Azure/ALZ-Bicep v0.13.0

on GitHub

Summary

Our first release of 2023 (apologies), but we have been busy at work and are pleased to share a lot of great updates with you all 🥳

Highlights

• Added support to create Role Assignments at the Resource Group scope in #434
• Added support to create a Managed Identity for the Automation Account in #433
• Updated various API versions in various modules
• Added flag in a parameter to set Policy Assignment Enforcement Mode to Default or DoNotEnforce in alzDefaultPolicyAssignments.bicep module to allow you to easily set this for all Policy Assignments en masse in #453
• Added multiple new features to Virtual WAN module in #456
  • Added support for multiple Virtual Hubs in a single Virtual WAN
  • Added support for setting Virtual Hub Routing Preference
  • Added support for setting Virtual Hub Capacity/Routing Infrastructure Units
• Added NSG rules at priority 4096 for inbound and outbound flows on Azure Bastion Subnet NSG to deny anything to everywhere on any port in #455
• Added parameter to set RDP/SSH ports in NSG rules for outbound flows from Azure Bastion Subnet in #455
• Added parameter to allow capability to specify Management Group suffix on all IDs in #462
• Updated Azure Policy definitions from upstream from Azure/Enterprise-Scale repo in #459
  • Information on policy changes can be found in the Whats New Wiki Page in the Azure/Enterprise-Scale repo

Policy Changes

Information on policy changes can be found in the Whats New Wiki Page in the Azure/Enterprise-Scale repo

Breaking Changes

1. In #456 we added a new parameter of parVirtualWanHubs to the vwanConnectivity.bicep module to allow multiple Virtual WAN Hubs to be deployed in a single Virtual WAN, you should review the documentation for the parVirtualWanHubs parameter and ensure you correctly set the value in the parameters file as linked here
   2. We also removed the following parameters and these moved to become keys inside of the array of objects in the parameter parVirtualWanHubs - please update your parameter files
   - parVirtualHubAddressPrefix
   - parVpnGatewayEnabled
   - parExpressRouteGatewayEnabled
   - parAzFirewallEnabled
   3. In the following parameters we amended the default values to remove including the suffix of -${parLocation}, the location is now added as a suffix to each of the associated resources still, but is now part of the key/parameter input of parHubLocation in parVirtualWanHubs
   - parVpnGatewayName
   - parExpressRouteGatewayName
   - parAzFirewallName

Not technically breaking changes (but some action may be required)

1. In #415 we removed a deprecated Activity Log Solution from the Log Analytics Workspace module
   • You may chose to remove/uninstall the solution for the Log Analytics Workspace, but you can use the new built-in workbook as detailed here

What's Changed

• Add is it maintained badges by @jtracey93 in #418
• Removed Solution Activity Log from LAW by @lachaves in #415
• Issue #410 - Remove default values from parameter descriptions by @JamJarchitect in #421
• Issue #416 - Link description in policy definitions for China by @JamJarchitect in #419
• Bug: Generated Values in _policyAssignmentsBicepInput.txt are incorrect by @mbrat2005 in #427
• feat: Added role assignment support for RGs by @DaFitRobsta in #434
• Consistent punctuation and small typos by @bartlannoeye in #437
• added parAutomationAccountUseManagedIdentity parameter by @mbrat2005 in #433
• Update containerRegistry API version by @bartlannoeye in #440
• Updated references in the documents from docs.microsoft.com - to learn by @ElYusubov in #447
• Feature/param do not enforce default policies by @mbrat2005 in #453
• Add info to wiki to manually create docs by @jtracey93 in #460
• Add workflow for daily (weekday) Bicep Build & Issue Create if failure & Bump PSRule Version & Baseline by @jtracey93 in #461
• Update DeploymentFlow.md by @baartch in #463
• Adding deny all rule to Azure Bastion nsg by @sid2305 in #455
• CaseSensitiveDeploymentParameterNamesFound by @sangling in #457
• SSH/RDP rule name change by @sid2305 in #464
• Update Policy Library (automated) by @cae-pr-creator in #459
• Added Management Group Suffix Parameter parTopLevelManagementGroupSuffix by @mbrat2005 in #462
• Add support to deploy an additional VWAN hub to an existing Virtual WAN by @aarunraaj in #456

New Contributors

A huge thanks to all new contributors and we welcome many more contributions in the future 😎

• @mbrat2005 made their first contribution in #427
• @bartlannoeye made their first contribution in #437
• @ElYusubov made their first contribution in #447
• @baartch made their first contribution in #463
• @sid2305 made their first contribution in #455
• @sangling made their first contribution in #457
• @cae-pr-creator made their first contribution in #459
• @aarunraaj made their first contribution in #456

Full Changelog: v0.12.0...v0.13.0