Azure backup DNS zone geo code fix and docs (#280)

infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep

@@ -111,14 +111,13 @@ param parPrivateDnsZones array = [
   'privatelink.cassandra.cosmos.azure.com'
   'privatelink.gremlin.cosmos.azure.com'
   'privatelink.table.cosmos.azure.com'
-  'privatelink.${parLocation}.batch.azure.com'
+  'privatelink.${toLower(parLocation)}.batch.azure.com'
   'privatelink.postgres.database.azure.com'
   'privatelink.mysql.database.azure.com'
   'privatelink.mariadb.database.azure.com'
   'privatelink.vaultcore.azure.net'
   'privatelink.managedhsm.azure.net'
-  'privatelink.${parLocation}.azmk8s.io'
-  'privatelink.${parLocation}.backup.windowsazure.com'
+  'privatelink.${toLower(parLocation)}.azmk8s.io'
   'privatelink.siterecovery.windowsazure.com'
   'privatelink.servicebus.windows.net'
   'privatelink.azure-devices.net'
@@ -584,6 +583,7 @@ module modPrivateDnsZones '../privateDnsZones/privateDnsZones.bicep' = if (parPr
     parTags: parTags
     parVirtualNetworkIdToLink: resHubVnet.id
     parPrivateDnsZones: parPrivateDnsZones
+    parTelemetryOptOut: parTelemetryOptOut
   }
 }
 

infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json

@@ -99,11 +99,14 @@
         "privatelink.cassandra.cosmos.azure.com",
         "privatelink.gremlin.cosmos.azure.com",
         "privatelink.table.cosmos.azure.com",
+        "privatelink.xxxxxx.batch.azure.com", // Replace xxxxxx with target region (i.e. eastus)
         "privatelink.postgres.database.azure.com",
         "privatelink.mysql.database.azure.com",
         "privatelink.mariadb.database.azure.com",
         "privatelink.vaultcore.azure.net",
         "privatelink.managedhsm.azure.net",
+        "privatelink.xxxxxx.azmk8s.io", // Replace xxxxxx with target region (i.e. eastus)
+        "privatelink.xxxxxx.backup.windowsazure.com", // Replace xxxxxx with target region geo code (i.e. for eastus, the geo code is eus)
         "privatelink.siterecovery.windowsazure.com",
         "privatelink.servicebus.windows.net",
         "privatelink.azure-devices.net",
@@ -131,10 +134,7 @@
         "privatelink.azurehdinsight.net",
         "privatelink.media.azure.net",
         "privatelink.his.arc.azure.com",
-        "privatelink.guestconfiguration.azure.com",
-        "privatelink.xxxxxx.azmk8s.io", // Replace xxxxxx with target region (i.e. eastus)
-        "privatelink.xxxxxx.backup.windowsazure.com", // Replace xxxxxx with target region (i.e. eastus)
-        "privatelink.xxxxxx.batch.azure.com" // Replace xxxxxx with target region (i.e. eastus),
+        "privatelink.guestconfiguration.azure.com"
       ]
     },
     "parVpnGatewayConfig": {

infra-as-code/bicep/modules/privateDnsZones/README.md

@@ -25,12 +25,21 @@ The module requires the following inputs:
 
 The following DNS Zones are region specific and will be deployed with the provided region in the `parLocation` parameter by default:
 
-- `privatelink.batch.azure.com`
-- `privatelink.azmk8s.io`
-- `privatelink.siterecovery.windowsazure.com`
+- `privatelink.xxxxxx.batch.azure.com`
+- `privatelink.xxxxxx.azmk8s.io`
 
 **Note:** The region specific zones are included in the parameters files with the region set as `xxxxxx`. For these zones to deploy properly, replace `xxxxxx` with the target region. For example: `privatelink.xxxxxx.azmk8s.io` would become `privatelink.eastus.azmk8s.io` for a deployment targeting the East US region.
 
+### Geo Code Zones
+
+The following DNS Zone use a geo code associated to the Azure Region.
+
+- `privatelink.xxx.backup.windowsazure.com`
+
+If the Azure Region entered in `parLocation` matches a lookup to the map in `varAzBackupGeoCodes` we will append Geo Codes (value) used to generate region-specific DNS zone names for Azure Backup private endpoints. then insert Azure Backup Private DNS Zone with appropriate geo code inserted alongside zones in `parPrivateDnsZones` into a new array called `varPrivateDnsZonesMerge`. If not just return `parPrivateDnsZones` as the only values in `varPrivateDnsZonesMerge`.
+
+> For more information on Azure Backup and Private Link, or geo codes, please refer to: [Create and use private endpoints for Azure Backup](https://docs.microsoft.com/azure/backup/private-endpoints#when-using-custom-dns-server-or-host-files)
+
 ### Prefixed DNS Zone
 
 The DNS Zone `privatelink.{dnsPrefix}.database.windows.net` is not deployed by default as the DNS Prefix is individual.

infra-as-code/bicep/modules/privateDnsZones/parameters/privateDnsZones.parameters.all.json

@@ -30,7 +30,7 @@
         "privatelink.vaultcore.azure.net",
         "privatelink.managedhsm.azure.net",
         "privatelink.xxxxxx.azmk8s.io", // Replace xxxxxx with target region (i.e. eastus)
-        "privatelink.xxxxxx.backup.windowsazure.com", // Replace xxxxxx with target region (i.e. eastus)
+        "privatelink.xxxxxx.backup.windowsazure.com", // Replace xxxxxx with target region geo code (i.e. for eastus, the geo code is eus)
         "privatelink.siterecovery.windowsazure.com",
         "privatelink.servicebus.windows.net",
         "privatelink.azure-devices.net",

infra-as-code/bicep/modules/privateDnsZones/parameters/privateDnsZones.parameters.min.json

