Created
April 13, 2025 18:38
-
-
Save riosengineer/c483f60542c86bcab1de08784fb9a897 to your computer and use it in GitHub Desktop.
Deployment Stacks Demo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // az stack sub create --name 'az-stack-uks-demo' --location 'uksouth' --template-file 'main.bicep' --parameters 'main.bicepparam' --action-on-unmanage 'deleteResources' --deny-settings-mode 'denyWriteAndDelete' --deny-settings-apply-to-child-scopes --deny-settings-excluded-principals ' | |
| targetScope = 'subscription' | |
| // Metadata | |
| metadata name = 'Deployment Stacks' | |
| metadata description = 'Zero to Hero - Bicep with Deployment Stacks' | |
| metadata owner = 'dan@rios.engineer' | |
| // MARK: Parameters | |
| @description('Azure region to deploy resources.') | |
| param location string | |
| @description('Tags to apply to resources.') | |
| param tags object | |
| @description('Address prefix for the virtual network.') | |
| param vnetAddressPrefix array | |
| @description('Address prefix for the subnet.') | |
| param snetAddressPrefix string | |
| // MARK: Variables | |
| var rgName = 'rg-${toLower(substring(location, 0, 3))}-stack-demo' | |
| var storageName = 'st${toLower(substring(location, 0, 3))}stackdemo001' | |
| var storageName2 = 'st${toLower(substring(location, 0, 3))}stackdemo002' | |
| var nsgName = 'nsg-${toLower(substring(location, 0, 3))}-stack-demo' | |
| var nsgName2 = 'nsg-${toLower(substring(location, 0, 3))}-stack-demo2' | |
| var vnetName = 'vnet-${toLower(substring(location, 0, 3))}-stack-demo' | |
| var snetName = 'snet-${toLower(substring(location, 0, 3))}-stack-demo' | |
| // Modules | |
| // MARK: Resource Group | |
| module modResourceGroup 'br/public:avm/res/resources/resource-group:0.4.1' = { | |
| name: '${uniqueString(deployment().name, location)}-${rgName}' | |
| params: { | |
| name: rgName | |
| location: location | |
| tags: tags | |
| } | |
| } | |
| // MARK: Storage Account | |
| module modStorageAccount 'br/public:avm/res/storage/storage-account:0.19.0' = { | |
| scope: resourceGroup(rgName) | |
| name: '${uniqueString(deployment().name, location)}-${storageName}' | |
| params: { | |
| name: storageName | |
| location: location | |
| kind: 'StorageV2' | |
| allowSharedKeyAccess: false | |
| allowBlobPublicAccess: true | |
| minimumTlsVersion: 'TLS1_2' | |
| accessTier: 'Hot' | |
| publicNetworkAccess: 'Enabled' | |
| blobServices:{ | |
| containers: [ | |
| { | |
| name: 'stacks' | |
| } | |
| ] | |
| } | |
| managedIdentities: { | |
| systemAssigned: true | |
| } | |
| tags: tags | |
| } | |
| dependsOn: [ | |
| modResourceGroup | |
| ] | |
| } | |
| // Comment out if and redeploy the stack to see deleteResources action | |
| // MARK: Storage Account2 | |
| module modStorageAccount2 'br/public:avm/res/storage/storage-account:0.19.0' = { | |
| scope: resourceGroup(rgName) | |
| name: '${uniqueString(deployment().name, location)}-${storageName2}' | |
| params: { | |
| name: storageName2 | |
| location: location | |
| kind: 'StorageV2' | |
| allowSharedKeyAccess: false | |
| allowBlobPublicAccess: true | |
| minimumTlsVersion: 'TLS1_2' | |
| accessTier: 'Hot' | |
| publicNetworkAccess: 'Enabled' | |
| blobServices:{ | |
| containers: [ | |
| { | |
| name: 'stacks' | |
| } | |
| ] | |
| } | |
| managedIdentities: { | |
| systemAssigned: true | |
| } | |
| tags: tags | |
| } | |
| dependsOn: [ | |
| modResourceGroup | |
| ] | |
| } | |
| // MARK: Network Security Group | |
| module modNsg 'br/public:avm/res/network/network-security-group:0.5.1' = { | |
| scope: resourceGroup(rgName) | |
| name: '${uniqueString(deployment().name, location)}-${nsgName}' | |
| params: { | |
| name: nsgName | |
| location: location | |
| securityRules: [ | |
| { | |
| name: 'Deny-RDP-Internet' | |
| properties: { | |
| priority: 100 | |
| access: 'Deny' | |
| direction: 'Inbound' | |
| protocol: 'Tcp' | |
| sourcePortRange: '*' | |
| destinationPortRange: '3389' | |
| sourceAddressPrefix: 'Internet' | |
| destinationAddressPrefix: '*' | |
| } | |
| } | |
| ] | |
| tags: tags | |
| } | |
| dependsOn: [ | |
| modResourceGroup | |
| ] | |
| } | |
| // MARK: Network Security Group | |
| module modNsg2 'br/public:avm/res/network/network-security-group:0.5.1' = { | |
| scope: resourceGroup(rgName) | |
| name: '${uniqueString(deployment().name, location)}-${nsgName2}' | |
| params: { | |
| name: nsgName2 | |
| location: location | |
| securityRules: [ | |
| { | |
| name: 'Deny-RDP-Internet' | |
| properties: { | |
| priority: 100 | |
| access: 'Deny' | |
| direction: 'Inbound' | |
| protocol: 'Tcp' | |
| sourcePortRange: '*' | |
| destinationPortRange: '3389' | |
| sourceAddressPrefix: 'Internet' | |
| destinationAddressPrefix: '*' | |
| } | |
| } | |
| ] | |
| tags: tags | |
| } | |
| dependsOn: [ | |
| modResourceGroup | |
| ] | |
| } | |
| // MARK: Virtual Network | |
| module modVirtualnetwork 'br/public:avm/res/network/virtual-network:0.6.1' = { | |
| scope: resourceGroup(rgName) | |
| name: '${uniqueString(deployment().name, location)}-${vnetName}' | |
| params: { | |
| name: vnetName | |
| addressPrefixes: vnetAddressPrefix | |
| subnets: [ | |
| { | |
| name: snetName | |
| addressPrefix: snetAddressPrefix | |
| networkSecurityGroupResourceId: modNsg.outputs.resourceId | |
| } | |
| ] | |
| } | |
| dependsOn: [ | |
| modResourceGroup | |
| ] | |
| } | |
| // Outputs | |
| output storageAccountId string = modStorageAccount.outputs.resourceId | |
| output virtualNetworkName string = modVirtualnetwork.outputs.name | |
| output storageAccountName string = modStorageAccount.outputs.name | |
| output nsgName string = modNsg.outputs.name |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment