From 0d5d94f59e0d198a85a9dfcb7e478d00f35ce318 Mon Sep 17 00:00:00 2001 From: Steve Keeler Date: Wed, 26 Jan 2022 23:51:59 -0500 Subject: [PATCH 1/5] ocag148 yaml config --- config/variables/ocag148outlook-main.yml | 284 +++++++++++++++++++++++ 1 file changed, 284 insertions(+) create mode 100644 config/variables/ocag148outlook-main.yml diff --git a/config/variables/ocag148outlook-main.yml b/config/variables/ocag148outlook-main.yml new file mode 100644 index 00000000..5fdebcd8 --- /dev/null +++ b/config/variables/ocag148outlook-main.yml @@ -0,0 +1,284 @@ +# ---------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT license. +# +# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. +# ---------------------------------------------------------------------------------- + +# Environment YAML files can be used to supplement +# the variables specified in 'config/variables/common.yml'. You can: +# * Override existing common-vars.yml variable value settings, and +# * Create new variable values not present in common-vars.yml +# +# The naming convention for these YAML files is: +# {organization}-{branch}.yml +# +# where {organization} is the organization variable from the +# common.yml file +# and {branch} is the Azure Repos branch name used by the +# currently executing pipeline. + +variables: + # Management Groups + var-parentManagementGroupId: c0156602-5e7d-47be-9128-69dbf7152c17 + var-topLevelManagementGroupName: pubsec + + # Logging + var-logging-managementGroupId: pubsecPlatformManagement + var-logging-subscriptionId: 640251f9-f1ee-4b33-93ee-d49a8e8347d4 + var-logging-logAnalyticsResourceGroupName: pubsec-central-logging-rg + var-logging-logAnalyticsWorkspaceName: log-analytics-workspace + var-logging-logAnalyticsRetentionInDays: 730 + var-logging-logAnalyticsAutomationAccountName: automation-account + var-logging-diagnosticSettingsforNetworkSecurityGroupsStoragePrefix: pubsecnsg + var-logging-serviceHealthAlerts: > + { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ "Incident", "Security" ], + "regions": [ "Global", "Canada East", "Canada Central" ], + "receivers": { + "app": [ "alzcanadapubsec@microsoft.com" ], + "email": [ "alzcanadapubsec@microsoft.com" ], + "sms": [ + { "countryCode": "1", "phoneNumber": "5555555555" } + ], + "voice": [ + { "countryCode": "1", "phoneNumber": "5555555555" } + ] + }, + "actionGroupName": "ALZ action group", + "actionGroupShortName": "alz-alert", + "alertRuleName": "ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + var-logging-securityCenter: > + { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + var-logging-subscriptionRoleAssignments: > + [ + { + "comments": "Built-in Contributor Role", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "11dbef19-b7fe-43d1-afa8-20fe286bc3d0" + ] + } + ] + var-logging-subscriptionBudget: > + { + "createBudget": false, + "name": "MonthlySubscriptionBudget", + "amount": 1000, + "timeGrain": "Monthly", + "contactEmails": [ "alzcanadapubsec@microsoft.com" ] + } + var-logging-subscriptionTags: > + { + "ISSO": "isso-tbd" + } + var-logging-resourceTags: > + { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + + # Hub Networking + var-hubnetwork-managementGroupId: pubsecPlatformConnectivity + var-hubnetwork-subscriptionId: 49f510ff-d019-47c4-b2dd-d6781b4b6d7b + var-hubnetwork-serviceHealthAlerts: > + { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ "Incident", "Security" ], + "regions": [ "Global", "Canada East", "Canada Central" ], + "receivers": { + "app": [ "alzcanadapubsec@microsoft.com" ], + "email": [ "alzcanadapubsec@microsoft.com" ], + "sms": [ + { "countryCode": "1", "phoneNumber": "5555555555" } + ], + "voice": [ + { "countryCode": "1", "phoneNumber": "5555555555" } + ] + }, + "actionGroupName": "ALZ action group", + "actionGroupShortName": "alz-alert", + "alertRuleName": "ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + var-hubnetwork-securityCenter: > + { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + var-hubnetwork-subscriptionRoleAssignments: > + [ + { + "comments": "Built-in Contributor Role", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "11dbef19-b7fe-43d1-afa8-20fe286bc3d0" + ] + } + ] + var-hubnetwork-subscriptionBudget: > + { + "createBudget": false, + "name": "MonthlySubscriptionBudget", + "amount": 1000, + "timeGrain": "Monthly", + "contactEmails": [ "alzcanadapubsec@microsoft.com" ] + } + var-hubnetwork-subscriptionTags: > + { + "ISSO": "isso-tbd" + } + var-hubnetwork-resourceTags: > + { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + + ## Hub Networking - Private Dns Zones + var-hubnetwork-deployPrivateDnsZones: true + var-hubnetwork-rgPrivateDnsZonesName: pubsec-dns-rg + + ## Hub Networking - DDOS + var-hubnetwork-deployDdosStandard: false + var-hubnetwork-rgDdosName: pubsec-ddos-rg + var-hubnetwork-ddosPlanName: ddos-plan + + ## Hub Networking - Public Zone + var-hubnetwork-rgPazName: pubsec-public-access-zone-rg + + ## Hub Networking - Management Restricted Zone Virtual Network + var-hubnetwork-rgMrzName: pubsec-management-restricted-zone-rg + var-hubnetwork-mrzVnetName: management-restricted-vnet + var-hubnetwork-mrzVnetAddressPrefixRFC1918: 10.18.4.0/22 + + var-hubnetwork-mrzMazSubnetName: MazSubnet + var-hubnetwork-mrzMazSubnetAddressPrefix: 10.18.4.0/25 + + var-hubnetwork-mrzInfSubnetName: InfSubnet + var-hubnetwork-mrzInfSubnetAddressPrefix: 10.18.4.128/25 + + var-hubnetwork-mrzSecSubnetName: SecSubnet + var-hubnetwork-mrzSecSubnetAddressPrefix: 10.18.5.0/26 + + var-hubnetwork-mrzLogSubnetName: LogSubnet + var-hubnetwork-mrzLogSubnetAddressPrefix: 10.18.5.64/26 + + var-hubnetwork-mrzMgmtSubnetName: MgmtSubnet + var-hubnetwork-mrzMgmtSubnetAddressPrefix: 10.18.5.128/26 + + var-hubnetwork-bastionName: bastion + var-hubnetwork-bastionSku: Basic + var-hubnetwork-bastionScaleUnits: 2 + + #################################################################################### + ### Hub Networking with Azure Firewall ### + #################################################################################### + var-hubnetwork-azfw-rgPolicyName: pubsec-azure-firewall-policy-rg + var-hubnetwork-azfw-policyName: pubsecAzureFirewallPolicy + + var-hubnetwork-azfw-rgHubName: pubsec-hub-networking-rg + var-hubnetwork-azfw-hubVnetName: hub-vnet + var-hubnetwork-azfw-hubVnetAddressPrefixRFC1918: 10.18.0.0/22 + var-hubnetwork-azfw-hubVnetAddressPrefixRFC6598: 100.60.0.0/16 + var-hubnetwork-azfw-hubVnetAddressPrefixBastion: 192.168.0.0/16 + + var-hubnetwork-azfw-hubPazSubnetName: PAZSubnet + var-hubnetwork-azfw-hubPazSubnetAddressPrefix: 100.60.1.0/24 + + var-hubnetwork-azfw-hubGatewaySubnetPrefix: 10.18.0.0/27 + var-hubnetwork-azfw-hubAzureFirewallSubnetAddressPrefix: 10.18.1.0/24 + var-hubnetwork-azfw-hubAzureFirewallManagementSubnetAddressPrefix: 10.18.2.0/26 + var-hubnetwork-azfw-hubBastionSubnetAddressPrefix: 192.168.0.0/24 + + var-hubnetwork-azfw-azureFirewallName: pubsecAzureFirewall + var-hubnetwork-azfw-azureFirewallZones: '["1", "2", "3"]' + var-hubnetwork-azfw-azureFirewallForcedTunnelingEnabled: false + var-hubnetwork-azfw-azureFirewallForcedTunnelingNextHop: 10.17.1.4 + + #################################################################################### + ### Hub Networking with Fortinet Firewalls ### + #################################################################################### + + ## Hub Networking - Core Virtual Network + var-hubnetwork-nva-rgHubName: pubsec-hub-networking-rg + var-hubnetwork-nva-hubVnetName: hub-vnet + var-hubnetwork-nva-hubVnetAddressPrefixRFC1918: 10.18.0.0/22 + var-hubnetwork-nva-hubVnetAddressPrefixRFC6598: 100.60.0.0/16 + var-hubnetwork-nva-hubVnetAddressPrefixBastion: 192.168.0.0/16 + + var-hubnetwork-nva-hubEanSubnetName: EanSubnet + var-hubnetwork-nva-hubEanSubnetAddressPrefix: 10.18.0.0/27 + + var-hubnetwork-nva-hubPublicSubnetName: PublicSubnet + var-hubnetwork-nva-hubPublicSubnetAddressPrefix: 100.60.0.0/24 + + var-hubnetwork-nva-hubPazSubnetName: PAZSubnet + var-hubnetwork-nva-hubPazSubnetAddressPrefix: 100.60.1.0/24 + + var-hubnetwork-nva-hubDevIntSubnetName: DevIntSubnet + var-hubnetwork-nva-hubDevIntSubnetAddressPrefix: 10.18.0.64/27 + + var-hubnetwork-nva-hubProdIntSubnetName: PrdIntSubnet + var-hubnetwork-nva-hubProdIntSubnetAddressPrefix: 10.18.0.32/27 + + var-hubnetwork-nva-hubMrzIntSubnetName: MrzSubnet + var-hubnetwork-nva-hubMrzIntSubnetAddressPrefix: 10.18.0.96/27 + + var-hubnetwork-nva-hubHASubnetName: HASubnet + var-hubnetwork-nva-hubHASubnetAddressPrefix: 10.18.0.128/28 + + var-hubnetwork-nva-hubGatewaySubnetPrefix: 10.18.1.0/27 + + var-hubnetwork-nva-hubBastionSubnetAddressPrefix: 192.168.0.0/24 + + ## Hub Networking - Firewall Virtual Appliances + var-hubnetwork-nva-deployFirewallVMs: false + var-hubnetwork-nva-useFortigateFW: false + + ### Hub Networking - Firewall Virtual Appliances - For Non-production Traffic + var-hubnetwork-nva-fwDevILBName: pubsecDevFWILB + var-hubnetwork-nva-fwDevVMSku: Standard_D8s_v4 + var-hubnetwork-nva-fwDevVM1Name: pubsecDevFW1 + var-hubnetwork-nva-fwDevVM2Name: pubsecDevFW2 + var-hubnetwork-nva-fwDevILBExternalFacingIP: 100.60.0.7 + var-hubnetwork-nva-fwDevVM1ExternalFacingIP: 100.60.0.8 + var-hubnetwork-nva-fwDevVM2ExternalFacingIP: 100.60.0.9 + var-hubnetwork-nva-fwDevVM1MrzIntIP: 10.18.0.104 + var-hubnetwork-nva-fwDevVM2MrzIntIP: 10.18.0.105 + var-hubnetwork-nva-fwDevILBDevIntIP: 10.18.0.68 + var-hubnetwork-nva-fwDevVM1DevIntIP: 10.18.0.69 + var-hubnetwork-nva-fwDevVM2DevIntIP: 10.18.0.70 + var-hubnetwork-nva-fwDevVM1HAIP: 10.18.0.134 + var-hubnetwork-nva-fwDevVM2HAIP: 10.18.0.135 + + ### Hub Networking - Firewall Virtual Appliances - For Production Traffic + var-hubnetwork-nva-fwProdILBName: pubsecProdFWILB + var-hubnetwork-nva-fwProdVMSku: Standard_F8s_v2 + var-hubnetwork-nva-fwProdVM1Name: pubsecProdFW1 + var-hubnetwork-nva-fwProdVM2Name: pubsecProdFW2 + var-hubnetwork-nva-fwProdILBExternalFacingIP: 100.60.0.4 + var-hubnetwork-nva-fwProdVM1ExternalFacingIP: 100.60.0.5 + var-hubnetwork-nva-fwProdVM2ExternalFacingIP: 100.60.0.6 + var-hubnetwork-nva-fwProdVM1MrzIntIP: 10.18.0.101 + var-hubnetwork-nva-fwProdVM2MrzIntIP: 10.18.0.102 + var-hubnetwork-nva-fwProdILBPrdIntIP: 10.18.0.36 + var-hubnetwork-nva-fwProdVM1PrdIntIP: 10.18.0.37 + var-hubnetwork-nva-fwProdVM2PrdIntIP: 10.18.0.38 + var-hubnetwork-nva-fwProdVM1HAIP: 10.18.0.132 + var-hubnetwork-nva-fwProdVM2HAIP: 10.18.0.133 \ No newline at end of file From 744cd37eb34c706193f66f6d89908f3e6cd40b9e Mon Sep 17 00:00:00 2001 From: Steve Keeler Date: Thu, 27 Jan 2022 09:27:38 -0500 Subject: [PATCH 2/5] generic subscription config --- ...d5_generic-subscription_canadacentral.json | 170 ++++++++++++++++++ 1 file changed, 170 insertions(+) create mode 100644 config/subscriptions/ocag148outlook-main/pubsec/LandingZones/DevTest/aef2d8e7-284e-4855-942b-6afc0469d1d5_generic-subscription_canadacentral.json diff --git a/config/subscriptions/ocag148outlook-main/pubsec/LandingZones/DevTest/aef2d8e7-284e-4855-942b-6afc0469d1d5_generic-subscription_canadacentral.json b/config/subscriptions/ocag148outlook-main/pubsec/LandingZones/DevTest/aef2d8e7-284e-4855-942b-6afc0469d1d5_generic-subscription_canadacentral.json new file mode 100644 index 00000000..18b02a67 --- /dev/null +++ b/config/subscriptions/ocag148outlook-main/pubsec/LandingZones/DevTest/aef2d8e7-284e-4855-942b-6afc0469d1d5_generic-subscription_canadacentral.json @@ -0,0 +1,170 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ "Incident", "Security" ], + "regions": [ "Global", "Canada East", "Canada Central" ], + "receivers": { + "app": [ "alzcanadapubsec@microsoft.com" ], + "email": [ "alzcanadapubsec@microsoft.com" ], + "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], + "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] + }, + "actionGroupName": "Sub1 ALZ action group", + "actionGroupShortName": "sub1-alert", + "alertRuleName": "Sub1 ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Role: Contributor", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "11dbef19-b7fe-43d1-afa8-20fe286bc3d0" + ] + }, + { + "comments": "Custom Role: Landing Zone Application Owner", + "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", + "securityGroupObjectIds": [ + "11dbef19-b7fe-43d1-afa8-20fe286bc3d0" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": false + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tag" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "resourceGroups": { + "value": { + "automation": "rgAutomation102021W1", + "networking": "rgVnet102021W1", + "networkWatcher": "NetworkWatcherRG", + "backupRecoveryVault":"rgRecovervyVault102021W1" + } + }, + "automation": { + "value": { + "name": "automation" + } + }, + "backupRecoveryVault":{ + "value": { + "enabled":true, + "name":"bkupvault" + } + }, + "hubNetwork": { + "value": { + "virtualNetworkId": "/subscriptions/49f510ff-d019-47c4-b2dd-d6781b4b6d7b/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", + "rfc1918IPRange": "10.18.0.0/22", + "rfc6598IPRange": "100.60.0.0/16", + "egressVirtualApplianceIp": "10.18.1.4" + } + }, + "network": { + "value": { + "deployVnet": true, + "peerToHubVirtualNetwork": true, + "useRemoteGateway": false, + "name": "vnet", + "dnsServers": [ + "10.18.1.4" + ], + "addressPrefixes": [ + "10.2.0.0/16" + ], + "subnets": { + "oz": { + "comments": "Foundational Elements Zone (OZ)", + "name": "oz", + "addressPrefix": "10.2.1.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + "paz": { + "comments": "Presentation Zone (PAZ)", + "name": "paz", + "addressPrefix": "10.2.2.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + "rz": { + "comments": "Application Zone (RZ)", + "name": "rz", + "addressPrefix": "10.2.3.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + "hrz": { + "comments": "Data Zone (HRZ)", + "name": "hrz", + "addressPrefix": "10.2.4.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + "optional": [ + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" + } + } + ] + } + } + } + } +} \ No newline at end of file From fec04b23f1b13d4f6a5e2c5f6f5943e843ae40e4 Mon Sep 17 00:00:00 2001 From: Steve Keeler Date: Sun, 27 Feb 2022 19:50:04 -0500 Subject: [PATCH 3/5] Fix Show Variables error on missing variables --- .pipelines/templates/steps/show-variables.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/templates/steps/show-variables.yml b/.pipelines/templates/steps/show-variables.yml index 5c7208f4..3ce1b8d3 100644 --- a/.pipelines/templates/steps/show-variables.yml +++ b/.pipelines/templates/steps/show-variables.yml @@ -20,7 +20,7 @@ steps: inputs: targetType: inline script: | - $(var-bashPreInjectScript) + # $(var-bashPreInjectScript) echo echo From db0d2580092c5d1a1d36e4f9276a6f0862e6b1eb Mon Sep 17 00:00:00 2001 From: Steve Keeler Date: Sun, 27 Feb 2022 19:58:09 -0500 Subject: [PATCH 4/5] Delete aef2d8e7-284e-4855-942b-6afc0469d1d5_generic-subscription_canadacentral.json Remove test subscription configuration file --- ...d5_generic-subscription_canadacentral.json | 170 ------------------ 1 file changed, 170 deletions(-) delete mode 100644 config/subscriptions/ocag148outlook-main/pubsec/LandingZones/DevTest/aef2d8e7-284e-4855-942b-6afc0469d1d5_generic-subscription_canadacentral.json diff --git a/config/subscriptions/ocag148outlook-main/pubsec/LandingZones/DevTest/aef2d8e7-284e-4855-942b-6afc0469d1d5_generic-subscription_canadacentral.json b/config/subscriptions/ocag148outlook-main/pubsec/LandingZones/DevTest/aef2d8e7-284e-4855-942b-6afc0469d1d5_generic-subscription_canadacentral.json deleted file mode 100644 index 18b02a67..00000000 --- a/config/subscriptions/ocag148outlook-main/pubsec/LandingZones/DevTest/aef2d8e7-284e-4855-942b-6afc0469d1d5_generic-subscription_canadacentral.json +++ /dev/null @@ -1,170 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "serviceHealthAlerts": { - "value": { - "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ "Incident", "Security" ], - "regions": [ "Global", "Canada East", "Canada Central" ], - "receivers": { - "app": [ "alzcanadapubsec@microsoft.com" ], - "email": [ "alzcanadapubsec@microsoft.com" ], - "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], - "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] - }, - "actionGroupName": "Sub1 ALZ action group", - "actionGroupShortName": "sub1-alert", - "alertRuleName": "Sub1 ALZ alert rule", - "alertRuleDescription": "Alert rule for Azure Landing Zone" - } - }, - "securityCenter": { - "value": { - "email": "alzcanadapubsec@microsoft.com", - "phone": "5555555555" - } - }, - "subscriptionRoleAssignments": { - "value": [ - { - "comments": "Built-in Role: Contributor", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "securityGroupObjectIds": [ - "11dbef19-b7fe-43d1-afa8-20fe286bc3d0" - ] - }, - { - "comments": "Custom Role: Landing Zone Application Owner", - "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", - "securityGroupObjectIds": [ - "11dbef19-b7fe-43d1-afa8-20fe286bc3d0" - ] - } - ] - }, - "subscriptionBudget": { - "value": { - "createBudget": false - } - }, - "subscriptionTags": { - "value": { - "ISSO": "isso-tag" - } - }, - "resourceTags": { - "value": { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - }, - "resourceGroups": { - "value": { - "automation": "rgAutomation102021W1", - "networking": "rgVnet102021W1", - "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecovervyVault102021W1" - } - }, - "automation": { - "value": { - "name": "automation" - } - }, - "backupRecoveryVault":{ - "value": { - "enabled":true, - "name":"bkupvault" - } - }, - "hubNetwork": { - "value": { - "virtualNetworkId": "/subscriptions/49f510ff-d019-47c4-b2dd-d6781b4b6d7b/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", - "rfc1918IPRange": "10.18.0.0/22", - "rfc6598IPRange": "100.60.0.0/16", - "egressVirtualApplianceIp": "10.18.1.4" - } - }, - "network": { - "value": { - "deployVnet": true, - "peerToHubVirtualNetwork": true, - "useRemoteGateway": false, - "name": "vnet", - "dnsServers": [ - "10.18.1.4" - ], - "addressPrefixes": [ - "10.2.0.0/16" - ], - "subnets": { - "oz": { - "comments": "Foundational Elements Zone (OZ)", - "name": "oz", - "addressPrefix": "10.2.1.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - "paz": { - "comments": "Presentation Zone (PAZ)", - "name": "paz", - "addressPrefix": "10.2.2.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - "rz": { - "comments": "Application Zone (RZ)", - "name": "rz", - "addressPrefix": "10.2.3.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - "hrz": { - "comments": "Data Zone (HRZ)", - "name": "hrz", - "addressPrefix": "10.2.4.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } - } - ] - } - } - } - } -} \ No newline at end of file From e7ff81199d55e0c61f6402a70b046f1801ddc32e Mon Sep 17 00:00:00 2001 From: Steve Keeler Date: Sun, 27 Feb 2022 19:58:46 -0500 Subject: [PATCH 5/5] Delete ocag148outlook-main.yml Remove test environment configuration file --- config/variables/ocag148outlook-main.yml | 284 ----------------------- 1 file changed, 284 deletions(-) delete mode 100644 config/variables/ocag148outlook-main.yml diff --git a/config/variables/ocag148outlook-main.yml b/config/variables/ocag148outlook-main.yml deleted file mode 100644 index 5fdebcd8..00000000 --- a/config/variables/ocag148outlook-main.yml +++ /dev/null @@ -1,284 +0,0 @@ -# ---------------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT license. -# -# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. -# ---------------------------------------------------------------------------------- - -# Environment YAML files can be used to supplement -# the variables specified in 'config/variables/common.yml'. You can: -# * Override existing common-vars.yml variable value settings, and -# * Create new variable values not present in common-vars.yml -# -# The naming convention for these YAML files is: -# {organization}-{branch}.yml -# -# where {organization} is the organization variable from the -# common.yml file -# and {branch} is the Azure Repos branch name used by the -# currently executing pipeline. - -variables: - # Management Groups - var-parentManagementGroupId: c0156602-5e7d-47be-9128-69dbf7152c17 - var-topLevelManagementGroupName: pubsec - - # Logging - var-logging-managementGroupId: pubsecPlatformManagement - var-logging-subscriptionId: 640251f9-f1ee-4b33-93ee-d49a8e8347d4 - var-logging-logAnalyticsResourceGroupName: pubsec-central-logging-rg - var-logging-logAnalyticsWorkspaceName: log-analytics-workspace - var-logging-logAnalyticsRetentionInDays: 730 - var-logging-logAnalyticsAutomationAccountName: automation-account - var-logging-diagnosticSettingsforNetworkSecurityGroupsStoragePrefix: pubsecnsg - var-logging-serviceHealthAlerts: > - { - "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ "Incident", "Security" ], - "regions": [ "Global", "Canada East", "Canada Central" ], - "receivers": { - "app": [ "alzcanadapubsec@microsoft.com" ], - "email": [ "alzcanadapubsec@microsoft.com" ], - "sms": [ - { "countryCode": "1", "phoneNumber": "5555555555" } - ], - "voice": [ - { "countryCode": "1", "phoneNumber": "5555555555" } - ] - }, - "actionGroupName": "ALZ action group", - "actionGroupShortName": "alz-alert", - "alertRuleName": "ALZ alert rule", - "alertRuleDescription": "Alert rule for Azure Landing Zone" - } - var-logging-securityCenter: > - { - "email": "alzcanadapubsec@microsoft.com", - "phone": "5555555555" - } - var-logging-subscriptionRoleAssignments: > - [ - { - "comments": "Built-in Contributor Role", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "securityGroupObjectIds": [ - "11dbef19-b7fe-43d1-afa8-20fe286bc3d0" - ] - } - ] - var-logging-subscriptionBudget: > - { - "createBudget": false, - "name": "MonthlySubscriptionBudget", - "amount": 1000, - "timeGrain": "Monthly", - "contactEmails": [ "alzcanadapubsec@microsoft.com" ] - } - var-logging-subscriptionTags: > - { - "ISSO": "isso-tbd" - } - var-logging-resourceTags: > - { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - - # Hub Networking - var-hubnetwork-managementGroupId: pubsecPlatformConnectivity - var-hubnetwork-subscriptionId: 49f510ff-d019-47c4-b2dd-d6781b4b6d7b - var-hubnetwork-serviceHealthAlerts: > - { - "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ "Incident", "Security" ], - "regions": [ "Global", "Canada East", "Canada Central" ], - "receivers": { - "app": [ "alzcanadapubsec@microsoft.com" ], - "email": [ "alzcanadapubsec@microsoft.com" ], - "sms": [ - { "countryCode": "1", "phoneNumber": "5555555555" } - ], - "voice": [ - { "countryCode": "1", "phoneNumber": "5555555555" } - ] - }, - "actionGroupName": "ALZ action group", - "actionGroupShortName": "alz-alert", - "alertRuleName": "ALZ alert rule", - "alertRuleDescription": "Alert rule for Azure Landing Zone" - } - var-hubnetwork-securityCenter: > - { - "email": "alzcanadapubsec@microsoft.com", - "phone": "5555555555" - } - var-hubnetwork-subscriptionRoleAssignments: > - [ - { - "comments": "Built-in Contributor Role", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "securityGroupObjectIds": [ - "11dbef19-b7fe-43d1-afa8-20fe286bc3d0" - ] - } - ] - var-hubnetwork-subscriptionBudget: > - { - "createBudget": false, - "name": "MonthlySubscriptionBudget", - "amount": 1000, - "timeGrain": "Monthly", - "contactEmails": [ "alzcanadapubsec@microsoft.com" ] - } - var-hubnetwork-subscriptionTags: > - { - "ISSO": "isso-tbd" - } - var-hubnetwork-resourceTags: > - { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - - ## Hub Networking - Private Dns Zones - var-hubnetwork-deployPrivateDnsZones: true - var-hubnetwork-rgPrivateDnsZonesName: pubsec-dns-rg - - ## Hub Networking - DDOS - var-hubnetwork-deployDdosStandard: false - var-hubnetwork-rgDdosName: pubsec-ddos-rg - var-hubnetwork-ddosPlanName: ddos-plan - - ## Hub Networking - Public Zone - var-hubnetwork-rgPazName: pubsec-public-access-zone-rg - - ## Hub Networking - Management Restricted Zone Virtual Network - var-hubnetwork-rgMrzName: pubsec-management-restricted-zone-rg - var-hubnetwork-mrzVnetName: management-restricted-vnet - var-hubnetwork-mrzVnetAddressPrefixRFC1918: 10.18.4.0/22 - - var-hubnetwork-mrzMazSubnetName: MazSubnet - var-hubnetwork-mrzMazSubnetAddressPrefix: 10.18.4.0/25 - - var-hubnetwork-mrzInfSubnetName: InfSubnet - var-hubnetwork-mrzInfSubnetAddressPrefix: 10.18.4.128/25 - - var-hubnetwork-mrzSecSubnetName: SecSubnet - var-hubnetwork-mrzSecSubnetAddressPrefix: 10.18.5.0/26 - - var-hubnetwork-mrzLogSubnetName: LogSubnet - var-hubnetwork-mrzLogSubnetAddressPrefix: 10.18.5.64/26 - - var-hubnetwork-mrzMgmtSubnetName: MgmtSubnet - var-hubnetwork-mrzMgmtSubnetAddressPrefix: 10.18.5.128/26 - - var-hubnetwork-bastionName: bastion - var-hubnetwork-bastionSku: Basic - var-hubnetwork-bastionScaleUnits: 2 - - #################################################################################### - ### Hub Networking with Azure Firewall ### - #################################################################################### - var-hubnetwork-azfw-rgPolicyName: pubsec-azure-firewall-policy-rg - var-hubnetwork-azfw-policyName: pubsecAzureFirewallPolicy - - var-hubnetwork-azfw-rgHubName: pubsec-hub-networking-rg - var-hubnetwork-azfw-hubVnetName: hub-vnet - var-hubnetwork-azfw-hubVnetAddressPrefixRFC1918: 10.18.0.0/22 - var-hubnetwork-azfw-hubVnetAddressPrefixRFC6598: 100.60.0.0/16 - var-hubnetwork-azfw-hubVnetAddressPrefixBastion: 192.168.0.0/16 - - var-hubnetwork-azfw-hubPazSubnetName: PAZSubnet - var-hubnetwork-azfw-hubPazSubnetAddressPrefix: 100.60.1.0/24 - - var-hubnetwork-azfw-hubGatewaySubnetPrefix: 10.18.0.0/27 - var-hubnetwork-azfw-hubAzureFirewallSubnetAddressPrefix: 10.18.1.0/24 - var-hubnetwork-azfw-hubAzureFirewallManagementSubnetAddressPrefix: 10.18.2.0/26 - var-hubnetwork-azfw-hubBastionSubnetAddressPrefix: 192.168.0.0/24 - - var-hubnetwork-azfw-azureFirewallName: pubsecAzureFirewall - var-hubnetwork-azfw-azureFirewallZones: '["1", "2", "3"]' - var-hubnetwork-azfw-azureFirewallForcedTunnelingEnabled: false - var-hubnetwork-azfw-azureFirewallForcedTunnelingNextHop: 10.17.1.4 - - #################################################################################### - ### Hub Networking with Fortinet Firewalls ### - #################################################################################### - - ## Hub Networking - Core Virtual Network - var-hubnetwork-nva-rgHubName: pubsec-hub-networking-rg - var-hubnetwork-nva-hubVnetName: hub-vnet - var-hubnetwork-nva-hubVnetAddressPrefixRFC1918: 10.18.0.0/22 - var-hubnetwork-nva-hubVnetAddressPrefixRFC6598: 100.60.0.0/16 - var-hubnetwork-nva-hubVnetAddressPrefixBastion: 192.168.0.0/16 - - var-hubnetwork-nva-hubEanSubnetName: EanSubnet - var-hubnetwork-nva-hubEanSubnetAddressPrefix: 10.18.0.0/27 - - var-hubnetwork-nva-hubPublicSubnetName: PublicSubnet - var-hubnetwork-nva-hubPublicSubnetAddressPrefix: 100.60.0.0/24 - - var-hubnetwork-nva-hubPazSubnetName: PAZSubnet - var-hubnetwork-nva-hubPazSubnetAddressPrefix: 100.60.1.0/24 - - var-hubnetwork-nva-hubDevIntSubnetName: DevIntSubnet - var-hubnetwork-nva-hubDevIntSubnetAddressPrefix: 10.18.0.64/27 - - var-hubnetwork-nva-hubProdIntSubnetName: PrdIntSubnet - var-hubnetwork-nva-hubProdIntSubnetAddressPrefix: 10.18.0.32/27 - - var-hubnetwork-nva-hubMrzIntSubnetName: MrzSubnet - var-hubnetwork-nva-hubMrzIntSubnetAddressPrefix: 10.18.0.96/27 - - var-hubnetwork-nva-hubHASubnetName: HASubnet - var-hubnetwork-nva-hubHASubnetAddressPrefix: 10.18.0.128/28 - - var-hubnetwork-nva-hubGatewaySubnetPrefix: 10.18.1.0/27 - - var-hubnetwork-nva-hubBastionSubnetAddressPrefix: 192.168.0.0/24 - - ## Hub Networking - Firewall Virtual Appliances - var-hubnetwork-nva-deployFirewallVMs: false - var-hubnetwork-nva-useFortigateFW: false - - ### Hub Networking - Firewall Virtual Appliances - For Non-production Traffic - var-hubnetwork-nva-fwDevILBName: pubsecDevFWILB - var-hubnetwork-nva-fwDevVMSku: Standard_D8s_v4 - var-hubnetwork-nva-fwDevVM1Name: pubsecDevFW1 - var-hubnetwork-nva-fwDevVM2Name: pubsecDevFW2 - var-hubnetwork-nva-fwDevILBExternalFacingIP: 100.60.0.7 - var-hubnetwork-nva-fwDevVM1ExternalFacingIP: 100.60.0.8 - var-hubnetwork-nva-fwDevVM2ExternalFacingIP: 100.60.0.9 - var-hubnetwork-nva-fwDevVM1MrzIntIP: 10.18.0.104 - var-hubnetwork-nva-fwDevVM2MrzIntIP: 10.18.0.105 - var-hubnetwork-nva-fwDevILBDevIntIP: 10.18.0.68 - var-hubnetwork-nva-fwDevVM1DevIntIP: 10.18.0.69 - var-hubnetwork-nva-fwDevVM2DevIntIP: 10.18.0.70 - var-hubnetwork-nva-fwDevVM1HAIP: 10.18.0.134 - var-hubnetwork-nva-fwDevVM2HAIP: 10.18.0.135 - - ### Hub Networking - Firewall Virtual Appliances - For Production Traffic - var-hubnetwork-nva-fwProdILBName: pubsecProdFWILB - var-hubnetwork-nva-fwProdVMSku: Standard_F8s_v2 - var-hubnetwork-nva-fwProdVM1Name: pubsecProdFW1 - var-hubnetwork-nva-fwProdVM2Name: pubsecProdFW2 - var-hubnetwork-nva-fwProdILBExternalFacingIP: 100.60.0.4 - var-hubnetwork-nva-fwProdVM1ExternalFacingIP: 100.60.0.5 - var-hubnetwork-nva-fwProdVM2ExternalFacingIP: 100.60.0.6 - var-hubnetwork-nva-fwProdVM1MrzIntIP: 10.18.0.101 - var-hubnetwork-nva-fwProdVM2MrzIntIP: 10.18.0.102 - var-hubnetwork-nva-fwProdILBPrdIntIP: 10.18.0.36 - var-hubnetwork-nva-fwProdVM1PrdIntIP: 10.18.0.37 - var-hubnetwork-nva-fwProdVM2PrdIntIP: 10.18.0.38 - var-hubnetwork-nva-fwProdVM1HAIP: 10.18.0.132 - var-hubnetwork-nva-fwProdVM2HAIP: 10.18.0.133 \ No newline at end of file