@@ -27,7 +27,7 @@
         "privatelink.vaultcore.azure.net",
         "privatelink.managedhsm.azure.net",
         "privatelink.xxxxxx.azmk8s.io", // Replace xxxxxx with target region (i.e. eastus)
-        "privatelink.xxxxxx.backup.windowsazure.com", // Replace xxxxxx with target region (i.e. eastus)
+        "privatelink.xxxxxx.backup.windowsazure.com", // Replace xxxxxx with target region geo code (i.e. for eastus, the geo code is eus)
         "privatelink.siterecovery.windowsazure.com",
         "privatelink.servicebus.windows.net",
         "privatelink.azure-devices.net",

infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep

@@ -19,14 +19,13 @@ param parPrivateDnsZones array = [
   'privatelink.cassandra.cosmos.azure.com'
   'privatelink.gremlin.cosmos.azure.com'
   'privatelink.table.cosmos.azure.com'
-  'privatelink.${parLocation}.batch.azure.com'
+  'privatelink.${toLower(parLocation)}.batch.azure.com'
   'privatelink.postgres.database.azure.com'
   'privatelink.mysql.database.azure.com'
   'privatelink.mariadb.database.azure.com'
   'privatelink.vaultcore.azure.net'
   'privatelink.managedhsm.azure.net'
-  'privatelink.${parLocation}.azmk8s.io'
-  'privatelink.${parLocation}.backup.windowsazure.com'
+  'privatelink.${toLower(parLocation)}.azmk8s.io'
   'privatelink.siterecovery.windowsazure.com'
   'privatelink.servicebus.windows.net'
   'privatelink.azure-devices.net'
@@ -66,16 +65,78 @@ param parVirtualNetworkIdToLink string = ''
 @description('Set Parameter to true to Opt-out of deployment telemetry')
 param parTelemetryOptOut bool = false
 
+var varAzBackupGeoCodes = {
+  australiacentral: 'acl'
+  australiacentral2: 'acl2'
+  australiaeast: 'ae'
+  australiasoutheast: 'ase'
+  brazilsouth: 'brs'
+  centraluseuap: 'ccy'
+  canadacentral: 'cnc'
+  canadaeast: 'cne'
+  centralus: 'cus'
+  eastasia: 'ea'
+  eastus2euap: 'ecy'
+  eastus: 'eus'
+  eastus2: 'eus2'
+  francecentral: 'frc'
+  francesouth: 'frs'
+  germanynorth: 'gn'
+  germanywestcentral: 'gwc'
+  centralindia: 'inc'
+  southindia: 'ins'
+  westindia: 'inw'
+  japaneast: 'jpe'
+  japanwest: 'jpw'
+  koreacentral: 'krc'
+  koreasouth: 'krs'
+  northcentralus: 'ncus'
+  northeurope: 'ne'
+  norwayeast: 'nwe'
+  norwaywest: 'nww'
+  southafricanorth: 'san'
+  southafricawest: 'saw'
+  southcentralus: 'scus'
+  swedencentral: 'sdc'
+  swedensouth: 'sds'
+  southeastasia: 'sea'
+  switzerlandnorth: 'szn'
+  switzerlandwest: 'szw'
+  uaecentral: 'uac'
+  uaenorth: 'uan'
+  uksouth: 'uks'
+  ukwest: 'ukw'
+  westcentralus: 'wcus'
+  westeurope: 'we'
+  westus: 'wus'
+  westus2: 'wus2'
+  usdodcentral: 'udc'
+  usdodeast: 'ude'
+  usgovarizona: 'uga'
+  usgoviowa: 'ugi'
+  usgovtexas: 'ugt'
+  usgovvirginia: 'ugv'
+  chinanorth: 'bjb'
+  chinanorth2: 'bjb2'
+  chinaeast: 'sha'
+  chinaeast2: 'sha2'
+  germanycentral: 'gec'
+  germanynortheast: 'gne'
+}
+
+// If region entered in parLocation and matches a lookup to varAzBackupGeoCodes then insert Azure Backup Private DNS Zone with appropriate geo code inserted alongside zones in parPrivateDnsZones. If not just return parPrivateDnsZones
+var varPrivateDnsZonesMerge = contains(varAzBackupGeoCodes, parLocation) ? union(parPrivateDnsZones, ['privatelink.${varAzBackupGeoCodes[toLower(parLocation)]}.backup.windowsazure.com']) : parPrivateDnsZones
+
 // Customer Usage Attribution Id
 var varCuaid = '981733dd-3195-4fda-a4ee-605ab959edb6'
 
-resource resPrivateDnsZones 'Microsoft.Network/privateDnsZones@2020-06-01' = [for privateDnsZone in parPrivateDnsZones: {
+resource resPrivateDnsZones 'Microsoft.Network/privateDnsZones@2020-06-01' = [for privateDnsZone in varPrivateDnsZonesMerge: {
   name: privateDnsZone
   location: 'global'
   tags: parTags
 }]
 
-resource resVirtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = [for privateDnsZoneName in parPrivateDnsZones: if (!empty(parVirtualNetworkIdToLink)) {
+resource resVirtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = [for privateDnsZoneName in varPrivateDnsZonesMerge: if (!empty(parVirtualNetworkIdToLink)) {
   name: '${privateDnsZoneName}/${privateDnsZoneName}'
   location: 'global'
   properties: {
@@ -93,7 +154,7 @@ module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdRes
   params: {}
 }
 
-output outPrivateDnsZones array = [for i in range(0, length(parPrivateDnsZones)): {
+output outPrivateDnsZones array = [for i in range(0, length(varPrivateDnsZonesMerge)): {
   name: resPrivateDnsZones[i].name
   id: resPrivateDnsZones[i].id
 }]