diff --git a/infra-as-code/bicep/CRML/containerRegistry/README.md b/infra-as-code/bicep/CRML/containerRegistry/README.md index f363c1960..af7a854f9 100644 --- a/infra-as-code/bicep/CRML/containerRegistry/README.md +++ b/infra-as-code/bicep/CRML/containerRegistry/README.md @@ -10,20 +10,20 @@ Module deploys the following resources: The module requires the following inputs: - Parameter | Type | Default | Description | Requirement | Example ------------ | ---- | ------- |----------- | ----------- | ------- - parAcrName | string | acr${uniqueString(resourceGroup().id)} | Name of Azure Container Registry to deploy | 5-50 char | acr5cix6w3rcizn - parACRSku | string | Basic | SKU of Azure Container Registry to deploy to Azure | Basic or Standard or Premium | Basic - parLocation | string | resourceGroup().location | Location where Public Azure Container Registry will be deployed | Valid Azure Region | eastus2 - parTags | object | none | Tags to be appended to resource | none | {"Environment" : "Development"} + | Parameter | Type | Default | Description | Requirement | Example | + | ----------- | ------ | -------------------------------------- | --------------------------------------------------------------- | ---------------------------- | ------------------------------- | + | parAcrName | string | acr${uniqueString(resourceGroup().id)} | Name of Azure Container Registry to deploy | 5-50 char | acr5cix6w3rcizn | + | parACRSku | string | Basic | SKU of Azure Container Registry to deploy to Azure | Basic or Standard or Premium | Basic | + | parLocation | string | resourceGroup().location | Location where Public Azure Container Registry will be deployed | Valid Azure Region | eastus2 | + | parTags | object | none | Tags to be appended to resource | none | {"Environment" : "Development"} | ## Outputs The module will generate the following outputs: -Output | Type | Example ------- | ---- | -------- -outLoginServer | string | acr5cix6w3rcizna.azurecr.io +| Output | Type | Example | +| -------------- | ------ | --------------------------- | +| outLoginServer | string | acr5cix6w3rcizna.azurecr.io | ## Deployment @@ -36,26 +36,34 @@ We will take the default values and not pass any parameters. ### Azure CLI ```bash -az group create --location eastus2 \ - --name Bicep_ACR +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-ContainerRegistry-${dateYMD}" +RESOURCEGROUP="rg-bicep-acr" +PARAMETERS="@infra-as-code/bicep/CRML/containerRegistry/parameters/containerRegistry.parameters.all.json" +TEMPLATEFILE="infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep" -az deployment group create \ - --resource-group Bicep_Acr \ - --template-file infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep \ - --parameters @infra-as-code/bicep/CRML/containerRegistry/parameters/containerRegistry.parameters.all.json +az group create --location eastus \ + --name rg-bicep-acr + +az deployment group create --name ${NAME:0:63} --resource-group $RESOURCEGROUP --parameters $PARAMETERS --template-file $TEMPLATEFILE ``` ### PowerShell ```powershell -New-AzResourceGroup -Name 'Bicep_ACR' ` - -Location 'EastUs2' - -New-AzResourceGroupDeployment ` - -TemplateFile infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep ` - -TemplateParameterFile infra-as-code/bicep/CRML/containerRegistry/parameters/containerRegistry.parameters.all.json +New-AzResourceGroup -Name 'rg-bicep-acr' ` + -Location 'EastUs' + + $inputObject = @{ + DeploymentName = 'alz-ContainerRegistry-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ResourceGroupName = 'rg-bicep-acr' + TemplateParameterFile = 'infra-as-code/bicep/CRML/containerRegistry/parameters/containerRegistry.parameters.all.json' + TemplateFile = "infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep" +} + +New-AzResourceGroupDeployment @inputObject ``` ## Bicep Visualizer -![Bicep Visualizer](media/bicepVisualizer.png "Bicep Visualizer") \ No newline at end of file +![Bicep Visualizer](media/bicepVisualizer.png "Bicep Visualizer") diff --git a/infra-as-code/bicep/CRML/subscriptionAlias/README.md b/infra-as-code/bicep/CRML/subscriptionAlias/README.md index 24200fca2..21a8594dd 100644 --- a/infra-as-code/bicep/CRML/subscriptionAlias/README.md +++ b/infra-as-code/bicep/CRML/subscriptionAlias/README.md @@ -39,19 +39,28 @@ In this example, the Subscription is created upon an EA Account through a tenant ### Azure CLI ```bash -az deployment tenant create \ - --template-file infra-as-code/bicep/CRML/subscriptionAlias/subscriptionAlias.bicep \ - --parameters @infra-as-code/bicep/CRML/subscriptionAlias/parameters/subscriptionAlias.parameters.all.json \ - --location eastus + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-SubscriptionAlias-${dateYMD}" +LOCATION="eastus" +PARAMETERS="@infra-as-code/bicep/CRML/subscriptionAlias/parameters/subscriptionAlias.parameters.all.json" +TEMPLATEFILE="infra-as-code/bicep/CRML/subscriptionAlias/subscriptionAlias.bicep" + +az deployment tenant create --name ${NAME:0:63} --location $LOCATION --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell ```powershell -New-AzTenantDeployment ` - -TemplateFile infra-as-code/bicep/CRML/subscriptionAlias/subscriptionAlias.bicep ` - -TemplateParameterFile infra-as-code/bicep/CRML/subscriptionAlias/parameters/subscriptionAlias.parameters.all.json ` - -Location eastus + +$inputObject = @{ + DeploymentName = 'alz-SubscriptionAlias-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + TemplateParameterFile = 'infra-as-code/bicep/CRML/subscriptionAlias/parameters/subscriptionAlias.parameters.all.json' + Location = 'EastUS' + TemplateFile = "infra-as-code/bicep/CRML/subscriptionAlias/subscriptionAlias.bicep" +} + +New-AzTenantDeployment @inputObject ``` ### Output Screenshot diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/README.md b/infra-as-code/bicep/modules/customRoleDefinitions/README.md index 5c57f37c2..5320a2080 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/README.md +++ b/infra-as-code/bicep/modules/customRoleDefinitions/README.md @@ -47,42 +47,69 @@ Input parameter file `parameters/customRoleDefinitions.parameters.all.json` defi > For the examples below we assume you have downloaded or cloned the Git repo as-is and are in the root of the repository as your selected directory in your terminal of choice. ### Azure CLI + ```bash # For Azure global regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep \ - --parameters @infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json \ - --location eastus \ - --management-group-id alz + +# Management Group ID +MGID="alz" + +# Chosen Azure Region +LOCATION="eastus" + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-CustomRoleDefsDeployment-${dateYMD}" +TEMPLATEFILE="infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep" +PARAMETERS="@infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash # For Azure China regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep \ - --parameters @infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json \ - --location chinaeast2 \ - --management-group-id alz + +# Management Group ID +MGID="alz" + +# Chosen Azure Region +LOCATION="chinaeast2" + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-CustomRoleDefsDeployment-${dateYMD}" +TEMPLATEFILE="infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep" +PARAMETERS="@infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell ```powershell # For Azure global regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json ` - -Location eastus ` - -ManagementGroupId alz + +$inputObject = @{ + DeploymentName = 'alz-CustomRoleDefsDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'eastus' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` OR ```powershell # For Azure China regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json ` - -Location chinaeast2 ` - -ManagementGroupId alz + +$inputObject = @{ + DeploymentName = 'alz-CustomRoleDefsDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'chinaeast2' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/modules/customRoleDefinitions/mc-customRoleDefinitions.