Azure · ahmadabdalla · Oct 13, 2023 · Oct 12, 2023 · Oct 12, 2023 · Oct 12, 2023
@@ -6,10 +6,10 @@ This module deploys an Azure Active Directory Domain Services (AADDS).
 
 - [Resource types](#Resource-types)
 - [Parameters](#Parameters)
-- [Considerations](#Considerations)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
 - [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
 
 ## Resource types
 
@@ -167,38 +167,6 @@ tags: {
 </details>
 <p>
 
-## Considerations
-
-- A network security group has to be created and assigned to the designated AADDS subnet before deploying this module
-  - The following inbound rules should be allowed on the network security group
-    | Name | Protocol | Source Port Range | Source Address Prefix | Destination Port Range | Destination Address Prefix |
-    | - | - | - | - | - | - |
-    | AllowSyncWithAzureAD | TCP | `*` | `AzureActiveDirectoryDomainServices` | `443` | `*` |
-    | AllowPSRemoting | TCP | `*` | `AzureActiveDirectoryDomainServices` | `5986` | `*` |
-- Associating a route table to the AADDS subnet is not recommended
-- The network used for AADDS must have its DNS Servers [configured](https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-networking#configure-dns-servers-in-the-peered-virtual-network) (e.g. with IPs `10.0.1.4` & `10.0.1.5`)
-- Your Azure Active Directory must have the 'Domain Controller Services' service principal registered. If that's not  the case, you can register it by executing the command `New-AzADServicePrincipal -ApplicationId '2565bd9d-da50-47d4-8b85-4c97f669dc36'` with an eligible user.
-
-### Create self-signed certificate for secure LDAP
-Follow the below PowerShell commands to get base64 encoded string of a self-signed certificate (with a `pfxCertificatePassword`)
-
-```PowerShell
-$pfxCertificatePassword = ConvertTo-SecureString '[[YourPfxCertificatePassword]]' -AsPlainText -Force
-$certInputObject = @{
-    Subject           = 'CN=*.[[YourDomainName]]'
-    DnsName           = '*.[[YourDomainName]]'
-    CertStoreLocation = 'cert:\LocalMachine\My'
-    KeyExportPolicy   = 'Exportable'
-    Provider          = 'Microsoft Enhanced RSA and AES Cryptographic Provider'
-    NotAfter          = (Get-Date).AddMonths(3)
-    HashAlgorithm     = 'SHA256'
-}
-$rawCert = New-SelfSignedCertificate @certInputObject
-Export-PfxCertificate -Cert ('Cert:\localmachine\my\' + $rawCert.Thumbprint) -FilePath "$home/aadds.pfx" -Password $pfxCertificatePassword -Force
-$rawCertByteStream = Get-Content "$home/aadds.pfx" -AsByteStream
-$pfxCertificate = [System.Convert]::ToBase64String($rawCertByteStream)
-```
-
 ## Outputs
 
 | Output Name | Type | Description |
@@ -333,3 +301,38 @@ module domainService './aad/domain-service/main.bicep' = {
 
