
              "copy": {
                "name": "virtualNetwork_subnets",
                "count": "[length(parameters('subnets'))]"
              },
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2020-10-01",
              "name": "[format('{0}-subnet-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]",
              "properties": {
                "expressionEvaluationOptions": {
                  "scope": "inner"
                },
                "mode": "Incremental",
                "parameters": {
                  "virtualNetworkName": {
                    "value": "[parameters('name')]"
                  },
                  "name": {
                    "value": "[parameters('subnets')[copyIndex()].name]"
                  },
                  "addressPrefix": {
                    "value": "[parameters('subnets')[copyIndex()].addressPrefix]"
                  },
                  "addressPrefixes": {
                    "value": "[if(contains(parameters('subnets')[copyIndex()], 'addressPrefixes'), parameters('subnets')[copyIndex()].addressPrefixes, createArray())]"
                  },
                  "applicationGatewayIpConfigurations": {
                    "value": "[if(contains(parameters('subnets')[copyIndex()], 'applicationGatewayIpConfigurations'), parameters('subnets')[copyIndex()].applicationGatewayIpConfigurations, createArray())]"
                  },
                  "delegations": {
                    "value": "[if(contains(parameters('subnets')[copyIndex()], 'delegations'), parameters('subnets')[copyIndex()].delegations, createArray())]"
                  },
                  "ipAllocations": {
                    "value": "[if(contains(parameters('subnets')[copyIndex()], 'ipAllocations'), parameters('subnets')[copyIndex()].ipAllocations, createArray())]"
                  },
                  "natGatewayId": {
                    "value": "[if(contains(parameters('subnets')[copyIndex()], 'natGatewayId'), parameters('subnets')[copyIndex()].natGatewayId, '')]"
                  },
                  "networkSecurityGroupId": {
                    "value": "[if(contains(parameters('subnets')[copyIndex()], 'networkSecurityGroupId'), parameters('subnets')[copyIndex()].networkSecurityGroupId, '')]"
                  },
                  "privateEndpointNetworkPolicies": {
                    "value": "[if(contains(parameters('subnets')[copyIndex()], 'privateEndpointNetworkPolicies'), parameters('subnets')[copyIndex()].privateEndpointNetworkPolicies, '')]"
                  },
                  "privateLinkServiceNetworkPolicies": {
                    "value": "[if(contains(parameters('subnets')[copyIndex()], 'privateLinkServiceNetworkPolicies'), parameters('subnets')[copyIndex()].privateLinkServiceNetworkPolicies, '')]"
                  },
                  "roleAssignments": {
                    "value": "[if(contains(parameters('subnets')[copyIndex()], 'roleAssignments'), parameters('subnets')[copyIndex()].roleAssignments, createArray())]"
                  },
                  "routeTableId": {
                    "value": "[if(contains(parameters('subnets')[copyIndex()], 'routeTableId'), parameters('subnets')[copyIndex()].routeTableId, '')]"
                  },
                  "serviceEndpointPolicies": {
                    "value": "[if(contains(parameters('subnets')[copyIndex()], 'serviceEndpointPolicies'), parameters('subnets')[copyIndex()].serviceEndpointPolicies, createArray())]"
                  },
                  "serviceEndpoints": {
                    "value": "[if(contains(parameters('subnets')[copyIndex()], 'serviceEndpoints'), parameters('subnets')[copyIndex()].serviceEndpoints, createArray())]"
                  },
                  "enableDefaultTelemetry": {
                    "value": "[variables('enableReferencedModulesTelemetry')]"
                  }
                },
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "metadata": {
                    "_generator": {
                      "name": "bicep",
                      "version": "0.11.1.770",
                      "templateHash": "10008868027824911406"
                    }
                  },
                  "parameters": {
                    "name": {
                      "type": "string",
                      "metadata": {
                        "description": "Optional. The Name of the subnet resource."
                      }
                    },
                    "virtualNetworkName": {
                      "type": "string",
                      "metadata": {
                        "description": "Conditional. The name of the parent virtual network. Required if the template is used in a standalone deployment."
                      }
                    },
                    "addressPrefix": {
                      "type": "string",
                      "metadata": {
                        "description": "Required. The address prefix for the subnet."
                      }
                    },
                    "networkSecurityGroupId": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Optional. The resource ID of the network security group to assign to the subnet."
                      }
                    },
                    "routeTableId": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Optional. The resource ID of the route table to assign to the subnet."
                      }
                    },
                    "serviceEndpoints": {
                      "type": "array",
                      "defaultValue": [],
                      "metadata": {
                        "description": "Optional. The service endpoints to enable on the subnet."
                      }
                    },
                    "delegations": {
                      "type": "array",
                      "defaultValue": [],
                      "metadata": {
                        "description": "Optional. The delegations to enable on the subnet."
                      }
                    },
                    "natGatewayId": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Optional. The resource ID of the NAT Gateway to use for the subnet."
                      }
                    },
                    "privateEndpointNetworkPolicies": {
                      "type": "string",
                      "defaultValue": "",
                      "allowedValues": [
                        "Disabled",
                        "Enabled",
                        ""
                      ],
                      "metadata": {
                        "description": "Optional. enable or disable apply network policies on private endpoint in the subnet."
                      }
                    },
                    "privateLinkServiceNetworkPolicies": {
                      "type": "string",
                      "defaultValue": "",
                      "allowedValues": [
                        "Disabled",
                        "Enabled",
                        ""
                      ],
                      "metadata": {
                        "description": "Optional. enable or disable apply network policies on private link service in the subnet."
                      }
                    },
                    "addressPrefixes": {
                      "type": "array",
                      "defaultValue": [],
                      "metadata": {
                        "description": "Optional. List of address prefixes for the subnet."
                      }
                    },
                    "applicationGatewayIpConfigurations": {
                      "type": "array",
                      "defaultValue": [],
                      "metadata": {
                        "description": "Optional. Application gateway IP configurations of virtual network resource."
                      }
                    },
                    "ipAllocations": {
                      "type": "array",
                      "defaultValue": [],
                      "metadata": {
                        "description": "Optional. Array of IpAllocation which reference this subnet."
                      }
                    },
                    "serviceEndpointPolicies": {
                      "type": "array",
                      "defaultValue": [],
                      "metadata": {
                        "description": "Optional. An array of service endpoint policies."
                      }
                    },
                    "roleAssignments": {
                      "type": "array",
                      "defaultValue": [],
                      "metadata": {
                        "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
                      }
                    },
                    "enableDefaultTelemetry": {
                      "type": "bool",
                      "defaultValue": true,
                      "metadata": {
                        "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)."
                      }
                    }
                  },
                  "resources": [
                    {
                      "condition": "[parameters('enableDefaultTelemetry')]",
                      "type": "Microsoft.Resources/deployments",
                      "apiVersion": "2021-04-01",
                      "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
                      "properties": {
                        "mode": "Incremental",
                        "template": {
                          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                          "contentVersion": "1.0.0.0",
                          "resources": []
                        }
                      }
                    },
                    {
                      "type": "Microsoft.Network/virtualNetworks/subnets",
                      "apiVersion": "2021-08-01",
                      "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('name'))]",
                      "properties": {
                        "addressPrefix": "[parameters('addressPrefix')]",
                        "networkSecurityGroup": "[if(not(empty(parameters('networkSecurityGroupId'))), createObject('id', parameters('networkSecurityGroupId')), null())]",
                        "routeTable": "[if(not(empty(parameters('routeTableId'))), createObject('id', parameters('routeTableId')), null())]",
                        "natGateway": "[if(not(empty(parameters('natGatewayId'))), createObject('id', parameters('natGatewayId')), null())]",
                        "serviceEndpoints": "[parameters('serviceEndpoints')]",
                        "delegations": "[parameters('delegations')]",
                        "privateEndpointNetworkPolicies": "[if(not(empty(parameters('privateEndpointNetworkPolicies'))), parameters('privateEndpointNetworkPolicies'), null())]",
                        "privateLinkServiceNetworkPolicies": "[if(not(empty(parameters('privateLinkServiceNetworkPolicies'))), parameters('privateLinkServiceNetworkPolicies'), null())]",
