-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathtemplate.json
190 lines (190 loc) · 9.25 KB
/
template.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"additional_tags": {
"type": "string",
"defaultValue": "{}",
"metadata": {
"description": "Option Tags to apply on the resources in addition to it's Resource group tags, sample {\"env\":\"prd\"}"
}
},
"existingVirtualNetworkResourceGroupName": {
"type": "string",
"metadata": {
"description": "Resource Group of the Virtual Network Private Endpoint Ip Address. Leave it to null if it's the same that the Private Endpoint."
},
"defaultValue": "null"
},
"existingVirtualNetworkName": {
"type": "string",
"metadata": {
"description": "Virtual Network name of the Private Endpoint Ip Address."
}
},
"existingVirtualNetworkSubnetName": {
"type": "string",
"metadata": {
"description": "Virtual Network Subnet of the Private Endpoint Ip Address."
}
},
"existingResourceSubscriptionId": {
"type": "string",
"metadata": {
"description": "Subscription Id of the Resource that will be linked to the Private Endpoint. Leave it to null if it's the same that the Private Endpoint."
},
"defaultValue": "null"
},
"existingResourceResourceGroupName": {
"type": "string",
"metadata": {
"description": "Resource Group of the Resource that will be linked to the Private Endpoint. Leave it to null if it's the same that the Private Endpoint."
},
"defaultValue": "null"
},
"existingResourceName": {
"type": "string",
"metadata": {
"description": "Resource name of the Resource that will be linked to the Private Endpoint."
}
},
"existingResourceType": {
"type": "string",
"metadata": {
"description": "Resource Type including resource provider namespace of the Resource that will be linked to the Private Endpoint."
}
},
"resourcePrivateEndpointIteration": {
"type": "string",
"metadata": {
"description": "Iteration of the resource's private endpoint, a resource can have several private endpoints. Leave it 1 if it's the first Private Endpoint of the resource."
},
"defaultValue": "1"
},
"groupIds": {
"type": "array",
"metadata": {
"description": "The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to. - string"
}
},
"privateDnsZoneName": {
"type": "string",
"metadata": {
"description": "Specifies the Name of the Private DNS Zone Group."
},
"defaultValue": "null"
},
"privateDnsZoneSubscriptionId": {
"type": "string",
"metadata": {
"description": "Specifies the Subscription Id of the Private DNS Zone Group. Don't provide it if the DNS zone is located in the same subscription than the private endpoint."
},
"defaultValue": "null"
},
"privateDnsZoneResourceGroupName": {
"type": "string",
"metadata": {
"description": "Specifies the Resource of the Private DNS Zone Group. Don't provide it if the DNS zone is located in the same subscription than the private endpoint."
},
"defaultValue": "null"
}
},
"variables": {
"additional_tags": "[base64ToJson(base64(parameters('additional_tags')))]",
"privateDns": "[if(equals(parameters('privateDnsZoneName'), 'null'), bool('false'), bool('true'))]"
},
"resources": [
{
"comments": "Create the Private Endpoint in the Resource Group used for the Deployment and link it to a resource in the Subscription and Resource Group of you choice. Note 1: The Private Endpoint should be in the same region and subscription of its Virtual Network. Note 2: The Private Endpoint could be in a different resource group than its Virtual Network. Note 3: Only one group Id per Private Endpoint is permitted when connecting to a third-party resource.",
"name": "[concat(parameters('existingResourceName'),'-pe',parameters('resourcePrivateEndpointIteration'))]",
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-04-01",
"location": "[resourceGroup().location]",
"tags": "[union(variables('additional_tags'),resourceGroup().tags)]",
"properties": {
"subnet": {
"id": "[concat(main.getResource('Microsoft.Network/virtualNetworks','null', parameters('existingVirtualNetworkResourceGroupName'),parameters('existingVirtualNetworkName')).id, '/subnets/',parameters('existingVirtualNetworkSubnetName'))]"
},
"privateLinkServiceConnections": [
{
"properties": {
"privateLinkServiceId": "[main.getResource(parameters('existingResourceType'),parameters('existingResourceSubscriptionId'), parameters('existingResourceResourceGroupName'),parameters('existingResourceName')).id]",
"groupIds": "[parameters('groupIds')]",
"privateLinkServiceConnectionState": {
"description": "Auto-Approved",
"actionsRequired": "None"
}
},
"name": "[concat(parameters('existingResourceName'),'-pe',parameters('resourcePrivateEndpointIteration'))]"
}
],
"manualPrivateLinkServiceConnections": "[json('null')]"
},
"resources": [
{
"comments": "Create the DNS record in an Azure Private DNS Zone.",
"condition": "[variables('privateDns')]",
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-04-01",
"name": "[concat(parameters('existingResourceName'),'-pe',parameters('resourcePrivateEndpointIteration'),'/',parameters('privateDnsZoneName'))]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', concat(parameters('existingResourceName'),'-pe',parameters('resourcePrivateEndpointIteration')))]"
],
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[parameters('privateDnsZoneName')]",
"properties": {
"privateDnsZoneId": "[main.getResource('Microsoft.Network/privateDnsZones',parameters('privateDnsZoneSubscriptionId'), parameters('privateDnsZoneResourceGroupName'),parameters('privateDnsZoneName')).id]"
}
}
]
}
}
]
}
],
"outputs": {
"networkInterfaceId": {
"type": "string",
"value": "[reference(resourceId('Microsoft.Network/privateEndpoints', concat(parameters('existingResourceName'),'-pe',parameters('resourcePrivateEndpointIteration')))).networkInterfaces[0].id]"
},
"privateLinkServiceName": {
"type": "string",
"value": "[parameters('existingResourceName')]"
}
},
"functions": [
{
"namespace": "main",
"members": {
"getResource": {
"parameters": [
{
"name": "resourceType",
"type": "string"
},
{
"name": "otherSubscriptionId",
"type": "string"
},
{
"name": "otherResourceGroup",
"type": "string"
},
{
"name": "resourceName",
"type": "string"
}
],
"output": {
"type": "object",
"value": {
"id": "[if(equals(parameters('otherSubscriptionId'), 'null'),if(equals(parameters('otherResourceGroup'), 'null'),resourceId(parameters('resourceType'), parameters('resourceName')),resourceId(parameters('otherResourceGroup'), parameters('resourceType'), parameters('resourceName'))),resourceId(parameters('otherSubscriptionId'), parameters('otherResourceGroup'), parameters('resourceType'), parameters('resourceName')))]"
}
}
}
}
}
]
}