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` ![Example Deployment Output](media/exampleDeploymentOutput.png "Example Deployment Output") diff --git a/infra-as-code/bicep/modules/hubNetworking/README.md b/infra-as-code/bicep/modules/hubNetworking/README.md index 032a88715..56316706c 100644 --- a/infra-as-code/bicep/modules/hubNetworking/README.md +++ b/infra-as-code/bicep/modules/hubNetworking/README.md @@ -97,32 +97,47 @@ There are two different sets of input parameters; one for deploying to Azure glo ### Azure CLI ```bash # For Azure global regions + # Set Platform connectivity subscription ID as the the current subscription ConnectivitySubscriptionId="[your platform connectivity subscription ID]" + az account set --subscription $ConnectivitySubscriptionId +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +TopLevelMGPrefix="alz" + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-HubNetworkingDeploy-${dateYMD}" +GROUP="rg-$TopLevelMGPrefix-hub-networking-001" +TEMPLATEFILE="infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep" +PARAMETERS="@infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json" + az group create --location eastus \ - --name Hub_Networking_POC + --name $GROUP -az deployment group create \ - --resource-group HUB_Networking_POC \ - --template-file infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep \ - --parameters @infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json +az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash # For Azure China regions # Set Platform connectivity subscription ID as the the current subscription ConnectivitySubscriptionId="[your platform connectivity subscription ID]" + az account set --subscription $ConnectivitySubscriptionId +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +TopLevelMGPrefix="alz" + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-HubNetworkingDeploy-${dateYMD}" +GROUP="rg-$TopLevelMGPrefix-hub-networking-001" +TEMPLATEFILE="infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep" +PARAMETERS="@infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json" + az group create --location chinaeast2 \ - --name Hub_Networking_POC + --name $GROUP -az deployment group create \ - --resource-group HUB_Networking_POC \ - --template-file infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep \ - --parameters @infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json +az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell @@ -134,13 +149,24 @@ $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]" Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId -New-AzResourceGroup -Name 'Hub_Networking_POC' ` +# Set Platform management subscription ID as the the current subscription +$ManagementSubscriptionId = "[your platform management subscription ID]" + +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +$TopLevelMGPrefix = "alz" + +# Parameters necessary for deployment +$inputObject = @{ + DeploymentName = 'alz-HubNetworkingDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ResourceGroupName = "rg-$TopLevelMGPrefix-hub-networking-001" + TemplateFile = "infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep" + TemplateParameterFile = "infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json" +} + +New-AzResourceGroup -Name $ResourceGroupName ` -Location 'eastus' -New-AzResourceGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json ` - -ResourceGroupName 'Hub_Networking_POC' +New-AzResourceGroupDeployment @inputObject ``` OR ```powershell @@ -150,13 +176,21 @@ $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]" Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId -New-AzResourceGroup -Name 'Hub_Networking_POC' ` +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +$TopLevelMGPrefix = "alz" + +# Parameters necessary for deployment +$inputObject = @{ + DeploymentName = 'alz-HubNetworkingDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ResourceGroupName = "rg-$TopLevelMGPrefix-hub-networking-001" + TemplateFile = "infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep" + TemplateParameterFile = "infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json" +} + +New-AzResourceGroup -Name $ResourceGroupName ` -Location 'chinaeast2' -New-AzResourceGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json ` - -ResourceGroupName 'Hub_Networking_POC' +New-AzResourceGroupDeployment @inputObject ``` ## Example Output in Azure global regions diff --git a/infra-as-code/bicep/modules/logging/README.md b/infra-as-code/bicep/modules/logging/README.md index e3ded6aee..dde53cad6 100644 --- a/infra-as-code/bicep/modules/logging/README.md +++ b/infra-as-code/bicep/modules/logging/README.md @@ -66,22 +66,29 @@ There are separate input parameters files depending on which Azure cloud you are > If the deployment failed due an error that your alz-log-analytics/Automation resource of type 'Microsoft.OperationalInsights/workspaces/linkedServices' was not found, please retry the deployment step and it would succeed. ### Azure CLI + ```bash # For Azure Global regions # Set Platform management subscripion ID as the the current subscription ManagementSubscriptionId="[your platform management subscription ID]" az account set --subscription $ManagementSubscriptionId +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +TopLevelMGPrefix="alz" + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +GROUP="rg-$TopLevelMGPrefix-logging-001" +NAME="alz-loggingDeployment-${dateYMD}" +TEMPLATEFILE="infra-as-code/bicep/modules/logging/logging.bicep" +PARAMETERS="@infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json" + # Create Resource Group - optional when using an existing resource group az group create \ - --name alz-logging \ + --name $GROUP \ --location eastus # Deploy Module -az deployment group create \ - --template-file infra-as-code/bicep/modules/logging/logging.bicep \ - --parameters @infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json \ - --resource-group alz-logging +az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash @@ -90,16 +97,22 @@ OR ManagementSubscriptionId="[your platform management subscription ID]" az account set --subscription $ManagementSubscriptionId +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +TopLevelMGPrefix="alz" + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +GROUP="rg-$TopLevelMGPrefix-logging-001" +NAME="alz-loggingDeployment-${dateYMD}" +TEMPLATEFILE="infra-as-code/bicep/modules/logging/logging.bicep" +PARAMETERS="@infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json" + # Create Resource Group - optional when using an existing resource group az group create \ - --name alz-logging \ + --name $GROUP \ --location chinaeast2 # Deploy Module -az deployment group create \ - --template-file infra-as-code/bicep/modules/logging/logging.bicep \ - --parameters @infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json \ - --resource-group alz-logging +az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell @@ -109,17 +122,25 @@ az deployment group create \ # Set Platform management subscripion ID as the the current subscription $ManagementSubscriptionId = "[your platform management subscription ID]" +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +$TopLevelMGPrefix = "alz" + +# Parameters necessary for deployment +$inputObject = @{ + DeploymentName = 'alz-LoggingDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ResourceGroupName = "rg-$TopLevelMGPrefix-logging-001" + TemplateFile = "infra-as-code/bicep/modules/logging/logging.bicep" + TemplateParameterFile = "infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json" +} + Select-AzSubscription -SubscriptionId $ManagementSubscriptionId # Create Resource Group - optional when using an existing resource group New-AzResourceGroup ` - -Name alz-logging ` + -Name $ResourceGroupName ` -Location eastus -New-AzResourceGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/logging/logging.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json ` - -ResourceGroup alz-logging +New-AzResourceGroupDeployment @inputObject ``` OR ```powershell @@ -127,17 +148,25 @@ OR # Set Platform management subscripion ID as the the current subscription $ManagementSubscriptionId = "[your platform management subscription ID]" +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +$TopLevelMGPrefix = "alz" + +# Parameters necessary for deployment +$inputObject = @{ + DeploymentName = 'alz-LoggingDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ResourceGroupName = "rg-$TopLevelMGPrefix-logging-001" + TemplateFile = "infra-as-code/bicep/modules/logging/logging.bicep" + TemplateParameterFile = "infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json" +} + Select-AzSubscription -SubscriptionId $ManagementSubscriptionId # Create Resource Group - optional when using an existing resource group New-AzResourceGroup ` - -Name alz-logging ` + -Name $ResourceGroupName ` -Location chinaeast2 -New-AzResourceGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/logging/logging.