From 3a060dca12f10133747e25892ed8051c834ea404 Mon Sep 17 00:00:00 2001 From: v-nikitaraut <143481963+v-nikitaraut@users.noreply.github.com> Date: Tue, 8 Oct 2024 22:13:43 +0530 Subject: [PATCH] Persoanl/v nikitaraut fhirservice with privatelink (#241) * add arm template for fhirservice with privatelink * added readme file * added bicep template and updated readme file --- .../fhirservice-with-privatelink/ReadMe.md | 144 ++++++++ .../fhirservice-with-privatelink/main.bicep | 277 +++++++++++++++ .../fhirservice-with-privatelink/main.json | 328 ++++++++++++++++++ .../main.parameters.json | 18 + .../uiDefForm.json | 111 ++++++ 5 files changed, 878 insertions(+) create mode 100644 samples/fhirservice-with-privatelink/ReadMe.md create mode 100644 samples/fhirservice-with-privatelink/main.bicep create mode 100644 samples/fhirservice-with-privatelink/main.json create mode 100644 samples/fhirservice-with-privatelink/main.parameters.json create mode 100644 samples/fhirservice-with-privatelink/uiDefForm.json diff --git a/samples/fhirservice-with-privatelink/ReadMe.md b/samples/fhirservice-with-privatelink/ReadMe.md new file mode 100644 index 0000000..a18427d --- /dev/null +++ b/samples/fhirservice-with-privatelink/ReadMe.md @@ -0,0 +1,144 @@ +# Deploying Azure FHIR Service with Private Endpoint + Follow this guide to deploy the FHIR Server using Azure Private Link for secure, private access within your network + +# Prerequisites needed +1. An Azure account + - You must have an active Azure account. If you don't have one, you can sign up [here](https://azure.microsoft.com/en-us/free/). + +2. Virtual Network (VNet) and Subnet + - A virtual network and subnet are required for deploying the private endpoint. If you don’t have one, you can create it by following [this guide](https://learn.microsoft.com/en-us/azure/virtual-network/quick-create-portal). +3. Virtual Machine (VM) + - A virtual machine is required to access the FHIR service through the private endpoint. + - The VM must be in the same VNet where the FHIR service is deployed for secure access through the private endpoint. + If you don’t have one, you can create it by following [this guide](https://learn.microsoft.com/en-us/azure/virtual-network/quick-create-portal#create-virtual-machines) + +4. Postman + - Once the Virtual Machine is set up, install [Postman](https://www.postman.com/downloads/) on it to access the FHIR service endpoints. Postman can be used to interact with the FHIR API. + +# 1. Overview +By integrating Azure Private Link, you can secure the FHIR service within a virtual network (VNet) and restrict access to authorized resources within your private network. This setup ensures that sensitive healthcare data remains private and inaccessible over the public internet. + +## Deployed Components +When you deploy the ARM/Bicep template, the following components will be created: + +1. Azure FHIR Service + - A managed service to store and manage healthcare data in FHIR format. + +2. Private Endpoint + - A private link that connects your FHIR service securely to your virtual network, making the service accessible only from within the VNet or peered VNets. + +3. Private DNS Zone + - A DNS zone that allows private domain resolution for the FHIR service within your VNet, ensuring that traffic remains within the private network. + + +# 2. Deploy Azure FHIR Service with Private Endpoint + +### Option A: Deploy through Azure Portal +Use the Deploy to Azure button to deploy the Azure FHIR Service with a private endpoint through the Azure Portal. + +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fazure-health-data-and-ai-samples%2Frefs%2Fheads%2Fmain%2Fsamples%2Ffhirservice-with-privatelink%2Fmain.json/createUIDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fazure-health-data-and-ai-samples%2Frefs%2Fheads%2Fmain%2Fsamples%2Ffhirservice-with-privatelink%2FuiDefForm.json) + +Notes:
+- Choose a unique "Prefix for all resources" during deployment. + +### Option B: Deploy manually through an ARM/Bicep template +You can manually deploy the Azure FHIR Service with a private endpoint by using the ARM/Bicep template. +
+
+Click to expand to see manual deployment instructions. + +1. Clone this repo + ```azurecli + git clone https://github.com/Azure-Samples/azure-health-data-and-ai-samples.git --depth 1 + ``` +2. Log in to Azure + Before you begin, ensure that you are logged in to your Azure account. If you are not already logged in, follow these steps: + ``` + az login + ``` +3. Set the Azure Subscription + If you have multiple Azure subscriptions and need to specify which one to use for this deployment, use the az account set command: + ``` + az account set --subscription [Subscription Name or Subscription ID] + ``` + Replace [Subscription Name or Subscription ID] with the name or ID of the subscription you want to use for this deployment. You can find your subscription information by running az account list. + + **Note** : This step is particularly important if you have multiple subscriptions, as it ensures that the resources are deployed to the correct subscription. + +4. If needed, create a resource group + + If you don't already have a resource group that you want to use, use the following command to create a resource group. + ``` + az group create --name --location + ``` + Replace <*resource_group_name*> with your desired name and <*location*> with the Azure region where you want to create the resource group + +5. Deploy the FHIR service + Now, you can initiate the deployment using the Azure CLI + ``` + az deployment group create --resource-group --template-file --parameters + ``` + - <*resource-group-name*>: Replace this with the name of the resource group you want to use. + - <*path-to-template*>: Provide the path to the ARM/Bicep template file i.e. main.json or main.bicep under samples/fhirservice-with-privatelink folder. + - <*path-to-parameter*>: Specify the path to the parameters file i.e. main.parameters.json under samples/fhirservice-with-privatelink folder. +

+ **NOTE** : Please update the **main.parameters.json** file with the configurations that you need. + + |Parameter | Description | Example Value | + |---|---|---| + | prefix | Unique prefix for naming resources.| "pvt"| + | virtualNetworkName | Name of the virtual network to use.| "myVnet" + |virtualNetworkResourceGroup| Resource group where the virtual network is located.| "myResourceGroup" | + |subnetName|Name of the subnet to use.|"default"| + + +
+
+ +# 3. Access the FHIR Service Using Postman on Your Virtual Machine (VM) +Once the FHIR service is deployed and the private endpoint is created, you can use Postman installed on your Virtual Machine (VM) to interact with the FHIR API securely. Here’s how to set it up: + +## Step 1: Connect to Your VM +- Open the Azure Portal and navigate to your Virtual Machine resource. +- Click on Connect to access your VM. You can use RDP, SSH, or Bastion depending on your configuration. +- Once connected, ensure that Postman is installed on your VM. + +## Step 2: Retrieve FHIR Service Endpoint +- In the Azure Portal, go to your deployed FHIR service resource. +- Under Overview, locate the FHIR service URL (e.g., https://[your-fhir-service-name].azurehealthcareapis.com). +Copy this URL. This will be the base URL for accessing the FHIR service through Postman. + +## Step 3: Configure Postman +- Open Postman on your VM. +- Create a new GET request. +In the URL field, paste the FHIR service URL (e.g., https://[your-fhir-service-name].azurehealthcareapis.com/Patient). +- Add the required headers for authentication: + - Authorization: You will need a valid Azure Active Directory (AAD) token to authenticate your request. Use the following steps to generate a token. + +## Step 4: Get an Azure AD Token +- In Postman, go to Authorization and choose OAuth 2.0 and click on Get New Access Token. +Fill in the following fields: +1. Token Name: Choose a name for the token. +2. Grant Type: Authorization Code or Client Credentials (depending on your setup). +3. Callback URL: Can be any URL since it's not needed for client credentials flow. +4. Auth URL: https://login.microsoftonline.com//oauth2/v2.0/authorize +5. Access Token URL: https://login.microsoftonline.com//oauth2/v2.0/token +6. Client ID: Your Azure App registration’s client ID. +7. Client Secret: Your Azure App registration’s client secret. +8. Scope: https://.azurehealthcareapis.com/.default
