riosengineer/azbastion-recording.bicep

## azbastion-recording.bicep
// az login
// az account set -s "subGuid"
// az group create --name rg-bastion-demo --location uksouth
// az deployment group create -g 'rg-bastion-demo' -f '.\bastion.bicep' -p '.\bastion.bicepparam' -p parAdminPassword=Some-Password-Here

targetScope = 'resourceGroup'

metadata name = 'Quickstart Template Azure Bastion Session Recording'
metadata description = 'Azure Bastion Premium SKU with Session Recording demo with Windows and Linux VMs.'

@description('Virtual Network Name')
param parvNetName string
@description('Bastion Host Name')
param parBastionName string
@description('Location')
param parLocation string
@description('Public IP Name')
param parPipName string
@description('Windows VM Name')
param parWinVmName string
@description('Admin Username')
param parAdminUsername string
@description('Container Name')
param parContainerName string

@secure()
@description('Admin Password')
param parAdminPassword string

// Virtual Network
module vNet 'br/public:avm/res/network/virtual-network:0.1.6' = {
  name: '${uniqueString(deployment().name)}-vNet'
  params: {
    addressPrefixes: [
      '10.0.0.0/16'
    ]
    subnets: [
      {
        name: 'AzureBastionSubnet'
        addressPrefix: '10.0.0.0/26'
      }
      {
        name: 'vmSubnet'
        addressPrefix: '10.0.1.0/24'
      }
    ]
    name: parvNetName
  }
}

module PublicIpBastion 'br/public:avm/res/network/public-ip-address:0.4.1' = {
  name: '${uniqueString(deployment().name)}-publicIpBastion'
  params: {
    name: parPipName
  }
}

resource bastion 'Microsoft.Network/bastionHosts@2023-11-01' = {
  name: parBastionName
  location: parLocation
  sku: {
    name: 'Premium'
  }
  properties: {
    ipConfigurations: [
      {
        name: 'IpConf'
        properties: {
          subnet: {
            id: vNet.outputs.subnetResourceIds[0]
          }
          publicIPAddress: {
            id: PublicIpBastion.outputs.resourceId
          }
        }
      }
    ]
  }
}

// Storage Account, Container & CORS
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
  name: 'st${uniqueString(resourceGroup().id)}'
  location: parLocation
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
  properties: {
    publicNetworkAccess: 'Enabled'
    allowBlobPublicAccess: true
    accessTier: 'Hot'
  }
  dependsOn: [
    bastion
  ]
}

resource storageAccountCors 'Microsoft.Storage/storageAccounts/blobServices@2023-01-01' = {
  parent: storageAccount
  name: 'default'
  properties: {
    cors: {
      corsRules: [
        {
          allowedOrigins: [
            'https://${bastion.properties.dnsName}'
          ]
          allowedMethods: [
            'GET'
          ]
          maxAgeInSeconds: 86400
          exposedHeaders: [
            ''
          ]
          allowedHeaders: [
            ''
          ]
        }
      ]
    }
  }
}

resource storageAccountContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-04-01' = {
  parent: storageAccountCors
  name: parContainerName
  properties: {
    publicAccess: 'Container'
    metadata: {}
  }
}

// Virtual Machines
module winVm 'br/public:avm/res/compute/virtual-machine:0.4.2' = {
  name: '${uniqueString(deployment().name)}-winVm'
  params: {
    adminUsername: parAdminUsername
    adminPassword: parAdminPassword
    location: parLocation
    encryptionAtHost: false
    imageReference: {
      offer: 'WindowsServer'
      publisher: 'MicrosoftWindowsServer'
      sku: '2022-datacenter-azure-edition'
      version: 'latest'
    }
    name: parWinVmName
    nicConfigurations: [
      {
        ipConfigurations: [
          {
            name: 'ipconfig01'
            subnetResourceId: vNet.outputs.subnetResourceIds[1]
          }
        ]
        nicSuffix: '-nic-01'
      }
    ]
    osDisk: {
      caching: 'ReadWrite'
      diskSizeGB: 128
      managedDisk: {
        storageAccountType: 'Standard_LRS'
      }
    }
    osType: 'Windows'
    vmSize: 'Standard_B2s_v2'
    zone: 0
  }
}

module linuxVm 'br/public:avm/res/compute/virtual-machine:0.4.2' = {
  name: '${uniqueString(deployment().name)}-linuxVm'
  params: {
    adminUsername: parAdminUsername
    adminPassword: parAdminPassword
    location: parLocation
    encryptionAtHost: false
    imageReference: {
      offer: 'UbuntuServer'
      publisher: 'Canonical'
      sku: '18.04-LTS'
      version: 'latest'
    }
    name: 'linuxVm'
    nicConfigurations: [
      {
        ipConfigurations: [
          {
            name: 'ipconfig01'
            subnetResourceId: vNet.outputs.subnetResourceIds[1]
          }
        ]
        nicSuffix: '-nic-01'
      }
    ]
    osDisk: {
      caching: 'ReadWrite'
      diskSizeGB: 128
      managedDisk: {
        storageAccountType: 'Standard_LRS'
      }
    }
    osType: 'Linux'
    vmSize: 'Standard_B2s_v2'
    zone: 0
  }
}
	// az login
	// az account set -s "subGuid"
	// az group create --name rg-bastion-demo --location uksouth
	// az deployment group create -g 'rg-bastion-demo' -f '.\bastion.bicep' -p '.\bastion.bicepparam' -p parAdminPassword=Some-Password-Here

	targetScope = 'resourceGroup'

	metadata name = 'Quickstart Template Azure Bastion Session Recording'
	metadata description = 'Azure Bastion Premium SKU with Session Recording demo with Windows and Linux VMs.'