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json ` - -ResourceGroup alz-logging +New-AzResourceGroupDeployment @inputObject ``` ## Bicep Visualizer diff --git a/infra-as-code/bicep/modules/managementGroups/README.md b/infra-as-code/bicep/modules/managementGroups/README.md index 34509ec07..c94f7457e 100644 --- a/infra-as-code/bicep/modules/managementGroups/README.md +++ b/infra-as-code/bicep/modules/managementGroups/README.md @@ -118,38 +118,55 @@ In this example, the management groups are created at the `Tenant Root Group` th > For the examples below we assume you have downloaded or cloned the Git repo as-is and are in the root of the repository as your selected directory in your terminal of choice. ### Azure CLI + ```bash # For Azure global regions -az deployment tenant create \ - --template-file infra-as-code/bicep/modules/managementGroups/managementGroups.bicep \ - --parameters @infra-as-code/bicep/modules/managementGroups/parameters/managementGroups.parameters.all.json \ - --location eastus + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-MGDeployment-${dateYMD}" +LOCATION="eastus" +TEMPLATEFILE="infra-as-code/bicep/modules/managementGroups/managementGroups.bicep" +PARAMETERS="@infra-as-code/bicep/modules/managementGroups/parameters/managementGroups.parameters.all.json" + +az deployment tenant create --name ${NAME:0:63} --location $LOCATION --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash # For Azure China regions -az deployment tenant create \ - --template-file infra-as-code/bicep/modules/managementGroups/managementGroups.bicep \ - --parameters @infra-as-code/bicep/modules/managementGroups/parameters/managementGroups.parameters.all.json \ - --location chinaeast2 + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-MGDeployment-${dateYMD}" +LOCATION="chinaeast2" +TEMPLATEFILE="infra-as-code/bicep/modules/managementGroups/managementGroups.bicep" +PARAMETERS="@infra-as-code/bicep/modules/managementGroups/parameters/managementGroups.parameters.all.json" + +az deployment tenant create --name ${NAME:0:63} --location $LOCATION --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell ```powershell # For Azure global regions -New-AzTenantDeployment ` - -TemplateFile infra-as-code/bicep/modules/managementGroups/managementGroups.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/managementGroups/parameters/managementGroups.parameters.all.json ` - -Location eastus + +$inputObject = @{ + DeploymentName = 'alz-MGDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'EastUS' + TemplateFile = "infra-as-code/bicep/modules/managementGroups/managementGroups.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/managementGroups/parameters/managementGroups.parameters.all.json' +} +New-AzTenantDeployment @inputObject ``` OR ```powershell # For Azure China regions -New-AzTenantDeployment ` - -TemplateFile infra-as-code/bicep/modules/managementGroups/managementGroups.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/managementGroups/parameters/managementGroups.parameters.all.json ` - -Location chinaeast2 + +$inputObject = @{ + DeploymentName = 'alz-MGDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'chinaeast2' + TemplateFile = "infra-as-code/bicep/modules/managementGroups/managementGroups.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/managementGroups/parameters/managementGroups.parameters.all.json' +} +New-AzTenantDeployment @inputObject ``` ![Example Deployment Output](media/exampleDeploymentOutput.png "Example Deployment Output") diff --git a/infra-as-code/bicep/modules/policy/assignments/README.md b/infra-as-code/bicep/modules/policy/assignments/README.md index fcee09ca1..923b196be 100644 --- a/infra-as-code/bicep/modules/policy/assignments/README.md +++ b/infra-as-code/bicep/modules/policy/assignments/README.md @@ -47,40 +47,58 @@ In this example, the `Deny-PublicIP` custom policy definition will be deployed/a ```bash # For Azure global regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep \ - --parameters @infra-as-code/bicep/modules/policy/assignments/parameters/policyAssignmentManagementGroup.deny.parameters.all.json \ - --location eastus \ - --management-group-id alz-landingzones + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-alz-PolicyDenyAssignmentsDeployment-${dateYMD}" + +PARAMETERS="@infra-as-code/bicep/modules/policy/assignments/parameters/policyAssignmentManagementGroup.deny.parameters.all.json" +LOCATION="eastus" +MGID="alz-landingzones" +TEMPLATEFILE="infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash # For Azure China regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep \ - --parameters @infra-as-code/bicep/modules/policy/assignments/parameters/policyAssignmentManagementGroup.deny.parameters.all.json \ - --location chinaeast2 \ - --management-group-id alz-landingzones + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-alz-PolicyDenyAssignmentsDeployment-${dateYMD}" + +PARAMETERS="@infra-as-code/bicep/modules/policy/assignments/parameters/policyAssignmentManagementGroup.deny.parameters.all.json" +LOCATION="chinaeast2" +MGID="alz-landingzones" +TEMPLATEFILE="infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` #### PowerShell - Deny ```powershell # For Azure global regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/policy/assignments/parameters/policyAssignmentManagementGroup.deny.parameters.all.json ` - -Location eastus ` - -ManagementGroupId 'alz-landingzones' + +$inputObject = @{ + DeploymentName = 'alz-PolicyDenyAssignments-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ManagementGroupId = 'alz-landingzones' + Location = 'eastus' + TemplateParameterFile = 'infra-as-code/bicep/modules/policy/assignments/parameters/policyAssignmentManagementGroup.deny.parameters.all.json' + TemplateFile = "infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep" +} +New-AzManagementGroupDeployment @inputObject ``` OR ```powershell # For Azure China regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/policy/assignments/parameters/policyAssignmentManagementGroup.deny.parameters.all.json ` - -Location chinaeast2 ` - -ManagementGroupId 'alz-landingzones' + +$inputObject = @{ + DeploymentName = 'alz-PolicyDenyAssignments-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ManagementGroupId = 'alz-landingzones' + Location = 'chinaeast2' + TemplateParameterFile = 'infra-as-code/bicep/modules/policy/assignments/parameters/policyAssignmentManagementGroup.deny.parameters.all.json' + TemplateFile = "infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep" +} +New-AzManagementGroupDeployment @inputObject ``` ### DeployIfNotExists Effect @@ -98,40 +116,58 @@ In this example, the `Deploy-MDFC-Config` custom policy definition will be deplo ```bash # For Azure global regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep \ - --parameters @infra-as-code/bicep/modules/policy/assignments/parameters/policyAssignmentManagementGroup.dine.parameters.all.json \ - --location eastus \ - --management-group-id alz-landingzones + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-PolicyDineAssignments-${dateYMD}" +LOCATION="eastus" +MGID="alz-landingzones" +TEMPLATEFILE="infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep" +PARAMETERS="@infra-as-code/bicep/modules/policy/assignments/parameters/policyAssignmentManagementGroup.dine.parameters.all.json" + +az deployment mg create --name $NAME --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash # For Azure China regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep \ - --parameters @infra-as-code/bicep/modules/policy/assignments/parameters/mc-policyAssignmentManagementGroup.dine.parameters.all.json \ - --location chinaeast2 \ - --management-group-id alz-landingzones + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-PolicyDineAssignments-${dateYMD}" +LOCATION="eastus" +MGID="alz-landingzones" +TEMPLATEFILE="infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep" +PARAMETERS="@infra-as-code/bicep/modules/policy/assignments/parameters/policyAssignmentManagementGroup.dine.parameters.all.json" + +az deployment mg create --name $NAME --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` #### PowerShell - DINE ```powershell # For Azure global regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/policy/assignments/parameters/policyAssignmentManagementGroup.dine.parameters.all.json ` - -Location eastus ` - -ManagementGroupId 'alz-landingzones' + +$inputObject = @{ + DeploymentName = 'alz-PolicyDineAssignments-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'eastus' + ManagementGroupId = 'alz-landingzones' + TemplateFile = "infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep" + TemplateParameterFile = '@infra-as-code/bicep/modules/policy/assignments/parameters/policyAssignmentManagementGroup.dine.