From ed04a957fd35b640d9d7235f047d64507e0ee48d Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Thu, 19 Jun 2025 12:20:12 +0300 Subject: [PATCH 01/14] Update Bicep resources to use API version 2024-07-01 and set defaultOutboundAccess to false --- .../bicep/mgmt/mgmtArtifacts.bicep | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep b/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep index 6f81651e5d..df50743db2 100644 --- a/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep +++ b/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep @@ -99,6 +99,7 @@ var primarySubnet = [ networkSecurityGroup: { id: networkSecurityGroup.id } + defaultOutboundAccess: false } } ] @@ -123,6 +124,7 @@ var dataOpsSubnets = [ networkSecurityGroup: { id: networkSecurityGroup.id } + defaultOutboundAccess: false } } { @@ -134,11 +136,12 @@ var dataOpsSubnets = [ networkSecurityGroup: { id: networkSecurityGroup.id } + defaultOutboundAccess: false } } ] -resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = { +resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = { name: virtualNetworkName location: location dependsOn: [ @@ -157,7 +160,7 @@ resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = { } } -resource drVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = if (flavor == 'DataOps') { +resource drVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = if (flavor == 'DataOps') { name: drVirtualNetworkName location: location dependsOn: [ @@ -180,13 +183,14 @@ resource drVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = if (f networkSecurityGroup: { id: networkSecurityGroup.id } + defaultOutboundAccess: false } } ] } } -resource virtualNetworkName_peering_to_DR_vnet 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2024-05-01' = if (flavor == 'DataOps') { +resource virtualNetworkName_peering_to_DR_vnet 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2024-07-01' = if (flavor == 'DataOps') { parent: arcVirtualNetwork name: 'peering-to-DR-vnet' dependsOn: [ @@ -203,7 +207,7 @@ resource virtualNetworkName_peering_to_DR_vnet 'Microsoft.Network/virtualNetwork } } -resource drVirtualNetworkName_peering_to_primary_vnet 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2024-05-01' = if (flavor == 'DataOps') { +resource drVirtualNetworkName_peering_to_primary_vnet 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2024-07-01' = if (flavor == 'DataOps') { parent: drVirtualNetwork name: 'peering-to-primary-vnet' dependsOn: [ From 63d863a51b2f6206c0fb313d893181f877ebefbf Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Tue, 1 Jul 2025 10:09:21 +0300 Subject: [PATCH 02/14] adding NAT gateway to arcbox --- .../bicep/mgmt/mgmtArtifacts.bicep | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep b/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep index df50743db2..50e2a3e59f 100644 --- a/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep +++ b/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep @@ -16,6 +16,9 @@ param drVirtualNetworkName string = '${namingPrefix}-DR-VNet' @description('Name of the DR subnet in the DR virtual network') param drSubnetName string = '${namingPrefix}-DR-Subnet' +@description('Name of the NAT Gateway') +param natGatewayName string = '${namingPrefix}-NatGateway' + @description('Name for your log analytics workspace') param workspaceName string @@ -89,6 +92,7 @@ var bastionSubnetRef = '${arcVirtualNetwork.id}/subnets/${bastionSubnetName}' var bastionName = '${namingPrefix}-Bastion' var bastionSubnetIpPrefix = '10.16.3.64/26' var bastionPublicIpAddressName = '${bastionName}-PIP' + var primarySubnet = [ { name: subnetName @@ -99,6 +103,9 @@ var primarySubnet = [ networkSecurityGroup: { id: networkSecurityGroup.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null defaultOutboundAccess: false } } @@ -124,6 +131,9 @@ var dataOpsSubnets = [ networkSecurityGroup: { id: networkSecurityGroup.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null defaultOutboundAccess: false } } @@ -136,6 +146,9 @@ var dataOpsSubnets = [ networkSecurityGroup: { id: networkSecurityGroup.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null defaultOutboundAccess: false } } @@ -183,6 +196,9 @@ resource drVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = if (f networkSecurityGroup: { id: networkSecurityGroup.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null defaultOutboundAccess: false } } @@ -190,6 +206,35 @@ resource drVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = if (f } } +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = if (deployBastion == true) { + name: '${natGatewayName}-PIP' + location: location + properties: { + publicIPAllocationMethod: 'Static' + publicIPAddressVersion: 'IPv4' + idleTimeoutInMinutes: 4 + } + sku: { + name: 'Standard' + } +} + +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = if (deployBastion == true) { + name: natGatewayName + location: location + sku: { + name: 'Standard' + } + properties: { + publicIpAddresses: [ + { + id: natGatewayPublicIp.id + } + ] + idleTimeoutInMinutes: 4 + } +} + resource virtualNetworkName_peering_to_DR_vnet 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2024-07-01' = if (flavor == 'DataOps') { parent: arcVirtualNetwork name: 'peering-to-DR-vnet' From 13470ebc73cbbd15471e2ad1503588441d4e5990 Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Tue, 1 Jul 2025 10:22:31 +0300 Subject: [PATCH 03/14] add nat gateway to agora --- .../contoso_hypermarket/bicep/main.bicep | 4 ++ .../bicep/mgmt/network.bicep | 42 ++++++++++++++++++- .../contoso_motors/bicep/main.bicep | 6 ++- .../contoso_motors/bicep/mgmt/network.bicep | 42 ++++++++++++++++++- .../contoso_supermarket/bicep/main.bicep | 4 ++ .../bicep/mgmt/network.bicep | 42 ++++++++++++++++++- azure_jumpstart_arcbox/bicep/main.bicep | 4 ++ 7 files changed, 140 insertions(+), 4 deletions(-) diff --git a/azure_jumpstart_ag/contoso_hypermarket/bicep/main.bicep b/azure_jumpstart_ag/contoso_hypermarket/bicep/main.bicep index cfafcf0342..e8fcab8ea9 100644 --- a/azure_jumpstart_ag/contoso_hypermarket/bicep/main.bicep +++ b/azure_jumpstart_ag/contoso_hypermarket/bicep/main.bicep @@ -93,6 +93,9 @@ param azureOpenAIModel object = { apiVersion: '2024-08-01-preview' } +@description('Name of the NAT Gateway') +param natGatewayName string = 'Ag-NatGateway-${namingGuid}' + // @description('Option to deploy GPU-enabled nodes for the K3s Worker nodes.') // param deployGPUNodes bool = false @@ -131,6 +134,7 @@ module networkDeployment 'mgmt/network.bicep' = { subnetNameCloud: subnetNameCloud deployBastion: deployBastion location: location + natGatewayName: natGatewayName } } diff --git a/azure_jumpstart_ag/contoso_hypermarket/bicep/mgmt/network.bicep b/azure_jumpstart_ag/contoso_hypermarket/bicep/mgmt/network.bicep index d1b68a748d..9d7afd008c 100644 --- a/azure_jumpstart_ag/contoso_hypermarket/bicep/mgmt/network.bicep +++ b/azure_jumpstart_ag/contoso_hypermarket/bicep/mgmt/network.bicep @@ -24,6 +24,9 @@ param networkSecurityGroupNameCloud string = 'Ag-NSG-Prod' @description('Name of the Bastion Network Security Group') param bastionNetworkSecurityGroupName string = 'Ag-NSG-Bastion' +@description('Name of the NAT Gateway') +param natGatewayName string = 'Ag-NatGateway' + var addressPrefixCloud = '10.16.0.0/16' var subnetAddressPrefixK3s = '10.16.80.0/21' var subnetAddressPrefixCloud = '10.16.64.0/21' @@ -58,6 +61,10 @@ var cloudK3sSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null + defaultOutboundAccess: false } } ] @@ -72,11 +79,15 @@ var cloudSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null + defaultOutboundAccess: false } } ] -resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = { +resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = { name: virtualNetworkNameCloud location: location tags: resourceTags @@ -106,6 +117,35 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2023-02-01' = if ( } } +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = if (deployBastion == true) { + name: '${natGatewayName}-PIP' + location: location + properties: { + publicIPAllocationMethod: 'Static' + publicIPAddressVersion: 'IPv4' + idleTimeoutInMinutes: 4 + } + sku: { + name: 'Standard' + } +} + +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = if (deployBastion == true) { + name: natGatewayName + location: location + sku: { + name: 'Standard' + } + properties: { + publicIpAddresses: [ + { + id: natGatewayPublicIp.id + } + ] + idleTimeoutInMinutes: 4 + } +} + resource networkSecurityGroupCloud 'Microsoft.Network/networkSecurityGroups@2023-02-01' = { name: networkSecurityGroupNameCloud location: location diff --git a/azure_jumpstart_ag/contoso_motors/bicep/main.bicep b/azure_jumpstart_ag/contoso_motors/bicep/main.bicep index 16636b8cb6..c2ce525591 100644 --- a/azure_jumpstart_ag/contoso_motors/bicep/main.bicep +++ b/azure_jumpstart_ag/contoso_motors/bicep/main.bicep @@ -100,6 +100,9 @@ param scenario string = 'contoso_motors' @secure() param influxDBPassword string = windowsAdminPassword +@description('Name of the NAT Gateway') +param natGatewayName string = 'Ag-NatGateway-${namingGuid}' + @description('The sku name of the K3s cluster worker nodes.') @allowed([ 'Standard_D8s_v5' @@ -135,9 +138,10 @@ module networkDeployment 'mgmt/network.bicep' = { params: { virtualNetworkNameCloud: virtualNetworkNameCloud subnetNameCloudK3s: subnetNameCloudK3s - subnetNameCloud: subnetNameCloud + subnetNameCloud: subnetNameCloud deployBastion: deployBastion location: location + natGatewayName: natGatewayName } } diff --git a/azure_jumpstart_ag/contoso_motors/bicep/mgmt/network.bicep b/azure_jumpstart_ag/contoso_motors/bicep/mgmt/network.bicep index 7712cc6fc6..7ef6d6cec3 100644 --- a/azure_jumpstart_ag/contoso_motors/bicep/mgmt/network.bicep +++ b/azure_jumpstart_ag/contoso_motors/bicep/mgmt/network.bicep @@ -25,6 +25,9 @@ param networkSecurityGroupNameCloud string = 'Ag-NSG-Prod' @description('Name of the Bastion Network Security Group') param bastionNetworkSecurityGroupName string = 'Ag-NSG-Bastion' +@description('Name of the NAT Gateway') +param natGatewayName string = 'Ag-NatGateway' + var addressPrefixCloud = '10.16.0.0/16' var subnetAddressPrefixK3s = '10.16.80.0/21' var subnetAddressPrefixCloud = '10.16.64.0/21' @@ -56,6 +59,10 @@ var cloudK3sSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null + defaultOutboundAccess: false } } ] @@ -70,11 +77,15 @@ var cloudSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null + defaultOutboundAccess: false } } ] -resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = { +resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = { name: virtualNetworkNameCloud location: location tags: resourceTags @@ -105,6 +116,35 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2023-02-01' = if ( } } +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = if (deployBastion == true) { + name: '${natGatewayName}-PIP' + location: location + properties: { + publicIPAllocationMethod: 'Static' + publicIPAddressVersion: 'IPv4' + idleTimeoutInMinutes: 4 + } + sku: { + name: 'Standard' + } +} + +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = if (deployBastion == true) { + name: natGatewayName + location: location + sku: { + name: 'Standard' + } + properties: { + publicIpAddresses: [ + { + id: natGatewayPublicIp.id + } + ] + idleTimeoutInMinutes: 4 + } +} + resource networkSecurityGroupCloud 'Microsoft.Network/networkSecurityGroups@2023-02-01' = { name: networkSecurityGroupNameCloud location: location diff --git a/azure_jumpstart_ag/contoso_supermarket/bicep/main.bicep b/azure_jumpstart_ag/contoso_supermarket/bicep/main.bicep index 9fe619c3b0..d317730dc0 100644 --- a/azure_jumpstart_ag/contoso_supermarket/bicep/main.bicep +++ b/azure_jumpstart_ag/contoso_supermarket/bicep/main.bicep @@ -83,6 +83,9 @@ param rdpPort string = '3389' @description('Enable automatic logon into Virtual Machine') param vmAutologon bool = true +@description('Name of the NAT Gateway') +param natGatewayName string = 'Ag-NatGateway-${namingGuid}' + @description('The agora scenario to be deployed') param scenario string = 'contoso_supermarket' @@ -112,6 +115,7 @@ module networkDeployment 'mgmt/network.bicep' = { subnetNameCloudAksInnerLoop: subnetNameCloudAksInnerLoop deployBastion: deployBastion location: location + natGatewayName: natGatewayName } } diff --git a/azure_jumpstart_ag/contoso_supermarket/bicep/mgmt/network.bicep b/azure_jumpstart_ag/contoso_supermarket/bicep/mgmt/network.bicep index 240c524d74..9ee0ac40b7 100644 --- a/azure_jumpstart_ag/contoso_supermarket/bicep/mgmt/network.bicep +++ b/azure_jumpstart_ag/contoso_supermarket/bicep/mgmt/network.bicep @@ -15,6 +15,9 @@ param resourceTags object = { Project: 'Jumpstart_Agora' } +@description('Name of the NAT Gateway') +param natGatewayName string = 'Ag-NatGateway' + @description('Choice to deploy Bastion to connect to the client VM') param deployBastion bool = false @@ -55,6 +58,10 @@ var cloudAKSDevSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null + defaultOutboundAccess: false } } ] @@ -69,11 +76,15 @@ var cloudAKSInnerLoopSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null + defaultOutboundAccess: false } } ] -resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = { +resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = { name: virtualNetworkNameCloud location: location tags: resourceTags @@ -87,6 +98,35 @@ resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = { } } +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = if (deployBastion == true) { + name: '${natGatewayName}-PIP' + location: location + properties: { + publicIPAllocationMethod: 'Static' + publicIPAddressVersion: 'IPv4' + idleTimeoutInMinutes: 4 + } + sku: { + name: 'Standard' + } +} + +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = if (deployBastion == true) { + name: natGatewayName + location: location + sku: { + name: 'Standard' + } + properties: { + publicIpAddresses: [ + { + id: natGatewayPublicIp.id + } + ] + idleTimeoutInMinutes: 4 + } +} + resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2023-02-01' = if (deployBastion == true) { name: bastionPublicIpAddressName location: location diff --git a/azure_jumpstart_arcbox/bicep/main.bicep b/azure_jumpstart_arcbox/bicep/main.bicep index 0df5f9c6f9..7591129b24 100644 --- a/azure_jumpstart_arcbox/bicep/main.bicep +++ b/azure_jumpstart_arcbox/bicep/main.bicep @@ -79,6 +79,9 @@ param resourceTags object = { Solution: 'jumpstart_arcbox_${toLower(flavor)}' } +@description('Name of the NAT Gateway') +param natGatewayName string = '${namingPrefix}-NatGateway' + @maxLength(7) @description('The naming prefix for the nested virtual machines and all Azure resources deployed. The maximum length for the naming prefix is 7 characters,example: `ArcBox-Win2k19`') param namingPrefix string = 'ArcBox' @@ -240,6 +243,7 @@ module mgmtArtifactsAndPolicyDeployment 'mgmt/mgmtArtifacts.bicep' = { namingPrefix: namingPrefix windowsAdminPassword: windowsAdminPassword registryPassword: registryPassword + natGatewayName: natGatewayName } } From fa1157b14a4c141b0296b345d274d7f1f00bca95 Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Tue, 1 Jul 2025 12:44:25 +0300 Subject: [PATCH 04/14] fix: correct formatting in client VM deployment parameters --- azure_jumpstart_ag/contoso_motors/bicep/main.