nik/OMDSCloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged PR 266: Azure Notification Hubsのリソース作成

Browse Source 
## 概要
[Task2253: Azure Notification Hubsのリソース作成](https://paruru.nds-tyo.co.jp:8443/tfs/ReciproCollection/fa4924a4-d079-4fab-9fb5-a9a11eb205f0/_workitems/edit/2253)

- dev-notification-rgとstg-notification-rgのテンプレートを出力するように修正

## レビューポイント
- 特にレビューしてほしい箇所
- 軽微なものや自明なものは記載不要
- 修正範囲が大きい場合などに記載
- 全体的にや仕様を満たしているか等は本当に必要な時のみ記載

## UIの変更
- Before/Afterのスクショなど
- スクショ置き場

## 動作確認状況
- ローカルで確認、develop環境で確認など

## 補足
- 相談、参考資料などがあれば
This commit is contained in:
saito.k 2023-07-25 08:32:57 +00:00
parent 4f0e4f4a74
commit e9ab7cc10b
9 changed files with 386 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
configurations/azure/dev-application-rg.json
View File

@ -2685,14 +2685,6 @@
"name": "[concat(parameters('sites_app_odms_dictation_dev_name'), '/2023-07-09T17_01_49_6538333')]",
"type": "Microsoft.Web/sites/snapshots"
},
{
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_dev_name'))]"
],
"name": "[concat(parameters('sites_app_odms_dictation_dev_name'), '/2023-07-10T01_01_49_5751914')]",
"type": "Microsoft.Web/sites/snapshots"
},
{
"apiVersion": "2015-08-01",
"dependsOn": [
@ -2701,30 +2693,6 @@
"name": "[concat(parameters('sites_app_odms_dictation_dev_name'), '/2023-07-10T04_01_49_5006919')]",
"type": "Microsoft.Web/sites/snapshots"
},
{
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_dev_name'))]"
],
"name": "[concat(parameters('sites_app_odms_dictation_dev_name'), '/2023-07-10T07_01_49_5268512')]",
"type": "Microsoft.Web/sites/snapshots"
},
{
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_dev_name'))]"
],
"name": "[concat(parameters('sites_app_odms_dictation_dev_name'), '/2023-07-10T10_01_49_4279962')]",
"type": "Microsoft.Web/sites/snapshots"
},
{
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_dev_name'))]"
],
"name": "[concat(parameters('sites_app_odms_dictation_dev_name'), '/2023-07-10T13_01_49_3714251')]",
"type": "Microsoft.Web/sites/snapshots"
},
{
"apiVersion": "2015-08-01",
"dependsOn": [

102
configurations/azure/dev-network-rg.json
View File

@ -1467,25 +1467,6 @@
"name": "[parameters('networkSecurityGroups_nsg_odms_private_dev_name')]",
"properties": {
"securityRules": [
{
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_dev_name'), 'AllowPublicSubnetInbound')]",
"name": "AllowPublicSubnetInbound",
"properties": {
"access": "Allow",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "3306",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 1001,
"protocol": "TCP",
"sourceAddressPrefix": "10.1.2.0/24",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_dev_name'), 'bastionVMInbound')]",
"name": "bastionVMInbound",
@ -1525,8 +1506,28 @@
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_dev_name'), 'DenyTagCustomAnyInbound')]",
"name": "DenyTagCustomAnyInbound",
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_dev_name'), 'AllowDeployMigrationInbound')]",
"name": "AllowDeployMigrationInbound",
"properties": {
"access": "Allow",
"description": "deploy<6F><79><EFBFBD>̃}<7D>C<EFBFBD>O<EFBFBD><4F><EFBFBD>[<5B>V<EFBFBD><56><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "3306",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 1004,
"protocol": "TCP",
"sourceAddressPrefix": "10.0.4.4/32",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_dev_name'), 'DenyAllInbound')]",
"name": "DenyAllInbound",
"properties": {
"access": "Deny",
"destinationAddressPrefix": "*",
@ -1534,9 +1535,28 @@
"destinationPortRange": "*",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 4090,
"priority": 4096,
"protocol": "*",
"sourceAddressPrefix": "AzureLoadBalancer",
"sourceAddressPrefix": "*",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_dev_name'), 'AllowAppServiceInbound')]",
"name": "AllowAppServiceInbound",
"properties": {
"access": "Allow",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "3306",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 1001,
"protocol": "TCP",
"sourceAddressPrefix": "10.1.10.0/24",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
@ -1548,7 +1568,7 @@
"name": "AllowDeployMigrationInbound",
"properties": {
"access": "Allow",
"description": "deploy時のマイグレーションを許可",
"description": "deploy<EFBFBD><EFBFBD><EFBFBD>̃}<7D>C<EFBFBD>O<EFBFBD><4F><EFBFBD>[<5B>V<EFBFBD><56><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "3306",
@ -1582,7 +1602,7 @@
"name": "AllowCidrBlockCustomAnyInbound",
"properties": {
"access": "Allow",
"description": "10.1.0.0/24application gatewayの所属するサブネットからの受信を許可する",
"description": "10.1.0.0/24<EFBFBD>iapplication gateway<61>̏<EFBFBD><CC8F><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>T<EFBFBD>u<EFBFBD>l<EFBFBD>b<EFBFBD>g<EFBFBD>j<EFBFBD><6A><EFBFBD><EFBFBD>̎<EFBFBD>M<EFBFBD><4D><EFBFBD><EFBFBD><EFBFBD>‚<EFBFBD><C282><EFBFBD>",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "*",
@ -1911,7 +1931,7 @@
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_public_dev_name'), '/AllowCidrBlockCustomAnyInbound')]",
"properties": {
"access": "Allow",
"description": "10.1.0.0/24application gatewayの所属するサブネットからの受信を許可する",
"description": "10.1.0.0/24<EFBFBD>iapplication gateway<61>̏<EFBFBD><CC8F><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>T<EFBFBD>u<EFBFBD>l<EFBFBD>b<EFBFBD>g<EFBFBD>j<EFBFBD><6A><EFBFBD><EFBFBD>̎<EFBFBD>M<EFBFBD><4D><EFBFBD><EFBFBD><EFBFBD>‚<EFBFBD><C282><EFBFBD>",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "*",
@ -1934,7 +1954,7 @@
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_dev_name'), '/AllowDeployMigrationInbound')]",
"properties": {
"access": "Allow",
"description": "deploy時のマイグレーションを許可",
"description": "deploy<EFBFBD><EFBFBD><EFBFBD>̃}<7D>C<EFBFBD>O<EFBFBD><4F><EFBFBD>[<5B>V<EFBFBD><56><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "3306",
@ -1971,28 +1991,6 @@
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"apiVersion": "2022-11-01",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_dev_name'))]"
],
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_dev_name'), '/AllowPublicSubnetInbound')]",
"properties": {
"access": "Allow",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "3306",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 1001,
"protocol": "TCP",
"sourceAddressPrefix": "10.1.2.0/24",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"apiVersion": "2022-11-01",
"dependsOn": [
@ -2020,7 +2018,7 @@
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_dev_name'))]"
],
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_dev_name'), '/DenyTagCustomAnyInbound')]",
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_dev_name'), '/DenyAllInbound')]",
"properties": {
"access": "Deny",
"destinationAddressPrefix": "*",
@ -2028,9 +2026,9 @@
"destinationPortRange": "*",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 4090,
"priority": 4096,
"protocol": "*",
"sourceAddressPrefix": "AzureLoadBalancer",
"sourceAddressPrefix": "*",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []

95
configurations/azure/dev-notification-rg.json Normal file
View File

@ -0,0 +1,95 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"namespaces_ntfns_odms_dev_name": {
"type": "String"
}
},
"resources": [
{
"apiVersion": "2017-04-01",
"location": "Japan East",
"name": "[parameters('namespaces_ntfns_odms_dev_name')]",
"properties": {
"createdAt": "2023-07-24T01:26:14.6870000Z",
"critical": false,
"enabled": true,
"provisioningState": "Succeeded",
"serviceBusEndpoint": "[concat('https://', parameters('namespaces_ntfns_odms_dev_name'), '.servicebus.windows.net:443/')]",
"status": "Active",
"updatedAt": "2023-07-24T01:26:14.7370000Z"
},
"sku": {
"name": "Free"
},
"type": "Microsoft.NotificationHubs/namespaces"
},
{
"apiVersion": "2017-04-01",
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_dev_name'))]"
],
"location": "Japan East",
"name": "[concat(parameters('namespaces_ntfns_odms_dev_name'), '/RootManageSharedAccessKey')]",
"properties": {
"rights": [
"Manage",
"Listen",
"Send"
]
},
"type": "Microsoft.NotificationHubs/namespaces/AuthorizationRules"
},
{
"apiVersion": "2017-04-01",
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_dev_name'))]"
],
"location": "Japan East",
"name": "[concat(parameters('namespaces_ntfns_odms_dev_name'), '/ntf-odms-dev')]",
"properties": {
"authorizationRules": [],
"registrationTtl": "10675199.02:48:05.4775807"
},
"tags": {
"Project": "OMDS",
"environment": "develop"
},
"type": "Microsoft.NotificationHubs/namespaces/NotificationHubs"
},
{
"apiVersion": "2017-04-01",
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces/NotificationHubs', parameters('namespaces_ntfns_odms_dev_name'), 'ntf-odms-dev')]",
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_dev_name'))]"
],
"location": "Japan East",
"name": "[concat(parameters('namespaces_ntfns_odms_dev_name'), '/ntf-odms-dev/DefaultFullSharedAccessSignature')]",
"properties": {
"rights": [
"Manage",
"Listen",
"Send"
]
},
"type": "Microsoft.NotificationHubs/namespaces/NotificationHubs/AuthorizationRules"
},
{
"apiVersion": "2017-04-01",
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces/NotificationHubs', parameters('namespaces_ntfns_odms_dev_name'), 'ntf-odms-dev')]",
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_dev_name'))]"
],
"location": "Japan East",
"name": "[concat(parameters('namespaces_ntfns_odms_dev_name'), '/ntf-odms-dev/DefaultListenSharedAccessSignature')]",
"properties": {
"rights": [
"Listen"
]
},
"type": "Microsoft.NotificationHubs/namespaces/NotificationHubs/AuthorizationRules"
}
],
"variables": {}
}

