Skip to content

Instantly share code, notes, and snippets.


Bruce Kyle brucedkyle

View GitHub Profile
View policy-initiative.json
"properties": {
"displayName": "NIST SP 800-53 R4",
"policyType": "BuiltIn",
"description": "This initiative includes audit and virtual machine extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit",
"metadata": {
"version": "2.0.1",
"category": "Regulatory Compliance"
"policyDefinitions": [
brucedkyle / new-managementgrouproot.ps1
Last active Jun 27, 2020
Set up management groups
View new-managementgrouproot.ps1
#Requires -Version 7.0
#Requires -Modules PowerShellGet, Az.Resources
Creates a management group
Creates a management group
.PARAMETER OrganizationName
Used to create the management group name
brucedkyle / set-security-center.ps1
Last active Jun 18, 2020
Set up Security Center
View set-security-center.ps1
#Requires -Version 7.0
#Requires -Modules PowerShellGet, Az.Resources, Az.Security
Sets up Security Center and the admin alerts for the subscription
Automatically sets Security Center standard tier to the subscription.
.PARAMETER OrganizationName
Used to create the management group name
.PARAMETER LogAnalyticsWorkplaceId
View add-log-analytics-reader-group-to-aad.ps1
Install-Module azuread
New-AzureADGroup -Description "Log Analytics Reader Group" -DisplayName "Log Analytics Reader Group" -MailEnabled $false -SecurityEnabled $true -MailNickName "LogAnalyticsReaderGroup"
brucedkyle /
Last active Jun 5, 2020
Set up Azure tooling
# Set the root path for extensions
code --extensions-dir <dir>
# List the installed extensions.
code --list-extensions
# Install extension
code --install-extension (<extension-id> | <extension-vsix-path>)
# Uninstalls an extension.
brucedkyle /
Last active Jun 3, 2020
Naming Convention for Azure Resources
TAGS=("Cost Center=AzDays" "Location=West US 2")
az group create --name $RESOURCE_GROUP_NAME --location "$LOCATION" --tags "${TAGS[@]}"
brucedkyle / terminal-split-pane.ps1
Created May 26, 2020
Windows Terminal Split Pane
View terminal-split-pane.ps1
wt -p "Command Prompt" `; split-pane -p "Windows PowerShell" `; split-pane -H wsl.exe
brucedkyle / boilerplate-armtemplate.ps1
Last active May 7, 2020
Boilerplate to deploy ARM Templates
View boilerplate-armtemplate.ps1
#Requires -Version 5.1
#Requires -Modules Az.Resources, Az.Storage
Deploys the resource using the boilerplate template
Deploys the boilerplate template to the resource group.
.PARAMETER SubscriptionID
The Azure Subscription ID, such as "9f241d6e-16e2-4b2b-a485-cc546f04799b". Uses the current subscription as the default.
.PARAMETER ResourceGroupName
brucedkyle /
Last active May 23, 2020
Create AKS service using Terraform
resource "azurerm_kubernetes_cluster" "k8s" {
name = var.cluster_name
location = azurerm_resource_group.rg_aks.location
resource_group_name =
dns_prefix = var.dns_prefix
linux_profile {
admin_username = var.admin_name
ssh_key {
brucedkyle / create-rbac-auth-for-terraform.bash
Last active May 23, 2020
set environment variables for Terraform
View create-rbac-auth-for-terraform.bash
## Requires jq .. to install see:
# set some environment variables to use to create the service principal
export SUBSCRIPTION_ID=3464892e-e827-4752-bad5-b4f93c00dbbe
export PROJECT_NAME="wus2-azure-aks-terraform-demo"
az account set --subscription="${SUBSCRIPTION_ID}"
# create the service principal to the subscription scope and save it to an auth file
TF_SERVICE_PRINCIPAL=$(az ad sp create-for-rbac --skip-assignment --role 'Contributor' --name rbac-tf-$PROJECT_NAME --output json --scopes="/subscriptions/${SUBSCRIPTION_ID}")