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure_jumpstart_ag/contoso_motors/bicep/main.bicep b/azure_jumpstart_ag/contoso_motors/bicep/main.bicep index c2ce525591..9a019f4850 100644 --- a/azure_jumpstart_ag/contoso_motors/bicep/main.bicep +++ b/azure_jumpstart_ag/contoso_motors/bicep/main.bicep @@ -229,7 +229,7 @@ module clientVmDeployment 'clientVm/clientVm.bicep' = { dependsOn: [ ubuntuRancherK3sNodesDeployment ubuntuRancherK3sDataSvcNodesDeployment - ] + ] params: { windowsAdminUsername: windowsAdminUsername windowsAdminPassword: windowsAdminPassword From f4e1f6d32793b54645a0eb827988aad303e89979 Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Tue, 1 Jul 2025 12:57:14 +0300 Subject: [PATCH 05/14] add: introduce NAT Gateway parameters and resources in Bicep templates --- azure_jumpstart_localbox/bicep/main.bicep | 4 ++ .../bicep/network/network.bicep | 42 ++++++++++++++++++- 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/azure_jumpstart_localbox/bicep/main.bicep b/azure_jumpstart_localbox/bicep/main.bicep index b98e02d45c..315af0d58d 100644 --- a/azure_jumpstart_localbox/bicep/main.bicep +++ b/azure_jumpstart_localbox/bicep/main.bicep @@ -43,6 +43,9 @@ param autoUpgradeClusterResource bool = false @description('Enable automatic logon into LocalBox Virtual Machine') param vmAutologon bool = true +@description('Name of the NAT Gateway') +param natGatewayName string = 'Ag-NatGateway' + @description('The size of the Virtual Machine') @allowed([ 'Standard_E32s_v5' @@ -99,6 +102,7 @@ module networkDeployment 'network/network.bicep' = { deployBastion: deployBastion location: location resourceTags: resourceTags + natGatewayName: natGatewayName } } diff --git a/azure_jumpstart_localbox/bicep/network/network.bicep b/azure_jumpstart_localbox/bicep/network/network.bicep index 1a18331ad3..1756336a97 100644 --- a/azure_jumpstart_localbox/bicep/network/network.bicep +++ b/azure_jumpstart_localbox/bicep/network/network.bicep @@ -10,6 +10,9 @@ param location string = resourceGroup().location @description('Choice to deploy Bastion to connect to the client VM') param deployBastion bool = false +@description('Name of the NAT Gateway') +param natGatewayName string = 'LocalBox-NatGateway' + @description('Name of the Network Security Group') param networkSecurityGroupName string = 'LocalBox-NSG' @@ -26,7 +29,7 @@ var bastionName = 'LocalBox-Bastion' var bastionSubnetIpPrefix = '172.16.3.64/26' var bastionPublicIpAddressName = '${bastionName}-PIP' -resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' = { +resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = { name: virtualNetworkName location: location properties: { @@ -45,6 +48,10 @@ resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' = { networkSecurityGroup: { id: networkSecurityGroup.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null + defaultOutboundAccess: false } } { @@ -66,6 +73,10 @@ resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' = { networkSecurityGroup: { id: networkSecurityGroup.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null + defaultOutboundAccess: false } } ] @@ -73,6 +84,35 @@ resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' = { tags: resourceTags } +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = if (deployBastion == true) { + name: '${natGatewayName}-PIP' + location: location + properties: { + publicIPAllocationMethod: 'Static' + publicIPAddressVersion: 'IPv4' + idleTimeoutInMinutes: 4 + } + sku: { + name: 'Standard' + } +} + +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = if (deployBastion == true) { + name: natGatewayName + location: location + sku: { + name: 'Standard' + } + properties: { + publicIpAddresses: [ + { + id: natGatewayPublicIp.id + } + ] + idleTimeoutInMinutes: 4 + } +} + resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-03-01' = { name: networkSecurityGroupName location: location From 909682d97b815cd00ecf8314ce2a6c648888af4f Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Tue, 1 Jul 2025 13:22:24 +0300 Subject: [PATCH 06/14] add: implement NAT Gateway configuration in ARM template --- .../acsa_fault_detection/azuredeploy.json | 72 +++++++++++++++---- 1 file changed, 60 insertions(+), 12 deletions(-) diff --git a/azure_edge_iot_ops_jumpstart/acsa_fault_detection/azuredeploy.json b/azure_edge_iot_ops_jumpstart/acsa_fault_detection/azuredeploy.json index 47a6290206..5ae4c445e2 100644 --- a/azure_edge_iot_ops_jumpstart/acsa_fault_detection/azuredeploy.json +++ b/azure_edge_iot_ops_jumpstart/acsa_fault_detection/azuredeploy.json @@ -75,15 +75,15 @@ } }, "storageAccountName": { - "type": "string", - "metadata": { - "description": "The name of the Azure Storage account" + "type": "string", + "metadata": { + "description": "The name of the Azure Storage account" } }, "storageContainer": { - "type": "string", - "metadata": { - "description": "The name of the Azure Storage container within the specified account" + "type": "string", + "metadata": { + "description": "The name of the Azure Storage container within the specified account" } }, "password": { @@ -125,6 +125,13 @@ "description": "Name of the VNET" } }, + "natGatewayName": { + "type": "string", + "defaultValue": "ACSA-natGateway", + "metadata": { + "description": "Name of the NAT Gateway" + } + }, "subnetName": { "type": "string", "defaultValue": "Subnet", @@ -226,7 +233,7 @@ }, { "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2022-07-01", + "apiVersion": "2024-05-01", "name": "[variables('virtualNetworkName')]", "location": "[parameters('location')]", "properties": { @@ -241,7 +248,9 @@ "properties": { "addressPrefix": "[variables('subnetAddressPrefix')]", "privateEndpointNetworkPolicies": "Enabled", - "privateLinkServiceNetworkPolicies": "Enabled" + "privateLinkServiceNetworkPolicies": "Enabled", + "natGateway": "[if(parameters('deployBastion'), createObject('id', resourceId('Microsoft.Network/natGateways', parameters('natGatewayName'))), null())]", + "defaultOutboundAccess": false } }, { @@ -251,8 +260,47 @@ } } ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/natGateways', parameters('natGatewayName'))]" + ] + }, + { + "condition": "[equals(parameters('deployBastion'), true())]", + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2024-07-01", + "name": "[format('{0}-PIP', parameters('natGatewayName'))]", + "location": "[parameters('location')]", + "properties": { + "publicIPAllocationMethod": "Static", + "publicIPAddressVersion": "IPv4", + "idleTimeoutInMinutes": 4 + }, + "sku": { + "name": "Standard" } }, + { + "condition": "[equals(parameters('deployBastion'), true())]", + "type": "Microsoft.Network/natGateways", + "apiVersion": "2024-07-01", + "name": "[parameters('natGatewayName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "properties": { + "publicIpAddresses": [ + { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', format('{0}-PIP', parameters('natGatewayName')))]" + } + ], + "idleTimeoutInMinutes": 4 + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', format('{0}-PIP', parameters('natGatewayName')))]" + ] + }, { "type": "Microsoft.Network/publicIpAddresses", "apiVersion": "2022-07-01", @@ -331,10 +379,10 @@ "typeHandlerVersion": "1.10", "autoUpgradeMinorVersion": true, "protectedSettings": { - "fileUris": [ - "[uri(variables('templateBaseUrl'), concat('artifacts/Bootstrap.ps1'))]" - ], - "commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -File Bootstrap.ps1', ' -adminUsername ', parameters('adminUsername'), ' -appId ', parameters('appId'), ' -password ', parameters('password'), ' -tenantId ', parameters('tenantId'), ' -subscriptionId ', subscription().subscriptionId, ' -resourceGroup ', resourceGroup().name, ' -location ', resourceGroup().location, ' -kubernetesDistribution ', parameters('kubernetesDistribution'), ' -windowsNode ', parameters('windowsNode'), ' -templateBaseUrl ', variables('templateBaseUrl'), ' -storageAccountName ', parameters('storageAccountName'), ' -storageContainer ', parameters('storageContainer'))]" + "fileUris": [ + "[uri(variables('templateBaseUrl'), concat('artifacts/Bootstrap.ps1'))]" + ], + "commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -File Bootstrap.ps1', ' -adminUsername ', parameters('adminUsername'), ' -appId ', parameters('appId'), ' -password ', parameters('password'), ' -tenantId ', parameters('tenantId'), ' -subscriptionId ', subscription().subscriptionId, ' -resourceGroup ', resourceGroup().name, ' -location ', resourceGroup().location, ' -kubernetesDistribution ', parameters('kubernetesDistribution'), ' -windowsNode ', parameters('windowsNode'), ' -templateBaseUrl ', variables('templateBaseUrl'), ' -storageAccountName ', parameters('storageAccountName'), ' -storageContainer ', parameters('storageContainer'))]" } } }, From 72c5e4f9747b66b968eab17c8cb2f93fa7baf479 Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Tue, 1 Jul 2025 13:31:08 +0300 Subject: [PATCH 07/14] add: introduce NAT Gateway parameters and resources in management artifacts --- .../arm_template/azuredeploy.json | 12 +- .../arm_template/mgmtArtifacts.json | 113 +++++++++++++----- 2 files changed, 91 insertions(+), 34 deletions(-) diff --git a/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/azuredeploy.json b/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/azuredeploy.json index a305eb6570..906ce2f721 100644 --- a/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/azuredeploy.json +++ b/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/azuredeploy.json @@ -76,6 +76,13 @@ "description": "User's github account where they have forked https://github.com/microsoft/jumpstart-apps" }, "defaultValue": "microsoft" + }, + "natGatewayName": { + "type": "string", + "defaultValue": "JS-natGateway", + "metadata": { + "description": "Name of the NAT Gateway" + } } }, "variables": { @@ -88,7 +95,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "clientVmDeployment", - "dependsOn": ["mgmtArtifactsAndPolicyDeployment"], + "dependsOn": [ "mgmtArtifactsAndPolicyDeployment" ], "properties": { "mode": "Incremental", "templateLink": { @@ -145,6 +152,9 @@ }, "deployBastion": { "value": "[parameters('deployBastion')]" + }, + "natGatewayName": { + "value": "[parameters('natGatewayName')]" } } } diff --git a/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/mgmtArtifacts.json b/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/mgmtArtifacts.json index e4bfd79499..043285dee8 100644 --- a/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/mgmtArtifacts.json +++ b/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/mgmtArtifacts.json @@ -49,6 +49,13 @@ "metadata": { "description": "Name of the Network Security Group" } + }, + "natGatewayName": { + "type": "string", + "defaultValue": "JS-natGateway", + "metadata": { + "description": "Name of the NAT Gateway" + } } }, "variables": { @@ -73,50 +80,54 @@ "bastionName": "JS-Bastion", "bastionSubnetIpPrefix": "172.16.3.64/26", "bastionPublicIpAddressName": "[concat(variables('bastionName'), '-PIP' )]", - "subnetsWithBastion" : [ + "subnetsWithBastion": [ { - "name": "[parameters('subnetName')]", - "properties": { - "addressPrefix": "[variables('subnetAddressPrefix')]", - "privateEndpointNetworkPolicies": "Enabled", - "privateLinkServiceNetworkPolicies": "Enabled", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" - } - } - }, - { - "name": "AzureBastionSubnet", - "properties": { - "addressPrefix": "[variables('bastionSubnetIpPrefix')]", - "networkSecurityGroup" : { - "id" : "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" - } - } + "name": "[parameters('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetAddressPrefix')]", + "privateEndpointNetworkPolicies": "Enabled", + "privateLinkServiceNetworkPolicies": "Enabled", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" } - ], - "subnetsWithoutBastion" : [ + } + }, { - "name": "[parameters('subnetName')]", - "properties": { - "addressPrefix": "[variables('subnetAddressPrefix')]", - "privateEndpointNetworkPolicies": "Enabled", - "privateLinkServiceNetworkPolicies": "Enabled", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" - } - } + "name": "AzureBastionSubnet", + "properties": { + "addressPrefix": "[variables('bastionSubnetIpPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" } + } + } + ], + "subnetsWithoutBastion": [ + { + "name": "[parameters('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetAddressPrefix')]", + "privateEndpointNetworkPolicies": "Enabled", + "privateLinkServiceNetworkPolicies": "Enabled", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" + }, + "natGateway": "[if(parameters('deployBastion'), createObject('id', resourceId('Microsoft.Network/natGateways', parameters('natGatewayName'))), null())]", + "defaultOutboundAccess": false + + } + } ] }, "resources": [ { "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2023-04-01", + "apiVersion": "2024-05-01", "name": "[parameters('virtualNetworkName')]", "location": "[parameters('location')]", "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups/', parameters('networkSecurityGroupName'))]" + "[resourceId('Microsoft.Network/networkSecurityGroups/', parameters('networkSecurityGroupName'))]", + "[resourceId('Microsoft.Network/natGateways', parameters('natGatewayName'))]" ], "properties": { "addressSpace": { @@ -127,6 +138,42 @@ "subnets": "[if(not(parameters('deployBastion')),variables('subnetsWithoutBastion'),variables('subnetsWithBastion'))]" } }, + { + "condition": "[equals(parameters('deployBastion'), true())]", + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2024-07-01", + "name": "[format('{0}-PIP', parameters('natGatewayName'))]", + "location": "[parameters('location')]", + "properties": { + "publicIPAllocationMethod": "Static", + "publicIPAddressVersion": "IPv4", + "idleTimeoutInMinutes": 4 + }, + "sku": { + "name": "Standard" + } + }, + { + "condition": "[equals(parameters('deployBastion'), true())]", + "type": "Microsoft.Network/natGateways", + "apiVersion": "2024-07-01", + "name": "[parameters('natGatewayName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "properties": { + "publicIpAddresses": [ + { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', format('{0}-PIP', parameters('natGatewayName')))]" + } + ], + "idleTimeoutInMinutes": 4 + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', format('{0}-PIP', parameters('natGatewayName')))]" + ] + }, { "type": "Microsoft.Network/networkSecurityGroups", "apiVersion": "2023-04-01", @@ -253,7 +300,7 @@ "destinationAddressPrefix": "Internet", "destinationPortRanges": [ "80", "443" ] } - } + } ] } }, From c65b3e9924cfa14c84780a97cc6a26a3960864d7 Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Tue, 1 Jul 2025 14:18:32 +0300 Subject: [PATCH 08/14] testing --- .../bicep/mgmt/network.bicep | 77 ++++++++++--------- .../contoso_motors/bicep/mgmt/network.bicep | 22 +++--- .../bicep/mgmt/network.bicep | 21 ++--- 3 files changed, 64 insertions(+), 56 deletions(-) diff --git a/azure_jumpstart_ag/contoso_hypermarket/bicep/mgmt/network.bicep b/azure_jumpstart_ag/contoso_hypermarket/bicep/mgmt/network.bicep index 9d7afd008c..34cf5a910e 100644 --- a/azure_jumpstart_ag/contoso_hypermarket/bicep/mgmt/network.bicep +++ b/azure_jumpstart_ag/contoso_hypermarket/bicep/mgmt/network.bicep @@ -61,9 +61,9 @@ var cloudK3sSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } - natGateway: deployBastion ? { - id: natGateway.id - } : null + natGateway: { + id: natGateway.id + } defaultOutboundAccess: false } } @@ -79,9 +79,11 @@ var cloudSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } - natGateway: deployBastion ? { + natGateway: deployBastion + ? { id: natGateway.id - } : null + } + : null defaultOutboundAccess: false } } @@ -117,7 +119,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2023-02-01' = if ( } } -resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = if (deployBastion == true) { +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = { name: '${natGatewayName}-PIP' location: location properties: { @@ -130,7 +132,7 @@ resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = i } } -resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = if (deployBastion == true) { +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = { name: natGatewayName location: location sku: { @@ -425,41 +427,44 @@ resource bastionHost 'Microsoft.Network/bastionHosts@2023-02-01' = if (deployBas } } -resource loadBalancerPip 'Microsoft.Network/publicIPAddresses@2024-01-01' = [for (site, i) in sites: { - name: 'Ag-LB-Public-IP-${site}' - location: location - properties: { - publicIPAllocationMethod: 'Static' - publicIPAddressVersion: 'IPv4' - idleTimeoutInMinutes: 4 - } - sku: { - name: 'Standard' +resource loadBalancerPip 'Microsoft.Network/publicIPAddresses@2024-01-01' = [ + for (site, i) in sites: { + name: 'Ag-LB-Public-IP-${site}' + location: location + properties: { + publicIPAllocationMethod: 'Static' + publicIPAddressVersion: 'IPv4' + idleTimeoutInMinutes: 4 + } + sku: { + name: 'Standard' + } } -}] +] -resource loadBalancer 'Microsoft.Network/loadBalancers@2024-01-01' = [for (site, i) in sites: { - name: 'Ag-LoadBalancer-${site}' - location: location - sku: { - name: 'Standard' - } - properties: { - frontendIPConfigurations: [ - { - name: 'Ag-LB-Frontend-${site}' - properties: { - publicIPAddress: { - id: loadBalancerPip[i].id +resource loadBalancer 'Microsoft.Network/loadBalancers@2024-01-01' = [ + for (site, i) in sites: { + name: 'Ag-LoadBalancer-${site}' + location: location + sku: { + name: 'Standard' + } + properties: { + frontendIPConfigurations: [ + { + name: 'Ag-LB-Frontend-${site}' + properties: { + publicIPAddress: { + id: loadBalancerPip[i].id + } } } - } - ] + ] + } } -}] - +] output vnetId string = cloudVirtualNetwork.id output k3sSubnetId string = cloudVirtualNetwork.properties.subnets[0].id output cloudSubnetId string = cloudVirtualNetwork.properties.subnets[1].id -output virtualNetworkNameCloud string = cloudVirtualNetwork.name \ No newline at end of file +output virtualNetworkNameCloud string = cloudVirtualNetwork.name diff --git a/azure_jumpstart_ag/contoso_motors/bicep/mgmt/network.bicep b/azure_jumpstart_ag/contoso_motors/bicep/mgmt/network.bicep index 7ef6d6cec3..190cb2384c 100644 --- a/azure_jumpstart_ag/contoso_motors/bicep/mgmt/network.bicep +++ b/azure_jumpstart_ag/contoso_motors/bicep/mgmt/network.bicep @@ -7,7 +7,6 @@ param subnetNameCloudK3s string @description('Name of the inner-loop subnet in the cloud virtual network') param subnetNameCloud string - @description('Azure Region to deploy the Log Analytics Workspace') param location string = resourceGroup().location @@ -37,7 +36,6 @@ var bastionSubnetRef = '${cloudVirtualNetwork.id}/subnets/${bastionSubnetName}' var bastionName = 'Ag-Bastion' var bastionPublicIpAddressName = '${bastionName}-PIP' - var bastionSubnet = [ { name: 'AzureBastionSubnet' @@ -59,9 +57,9 @@ var cloudK3sSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } - natGateway: deployBastion ? { - id: natGateway.id - } : null + natGateway: { + id: natGateway.id + } defaultOutboundAccess: false } } @@ -77,9 +75,11 @@ var cloudSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } - natGateway: deployBastion ? { + natGateway: deployBastion + ? { id: natGateway.id - } : null + } + : null defaultOutboundAccess: false } } @@ -96,8 +96,8 @@ resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = { ] } subnets: (deployBastion == false) - ? union(cloudK3sSubnet, cloudSubnet) - : union(cloudK3sSubnet, cloudSubnet, bastionSubnet) + ? union(cloudK3sSubnet, cloudSubnet) + : union(cloudK3sSubnet, cloudSubnet, bastionSubnet) //subnets: (deployBastion == false) ? union (cloudAKSDevSubnet,cloudAKSInnerLoopSubnet) : union(cloudAKSDevSubnet,cloudAKSInnerLoopSubnet,bastionSubnet) } } @@ -116,7 +116,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2023-02-01' = if ( } } -resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = if (deployBastion == true) { +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = { name: '${natGatewayName}-PIP' location: location properties: { @@ -129,7 +129,7 @@ resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = i } } -resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = if (deployBastion == true) { +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = { name: natGatewayName location: location sku: { diff --git a/azure_jumpstart_ag/contoso_supermarket/bicep/mgmt/network.bicep b/azure_jumpstart_ag/contoso_supermarket/bicep/mgmt/network.bicep index 9ee0ac40b7..084415925b 100644 --- a/azure_jumpstart_ag/contoso_supermarket/bicep/mgmt/network.bicep +++ b/azure_jumpstart_ag/contoso_supermarket/bicep/mgmt/network.bicep @@ -36,7 +36,6 @@ var bastionSubnetRef = '${cloudVirtualNetwork.id}/subnets/${bastionSubnetName}' var bastionName = 'Ag-Bastion' var bastionPublicIpAddressName = '${bastionName}-PIP' - var bastionSubnet = [ { name: 'AzureBastionSubnet' @@ -58,9 +57,9 @@ var cloudAKSDevSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } - natGateway: deployBastion ? { - id: natGateway.id - } : null + natGateway: { + id: natGateway.id + } defaultOutboundAccess: false } } @@ -76,9 +75,11 @@ var cloudAKSInnerLoopSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } - natGateway: deployBastion ? { + natGateway: deployBastion + ? { id: natGateway.id - } : null + } + : null defaultOutboundAccess: false } } @@ -94,11 +95,13 @@ resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = { addressPrefixCloud ] } - subnets: (deployBastion == false) ? union (cloudAKSDevSubnet,cloudAKSInnerLoopSubnet) : union(cloudAKSDevSubnet,cloudAKSInnerLoopSubnet,bastionSubnet) + subnets: (deployBastion == false) + ? union(cloudAKSDevSubnet, cloudAKSInnerLoopSubnet) + : union(cloudAKSDevSubnet, cloudAKSInnerLoopSubnet, bastionSubnet) } } -resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = if (deployBastion == true) { +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = { name: '${natGatewayName}-PIP' location: location properties: { @@ -111,7 +114,7 @@ resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = i } } -resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = if (deployBastion == true) { +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = { name: natGatewayName location: location sku: { From a3c74e2456bfa9c246d91a5088f904a328505081 Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Tue, 1 Jul 2025 14:37:36 +0300 Subject: [PATCH 09/14] refactor: remove NAT Gateway parameters and related resources from ARM templates --- .../arm_template/azuredeploy.json | 12 +- .../arm_template/mgmtArtifacts.json | 113 +++++------------- .../acsa_fault_detection/azuredeploy.json | 72 ++--------- 3 files changed, 46 insertions(+), 151 deletions(-) diff --git a/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/azuredeploy.json b/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/azuredeploy.json index 906ce2f721..a305eb6570 100644 --- a/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/azuredeploy.json +++ b/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/azuredeploy.json @@ -76,13 +76,6 @@ "description": "User's github account where they have forked https://github.com/microsoft/jumpstart-apps" }, "defaultValue": "microsoft" - }, - "natGatewayName": { - "type": "string", - "defaultValue": "JS-natGateway", - "metadata": { - "description": "Name of the NAT Gateway" - } } }, "variables": { @@ -95,7 +88,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "clientVmDeployment", - "dependsOn": [ "mgmtArtifactsAndPolicyDeployment" ], + "dependsOn": ["mgmtArtifactsAndPolicyDeployment"], "properties": { "mode": "Incremental", "templateLink": { @@ -152,9 +145,6 @@ }, "deployBastion": { "value": "[parameters('deployBastion')]" - }, - "natGatewayName": { - "value": "[parameters('natGatewayName')]" } } } diff --git a/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/mgmtArtifacts.json b/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/mgmtArtifacts.json index 043285dee8..e4bfd79499 100644 --- a/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/mgmtArtifacts.json +++ b/azure_arc_sqlsrv_jumpstart/azure/windows/defender_sql/arm_template/mgmtArtifacts.json @@ -49,13 +49,6 @@ "metadata": { "description": "Name of the Network Security Group" } - }, - "natGatewayName": { - "type": "string", - "defaultValue": "JS-natGateway", - "metadata": { - "description": "Name of the NAT Gateway" - } } }, "variables": { @@ -80,54 +73,50 @@ "bastionName": "JS-Bastion", "bastionSubnetIpPrefix": "172.16.3.64/26", "bastionPublicIpAddressName": "[concat(variables('bastionName'), '-PIP' )]", - "subnetsWithBastion": [ + "subnetsWithBastion" : [ { - "name": "[parameters('subnetName')]", - "properties": { - "addressPrefix": "[variables('subnetAddressPrefix')]", - "privateEndpointNetworkPolicies": "Enabled", - "privateLinkServiceNetworkPolicies": "Enabled", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" - } - } - }, - { - "name": "AzureBastionSubnet", - "properties": { - "addressPrefix": "[variables('bastionSubnetIpPrefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" + "name": "[parameters('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetAddressPrefix')]", + "privateEndpointNetworkPolicies": "Enabled", + "privateLinkServiceNetworkPolicies": "Enabled", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" + } + } + }, + { + "name": "AzureBastionSubnet", + "properties": { + "addressPrefix": "[variables('bastionSubnetIpPrefix')]", + "networkSecurityGroup" : { + "id" : "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" + } + } } - } - } ], - "subnetsWithoutBastion": [ + "subnetsWithoutBastion" : [ { - "name": "[parameters('subnetName')]", - "properties": { - "addressPrefix": "[variables('subnetAddressPrefix')]", - "privateEndpointNetworkPolicies": "Enabled", - "privateLinkServiceNetworkPolicies": "Enabled", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" - }, - "natGateway": "[if(parameters('deployBastion'), createObject('id', resourceId('Microsoft.Network/natGateways', parameters('natGatewayName'))), null())]", - "defaultOutboundAccess": false - - } - } + "name": "[parameters('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetAddressPrefix')]", + "privateEndpointNetworkPolicies": "Enabled", + "privateLinkServiceNetworkPolicies": "Enabled", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" + } + } + } ] }, "resources": [ { "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2024-05-01", + "apiVersion": "2023-04-01", "name": "[parameters('virtualNetworkName')]", "location": "[parameters('location')]", "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups/', parameters('networkSecurityGroupName'))]", - "[resourceId('Microsoft.Network/natGateways', parameters('natGatewayName'))]" + "[resourceId('Microsoft.Network/networkSecurityGroups/', parameters('networkSecurityGroupName'))]" ], "properties": { "addressSpace": { @@ -138,42 +127,6 @@ "subnets": "[if(not(parameters('deployBastion')),variables('subnetsWithoutBastion'),variables('subnetsWithBastion'))]" } }, - { - "condition": "[equals(parameters('deployBastion'), true())]", - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2024-07-01", - "name": "[format('{0}-PIP', parameters('natGatewayName'))]", - "location": "[parameters('location')]", - "properties": { - "publicIPAllocationMethod": "Static", - "publicIPAddressVersion": "IPv4", - "idleTimeoutInMinutes": 4 - }, - "sku": { - "name": "Standard" - } - }, - { - "condition": "[equals(parameters('deployBastion'), true())]", - "type": "Microsoft.Network/natGateways", - "apiVersion": "2024-07-01", - "name": "[parameters('natGatewayName')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard" - }, - "properties": { - "publicIpAddresses": [ - { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', format('{0}-PIP', parameters('natGatewayName')))]" - } - ], - "idleTimeoutInMinutes": 4 - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', format('{0}-PIP', parameters('natGatewayName')))]" - ] - }, { "type": "Microsoft.Network/networkSecurityGroups", "apiVersion": "2023-04-01", @@ -300,7 +253,7 @@ "destinationAddressPrefix": "Internet", "destinationPortRanges": [ "80", "443" ] } - } + } ] } }, diff --git a/azure_edge_iot_ops_jumpstart/acsa_fault_detection/azuredeploy.json