The Nested Templates are built to be generic in nature with the ability to pass in the values needed to build your specific architecture. Below you will find details on how to utilize each of the nested templates in this folder:
- Network Templates
- Storage Templates
- Managed Identities Templates
- Monitoring Templates
- Security Templates
- IaaS Templates
- Load Balancer Templates
- Container Templates
- Web Management
- Data Templates
- Configuration Scripts
This template will deploy a Virtual Network in Azure. It accepts a dynamic list of Subnets with their IP Ranges.
NA
NSG-Empty-ExistingSubnet
NSG-ExistingSubnet
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| vNETName | Name of the Virtual Network | pocVNET |
| addressRange | Address Range the the entire subnet | 10.0.0.0/16 |
| subnets | Array of subnets with their IP Range. The subnet range should be seperated from the IP Range with the | deliminator | ["subnetA|10.0.1.0/24","subnetB|10.0.2.0/24","subnetC|10.0.3.0/24"] |
"vnetId": The resource id of the VNet created
{
"name": "deployVNET",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployVNETTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"vNETName": {
"value": "pocVNET"
},
"addressRange": {
"value": "10.0.0.0/16"
},
"subnets": {
"value": [
"subnetA\|10.0.1.0/24",
"subnetB\|10.0.2.0/24",
"subnetC\|10.0.3.0/24"
]
}
}
}
}
This template will deploy an empty NSG and attach it to an exising Subnet
VNet
WindowsVirtualMachine
LinuxVirtualMachine
APIM
AppGW
AzureRedisCache
PrivateAKSMICluster
PrivateEndpoint
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| virtualNetworkName | Name of the existing Virtual Network | pocVNET |
| subnetName | Name of the subnet in the existing VNet to attach the NSG to | subnetA |
| addressPrefix | The IP range of the subnet attaching the NSG to | 10.0.1.0/24 |
| nsgName | Name of the NSG | subnetA-NSG |
| privateEndpointNetworkPolicies | Boolean on if private endpoint network policies are enabled | false |
na
{
"name": "deployAKSNSG",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"getAKSAddressPrefix"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployNSGEmptySETemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"virtualNetworkName": {
"value": "[variables('vnetName')]"
},
"subnetName": {
"value": "AKS-SN"
},
"addressPrefix": {
"value": "[reference('getAKSAddressPrefix').outputs.addressPrefix.value]"
},
"nsgName": {
"value": "AKS-NSG"
},
"privateEndpointNetworkPolicies": {
"value": false
}
}
}
This template will deploy an empty NSG and attach it to an exising Subnet
VNet
WindowsVirtualMachine
LinuxVirtualMachine
APIM
AppGW
AzureRedisCache
PrivateAKSMICluster
PrivateEndpoint
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| virtualNetworkName | Name of the existing Virtual Network | pocVNET |
| subnetName | Name of the subnet in the existing VNet to attach the NSG to | subnetA |
| addressPrefix | The IP range of the subnet attaching the NSG to | 10.0.1.0/24 |
| nsgName | Name of the NSG | subnetA-NSG |
| privateEndpointNetworkPolicies | Boolean on if private endpoint network policies are enabled | false |
| serviceEndpoints | Array of the service endpoints to enable | ["Microsoft.Sql"] |
na
{
"name": "deployAKSNSG",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"getAKSAddressPrefix"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployNSGEmptySETemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"virtualNetworkName": {
"value": "[variables('vnetName')]"
},
"subnetName": {
"value": "AKS-SN"
},
"addressPrefix": {
"value": "[reference('getAKSAddressPrefix').outputs.addressPrefix.value]"
},
"nsgName": {
"value": "AKS-NSG"
},
"privateEndpointNetworkPolicies": {
"value": false
},
"serviceEndpoints": {
"value": [
"Microsoft.Sql"
]
}
}
}
This template will deploy an NSG and attach it to an exising Subnet. You pass in the NSG rules for the NSG using an array.
VNet
WindowsVirtualMachine
LinuxVirtualMachine
APIM
AppGW
AzureRedisCache
PrivateAKSMICluster
PrivateEndpoint
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| virtualNetworkName | Name of the existing Virtual Network | pocVNET |
| subnetName | Name of the subnet in the existing VNet to attach the NSG to | subnetA |
| addressPrefix | The IP range of the subnet attaching the NSG to | 10.0.1.0/24 |
| nsgName | Name of the NSG | subnetA-NSG |
| securityRules | Array of security rules with a | deleminator | RuleName|Description|Protocol|Source Port Range|Destination Port Range|Source Address Prefix|Destination Address Prefix|Access|Priority|Direction |
| privateEndpointNetworkPolicies | Boolean on if private endpoint network policies are enabled | false |
na
{
"name": "deployAKSNSG",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"deployVNET"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployNSGTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"virtualNetworkName": {
"value": "pocVNET"
},
"subnetName": {
"value": "subnetB"
},
"addressPrefix": {
"value": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', 'pocVNEt', 'subnetB'), '2018-03-01').addressPrefix]"
},
"nsgName": {
"value": "subnetB-NSG"
},
"securityRules": {
"value": [
"deny-all|Deny-All-Traffic|Tcp|*|*|*|*|Deny|500|Inbound",
"allow-443|Allow-SSL|Tcp|*|443|*|*|Allow|100|Inbound",
"allow-8080|Allow-SSL|Tcp|*|8080|*|*|Allow|110|Inbound",
"allow-HealthProbe|Allow-AppGWHealth|Tcp|*|65200-65535|*|*|Allow|120|Inbound"
]
},
"privateEndpointNetworkPolicies": {
"value": false
}
}
}
}
This template will deploy an NSG and attach it to an exising Subnet. You pass in the NSG rules for the NSG using an array.
VNet
WindowsVirtualMachine
LinuxVirtualMachine
APIM
AppGW
AzureRedisCache
PrivateAKSMICluster
PrivateEndpoint
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| virtualNetworkName | Name of the existing Virtual Network | pocVNET |
| subnetName | Name of the subnet in the existing VNet to attach the NSG to | subnetA |
| addressPrefix | The IP range of the subnet attaching the NSG to | 10.0.1.0/24 |
| nsgName | Name of the NSG | subnetA-NSG |
| securityRules | Array of security rules with a | deleminator | RuleName|Description|Protocol|Source Port Range|Destination Port Range|Source Address Prefix|Destination Address Prefix|Access|Priority|Direction |
| privateEndpointNetworkPolicies | Boolean on if private endpoint network policies are enabled | false |
| serviceEndpoints | Array of the service endpoints to enable | ["Microsoft.Sql"] |
na
{
"name": "deployAKSNSG",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"deployVNET"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployNSGTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"virtualNetworkName": {
"value": "pocVNET"
},
"subnetName": {
"value": "subnetB"
},
"addressPrefix": {
"value": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', 'pocVNEt', 'subnetB'), '2018-03-01').addressPrefix]"
},
"nsgName": {
"value": "subnetB-NSG"
},
"securityRules": {
"value": [
"deny-all|Deny-All-Traffic|Tcp|*|*|*|*|Deny|500|Inbound",
"allow-443|Allow-SSL|Tcp|*|443|*|*|Allow|100|Inbound",
"allow-8080|Allow-SSL|Tcp|*|8080|*|*|Allow|110|Inbound",
"allow-HealthProbe|Allow-AppGWHealth|Tcp|*|65200-65535|*|*|Allow|120|Inbound"
]
},
"privateEndpointNetworkPolicies": {
"value": false
},
"serviceEndpoints": {
"value": [
"Microsoft.Sql"
]
}
}
}
}
This template will deploy standard sku Public IP Address
NA
WindowsVirtualMachine
LinuxVirtualMachine
AppGW
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| publicIpAddressName | Name of the public IP | poc-pip |
| sku | SKU for the Public IP. Either basic or standard | Standard |
| allocationMethod | Static or Dynamic allocation of IP | Static |
"publicIPID": The resource id of the public ip created
{
"name": "deployPublicIP1",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployPublicIPTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"publicIpAddressName": {
"value": "pocpip"
},
"sku": {
"value": "Standard"
},
"allocationMethod": {
"value": "Static"
}
}
}
}
This template will return the first IP address assigned to a Azure Network Interface. This can be used to get an IP so you can add it to a Private DNS Zone
PrivateEndpoint
WindowsVirtualMachine
LinuxVirtualMachine
PrivateDNSARecord
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| nicID | ResourceId for the network interface | [reference('deploySqlServerPE').outputs.nicID.value] |
"nicIP": IP Address of the NIC
{
"name": "getSqlServerNICIP",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"deploySqlServerPE"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('getNICIPUrL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"nicID": {
"value": "[reference('deploySqlServerPE').outputs.nicID.value]"
}
}
}
}
This template will create a Private Endpoint for any PaaS Service that has this functionality
Any PaaS Service that can utilize a Private Endpoint
PrivateDNSZone
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| peName | Private Endpoint resource name | poc-sql-ep |
| resourceID | ResourceId for the network interface | [reference('deploySqlDb').outputs.sqlServerId.value] |
| vnetID | ResourceId for the Virtual Network the Private Endpoint wil sit on | [reference('deployVNET').outputs.vnetId.value] |
| subnetName | Name of the subnet to palce the private endpoint on | PrivateEP-SN |
| groupID | The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to. - string | SqlServer |
"nicID": Resource ID of the virtual nic created by the Private Endpoint
{
"name": "deploySqlServerPE",
"comments":"",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"deploySqlDb",
"deployVNET"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployPrivateEndpointURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"peName": {
"value": "[concat(parameters('sqlServerName'),'_pe')]"
},
"resourceID": {
"value": "[reference('deploySqlDb').outputs.sqlServerId.value]"
},
"vnetID": {
"value": "[reference('deployVNET').outputs.vnetId.value]"
},
"subnetName": {
"value": "PrivateEP-SN"
},
"groupID": {
"value": "SqlServer"
}
}
}
}
This template will create a Private DNS Zone and attach it to a VNet. This is often used to resolve Private Endpoints within Azure.
PrivateEndpoint
PrivateDNSARecord
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| zoneName | The DNS zone name | privatelink.database.windows.net |
| vnetID | ResourceId for the Virtual Network Private DNS Zone will attach to | [reference('deployVNET').outputs.vnetId.value] |
na
{
"name": "deploySqlDbDNSZone",
"comments":"",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"getSqlServerNICIP"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployDNSZoneTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"zone_name": {
"value": "privatelink.database.windows.net"
},
"vnet_id": {
"value": "[reference('deployVNET').outputs.vnetID.value]"
}
}
}
}
This template will create an A Record in an Azure Private DNS Zone
PrivateDNSZone GetNicIP
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| zoneName | The DNS zone name | privatelink.database.windows.net |
| recordName | Name of the record to be created | [parameters('sqlServerName')] |
| recordValue | IP Address to be associated with the A record | [reference('getSqlServerNICIP').outputs.nicIP.value] |
na
{
"name": "createSqlDbARecord",
"comments":"",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"getSqlServerNICIP"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployDNSARecordTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"zoneName": {
"value": "privatelink.database.windows.net"
},
"recordName": {
"value": "[parameters('sqlServerName')]"
},
"recordValue": {
"value": "[reference('getSqlServerNICIP').outputs.nicIP.value]"
}
}
}
}
This template will retrieve the address prefix for a subnet.
NSG-Empty-ExistingSubnet
NSG-Empty-ExistingSubnetSE
NSG-ExistingSubnet
NSG-ExistingSubnetSE
VNet
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| vnetName | Name of the virtual network | poc-vnet |
| subnetName | Name of the subnet within the virtual network | poc-subnet |
na
{
"name": "getAKSAddressPrefix",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"deployAppGWNSG"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('getSubnetAddressPrefixTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"vnetName": {
"value": "[variables('vnetName')]"
},
"subnetName": {
"value": "AKS-SN"
}
}
}
}
This template will create a storage account.
NA
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| saName | The name of the storage account | pocsa |
| skuName | Name of the record to be created. Allowed values: Standard_LRS,Standard_GRS,Standard_RAGRS,Standard_ZRS,Premium_LRS,Premium_ZRS,Standard_GZRS,Standard_RAGZRS | Standard_LRS |
| skuTier | Standard or Premium | Standard |
saId: Resource ID of the storage account saConnectionString: Connection string for the storage account
{
"name": "createSqlDbARecord",
"comments":"",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"getSqlServerNICIP"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployDNSARecordTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"zoneName": {
"value": "privatelink.database.windows.net"
},
"recordName": {
"value": "[parameters('sqlServerName')]"
},
"recordValue": {
"value": "[reference('getSqlServerNICIP').outputs.nicIP.value]"
}
}
}
}
This template will create a User Assigned Managed Identity.
NA
AppGWHTTPSListenerKV
WindowsVirtualMachine
LinuxVirtualMachine
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| identityName | Name of the identity to be created | pocGW-Identity |
"principalId": The principal ID of the Managed Identity that was created
"resourceId": The resource id of the Managed Identity that was created
{
"name": "createManagedIdentity",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('createManagedIdentityTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"identityName": {
"value": "[concat(parameters('applicationGatewayName'),'-identity')]"
}
}
}
}
This template will create an Application Insights.
NA
APIM
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| name | Application Insights instance name | poc-appinsights |
"appInsightsID": The resource id of the Application Insights instance that was created
{
"name": "deployAppInsights",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployAppInsightsTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"name": {
"value": "[parameters('appInsightsName')]"
}
}
}
}
This template will create a Log Analytics Workspace.
NA
VMInsights
DiagnosticSettings
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| workspaceName | Log Analytics workspace name | poc-laworkspace |
"workspaceId": The resource id of the Log Analytics Workspace that was created
"workspaceKey": The primary key for the workspace
"customerId": The customer id for the workspace
{
"name": "deployLAWorkspace",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployLogAnalyticsURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"workspaceName": {
"value": "[parameters('workspaceName')]"
}
}
}
}
This template will enable VM Insights (Azure Monitor for VMs) to an existing VM
Log_Analytics_Workspace
WindowsVirtualMachine
LinuxVirtualMachine
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| vmResourceId | ResourceId for the VM to be monitored | [reference('deployJumpBox').outputs.vmID.value] |
| osType | Linux or Windows | Windows |
| workspaceResourceId | Resource ID of the log analytics workspace to use | [reference('deployLAWorkspace').outputs.workspaceId.value] |
NA
{
"name": "addJumpBoxInsights",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"deployJumpBox"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('addVMInsightsURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"VmResourceId": {
"value": "[reference('deployJumpBox').outputs.vmID.value]"
},
"osType": {
"value": "Windows"
},
"WorkspaceResourceId": {
"value": "[reference('deployLAWorkspace').outputs.workspaceId.value]"
}
}
}
}
This template will enable all diagnostic settings on a APIM resource to be sent to Log Aanalytic
Log_Analytics_Workspace
APIM
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| workspaceId | ResourceId for thelog analytics workspace to use | [reference('deployLAWorkspace').outputs.workspaceId.value] |
| logs | Array of logs to collect from diagnostic settings | ["GatewayLogs"] |
| metrics | Arra of metrics to collect from diagnostic settings | ["Capacity"] |
| apimName | Name of the APIM resource | poc-apim |
NA
NA
This template will enable all diagnostic settings on a APIM resource to be sent to Log Aanalytic
Log_Analytics_Workspace
AppGWHTTPListener
AppGWHTTPSListener
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| workspaceId | ResourceId for thelog analytics workspace to use | [reference('deployLAWorkspace').outputs.workspaceId.value] |
| logs | Array of logs to collect from diagnostic settings | ["ApplicationGatewayAccessLog","ApplicationGatewayPerformanceLog","ApplicationGatewayFirewallLog"] |
| metrics | Arra of metrics to collect from diagnostic settings | ["AllMetrics"] |
| appgwName | Name of the APIM resource | poc-apim |
NA
{
"name": "deployAppGWDiagnostics",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"deployAppGW",
"deployLogAnalytics"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployAppGWDiagnosticsTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"workspaceId": {
"value": "[reference('deployLogAnalytics').outputs.workspaceId.value]"
},
"logs": {
"value": [
"ApplicationGatewayAccessLog",
"ApplicationGatewayPerformanceLog",
"ApplicationGatewayFirewallLog"
]
},
"metrics": {
"value": [
"AllMetrics"
]
},
"appgwName": {
"value": "[variables('applicationGatewayName')]"
}
}
}
}
This template will enable diagnostic settings on a Bastion resource to be sent to Log Aanalytic
Log_Analytics_Workspace
AzureBastion
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| workspaceId | ResourceId for thelog analytics workspace to use | [reference('deployLAWorkspace').outputs.workspaceId.value] |
| logs | Array of logs to collect from diagnostic settings | ["BastionAuditLogs"] |
| bastionName | Name of the Bastion resource | poc-bastion |
NA
{
"name": "deployAzureBastionDiagnostics",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"deployAzureBastion",