                        "addressPrefixes": "[parameters('addressPrefixes')]",
                        "applicationGatewayIpConfigurations": "[parameters('applicationGatewayIpConfigurations')]",
                        "ipAllocations": "[parameters('ipAllocations')]",
                        "serviceEndpointPolicies": "[parameters('serviceEndpointPolicies')]"
                      }
                    },
                    {
                      "copy": {
                        "name": "subnet_roleAssignments",
                        "count": "[length(parameters('roleAssignments'))]"
                      },
                      "type": "Microsoft.Resources/deployments",
                      "apiVersion": "2020-10-01",
                      "name": "[format('{0}-Subnet-Rbac-{1}', uniqueString(deployment().name, resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))), copyIndex())]",
                      "properties": {
                        "expressionEvaluationOptions": {
                          "scope": "inner"
                        },
                        "mode": "Incremental",
                        "parameters": {
                          "description": {
                            "value": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), parameters('roleAssignments')[copyIndex()].description, '')]"
                          },
                          "principalIds": {
                            "value": "[parameters('roleAssignments')[copyIndex()].principalIds]"
                          },
                          "principalType": {
                            "value": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), parameters('roleAssignments')[copyIndex()].principalType, '')]"
                          },
                          "roleDefinitionIdOrName": {
                            "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]"
                          },
                          "condition": {
                            "value": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), parameters('roleAssignments')[copyIndex()].condition, '')]"
                          },
                          "delegatedManagedIdentityResourceId": {
                            "value": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId, '')]"
                          },
                          "resourceId": {
                            "value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))]"
                          }
                        },
                        "template": {
                          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                          "contentVersion": "1.0.0.0",
                          "metadata": {
                            "_generator": {
                              "name": "bicep",
                              "version": "0.11.1.770",
                              "templateHash": "14709447919694218212"
                            }
                          },
                          "parameters": {
                            "principalIds": {
                              "type": "array",
                              "metadata": {
                                "description": "Required. The IDs of the principals to assign the role to."
                              }
                            },
                            "roleDefinitionIdOrName": {
                              "type": "string",
                              "metadata": {
                                "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
                              }
                            },
                            "resourceId": {
                              "type": "string",
                              "metadata": {
                                "description": "Required. The resource ID of the resource to apply the role assignment to."
                              }
                            },
                            "principalType": {
                              "type": "string",
                              "defaultValue": "",
                              "allowedValues": [
                                "ServicePrincipal",
                                "Group",
                                "User",
                                "ForeignGroup",
                                "Device",
                                ""
                              ],
                              "metadata": {
                                "description": "Optional. The principal type of the assigned principal ID."
                              }
                            },
                            "description": {
                              "type": "string",
                              "defaultValue": "",
                              "metadata": {
                                "description": "Optional. The description of the role assignment."
                              }
                            },
                            "condition": {
                              "type": "string",
                              "defaultValue": "",
                              "metadata": {
                                "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
                              }
                            },
                            "conditionVersion": {
                              "type": "string",
                              "defaultValue": "2.0",
                              "allowedValues": [
                                "2.0"
                              ],
                              "metadata": {
                                "description": "Optional. Version of the condition."
                              }
                            },
                            "delegatedManagedIdentityResourceId": {
                              "type": "string",
                              "defaultValue": "",
                              "metadata": {
                                "description": "Optional. Id of the delegated managed identity resource."
                              }
                            }
                          },
                          "variables": {
                            "builtInRoleNames": {
                              "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
                              "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
                              "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
                              "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]",
                              "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]",
                              "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]",
                              "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]",
                              "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]",
                              "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]",
                              "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]",
                              "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]",
                              "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]",
                              "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]",
                              "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]",
                              "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]",
                              "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]",
                              "Monitoring Metrics Publisher": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')]",
                              "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]",
                              "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
                              "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]",
                              "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]",
                              "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]",
                              "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]",
                              "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]",
                              "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]",
                              "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]",
                              "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]",
                              "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]",
                              "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]",
                              "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]"
                            }
                          },
                          "resources": [
                            {
                              "copy": {
                                "name": "roleAssignment",
                                "count": "[length(parameters('principalIds'))]"
                              },
                              "type": "Microsoft.Authorization/roleAssignments",
                              "apiVersion": "2022-04-01",
                              "scope": "[format('Microsoft.Network/virtualNetworks/{0}/subnets/{1}', split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[0], split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[1])]",
                              "name": "[guid(resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[0], split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[1]), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]",
                              "properties": {
                                "description": "[parameters('description')]",
                                "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]",
                                "principalId": "[parameters('principalIds')[copyIndex()]]",
                                "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]",
                                "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]",
                                "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]",
                                "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]"
                              }
                            }
                          ]
                        }
                      },
                      "dependsOn": [
                        "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))]"
                      ]
                    }
                  ],
                  "outputs": {
                    "resourceGroupName": {
                      "type": "string",
                      "value": "[resourceGroup().name]",
                      "metadata": {
                        "description": "The resource group the virtual network peering was deployed into."
                      }
                    },
                    "name": {
                      "type": "string",
                      "value": "[parameters('name')]",
                      "metadata": {
                        "description": "The name of the virtual network peering."
                      }
                    },
                    "resourceId": {
                      "type": "string",
                      "value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))]",
                      "metadata": {
                        "description": "The resource ID of the virtual network peering."
                      }
                    },
                    "subnetAddressPrefix": {
                      "type": "string",
                      "value": "[reference(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))).addressPrefix]",
                      "metadata": {
                        "description": "The address prefix for the subnet."
                      }
                    },
                    "subnetAddressPrefixes": {
                      "type": "array",
                      "value": "[if(not(empty(parameters('addressPrefixes'))), reference(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))).addressPrefixes, createArray())]",
                      "metadata": {
                        "description": "List of address prefixes for the subnet."
                      }
                    }
                  }
                }
              },
              "dependsOn": [
                "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]"
              ]
            },
            {
              "copy": {
                "name": "virtualNetwork_peering_local",
                "count": "[length(parameters('virtualNetworkPeerings'))]"
              },
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2020-10-01",
              "name": "[format('{0}-virtualNetworkPeering-local-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]",
              "properties": {
                "expressionEvaluationOptions": {
                  "scope": "inner"
                },
                "mode": "Incremental",
                "parameters": {
                  "localVnetName": {
                    "value": "[parameters('name')]"
                  },
                  "remoteVirtualNetworkId": {
                    "value": "[parameters('virtualNetworkPeerings')[copyIndex()].remoteVirtualNetworkId]"
                  },
                  "name": {
                    "value": "[if(contains(parameters('virtualNetworkPeerings')[copyIndex()], 'name'), parameters('virtualNetworkPeerings')[copyIndex()].name, format('{0}-{1}', parameters('name'), last(split(parameters('virtualNetworkPeerings')[copyIndex()].remoteVirtualNetworkId, '/'))))]"
                  },
                  "allowForwardedTraffic": {
                    "value": "[if(contains(parameters('virtualNetworkPeerings')[copyIndex()], 'allowForwardedTraffic'), parameters('virtualNetworkPeerings')[copyIndex()].allowForwardedTraffic, true())]"
                  },
                  "allowGatewayTransit": {
                    "value": "[if(contains(parameters('virtualNetworkPeerings')[copyIndex()], 'allowGatewayTransit'), parameters('virtualNetworkPeerings')[copyIndex()].allowGatewayTransit, false())]"
                  },
                  "allowVirtualNetworkAccess": {
                    "value": "[if(contains(parameters('virtualNetworkPeerings')[copyIndex()], 'allowVirtualNetworkAccess'), parameters('virtualNetworkPeerings')[copyIndex()].allowVirtualNetworkAccess, true())]"
                  },
                  "doNotVerifyRemoteGateways": {
                    "value": "[if(contains(parameters('virtualNetworkPeerings')[copyIndex()], 'doNotVerifyRemoteGateways'), parameters('virtualNetworkPeerings')[copyIndex()].doNotVerifyRemoteGateways, true())]"
                  },
                  "useRemoteGateways": {
                    "value": "[if(contains(parameters('virtualNetworkPeerings')[copyIndex()], 'useRemoteGateways'), parameters('virtualNetworkPeerings')[copyIndex()].useRemoteGateways, false())]"
                  },
                  "enableDefaultTelemetry": {
                    "value": "[variables('enableReferencedModulesTelemetry')]"
                  }
                },
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "metadata": {
                    "_generator": {
                      "name": "bicep",
                      "version": "0.11.1.770",
                      "templateHash": "14111148246327456579"
                    }
                  },
                  "parameters": {
                    "name": {
                      "type": "string",
                      "defaultValue": "[format('{0}-{1}', parameters('localVnetName'), last(split(parameters('remoteVirtualNetworkId'), '/')))]",
                      "metadata": {
                        "description": "Optional. The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName."
                      }
                    },
                    "localVnetName": {
                      "type": "string",
                      "metadata": {
                        "description": "Conditional. The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment."
                      }
                    },
                    "remoteVirtualNetworkId": {
                      "type": "string",
                      "metadata": {
                        "description": "Required. The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID."
                      }
                    },
                    "allowForwardedTraffic": {
                      "type": "bool",
                      "defaultValue": true,
                      "metadata": {
                        "description": "Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true."
                      }
                    },
                    "allowGatewayTransit": {
                      "type": "bool",
                      "defaultValue": false,
                      "metadata": {
                        "description": "Optional. If gateway links can be used in remote virtual networking to link to this virtual network. Default is false."
                      }
                    },
                    "allowVirtualNetworkAccess": {
                      "type": "bool",
                      "defaultValue": true,
                      "metadata": {
                        "description": "Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true."
                      }
                    },
                    "doNotVerifyRemoteGateways": {
                      "type": "bool",
                      "defaultValue": true,
                      "metadata": {
                        "description": "Optional. If we need to verify the provisioning state of the remote gateway. Default is true."
                      }
                    },
                    "useRemoteGateways": {
                      "type": "bool",
                      "defaultValue": false,
                      "metadata": {
                        "description": "Optional. If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false."
                      }
                    },
                    "enableDefaultTelemetry": {
                      "type": "bool",
                      "defaultValue": true,
                      "metadata": {
                        "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)."
                      }
                    }
                  },
                  "resources": [
                    {
                      "condition": "[parameters('enableDefaultTelemetry')]",
                      "type": "Microsoft.Resources/deployments",
                      "apiVersion": "2021-04-01",
                      "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
                      "properties": {
                        "mode": "Incremental",
                        "template": {
                          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                          "contentVersion": "1.0.0.0",
                          "resources": []
                        }
                      }
                    },
                    {
                      "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
                      "apiVersion": "2021-08-01",
                      "name": "[format('{0}/{1}', parameters('localVnetName'), parameters('name'))]",
                      "properties": {
                        "allowForwardedTraffic": "[parameters('allowForwardedTraffic')]",
                        "allowGatewayTransit": "[parameters('allowGatewayTransit')]",
                        "allowVirtualNetworkAccess": "[parameters('allowVirtualNetworkAccess')]",
                        "doNotVerifyRemoteGateways": "[parameters('doNotVerifyRemoteGateways')]",
                        "useRemoteGateways": "[parameters('useRemoteGateways')]",
                        "remoteVirtualNetwork": {
                          "id": "[parameters('remoteVirtualNetworkId')]"
                        }
                      }
                    }
                  ],
                  "outputs": {
                    "resourceGroupName": {
                      "type": "string",
                      "value": "[resourceGroup().name]",
                      "metadata": {
                        "description": "The resource group the virtual network peering was deployed into."
                      }
                    },
                    "name": {
                      "type": "string",
                      "value": "[parameters('name')]",
                      "metadata": {
                        "description": "The name of the virtual network peering."
                      }
                    },
                    "resourceId": {
                      "type": "string",
                      "value": "[resourceId('Microsoft.Network/virtualNetworks/virtualNetworkPeerings', parameters('localVnetName'), parameters('name'))]",
                      "metadata": {
                        "description": "The resource ID of the virtual network peering."
                      }
                    }
                  }
                }
              },
              "dependsOn": [
                "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]"
              ]
            },
            {
              "condition": "[if(contains(parameters('virtualNetworkPeerings')[copyIndex()], 'remotePeeringEnabled'), equals(parameters('virtualNetworkPeerings')[copyIndex()].remotePeeringEnabled, true()), false())]",
              "copy": {
                "name": "virtualNetwork_peering_remote",
                "count": "[length(parameters('virtualNetworkPeerings'))]"
              },
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2020-10-01",
              "name": "[format('{0}-virtualNetworkPeering-remote-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]",
              "subscriptionId": "[split(parameters('virtualNetworkPeerings')[copyIndex()].remoteVirtualNetworkId, '/')[2]]",
              "resourceGroup": "[split(parameters('virtualNetworkPeerings')[copyIndex()].remoteVirtualNetworkId, '/')[4]]",
              "properties": {
                "expressionEvaluationOptions": {
                  "scope": "inner"
                },
                "mode": "Incremental",
                "parameters": {
                  "localVnetName": {
                    "value": "[last(split(parameters('virtualNetworkPeerings')[copyIndex()].remoteVirtualNetworkId, '/'))]"
                  },
                  "remoteVirtualNetworkId": {
                    "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]"
                  },
                  "name": {
                    "value": "[if(contains(parameters('virtualNetworkPeerings')[copyIndex()], 'remotePeeringName'), parameters('virtualNetworkPeerings')[copyIndex()].remotePeeringName, format('{0}-{1}', last(split(parameters('virtualNetworkPeerings')[copyIndex()].remoteVirtualNetworkId, '/')), parameters('name')))]"
                  },
                  "allowForwardedTraffic": {
                    "value": "[if(contains(parameters('virtualNetworkPeerings')[copyIndex()], 'remotePeeringAllowForwardedTraffic'), parameters('virtualNetworkPeerings')[copyIndex()].remotePeeringAllowForwardedTraffic, true())]"
                  },
                  "allowGatewayTransit": {
                    "value": "[if(contains(parameters('virtualNetworkPeerings')[copyIndex()], 'remotePeeringAllowGatewayTransit'), parameters('virtualNetworkPeerings')[copyIndex()].remotePeeringAllowGatewayTransit, false())]"
                  },
                  "allowVirtualNetworkAccess": {
                    "value": "[if(contains(parameters('virtualNetworkPeerings')[copyIndex()], 'remotePeeringAllowVirtualNetworkAccess'), parameters('virtualNetworkPeerings')[copyIndex()].remotePeeringAllowVirtualNetworkAccess, true())]"
                  },
                  "doNotVerifyRemoteGateways": {
                    "value": "[if(contains(parameters('virtualNetworkPeerings')[copyIndex()], 'remotePeeringDoNotVerifyRemoteGateways'), parameters('virtualNetworkPeerings')[copyIndex()].remotePeeringDoNotVerifyRemoteGateways, true())]"
                  },
                  "useRemoteGateways": {
                    "value": "[if(contains(parameters('virtualNetworkPeerings')[copyIndex()], 'remotePeeringUseRemoteGateways'), parameters('virtualNetworkPeerings')[copyIndex()].remotePeeringUseRemoteGateways, false())]"
                  },
                  "enableDefaultTelemetry": {
                    "value": "[variables('enableReferencedModulesTelemetry')]"
                  }
                },
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "metadata": {
                    "_generator": {
                      "name": "bicep",
                      "version": "0.11.1.770",
                      "templateHash": "14111148246327456579"
                    }
                  },
                  "parameters": {
                    "name": {
                      "type": "string",
                      "defaultValue": "[format('{0}-{1}', parameters('localVnetName'), last(split(parameters('remoteVirtualNetworkId'), '/')))]",
                      "metadata": {
                        "description": "Optional. The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName."
                      }
                    },
                    "localVnetName": {
                      "type": "string",
                      "metadata": {
                        "description": "Conditional. The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment."
                      }
                    },
                    "remoteVirtualNetworkId": {
                      "type": "string",
                      "metadata": {
                        "description": "Required. The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID."
                      }
                    },
                    "allowForwardedTraffic": {
                      "type": "bool",
                      "defaultValue": true,
                      "metadata": {
                        "description": "Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true."
                      }
                    },
                    "allowGatewayTransit": {
                      "type": "bool",
                      "defaultValue": false,
                      "metadata": {
                        "description": "Optional. If gateway links can be used in remote virtual networking to link to this virtual network. Default is false."
                      }
                    },
                    "allowVirtualNetworkAccess": {
                      "type": "bool",
                      "defaultValue": true,
                      "metadata": {
                        "description": "Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true."
                      }
                    },
                    "doNotVerifyRemoteGateways": {
                      "type": "bool",
                      "defaultValue": true,
                      "metadata": {
                        "description": "Optional. If we need to verify the provisioning state of the remote gateway. Default is true."
                      }
                    },
                    "useRemoteGateways": {
                      "type": "bool",
                      "defaultValue": false,
                      "metadata": {
                        "description": "Optional. If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false."
                      }
                    },
                    "enableDefaultTelemetry": {
                      "type": "bool",
                      "defaultValue": true,
                      "metadata": {
                        "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)."
                      }
                    }
                  },
                  "resources": [
                    {
                      "condition": "[parameters('enableDefaultTelemetry')]",
                      "type": "Microsoft.Resources/deployments",
                      "apiVersion": "2021-04-01",
                      "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
                      "properties": {
                        "mode": "Incremental",
                        "template": {
                          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                          "contentVersion": "1.0.0.0",
                          "resources": []
                        }
                      }
                    },
                    {
                      "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
                      "apiVersion": "2021-08-01",
                      "name": "[format('{0}/{1}', parameters('localVnetName'), parameters('name'))]",
                      "properties": {
                        "allowForwardedTraffic": "[parameters('allowForwardedTraffic')]",
                        "allowGatewayTransit": "[parameters('allowGatewayTransit')]",
                        "allowVirtualNetworkAccess": "[parameters('allowVirtualNetworkAccess')]",
                        "doNotVerifyRemoteGateways": "[parameters('doNotVerifyRemoteGateways')]",
                        "useRemoteGateways": "[parameters('useRemoteGateways')]",
                        "remoteVirtualNetwork": {
                          "id": "[parameters('remoteVirtualNetworkId')]"
                        }
                      }
                    }
                  ],
                  "outputs": {
                    "resourceGroupName": {
                      "type": "string",
                      "value": "[resourceGroup().name]",
                      "metadata": {
                        "description": "The resource group the virtual network peering was deployed into."
                      }
                    },
                    "name": {
                      "type": "string",
                      "value": "[parameters('name')]",
                      "metadata": {
                        "description": "The name of the virtual network peering."
                      }
                    },
                    "resourceId": {
                      "type": "string",
                      "value": "[resourceId('Microsoft.Network/virtualNetworks/virtualNetworkPeerings', parameters('localVnetName'), parameters('name'))]",
                      "metadata": {
                        "description": "The resource ID of the virtual network peering."
                      }
                    }
                  }
                }
              },
              "dependsOn": [
                "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]"
              ]
            },
            {
              "copy": {
                "name": "virtualNetwork_roleAssignments",
                "count": "[length(parameters('roleAssignments'))]"
              },
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2020-10-01",
              "name": "[format('{0}-VNet-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]",
              "properties": {
                "expressionEvaluationOptions": {
                  "scope": "inner"
                },
                "mode": "Incremental",
                "parameters": {
                  "description": {
                    "value": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), parameters('roleAssignments')[copyIndex()].description, '')]"
                  },
                  "principalIds": {
                    "value": "[parameters('roleAssignments')[copyIndex()].principalIds]"
                  },
                  "principalType": {
                    "value": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), parameters('roleAssignments')[copyIndex()].principalType, '')]"
                  },
                  "roleDefinitionIdOrName": {
                    "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]"
                  },
                  "condition": {
                    "value": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), parameters('roleAssignments')[copyIndex()].condition, '')]"
                  },
                  "delegatedManagedIdentityResourceId": {
                    "value": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId, '')]"
                  },
                  "resourceId": {
                    "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]"
                  }
                },
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "metadata": {
                    "_generator": {
                      "name": "bicep",
                      "version": "0.11.1.770",
                      "templateHash": "6774634624821809207"
                    }
                  },
                  "parameters": {
                    "principalIds": {
                      "type": "array",
                      "metadata": {
                        "description": "Required. The IDs of the principals to assign the role to."