	@description('Virtual Network Name')
	param parvNetName string
	@description('Bastion Host Name')
	param parBastionName string
	@description('Location')
	param parLocation string
	@description('Public IP Name')
	param parPipName string
	@description('Windows VM Name')
	param parWinVmName string
	@description('Admin Username')
	param parAdminUsername string
	@description('Container Name')
	param parContainerName string

	@secure()
	@description('Admin Password')
	param parAdminPassword string

	// Virtual Network
	module vNet 'br/public:avm/res/network/virtual-network:0.1.6' = {
	name: '${uniqueString(deployment().name)}-vNet'
	params: {
	addressPrefixes: [
	'10.0.0.0/16'
	]
	subnets: [
	{
	name: 'AzureBastionSubnet'
	addressPrefix: '10.0.0.0/26'
	}
	{
	name: 'vmSubnet'
	addressPrefix: '10.0.1.0/24'
	}
	]
	name: parvNetName
	}
	}

	module PublicIpBastion 'br/public:avm/res/network/public-ip-address:0.4.1' = {
	name: '${uniqueString(deployment().name)}-publicIpBastion'
	params: {
	name: parPipName
	}
	}

	resource bastion 'Microsoft.Network/bastionHosts@2023-11-01' = {
	name: parBastionName
	location: parLocation
	sku: {
	name: 'Premium'
	}
	properties: {
	ipConfigurations: [
	{
	name: 'IpConf'
	properties: {
	subnet: {
	id: vNet.outputs.subnetResourceIds[0]
	}
	publicIPAddress: {
	id: PublicIpBastion.outputs.resourceId
	}
	}
	}
	]
	}
	}

	// Storage Account, Container & CORS
	resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
	name: 'st${uniqueString(resourceGroup().id)}'
	location: parLocation
	sku: {
	name: 'Standard_LRS'
	}
	kind: 'StorageV2'
	properties: {
	publicNetworkAccess: 'Enabled'
	allowBlobPublicAccess: true
	accessTier: 'Hot'
	}
	dependsOn: [
	bastion
	]
	}

	resource storageAccountCors 'Microsoft.Storage/storageAccounts/blobServices@2023-01-01' = {
	parent: storageAccount
	name: 'default'
	properties: {
	cors: {
	corsRules: [
	{
	allowedOrigins: [
	'https://${bastion.properties.dnsName}'
	]
	allowedMethods: [
	'GET'
	]
	maxAgeInSeconds: 86400
	exposedHeaders: [
	''
	]
	allowedHeaders: [
	''
	]
	}
	]
	}
	}
	}

	resource storageAccountContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-04-01' = {
	parent: storageAccountCors
	name: parContainerName
	properties: {
	publicAccess: 'Container'
	metadata: {}
	}
	}

	// Virtual Machines
	module winVm 'br/public:avm/res/compute/virtual-machine:0.4.2' = {
	name: '${uniqueString(deployment().name)}-winVm'
	params: {
	adminUsername: parAdminUsername
	adminPassword: parAdminPassword
	location: parLocation
	encryptionAtHost: false
	imageReference: {
	offer: 'WindowsServer'
	publisher: 'MicrosoftWindowsServer'
	sku: '2022-datacenter-azure-edition'
	version: 'latest'
	}
	name: parWinVmName
	nicConfigurations: [
	{
	ipConfigurations: [
	{
	name: 'ipconfig01'
	subnetResourceId: vNet.outputs.subnetResourceIds[1]
	}
	]
	nicSuffix: '-nic-01'
	}
	]
	osDisk: {
	caching: 'ReadWrite'
	diskSizeGB: 128
	managedDisk: {
	storageAccountType: 'Standard_LRS'
	}
	}
	osType: 'Windows'
	vmSize: 'Standard_B2s_v2'
	zone: 0
	}
	}

	module linuxVm 'br/public:avm/res/compute/virtual-machine:0.4.2' = {
	name: '${uniqueString(deployment().name)}-linuxVm'
	params: {
	adminUsername: parAdminUsername
	adminPassword: parAdminPassword
	location: parLocation
	encryptionAtHost: false
	imageReference: {
	offer: 'UbuntuServer'
	publisher: 'Canonical'
	sku: '18.04-LTS'
	version: 'latest'
	}
	name: 'linuxVm'
	nicConfigurations: [
	{
	ipConfigurations: [
	{
	name: 'ipconfig01'
	subnetResourceId: vNet.outputs.subnetResourceIds[1]
	}
	]
	nicSuffix: '-nic-01'
	}
	]
	osDisk: {
	caching: 'ReadWrite'
	diskSizeGB: 128
	managedDisk: {
	storageAccountType: 'Standard_LRS'
	}
	}
	osType: 'Linux'
	vmSize: 'Standard_B2s_v2'
	zone: 0
	}
	}