"deployLogAnalytics"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployAzureBastionDiagnosticsTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"workspaceId": {
"value": "[reference('deployLogAnalytics').outputs.workspaceId.value]"
},
"logs": {
"value": [
"BastionAuditLogs"
]
},
"bastionName": {
"value": "[variables('bastionHostName')]"
}
}
}
}
This template will enable diagnostic settings on an Azure SQL DB resource to be sent to Log Aanalytic
NA
Log_Analytics_Workspace
SQLDB
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| workspaceId | ResourceId for thelog analytics workspace to use | [reference('deployLAWorkspace').outputs.workspaceId.value] |
| logs | Array of logs to collect from diagnostic settings | ["AutomaticTuning","Errors","Timeouts","Deadlocks"] |
| metrics | Array of metrics to collect from diagnostic settings | ["Basic","InstanceAndAppAdvanced","WorkloadManagement"] |
| sqldbName | Name of the Azure SQL DB resource | poc-database |
NA
{
"name": "deploySQLDBDiagnostics",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"deploySqlDb",
"deployLogAnalytics"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deploySQLDBDiagnosticsTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"workspaceId": {
"value": "[reference('deployLogAnalytics').outputs.workspaceId.value]"
},
"logs": {
"value": [
"AutomaticTuning",
"QueryStoreRuntimeStatistics",
"QueryStoreWaitStatistics",
"Errors",
"DatabaseWaitStatistics",
"Timeouts",
"Blocks",
"Deadlocks"
]
},
"metrics": {
"value": [
"Basic",
"InstanceAndAppAdvanced",
"WorkloadManagement"
]
},
"sqldbName": {
"value": "[concat(variables('sqlServerName'),'/',variables('sqlDatabaseName'))]"
}
}
}
}
This template will deploy an Azure Key Vault
NA
KeyVaultAccessPolicy
KeyVaultSecrets
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| vaultName | Key Vault name | poc-keyvault |
"vaultId": The resource id of the Key Vault that was created
{
"name": "deployKeyVault",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"deployLAWorkspace"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployKeyVaultURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"vaultName": {
"value": "[parameters('vaultName')]"
},
"workspaceID": {
"value": "[reference('deployLAWorkspace').outputs.workspaceId.value]"
}
}
}
}
This template will add a secret to an Azure Key Vault
KeyVault
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| vaultName | Key Vault name | poc-keyvault |
| secretName | Secret name to add to Key Vault | supersecret |
| contentType | Type of data being added to secret | text/plain |
| value | Value of the secret being added | supersecretvalue |
NA
{
"name": "addKeyVaultSecret",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('keyVaultResourceGroup')]",
"apiVersion": "2017-05-10",
"dependsOn": [
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('addKeyVaultSecretTemplate')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"keyVaultName": {
"value": "[parameters('keyVaultName')]"
},
"secretName": {
"value": "[parameters('keyVaultSecretName')]"
},
"contentType": {
"value": "[parameters('keyVaultContentType')]"
},
"value": {
"value": "[parameters('keyVaultSecretValue')]"
}
}
}
}
This template will create an acces policy to secrets in an existing Key Vault. It is currently limited to grating rights to secrets.
This template will assign a RBAC Role to a principal id
NA
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| roleAssignmentName | Name of the role assignment | AKS Custom Admin |
| roleDefinitionId | Role ID that you are assigning | "4d97b98b-1d4f-4787-a291-c67834d212e7" |
| principalId | Principal ID that will be assigned the role | "[reference('deployAKSCluster').outputs.aksPrincipalId.value" |
| scope | Scope of the role assignment | "[concat(subscription().id,'/resourceGroups/',parameters('resourceGroup'))]" |
na
{
"name": "grantAKSMINetworkRole",
"comments":"",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"deployAKSCluster"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('grantRBACTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"roleAssignmentName": {
"value": "[parameters('aksNetworkGuid')]"
},
"roleDefinitionId": {
"value": "4d97b98b-1d4f-4787-a291-c67834d212e7"
},
"principalId": {
"value": "[reference('deployAKSCluster').outputs.aksPrincipalId.value]"
},
"scope": {
"value": "[concat(subscription().id,'/resourceGroups/',parameters('resourceGroup'))]"
}
}
}
}
This template will create a Ubuntu Virtual Machine.
VNet
EnableVMInsights
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| subnetName | Subnet name where the nic will be placed | shared-SN |
| virtualNetworkId | VNet ID where the nic will be placed | [reference('deployVNet').outputs.vnetID.value] |
| virtualMachineName | Name of the Virtual Machine | pocVM |
| ubuntuOSVersion | Allowd values: 18.04-LTS, 16.04-LTS, 14.04.4-LTS | 18.04-LTS |
| adminUsername | Administrator username | LinuxAdmin |
| adminPassword | Administrator password | ABCabc1234 |
| zone | Availability zone to place the VM | 1 |
"vmID": Resource id of the virtual machine created
"nicID": Resource id of the nic created
{
"name": "deployUbuntuBox",
"comments":"NOTE: OS and Datadisks cannot be tagged when provisioned within VM. Would need to provision DISK with tags first, then reference",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"deployVNET"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployUbuntuServerTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"subnetID": {
"value": "[reference('deployVNET').outputs.sharedSubnetID.value]"
},
"virtualMachineName": {
"value": "[parameters('ubuntuName')]"
},
"virtualMachineSize": {
"value": "[parameters('ubuntuSize')]"
},
"adminUsername": {
"value": "[parameters('adminUserName')]"
},
"adminPassword": {
"value": "[parameters('adminPassword')]"
},
"ubuntuOSVersion": {
"value": "18.04-LTS"
},
"zone": {
"value": "1"
}
}
}
}
This template will create a Windows Virtual Machine.
VNet
EnableVMInsights
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| subnetID | Subnet ID where the nic will be placed | [concat(reference('deployVNET').outputs.vnetId.value,'/subnets/Shared-SN')] |
| virtualMachineName | Name of the Virtual Machine | pocVM |
| virtualMachineSize | Azure VM Size for the VM | Standard_DS1_v2 |
| adminUsername | Administrator username | WindowsAdmin |
| adminPassword | Administrator password | ABCabc1234 |
| sku | Sku for the virtual machine being deployed | 2019-Datacenter |
"vmID": Resource id of the virtual machine created
"nicID": Resource id of the nic created
{
"name": "deployJumpBox",
"comments":"NOTE: OS and Datadisks cannot be tagged when provisioned within VM. Would need to provision DISK with tags first, then reference",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"deployVNET"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployWindowsServerTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"subnetID": {
"value": "[concat(reference('deployVNET').outputs.vnetId.value,'/subnets/Shared-SN')]"
},
"virtualMachineName": {
"value": "[variables('jumpName')]"
},
"virtualMachineSize": {
"value": "[variables('jumpSize')]"
},
"adminUsername": {
"value": "[parameters('adminUserName')]"
},
"adminPassword": {
"value": "[parameters('adminPassword')]"
},
"sku": {
"value": "[variables('jumpSKU')]"
}
}
}
}
This template will deploy an Azure Bastion to an existing VNET
Vnet
PublicIPAddress
WindowsVirtualMachine
LinuxVirtualMachine
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| bastionHostName | Name for the bastion host | poc-bastionhost |
| subnetId | SubnetID of the subnet dedicated to Azure Bastion | [concat(reference('deployVNET').outputs.vnetId.value,'/subnets/AzureBastionSubnet')] |
| publicIpId | Resource ID of the public ip for the bastion host | [reference('deployPublicIPBastion').outputs.publicIPID.value] |
NA
{
"name": "deployPublicIPBastion",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployPublicIPTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"publicIpAddressName": {
"value": "[concat(parameters('bastionHostName'),'pip1')]"
},
"sku": {
"value": "Standard"
},
"allocationMethod": {
"value": "Static"
}
}
}
},
{
"name": "deployAzureBastion",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"deployVNET"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployAzureBastionTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"bastionHostName": {
"value": "[parameters('bastionHostName')]"
},
"subnetId": {
"value": "[concat(reference('deployVNET').outputs.vnetId.value,'/subnets/AzureBastionSubnet')]"
},
"publicIpId": {
"value": "[reference('deployPublicIPBastion').outputs.publicIPID.value]"
}
}
}
}
This template will deploy an Application Gateway with a HTTP Listeners and Basic routing rules. Note this does not deploy path based routing or a private IP listener
PublicIPAddress
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| applicationGatewayName | Name of the Application Gateway | pocAppGW |
| tier | Standard, WAF, Standard_v2, WAF_v2 | WAF_v2 |
| skuSize | Name of an application gateway SKU. - Standard_Small, Standard_Medium, Standard_Large, WAF_Medium, WAF_Large, Standard_v2, WAF_v2 | WAF_v2 |
| minCapacity | Min number of AppGW Capacity | 2 |
| maxCapacity | Min number of AppGW Capacity | 4 |
| zones | The Availability Zones the AppGW can be scaled to | ["1","2","3"] |
| subnetID | Resource ID of the subnet the AppGW will sit on | "[concat(reference('deployVNET').outputs.vnetId.value,'/subnets/AppGW-SN')]" |
| publicIpAddressesId | Public IP for the Frontend. Format: name|publicIP Resource ID | [ "[concat('PIP1|',reference('deployPublicIP1').outputs.publicIPID.value )]" ] |
| frontendPorts | Ports that the AppGW will listen on. Format: name|port | HTTP80|80 |
| backendAddresses | The backend pools for the AppGW. Format: name|backend IP or URL | [ "Example1|example.com", "Example2|example2.com" ] |
| backendHttpSettings | The HTTP Setting for the backend pool. Format: name|port|protocol|cookieBasedAffinity|RequestTimeout|path | [ "Example-App-HTTPSetting|80|Http|Disabled|30|/ ] |
| httpListeners | The HTTP Listener Settings for the frontend ip: Format: name|fronte ip config name|frontend port name | [ "Example1-App-Listener/ |
| requestRoutingRules | Routing rules for the AppGW. Format: name|httpListener name|backend pool name|backend http setting name | [ "Example1-App-RoutingRule|Example1-App-Listener|Example1-BEPool|Example-App-HTTPSetting", "Example2-App-RoutingRule|Example2-App-Listener|Example2-BEPool|Example-App-HTTPSetting" ] |
na
{
"name": "deployAppGW",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"deployVNET",
"deployPublicIP1"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployAppGWHTTPListenerTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"applicationGatewayName": {
"value": "[parameters('applicationGatewayName')]"
},
"tier": {
"value": "[parameters('appgwtier')]"
},
"skuSize": {
"value": "[parameters('appgwskuSize')]"
},
"minCapacity": {
"value": "[parameters('appgwMinCapacity')]",
},
"maxCapacity": {
"value": "[parameters('appgwMaxCapacity')]",
},
"zones": {
"value": "[parameters('appgwzones')]"
},
"subnetID": {
"value": "[concat(reference('deployVNET').outputs.vnetId.value,'/subnets/AppGW-SN')]"
},
"publicIpAddressesIds": {
"value": [
"[concat('PIP1|',reference('deployPublicIP1').outputs.publicIPID.value )]"
]
},
"frontendPorts": {
"value": [
"HTTP-80|80",
"HTTP-8080|8080"
]
},
"backendAddresses": {
"value": [
"Example1-BEPool|bing.com",
"Example2-BEPool|microsoft.com"
]
},
"backendHttpSettings": {
"value": [
"Example-App-HTTPSetting|80|Http|Disabled|30|/"
]
},
"httpListeners": {
"value": [
"Example1-App-Listener|PIP1|HTTP-80",
"Example2-App-Listener|PIP1|HTTP-8080"
]
},
"requestRoutingRules": {
"value": [
"Example1-App-RoutingRule|Example1-App-Listener|Example1-BEPool|Example-App-HTTPSetting",
"Example2-App-RoutingRule|Example2-App-Listener|Example2-BEPool|Example-App-HTTPSetting"
]
}
}
}
}
This template will deploy an Application Gateway with a HTTPS Listeners and Basic routing rules. This will pull the template from an existing key vault with the certificate uploaded. The template make the following assumptions:
- There will be a different certificate for each HTTP Listener
- There will be only a single certificate for each HTTP Listener
- The order of the certificate parameter will match the order you want them applied ot the HTTP Listeners
PublicIPAddress
ManagedIdentity
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| applicationGatewayName | Name of the Application Gateway | pocAppGW |
| tier | Standard, WAF, Standard_v2, WAF_v2 | WAF_v2 |
| skuSize | Name of an application gateway SKU. - Standard_Small, Standard_Medium, Standard_Large, WAF_Medium, WAF_Large, Standard_v2, WAF_v2 | WAF_v2 |
| minCapacity | Min number of AppGW Capacity | 2 |
| maxCapacity | Min number of AppGW Capacity | 4 |
| zones | The Availability Zones the AppGW can be scaled to | ["1","2","3"] |
| subnetID | Resource ID of the subnet the AppGW will sit on | "[concat(reference('deployVNET').outputs.vnetId.value,'/subnets/AppGW-SN')]" |
| keyVaultName | The name of the Key Vault that contains the SSL certificates | pocKeyVault |
| identityID | The user Assigned Managed Identity resource ID that will be attahed to the GW and used to pull the certificates | poc-identity |
| certificates | Reference to the certificates in the Key Vault. Format: Cert Name in AppGW|Path in KeyVault | [ "ARMCert|ARM/df47f485ecb1455d98eae9a950af6f47", "ARM2Cert|ARM2/b5e5e9c31a034bffa8387ef38754333f" ] |
| publicIpAddressesId | Public IP for the Frontend. Format: name|publicIP Resource ID | [ "[concat('PIP1|',reference('deployPublicIP1').outputs.publicIPID.value )]" ] |
| frontendPorts | Ports that the AppGW will listen on. Format: name|port | HTTP80|80 |
| backendAddresses | The backend pools for the AppGW. Format: name|backend IP or URL | [ "Example1|example.com", "Example2|example2.com" ] |
| backendHttpSettings | The HTTP Setting for the backend pool. Format: name|port|protocol|cookieBasedAffinity|RequestTimeout|path | [ "Example-App-HTTPSetting|80|Http|Disabled|30|/ ] |
| httpListeners | The HTTP Listener Settings for the frontend ip: Format: name|fronte ip config name|frontend port name | [ "Example1-App-Listener/ |
| requestRoutingRules | Routing rules for the AppGW. Format: name|httpListener name|backend pool name|backend http setting name | [ "Example1-App-RoutingRule|Example1-App-Listener|Example1-BEPool|Example-App-HTTPSetting", "Example2-App-RoutingRule|Example2-App-Listener|Example2-BEPool|Example-App-HTTPSetting" ] |
na
{
"name": "deployAppGW",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"deployVNET",
"deployPublicIP1"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployAppGWHTTPSListenerKVTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"applicationGatewayName": {
"value": "[parameters('applicationGatewayName')]"
},
"tier": {
"value": "[parameters('appgwtier')]"
},
"skuSize": {
"value": "[parameters('appgwskuSize')]"
},
"minCapacity": {
"value": "[parameters('appgwMinCapacity')]",
},
"maxCapacity": {
"value": "[parameters('appgwMaxCapacity')]",
},
"zones": {
"value": "[parameters('appgwzones')]"
},
"subnetID": {
"value": "[concat(reference('deployVNET').outputs.vnetId.value,'/subnets/AppGW-SN')]"
},
"publicIpAddressesIds": {
"value": [
"[concat('PIP1|',reference('deployPublicIP1').outputs.publicIPID.value )]"
]
},
"keyVaultName": {
"value": "[parameters('keyVaultName')]"
},
"identityID": {
"value": "[reference('createManagedIdentity').outputs.resourceId.value]"
},
"certificates": {
"value": "[parameters('certificates')]"
},
"frontendPorts": {
"value": [
"HTTPS-443|443",
"HTTPS-8080|8080"
]
},
"backendAddresses": {
"value": [
"Example1-BEPool|bing.com",
"Example2-BEPool|microsoft.com"
]
},
"backendHttpSettings": {
"value": [
"Example-App-HTTPSetting|80|Http|Disabled|30|/"
]
},
"httpListeners": {
"value": [
"Example1-App-Listener|PIP1|HTTPS-443",
"Example2-App-Listener|PIP1|HTTPS-8080"
]
},
"requestRoutingRules": {
"value": [
"Example1-App-RoutingRule|Example1-App-Listener|Example1-BEPool|Example-App-HTTPSetting",
"Example2-App-RoutingRule|Example2-App-Listener|Example2-BEPool|Example-App-HTTPSetting"
]
}
}
}
}
KeyVault
UserAssignedManagedIdentity
AppGWHTTPSListenerKV
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| keyVaultName | Name of the Key Vault to add the access polity | poc-keyvault |
| secrets | This is an array of the rights given to access secrets | [ "get", "list", "set" ] |
| objectId | This object id you want the rights granted to | "[reference('createManagedIdentity').outputs.principalId.value]" |
NA
{
"name": "deployKeyVaultAccess",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('keyVaultResourceGroup')]",
"apiVersion": "2017-05-10",
"dependsOn": [
"createManagedIdentity"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployKeyVaultAccessTemplate')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"keyVaultName": {
"value": "[parameters('keyVaultName')]"
},
"secrets": {
"value": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore"
]
},
"objectId": {
"value": "[reference('createManagedIdentity').outputs.principalId.value]"
}
}
}
}
This template will AKS cluster with Linux nodes.
VNet
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| aksResourceName | The name of the Managed Cluster resource. | pocAKSCluster |
| nodeResourceGroup | The name of AKS node resource group. | pocNodeRG |
| vnetName | Name of the vnet the AKS Nodes will live | pocVnet |
| subnetName | Nameof the subnet the AKS Nodes will live | AKS-SN |
| dnsPrefix | Optional DNS prefix to use with hosted Kubernetes API server FQDN. | |
| vmSize | Size of the nodes to be deployed | Standard_DS2_v2 |
| osDiskSizeGB | Size of the OS disk. Allowed values between 0-1023 | 1023 |
| kubernetesVersion | The version of Kubernetes. | 1.7.7 |
| networkPlugin | Network plugin used for building Kubernetes network. Allowed values: azure or kubenet | azure |
| numNodes | Number of nodes to run in the cluster | 3 |
| enableRBAC | Boolean flag to turn on and off of RBAC. | true |
| enablePrivateCluster | Enable private network access to the Kubernetes cluster. | true |
| enableHttpApplicationRouting | Boolean flag to turn on and off http application routing. | false |
| networkPolicy | Network policy used for building Kubernetes network. | calico |
| vnetSubnetID | Resource ID of the subnet where the nodes will exists | [reference('deployVNET').outputs.aksSubnetID.value] |
| serviceCidr | A CIDR notation IP range from which to assign service cluster IPs. | 10.0.0.0/24 |
| dnsServiceIP | Containers DNS server IP address. | 10.0.0.10 |
| dockerBridgeCidr | A CIDR notation IP for Docker bridge. | 172.17.0.1/24 |
"controlPlaneFQDN": The FQDN for the AKS Control Plane
"aksID": The resource id for the AKS Cluster
{
"name": "deployPrivateAKSCluster",
"comments":"apiVersion is flagged, but haven't changed as not sure if this is needed for some features.",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"dependsOn": [
"deployVNET"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployAzureAKSTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"aksResourceName": {
"value": "[parameters('aksResourceName')]"
},
"nodeResourceGroup":{
"value": "[parameters('nodeResourceGroup')]"
},
"vnetName" : {
"value": "[parameters('vnetName')]"
},
"subnetName" : {
"value": "AKS-SN"
},
"dnsPrefix": {
"value": "[parameters('dnsPrefix')]"
},
"kubernetesVersion": {
"value": "[parameters('kubernetesVersion')]"
},
"networkPlugin": {
"value": "[parameters('networkPlugin')]"
},
"enableRBAC": {
"value": "[parameters('enableRBAC')]"
},
"vmssNodePool": {
"value": "[parameters('vmssNodePool')]"
},
"enablePrivateCluster": {
"value": "[parameters('enablePrivateCluster')]"
},
"enableHttpApplicationRouting": {
"value": "[parameters('enableHttpApplicationRouting')]"
},
"networkPolicy": {
"value": "[parameters('networkPolicy')]"
},
"vnetSubnetID": {
"value": "[reference('deployVNET').outputs.aksSubnetID.value]"
},
"serviceCidr": {
"value": "[parameters('serviceCidr')]"
},
"dnsServiceIP": {
"value": "[parameters('dnsServiceIP')]"
},
"dockerBridgeCidr": {
"value": "[parameters('dockerBridgeCidr')]"
}
}
}
}
This template will deploy an Azure Container Registry
NA
PrivateEndpoint
PrivateDNSZone
PrivateDNSARecord
PrivateAKSMICluster
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| acrName | Azure Container Registry name | poc-acr |
"acrId": The resource id of the Azure Container Registry created
{
"name": "deployACR",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployACRURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"acrName": {
"value": "[parameters('acrName')]"
}
}
}
}
This template will deploy an Azure API Management Instance
NA
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| apimName | Name for the APIM instance | poc-apim |
| sku | Allowed Values: Basic, Consumption, Developer, Standard, Premium | Standard |
| capacity | Capacity of the SKU (number of deployed units of the SKU). | 2 |
| apimEmail | Publisher email | example@microsoft.com |
| subnetID | Resource ID of the subnet that APIM will sit on | [concat(reference('deployVNET').outputs.vnetId.value,'/subnets/APIM-SN')] |
| publisherName | Publisher Name | Microsoft |
| virtualNetworkType | Allowed Values: Internal, External | Internal |
| disableGateway | Boolean allowing you to diable gateway | false |
"APIMIP": The resource id of the APIM Instance created
{
"name": "deployAPIM",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"deployVNET",
"deployAppInsights",
"deployLAWorkspace"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployAPIMTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"apimname": {
"value": "[parameters('apimName')]"
},
"sku": {
"value": "[parameters('apimsku')]"
},
"capacity": {
"value": "[parameters('apimcapacity')]"
},
"apimEmail": {
"value": "[parameters('apimEmail')]"
},
"subnetID": {
"value": "[concat(reference('deployVNET').outputs.vnetId.value,'/subnets/APIM-SN')]"
},
"publisherName": {
"value": "[parameters('apimPublisherName')]"
},
"virtualNetworkType": {
"value": "[parameters('apimVirtualNetworkType')]"
},
"disableGateway": {
"value": "[parameters('apimDisableGateway')]"
}
}
}
}
This template will deploy a premium version of Azure Redis Cache injected on a VNet
Vnet
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| cahceName | Name for the Azure Redis Cache | poc-azurecache |
| capacity | The size of the Redis cache to deploy | 2 |
| subnetId | Resource ID of the subnet it will reside on | [concat(reference('deployVNET').outputs.vnetId.value,'/subnets/AzureBastionSubnet')] |
| saConnectionString | Storage Account Connection String | [reference('deployStorage').outputs.saConnectionString.value] |
| ipAddress | IP Address to be assigned to cache | 10.10.10.10 |
| backupEnabled | Boolean either enabling or disabling backup | true |
| backupFrequency | How often to run a backup | 90 |
| maxSnapshots | Maximum number of snaphots allowed | 10 |
NA
{
"name": "deployAzureCacheVault",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"dependsOn": [
"deployLAWorkspace",
"deployVNET"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployAzureCacheBusURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"cacheName": {
"value": "[parameters('cacheName')]"
},
"subnetId": {
"value": "[concat(reference('deployVNET').outputs.vnetId.value,'/subnets/privateep-SN')]"
},
"saConnectionString": {
"value": "[reference('deployPrivateStorage').outputs.saConnectionString.value]"
},
"ipAddress": {
"value": "192.168.1.180"
},
"bakcupEnabled": {
"value": true
},
"backupFrequency": {
"value": 90
},
"maxSnaphots": {
"value": 10
}
}
}
}
This template will deploy an Azure SQL Database
NA
PrivateEndpoint
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| administratorLogin | Admin Login for the SQL Server | sqladmin |
| administratorLoginPassword | Admin password for the SQL Server | SecretPassword01 |
| serverName | SQL Server Name to host the Azure SQL DB | pocSQLServer |
| publicNetworkAccess | Boolean value on if public network access is allowed to the SQL Server | false |
| useVAManagedIdentity | Boolean value on weather to create a System Managed Identity | true |
| allowAzureIps | Boolean value on if Azure IPs are allowed through firewall | true |
| collation | The collation of the database. | SQL_Latin1_General_CP1_CI_AS |
| databaseName | Name of the Azure DB to be created | pocDB |
| tier | The tier or edition of the particular SKU, e.g. Basic, Premium. | GeneralPurpose |
| skuName | The name of the SKU, typically, a letter + Number code, e.g. P3. | GP_S_Gen5_24 |
| maxSizeBytes | The max size of the database expressed in bytes. | 1024 |
| sampleName | The name of the sample schema to apply when creating this database. - AdventureWorksLT, WideWorldImportersStd, WideWorldImportersFull | WideWorldImportersFull |
| zoneRedundant | Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones | true |
| licenseType | The license type to apply for this database. - LicenseIncluded or BasePrice | LicenseIncluded |
| readScaleOut | f enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases. - Enabled or Disabled | Disabled |
| numberOfReplicas | The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases. | 0 |
| minCapacity | Minimal capacity that database will always have allocated, if not paused | 2 |
| autoPauseDelay | Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled | -1 |
sqlServerId: Resource ID of the SQL Server created
{
"name": "deploySqlDb",
"comments":"",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"[parameters('resourceGroup')]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('deployAzureSqlDbURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"collation": {
"value": "SQL_Latin1_General_CP1_CI_AS"
},
"databaseName": {
"value": "[variables('sqlDatabaseName')]"
},
"tier": {
"value": "GeneralPurpose"
},
"skuName": {
"value": "GP_S_Gen5_24"
},
"maxSizeBytes": {
"value": 1099511627776
},
"sampleName": {
"value": ""
},
"serverName": {
"value": "[variables('sqlServerName')]"
},
"zoneRedundant": {
"value": false
},
"licenseType": {
"value": ""
},
"readScaleOut": {
"value": "Disabled"
},
"numberOfReplicas": {
"value": 0
},
"minCapacity": {
"value": "3"
},
"autoPauseDelay": {
"value": "180"
},
"useVAManagedIdentity": {
"value": true
},
"administratorLogin": {
"value": "[parameters('adminUsername')]"
},
"administratorLoginPassword": {
"value": "[parameters('adminPassword')]"
},
"publicNetworkAccess": {
"value": "Disabled"
}
}
}
}
This template will allow an Azure Virtual Network access to an Azure SQL DB.
NA
SQLDB
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| serverName | SQL Server name | poc-sqlserver |
| subnetID | Subnet ID that will be allowed to access the database | [concat(reference('deployVNET').outputs.vnetId.value,'/subnets/AKS-SN')] |
sqlServerId: Resource ID of the SQL Server created
{
"name": "allowAKSVNet",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"deploySqlDb"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('allowSQLVNetTemplateURL')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"serverName": {
"value": "[variables('sqlServerName')]"
},
"subnetID": {
"value": "[concat(reference('deployVNET').outputs.vnetId.value,'/subnets/AKS-SN')]"
}
}
}
}
This template is an example of deploying a DSC script to a virtual machine. This script configures AKS with a SQL backend.
WindowsVirtualMachine
NA
This template requires you to pass in the following parameters:
| Parameter | Description | Example |
|---|---|---|
| vmName | VM name were the dsc script will run | poc-jump |
| configModuleURL | URL for the dsc script | [variables('jumpConfigModuleURL')] |
| configFunction | Function in the script to be executed | [variables('jumpConfigFunction')] |
| lbIP | IP address to use in the load balancer in AKS | 10.10.10.10 |
| acrName | Name of the Azure Container registry to store the docker images | poc-acr |
| aksName | Name of the AKS resource in Azure | poc-aks |
| gwName | Name of the AppGW resource to use as a front end. | poc-appgw |
| rgName | Resource group that contains your resources | pocrg |
| saName | Name of a storage account to utilize. | poc-sa |
| aiKey | Application Insights Instrumentation Key. | [reference('deployAppInsights').outputs.aiKey.value] |
| sqlName | SQL Server name. | poc-sql |
| dbName | Database name that is on the sql server. | exampledb |
| sqlAdmin | Acccount that has SQL admin rights | pocAdmin |
| sqlPwd | Password for the SQL admin account | SecurePassword123 |
| saKey | Storage Account Key for the storage account saName | [reference('deploySAAccount').outputs.saKey.value] |
NA
{
"name": "configJumpBox",
"comments":"",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"deployJumpBox",
"grantMIRole",
"deployAKSCluster"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('addDSCExtension')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"vmName": {
"value": "[variables('jumpName')]"
},
"configModuleURL": {
"value": "[variables('jumpConfigModuleURL')]"
},
"configFunction": {
"value": "[variables('jumpConfigFunction')]"
},
"lbIP": {
"value": "[variables('lbIP')]"
},
"acrName": {
"value": "[variables('acrName')]"
},
"aksName": {
"value": "[variables('AksresourceName')]"
},
"gwName": {
"value": "[variables('applicationGatewayName')]"
},
"rgName": {
"value": "[parameters('resourceGroup')]"
},
"saName": {
"value": "[variables('saName')]"
},
"aiKey": {
"value": "[reference('deployAppInsights').outputs.aiKey.value]"
},
"sqlName": {
"value": "[variables('sqlServerName')]"
},
"dbName": {
"value": "[variables('sqlDatabaseName')]"
},
"sqlAdmin": {
"value": "[parameters('adminUserName')]"
},
"sqlPwd": {
"value": "[parameters('adminPassword')]"
},
"saKey": {
"value": "[reference('deploySAAccount').outputs.saKey.value]"
}
}
}
}