From 328a18bda984302b73d610e16ebd89d19c19e141 Mon Sep 17 00:00:00 2001
From: Eskil Uhlving Larsen <7443949+picccard@users.noreply.github.com>
Date: Mon, 13 Nov 2023 05:51:02 +0100
Subject: [PATCH] Automation account public network access option (#677)

* add parameter parAutomationAccountPublicNetworkAccess

* update parameters.all.json

* update mc parameters.all.json

* doc new param parAutomationAccountPublicNetworkAccess

---------

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>
---
 .../modules/logging/generateddocs/logging.bicep.md   | 12 ++++++++++++
 infra-as-code/bicep/modules/logging/logging.bicep    | 10 +++++++---
 .../logging/parameters/logging.parameters.all.json   |  3 +++
 .../parameters/mc-logging.parameters.all.json        |  3 +++
 4 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md
index 3f6feefdf..b5b191506 100644
--- a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md
+++ b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md
@@ -16,6 +16,7 @@ parLogAnalyticsWorkspaceLinkAutomationAccount | No       | Log Analytics Workspa
 parAutomationAccountName | No       | Automation account name.
 parAutomationAccountLocation | No       | Automation Account region name. - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings.
 parAutomationAccountUseManagedIdentity | No       | Automation Account - use managed identity.
+parAutomationAccountPublicNetworkAccess | No       | Automation Account - Public network access.
 parTags        | No       | Tags you would like to be applied to all resources in this module.
 parAutomationAccountTags | No       | Tags you would like to be applied to Automation Account.
 parLogAnalyticsWorkspaceTags | No       | Tags you would like to be applied to Log Analytics Workspace.
@@ -108,6 +109,14 @@ Automation Account - use managed identity.
 
 - Default value: `True`
 
+### parAutomationAccountPublicNetworkAccess
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Automation Account - Public network access.
+
+- Default value: `True`
+
 ### parTags
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -210,6 +219,9 @@ outAutomationAccountId | string |
         "parAutomationAccountUseManagedIdentity": {
             "value": true
         },
+        "parAutomationAccountPublicNetworkAccess": {
+            "value": true
+        },
         "parTags": {
             "value": {}
         },
diff --git a/infra-as-code/bicep/modules/logging/logging.bicep b/infra-as-code/bicep/modules/logging/logging.bicep
index 917162145..4276c34ca 100644
--- a/infra-as-code/bicep/modules/logging/logging.bicep
+++ b/infra-as-code/bicep/modules/logging/logging.bicep
@@ -77,6 +77,9 @@ param parAutomationAccountLocation string = resourceGroup().location
 @sys.description('Automation Account - use managed identity.')
 param parAutomationAccountUseManagedIdentity bool = true
 
+@sys.description('Automation Account - Public network access.')
+param parAutomationAccountPublicNetworkAccess bool = true
+
 @sys.description('Tags you would like to be applied to all resources in this module.')
 param parTags object = {}
 
@@ -103,12 +106,13 @@ resource resAutomationAccount 'Microsoft.Automation/automationAccounts@2022-08-0
     type: 'SystemAssigned'
   } : null
   properties: {
-    sku: {
-      name: 'Basic'
-    }
     encryption: {
       keySource: 'Microsoft.Automation'
     }
+    publicNetworkAccess: parAutomationAccountPublicNetworkAccess
+    sku: {
+      name: 'Basic'
+    }
   }
 }
 
diff --git a/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json b/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json
index 51abbf1c0..dd231d25c 100644
--- a/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json
+++ b/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json
@@ -43,6 +43,9 @@
     "parAutomationAccountUseManagedIdentity": {
       "value": true
     },
+    "parAutomationAccountPublicNetworkAccess": {
+      "value": true
+    },
     "parTags": {
       "value": {
         "Environment": "Live"
diff --git a/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json b/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json
index 5881fbcd0..d1c692f1a 100644
--- a/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json
+++ b/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json
@@ -40,6 +40,9 @@
     "parAutomationAccountUseManagedIdentity": {
       "value": true
     },
+    "parAutomationAccountPublicNetworkAccess": {
+      "value": true
+    },
     "parTags": {
       "value": {
         "Environment": "Live"