32
configurations/azure/maintenance-rg.json
View File

@ -376,7 +376,7 @@
"direction": "Inbound",
"priority": 130,
"protocol": "TCP",
"sourceAddressPrefix": "175.177.42.29",
"sourceAddressPrefix": "175.177.42.28",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
@ -661,7 +661,7 @@
"name": "DenyCidrBlockCustom4443Outbound",
"properties": {
"access": "Deny",
"description": "staging踏み台からdev環境へのアクセスを禁止",
"description": "staging<EFBFBD><EFBFBD><EFBFBD>ݑ䂩<EFBFBD><EFBFBD>dev<EFBFBD>‹<EFBFBD><EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD>֎~",
"destinationAddressPrefix": "10.1.0.10",
"destinationAddressPrefixes": [],
"destinationPortRange": "4443",
@ -681,7 +681,7 @@
"name": "DenyCidrBlockCustom4443Outbound_DevToStg",
"properties": {
"access": "Deny",
"description": "dev踏み台からstaging環境へのアクセスを禁止",
"description": "dev<EFBFBD><EFBFBD><EFBFBD>ݑ䂩<EFBFBD><EFBFBD>staging<EFBFBD>‹<EFBFBD><EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD>֎~",
"destinationAddressPrefix": "10.2.0.10",
"destinationAddressPrefixes": [],
"destinationPortRange": "4443",
@ -701,7 +701,7 @@
"name": "AllowDevAppOutbound",
"properties": {
"access": "Allow",
"description": "Dev踏み台からDev環境へのアクセスを許可",
"description": "Dev<EFBFBD><EFBFBD><EFBFBD>ݑ䂩<EFBFBD><EFBFBD>Dev<EFBFBD>‹<EFBFBD><EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "10.1.0.10",
"destinationAddressPrefixes": [],
"destinationPortRange": "4443",
@ -721,7 +721,7 @@
"name": "AllowStgAppOutbound",
"properties": {
"access": "Allow",
"description": "STG踏み台からSTG環境へのアクセスを許可",
"description": "STG<EFBFBD><EFBFBD><EFBFBD>ݑ䂩<EFBFBD><EFBFBD>STG<EFBFBD>‹<EFBFBD><EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "10.2.0.10",
"destinationAddressPrefixes": [],
"destinationPortRange": "4443",
@ -798,7 +798,7 @@
"name": "AllowStorageAccountEastUSOutbound",
"properties": {
"access": "Allow",
"description": "US用のStorageAccountへのアクセスを許可する",
"description": "US<EFBFBD>p<EFBFBD><EFBFBD>StorageAccount<EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>‚<EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "Storage.EastUS",
"destinationAddressPrefixes": [],
"destinationPortRange": "443",
@ -818,7 +818,7 @@
"name": "AllowStorageAccountNorthEuropeOutbound",
"properties": {
"access": "Allow",
"description": "EU用のStorageAccountへのアクセスを許可する",
"description": "EU<EFBFBD>p<EFBFBD><EFBFBD>StorageAccount<EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>‚<EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "Storage.NorthEurope",
"destinationAddressPrefixes": [],
"destinationPortRange": "443",
@ -838,7 +838,7 @@
"name": "AllowStorageAccountAustraliaEastOutbound",
"properties": {
"access": "Allow",
"description": "AU用のStorageAccountへのアクセスを許可する",
"description": "AU<EFBFBD>p<EFBFBD><EFBFBD>StorageAccount<EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>‚<EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "Storage.AustraliaEast",
"destinationAddressPrefixes": [],
"destinationPortRange": "443",
@ -1817,7 +1817,7 @@
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/AllowDevAppOutbound')]",
"properties": {
"access": "Allow",
"description": "Dev踏み台からDev環境へのアクセスを許可",
"description": "Dev<EFBFBD><EFBFBD><EFBFBD>ݑ䂩<EFBFBD><EFBFBD>Dev<EFBFBD>‹<EFBFBD><EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "10.1.0.10",
"destinationAddressPrefixes": [],
"destinationPortRange": "4443",
@ -2047,7 +2047,7 @@
"direction": "Inbound",
"priority": 130,
"protocol": "TCP",
"sourceAddressPrefix": "175.177.42.29",
"sourceAddressPrefix": "175.177.42.28",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
@ -2130,7 +2130,7 @@
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/AllowStgAppOutbound')]",
"properties": {
"access": "Allow",
"description": "STG踏み台からSTG環境へのアクセスを許可",
"description": "STG<EFBFBD><EFBFBD><EFBFBD>ݑ䂩<EFBFBD><EFBFBD>STG<EFBFBD>‹<EFBFBD><EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "10.2.0.10",
"destinationAddressPrefixes": [],
"destinationPortRange": "4443",
@ -2175,7 +2175,7 @@
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/AllowStorageAccountAustraliaEastOutbound')]",
"properties": {
"access": "Allow",
"description": "AU用のStorageAccountへのアクセスを許可する",
"description": "AU<EFBFBD>p<EFBFBD><EFBFBD>StorageAccount<EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>‚<EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "Storage.AustraliaEast",
"destinationAddressPrefixes": [],
"destinationPortRange": "443",
@ -2198,7 +2198,7 @@
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/AllowStorageAccountEastUSOutbound')]",
"properties": {
"access": "Allow",
"description": "US用のStorageAccountへのアクセスを許可する",
"description": "US<EFBFBD>p<EFBFBD><EFBFBD>StorageAccount<EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>‚<EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "Storage.EastUS",
"destinationAddressPrefixes": [],
"destinationPortRange": "443",
@ -2221,7 +2221,7 @@
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/AllowStorageAccountNorthEuropeOutbound')]",
"properties": {
"access": "Allow",
"description": "EU用のStorageAccountへのアクセスを許可する",
"description": "EU<EFBFBD>p<EFBFBD><EFBFBD>StorageAccount<EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>‚<EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "Storage.NorthEurope",
"destinationAddressPrefixes": [],
"destinationPortRange": "443",
@ -2354,7 +2354,7 @@
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/DenyCidrBlockCustom4443Outbound')]",
"properties": {
"access": "Deny",
"description": "staging踏み台からdev環境へのアクセスを禁止",
"description": "staging<EFBFBD><EFBFBD><EFBFBD>ݑ䂩<EFBFBD><EFBFBD>dev<EFBFBD>‹<EFBFBD><EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD>֎~",
"destinationAddressPrefix": "10.1.0.10",
"destinationAddressPrefixes": [],
"destinationPortRange": "4443",
@ -2377,7 +2377,7 @@
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/DenyCidrBlockCustom4443Outbound_DevToStg')]",
"properties": {
"access": "Deny",
"description": "dev踏み台からstaging環境へのアクセスを禁止",
"description": "dev<EFBFBD><EFBFBD><EFBFBD>ݑ䂩<EFBFBD><EFBFBD>staging<EFBFBD>‹<EFBFBD><EFBFBD>ւ̃A<EFBFBD>N<EFBFBD>Z<EFBFBD>X<EFBFBD><EFBFBD><EFBFBD>֎~",
"destinationAddressPrefix": "10.2.0.10",
"destinationAddressPrefixes": [],
"destinationPortRange": "4443",

