Created
April 5, 2024 19:22
-
-
Save JanVidarElven/11560f80895f577e4c4027faed95cc5a to your computer and use it in GitHub Desktop.
Deploy or Destroy Copilot for Security Capacity with Bicep and DevOps Pipelines
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CD-$(rev:r)-Deploy-Security-Copilot-$(Date:dd.MM.yyyy) # build numbering format | |
trigger: none | |
schedules: | |
- cron: "0 7 * * 1-5" | |
displayName: Morning weekdays | |
branches: | |
include: | |
- main | |
always: true | |
parameters: | |
- name: azureServiceConnection | |
default: serviceconn-<your-wif-connection> | |
- name: azureSubscriptionTarget | |
default: '<your-sub-name-or-id' | |
- name: deploySecureCapacityUnit | |
type: boolean | |
default: true | |
pool: | |
vmImage: windows-latest | |
variables: | |
- name: deploymentDefaultLocation | |
value: westeurope | |
- name: deploymentBicepTemplate | |
value: .\SecurityCopilot-Bicep\main.bicep | |
jobs: | |
- job: | |
steps: | |
- task: AzureCLI@2 | |
displayName: 'Deploy Security Copilot Compute Unit' | |
inputs: | |
azureSubscription: '${{ parameters.azureServiceConnection }}' | |
scriptType: pscore | |
scriptLocation: inlineScript | |
inlineScript: | | |
az --version | |
az account set --subscription '${{ parameters.azureSubscriptionTarget }}' | |
az stack sub create ` | |
--location $(deploymentDefaultLocation) ` | |
--name "stack-scu-yourorg-we" ` | |
--template-file $(deploymentBicepTemplate) ` | |
--parameters deploySecureCapacityUnit=${{ parameters.deploySecureCapacityUnit }} ` | |
--deny-settings-mode none ` | |
--action-on-unmanage deleteResources | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CD-$(rev:r)-Destroy-Security-Copilot-$(Date:dd.MM.yyyy) # build numbering format | |
trigger: none | |
schedules: | |
- cron: "0 14 * * 1-5" | |
displayName: Afternoon weekdays | |
branches: | |
include: | |
- main | |
always: true | |
parameters: | |
- name: azureServiceConnection | |
default: serviceconn-<your-wif-connection> | |
- name: azureSubscriptionTarget | |
default: '<your-sub-name-or-id' | |
- name: deploySecureCapacityUnit | |
type: boolean | |
default: false | |
pool: | |
vmImage: windows-latest | |
variables: | |
- name: deploymentDefaultLocation | |
value: westeurope | |
- name: deploymentBicepTemplate | |
value: .\SecurityCopilot-Bicep\main.bicep | |
jobs: | |
- job: | |
steps: | |
- task: AzureCLI@2 | |
displayName: 'Deploy Security Copilot Compute Unit' | |
inputs: | |
azureSubscription: '${{ parameters.azureServiceConnection }}' | |
scriptType: pscore | |
scriptLocation: inlineScript | |
inlineScript: | | |
az --version | |
az account set --subscription '${{ parameters.azureSubscriptionTarget }}' | |
az stack sub create ` | |
--location $(deploymentDefaultLocation) ` | |
--name "stack-scu-elven-we" ` | |
--template-file $(deploymentBicepTemplate) ` | |
--parameters deploySecureCapacityUnit=${{ parameters.deploySecureCapacityUnit }} ` | |
--deny-settings-mode none ` | |
--action-on-unmanage deleteResources |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
targetScope = 'subscription' | |
// If an environment is set up (dev, test, prod...), it is used in the application name | |
param environment string = 'dev' | |
param applicationName string = 'security-copilot' | |
param location string = 'westeurope' | |
param resourceGroupName string = 'rg-sec-copilot-scu-we' | |
param capacityName string = 'scu-<yourorg>-we' | |
param capacityGeo string = 'EU' | |
// Some params for provisioning the secure capacity unit, and if it should be deployed or not | |
param defaultNumberOfUnits int = 1 | |
param deploySecureCapacityUnit bool = true | |
var defaultTags = { | |
Environment: environment | |
Application: '${applicationName}-${environment}' | |
Dataclassification: 'Confidential' | |
Costcenter: 'AI' | |
Criticality: 'Normal' | |
Service: 'Security Copilot' | |
Deploymenttype: 'Bicep' | |
Owner: 'Jan Vidar Elven' | |
Business: 'Elven' | |
} | |
resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = { | |
name: resourceGroupName | |
location: location | |
tags: defaultTags | |
} | |
// Deploy the secure capacity unit module dependent on the deploySecureCapacityUnit parameter | |
module scu 'secure-capacity/secure-compute-unit.bicep' = if (deploySecureCapacityUnit) { | |
name: capacityName | |
scope: resourceGroup(rg.name) | |
params: { | |
capacityName: capacityName | |
geo: capacityGeo | |
crossGeoCompute: 'NotAllowed' | |
numberOfUnits: defaultNumberOfUnits | |
resourceTags: defaultTags | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Secure Compute Unit - Bicep module | |
// Created by - Jan Vidar Elven | |
@description('The name of the Security Copilot Capacity. It has to be unique.') | |
param capacityName string | |
@description('A list of tags to apply to the resources') | |
param resourceTags object | |
@description('Number of Secure Compute Units.') | |
@allowed([ | |
1 | |
2 | |
3 | |
]) | |
param numberOfUnits int | |
@description('If Prompts are are allowed to cross default region for performance reasons.') | |
@allowed([ | |
'NotAllowed' | |
'Allowed' | |
]) | |
param crossGeoCompute string | |
@description('Prompt evaluation region. Allowed values are EU, ANZ, US, UK.') | |
@allowed([ | |
'EU' | |
'ANZ' | |
'US' | |
'UK' | |
]) | |
param geo string | |
var locationMap = { | |
EU: 'westeurope' | |
ANZ: 'australiaeast' | |
US: 'eastus' | |
UK: 'uksouth' | |
} | |
var location = contains(locationMap, geo) ? locationMap[geo] : 'defaultlocation' | |
resource Copilot 'Microsoft.SecurityCopilot/capacities@2023-12-01-preview' = { | |
name: capacityName | |
location: location | |
properties: { | |
numberOfUnits: numberOfUnits | |
crossGeoCompute: crossGeoCompute | |
geo: geo | |
} | |
tags: resourceTags | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment