Configuration & Parameters
All configuration is done through azd env set commands. Parameters are passed to Bicep via main.parameters.json using ${ENV_VAR} substitution.
Parameter Reference
Section titled “Parameter Reference”| Parameter | azd env var | Type | Default | Description |
|---|---|---|---|---|
scenario | SCENARIO | string | baseline | Deployment scenario: baseline, firewall, vpn, full |
location | AZURE_LOCATION | string | swedencentral | Azure region: swedencentral or germanywestcentral |
environment | ENVIRONMENT | string | prod | Environment name: dev, staging, prod |
owner | OWNER | string | (required) | Owner email for tags and budget alerts |
hubVnetAddressSpace | HUB_VNET_ADDRESS_SPACE | string | 10.0.0.0/16 | Hub VNet CIDR |
spokeVnetAddressSpace | SPOKE_VNET_ADDRESS_SPACE | string | 10.1.0.0/16 | Spoke VNet CIDR |
onPremisesAddressSpace | ON_PREMISES_ADDRESS_SPACE | string | '' | On-premises CIDR (vpn/full only) |
logAnalyticsDailyCapGb | LOG_ANALYTICS_DAILY_CAP_GB | string | 0.5 | Log Analytics daily cap in GB |
budgetAmount | (Bicep default) | int | 500 | Monthly budget in USD (100–10000) |
budgetAlertEmail | (= owner) | string | = owner | Budget alert recipient |
budgetStartDate | (auto) | string | Current month | Auto-generated, cannot be customized |
Recommended Production Configuration
Section titled “Recommended Production Configuration”azd env set SCENARIO baseline # or firewall, vpn, fullazd env set OWNER "ops-team@contoso.com"azd env set AZURE_LOCATION swedencentralazd env set ENVIRONMENT prodazd env set HUB_VNET_ADDRESS_SPACE "10.0.0.0/23"azd env set SPOKE_VNET_ADDRESS_SPACE "10.0.2.0/23"azd env set LOG_ANALYTICS_DAILY_CAP_GB "0.5"azd env set MANAGEMENT_GROUP_ID smb-rfFor VPN or full scenarios, also set:
azd env set ON_PREMISES_ADDRESS_SPACE "192.168.0.0/16"CIDR Planning
Section titled “CIDR Planning”The hub and spoke VNets must not overlap with each other or with on-premises ranges. The pre-provision hook validates this automatically.
| Network | Recommended CIDR | Addresses | Purpose |
|---|---|---|---|
| Hub | 10.0.0.0/23 | 512 | Shared services, Firewall, VPN |
| Spoke | 10.0.2.0/23 | 512 | Production workloads |
| On-premises | 192.168.0.0/16 | 65,536 | Existing on-prem network (VPN only) |
Subnet Allocation (Hub)
Section titled “Subnet Allocation (Hub)”| Subnet | CIDR | Purpose |
|---|---|---|
AzureFirewallSubnet | /26 | Azure Firewall (firewall/full only) |
AzureFirewallManagementSubnet | /26 | Firewall management (Basic SKU) |
snet-management | /26 | General hub management resources |
GatewaySubnet | /27 | VPN Gateway (vpn/full only) |
Subnet Allocation (Spoke)
Section titled “Subnet Allocation (Spoke)”| Subnet | CIDR | Purpose |
|---|---|---|
snet-workload | /25 | Production workloads |
snet-data | /25 | Data tier resources |
snet-app | /25 | Application tier |
snet-private-endpoints | /26 | Private endpoints |
Hook-Only Parameters
Section titled “Hook-Only Parameters”These parameters are read by the pre-provision hook but are not passed to Bicep:
| azd env var | Purpose | Used by |
|---|---|---|
MANAGEMENT_GROUP_ID | Target management group name | Hook step 4 (MG verification) + step 5a/5b (MG deployment + policies) |
Budget Customization
Section titled “Budget Customization”The budget defaults to $500/month. To override:
# Option 1: Override via azd parameter injectionazd env set infra.parameters.budgetAmount 1000Multiple Environments
Section titled “Multiple Environments”You can maintain multiple azd environments for different scenarios or customers:
# Create environments for different scenariosazd env new customer-a-baselineazd env new customer-a-firewall
# Switch between themazd env select customer-a-baselineazd env get-values # verify current config
# Deploy the selected environmentazd upNext Steps
Section titled “Next Steps”- Management Group & Policies — understand the governance policy assignments
- Troubleshooting — common deployment issues and fixes
- Customization — extend with new modules, regions, or policies