forked from Azure/CanadaPubSecALZ
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCanadaESLZ-main.yml
80 lines (72 loc) · 3.3 KB
/
CanadaESLZ-main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# ----------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
#
# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
# ----------------------------------------------------------------------------------
# Environment YAML files can be used to supplement
# the variables specified in 'config/variables/common.yml'. You can:
# * Override existing common-vars.yml variable value settings, and
# * Create new variable values not present in common-vars.yml
#
# The naming convention for these YAML files is:
# {organization}-{branch}.yml
#
# where {organization} is the organization variable from the
# common.yml file
# and {branch} is the Azure Repos branch name used by the
# currently executing pipeline.
variables:
deploymentRegion: canadacentral
# Management Groups
var-managementgroup-hierarchy: >
{
"name": "Tenant Root Group",
"id": "343ddfdb-bef5-46d9-99cf-ed67d5948783",
"children": [
{
"name": "Azure Landing Zones for Canadian Public Sector",
"id": "pubsec",
"children": [
{
"name": "Platform", "id": "pubsecPlatform",
"children": [
{ "name": "Identity", "id": "pubsecPlatformIdentity", "children": [] },
{ "name": "Connectivity", "id": "pubsecPlatformConnectivity", "children": [] },
{ "name": "Management", "id": "pubsecPlatformManagement", "children": [] }
]
},
{
"name": "LandingZones", "id": "pubsecLandingZones",
"children": [
{ "name": "DevTest", "id": "pubsecLandingZonesDevTest", "children": [] },
{ "name": "QA", "id": "pubsecLandingZonesQA", "children": [] },
{ "name": "Prod", "id": "pubsecLandingZonesProd", "children": [] }
]
},
{
"name": "Sandbox", "id": "pubsecSandbox",
"children": []
}
]
}
]
}
# Logging
var-logging-region: canadacentral
var-logging-managementGroupId: pubsecPlatformManagement
var-logging-subscriptionId: bc0a4f9f-07fa-4284-b1bd-fbad38578d3a
var-logging-configurationFileName: logging.parameters.json
## This parameter is only used for HIPAA/HITRUST Policy Assignment
var-logging-diagnosticSettingsforNetworkSecurityGroupsStoragePrefix: pubsecnsg
# Hub Networking
var-hubnetwork-region: canadacentral
var-hubnetwork-managementGroupId: pubsecPlatformConnectivity
var-hubnetwork-subscriptionId: ed7f4eed-9010-4227-b115-2a5e37728f27
## Hub Network configuration using Azure Firewall - required when Azure Firewall is used
var-hubnetwork-azfwPolicy-configurationFileName: hub-azfw-policy/azure-firewall-policy.parameters.json
var-hubnetwork-azfw-configurationFileName: hub-azfw/hub-network.parameters.json
## Hub Network configuration using Network Virtual Appliance (NVA) - required when Network Virtual Appliance (NVA) like Fortigate Firewalls are used
var-hubnetwork-nva-configurationFileName: hub-nva/hub-network.parameters.json