Copy Files From Source Repo (2024-01-19 17:27)

MicrosoftLearning · Jan 20, 2024 · b7a048f · b7a048f
1 parent bc06d02
commit b7a048f
Show file tree

Hide file tree

Showing 38 changed files with 7,635 additions and 27 deletions.
diff --git a/Allfiles/Labs/02/azuredeploy.parameters.json b/Allfiles/Labs/02/azuredeploy.parameters.json
@@ -0,0 +1,12 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "listOfAllowedLocations": {
+      "type": "Array",
+      "value": [
+        "UK South"
+      ]
+    }
+  }
+}
diff --git a/Allfiles/Labs/02/main.bicep b/Allfiles/Labs/02/main.bicep
@@ -0,0 +1,18 @@
+param policyAssignmentName string = 'Allowed locations'
+param policyDefinitionID string = '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c'
+param listOfAllowedLocations array
+
+resource assignment 'Microsoft.Authorization/policyAssignments@2022-06-01' = {
+    name: policyAssignmentName
+    properties: {
+        policyDefinitionId: policyDefinitionID
+        parameters: {
+            listOfAllowedLocations: {
+                value: listOfAllowedLocations
+            }
+        }
+    }
+
+}
+
+output assignmentId string = assignment.id
diff --git a/Allfiles/Labs/03/azuredeploy.parameters.json b/Allfiles/Labs/03/azuredeploy.parameters.json
@@ -0,0 +1,18 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "keyVaultName": {
+      "value": "Contoso-vault2"
+    },
+    "objectId": {
+      "value": "YOUR-OBJECT-ID-HERE" // Get this from the Service Principal you created
+    },
+    "secretName": {
+      "value": ""
+    },
+    "secretValue": {
+      "value": ""
+    }
+  }
+}
diff --git a/Allfiles/Labs/03/main.bicep b/Allfiles/Labs/03/main.bicep
@@ -0,0 +1,79 @@
+@description('Specifies the name of the key vault.')
+param keyVaultName string
+
+@description('Specifies the Azure location where the key vault should be created.')
+param location string = resourceGroup().location
+
+@description('Specifies whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.')
+param enabledForDeployment bool = false
+
+@description('Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.')
+param enabledForDiskEncryption bool = false
+
+@description('Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault.')
+param enabledForTemplateDeployment bool = false
+
+@description('Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet.')
+param tenantId string = subscription().tenantId
+
+@description('Specifies the object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Get it by using Get-AzADUser or Get-AzADServicePrincipal cmdlets.')
+param objectId string
+
+@description('Specifies the permissions to keys in the vault. Valid values are: all, encrypt, decrypt, wrapKey, unwrapKey, sign, verify, get, list, create, update, import, delete, backup, restore, recover, and purge.')
+param keysPermissions array = [
+  'list'
+  'get'
+  'create'
+  'delete'
+  'sign'
+]
+
+@description('Specifies the permissions to secrets in the vault. Valid values are: all, get, list, set, delete, backup, restore, recover, and purge.')
+param secretsPermissions array = [
+  'all'
+]
+
+@description('Specifies whether the key vault is a standard vault or a premium vault.')
+@allowed([
+  'standard'
+  'premium'
+])
+param skuName string = 'standard'
+
+@description('Specifies the name of the secret that you want to create.')
+param secretName string
+
+@description('Specifies the value of the secret that you want to create.')
+@secure()
+param secretValue string
+
+resource kv 'Microsoft.KeyVault/vaults@2021-11-01-preview' = {
+  name: keyVaultName
+  location: location
+  properties: {
+    enabledForDeployment: enabledForDeployment
+    enabledForDiskEncryption: enabledForDiskEncryption
+    enabledForTemplateDeployment: enabledForTemplateDeployment
+    tenantId: tenantId
+    enableSoftDelete: true
+    softDeleteRetentionInDays: 90
+    accessPolicies: [
+      {
+        objectId: objectId
+        tenantId: tenantId
+        permissions: {
+          keys: keysPermissions
+          secrets: secretsPermissions
+        }
+      }
+    ]
+    sku: {
+      name: skuName
+      family: 'A'
+    }
+    networkAcls: {
+      defaultAction: 'Allow'
+      bypass: 'AzureServices'
+    }
+  }
+}