From fa0bca787232160cc89365a2a75065a9dbdf9624 Mon Sep 17 00:00:00 2001 From: Harsh-Microsoft Date: Fri, 6 Mar 2026 15:54:56 +0530 Subject: [PATCH] Update defaultAction for networkAcls for aifcu based on enablePrivateNetworking parameter --- infra/main.bicep | 2 +- infra/main.json | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index fddd01bc..7e8c88f6 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -827,7 +827,7 @@ module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.13.2' = enableTelemetry: enableTelemetry networkAcls: { bypass: 'AzureServices' - defaultAction: 'Allow' // Always allow for AI Services + defaultAction: (enablePrivateNetworking) ? 'Deny' : 'Allow' } roleAssignments: [ { diff --git a/infra/main.json b/infra/main.json index 4a195a2b..4f804d3c 100644 --- a/infra/main.json +++ b/infra/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.40.2.10011", - "templateHash": "4821257159531769907" + "templateHash": "16588330151933076270" }, "name": "Content Processing Solution Accelerator", "description": "Bicep template to deploy the Content Processing Solution Accelerator with AVM compliance." @@ -40925,9 +40925,9 @@ "dependsOn": [ "avmContainerApp", "avmManagedIdentity", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", "logAnalyticsWorkspace", "virtualNetwork" @@ -40981,7 +40981,7 @@ "networkAcls": { "value": { "bypass": "AzureServices", - "defaultAction": "Allow" + "defaultAction": "[if(parameters('enablePrivateNetworking'), 'Deny', 'Allow')]" } }, "roleAssignments": {