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` OR ```powershell # For Azure China regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/policy/assignments/parameters/mc-policyAssignmentManagementGroup.dine.parameters.all.json ` - -Location chinaeast2 ` - -ManagementGroupId 'alz-landingzones' + +$inputObject = @{ + DeploymentName = 'alz-PolicyDineAssignments-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'chinaeast2' + ManagementGroupId = 'alz-landingzones' + TemplateFile = "infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/policy/assignments/parameters/mc-policyAssignmentManagementGroup.dine.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` ## Bicep Visualizer diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/README.md b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/README.md index c4b1c8bf3..21d362332 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/README.md +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/README.md @@ -17,7 +17,7 @@ The module requires the following inputs: | parLogAnalyticsWorkspaceResourceId | Log Analytics Workspace Resource ID | Yes | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/alz-logging/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics` | None | | parLogAnalyticsWorkspaceLogRetentionInDays | Number of days of log retention for Log Analytics Workspace | Yes | `365` | `365` | | parAutomationAccountName | Automation Account name | Yes | `alz-automation-account` | `alz-automation-account` | - | parMsDefenderForCloudEmailSecurityContact | An e-mail address that you want Microsoft Defender for Cloud alerts to be sent to. | Yes | `security_contact@replace_me.com` | `security_contact@replace_me.com` | + | parMsDefenderForCloudEmailSecurityContact | An e-mail address that you want Microsoft Defender for Cloud alerts to be sent to. | Yes | `security_contact@replace_me.com` | `security_contact@replace_me.com` | | parDdosProtectionPlanId | ID of the DDoS Protection Plan which will be applied to the Virtual Networks. If left empty, the policy Enable-DDoS-VNET will not be assigned at connectivity or landing zone Management Groups to avoid VNET deployment issues. | Yes | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan` | (empty string) | | parTelemetryOptOut | Set Parameter to true to Opt-out of deployment telemetry | Yes | `false` | `false` | @@ -30,49 +30,67 @@ The module does not generate any outputs. > For the examples below we assume you have downloaded or cloned the Git repo as-is and are in the root of the repository as your selected directory in your terminal of choice. > **Important:** If you decide to not use a DDoS Standard plan in your environment and therefore leave the parameter `parDdosProtectionPlanId` as an empty string (`''`) then the policy Enable-DDoS-VNET will not be assigned at connectivity or landing zone Management Groups to avoid VNET deployment issues. For deployment in Azure China, leave the parameter `parDdosProtectionPlanId` as an empty string (`''`) because the DDoS Protection feature is not available in Azure China. -> +> > However, if you later do decide to deploy an DDoS Standard Plan, you will need to remember to come back and update the parameter `parDdosProtectionPlanId` with the resource ID of the DDoS Standard Plan to ensure the policy is applied to the relevant Management Groups. You can then use a policy [remediation task](https://docs.microsoft.com/azure/governance/policy/how-to/remediate-resources) to bring all non-compliant VNETs back into compliance, once a [compliance scan](https://docs.microsoft.com/azure/governance/policy/how-to/get-compliance-data#evaluation-triggers) has taken place. ### Azure CLI ```bash # For Azure global regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep \ - --parameters @infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json \ - --location eastus \ - --management-group-id alz + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-alzPolicyAssignmentDefaults-${dateYMD}" +LOCATION="eastus" +MGID="alz" +TEMPLATEFILE="infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep" +PARAMETERS="@infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash # For Azure China regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/policy/assignments/alzDefaults/mc-alzDefaultPolicyAssignments.bicep \ - --parameters @infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json \ - --location chinaeast2 \ - --management-group-id alz + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-alzPolicyAssignmentDefaults-${dateYMD}" +LOCATION="chinaeast2" +MGID="alz" +TEMPLATEFILE="infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep" +PARAMETERS="@infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell ```powershell # For Azure global regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json ` - -Location eastus ` - -ManagementGroupId alz + +$inputObject = @{ + DeploymentName = 'alz-alzPolicyAssignmentDefaultsDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'eastus' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` OR ```powershell # For Azure China regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/policy/assignments/alzDefaults/mc-alzDefaultPolicyAssignments.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json ` - -Location chinaeast2 ` - -ManagementGroupId alz + +$inputObject = @{ + DeploymentName = 'alzPolicyAssignmentDefaultsDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'chinaeast2' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/mc-alzDefaultPolicyAssignments.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` ## Bicep Visualizer -![Bicep Visualizer](media/bicepVisualizer.png "Bicep Visualizer") \ No newline at end of file +![Bicep Visualizer](media/bicepVisualizer.png "Bicep Visualizer") diff --git a/infra-as-code/bicep/modules/policy/definitions/README.md b/infra-as-code/bicep/modules/policy/definitions/README.md index 17b50e1a0..d735be68d 100644 --- a/infra-as-code/bicep/modules/policy/definitions/README.md +++ b/infra-as-code/bicep/modules/policy/definitions/README.md @@ -45,40 +45,57 @@ The input parameter file `parameters/customPolicyDefinitions.parameters.all.json ```bash # For Azure global regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep \ - --parameters @infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json \ - --location eastus \ - --management-group-id alz + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-PolicyDefsDefaults-${dateYMD}" +LOCATION="eastus" +MGID="alz" +TEMPLATEFILE="infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep" +PARAMETERS="@infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash # For Azure China regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep \ - --parameters @infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json \ - --location chinaeast2 \ - --management-group-id alz + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-PolicyDefsDefaults-${dateYMD}" +LOCATION="chinaeast2" +MGID="alz" +TEMPLATEFILE="infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep" +PARAMETERS="@infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell ```powershell # For Azure global regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json ` - -Location eastus ` - -ManagementGroupId alz + +$inputObject = @{ + DeploymentName = 'alz-PolicyDefsDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'eastus' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` OR ```powershell # For Azure China regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json ` - -Location chinaeast2 ` - -ManagementGroupId alz + +$inputObject = @{ + DeploymentName = 'alz-PolicyDefsDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'chinaeast2' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json' +} +New-AzManagementGroupDeployment @inputObject ``` ![Example Deployment Output](media/exampleDeploymentOutput.png "Example Deployment Output") diff --git a/infra-as-code/bicep/modules/privateDnsZones/README.md b/infra-as-code/bicep/modules/privateDnsZones/README.md index 6d1b66e49..c858d8b2c 100644 --- a/infra-as-code/bicep/modules/privateDnsZones/README.md +++ b/infra-as-code/bicep/modules/privateDnsZones/README.md @@ -76,19 +76,26 @@ There are two different sets of input parameters; one for deploying to Azure glo > For the examples below we assume you have downloaded or cloned the Git repo as-is and are in the root of the repository as your selected directory in your terminal of choice. ### Azure CLI + ```bash # For Azure global regions # Set Platform connectivity subscription ID as the the current subscription ConnectivitySubscriptionId="[your platform connectivity subscription ID]" az account set --subscription $ConnectivitySubscriptionId +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +TopLevelMGPrefix="alz" + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-PrivateDnsZonesDeployment-${dateYMD}" +RESOURCEGROUP="rg-$TopLevelMGPrefix-private-dns-001" +TEMPLATEFILE="infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep" +PARAMETERS="@infra-as-code/bicep/modules/privateDnsZones/parameters/privateDnsZones.parameters.all.json" + az group create --location eastus \ - --name Hub_PrivateDNS_POC + --name $RESOURCEGROUP -az deployment group create \ - --resource-group Hub_PrivateDNS_POC \ - --template-file infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep \ - --parameters @infra-as-code/bicep/modules/privateDnsZones/parameters/privateDnsZones.parameters.all.json +az deployment group create --name ${NAME:0:63} --resource-group $RESOURCEGROUP --parameters $PARAMETERS --template-file $TEMPLATEFILE ``` OR ```bash @@ -97,13 +104,19 @@ OR ConnectivitySubscriptionId="[your platform connectivity subscription ID]" az account set --subscription $ConnectivitySubscriptionId +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +TopLevelMGPrefix="alz" + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-PrivateDnsZonesDeployment-${dateYMD}" +RESOURCEGROUP="rg-$TopLevelMGPrefix-private-dns-001" +TEMPLATEFILE="infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep" +PARAMETERS="@infra-as-code/bicep/modules/privateDnsZones/parameters/privateDnsZones.parameters.all.json" + az group create --location chinaeast2 \ - --name Hub_PrivateDNS_POC + --name $RESOURCEGROUP -az deployment group create \ - --resource-group Hub_PrivateDNS_POC \ - --template-file infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep \ - --parameters @infra-as-code/bicep/modules/privateDnsZones/parameters/mc-privateDnsZones.parameters.all.json +az deployment group create --name ${NAME:0:63} --resource-group $RESOURCEGROUP --parameters $PARAMETERS --template-file $TEMPLATEFILE ``` ### PowerShell @@ -115,15 +128,23 @@ $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]" Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId -New-AzResourceGroup -Name 'Hub_PrivateDNS_POC' ` +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +$TopLevelMGPrefix = "alz" + +New-AzResourceGroup -Name $ResourceGroupName ` -Location 'eastus' -New-AzResourceGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/privateDnsZones/parameters/privateDnsZones.parameters.all.json ` - -ResourceGroupName 'Hub_PrivateDNS_POC' +$inputObject = @{ + DeploymentName = 'alz-PrivateDnsZonesDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ResourceGroupName = "rg-$TopLevelMGPrefix-private-dns-001" + TemplateFile = "infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep" + TemplateParameterFile = "infra-as-code/bicep/modules/privateDnsZones/parameters/privateDnsZones.parameters.all.json" +} + +New-AzResourceGroupDeployment @inputObject ``` OR + ```powershell # For Azure China regions # Set Platform connectivity subscription ID as the the current subscription @@ -131,13 +152,20 @@ $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]" Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId -New-AzResourceGroup -Name 'Hub_PrivateDNS_POC' ` +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +$TopLevelMGPrefix = "alz" + +New-AzResourceGroup -Name $ResourceGroupName ` -Location 'chinaeast2' -New-AzResourceGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/privateDnsZones/parameters/mc-privateDnsZones.parameters.all.json - -ResourceGroupName 'Hub_PrivateDNS_POC' +$inputObject = @{ + DeploymentName = 'alz-PrivateDnsZonesDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ResourceGroupName = "rg-$TopLevelMGPrefix-private-dns-001" + TemplateFile = "infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep" + TemplateParameterFile = "infra-as-code/bicep/modules/privateDnsZones/parameters/privateDnsZones.parameters.all.json" +} + +New-AzResourceGroupDeployment @inputObject ``` ## Example Output in Azure global regions diff --git a/infra-as-code/bicep/modules/roleAssignments/README.md b/infra-as-code/bicep/modules/roleAssignments/README.md index 1d6cfb736..0c7fe4278 100644 --- a/infra-as-code/bicep/modules/roleAssignments/README.md +++ b/infra-as-code/bicep/modules/roleAssignments/README.md @@ -118,40 +118,58 @@ In this example, the built-in Reader role will be assigned to a Service Principa ```bash # For Azure global regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep \ - --parameters @infra-as-code/bicep/modules/roleAssignments/parameters/roleAssignmentManagementGroup.servicePrincipal.parameters.all.json \ - --management-group-id alz-platform \ - --location eastus + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-RoleAssignmentsDeployment-${dateYMD}" +LOCATION="eastus" +MGID="alz" +TEMPLATEFILE="infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep" +PARAMETERS="@infra-as-code/bicep/modules/roleAssignments/parameters/roleAssignmentManagementGroup.servicePrincipal.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash # For Azure China regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep \ - --parameters @infra-as-code/bicep/modules/roleAssignments/parameters/roleAssignmentManagementGroup.servicePrincipal.parameters.all.json \ - --management-group-id alz-platform \ - --location chinaeast2 + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-RoleAssignmentsDeployment-${dateYMD}" +LOCATION="chinaeast2" +MGID="alz" +TEMPLATEFILE="infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep" +PARAMETERS="@infra-as-code/bicep/modules/roleAssignments/parameters/roleAssignmentManagementGroup.servicePrincipal.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell ```powershell # For Azure global regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/roleAssignments/parameters/roleAssignmentManagementGroup.servicePrincipal.parameters.all.json ` - -ManagementGroupId alz-platform ` - -Location eastus + +$inputObject = @{ + DeploymentName = 'alz-RoleAssignmentsDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'eastus' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/roleAssignments/parameters/roleAssignmentManagementGroup.servicePrincipal.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` OR ```powershell # For Azure China regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/roleAssignments/parameters/roleAssignmentManagementGroup.servicePrincipal.parameters.all.json ` - -ManagementGroupId alz-platform ` - -Location chinaeast2 + +$inputObject = @{ + DeploymentName = 'alz-RoleAssignmentsDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'chinaeast2' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/roleAssignments/parameters/roleAssignmentManagementGroup.servicePrincipal.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` ## Bicep Visualizer diff --git a/infra-as-code/bicep/modules/spokeNetworking/README.md b/infra-as-code/bicep/modules/spokeNetworking/README.md index 033aecd7f..15f90f707 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/README.md +++ b/infra-as-code/bicep/modules/spokeNetworking/README.md @@ -63,34 +63,53 @@ In this example, the spoke resources will be deployed to the resource group spec > For the examples below we assume you have downloaded or cloned the Git repo as-is and are in the root of the repository as your selected directory in your terminal of choice. ### Azure CLI + ```bash # For Azure global regions # Set Azure Landing zone subscription ID as the the current subscription LandingZoneSubscriptionId="[your landing zone subscription ID]" + az account set --subscription $LandingZoneSubscriptionId -az group create --location eastus \ - --name Spoke_Networking_POC +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +TopLevelMGPrefix="alz" + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-SpokeNetworkingDeployment-${dateYMD}" +GROUP="rg-$TopLevelMGPrefix-spoke-networking-001" +TEMPLATEFILE="infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep" +PARAMETERS="@infra-as-code/bicep/modules/spokeNetworking/parameters/spokeNetworking.parameters.all.json" -az deployment group create \ - --resource-group Spoke_Networking_POC \ - --template-file infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep \ - --parameters @infra-as-code/bicep/modules/spokeNetworking/parameters/spokeNetworking.parameters.all.json +# Create Resource Group - optional when using an existing resource group +az group create \ + --name $GROUP \ + --location eastus + +az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash # For Azure China regions # Set Platform connectivity subscription ID as the the current subscription LandingZoneSubscriptionId="[your landing zone subscription ID]" + az account set --subscription $LandingZoneSubscriptionId -az group create --location chinaeast2 \ - --name Spoke_Networking_POC +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +TopLevelMGPrefix="alz" + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-SpokeNetworkingDeployment-${dateYMD}" +GROUP="rg-$TopLevelMGPrefix-spoke-networking-001" +TEMPLATEFILE="infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep" +PARAMETERS="@infra-as-code/bicep/modules/spokeNetworking/parameters/spokeNetworking.parameters.all.json" -az deployment group create \ - --resource-group Spoke_Networking_POC \ - --template-file infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep \ - --parameters @infra-as-code/bicep/modules/spokeNetworking/parameters/spokeNetworking.parameters.all.json +# Create Resource Group - optional when using an existing resource group +az group create \ + --name $GROUP \ + --location chinaeast2 + +az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell @@ -102,13 +121,21 @@ $LandingZoneSubscriptionId = "[your landing zone subscription ID]" Select-AzSubscription -SubscriptionId $LandingZoneSubscriptionId -New-AzResourceGroup -Name 'Spoke_Networking_POC' ` - -Location 'EastUs2' +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +$TopLevelMGPrefix = "alz" + +# Parameters necessary for deployment +$inputObject = @{ + DeploymentName = 'alz-SpokeNetworkingDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ResourceGroupName = "rg-$TopLevelMGPrefix-spoke-networking-001" + TemplateParameterFile = "infra-as-code/bicep/modules/spokeNetworking/parameters/spokeNetworking.parameters.all.json" + TemplateFile = "infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep" +} + +New-AzResourceGroup -Name $ResourceGroupName ` + -Location 'eastus' -New-AzResourceGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/spokeNetworking/parameters/spokeNetworking.parameters.all.json ` - -ResourceGroupName 'Spoke_Networking_POC' +New-AzResourceGroupDeployment @inputObject ``` OR ```powershell @@ -118,13 +145,21 @@ $LandingZoneSubscriptionId = "[your landing zone subscription ID]" Select-AzSubscription -SubscriptionId $LandingZoneSubscriptionId -New-AzResourceGroup -Name 'Spoke_Networking_POC' ` +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +$TopLevelMGPrefix = "alz" + +# Parameters necessary for deployment +$inputObject = @{ + DeploymentName = 'alz-SpokeNetworkingDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ResourceGroupName = "rg-$TopLevelMGPrefix-spoke-networking-001" + TemplateParameterFile = "infra-as-code/bicep/modules/spokeNetworking/parameters/spokeNetworking.parameters.all.json" + TemplateFile = "infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep" +} + +New-AzResourceGroup -Name $ResourceGroupName ` -Location 'chinaeast2' -New-AzResourceGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/spokeNetworking/parameters/spokeNetworking.parameters.all.json ` - -ResourceGroupName 'Spoke_Networking_POC' +New-AzResourceGroupDeployment @inputObject ``` ## Example Output in Azure global regions diff --git a/infra-as-code/bicep/modules/subscriptionPlacement/README.md b/infra-as-code/bicep/modules/subscriptionPlacement/README.md index 15924d1a8..bb0a28f9c 100644 --- a/infra-as-code/bicep/modules/subscriptionPlacement/README.md +++ b/infra-as-code/bicep/modules/subscriptionPlacement/README.md @@ -24,42 +24,60 @@ In this example, the subscription `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` will be > For the examples below we assume you have downloaded or cloned the Git repo as-is and are in the root of the repository as your selected directory in your terminal of choice. ### Azure CLI + ```bash # For Azure global regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep \ - --parameters @infra-as-code/bicep/modules/subscriptionPlacement/parameters/subscriptionPlacement.parameters.all.json \ - --location eastus \ - --management-group-id alz + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-SubscriptionPlacementDeployment-${dateYMD}" +LOCATION="eastus" +MGID="alz" +TEMPLATEFILE="infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep" +PARAMETERS="@infra-as-code/bicep/modules/subscriptionPlacement/parameters/subscriptionPlacement.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash # For Azure China regions -az deployment mg create \ - --template-file infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep \ - --parameters @infra-as-code/bicep/modules/subscriptionPlacement/parameters/subscriptionPlacement.parameters.all.json \ - --location chinaeast2 \ - --management-group-id alz + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-SubscriptionPlacementDeployment-${dateYMD}" +LOCATION="chinaeast2" +MGID="alz" +TEMPLATEFILE="infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep" +PARAMETERS="@infra-as-code/bicep/modules/subscriptionPlacement/parameters/subscriptionPlacement.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell ```powershell # For Azure global regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/subscriptionPlacement/parameters/subscriptionPlacement.parameters.all.json ` - -Location eastus ` - -ManagementGroupId alz + +$inputObject = @{ + DeploymentName = 'alz-SubscriptionPlacementDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'eastus' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/subscriptionPlacement/parameters/subscriptionPlacement.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` OR ```powershell # For Azure China regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/subscriptionPlacement/parameters/subscriptionPlacement.parameters.all.json ` - -Location chinaeast2 ` - -ManagementGroupId alz + +$inputObject = @{ + DeploymentName = 'alz-SubscriptionPlacementDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'chinaeast2' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/subscriptionPlacement/parameters/subscriptionPlacement.parameters.all.json' +} +New-AzManagementGroupDeployment @inputObject ``` ## Bicep Visualizer diff --git a/infra-as-code/bicep/modules/vnetPeering/README.md b/infra-as-code/bicep/modules/vnetPeering/README.md index af6b2069f..51fa6d327 100644 --- a/infra-as-code/bicep/modules/vnetPeering/README.md +++ b/infra-as-code/bicep/modules/vnetPeering/README.md @@ -50,16 +50,28 @@ During the deployment step, we will take parameters provided in the example para > For the examples below we assume you have downloaded or cloned the Git repo as-is and are in the root of the repository as your selected directory in your terminal of choice. ### Azure CLI +**NOTE: As there is some PowerShell code within the CLI, there is a requirement to execute the deployments in a cross-platform terminal which has PowerShell installed.** ```bash # For Azure global regions # Set your Corp Connected Landing Zone subscription ID as the the current subscription LandingZoneSubscriptionId="[your Landing Zone subscription ID]" az account set --subscription $LandingZoneSubscriptionId -az deployment group create \ - --resource-group Spoke_Networking_POC \ - --template-file infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep \ - --parameters @infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +TopLevelMGPrefix="alz" + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-vnetPeeringDeploy-${dateYMD}" +GROUP="rg-$TopLevelMGPrefix-vnet-peering-001" +TEMPLATEFILE="infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep" +PARAMETERS="@infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json" + +# Create Resource Group - optional when using an existing resource group +az group create \ + --name $GROUP \ + --location eastus + +az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash @@ -68,10 +80,21 @@ OR LandingZoneSubscriptionId="[your Landing Zone subscription ID]" az account set --subscription $LandingZoneSubscriptionId -az deployment group create \ - --resource-group Spoke_Networking_POC \ - --template-file infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep \ - --parameters @infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +TopLevelMGPrefix="alz" + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-vnetPeeringDeploy-${dateYMD}" +GROUP="rg-$TopLevelMGPrefix-vnet-peering-001" +TEMPLATEFILE="infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep" +PARAMETERS="@infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json" + +# Create Resource Group - optional when using an existing resource group +az group create \ + --name $GROUP \ + --location chinaeast2 + +az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell @@ -83,10 +106,23 @@ $LandingZoneSubscriptionId = "[your Landing Zone subscription ID]" Select-AzSubscription -SubscriptionId $LandingZoneSubscriptionId -New-AzResourceGroupDeployment ` - -ResourceGroupName Spoke_Networking_POC ` - -TemplateFile infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +$TopLevelMGPrefix = "alz" + +# Create Resource Group - optional when using an existing resource group +New-AzResourceGroup ` + -Name $ResourceGroupName ` + -Location eastus + +# Parameters necessary for deployment +$inputObject = @{ + DeploymentName = 'alz-vnetPeeringDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ResourceGroupName = "rg-$TopLevelMGPrefix-vnet-peering-001" + TemplateFile = "ALZ-Bicep/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep" + TemplateParameterFile = "infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json" +} + +New-AzResourceGroupDeployment @inputObject ``` OR ```powershell @@ -96,10 +132,23 @@ $LandingZoneSubscriptionId = "[your Landing Zone subscription ID]" Select-AzSubscription -SubscriptionId $LandingZoneSubscriptionId -New-AzResourceGroupDeployment ` - -ResourceGroupName Spoke_Networking_POC ` - -TemplateFile infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json +# Create Resource Group - optional when using an existing resource group +New-AzResourceGroup ` + -Name $ResourceGroupName ` + -Location chinaeast2 + +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +$TopLevelMGPrefix = "alz" + +# Parameters necessary for deployment +$inputObject = @{ + DeploymentName = 'alz-vnetPeeringDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ResourceGroupName = "rg-$TopLevelMGPrefix-vnet-peering-001" + TemplateFile = "ALZ-Bicep/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep" + TemplateParameterFile = "infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json" +} + +New-AzResourceGroupDeployment @inputObject ``` ## Example output in Azure global regions diff --git a/infra-as-code/bicep/modules/vnetPeeringVwan/README.md b/infra-as-code/bicep/modules/vnetPeeringVwan/README.md index 31f04ed6b..114a8d4a1 100644 --- a/infra-as-code/bicep/modules/vnetPeeringVwan/README.md +++ b/infra-as-code/bicep/modules/vnetPeeringVwan/README.md @@ -38,16 +38,20 @@ In this example, the remote spoke Vnet will be peered with the Vwan Virtual Hub > For the examples below we assume you have downloaded or cloned the Git repo as-is and are in the root of the repository as your selected directory in your terminal of choice. ### Azure CLI + ```bash # For Azure global regions # Set your Corp Connected Landing Zone subscription ID as the the current subscription ConnectivitySubscriptionId="[your Landing Zone subscription ID]" az account set --subscription $ConnectivitySubscriptionId -az deployment sub create \ - --template-file infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep \ - --parameters @infra-as-code/bicep/modules/vnetPeeringVwan/parameters/vnetPeeringVwan.parameters.all.json \ - --location eastus +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-vnetPeeringVwanDeployment-${dateYMD}" +LOCATION="eastus" +TEMPLATEFILE="infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep" +PARAMETERS="@infra-as-code/bicep/modules/vnetPeeringVwan/parameters/vnetPeeringVwan.parameters.all.json" + +az deployment sub create --name ${NAME:0:63} --location $LOCATION --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash @@ -56,10 +60,13 @@ OR ConnectivitySubscriptionId="[your Landing Zone subscription ID]" az account set --subscription $ConnectivitySubscriptionId -az deployment sub create \ - --template-file infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep \ - --parameters @infra-as-code/bicep/modules/vnetPeeringVwan/parameters/vnetPeeringVwan.parameters.all.json \ - --location chinaeast2 +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-vnetPeeringVwanDeployment-${dateYMD}" +LOCATION="chinaeast2" +TEMPLATEFILE="infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep" +PARAMETERS="@infra-as-code/bicep/modules/vnetPeeringVwan/parameters/vnetPeeringVwan.parameters.all.json" + +az deployment sub create --name ${NAME:0:63} --location $LOCATION --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell @@ -71,10 +78,15 @@ $ConnectivitySubscriptionId = "[your Landing Zone subscription ID]" Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId -New-AzDeployment ` - -TemplateFile infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/vnetPeeringVwan/parameters/vnetPeeringVwan.parameters.all.json ` - -Location 'eastus' +$inputObject = @{ + DeploymentName = 'alz-VnetPeeringWanDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'eastus' + TemplateFile = "infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/vnetPeeringVwan/parameters/vnetPeeringVwan.parameters.all.json' +} + +New-AzDeployment @inputObject + ``` OR ```powershell @@ -84,10 +96,14 @@ $ConnectivitySubscriptionId = "[your Landing Zone subscription ID]" Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId -New-AzDeployment ` - -TemplateFile infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/vnetPeeringVwan/parameters/vnetPeeringVwan.parameters.all.json ` - -Location 'chinaeast2' +$inputObject = @{ + DeploymentName = 'alz-VnetPeeringWanDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'chinaeast2' + TemplateFile = "infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep" + TemplateParameterFile = 'infra-as-code/bicep/modules/vnetPeeringVwan/parameters/vnetPeeringVwan.parameters.all.json' +} + +New-AzDeployment @inputObject ``` ## Example Output in Azure global regions diff --git a/infra-as-code/bicep/modules/vwanConnectivity/README.md b/infra-as-code/bicep/modules/vwanConnectivity/README.md index f5b60918e..624dd0272 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/README.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/README.md @@ -83,67 +83,100 @@ In this example, the resources required for Virtual WAN connectivity will be dep ### Azure CLI ```bash # For Azure global regions -# Set Platform connectivity subscription ID as the the current subscription +# Set Platform connectivity subscription ID as the the current subscription ConnectivitySubscriptionId="[your platform connectivity subscription ID]" az account set --subscription $ConnectivitySubscriptionId -az group create --location eastus \ - --name alz-vwan-eastus +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +TopLevelMGPrefix="alz" -az deployment group create \ - --resource-group alz-vwan-eastus \ - --template-file infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep \ - --parameters @infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-vwanConnectivityDeploy-${dateYMD}" +GROUP="rg-$TopLevelMGPrefix-vwan-001" +TEMPLATEFILE="infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep" +PARAMETERS="@infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json" + +# Create Resource Group - optional when using an existing resource group +az group create \ + --name $GROUP \ + --location eastus + +az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash # For Azure China regions -# Set Platform connectivity subscription ID as the the current subscription +# Set Platform connectivity subscription ID as the the current subscription ConnectivitySubscriptionId="[your platform connectivity subscription ID]" az account set --subscription $ConnectivitySubscriptionId -az group create --location chinaeast2 \ - --name alz-vwan-chinaeast2 +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +TopLevelMGPrefix="alz" + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-vwanConnectivityDeploy-${dateYMD}" +GROUP="rg-$TopLevelMGPrefix-vwan-001" +TEMPLATEFILE="infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep" +PARAMETERS="@infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json" -az deployment group create \ - --resource-group alz-vwan-chinaeast2 \ - --template-file infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep \ - --parameters @infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json +# Create Resource Group - optional when using an existing