Last active
March 6, 2024 06:27
-
-
Save dsfrederic/2fbc8fe3a1b31504ca151b014b49ec98 to your computer and use it in GitHub Desktop.
Keyvault expired secret notifications
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | |
"contentVersion": "1.0.0.0", | |
"parameters": { | |
"actionGroups_ag_fds_demo_name": { | |
"defaultValue": "ag-fds-demo", | |
"type": "String" | |
}, | |
"vaults_kv_fds_notifications_name": { | |
"defaultValue": "kv-fds-notifications", | |
"type": "String" | |
}, | |
"systemTopics_topic_kv_secrets_name": { | |
"defaultValue": "topic-kv-secrets", | |
"type": "String" | |
} | |
}, | |
"variables": {}, | |
"resources": [ | |
{ | |
"type": "microsoft.insights/actionGroups", | |
"apiVersion": "2023-01-01", | |
"name": "[parameters('actionGroups_ag_fds_demo_name')]", | |
"location": "Global", | |
"tags": { | |
"Frédéric De Smet": "" | |
}, | |
"properties": { | |
"groupShortName": "FDS demo", | |
"enabled": true, | |
"emailReceivers": [ | |
{ | |
"name": "mail FDS_-EmailAction-", | |
"emailAddress": "fredericdesmet@live.be", | |
"useCommonAlertSchema": false | |
} | |
], | |
"smsReceivers": [], | |
"webhookReceivers": [], | |
"eventHubReceivers": [], | |
"itsmReceivers": [], | |
"azureAppPushReceivers": [], | |
"automationRunbookReceivers": [], | |
"voiceReceivers": [], | |
"logicAppReceivers": [], | |
"azureFunctionReceivers": [], | |
"armRoleReceivers": [] | |
} | |
}, | |
{ | |
"type": "Microsoft.KeyVault/vaults", | |
"apiVersion": "2023-07-01", | |
"name": "[parameters('vaults_kv_fds_notifications_name')]", | |
"location": "westeurope", | |
"properties": { | |
"sku": { | |
"family": "A", | |
"name": "Standard" | |
}, | |
"tenantId": "42151053-0193-47aa-9e81-effd81f772cc", | |
"accessPolicies": [], | |
"enabledForDeployment": false, | |
"enabledForDiskEncryption": false, | |
"enabledForTemplateDeployment": false, | |
"enableSoftDelete": true, | |
"softDeleteRetentionInDays": 7, | |
"enableRbacAuthorization": true, | |
"vaultUri": "[concat('https://', parameters('vaults_kv_fds_notifications_name'), '.vault.azure.net/')]", | |
"provisioningState": "Succeeded", | |
"publicNetworkAccess": "Enabled" | |
} | |
}, | |
{ | |
"type": "Microsoft.EventGrid/systemTopics", | |
"apiVersion": "2023-12-15-preview", | |
"name": "[parameters('systemTopics_topic_kv_secrets_name')]", | |
"location": "westeurope", | |
"dependsOn": [ | |
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_kv_fds_notifications_name'))]" | |
], | |
"properties": { | |
"source": "[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_kv_fds_notifications_name'))]", | |
"topicType": "Microsoft.KeyVault.vaults" | |
} | |
}, | |
{ | |
"type": "Microsoft.KeyVault/vaults/secrets", | |
"apiVersion": "2023-07-01", | |
"name": "[concat(parameters('vaults_kv_fds_notifications_name'), '/test')]", | |
"location": "westeurope", | |
"dependsOn": [ | |
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_kv_fds_notifications_name'))]" | |
], | |
"properties": { | |
"attributes": { | |
"enabled": true, | |
"exp": 1741205469 | |
} | |
} | |
}, | |
{ | |
"type": "Microsoft.KeyVault/vaults/secrets", | |
"apiVersion": "2023-07-01", | |
"name": "[concat(parameters('vaults_kv_fds_notifications_name'), '/test2')]", | |
"location": "westeurope", | |
"dependsOn": [ | |
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_kv_fds_notifications_name'))]" | |
], | |
"properties": { | |
"attributes": { | |
"enabled": true, | |
"exp": 1709671629 | |
} | |
} | |
}, | |
{ | |
"type": "Microsoft.EventGrid/systemTopics/eventSubscriptions", | |
"apiVersion": "2023-12-15-preview", | |
"name": "[concat(parameters('systemTopics_topic_kv_secrets_name'), '/sub-fds-demo')]", | |
"dependsOn": [ | |
"[resourceId('Microsoft.EventGrid/systemTopics', parameters('systemTopics_topic_kv_secrets_name'))]", | |
"[resourceId('microsoft.insights/actionGroups', parameters('actionGroups_ag_fds_demo_name'))]" | |
], | |
"properties": { | |
"destination": { | |
"properties": { | |
"severity": "Sev2", | |
"actionGroups": [ | |
"[resourceId('microsoft.insights/actionGroups', parameters('actionGroups_ag_fds_demo_name'))]" | |
] | |
}, | |
"endpointType": "MonitorAlert" | |
}, | |
"filter": { | |
"includedEventTypes": [ | |
"Microsoft.KeyVault.CertificateNearExpiry", | |
"Microsoft.KeyVault.CertificateExpired", | |
"Microsoft.KeyVault.SecretNearExpiry", | |
"Microsoft.KeyVault.SecretExpired", | |
"Microsoft.KeyVault.KeyNearExpiry", | |
"Microsoft.KeyVault.KeyExpired" | |
], | |
"enableAdvancedFilteringOnArrays": true | |
}, | |
"labels": [], | |
"eventDeliverySchema": "CloudEventSchemaV1_0", | |
"retryPolicy": { | |
"maxDeliveryAttempts": 30, | |
"eventTimeToLiveInMinutes": 1440 | |
} | |
} | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param actionGroups_ag_fds_demo_name string = 'ag-fds-demo' | |
param vaults_kv_fds_notifications_name string = 'kv-fds-notifications' | |
param systemTopics_topic_kv_secrets_name string = 'topic-kv-secrets' | |
resource actionGroups_ag_fds_demo_name_resource 'microsoft.insights/actionGroups@2023-01-01' = { | |
name: actionGroups_ag_fds_demo_name | |
location: 'Global' | |
tags: { | |
'Frédéric De Smet': '' | |
} | |
properties: { | |
groupShortName: 'FDS demo' | |
enabled: true | |
emailReceivers: [ | |
{ | |
name: 'mail FDS_-EmailAction-' | |
emailAddress: 'fredericdesmet@live.be' | |
useCommonAlertSchema: false | |
} | |
] | |
smsReceivers: [] | |
webhookReceivers: [] | |
eventHubReceivers: [] | |
itsmReceivers: [] | |
azureAppPushReceivers: [] | |
automationRunbookReceivers: [] | |
voiceReceivers: [] | |
logicAppReceivers: [] | |
azureFunctionReceivers: [] | |
armRoleReceivers: [] | |
} | |
} | |
resource vaults_kv_fds_notifications_name_resource 'Microsoft.KeyVault/vaults@2023-07-01' = { | |
name: vaults_kv_fds_notifications_name | |
location: 'westeurope' | |
properties: { | |
sku: { | |
family: 'A' | |
name: 'standard' | |
} | |
tenantId: '42151053-0193-47aa-9e81-effd81f772cc' | |
accessPolicies: [] | |
enabledForDeployment: false | |
enabledForDiskEncryption: false | |
enabledForTemplateDeployment: false | |
enableSoftDelete: true | |
softDeleteRetentionInDays: 7 | |
enableRbacAuthorization: true | |
vaultUri: 'https://${vaults_kv_fds_notifications_name}.vault.azure.net/' | |
provisioningState: 'Succeeded' | |
publicNetworkAccess: 'Enabled' | |
} | |
} | |
resource systemTopics_topic_kv_secrets_name_resource 'Microsoft.EventGrid/systemTopics@2023-12-15-preview' = { | |
name: systemTopics_topic_kv_secrets_name | |
location: 'westeurope' | |
properties: { | |
source: vaults_kv_fds_notifications_name_resource.id | |
topicType: 'Microsoft.KeyVault.vaults' | |
} | |
} | |
resource vaults_kv_fds_notifications_name_test 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = { | |
parent: vaults_kv_fds_notifications_name_resource | |
name: 'test' | |
location: 'westeurope' | |
properties: { | |
attributes: { | |
enabled: true | |
exp: 1741205469 | |
} | |
} | |
} | |
resource vaults_kv_fds_notifications_name_test2 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = { | |
parent: vaults_kv_fds_notifications_name_resource | |
name: 'test2' | |
location: 'westeurope' | |
properties: { | |
attributes: { | |
enabled: true | |
exp: 1709671629 | |
} | |
} | |
} | |
resource systemTopics_topic_kv_secrets_name_sub_fds_demo 'Microsoft.EventGrid/systemTopics/eventSubscriptions@2023-12-15-preview' = { | |
parent: systemTopics_topic_kv_secrets_name_resource | |
name: 'sub-fds-demo' | |
properties: { | |
destination: { | |
properties: { | |
severity: 'Sev2' | |
actionGroups: [actionGroups_ag_fds_demo_name_resource.id] | |
} | |
endpointType: 'MonitorAlert' | |
} | |
filter: { | |
includedEventTypes: [ | |
'Microsoft.KeyVault.CertificateNearExpiry' | |
'Microsoft.KeyVault.CertificateExpired' | |
'Microsoft.KeyVault.SecretNearExpiry' | |
'Microsoft.KeyVault.SecretExpired' | |
'Microsoft.KeyVault.KeyNearExpiry' | |
'Microsoft.KeyVault.KeyExpired' | |
] | |
enableAdvancedFilteringOnArrays: true | |
} | |
labels: [] | |
eventDeliverySchema: 'CloudEventSchemaV1_0' | |
retryPolicy: { | |
maxDeliveryAttempts: 30 | |
eventTimeToLiveInMinutes: 1440 | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment