Skip to content

Instantly share code, notes, and snippets.

@azMantas
azMantas / main.bicep
Last active November 5, 2021 18:05
assign RBAC to azure resources
targetScope = 'subscription'
param storageAccountName string = 'biceprules'
param utc string = utcNow()
param storageRBAC object = {
storageBlobContributors: {
roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe'
principalId: [
'07ec4702-a678-4ff6-bf61-4d58eac4fe83'
'd3f05bbb-5c34-40f5-95c8-d306bc32c032'
@azMantas
azMantas / main.bicep
Created October 25, 2021 20:34
creating Azure firewall policies with Bicep
param policyName string = 'afwp-fw'
var Rules = [
json(loadTextContent('./workload-1.json'))
json(loadTextContent('./workload-2.json'))
json(loadTextContent('./workload-3.json'))
]
resource fwPolicy 'Microsoft.Network/firewallPolicies@2021-02-01' existing = {
name: policyName
@azMantas
azMantas / get-subscription.ps1
Created October 12, 2021 13:01
powershell function to get a list of subscription
function get-subscription {
[CmdletBinding()]
param (
[Parameter()]
[string]$name
)
Get-AzSubscription | Where-Object { ($_.Name -match $name -and $_.State -ne 'Disabled') } | Select-Object name, id | Sort-Object name
}
@azMantas
azMantas / st_allowCrossTenantReplication.json
Created September 27, 2021 18:55
Azure Policy definition - modify - st_allowCrossTenantReplication
{
"name": "st_allowCrossTenantReplication",
"properties": {
"DisplayName": "Storage account should disallow cross tenant blob replication",
"mode": "All",
"metadata": {
"category": "Storage"
},
"parameters": {
"effect": {
@azMantas
azMantas / assignRBAC
Last active June 8, 2021 06:43
assign RBAC role for multiple principals in bicep
targetScope = 'managementGroup'
param roleDefinitionId string = 'b60367af-1334-4454-b71e-769d9a4f83d9'
param assignmentScope string = 'BicepRules'
param principalIds array = [
'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
'yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy'
]
resource rbac 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principal in principalIds: {
@azMantas
azMantas / tags.json
Created May 4, 2021 07:02
Manage tags in Azure: Policy initiative
{
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"Name": {
"type": "string",
"defaultValue": "policy-name"
},
"DisplayName": {
"type": "string",
@azMantas
azMantas / gist:b5ae6a09730b5a0c1973aa097af03de5
Created April 22, 2021 18:23
Use personal access token to Invoke-RestMethod
$token = Get-AzAccessToken -Resource 'https://management.azure.com/'
$accesstoken = ConvertTo-SecureString -String $token.Token -AsPlainText -Force
$url = "https://management.azure.com/subscriptions?api-version=2020-01-01"
$GetSubscriptions = Invoke-RestMethod -Method get -Authentication OAuth -Token $accesstoken -ContentType 'application/json' -Uri $url
$GetSubscriptions.value | select id, displayName