32
configurations/azure/stg-application-rg.json
View File

@ -1970,14 +1970,6 @@
"name": "[concat(parameters('sites_app_odms_dictation_stg_name'), '/2023-07-09T17_01_49_6538333')]",
"type": "Microsoft.Web/sites/snapshots"
},
{
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_stg_name'))]"
],
"name": "[concat(parameters('sites_app_odms_dictation_stg_name'), '/2023-07-10T01_01_49_5751914')]",
"type": "Microsoft.Web/sites/snapshots"
},
{
"apiVersion": "2015-08-01",
"dependsOn": [
@ -1986,30 +1978,6 @@
"name": "[concat(parameters('sites_app_odms_dictation_stg_name'), '/2023-07-10T04_01_49_5006919')]",
"type": "Microsoft.Web/sites/snapshots"
},
{
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_stg_name'))]"
],
"name": "[concat(parameters('sites_app_odms_dictation_stg_name'), '/2023-07-10T07_01_49_5268512')]",
"type": "Microsoft.Web/sites/snapshots"
},
{
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_stg_name'))]"
],
"name": "[concat(parameters('sites_app_odms_dictation_stg_name'), '/2023-07-10T10_01_49_4279962')]",
"type": "Microsoft.Web/sites/snapshots"
},
{
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_stg_name'))]"
],
"name": "[concat(parameters('sites_app_odms_dictation_stg_name'), '/2023-07-10T13_01_49_3714251')]",
"type": "Microsoft.Web/sites/snapshots"
},
{
"apiVersion": "2015-08-01",
"dependsOn": [

181
configurations/azure/stg-network-rg.json
View File

@ -672,7 +672,7 @@
"name": "AllowCidrBlockHTTPSInboundOMDSSC01",
"properties": {
"access": "Allow",
"description": "Subcontractor:委託先",
"description": "Subcontractor<EFBFBD>F<EFBFBD>ϑ<EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "443",
@ -834,25 +834,6 @@
"name": "[parameters('networkSecurityGroups_nsg_odms_private_stg_name')]",
"properties": {
"securityRules": [
{
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'AllowPublicSubnetInbound')]",
"name": "AllowPublicSubnetInbound",
"properties": {
"access": "Allow",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "3306",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 1001,
"protocol": "TCP",
"sourceAddressPrefix": "10.2.2.0/24",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'bastionVMInbound')]",
"name": "bastionVMInbound",
@ -891,25 +872,6 @@
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'DenyTagCustomAnyInbound')]",
"name": "DenyTagCustomAnyInbound",
"properties": {
"access": "Deny",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "*",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 4090,
"protocol": "*",
"sourceAddressPrefix": "AzureLoadBalancer",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'bastionStagingVMInbound')]",
"name": "bastionStagingVMInbound",
@ -928,6 +890,63 @@
"sourcePortRanges": []
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'AllowAppServiceInbound')]",
"name": "AllowAppServiceInbound",
"properties": {
"access": "Allow",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "3306",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 1001,
"protocol": "TCP",
"sourceAddressPrefix": "10.2.4.0/24",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'DenyAllInbound')]",
"name": "DenyAllInbound",
"properties": {
"access": "Deny",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "*",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 4096,
"protocol": "*",
"sourceAddressPrefix": "*",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'AllowDeployMigrationInbound')]",
"name": "AllowDeployMigrationInbound",
"properties": {
"access": "Allow",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "3306",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 1005,
"protocol": "TCP",
"sourceAddressPrefix": "10.0.4.4/32",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
}
]
},
@ -948,7 +967,7 @@
"name": "AllowCidrBlockCustomAnyInbound",
"properties": {
"access": "Allow",
"description": "10.1.0.0/24application gatewayの所属するサブネットからの受信を許可する",
"description": "10.1.0.0/24<EFBFBD>iapplication gateway<61>̏<EFBFBD><CC8F><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>T<EFBFBD>u<EFBFBD>l<EFBFBD>b<EFBFBD>g<EFBFBD>j<EFBFBD><6A><EFBFBD><EFBFBD>̎<EFBFBD>M<EFBFBD><4D><EFBFBD><EFBFBD><EFBFBD>‚<EFBFBD><C282><EFBFBD>",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "*",
@ -1249,6 +1268,28 @@
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"apiVersion": "2022-11-01",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_stg_name'))]"
],
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/AllowAppServiceInbound')]",
"properties": {
"access": "Allow",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "3306",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 1001,
"protocol": "TCP",
"sourceAddressPrefix": "10.2.4.0/24",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"apiVersion": "2022-11-01",
"dependsOn": [
@ -1257,7 +1298,7 @@
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_public_stg_name'), '/AllowCidrBlockCustomAnyInbound')]",
"properties": {
"access": "Allow",
"description": "10.1.0.0/24application gatewayの所属するサブネットからの受信を許可する",
"description": "10.1.0.0/24<EFBFBD>iapplication gateway<61>̏<EFBFBD><CC8F><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>T<EFBFBD>u<EFBFBD>l<EFBFBD>b<EFBFBD>g<EFBFBD>j<EFBFBD><6A><EFBFBD><EFBFBD>̎<EFBFBD>M<EFBFBD><4D><EFBFBD><EFBFBD><EFBFBD>‚<EFBFBD><C282><EFBFBD>",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "*",
@ -1434,7 +1475,7 @@
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_gateway_stg_name'), '/AllowCidrBlockHTTPSInboundOMDSSC01')]",
"properties": {
"access": "Allow",
"description": "Subcontractor:委託先",
"description": "Subcontractor<EFBFBD>F<EFBFBD>ϑ<EFBFBD><EFBFBD><EFBFBD>",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "443",
@ -1652,7 +1693,7 @@
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_stg_name'))]"
],
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/AllowPipelineInbound')]",
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/AllowDeployMigrationInbound')]",
"properties": {
"access": "Allow",
"destinationAddressPrefix": "*",
@ -1660,9 +1701,9 @@
"destinationPortRange": "3306",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 1002,
"priority": 1005,
"protocol": "TCP",
"sourceAddressPrefix": "10.0.3.4/32",
"sourceAddressPrefix": "10.0.4.4/32",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
@ -1674,7 +1715,7 @@
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_stg_name'))]"
],
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/AllowPublicSubnetInbound')]",
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/AllowPipelineInbound')]",
"properties": {
"access": "Allow",
"destinationAddressPrefix": "*",
@ -1682,9 +1723,9 @@
"destinationPortRange": "3306",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 1001,
"priority": 1002,
"protocol": "TCP",
"sourceAddressPrefix": "10.2.2.0/24",
"sourceAddressPrefix": "10.0.3.4/32",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
@ -1757,6 +1798,28 @@
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"apiVersion": "2022-11-01",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_stg_name'))]"
],
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/DenyAllInbound')]",
"properties": {
"access": "Deny",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "*",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 4096,
"protocol": "*",
"sourceAddressPrefix": "*",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"apiVersion": "2022-11-01",
"dependsOn": [
@ -1779,28 +1842,6 @@
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"apiVersion": "2022-11-01",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_stg_name'))]"
],
"name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/DenyTagCustomAnyInbound')]",
"properties": {
"access": "Deny",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "*",
"destinationPortRanges": [],
"direction": "Inbound",
"priority": 4090,
"protocol": "*",
"sourceAddressPrefix": "AzureLoadBalancer",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
},
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"apiVersion": "2018-09-01",
"dependsOn": [

95
configurations/azure/stg-notification-rg.json Normal file
View File

@ -0,0 +1,95 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"namespaces_ntfns_odms_stg_name": {
"type": "String"
}
},
"resources": [
{
"apiVersion": "2017-04-01",
"location": "Japan East",
"name": "[parameters('namespaces_ntfns_odms_stg_name')]",
"properties": {
"createdAt": "2023-07-25T01:57:35.5400000Z",
"critical": false,
"enabled": true,
"provisioningState": "Succeeded",
"serviceBusEndpoint": "[concat('https://', parameters('namespaces_ntfns_odms_stg_name'), '.servicebus.windows.net:443/')]",
"status": "Active",
"updatedAt": "2023-07-25T01:57:35.5970000Z"
},
"sku": {
"name": "Free"
},
"type": "Microsoft.NotificationHubs/namespaces"
},
{
"apiVersion": "2017-04-01",
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_stg_name'))]"
],
"location": "Japan East",
"name": "[concat(parameters('namespaces_ntfns_odms_stg_name'), '/RootManageSharedAccessKey')]",
"properties": {
"rights": [
"Manage",
"Listen",
"Send"
]
},
"type": "Microsoft.NotificationHubs/namespaces/AuthorizationRules"
},
{
"apiVersion": "2017-04-01",
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_stg_name'))]"
],
"location": "Japan East",
"name": "[concat(parameters('namespaces_ntfns_odms_stg_name'), '/ntf-odms-stg')]",
"properties": {
"authorizationRules": [],
"registrationTtl": "10675199.02:48:05.4775807"
},
"tags": {
"Project": "OMDS",
"environment": "staging"
},
"type": "Microsoft.NotificationHubs/namespaces/NotificationHubs"
},
{
"apiVersion": "2017-04-01",
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces/NotificationHubs', parameters('namespaces_ntfns_odms_stg_name'), 'ntf-odms-stg')]",
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_stg_name'))]"
],
"location": "Japan East",
"name": "[concat(parameters('namespaces_ntfns_odms_stg_name'), '/ntf-odms-stg/DefaultFullSharedAccessSignature')]",
"properties": {
"rights": [
"Manage",
"Listen",
"Send"
]
},
"type": "Microsoft.NotificationHubs/namespaces/NotificationHubs/AuthorizationRules"
},
{
"apiVersion": "2017-04-01",
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces/NotificationHubs', parameters('namespaces_ntfns_odms_stg_name'), 'ntf-odms-stg')]",
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_stg_name'))]"
],
"location": "Japan East",
"name": "[concat(parameters('namespaces_ntfns_odms_stg_name'), '/ntf-odms-stg/DefaultListenSharedAccessSignature')]",
"properties": {
"rights": [
"Listen"
]
},
"type": "Microsoft.NotificationHubs/namespaces/NotificationHubs/AuthorizationRules"
}
],
"variables": {}
}

17
configurations/azure/stg-storage-rg.json
View File

@ -612,6 +612,23 @@
},
"type": "Microsoft.Storage/storageAccounts/blobServices/containers"
},
{
"apiVersion": "2022-09-01",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/blobServices', parameters('storageAccounts_saodmsusstg_name'), 'default')]",
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccounts_saodmsusstg_name'))]"
],
"name": "[concat(parameters('storageAccounts_saodmsusstg_name'), '/default/account-21')]",
"properties": {
"defaultEncryptionScope": "$account-encryption-key",
"denyEncryptionScopeOverride": false,
"immutableStorageWithVersioning": {
"enabled": false
},
"publicAccess": "None"
},
"type": "Microsoft.Storage/storageAccounts/blobServices/containers"
},
{
"apiVersion": "2022-09-01",
"dependsOn": [

2
update-azure-resource.bat
View File

@ -4,11 +4,13 @@ az group export --name dev-application-rg --output json > configurations/azure/d
az group export --name dev-database-rg --output json > configurations/azure/dev-database-rg.json && ^
az group export --name dev-network-rg --output json > configurations/azure/dev-network-rg.json && ^
az group export --name dev-storage-rg --output json > configurations/azure/dev-storage-rg.json && ^
az group export --name dev-notification-rg --output json > configurations/azure/dev-notification-rg.json && ^
az group export --name stg-azureADB2C-rg --output json > configurations/azure/stg-azureADB2C-rg.json && ^
az group export --name stg-application-rg --output json > configurations/azure/stg-application-rg.json && ^
az group export --name stg-database-rg --output json > configurations/azure/stg-database-rg.json && ^
az group export --name stg-network-rg --output json > configurations/azure/stg-network-rg.json && ^
az group export --name stg-storage-rg --output json > configurations/azure/stg-storage-rg.json && ^
az group export --name stg-notification-rg --output json > configurations/azure/stg-notification-rg.json && ^
az group export --name maintenance-rg --output json > configurations/azure/maintenance-rg.json && ^
az group export --name shared-sendGrid-rg --output json > configurations/azure/shared-sendGrid-rg.json && ^
az group export --name shared-template-rg --output json > configurations/azure/shared-template-rg.json