Skip to content

Instantly share code, notes, and snippets.

@wilfriedwoivre

wilfriedwoivre/azuredeploy-hub.json

Created October 8, 2020 13:18
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save wilfriedwoivre/bda9321f8334f9f239d6e9ee38c58a66 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save wilfriedwoivre/bda9321f8334f9f239d6e9ee38c58a66 to your computer and use it in GitHub Desktop.
Download ZIP
azure-firewall-cognitive-l7
Raw
azuredeploy-hub.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"deployLocation": {
"type": "string"
}
},
"functions": [
],
"variables": {
"virtualNetworkName": "[concat('vnet-', uniqueString(resourceGroup().name))]",
"firewallName": "[concat('fwl-', uniqueString(resourceGroup().name))]",
"fwlIpName": "[concat(variables('firewallName'), '-ip')]",
"loaName": "[concat('loa-', uniqueString(resourceGroup().name))]"
},
"resources": [
{
"name": "[variables('virtualNetworkName')]",
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2019-11-01",
"location": "[parameters('deployLocation')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/24"
]
},
"subnets": [
{
"name": "AzureFirewallSubnet",
"properties": {
"addressPrefix": "10.0.0.0/24"
}
}
]
}
},
{
"name": "[variables('loaName')]",
"type": "Microsoft.OperationalInsights/workspaces",
"apiVersion": "2020-03-01-preview",
"location": "[parameters('deployLocation')]",
"properties": {
"sku": {
"name": "PerGB2018"
},
"retentionInDays": 30,
"features": {
"searchVersion": 1,
"legacy": 0
}
}
},
{
"name": "[variables('firewallName')]",
"type": "Microsoft.Network/azureFirewalls",
"apiVersion": "2019-11-01",
"location": "[parameters('deployLocation')]",
"tags": {
},
"properties": {
"applicationRuleCollections": [
{
"name": "CognitiveServices",
"properties": {
"priority": 1000,
"action": {
"type": "Allow"
},
"rules": [
{
"name": "CognitiveServices",
"sourceAddresses": [
"10.0.1.0/24"
],
"protocols": [
{
"protocolType": "Https",
"port": 443
}
],
"targetFqdns": [
"westeurope.api.cognitive.microsoft.com",
"wwotestperso.cognitiveservices.azure.com"
],
"fqdnTags": [
]
}
]
}
}
],
"ipConfigurations": [
{
"name": "ipConfigName",
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), 'AzureFirewallSubnet')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('fwlIpName'))]"
}
}
}
]
},
"resources": [
{
"type": "providers/diagnosticSettings",
"name": "[concat('Microsoft.Insights/', 'fwl-logs')]",
"apiVersion": "2017-05-01-preview",
"dependsOn": [
"[variables('firewallName')]",
"[variables('loaName')]"
],
"properties": {
"workspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('loaName'))]",
"logs": [
{
"category": "AzureFirewallApplicationRule",
"enabled": true
},
{
"category": "AzureFirewallNetworkRule",
"enabled": true
}
],
"metrics": [
{
"category": "AllMetrics",
"enabled": true
}
]
}
}
],
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses', variables('fwlIpName'))]"
]
},
{
"name": "[variables('fwlIpName')]",
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2019-11-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "standard"
},
"properties": {
"publicIPAllocationMethod": "Static"
}
}
],
"outputs": {
"fwlIp": {
"type": "string",
"value": "[reference(resourceId('Microsoft.Network/azureFirewalls', variables('firewallName')), '2019-11-01').ipConfigurations[0].properties.privateIPAddress]"
},
"vnetName": {
"type": "string",
"value": "[variables('virtualNetworkName')]"
},
"vnetId": {
"type": "string",
"value": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
}
}
}
Raw
azuredeploy-peering.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"virtualNetworkName": {
"type": "string"
},
"peeringName": {
"type": "string"
},
"peerVirtualNetworkId": {
"type": "string"
}
},
"functions": [],
"variables": {},
"resources": [
{
"apiVersion": "2018-08-01",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"name": "[concat(parameters('virtualNetworkName'), '/', parameters('peeringName'))]",
"location": "[resourceGroup().location]",
"properties": {
"allowVirtualNetworkAccess": "true",
"allowForwardedTraffic": "false",
"allowGatewayTransit": "false",
"useRemoteGateways": "false",
"remoteVirtualNetwork": {
"id": "[parameters('peerVirtualNetworkId')]"
}
}
}
],
"outputs": {}
}
Raw
azuredeploy-spoke.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUserName": {
"type": "string"
},
"adminPassword": {
"type": "securestring"
},
"deployLocation": {
"type": "string"
},
"fwlPrivateIp": {
"type": "string"
}
},
"functions": [
],
"variables": {
"vmName": "wintestvm",
"virtualNetworkName": "[concat('vnet-', uniqueString(resourceGroup().name))]",
"routeTableName": "[concat('rot-', uniqueString(resourceGroup().name))]",
"accountName": "wwotestperso",
"bastionName": "[concat('bsh-', uniqueString(resourceGroup().name))]",
"bastionIpName": "[concat(variables('bastionName'), '-ip')]"
},
"resources": [
{
"name": "AllowStorageInSubscription",
"type": "Microsoft.Network/serviceEndpointPolicies",
"apiVersion": "2020-04-01",
"location": "[parameters('deployLocation')]",
"tags": {
},
"properties": {
"serviceEndpointPolicyDefinitions": [
{
"name": "AllowAllSubscriptionStorages",
"properties": {
"service": "Microsoft.Storage",
"serviceResources": [
"[subscription().id]"
]
}
}
]
}
},
{
"name": "[variables('bastionName')]",
"type": "Microsoft.Network/bastionHosts",
"apiVersion": "2019-04-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]",
"[resourceId('Microsoft.Network/publicIPAddresses', variables('bastionIpName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconf",
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), 'AzureBastionSubnet')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('bastionIpName'))]"
}
}
}
]
}
},
{
"name": "[variables('virtualNetworkName')]",
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2019-11-01",
"location": "[parameters('deployLocation')]",
"dependsOn": [
"AllowStorageInSubscription",
"[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]"
],
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.1.0/24"
]
},
"subnets": [
{
"name": "vms-subnet",
"properties": {
"addressPrefix": "10.0.1.0/29",
"routeTable": {
"id": "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]"
},
"serviceEndpoints": [
{
"service": "Microsoft.Storage",
"locations": [
"westeurope"
]
}
],
"serviceEndpointPolicies": [
{
"id": "[resourceId('Microsoft.Network/serviceEndpointPolicies', 'AllowStorageInSubscription')]"
}
]
}
},
{
"name": "AzureBastionSubnet",
"properties": {
"addressPrefix": "10.0.1.128/25"
}
}
]
}
},
{
"name": "[variables('bastionIpName')]",
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2019-11-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "standard"
},
"properties": {
"publicIPAllocationMethod": "Static"
}
},
{
"name": "[variables('routeTableName')]",
"type": "Microsoft.Network/routeTables",
"apiVersion": "2018-08-01",
"location": "[parameters('deployLocation')]",
"properties": {
"routes": [
{
"name": "Default",
"properties": {
"addressPrefix": "0.0.0.0/0",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "[parameters('fwlPrivateIp')]"
}
}
],
"disableBgpRoutePropagation": true
}
},
{
"name": "[concat(variables('vmName'), '-nic')]",
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2019-11-01",
"location": "[parameters('deployLocation')]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]",
"[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipConfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'),'vms-subnet')]"
}
}
}
]
}
},
{
"name": "[variables('vmName')]",
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2019-07-01",
"location": "[parameters('deployLocation')]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkInterfaces', concat(variables('vmName'),'-nic'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "Standard_A2_v2"
},
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "2019-Datacenter",
"version": "latest"
},
"osDisk": {
"name": "[concat(variables('vmName'), 'osdisk')]",
"caching": "ReadWrite",
"createOption": "FromImage"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('vmName'), '-nic'))]"
}
]
}
}
},
{
"type": "Microsoft.CognitiveServices/accounts",
"apiVersion": "2017-04-18",
"name": "[variables('accountName')]",
"location": "[parameters('deployLocation')]",
"kind": "TextAnalytics",
"sku": {
"name": "F0"
}
},
{
"name": "wwologscapture",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"location": "[resourceGroup().location]",
"kind": "StorageV2",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
}
}
],
"outputs": {
"vnetName": {
"type": "string",
"value": "[variables('virtualNetworkName')]"
},
"vnetId": {
"type": "string",
"value": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
}
}
}
Raw
deploy.ps1
$hubSubscriptionId = ""
$hubResourceGroupName = "hub-test"
$spokeSubscriptionId = ""
$spokeResourceGroupName = "spoke-test"
$tenantId = ""
Get-AzSubscription -SubscriptionId $hubSubscriptionId -TenantId $tenantId | Select-AzSubscription
$hubRG = Get-AzResourceGroup -Name $hubResourceGroupName -ErrorAction SilentlyContinue
if ($null -eq $hubRG) {
New-AzResourceGroup -Name $hubResourceGroupName -Location 'West Europe'
}
$hubDeployment = New-AzResourceGroupDeployment -Name 'support-ms' -ResourceGroupName $hubResourceGroupName -TemplateFile .\azuredeploy-hub.json -deployLocation 'westeurope'
$hubDeployment.Outputs.fwlIp.Value
Get-AzSubscription -SubscriptionId $spokeSubscriptionId -TenantId $tenantId | Select-AzSubscription
$spokeRG = Get-AzResourceGroup -Name $spokeResourceGroupName -ErrorAction SilentlyContinue
if ($null -eq $spokeRG) {
New-AzResourceGroup -Name $spokeResourceGroupName -Location 'West Europe'
}
$spokeDeployment = New-AzResourceGroupDeployment -Name 'support-ms' -ResourceGroupName $spokeResourceGroupName -TemplateFile .\azuredeploy-spoke.json -fwlPrivateIp $hubDeployment.Outputs.fwlIp.Value -deployLocation 'westeurope'
New-AzResourceGroupDeployment -Name "peering" -ResourceGroupName $spokeResourceGroupName -TemplateFile .\azuredeploy-peering.json -virtualNetworkName $spokeDeployment.Outputs.vnetName.Value -peeringName 'to-hub' -peerVirtualNetworkId $hubDeployment.Outputs.vnetId.Value
Get-AzSubscription -SubscriptionId $hubSubscriptionId -TenantId $tenantId | Select-AzSubscription
New-AzResourceGroupDeployment -Name "peering" -ResourceGroupName $hubResourceGroupName -TemplateFile .\azuredeploy-peering.json -virtualNetworkName $hubDeployment.Outputs.vnetName.Value -peeringName 'to-spoke' -peerVirtualNetworkId $spokeDeployment.Outputs.vnetId.Value
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment