Last active
June 10, 2024 12:43
-
-
Save riosengineer/0bf883b3c8e1e81474e7a90356b3d2bf to your computer and use it in GitHub Desktop.
Main template: Azure Bastion Premium + VMs and supporting components for session recording lab/demo.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// az login | |
// az account set -s "subGuid" | |
// az group create --name rg-bastion-demo --location uksouth | |
// az deployment group create -g 'rg-bastion-demo' -f '.\bastion.bicep' -p '.\bastion.bicepparam' -p parAdminPassword=Some-Password-Here | |
targetScope = 'resourceGroup' | |
metadata name = 'Quickstart Template Azure Bastion Session Recording' | |
metadata description = 'Azure Bastion Premium SKU with Session Recording demo with Windows and Linux VMs.' | |
@description('Virtual Network Name') | |
param parvNetName string | |
@description('Bastion Host Name') | |
param parBastionName string | |
@description('Location') | |
param parLocation string | |
@description('Public IP Name') | |
param parPipName string | |
@description('Windows VM Name') | |
param parWinVmName string | |
@description('Admin Username') | |
param parAdminUsername string | |
@description('Container Name') | |
param parContainerName string | |
@secure() | |
@description('Admin Password') | |
param parAdminPassword string | |
// Virtual Network | |
module vNet 'br/public:avm/res/network/virtual-network:0.1.6' = { | |
name: '${uniqueString(deployment().name)}-vNet' | |
params: { | |
addressPrefixes: [ | |
'10.0.0.0/16' | |
] | |
subnets: [ | |
{ | |
name: 'AzureBastionSubnet' | |
addressPrefix: '10.0.0.0/26' | |
} | |
{ | |
name: 'vmSubnet' | |
addressPrefix: '10.0.1.0/24' | |
} | |
] | |
name: parvNetName | |
} | |
} | |
module PublicIpBastion 'br/public:avm/res/network/public-ip-address:0.4.1' = { | |
name: '${uniqueString(deployment().name)}-publicIpBastion' | |
params: { | |
name: parPipName | |
} | |
} | |
resource bastion 'Microsoft.Network/bastionHosts@2023-11-01' = { | |
name: parBastionName | |
location: parLocation | |
sku: { | |
name: 'Premium' | |
} | |
properties: { | |
ipConfigurations: [ | |
{ | |
name: 'IpConf' | |
properties: { | |
subnet: { | |
id: vNet.outputs.subnetResourceIds[0] | |
} | |
publicIPAddress: { | |
id: PublicIpBastion.outputs.resourceId | |
} | |
} | |
} | |
] | |
} | |
} | |
// Storage Account, Container & CORS | |
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = { | |
name: 'st${uniqueString(resourceGroup().id)}' | |
location: parLocation | |
sku: { | |
name: 'Standard_LRS' | |
} | |
kind: 'StorageV2' | |
properties: { | |
publicNetworkAccess: 'Enabled' | |
allowBlobPublicAccess: true | |
accessTier: 'Hot' | |
} | |
dependsOn: [ | |
bastion | |
] | |
} | |
resource storageAccountCors 'Microsoft.Storage/storageAccounts/blobServices@2023-01-01' = { | |
parent: storageAccount | |
name: 'default' | |
properties: { | |
cors: { | |
corsRules: [ | |
{ | |
allowedOrigins: [ | |
'https://${bastion.properties.dnsName}' | |
] | |
allowedMethods: [ | |
'GET' | |
] | |
maxAgeInSeconds: 86400 | |
exposedHeaders: [ | |
'' | |
] | |
allowedHeaders: [ | |
'' | |
] | |
} | |
] | |
} | |
} | |
} | |
resource storageAccountContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-04-01' = { | |
parent: storageAccountCors | |
name: parContainerName | |
properties: { | |
publicAccess: 'Container' | |
metadata: {} | |
} | |
} | |
// Virtual Machines | |
module winVm 'br/public:avm/res/compute/virtual-machine:0.4.2' = { | |
name: '${uniqueString(deployment().name)}-winVm' | |
params: { | |
adminUsername: parAdminUsername | |
adminPassword: parAdminPassword | |
location: parLocation | |
encryptionAtHost: false | |
imageReference: { | |
offer: 'WindowsServer' | |
publisher: 'MicrosoftWindowsServer' | |
sku: '2022-datacenter-azure-edition' | |
version: 'latest' | |
} | |
name: parWinVmName | |
nicConfigurations: [ | |
{ | |
ipConfigurations: [ | |
{ | |
name: 'ipconfig01' | |
subnetResourceId: vNet.outputs.subnetResourceIds[1] | |
} | |
] | |
nicSuffix: '-nic-01' | |
} | |
] | |
osDisk: { | |
caching: 'ReadWrite' | |
diskSizeGB: 128 | |
managedDisk: { | |
storageAccountType: 'Standard_LRS' | |
} | |
} | |
osType: 'Windows' | |
vmSize: 'Standard_B2s_v2' | |
zone: 0 | |
} | |
} | |
module linuxVm 'br/public:avm/res/compute/virtual-machine:0.4.2' = { | |
name: '${uniqueString(deployment().name)}-linuxVm' | |
params: { | |
adminUsername: parAdminUsername | |
adminPassword: parAdminPassword | |
location: parLocation | |
encryptionAtHost: false | |
imageReference: { | |
offer: 'UbuntuServer' | |
publisher: 'Canonical' | |
sku: '18.04-LTS' | |
version: 'latest' | |
} | |
name: 'linuxVm' | |
nicConfigurations: [ | |
{ | |
ipConfigurations: [ | |
{ | |
name: 'ipconfig01' | |
subnetResourceId: vNet.outputs.subnetResourceIds[1] | |
} | |
] | |
nicSuffix: '-nic-01' | |
} | |
] | |
osDisk: { | |
caching: 'ReadWrite' | |
diskSizeGB: 128 | |
managedDisk: { | |
storageAccountType: 'Standard_LRS' | |
} | |
} | |
osType: 'Linux' | |
vmSize: 'Standard_B2s_v2' | |
zone: 0 | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment