-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.bicep
142 lines (131 loc) · 3.08 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
// coverted from: https://github.com/Azure/azure-quickstart-templates/tree/master/201-vm-push-certificate-windows
param location string = resourceGroup().location
param vmName string = 'WindowsVM'
param vmSize string = 'Standard_DS2_v2'
param adminUsername string
@secure()
param adminPassword string
param keyVaultName string
param subId string = subscription().subscriptionId
param rgName string = resourceGroup().name
var kvId = resourceId(subId, rgName, 'Microsoft.KeyVault/vaults', keyVaultName)
param secretUrlWithVersion string // what is the format of this?
var subnet1Name = 'subnet-1'
var vnetName = 'certVnet'
var nsgName = '${subnet1Name}-nsg'
resource pip 'microsoft.network/publicIpAddresses@2020-06-01' = {
name: 'certPublicIp'
location: location
properties: {
publicIPAllocationMethod: 'Dynamic'
}
}
resource nsg 'microsoft.network/networkSecurityGroups@2020-08-01' = {
name: nsgName
location: location
properties: {
securityRules: [
{
name: 'default-allow-3389'
properties: {
priority: 1000
access: 'Allow'
direction: 'Inbound'
destinationPortRange: '3389'
protocol: 'Tcp'
sourceAddressPrefix: '*'
sourcePortRange: '*'
destinationAddressPrefix: '*'
}
}
]
}
}
resource vnet 'microsoft.network/virtualNetworks@2020-06-01' = {
name: vnetName
location: location
properties: {
addressSpace: {
addressPrefixes: [
'10.0.0.0/16'
]
}
subnets: [
{
name: subnet1Name
properties: {
addressPrefix: '10.0.0.0/24'
networkSecurityGroup: {
id: nsg.id
}
}
}
]
}
}
resource nic 'microsoft.network/networkInterfaces@2020-06-01' = {
name: 'certNic'
location: location
properties: {
ipConfigurations: [
{
name: 'ipconfig1'
properties: {
privateIPAllocationMethod: 'Dynamic'
publicIPAddress: {
id: pip.id
}
subnet: {
id: '${vnet.id}/subnets/${subnet1Name}' // resourceId() would not generate dependsOn correctly
}
}
}
]
}
}
resource vm 'microsoft.compute/virtualMachines@2020-06-01' = {
name: vmName
location: location
properties: {
hardwareProfile: {
vmSize: vmSize
}
osProfile: {
computerName: vmName
adminUsername: adminUsername
adminPassword: adminPassword
secrets: [
{
sourceVault: {
id: kvId
}
vaultCertificates: [
{
certificateUrl: secretUrlWithVersion
certificateStore: 'My'
}
]
}
]
}
storageProfile: {
imageReference: {
publisher: 'MicrosoftWindowsServer'
offer: 'WindowsServer'
sku: '2019-Datacenter'
version: 'latest'
}
osDisk: {
caching: 'ReadWrite'
createOption: 'FromImage'
}
}
networkProfile: {
networkInterfaces: [
{
id: nic.id
}
]
}
}
}