resource group +az group create \ + --name $GROUP \ + --location chinaeast2 + +az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell ```powershell # For Azure global regions -# Set Platform connectivity subscription ID as the the current subscription +# Set Platform connectivity subscription ID as the the current subscription $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]" Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId -New-AzResourceGroup -Name 'alz-vwan-eastus' ` +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +$TopLevelMGPrefix = "alz" + +# Parameters necessary for deployment +$inputObject = @{ + DeploymentName = 'alz-vwanConnectivityDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ResourceGroupName = "rg-$TopLevelMGPrefix-vwan-001" + TemplateFile = "infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep" + TemplateParameterFile = "infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json" +} + + +New-AzResourceGroup -Name $ResourceGroupName ` -Location 'EastUs' - -New-AzResourceGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json ` - -ResourceGroupName 'alz-vwan-eastus' + +New-AzResourceGroupDeployment @inputObject ``` OR ```powershell # For Azure China regions -# Set Platform connectivity subscription ID as the the current subscription +# Set Platform connectivity subscription ID as the the current subscription $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]" Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId -New-AzResourceGroup -Name 'alz-vwan-chinaeast2' ` +# Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'. +$TopLevelMGPrefix = "alz" + +# Parameters necessary for deployment +$inputObject = @{ + DeploymentName = 'alz-vwanConnectivityDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + ResourceGroupName = "rg-$TopLevelMGPrefix-vwan-001" + TemplateFile = "infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep" + TemplateParameterFile = "infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json" +} + +New-AzResourceGroup -Name $ResourceGroupName ` -Location 'chinaeast2' - -New-AzResourceGroupDeployment ` - -TemplateFile infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep ` - -TemplateParameterFile infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json ` - -ResourceGroupName 'alz-vwan-chinaeast2' -``` + +New-AzResourceGroupDeployment @inputObject + ``` ## Example Output in Azure global regions ![Example Deployment Output](media/exampleDeploymentOutputConnectivity.png "Example Deployment Output in Azure global regions") diff --git a/infra-as-code/bicep/orchestration/hubPeeredSpoke/README.md b/infra-as-code/bicep/orchestration/hubPeeredSpoke/README.md index 560fd541b..203d6b467 100644 --- a/infra-as-code/bicep/orchestration/hubPeeredSpoke/README.md +++ b/infra-as-code/bicep/orchestration/hubPeeredSpoke/README.md @@ -62,43 +62,61 @@ In this example, the spoke resources will be deployed to the resource group spec > For the examples below we assume you have downloaded or cloned the Git repo as-is and are in the root of the repository as your selected directory in your terminal of choice. ### Azure CLI + ```bash # For Azure global regions -az deployment mg create \ - --template-file infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep \ - --parameters @infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.all.json \ - --location eastus \ - --management-group-id alz + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-HubPeeredSpoke-${dateYMD}" +LOCATION="eastus" +MGID="alz" +TEMPLATEFILE="infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep" +PARAMETERS="@infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash # For Azure China regions -az deployment mg create \ - --template-file infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep \ - --parameters @infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.all.json \ - --location chinaeast2 \ - --management-group-id alz + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-HubPeeredSpoke-${dateYMD}" +LOCATION="chinaeast2" +MGID="alz" +TEMPLATEFILE="infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep" +PARAMETERS="@infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell ```powershell # For Azure global regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep ` - -TemplateParameterFile infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.all.json ` - -Location eastus ` - -ManagementGroupId alz + +$inputObject = @{ + DeploymentName = 'alz-HubPeeredSpoke-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'EastUS' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep" + TemplateParameterFile = 'infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` OR ```powershell # For Azure China regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep ` - -TemplateParameterFile infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.all.json ` - -Location chinaeast2 ` - -ManagementGroupId alz +$inputObject = @{ + DeploymentName = 'alz-HubPeeredSpoke-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'chinaeast2' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep" + TemplateParameterFile = 'infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` ## Bicep Visualizer diff --git a/infra-as-code/bicep/orchestration/subPlacementAll/README.md b/infra-as-code/bicep/orchestration/subPlacementAll/README.md index 1f87cd9d3..3b1357262 100644 --- a/infra-as-code/bicep/orchestration/subPlacementAll/README.md +++ b/infra-as-code/bicep/orchestration/subPlacementAll/README.md @@ -91,48 +91,64 @@ This however may be done as part of another process, for example upon Subscripti > For the examples below we assume you have downloaded or cloned the Git repo as-is and are in the root of the repository as your selected directory in your terminal of choice. ### Azure CLI - ```bash # For Azure global regions -az deployment mg create \ - --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep \ - --parameters @infra-as-code/bicep/orchestration/subPlacementAll/parameters/subPlacementAll.parameters.all.json \ - --location eastus \ - --management-group-id alz + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-SubPlacementAll-${dateYMD}" +LOCATION="eastus" +MGID="alz" +TEMPLATEFILE="infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep" +PARAMETERS="@infra-as-code/bicep/orchestration/subPlacementAll/parameters/subPlacementAll.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` OR ```bash # For Azure China regions -az deployment mg create \ - --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep \ - --parameters @infra-as-code/bicep/orchestration/subPlacementAll/parameters/subPlacementAll.parameters.all.json \ - --location chinaeast2 \ - --management-group-id alz + +dateYMD=$(date +%Y%m%dT%H%M%S%NZ) +NAME="alz-SubPlacementAll-${dateYMD}" +LOCATION="chinaeast2" +MGID="alz" +TEMPLATEFILE="infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep" +PARAMETERS="@infra-as-code/bicep/orchestration/subPlacementAll/parameters/subPlacementAll.parameters.all.json" + +az deployment mg create --name ${NAME:0:63} --location $LOCATION --management-group-id $MGID --template-file $TEMPLATEFILE --parameters $PARAMETERS ``` ### PowerShell ```powershell # For Azure global regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep ` - -TemplateParameterFile infra-as-code/bicep/orchestration/subPlacementAll/parameters/subPlacementAll.parameters.all.json ` - -Location eastus ` - -ManagementGroupId alz + +$inputObject = @{ + DeploymentName = 'alz-SubPlacementAll-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'EastUS' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep" + TemplateParameterFile = 'infra-as-code/bicep/orchestration/subPlacementAll/parameters/subPlacementAll.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` OR ```powershell # For Azure China regions -New-AzManagementGroupDeployment ` - -TemplateFile infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep ` - -TemplateParameterFile infra-as-code/bicep/orchestration/subPlacementAll/parameters/subPlacementAll.parameters.all.json ` - -Location chinaeast2 ` - -ManagementGroupId alz +$inputObject = @{ + DeploymentName = 'alz-SubPlacementAll-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) + Location = 'chinaeast2' + ManagementGroupId = 'alz' + TemplateFile = "infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep" + TemplateParameterFile = 'infra-as-code/bicep/orchestration/subPlacementAll/parameters/subPlacementAll.parameters.all.json' +} + +New-AzManagementGroupDeployment @inputObject ``` ## Bicep Visualizer