Public/IaaS/networking/New-CmAzIaasNetworking.Nsgs.json
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "Locations": { "type": "Array" }, "NetworkWatcherResourceGroupName": { "type": "String" }, "Nsgs": { "type": "Array" }, "Workspace": { "type": "Object" } }, "resources": [ { "type": "Microsoft.Resources/Deployments", "apiVersion": "2019-10-01", "name": "Cm_networkWatcher_deployment", "resourceGroup": "[parameters('NetworkWatcherResourceGroupName')]", "properties": { "mode": "Incremental", "expressionEvaluationOptions": { "scope": "Inner" }, "parameters": { "Locations": { "value": "[parameters('Locations')]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "Locations": { "type": "Array" } }, "resources": [ { "name": "[concat('NetworkWatcher_', parameters('Locations')[copyIndex('NetworkWatcherCopy')])]", "type": "Microsoft.Network/networkWatchers", "apiVersion": "2019-04-01", "copy": { "Name": "NetworkWatcherCopy", "Count": "[length(parameters('Locations'))]" }, "location": "[parameters('Locations')[copyIndex('NetworkWatcherCopy')]]", "properties": {}, "resources": [] } ] } } }, { "type": "Microsoft.Resources/Deployments", "apiVersion": "2019-10-01", "name": "[concat('Cm_network_nsg_deployment', '_', copyIndex('Nsgs'))]", "resourceGroup": "[parameters('Nsgs')[copyIndex('Nsgs')].resourceGroup.name]", "copy": { "name": "Nsgs", "count": "[length(parameters('Nsgs'))]" }, "properties": { "mode": "Incremental", "expressionEvaluationOptions": { "scope": "Inner" }, "parameters": { "NetworkWatcherResourceGroupName": { "value": "[parameters('NetworkWatcherResourceGroupName')]" }, "Nsg": { "value": "[parameters('Nsgs')[copyIndex('Nsgs')]]" }, "NsgIndex": { "value": "[copyIndex('Nsgs')]" }, "Workspace": { "value": "[parameters('Workspace')]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "NetworkWatcherResourceGroupName": { "type": "String" }, "Nsg": { "type": "Object" }, "NsgIndex": { "type": "Int" }, "Workspace": { "type": "Object" } }, "resources": [ { "condition": "[not(equals(parameters('Nsg').nsgName, 'none'))]", "apiVersion": "2019-12-01", "type": "Microsoft.Network/NetworkSecurityGroups", "name": "[parameters('Nsg').nsgName]", "location": "[parameters('Nsg').location]", "tags": { "cm-service": "[parameters('Nsg').service.publish.networkSecurityGroup]" }, "properties": { "copy": [ { "name": "securityRules", "count": "[length(parameters('Nsg').rules)]", "input": { "name": "[parameters('Nsg').rules[copyIndex('securityRules')].ruleName]", "properties": { "description": "[parameters('Nsg').rules[copyIndex('securityRules')].description]", "priority": "[parameters('Nsg').rules[copyIndex('securityRules')].priority]", "direction": "[parameters('Nsg').rules[copyIndex('securityRules')].direction]", "sourceAddressPrefix": "[if(not(greater(length(parameters('Nsg').rules[copyIndex('securityRules')].sourceIp), 1)), parameters('Nsg').rules[copyIndex('securityRules')].sourceIp[0], json('null'))]", "sourcePortRange": "[if(not(greater(length(parameters('Nsg').rules[copyIndex('securityRules')].sourcePort), 1)), parameters('Nsg').rules[copyIndex('securityRules')].sourcePort[0], json('null'))]", "destinationAddressPrefix": "[if(not(greater(length(parameters('Nsg').rules[copyIndex('securityRules')].destinationIp), 1)), parameters('Nsg').rules[copyIndex('securityRules')].destinationIp[0], json('null'))]", "destinationPortRange": "[if(not(greater(length(parameters('Nsg').rules[copyIndex('securityRules')].destinationPort), 1)), parameters('Nsg').rules[copyIndex('securityRules')].destinationPort[0], json('null'))]", "SourceAddressPrefixes": "[if(not(greater(length(parameters('Nsg').rules[copyIndex('securityRules')].sourceIp), 1)), json('null'), parameters('Nsg').rules[copyIndex('securityRules')].sourceIp)]", "sourcePortRanges": "[if(not(greater(length(parameters('Nsg').rules[copyIndex('securityRules')].sourcePort), 1)), json('null'), parameters('Nsg').rules[copyIndex('securityRules')].sourcePort)]", "destinationAddressPrefixes": "[if(not(greater(length(parameters('Nsg').rules[copyIndex('securityRules')].destinationIp), 1)), json('null'), parameters('Nsg').rules[copyIndex('securityRules')].destinationIp)]", "destinationPortRanges": "[if(not(greater(length(parameters('Nsg').rules[copyIndex('securityRules')].destinationPort),1)), json('null'), parameters('Nsg').rules[copyIndex('securityRules')].destinationPort)]", "protocol": "[parameters('Nsg').rules[copyIndex('securityRules')].protocol]", "Access": "[parameters('Nsg').rules[copyIndex('securityRules')].Access]" } } } ] } }, { "type": "Microsoft.Network/NetworkSecurityGroups/Providers/DiagnosticSettings", "apiVersion": "2017-05-01-preview", "name": "[concat(parameters('Nsg').nsgName, '/Microsoft.Insights/DiagSettings')]", "dependsOn": [ "[parameters('Nsg').nsgName]" ], "properties": { "workspaceId": "[parameters('Workspace').id]", "logs": [ { "category": "NetworkSecurityGroupEvent", "enabled": true, "retentionPolicy": { "enabled": true, "days": 30 } }, { "category": "NetworkSecurityGroupRuleCounter", "enabled": true, "retentionPolicy": { "enabled": true, "days": 30 } } ] } }, { "type": "Microsoft.Resources/Deployments", "apiVersion": "2019-10-01", "name": "[concat('Cm_network_flowLog_deployment_', parameters('NsgIndex'))]", "dependsOn": [ "[parameters('Nsg').nsgName]" ], "resourceGroup": "[parameters('NetworkWatcherResourceGroupName')]", "properties": { "mode": "Incremental", "expressionEvaluationOptions": { "scope": "Inner" }, "parameters": { "Nsg": { "value": "[parameters('Nsg')]" }, "NsgRg": { "value": "[resourceGroup()]" }, "Workspace": { "value": "[parameters('Workspace')]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "Nsg": { "type": "Object" }, "NsgRg": { "type": "Object" }, "Workspace": { "type": "Object" } }, "resources": [ { "name": "[concat('NetworkWatcher_', parameters('Nsg').location, '/', parameters('Nsg').nsgName, '-FlowLogs')]", "apiVersion": "2019-04-01", "type": "Microsoft.Network/NetworkWatchers/FlowLogs", "location": "[parameters('Nsg').location]", "properties": { "targetResourceId": "[ResourceId(parameters('NsgRg').name, 'Microsoft.Network/NetworkSecurityGroups', parameters('Nsg').nsgName)]", "StorageId": "[parameters('Nsg').storageAccountId]", "enabled": true, "retentionPolicy": { "days": 90, "enabled": true }, "format": { "type": "JSON", "version": 2 }, "flowAnalyticsConfiguration": { "networkWatcherFlowAnalyticsConfiguration": { "enabled": true, "workspaceRegion": "[parameters('Workspace').location]", "workspaceResourceId": "[parameters('Workspace').resourceId]", "trafficAnalyticsInterval": 60 } } } } ] } } } ] } } } ] } |