Skip to content

Instantly share code, notes, and snippets.

Avatar

Bruce Kyle brucedkyle

View GitHub Profile
View policy-initiative.json
{
"properties": {
"displayName": "NIST SP 800-53 R4",
"policyType": "BuiltIn",
"description": "This initiative includes audit and virtual machine extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist80053-blueprint.",
"metadata": {
"version": "2.0.1",
"category": "Regulatory Compliance"
},
"policyDefinitions": [
@brucedkyle
brucedkyle / new-managementgrouproot.ps1
Last active Jun 27, 2020
Set up management groups
View new-managementgrouproot.ps1
#Requires -Version 7.0
#Requires -Modules PowerShellGet, Az.Resources
<#
.SYNOPSIS
Creates a management group
.DESCRIPTION
Creates a management group
.PARAMETER OrganizationName
Used to create the management group name
.OUTPUTS
@brucedkyle
brucedkyle / set-security-center.ps1
Last active Jun 18, 2020
Set up Security Center
View set-security-center.ps1
#Requires -Version 7.0
#Requires -Modules PowerShellGet, Az.Resources, Az.Security
<#
.SYNOPSIS
Sets up Security Center and the admin alerts for the subscription
.DESCRIPTION
Automatically sets Security Center standard tier to the subscription.
.PARAMETER OrganizationName
Used to create the management group name
.PARAMETER LogAnalyticsWorkplaceId
View add-log-analytics-reader-group-to-aad.ps1
Install-Module azuread
New-AzureADGroup -Description "Log Analytics Reader Group" -DisplayName "Log Analytics Reader Group" -MailEnabled $false -SecurityEnabled $true -MailNickName "LogAnalyticsReaderGroup"
@brucedkyle
brucedkyle / code.sh
Last active Jun 5, 2020
Set up Azure tooling
View code.sh
# Set the root path for extensions
code --extensions-dir <dir>
# List the installed extensions.
code --list-extensions
# Install extension
code --install-extension (<extension-id> | <extension-vsix-path>)
# Uninstalls an extension.
@brucedkyle
brucedkyle / create-resource-group.sh
Last active Jun 3, 2020
Naming Convention for Azure Resources
View create-resource-group.sh
REGION_ABBR="wu2"
ENVIRONMENT="dev"
PROJECT="azdays"
ITERATION="01"
LOCATION="West US 2"
RESOURCE_GROUP_NAME=rg-${REGION_ABBR}-${ENVIRONMENT}-${PROJECT}-${ITERATION}
TAGS=("Cost Center=AzDays" "Location=West US 2")
az group create --name $RESOURCE_GROUP_NAME --location "$LOCATION" --tags "${TAGS[@]}"
@brucedkyle
brucedkyle / terminal-split-pane.ps1
Created May 26, 2020
Windows Terminal Split Pane
View terminal-split-pane.ps1
wt -p "Command Prompt" `; split-pane -p "Windows PowerShell" `; split-pane -H wsl.exe
@brucedkyle
brucedkyle / boilerplate-armtemplate.ps1
Last active May 7, 2020
Boilerplate to deploy ARM Templates
View boilerplate-armtemplate.ps1
#Requires -Version 5.1
#Requires -Modules Az.Resources, Az.Storage
<#
.SYNOPSIS
Deploys the resource using the boilerplate template
.DESCRIPTION
Deploys the boilerplate template to the resource group.
.PARAMETER SubscriptionID
The Azure Subscription ID, such as "9f241d6e-16e2-4b2b-a485-cc546f04799b". Uses the current subscription as the default.
.PARAMETER ResourceGroupName
@brucedkyle
brucedkyle / aks.tf
Last active May 23, 2020
Create AKS service using Terraform
View aks.tf
resource "azurerm_kubernetes_cluster" "k8s" {
name = var.cluster_name
location = azurerm_resource_group.rg_aks.location
resource_group_name = azurerm_resource_group.rg_aks.name
dns_prefix = var.dns_prefix
linux_profile {
admin_username = var.admin_name
ssh_key {
@brucedkyle
brucedkyle / create-rbac-auth-for-terraform.bash
Last active May 23, 2020
set environment variables for Terraform
View create-rbac-auth-for-terraform.bash
## Requires jq .. to install see: https://stedolan.github.io/jq/download/
# set some environment variables to use to create the service principal
export SUBSCRIPTION_ID=3464892e-e827-4752-bad5-b4f93c00dbbe
export PROJECT_NAME="wus2-azure-aks-terraform-demo"
az account set --subscription="${SUBSCRIPTION_ID}"
# create the service principal to the subscription scope and save it to an auth file
TF_SERVICE_PRINCIPAL=$(az ad sp create-for-rbac --skip-assignment --role 'Contributor' --name rbac-tf-$PROJECT_NAME --output json --scopes="/subscriptions/${SUBSCRIPTION_ID}")