-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.bicep
93 lines (84 loc) · 1.68 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
targetScope = 'subscription'
param region string = 'westeurope'
resource hubrg 'Microsoft.Resources/resourceGroups@2020-06-01' = {
name: 'hub-rg'
location: region
}
resource spokerg 'Microsoft.Resources/resourceGroups@2020-06-01' = {
name: 'spoke-rg'
location: region
}
module hubVNET 'modules/vnet.bicep' = {
name: 'hub-vnet'
scope: hubrg
params: {
prefix: 'hub'
addressSpaces: [
'192.168.0.0/24'
]
subnets: [
{
name: 'AzureFirewallSubnet'
properties: {
addressPrefix: '192.168.0.0/25'
}
}
]
}
}
module spokeVNET 'modules/vnet.bicep' = {
name: 'spoke-vnet'
scope: spokerg
params: {
prefix: 'spoke'
addressSpaces: [
'192.168.1.0/24'
'10.0.0.0/23'
]
subnets: [
{
name: 'spoke-vnet'
properties: {
addressPrefix: '10.0.0.0/24'
routeTable: {
id: route.outputs.id
}
}
}
]
}
}
module Hubfwl 'modules/fwl.bicep' = {
name: 'hub-fwl'
scope: hubrg
params: {
prefix: 'hub'
hubId: hubVNET.outputs.id
}
}
module HubToSpokePeering 'modules/peering.bicep' = {
name: 'hub-to-spoke-peering'
scope: hubrg
params: {
localVnetName: hubVNET.outputs.name
remoteVnetName: 'spoke'
remoteVnetId: spokeVNET.outputs.id
}
}
module SpokeToHubPeering 'modules/peering.bicep' = {
name: 'spoke-to-hub-peering'
scope: spokerg
params: {
localVnetName: spokeVNET.outputs.name
remoteVnetName: 'hub'
remoteVnetId: hubVNET.outputs.id
}
}
module route 'modules/rot.bicep' = {
name: 'spoke-rot'
scope: spokerg
params: {
prefix: 'spoke'
azFwlIp: Hubfwl.outputs.privateIp
}
}