 </details>
 <p>
+
+
+## Notes
+
+### Network Security Group (NSG) requirements for AADDS
+
+- A network security group has to be created and assigned to the designated AADDS subnet before deploying this module
+  - The following inbound rules should be allowed on the network security group
+    | Name | Protocol | Source Port Range | Source Address Prefix | Destination Port Range | Destination Address Prefix |
+    | - | - | - | - | - | - |
+    | AllowSyncWithAzureAD | TCP | `*` | `AzureActiveDirectoryDomainServices` | `443` | `*` |
+    | AllowPSRemoting | TCP | `*` | `AzureActiveDirectoryDomainServices` | `5986` | `*` |
+- Associating a route table to the AADDS subnet is not recommended
+- The network used for AADDS must have its DNS Servers [configured](https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-networking#configure-dns-servers-in-the-peered-virtual-network) (e.g. with IPs `10.0.1.4` & `10.0.1.5`)
+- Your Azure Active Directory must have the 'Domain Controller Services' service principal registered. If that's not  the case, you can register it by executing the command `New-AzADServicePrincipal -ApplicationId '2565bd9d-da50-47d4-8b85-4c97f669dc36'` with an eligible user.
+
+### Create self-signed certificate for secure LDAP
+Follow the below PowerShell commands to get base64 encoded string of a self-signed certificate (with a `pfxCertificatePassword`)
+
+```PowerShell
+$pfxCertificatePassword = ConvertTo-SecureString '[[YourPfxCertificatePassword]]' -AsPlainText -Force
+$certInputObject = @{
+    Subject           = 'CN=*.[[YourDomainName]]'
+    DnsName           = '*.[[YourDomainName]]'
+    CertStoreLocation = 'cert:\LocalMachine\My'
+    KeyExportPolicy   = 'Exportable'
+    Provider          = 'Microsoft Enhanced RSA and AES Cryptographic Provider'
+    NotAfter          = (Get-Date).AddMonths(3)
+    HashAlgorithm     = 'SHA256'
+}
+$rawCert = New-SelfSignedCertificate @certInputObject
+Export-PfxCertificate -Cert ('Cert:\localmachine\my\' + $rawCert.Thumbprint) -FilePath "$home/aadds.pfx" -Password $pfxCertificatePassword -Force
+$rawCertByteStream = Get-Content "$home/aadds.pfx" -AsByteStream
+$pfxCertificate = [System.Convert]::ToBase64String($rawCertByteStream)
+```
@@ -7,9 +7,9 @@ This module deploys an API Management Service.
 - [Resource types](#Resource-types)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
-- [Considerations](#Considerations)
 - [Cross-referenced modules](#Cross-referenced-modules)
 - [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
 
 ## Resource types
 
@@ -190,37 +190,6 @@ tags: {
 </details>
 <p>
 
-### Parameter Usage: `apiManagementServicePolicy`
-
-<details>
-
-<summary>Parameter JSON format</summary>
-
-```json
-"apiManagementServicePolicy": {
-    "value": {
-        "value":"<policies> <inbound> <rate-limit-by-key calls='250' renewal-period='60' counter-key='@(context.Request.IpAddress)' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>",
-        "format":"xml"
-    }
-}
-```
-
-</details>
-
-<details>
-
-<summary>Bicep format</summary>
-
-```bicep
-apiManagementServicePolicy: {
-    value:'<policies> <inbound> <rate-limit-by-key calls=\'250\' renewal-period='60' counter-key=\'@(context.Request.IpAddress)\' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>'
-    format:'xml'
-}
-```
-
-</details>
-<p>
-
 ### Parameter Usage: `userAssignedIdentities`
 
 You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
@@ -264,10 +233,6 @@ userAssignedIdentities: {
 | `resourceId` | string | The resource ID of the API management service. |
 | `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
 
-## Considerations
-
-- _None_
-
 ## Cross-referenced modules
 
 _None_
@@ -821,3 +786,37 @@ module service './api-management/service/main.bicep' = {
 
 </details>
 <p>
+
+
+## Notes
+
+### Parameter Usage: `apiManagementServicePolicy`
+
+<details>
+
+<summary>Parameter JSON format</summary>
+
+```json
+"apiManagementServicePolicy": {
+    "value": {
+        "value":"<policies> <inbound> <rate-limit-by-key calls='250' renewal-period='60' counter-key='@(context.Request.IpAddress)' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>",
+        "format":"xml"
+    }
+}
+```
+
+</details>
+
+<details>
+
+<summary>Bicep format</summary>
+
+```bicep
+apiManagementServicePolicy: {
+    value:'<policies> <inbound> <rate-limit-by-key calls=\'250\' renewal-period='60' counter-key=\'@(context.Request.IpAddress)\' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>'
+    format:'xml'
+}
+```
+
+</details>
+<p>
@@ -15,12 +15,6 @@ This module deploys an API Management Service Authorization Server.
 | :-- | :-- |
 | `Microsoft.ApiManagement/service/authorizationServers` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/authorizationServers) |
 
-### Resource dependency
-
-The following resources are required to be able to deploy this resource.
-
-- `Microsoft.ApiManagement/service`
-
 ## Parameters
 
 **Required parameters**

@@ -8,19 +8,14 @@ This module deploys an API Management Service Backend.
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
+- [Notes](#Notes)
 
 ## Resource types
 
 | Resource Type | API Version |
 | :-- | :-- |
 | `Microsoft.ApiManagement/service/backends` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/backends) |
 
-### Resource dependency
-
-The following resources are required to be able to deploy this resource.
-
-- `Microsoft.ApiManagement/service`
-
 ## Parameters
 
 **Required parameters**
@@ -51,14 +46,19 @@ The following resources are required to be able to deploy this resource.
 | `tls` | object | `{object}` | Backend TLS Properties. |
 
 
-### Parameter Usage: Credentials
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the API management service backend. |
+| `resourceGroupName` | string | The resource group the API management service backend was deployed into. |
+| `resourceId` | string | The resource ID of the API management service backend. |
+
+## Cross-referenced modules
+
+_None_
 
-| Parameter Name| Type | Default Value  | Possible values | Description |
-| :-- | :-- | :--- | :-- | :- |
-| `certificate` | array | | | Optional. List of Client Certificate Thumbprint. - string |
-| `query`  | object | | | Optional. Query Parameter description. |
-| `header` | object | | | Optional. Header Parameter description. |
-| `authorization` | object | | | Optional. Authorization header authentication |
+## Notes
 
 ### Parameter Usage: `credentials`
 
@@ -135,15 +135,3 @@ tls: {
 
 </details>
 <p>
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the API management service backend. |
-| `resourceGroupName` | string | The resource group the API management service backend was deployed into. |
-| `resourceId` | string | The resource ID of the API management service backend. |
-
-## Cross-referenced modules
-
-_None_
@@ -8,6 +8,7 @@ This module deploys an API Management Service Named Value.
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
+- [Notes](#Notes)
 
 ## Resource types
 
@@ -41,37 +42,6 @@ This module deploys an API Management Service Named Value.
 | `value` | string | `[newGuid()]` | Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. |
 
 
-### Parameter Usage: `keyVault`
-
-<details>
-
-<summary>Parameter JSON format</summary>
-
-```json
-"keyVault": {
-    "value":{
-        "secretIdentifier":"Key vault secret identifier for fetching secret.",
-        "identityClientId":"SystemAssignedIdentity or UserAssignedIdentity Client ID which will be used to access key vault secret."
-    }
-}
-```
-
-</details>
-
-<details>
-
-<summary>Bicep format</summary>
-
-```bicep
-keyVault: {
-    secretIdentifier:'Key vault secret identifier for fetching secret.'
-    identityClientId:'SystemAssignedIdentity or UserAssignedIdentity Client ID which will be used to access key vault secret.'
-}
-```
-
-</details>
-<p>
-
 ### Parameter Usage: `tags`
 
 Tag names and tag values can be provided as needed. A tag can be left without a value.
@@ -124,3 +94,36 @@ tags: {
 ## Cross-referenced modules
 
 _None_
+
+## Notes
+
+### Parameter Usage: `keyVault`
+
+<details>
+
+<summary>Parameter JSON format</summary>
+
+```json
+"keyVault": {
+    "value":{
+        "secretIdentifier":"Key vault secret identifier for fetching secret.",
+        "identityClientId":"SystemAssignedIdentity or UserAssignedIdentity Client ID which will be used to access key vault secret."
+    }
+}
+```
+
+</details>
+
+<details>
+
+<summary>Bicep format</summary>
+
+```bicep
+keyVault: {
+    secretIdentifier:'Key vault secret identifier for fetching secret.'
+    identityClientId:'SystemAssignedIdentity or UserAssignedIdentity Client ID which will be used to access key vault secret.'
+}
+```
+
+</details>
+<p>