This repository contains the Azure Landing Zones (ALZ) Bicep modules that help deliver and deploy the Azure Landing Zone conceptual architecture in a modular approach. https://aka.ms/alz/docs
MIT License
749
stars
501
forks
source link
💡 Feature Request - Add zone configuration for hub network PIPs #241
Currently several public IP addresses are created for numerous services in the hub networking module, this includes:
Azure Firewall
VPN/ Expression Gateway
Azure Bastion
Currently there is a configuration for availability zones supported with Azure Firewall which also sets the zones property of the public IP address through the parAzureFirewallAvailabilityZones parameter.
For VPN/ ER gateways, to fully support availability zones a AZ SKU + a public IP across more then one zone is required for zone redundancy. If you deploy via that Azure Portal, the Zone Redundancy option includes zones 1, 2, 3.
Currently I can't see any docs specifically calling out if Azure Bastion supports availability zones and the resource configuration does not have a telling zones property so I will assume not.
The other PIPs ideally should support availability zones to align to Well-Architected Framework (WAF) recommendation for reliability when a region supports it.
Additional context
This is reported by PSRule for Azure: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.PublicIP.AvailabilityZone/
Describe the solution you'd like
Currently several public IP addresses are created for numerous services in the hub networking module, this includes:
Currently there is a configuration for availability zones supported with Azure Firewall which also sets the
zones
property of the public IP address through theparAzureFirewallAvailabilityZones
parameter.For VPN/ ER gateways, to fully support availability zones a AZ SKU + a public IP across more then one zone is required for zone redundancy. If you deploy via that Azure Portal, the Zone Redundancy option includes zones 1, 2, 3.
Currently I can't see any docs specifically calling out if Azure Bastion supports availability zones and the resource configuration does not have a telling
zones
property so I will assume not.The other PIPs ideally should support availability zones to align to Well-Architected Framework (WAF) recommendation for reliability when a region supports it.
Additional context
This is reported by PSRule for Azure: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.PublicIP.AvailabilityZone/
Related to #206