[AVM Question/Feedback]: Firewall-policy - Question regarding Rule-Collection-Groups

[gsuttie]

Check for previous/existing GitHub issues

• [x] I have checked for previous/existing GitHub issues

Description

Can someone give me an example of how to create a Rule Collection Group with example network and application rules.

I have tried a number of things and cant get this to work and now cant see the wood from the trees :)

Thanks Gregor

Example code im tryng below

module fireWallPolicyRuleCollection 'br/public:avm/res/network/firewall-policy:0.1.3' = {
  scope: resourceGroup(workloadsResourceGroupArray[0].name)
  name: 'fireWallPolicyRuleCollection'
  params: {
    name: azFirewallPolicyName
    ruleCollectionGroups: [
      {
        name: 'Gregor'
        location: location
        priority: 4000
        ruleCollections: [
          {
            ruleCollectionType: 'FirewallPolicyFilterRuleCollection'
            action: {
              type: 'Allow'
            }
            rules: [
              {
                ruleType: 'ApplicationRule'
                name: 'Ubuntu Updates'
                protocols: [
                  {
                    protocolType: 'Http'
                    port: 8080
                  }
                  {
                    protocolType: 'Https'
                    port: 443
                  }
                ]
                fqdnTags: []
                webCategories: []
                targetFqdns: [
                  '*.ubuntu.com'
                ]
                targetUrls: []
                terminateTLS: false
                sourceAddresses: [
                  '**.**.**.*/**'
                ]
                destinationAddresses: []
                sourceIpGroups: []
                httpHeadersToInsert: []
              }
            ]
            name: 'ServerUpdates'
            priority: 3000 
          }
        ]
      }
    ]
  }
  dependsOn: [
    existingAzureFirewall
  ]
}

[AlexanderSehr]

Hey @gsuttie, would've been good to open the issue as a module issue - then it would've been assigned to the module's owner @PaulJohnston88 automatically 😉 Just a tip for next time.

That said, @PaulJohnston88, it would be great if you could provide some advice :)

[gsuttie]

Ah ok sorry

I've since figured it out - the docs the zip file from the repo and the br: public repo are all different- quite a few inconsistencies I've found tbh.

[AlexanderSehr]

Ah ok sorry

I've since figured it out - the docs the zip file from the repo and the br: public repo are all different- quite a few inconsistencies I've found tbh.

Hey @gsuttie, glad to hear. Could you elaborate on the insonsistencies? It would be great to sort them out :)

[gsuttie]

Would prefer to show people on a call as they're a lot of inconsistencies I can show you :) otherwise it would be hard to explain them all.

[microsoft-github-policy-service[bot]]

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

[microsoft-github-policy-service[bot]]

[!CAUTION] This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days.

[!TIP]

• To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
• Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.