+ +Click Request Token and once you receive the token, click Use Token. + +## Step 5: Send a Request to the FHIR Service +- In Postman, make sure the Authorization header includes your newly generated Bearer token. +- Add a GET request to retrieve FHIR data (e.g., GET https://[your-fhir-service-name].azurehealthcareapis.com/Patient). +- Click Send. If everything is set up correctly, you should receive a response from the FHIR service with a list of FHIR Patient resources. + +## Step 6: Troubleshoot Connectivity Issues +- If you're unable to connect, ensure that: +The VM is in the same VNet where the private endpoint is deployed. +- Network security groups (NSGs) and firewalls allow traffic within the VNet. +- You are using the correct FHIR service URL and have a valid AAD token. + + +This setup allows you to securely query the FHIR service through the private endpoint using Postman, ensuring that all interactions are contained within your private network. \ No newline at end of file diff --git a/samples/fhirservice-with-privatelink/main.bicep b/samples/fhirservice-with-privatelink/main.bicep new file mode 100644 index 0000000..35c6c85 --- /dev/null +++ b/samples/fhirservice-with-privatelink/main.bicep @@ -0,0 +1,277 @@ +@description('Prefix for all resources') +param prefix string + +@description('Location for all resources.') +param location string = resourceGroup().location + +@metadata({ decription: 'Name of the virtual network to use.' }) +param virtualNetworkName string + +@metadata({ decription: 'Resource group where the virtual network is located.' }) +param virtualNetworkResourceGroup string + +@metadata({ decription: 'Name of the subnet to use.' }) +param subnetName string + +var deploymentPrefix = substring(uniqueString(prefix, resourceGroup().id), 0, 6) +var workspaceName = '${deploymentPrefix}wkspc' +var fhirservicename = '${deploymentPrefix}fhirserver' +var privateEndpointName = '${deploymentPrefix}-privateEndpoint' +var networkInterfacename_var = '${deploymentPrefix}nic' +var privateDnsZonePrivatelinkNameFhir_var = 'privatelink.azurehealthcareapis.com' +var privateDnsZonePrivatelinkNameDicom_var = 'privatelink.dicom.azurehealthcareapis.com' +var tenantId = subscription().tenantId + +resource workspace 'Microsoft.HealthcareApis/workspaces@2024-03-31' = { + name: workspaceName + location: location + tags: { + Use: 'Fhir Service on Virtual network with private link' + } + properties: { + publicNetworkAccess: 'Disabled' + } +} + +resource privateEndpoint 'Microsoft.Network/privateEndpoints@2024-01-01' = { + name: privateEndpointName + location: location + properties: { + privateLinkServiceConnections: [ + { + name: privateEndpointName + properties: { + privateLinkServiceId: workspace.id + groupIds: [ + 'healthcareworkspace' + ] + privateLinkServiceConnectionState: { + status: 'Approved' + description: 'Auto-Approved' + actionsRequired: 'None' + } + } + } + ] + manualPrivateLinkServiceConnections: [] + customNetworkInterfaceName: '${privateEndpointName}-nic' + subnet: { + id: resourceId( + virtualNetworkResourceGroup, + 'Microsoft.Network/virtualNetworks/subnets', + virtualNetworkName, + subnetName + ) + } + ipConfigurations: [] + customDnsConfigs: [] + } + dependsOn: [ + workspaceName_fhirservicename + ] +} + +resource privateDnsZonePrivatelinkNameFhir 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: privateDnsZonePrivatelinkNameFhir_var + location: 'global' +} + +resource privateDnsZonePrivatelinkNameDicom 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: privateDnsZonePrivatelinkNameDicom_var + location: 'global' + properties: {} +} + +resource privateDnsZonePrivatelinkNameFhir_deploymentPrefix 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = { + parent: privateDnsZonePrivatelinkNameFhir + name: '${deploymentPrefix}' + location: 'global' + properties: { + registrationEnabled: false + virtualNetwork: { + id: resourceId(virtualNetworkResourceGroup, 'Microsoft.Network/virtualNetworks', virtualNetworkName) + } + } +} + +resource privateDnsZonePrivatelinkNameDicom_deploymentPrefix 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = { + parent: privateDnsZonePrivatelinkNameDicom + name: '${deploymentPrefix}' + location: 'global' + properties: { + registrationEnabled: false + virtualNetwork: { + id: resourceId(virtualNetworkResourceGroup, 'Microsoft.Network/virtualNetworks', virtualNetworkName) + } + } +} + +resource privateEndpointName_default 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2024-01-01' = { + name: '${privateEndpointName}/default' + properties: { + privateDnsZoneConfigs: [ + { + name: 'privatelink-azurehealthcareapis-com' + properties: { + privateDnsZoneId: privateDnsZonePrivatelinkNameFhir.id + } + } + { + name: 'privatelink-dicom-azurehealthcareapis-com' + properties: { + privateDnsZoneId: privateDnsZonePrivatelinkNameDicom.id + } + } + ] + } + dependsOn: [ + privateEndpoint + ] +} + +resource networkInterfacename 'Microsoft.Network/networkInterfaces@2024-01-01' = { + name: networkInterfacename_var + location: location + kind: 'Regular' + properties: { + ipConfigurations: [ + { + name: 'ipconfig1' + type: 'Microsoft.Network/networkInterfaces/ipConfigurations' + properties: { + privateIPAddress: '10.0.0.6' + privateIPAllocationMethod: 'Dynamic' + subnet: { + id: resourceId( + virtualNetworkResourceGroup, + 'Microsoft.Network/virtualNetworks/subnets', + virtualNetworkName, + subnetName + ) + } + primary: true + privateIPAddressVersion: 'IPv4' + } + } + ] + dnsSettings: { + dnsServers: [] + } + enableAcceleratedNetworking: true + enableIPForwarding: false + disableTcpStateTracking: false + nicType: 'Standard' + auxiliaryMode: 'None' + auxiliarySku: 'None' + } + dependsOn: [] +} + +resource workspaceName_fhirservicename 'Microsoft.HealthcareApis/workspaces/fhirservices@2024-03-31' = { + parent: workspace + name: '${fhirservicename}' + location: location + kind: 'fhir-R4' + identity: { + type: 'None' + } + properties: { + acrConfiguration: { + loginServers: [] + } + authenticationConfiguration: { + authority: 'https://login.microsoftonline.com/${tenantId}' + audience: 'https://${workspaceName}-${fhirservicename}.fhir.azurehealthcareapis.com' + smartProxyEnabled: false + smartIdentityProviders: [] + } + corsConfiguration: { + origins: [] + headers: [] + methods: [] + allowCredentials: false + } + exportConfiguration: {} + importConfiguration: { + enabled: false + initialImportMode: false + } + resourceVersionPolicyConfiguration: { + default: 'versioned' + resourceTypeOverrides: {} + } + implementationGuidesConfiguration: { + usCoreMissingData: false + } + encryption: { + customerManagedKeyEncryption: {} + } + publicNetworkAccess: 'Disabled' + } +} + +resource privateDnsZonePrivatelinkNameFhir_workspaceName_fhirserv_fhir 'Microsoft.Network/privateDnsZones/A@2020-06-01' = { + parent: privateDnsZonePrivatelinkNameFhir + name: '${workspaceName}-fhirserv.fhir' + properties: { + metadata: { + creator: 'created by private endpoint' + } + ttl: 10 + aRecords: [ + { + ipv4Address: '10.0.0.5' + } + ] + } +} + +resource privateDnsZonePrivatelinkNameFhir_workspaceName_workspace 'Microsoft.Network/privateDnsZones/A@2020-06-01' = { + parent: privateDnsZonePrivatelinkNameFhir + name: '${workspaceName}-workspace' + properties: { + metadata: { + creator: 'created by private endpoint' + } + ttl: 10 + aRecords: [ + { + ipv4Address: '10.0.0.4' + } + ] + } +} + +resource Microsoft_Network_privateDnsZones_SOA_privateDnsZonePrivatelinkNameFhir 'Microsoft.Network/privateDnsZones/SOA@2020-06-01' = { + parent: privateDnsZonePrivatelinkNameFhir + name: '@' + properties: { + ttl: 3600 + soaRecord: { + email: 'azureprivatedns-host.microsoft.com' + expireTime: 2419200 + host: 'azureprivatedns.net' + minimumTtl: 10 + refreshTime: 3600 + retryTime: 300 + serialNumber: 1 + } + } +} + +resource Microsoft_Network_privateDnsZones_SOA_privateDnsZonePrivatelinkNameDicom 'Microsoft.Network/privateDnsZones/SOA@2020-06-01' = { + parent: privateDnsZonePrivatelinkNameDicom + name: '@' + properties: { + ttl: 3600 + soaRecord: { + email: 'azureprivatedns-host.microsoft.com' + expireTime: 2419200 + host: 'azureprivatedns.net' + minimumTtl: 10 + refreshTime: 3600 + retryTime: 300 + serialNumber: 1 + } + } +} diff --git a/samples/fhirservice-with-privatelink/main.json b/samples/fhirservice-with-privatelink/main.json new file mode 100644 index 0000000..dceb635 --- /dev/null +++ b/samples/fhirservice-with-privatelink/main.json @@ -0,0 +1,328 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "prefix": { + "type": "string", + "metadata": { + "description": "Prefix for all resources" + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Location for all resources." + } + }, + "virtualNetworkName": { + "type": "string", + "metadata": { + "decription":"Name of the virtual network to use." + } + }, + "virtualNetworkResourceGroup": { + "type": "string", + "metadata": { + "decription":"Resource group where the virtual network is located." + } + }, + "subnetName": { + "type": "string", + "metadata": { + "decription":"Name of the subnet to use." + } + } + }, + "variables": { + "deploymentPrefix": "[substring(uniquestring(parameters('prefix'), resourceGroup().id), 0, 6)]", + "workspaceName": "[format('{0}{1}', variables('deploymentPrefix'), 'wkspc')]", + "fhirservicename":"[format('{0}{1}', variables('deploymentPrefix'), 'fhirserver')]", + "privateEndpointName": "[format('{0}{1}', variables('deploymentPrefix'), '-privateEndpoint')]", + "networkInterfacename": "[format('{0}{1}', variables('deploymentPrefix'), 'nic')]", + "privateDnsZonePrivatelinkNameFhir": "privatelink.azurehealthcareapis.com", + "privateDnsZonePrivatelinkNameDicom": "privatelink.dicom.azurehealthcareapis.com", + "tenantId": "[subscription().tenantId]" + + }, + "resources": [ + { + "type": "Microsoft.HealthcareApis/workspaces", + "apiVersion": "2024-03-31", + "name": "[variables('workspaceName')]", + "location": "[parameters('location')]", + "tags": { + "Use": "Fhir Service on Virtual network with private link" + }, + "properties": { + "publicNetworkAccess": "Disabled" + } + }, + { + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2024-01-01", + "name": "[variables('privateEndpointName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.HealthcareApis/workspaces', variables('workspaceName'))]", + "[resourceId('Microsoft.HealthcareApis/workspaces/fhirservices', variables('workspaceName'),variables('fhirservicename'))]" + + ], + "properties": { + "privateLinkServiceConnections": [ + { + "name": "[variables('privateEndpointName')]", + "id": "[concat(resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName')), concat('/privateLinkServiceConnections/', variables('privateEndpointName')))]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.HealthcareApis/workspaces', variables('workspaceName'))]", + "groupIds": [ + "healthcareworkspace" + ], + "privateLinkServiceConnectionState": { + "status": "Approved", + "description": "Auto-Approved", + "actionsRequired": "None" + } + } + } + ], + "manualPrivateLinkServiceConnections": [], + "customNetworkInterfaceName": "[concat(variables('privateEndpointName'), '-nic')]", + "subnet": { + "id": "[resourceId(parameters('virtualNetworkResourceGroup'),'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName'))]" + }, + "ipConfigurations": [], + "customDnsConfigs": [] + } + }, + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[variables('privateDnsZonePrivatelinkNameFhir')]", + "location": "global" + }, + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[variables('privateDnsZonePrivatelinkNameDicom')]", + "location": "global", + "properties": {} + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[concat(variables('privateDnsZonePrivatelinkNameFhir'), '/',variables('deploymentPrefix'))]", + "location": "global", + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZonePrivatelinkNameFhir'))]" + ], + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[resourceId(parameters('virtualNetworkResourceGroup'),'Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" + } + } + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[concat(variables('privateDnsZonePrivatelinkNameDicom'),'/',variables('deploymentPrefix'))]", + "location": "global", + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZonePrivatelinkNameDicom'))]" + ], + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[resourceId(parameters('virtualNetworkResourceGroup'),'Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" + } + } + }, + { + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2024-01-01", + "name": "[concat(variables('privateEndpointName'), '/default')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]", + "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZonePrivatelinkNameFhir'))]", + "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZonePrivatelinkNameDicom'))]" + ], + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "privatelink-azurehealthcareapis-com", + "properties": { + "privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZonePrivatelinkNameFhir'))]" + } + }, + { + "name": "privatelink-dicom-azurehealthcareapis-com", + "properties": { + "privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZonePrivatelinkNameDicom'))]" + } + } + ] + } + }, + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2024-01-01", + "name": "[variables('networkInterfacename')]", + "location": "[parameters('location')]", + "dependsOn": [ ], + "kind": "Regular", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "id": "[concat(resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfacename')), '/ipConfigurations/ipconfig1')]", + "type": "Microsoft.Network/networkInterfaces/ipConfigurations", + "properties": { + "privateIPAddress": "10.0.0.6", + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[resourceId(parameters('virtualNetworkResourceGroup'),'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName'))]" + }, + "primary": true, + "privateIPAddressVersion": "IPv4" + } + } + ], + "dnsSettings": { + "dnsServers": [] + }, + "enableAcceleratedNetworking": true, + "enableIPForwarding": false, + "disableTcpStateTracking": false, + "nicType": "Standard", + "auxiliaryMode": "None", + "auxiliarySku": "None" + } + }, + + { + "type": "Microsoft.HealthcareApis/workspaces/fhirservices", + "apiVersion": "2024-03-31", + "name": "[concat(variables('workspaceName'), '/',variables('fhirservicename'))]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.HealthcareApis/workspaces', variables('workspaceName'))]" + ], + "kind": "fhir-R4", + "identity": { + "type": "None" + }, + "properties": { + "acrConfiguration": { + "loginServers": [] + }, + "authenticationConfiguration": { + "authority": "[concat('https://login.microsoftonline.com/', variables('tenantId'))]", + "audience": "[concat('https://', variables('workspaceName'), '-',variables('fhirservicename'),'.fhir.azurehealthcareapis.com')]", + "smartProxyEnabled": false, + "smartIdentityProviders": [] + }, + "corsConfiguration": { + "origins": [], + "headers": [], + "methods": [], + "allowCredentials": false + }, + "exportConfiguration": {}, + "importConfiguration": { + "enabled": false, + "initialImportMode": false + }, + "resourceVersionPolicyConfiguration": { + "default": "versioned", + "resourceTypeOverrides": {} + }, + "implementationGuidesConfiguration": { + "usCoreMissingData": false + }, + "encryption": { + "customerManagedKeyEncryption": {} + }, + "publicNetworkAccess": "Disabled" + } + }, + { + "type": "Microsoft.Network/privateDnsZones/A", + "apiVersion": "2020-06-01", + "name": "[concat(variables('privateDnsZonePrivatelinkNameFhir'), '/',variables('workspaceName'),'-fhirserv.fhir')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZonePrivatelinkNameFhir'))]" + ], + "properties": { + "metadata": { + "creator": "created by private endpoint" + }, + "ttl": 10, + "aRecords": [ + { + "ipv4Address": "10.0.0.5" + } + ] + } + }, + { + "type": "Microsoft.Network/privateDnsZones/A", + "apiVersion": "2020-06-01", + "name": "[concat(variables('privateDnsZonePrivatelinkNameFhir'), '/',variables('workspaceName'),'-workspace')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZonePrivatelinkNameFhir'))]" + ], + "properties": { + "metadata": { + "creator": "created by private endpoint" + }, + "ttl": 10, + "aRecords": [ + { + "ipv4Address": "10.0.0.4" + } + ] + } + }, + { + "type": "Microsoft.Network/privateDnsZones/SOA", + "apiVersion": "2020-06-01", + "name": "[concat(variables('privateDnsZonePrivatelinkNameFhir'), '/@')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZonePrivatelinkNameFhir'))]" + ], + "properties": { + "ttl": 