                      }
                    },
                    "roleDefinitionIdOrName": {
                      "type": "string",
                      "metadata": {
                        "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
                      }
                    },
                    "resourceId": {
                      "type": "string",
                      "metadata": {
                        "description": "Required. The resource ID of the resource to apply the role assignment to."
                      }
                    },
                    "principalType": {
                      "type": "string",
                      "defaultValue": "",
                      "allowedValues": [
                        "ServicePrincipal",
                        "Group",
                        "User",
                        "ForeignGroup",
                        "Device",
                        ""
                      ],
                      "metadata": {
                        "description": "Optional. The principal type of the assigned principal ID."
                      }
                    },
                    "description": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Optional. The description of the role assignment."
                      }
                    },
                    "condition": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
                      }
                    },
                    "conditionVersion": {
                      "type": "string",
                      "defaultValue": "2.0",
                      "allowedValues": [
                        "2.0"
                      ],
                      "metadata": {
                        "description": "Optional. Version of the condition."
                      }
                    },
                    "delegatedManagedIdentityResourceId": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Optional. Id of the delegated managed identity resource."
                      }
                    }
                  },
                  "variables": {
                    "builtInRoleNames": {
                      "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
                      "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
                      "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
                      "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]",
                      "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]",
                      "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]",
                      "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]",
                      "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]",
                      "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]",
                      "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]",
                      "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]",
                      "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]",
                      "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]",
                      "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]",
                      "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]",
                      "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]",
                      "Monitoring Metrics Publisher": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')]",
                      "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]",
                      "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
                      "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]",
                      "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]",
                      "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]",
                      "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]",
                      "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]",
                      "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]",
                      "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]",
                      "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]",
                      "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]",
                      "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]",
                      "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]"
                    }
                  },
                  "resources": [
                    {
                      "copy": {
                        "name": "roleAssignment",
                        "count": "[length(parameters('principalIds'))]"
                      },
                      "type": "Microsoft.Authorization/roleAssignments",
                      "apiVersion": "2022-04-01",
                      "scope": "[format('Microsoft.Network/virtualNetworks/{0}', last(split(parameters('resourceId'), '/')))]",
                      "name": "[guid(resourceId('Microsoft.Network/virtualNetworks', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]",
                      "properties": {
                        "description": "[parameters('description')]",
                        "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]",
                        "principalId": "[parameters('principalIds')[copyIndex()]]",
                        "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]",
                        "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]",
                        "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]",
                        "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]"
                      }
                    }
                  ]
                }
              },
              "dependsOn": [
                "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]"
              ]
            }
          ],
          "outputs": {
            "resourceGroupName": {
              "type": "string",
              "value": "[resourceGroup().name]",
              "metadata": {
                "description": "The resource group the virtual network was deployed into."
              }
            },
            "resourceId": {
              "type": "string",
              "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]",
              "metadata": {
                "description": "The resource ID of the virtual network."
              }
            },
            "name": {
              "type": "string",
              "value": "[parameters('name')]",
              "metadata": {
                "description": "The name of the virtual network."
              }
            },
            "subnetNames": {
              "type": "array",
              "copy": {
                "count": "[length(parameters('subnets'))]",
                "input": "[parameters('subnets')[copyIndex()].name]"
              },
              "metadata": {
                "description": "The names of the deployed subnets."
              }
            },
            "subnetResourceIds": {
              "type": "array",
              "copy": {
                "count": "[length(parameters('subnets'))]",
                "input": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('name'), parameters('subnets')[copyIndex()].name)]"
              },
              "metadata": {
                "description": "The resource IDs of the deployed subnets."
              }
            },
            "location": {
              "type": "string",
              "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2021-08-01', 'full').location]",
              "metadata": {
                "description": "The location the resource was deployed into."
              }
            }
          }
        }
      },
      "dependsOn": [
        "[subscriptionResourceId('Microsoft.Resources/deployments', 'deployNetworkingRg')]"
      ]
    }
  ]
}