b/azure_edge_iot_ops_jumpstart/acsa_fault_detection/azuredeploy.json index 5ae4c445e2..47a6290206 100644 --- a/azure_edge_iot_ops_jumpstart/acsa_fault_detection/azuredeploy.json +++ b/azure_edge_iot_ops_jumpstart/acsa_fault_detection/azuredeploy.json @@ -75,15 +75,15 @@ } }, "storageAccountName": { - "type": "string", - "metadata": { - "description": "The name of the Azure Storage account" + "type": "string", + "metadata": { + "description": "The name of the Azure Storage account" } }, "storageContainer": { - "type": "string", - "metadata": { - "description": "The name of the Azure Storage container within the specified account" + "type": "string", + "metadata": { + "description": "The name of the Azure Storage container within the specified account" } }, "password": { @@ -125,13 +125,6 @@ "description": "Name of the VNET" } }, - "natGatewayName": { - "type": "string", - "defaultValue": "ACSA-natGateway", - "metadata": { - "description": "Name of the NAT Gateway" - } - }, "subnetName": { "type": "string", "defaultValue": "Subnet", @@ -233,7 +226,7 @@ }, { "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2024-05-01", + "apiVersion": "2022-07-01", "name": "[variables('virtualNetworkName')]", "location": "[parameters('location')]", "properties": { @@ -248,9 +241,7 @@ "properties": { "addressPrefix": "[variables('subnetAddressPrefix')]", "privateEndpointNetworkPolicies": "Enabled", - "privateLinkServiceNetworkPolicies": "Enabled", - "natGateway": "[if(parameters('deployBastion'), createObject('id', resourceId('Microsoft.Network/natGateways', parameters('natGatewayName'))), null())]", - "defaultOutboundAccess": false + "privateLinkServiceNetworkPolicies": "Enabled" } }, { @@ -260,47 +251,8 @@ } } ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/natGateways', parameters('natGatewayName'))]" - ] - }, - { - "condition": "[equals(parameters('deployBastion'), true())]", - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2024-07-01", - "name": "[format('{0}-PIP', parameters('natGatewayName'))]", - "location": "[parameters('location')]", - "properties": { - "publicIPAllocationMethod": "Static", - "publicIPAddressVersion": "IPv4", - "idleTimeoutInMinutes": 4 - }, - "sku": { - "name": "Standard" } }, - { - "condition": "[equals(parameters('deployBastion'), true())]", - "type": "Microsoft.Network/natGateways", - "apiVersion": "2024-07-01", - "name": "[parameters('natGatewayName')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard" - }, - "properties": { - "publicIpAddresses": [ - { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', format('{0}-PIP', parameters('natGatewayName')))]" - } - ], - "idleTimeoutInMinutes": 4 - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', format('{0}-PIP', parameters('natGatewayName')))]" - ] - }, { "type": "Microsoft.Network/publicIpAddresses", "apiVersion": "2022-07-01", @@ -379,10 +331,10 @@ "typeHandlerVersion": "1.10", "autoUpgradeMinorVersion": true, "protectedSettings": { - "fileUris": [ - "[uri(variables('templateBaseUrl'), concat('artifacts/Bootstrap.ps1'))]" - ], - "commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -File Bootstrap.ps1', ' -adminUsername ', parameters('adminUsername'), ' -appId ', parameters('appId'), ' -password ', parameters('password'), ' -tenantId ', parameters('tenantId'), ' -subscriptionId ', subscription().subscriptionId, ' -resourceGroup ', resourceGroup().name, ' -location ', resourceGroup().location, ' -kubernetesDistribution ', parameters('kubernetesDistribution'), ' -windowsNode ', parameters('windowsNode'), ' -templateBaseUrl ', variables('templateBaseUrl'), ' -storageAccountName ', parameters('storageAccountName'), ' -storageContainer ', parameters('storageContainer'))]" + "fileUris": [ + "[uri(variables('templateBaseUrl'), concat('artifacts/Bootstrap.ps1'))]" + ], + "commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -File Bootstrap.ps1', ' -adminUsername ', parameters('adminUsername'), ' -appId ', parameters('appId'), ' -password ', parameters('password'), ' -tenantId ', parameters('tenantId'), ' -subscriptionId ', subscription().subscriptionId, ' -resourceGroup ', resourceGroup().name, ' -location ', resourceGroup().location, ' -kubernetesDistribution ', parameters('kubernetesDistribution'), ' -windowsNode ', parameters('windowsNode'), ' -templateBaseUrl ', variables('templateBaseUrl'), ' -storageAccountName ', parameters('storageAccountName'), ' -storageContainer ', parameters('storageContainer'))]" } } }, From 7cf5bffa35cffe3419329e92cc1f8fa6cfa8f599 Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Tue, 1 Jul 2025 14:52:24 +0300 Subject: [PATCH 10/14] refactor: streamline NAT Gateway configuration and improve subnet handling in Bicep templates --- .../bicep/mgmt/mgmtArtifacts.bicep | 97 +++++++++++-------- 1 file changed, 57 insertions(+), 40 deletions(-) diff --git a/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep b/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep index 50e2a3e59f..39f573a1cb 100644 --- a/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep +++ b/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep @@ -103,24 +103,26 @@ var primarySubnet = [ networkSecurityGroup: { id: networkSecurityGroup.id } - natGateway: deployBastion ? { - id: natGateway.id - } : null + natGateway: { + id: natGateway.id + } defaultOutboundAccess: false } } ] -var bastionSubnet = bastionSku != 'Developer' ? [ - { - name: 'AzureBastionSubnet' - properties: { - addressPrefix: bastionSubnetIpPrefix - networkSecurityGroup: { - id: bastionNetworkSecurityGroup.id +var bastionSubnet = bastionSku != 'Developer' + ? [ + { + name: 'AzureBastionSubnet' + properties: { + addressPrefix: bastionSubnetIpPrefix + networkSecurityGroup: { + id: bastionNetworkSecurityGroup.id + } + } } - } - } -] : [] + ] + : [] var dataOpsSubnets = [ { name: aksSubnetName @@ -131,9 +133,9 @@ var dataOpsSubnets = [ networkSecurityGroup: { id: networkSecurityGroup.id } - natGateway: deployBastion ? { - id: natGateway.id - } : null + natGateway: { + id: natGateway.id + } defaultOutboundAccess: false } } @@ -146,9 +148,11 @@ var dataOpsSubnets = [ networkSecurityGroup: { id: networkSecurityGroup.id } - natGateway: deployBastion ? { + natGateway: deployBastion + ? { id: natGateway.id - } : null + } + : null defaultOutboundAccess: false } } @@ -169,7 +173,15 @@ resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = { dhcpOptions: { dnsServers: dnsServers } - subnets: (deployBastion == false && flavor != 'DataOps') ? primarySubnet : (deployBastion == false && flavor == 'DataOps') ? union(primarySubnet,dataOpsSubnets) : (deployBastion == true && flavor != 'DataOps') ? union(primarySubnet,bastionSubnet) : (deployBastion == true && flavor == 'DataOps') ? union(primarySubnet,bastionSubnet,dataOpsSubnets) : primarySubnet + subnets: (deployBastion == false && flavor != 'DataOps') + ? primarySubnet + : (deployBastion == false && flavor == 'DataOps') + ? union(primarySubnet, dataOpsSubnets) + : (deployBastion == true && flavor != 'DataOps') + ? union(primarySubnet, bastionSubnet) + : (deployBastion == true && flavor == 'DataOps') + ? union(primarySubnet, bastionSubnet, dataOpsSubnets) + : primarySubnet } } @@ -196,9 +208,11 @@ resource drVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = if (f networkSecurityGroup: { id: networkSecurityGroup.id } - natGateway: deployBastion ? { - id: natGateway.id - } : null + natGateway: deployBastion + ? { + id: natGateway.id + } + : null defaultOutboundAccess: false } } @@ -206,7 +220,7 @@ resource drVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = if (f } } -resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = if (deployBastion == true) { +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = { name: '${natGatewayName}-PIP' location: location properties: { @@ -219,7 +233,7 @@ resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = i } } -resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = if (deployBastion == true) { +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = { name: natGatewayName location: location sku: { @@ -513,7 +527,6 @@ resource bastionNetworkSecurityGroup 'Microsoft.Network/networkSecurityGroups@20 } } - resource workspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { name: workspaceName location: location @@ -565,22 +578,26 @@ resource bastionHost 'Microsoft.Network/bastionHosts@2024-05-01' = if (deployBas name: bastionSku } properties: { - virtualNetwork: bastionSku == 'Developer' ? { - id: arcVirtualNetwork.id - } : null - ipConfigurations: bastionSku != 'Developer' ? [ - { - name: 'IpConf' - properties: { - publicIPAddress: { - id: publicIpAddress.id - } - subnet: { - id: bastionSubnetRef - } + virtualNetwork: bastionSku == 'Developer' + ? { + id: arcVirtualNetwork.id } - } - ] : null + : null + ipConfigurations: bastionSku != 'Developer' + ? [ + { + name: 'IpConf' + properties: { + publicIPAddress: { + id: publicIpAddress.id + } + subnet: { + id: bastionSubnetRef + } + } + } + ] + : null } } From a2065d8b13f358b53e18db5c6a52db740c1d2666 Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Tue, 1 Jul 2025 14:59:48 +0300 Subject: [PATCH 11/14] refactor: update SKU from Basic to Standard for public IP resources in Bicep templates --- azure_jumpstart_ag/contoso_motors/bicep/clientVm/clientVm.bicep | 2 +- .../contoso_supermarket/bicep/clientVm/clientVm.bicep | 2 +- azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancher.bicep | 2 +- azure_jumpstart_arcbox/bicep/mgmt/addsVm.bicep | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/azure_jumpstart_ag/contoso_motors/bicep/clientVm/clientVm.bicep b/azure_jumpstart_ag/contoso_motors/bicep/clientVm/clientVm.bicep index 08727ff682..b948c2861f 100644 --- a/azure_jumpstart_ag/contoso_motors/bicep/clientVm/clientVm.bicep +++ b/azure_jumpstart_ag/contoso_motors/bicep/clientVm/clientVm.bicep @@ -120,7 +120,7 @@ resource publicIpAddress 'Microsoft.Network/publicIpAddresses@2023-02-01' = if ( idleTimeoutInMinutes: 4 } sku: { - name: 'Basic' + name: 'Standard' } } diff --git a/azure_jumpstart_ag/contoso_supermarket/bicep/clientVm/clientVm.bicep b/azure_jumpstart_ag/contoso_supermarket/bicep/clientVm/clientVm.bicep index 91bc966730..2d7cc3d8ab 100644 --- a/azure_jumpstart_ag/contoso_supermarket/bicep/clientVm/clientVm.bicep +++ b/azure_jumpstart_ag/contoso_supermarket/bicep/clientVm/clientVm.bicep @@ -129,7 +129,7 @@ resource publicIpAddress 'Microsoft.Network/publicIpAddresses@2023-02-01' = if ( idleTimeoutInMinutes: 4 } sku: { - name: 'Basic' + name: 'Standard' } } diff --git a/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancher.bicep b/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancher.bicep index a04c243779..9df290fb8d 100644 --- a/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancher.bicep +++ b/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancher.bicep @@ -64,7 +64,7 @@ resource publicIpAddresses 'Microsoft.Network/publicIPAddresses@2024-05-01' = [f idleTimeoutInMinutes: 4 } sku: { - name: 'Basic' + name: 'Standard' } }] diff --git a/azure_jumpstart_arcbox/bicep/mgmt/addsVm.bicep b/azure_jumpstart_arcbox/bicep/mgmt/addsVm.bicep index 81a866af65..d4fbbd68b8 100644 --- a/azure_jumpstart_arcbox/bicep/mgmt/addsVm.bicep +++ b/azure_jumpstart_arcbox/bicep/mgmt/addsVm.bicep @@ -74,7 +74,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2024-05-01' = if ( idleTimeoutInMinutes: 4 } sku: { - name: 'Basic' + name: 'Standard' tier: 'Regional' } } From 01deafc0138ead90f140cd2db9c2ea479854569e Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Tue, 1 Jul 2025 15:06:33 +0300 Subject: [PATCH 12/14] refactor: update SKU from Basic to Standard for public IP resources in Bicep templates --- .../contoso_hypermarket/bicep/clientVm/clientVm.bicep | 2 +- .../contoso_hypermarket/bicep/kubernetes/ubuntuRancher.bicep | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/azure_jumpstart_ag/contoso_hypermarket/bicep/clientVm/clientVm.bicep b/azure_jumpstart_ag/contoso_hypermarket/bicep/clientVm/clientVm.bicep index 42cfd50d2a..99660fed5e 100644 --- a/azure_jumpstart_ag/contoso_hypermarket/bicep/clientVm/clientVm.bicep +++ b/azure_jumpstart_ag/contoso_hypermarket/bicep/clientVm/clientVm.bicep @@ -124,7 +124,7 @@ resource publicIpAddress 'Microsoft.Network/publicIpAddresses@2023-02-01' = if ( idleTimeoutInMinutes: 4 } sku: { - name: 'Basic' + name: 'Standard' } } diff --git a/azure_jumpstart_ag/contoso_hypermarket/bicep/kubernetes/ubuntuRancher.bicep b/azure_jumpstart_ag/contoso_hypermarket/bicep/kubernetes/ubuntuRancher.bicep index a3f084e75b..04590983cf 100644 --- a/azure_jumpstart_ag/contoso_hypermarket/bicep/kubernetes/ubuntuRancher.bicep +++ b/azure_jumpstart_ag/contoso_hypermarket/bicep/kubernetes/ubuntuRancher.bicep @@ -56,7 +56,7 @@ resource publicIpAddresses 'Microsoft.Network/publicIpAddresses@2022-01-01' = [f idleTimeoutInMinutes: 4 } sku: { - name: 'Basic' + name: 'Standard' } }] From 050faa17eb5b120c563500ba7f8a8ab1fbf3d944 Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Tue, 1 Jul 2025 15:22:09 +0300 Subject: [PATCH 13/14] refactor: simplify NAT Gateway configuration in Bicep templates --- azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep b/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep index 39f573a1cb..ab4f75ec38 100644 --- a/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep +++ b/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep @@ -208,11 +208,9 @@ resource drVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = if (f networkSecurityGroup: { id: networkSecurityGroup.id } - natGateway: deployBastion - ? { - id: natGateway.id - } - : null + natGateway: { + id: natGateway.id + } defaultOutboundAccess: false } } From 77636e69c960cf3de87af9a79645c895fe90c035 Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Wed, 2 Jul 2025 16:04:56 +0300 Subject: [PATCH 14/14] refactor: update default NAT Gateway name to 'LocalBox-NatGateway' in Bicep templates --- azure_jumpstart_localbox/bicep/main.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure_jumpstart_localbox/bicep/main.bicep b/azure_jumpstart_localbox/bicep/main.bicep index 315af0d58d..50c9029be2 100644 --- a/azure_jumpstart_localbox/bicep/main.bicep +++ b/azure_jumpstart_localbox/bicep/main.bicep @@ -44,7 +44,7 @@ param autoUpgradeClusterResource bool = false param vmAutologon bool = true @description('Name of the NAT Gateway') -param natGatewayName string = 'Ag-NatGateway' +param natGatewayName string = 'LocalBox-NatGateway' @description('The size of the Virtual Machine') @allowed([