3600, + "soaRecord": { + "email": "azureprivatedns-host.microsoft.com", + "expireTime": 2419200, + "host": "azureprivatedns.net", + "minimumTtl": 10, + "refreshTime": 3600, + "retryTime": 300, + "serialNumber": 1 + } + } + }, + { + "type": "Microsoft.Network/privateDnsZones/SOA", + "apiVersion": "2020-06-01", + "name": "[concat(variables('privateDnsZonePrivatelinkNameDicom'), '/@')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZonePrivatelinkNameDicom'))]" + ], + "properties": { + "ttl": 3600, + "soaRecord": { + "email": "azureprivatedns-host.microsoft.com", + "expireTime": 2419200, + "host": "azureprivatedns.net", + "minimumTtl": 10, + "refreshTime": 3600, + "retryTime": 300, + "serialNumber": 1 + } + } + } + ] +} \ No newline at end of file diff --git a/samples/fhirservice-with-privatelink/main.parameters.json b/samples/fhirservice-with-privatelink/main.parameters.json new file mode 100644 index 0000000..d1d6f1e --- /dev/null +++ b/samples/fhirservice-with-privatelink/main.parameters.json @@ -0,0 +1,18 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "prefix": { + "value": "" + }, + "virtualNetworkName":{ + "value": "" + }, + "virtualNetworkResourceGroup":{ + "value": "" + }, + "subnetName":{ + "value": "" + } + } + } \ No newline at end of file diff --git a/samples/fhirservice-with-privatelink/uiDefForm.json b/samples/fhirservice-with-privatelink/uiDefForm.json new file mode 100644 index 0000000..eeac3b9 --- /dev/null +++ b/samples/fhirservice-with-privatelink/uiDefForm.json @@ -0,0 +1,111 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#", + "handler": "Microsoft.Azure.CreateUIDef", + "version": "0.1.2-preview", + "parameters": { + "resourceTypes": [ + + "Microsoft.HealthcareApis/workspaces", + "Microsoft.HealthcareApis/services", + "Microsoft.Resources/deployments", + "Microsoft.Resources/resourceGroups" + ], + "config": { + "isWizard": true, + "basics": { + "description": "**FHIR Service in Private Network", + "subscription": { + "resourceProviders": [ + + "Microsoft.HealthcareApis", + "Microsoft.Resources" + ] + } + } + }, + "basics": [ + { + "name": "basicsConfigurationSection", + "type": "Microsoft.Common.Section", + "label": "Resource Configuration", + "elements": [ + { + "name": "prefix", + "type": "Microsoft.Common.TextBox", + "label": "Prefix for all resources.", + "defaultValue": "", + "constraints": { + "required": true, + "validations": [ + { + "regex": "^[a-z0-9A-Z]{1,6}$", + "message": "Only alphanumeric characters are allowed, and the value must be 1-6 characters long." + } + ] + }, + "visible": true + } + ], + "visible": true + } + ], + "steps": [ + { + "name": "vnetSelection", + "bladeTitle": "Configuration", + "label": "Configuration", + "elements": [ + { + "name": "vnetSection", + "type": "Microsoft.Common.Section", + "label": "", + "elements": [ + { + "name": "vnet", + "label": "Select Vitual Network", + "type": "Microsoft.Solutions.ResourceSelector", + "resourceType": "Microsoft.Network/virtualNetworks", + "constraints": { + "required": true + }, + "options": { + "filter": { + "subscription": "onBasics", + "location": "onBasics" + } + }, + "visible": true + }, + { + "name": "subnets", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('basics').resourceScope.subscription.id, '/resourceGroups/', last(take(split(steps('vnetSelection').vnetSection.vnet.id, '/'), 5)), '/providers/Microsoft.Network/virtualNetworks/', steps('vnetSelection').vnetSection.vnet.name,'/subnets?api-version=2022-01-01')]" + } + }, + { + "name": "subnetList", + "type": "Microsoft.Common.DropDown", + "label": "Select Subnet", + "filter": true, + "constraints": { + "allowedValues": "[map(steps('vnetSelection').vnetSection.subnets.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\"}')))]", + "required": true + }, + "visible": true + } + ] + } + ] + } + ], + "outputs": { + "prefix": "[basics('basicsConfigurationSection').prefix]", + "location": "[location()]", + "virtualNetworkName": "[steps('vnetSelection').vnetSection.vnet.name]", + "virtualNetworkResourceGroup": "[last(take(split(steps('vnetSelection').vnetSection.vnet.id, '/'), 5))]", + "subnetName": "[last(split(steps('vnetSelection').vnetSection.subnetList, '/'))]" + } + } +}