-
Notifications
You must be signed in to change notification settings - Fork 1
/
azfw.bicep
75 lines (66 loc) · 1.72 KB
/
azfw.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
param location string = resourceGroup().location
param fwname string
@allowed([
'VNet'
'vWAN'
])
@description('Specify if the Azure Firewall should be deployed to VNet or Virtual WAN Hub')
param fwtype string
@description('Resoruce ID to the Firewall Policy to associate with the Azure Firewall')
param fwpolicyid string
@description('Virtual Hub Resource ID, used when deploying Azure Firewall to Virtual WAN')
param hubid string = ''
@description('Specifies the number of public IPs to allocate to the firewall when deploying Azure Firewall to Virtual WAN')
param hubpublicipcount int = 1
@description('AzureFirewallSubnet ID, used when deploying Azure Firewall to Virtual Network')
param subnetid string = ''
@description('Azure Firewall Public IP ID, used when deploying Azure Firewall to Virtual Network')
param publicipid string = ''
var hubfwproperties = {
properties: {
sku: {
name: 'AZFW_Hub'
tier: 'Standard'
}
virtualHub: {
id: hubid
}
hubIPAddresses: {
publicIPs: {
count: hubpublicipcount
}
}
firewallPolicy: {
id: fwpolicyid
}
}
}
var vnetfwproperties = {
properties: {
sku: {
name: 'AZFW_VNet'
tier: 'Standard'
}
ipConfigurations: [
{
name: '${fwname}-vnetIPConf'
properties: {
subnet: {
id: subnetid
}
publicIPAddress: {
id: publicipid
}
}
}
]
firewallPolicy: {
id: fwpolicyid
}
}
}
resource firewall 'Microsoft.Network/azureFirewalls@2020-06-01' = {
name: fwname
location: location
properties: fwtype == 'VNet' ? vnetfwproperties.properties : fwtype == 'vWAN' ? hubfwproperties.properties : null
}