In this directory are examples of how to add and extend functionality on-top of MissionLZ.
You must first deploy MissionLZ, then you can deploy these examples. Since most examples re-use outputs from the base deployment of MLZ, we make use of the shared variable file pattern to make it easier to share common variables across all of the examples.
Example | Description |
---|---|
appServicePlan | Deploys an App Service Plan (AKA: Web Server Cluster) to support simple web accessible linux docker containers with optional dynamic auto scaling. |
Automation Account | Deploys an Azure Automation account that can be used to execute runbooks. |
Container Registry | Deploys an Azure Container Registry for holding and deploying docker containers. |
Inherit Tags | Adds or replaces a specified tag and value from the parent resource group when any resource is created or updated. |
KeyVault | Deploys a premium Azure Key Vault with RBAC enabled to support secret, key, and certificate management. |
New Workload | Adds a new Spoke Network and peers it to the Hub Network routing all traffic to the Azure Firewall. |
Remote Access | Adds a Bastion Host and a virtual machine to serve as a jumpbox into the network. |
Azure Sentinel | A Terraform module that adds an Azure Sentinel solution to a Log Analytics Workspace. Sentinel can also be deployed via bicep and the base deployment of mlz.bicep by using the boolean param '-deploySentinel'. |
Zero Trust (TIC3.0) Workbook | Deploys an Azure Sentinel Zero Trust (TIC3.0) Workbook |
The shared variable file pattern reduced the repeition of shared values in a library of bicep files. This pattern is utilized for all examples modules though in almost all cases you can over-ride the shared variable value by supplying custom parameter values at run time.
Shown below are two ways by which the shared variable file (deploymentVariables.json) can be generated. The first utilizing PowerShell Core and the second using the Azure CLI. A deployment of mlz.bicep is required, please make note of the name and region of the deployment.
Shown below are step by step instructions for generated the needed deploymentVariables.json file utilizing PowerShell Core and the Auzre PowerShell module. PowerShell and the Azure PowerShell module are open-source and avaliable for all major operating systems.
Execute the following commands from '.\src\bicep\examples'
Connect-AzAccount
(Get-AzSubscriptionDeployment -Name MLZDeploymentName).outputs | ConvertTo-Json | Out-File -FilePath .\deploymentVariables.json
Replace "MLZDeploymentName" with your deployment name. If you do not know your deployment name then log into the Azure management portal, browse to 'Subscriptions', select the subscription MLZ was deployed into, and then look at 'Deployments' to obtain the deployment name.
Place the 'deploymentVariables.json' file '.\src\bicep\examples' folder.
Shown below are step by step instructions for generated the needed deploymentVariables.json file utilizing the Azure CLI. The Azure CLI is open-source and avaliable for all major operating systems.
Execute the following commands from '.\src\bicep\examples'
az login
az deployment sub show -n MLZDeploymentName --query properties.outputs > ./deploymentVariables.json
Replace "MLZDeploymentName" with your deployment name. If you do not know your deployment name then log into the Azure management portal, browse to 'Subscriptions', select the subscription MLZ was deployed into, and then look at 'Deployments' to obtain the deployment name.
Place the 'deploymentVariables.json' file '.\src\bicep\examples' folder. For a specific example of a Bicep template utilizing 'deploymentVariables.json', take a look at .\appServicePlan\appService.bicep