Skip to content

feat: Merging the AVM WAF Changes from feature/avm-waf-aligned into dev #146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 139 commits into from
Jun 25, 2025
Merged

feat: Merging the AVM WAF Changes from feature/avm-waf-aligned into dev #146

merged 139 commits into from
Jun 25, 2025
+3,044 −8,508

Conversation

Abdul-Microsoft
Copy link
Contributor

Purpose

This pull request introduces significant updates to the deployment architecture and configuration, focusing on enabling Azure Well-Architected Framework (WAF)-aligned deployments, improving deployment options, and simplifying infrastructure files. The changes include new documentation, deployment parameters, and the removal of legacy infrastructure scripts.

Deployment Architecture Enhancements:

  • Added a new WAF-aligned deployment option, emphasizing security, reliability, cost optimization, and operational excellence. Detailed architecture and implementation principles are documented in docs/ArchitectureWAF.md and include private networking, managed identities, and centralized monitoring.
  • Updated the README.md to describe the sandbox and WAF-aligned deployment options, linking to relevant documentation.

Deployment Configuration Improvements:

  • Expanded the deployment guide in docs/DeploymentGuide.md to include detailed steps for selecting between sandbox and WAF-aligned configurations, with guidance on parameter customization and best practices. [1] [2]
  • Introduced a new infra/main.waf-aligned.bicepparam file for WAF-aligned deployments, with parameters for monitoring, scaling, redundancy, and private networking.

Infrastructure Simplification:

  • Removed legacy Bicep files for managed identity, Key Vault, and AI Foundry deployments (infra/deploy_managed_identity.bicep, infra/deploy_keyvault.bicep, infra/deploy_ai_foundry.bicep), consolidating functionality into streamlined deployment scripts. [1] [2] [3]
  • Updated infra/main.bicepparam to align parameter naming conventions with the new architecture.

Minor Updates:

  • Simplified the azure.yaml configuration file by removing the environment block, ensuring consistency with the updated deployment process.

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

  • ...

Other Information

Seth and others added 30 commits May 27, 2025 15:46
Infra - initial AVM update (WIP)
5d21a0f
AVM - initial bicep module updates to AVM
a2bfd27
AVM - removed modules, removed Owner assignment, moved sql role assig…
a3adf5d 
…nment to module
AVM - naming refactor, naming validation, new params, cosmos module
ada5d54
AVM - foundry module move and desc update
429805d
AVM - removed unnecessary key vault entries, ai foundry refactoring
d7dcffe
@gailzmicrosoft
initial network and nsgs
ba46485
@gailzmicrosoft
Merge branch 'feature/avm-waf-aligned' of https://github.com/microsof…
4c85fe9 
…t/Modernize-your-code-solution-accelerator into feature/avm-waf-network
AVM - waf-aligned monitoring
68d72c6
Merge branch 'feature/waf-monitoring' into feature/avm-waf-aligned
76cccd5
WAF - removed duplicate storage accounts. added flags for scaling, re…
9bb1c60 
…dundancy, and failover
WAF - cosmos redundancy and multi location
a86a7aa
@gailzmicrosoft
basic structures set up
a70e8c5
@gailzmicrosoft
basic structure
3678d90
@gailzmicrosoft
added security rules etc
fac62d8
@gailzmicrosoft
Merge branch 'feature/avm-waf-aligned' of https://github.com/microsof…
eb0e904 
…t/Modernize-your-code-solution-accelerator into feature/avm-waf-network
@gailzmicrosoft
refactored
f76c031
@gailzmicrosoft
deleted extra file
ec02679
@gailzmicrosoft
updated bastion and jumpbox
926d082
@gailzmicrosoft
nsgs vnet with subnets created
0bba112
@gailzmicrosoft
law and network created and tested
c18b734
@gailzmicrosoft
deleted network and nsg code in moduoles subfolder
05d3196
@gailzmicrosoft
Added logical seperations
45a4016
@gailzmicrosoft
Azure Bastion Host tested
e0890f8
@gailzmicrosoft
all resources created - tested
0beea81
Keyvault - removed purged protection
cdcbc4b
Merge branch 'feature/avm-waf-aligned' of https://github.com/microsof…
f3187f0 
…t/Modernize-your-code-solution-accelerator into feature/avm-waf-aligned
Infra - removed abbr json
394699f
WAF - adding private networking options per resource - moved to modules
023369f
WAF - private networking additions. other cleanup
4fa91c0
gailzmicrosoft and others added 21 commits June 23, 2025 18:30
@gailzmicrosoft
added networkAcls
1e6eb33
@gailzmicrosoft
Ai Foudry code updated and tested
56e6036
@gailzmicrosoft
set to sandbox config
3d70285
@gailzmicrosoft
comment update only
c0a7e44
@gailzmicrosoft
Documentation Change only
6d68da1
@gailzmicrosoft
added app information flow
f699898
@gailzmicrosoft
minor text update
180d0a3
@gailzmicrosoft
new waf param file
42564c0
@gailzmicrosoft
clean file
a3f40cc
@gailzmicrosoft
added header comment
55446ec
@gailzmicrosoft
Added helpful warning on redundancy
87e42b9
@gailzmicrosoft
tested code
6c2610e
@gailzmicrosoft
clean file
198a409
@gailzmicrosoft
removed project, resource lock, custom managed key.
75b61d4
@gailzmicrosoft
better format
0b322af
@gailzmicrosoft
format update
5fdc6e4
@gailzmicrosoft
added comments
9a56de3
@gailzmicrosoft
minor update on dependancy
602ff19
@Abdul-Microsoft
update parameter file name for WAF configuration
b5dd365
@Roopan-Microsoft
Merge pull request #144 from microsoft/gaiye-avm-waf
48e8a62 
feat: AI Foundy code private end point working and tested
@Abdul-Microsoft
Merge remote-tracking branch 'origin/dev' into feature/avm-waf-aligned
f78b5af
@Roopan-Microsoft Roopan-Microsoft merged commit b7fd9fb into dev Jun 25, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Roopan-Microsoft Roopan-Microsoft Roopan-Microsoft approved these changes

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

@marktayl1 marktayl1 Awaiting requested review from marktayl1 marktayl1 is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Abdul-Microsoft @Roopan-Microsoft @gailzmicrosoft