├── ACC-DB ├── CosmosDB │ └── notes.txt ├── MySQL │ └── notes.txt ├── PostgreSQL │ └── notes.txt └── SQLDatabase │ ├── sqldatabase.parameters.json │ ├── notes.txt │ └── sqldatabase.bicep ├── ACC-ContainerApps-Linux ├── containerapps-linux.parameters.json ├── notes.txt └── containerapps-linux.bicep ├── ACC-VM-Win ├── notes.txt ├── win-vm.parameters.json └── win-vm.bicep ├── ACC-VM-Linux ├── notes.txt ├── linux-vm.parameters.json └── linux-vm.bicep ├── ACC-AppService-Win ├── appservice-win.parameters.json ├── notes.txt └── appservice-win.bicep ├── ACC-AppService-Linux ├── appservice-linux.parameters.json ├── notes.txt └── appservice-linux.bicep ├── LICENSE ├── README.md └── SECURITY.md /ACC-DB/CosmosDB/notes.txt: -------------------------------------------------------------------------------- 1 | TDB -------------------------------------------------------------------------------- /ACC-DB/MySQL/notes.txt: -------------------------------------------------------------------------------- 1 | TBD -------------------------------------------------------------------------------- /ACC-DB/PostgreSQL/notes.txt: -------------------------------------------------------------------------------- 1 | TBD -------------------------------------------------------------------------------- /ACC-ContainerApps-Linux/containerapps-linux.parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "location": { 6 | "value": "GEN-UNIQUE" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /ACC-VM-Win/notes.txt: -------------------------------------------------------------------------------- 1 | 2 | az login --service-principal -u -p --tenant 3 | 4 | az group create -l eastus -n PoC_Zone 5 | 6 | az deployment group create --name scenario1 --resource-group PoC_Zone --template-file win-vm.bicep --parameters @win-vm.parameters.json 7 | 8 | az group delete -n PoC_Zone -------------------------------------------------------------------------------- /ACC-VM-Linux/notes.txt: -------------------------------------------------------------------------------- 1 | 2 | az login --service-principal -u -p --tenant 3 | 4 | az group create -l eastus -n PoC_Zone 5 | 6 | az deployment group create --name scenario2 --resource-group PoC_Zone --template-file linux-vm.bicep --parameters @linux-vm.parameters.json 7 | 8 | az group delete -n PoC_Zone -------------------------------------------------------------------------------- /ACC-AppService-Win/appservice-win.parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "webAppName": { 6 | "value": "GEN-UNIQUE" 7 | }, 8 | "sku": { 9 | "value": "S2" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /ACC-ContainerApps-Linux/notes.txt: -------------------------------------------------------------------------------- 1 | 2 | az login --service-principal -u -p --tenant 3 | 4 | az group create -l eastus -n PoC_Zone 5 | 6 | az deployment group create --name scenario5 --resource-group PoC_Zone --template-file containerapps-linux.bicep --parameters @containerapps-linux.parameters.json 7 | 8 | az group delete -n PoC_Zone 9 | -------------------------------------------------------------------------------- /ACC-AppService-Win/notes.txt: -------------------------------------------------------------------------------- 1 | https://learn.microsoft.com/en-us/azure/app-service/samples-bicep 2 | 3 | az login --service-principal -u -p --tenant 4 | 5 | az group create -l eastus -n PoC_Zone 6 | 7 | az deployment group create --name scenario4 --resource-group PoC_Zone --template-file appservice-win.bicep --parameters @appservice-win.parameters.json 8 | 9 | az group delete -n PoC_Zone -------------------------------------------------------------------------------- /ACC-AppService-Linux/appservice-linux.parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "webAppName": { 6 | "value": "GEN-UNIQUE" 7 | }, 8 | "sku": { 9 | "value": "S2" 10 | }, 11 | "linuxFxVersion": { 12 | "value": "php|7.4" 13 | }, 14 | 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /ACC-AppService-Linux/notes.txt: -------------------------------------------------------------------------------- 1 | https://learn.microsoft.com/en-us/azure/app-service/samples-bicep 2 | 3 | az login --service-principal -u -p --tenant 4 | 5 | az group create -l eastus -n PoC_Zone 6 | 7 | az deployment group create --name scenario3 --resource-group PoC_Zone --template-file appservice-linux.bicep --parameters @appservice-linux.parameters.json 8 | 9 | az group delete -n PoC_Zone 10 | -------------------------------------------------------------------------------- /ACC-DB/SQLDatabase/sqldatabase.parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "serverName": { 6 | "value": "GEN-UNIQUE" 7 | }, 8 | "administratorLogin": { 9 | "value": "GEN-UNIQUE" 10 | }, 11 | "administratorLoginPassword": { 12 | "value": "GEN-UNIQUE" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /ACC-DB/SQLDatabase/notes.txt: -------------------------------------------------------------------------------- 1 | https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.sql 2 | 3 | az login --service-principal -u -p --tenant 4 | 5 | az group create -l eastus -n PoC_Zone 6 | 7 | az deployment group create --name ACC-DB --resource-group PoC_Zone --template-file sqldatabase.bicep --parameters 8 | 9 | az deployment group create --name ACC-DB --resource-group PoC_Zone --template-file sqldatabase.bicep --parameters @sqldatabase.parameters.json 10 | 11 | az group delete -n PoC_Zone 12 | -------------------------------------------------------------------------------- /ACC-VM-Linux/linux-vm.parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "adminUsername": { 6 | "value": "GEN-UNIQUE" 7 | }, 8 | "adminPassword": { 9 | "value": "GEN-UNIQUE" 10 | }, 11 | "vmName": { 12 | "value": "GEN-UNIQUE" 13 | }, 14 | "ubuntuOSVersion": { 15 | "value": "Ubuntu-2004" 16 | }, 17 | "vmSize": { 18 | "value": "Standard_D2s_v" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /ACC-VM-Win/win-vm.parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "adminUsername": { 6 | "value": "GEN-UNIQUE" 7 | }, 8 | "adminPassword": { 9 | "value": "GEN-UNIQUE" 10 | }, 11 | "vmName": { 12 | "value": "GEN-UNIQUE" 13 | }, 14 | "OSVersion": { 15 | "value": "2022-datacenter-azure-edition" 16 | }, 17 | "vmSize": { 18 | "value": "Standard_D2s_v5" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /ACC-DB/SQLDatabase/sqldatabase.bicep: -------------------------------------------------------------------------------- 1 | @description('The name of the SQL logical server.') 2 | param serverName string = uniqueString('sql', resourceGroup().id) 3 | 4 | @description('The name of the SQL Database.') 5 | param sqlDBName string = 'SampleDB' 6 | 7 | @description('Location for all resources.') 8 | param location string = resourceGroup().location 9 | 10 | @description('The administrator username of the SQL logical server.') 11 | param administratorLogin string 12 | 13 | @description('The administrator password of the SQL logical server.') 14 | @secure() 15 | param administratorLoginPassword string 16 | 17 | resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = { 18 | name: serverName 19 | location: location 20 | properties: { 21 | administratorLogin: administratorLogin 22 | administratorLoginPassword: administratorLoginPassword 23 | } 24 | } 25 | 26 | resource sqlDB 'Microsoft.Sql/servers/databases@2022-05-01-preview' = { 27 | parent: sqlServer 28 | name: sqlDBName 29 | location: location 30 | sku: { 31 | name: 'Standard' 32 | tier: 'Standard' 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Microsoft Corporation. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE 22 | -------------------------------------------------------------------------------- /ACC-AppService-Linux/appservice-linux.bicep: -------------------------------------------------------------------------------- 1 | @description('Base name of the resource such as web app name and app service plan ') 2 | @minLength(2) 3 | param webAppName string = 'OALinuxApp' 4 | 5 | @description('The SKU of App Service Plan ') 6 | param sku string = 'S2' 7 | 8 | @description('The Runtime stack of current web app') 9 | param linuxFxVersion string = 'php|7.4' 10 | 11 | @description('Location for all resources.') 12 | param location string = resourceGroup().location 13 | 14 | var webAppPortalName = '${webAppName}-webapp' 15 | var appServicePlanName = 'AppServicePlan-${webAppName}' 16 | 17 | resource appServicePlan 'Microsoft.Web/serverfarms@2022-03-01' = { 18 | name: appServicePlanName 19 | location: location 20 | sku: { 21 | name: sku 22 | } 23 | kind: 'linux' 24 | properties: { 25 | reserved: true 26 | } 27 | } 28 | 29 | resource webAppPortal 'Microsoft.Web/sites@2022-03-01' = { 30 | name: webAppPortalName 31 | location: location 32 | kind: 'app' 33 | properties: { 34 | serverFarmId: appServicePlan.id 35 | siteConfig: { 36 | linuxFxVersion: linuxFxVersion 37 | ftpsState: 'FtpsOnly' 38 | } 39 | httpsOnly: true 40 | } 41 | identity: { 42 | type: 'SystemAssigned' 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /ACC-AppService-Win/appservice-win.bicep: -------------------------------------------------------------------------------- 1 | @description('Web app name.') 2 | @minLength(2) 3 | param webAppName string = 'webApp-${uniqueString(resourceGroup().id)}' 4 | 5 | @description('Location for all resources.') 6 | param location string = resourceGroup().location 7 | 8 | @description('Describes plan\'s pricing tier and instance size. Check details at https://azure.microsoft.com/en-us/pricing/details/app-service/') 9 | @allowed([ 10 | 'F1' 11 | 'D1' 12 | 'B1' 13 | 'B2' 14 | 'B3' 15 | 'S1' 16 | 'S2' 17 | 'S3' 18 | 'P1' 19 | 'P2' 20 | 'P3' 21 | 'P4' 22 | ]) 23 | param sku string = 'F1' 24 | 25 | @description('The language stack of the app.') 26 | @allowed([ 27 | '.net' 28 | 'php' 29 | 'node' 30 | 'html' 31 | ]) 32 | param language string = '.net' 33 | 34 | @description('Optional Git Repo URL, if empty a \'hello world\' app will be deploy from the Azure-Samples repo') 35 | param repoUrl string = '' 36 | 37 | var appServicePlanName = 'AppServicePlan-${webAppName}' 38 | var gitRepoReference = { 39 | '.net': 'https://github.com/Azure-Samples/app-service-web-dotnet-get-started' 40 | node: 'https://github.com/Azure-Samples/nodejs-docs-hello-world' 41 | php: 'https://github.com/Azure-Samples/php-docs-hello-world' 42 | html: 'https://github.com/Azure-Samples/html-docs-hello-world' 43 | } 44 | var gitRepoUrl = (empty(repoUrl) ? gitRepoReference[language] : repoUrl) 45 | var configReference = { 46 | '.net': { 47 | comments: '.Net app. No additional configuration needed.' 48 | } 49 | html: { 50 | comments: 'HTML app. No additional configuration needed.' 51 | } 52 | php: { 53 | phpVersion: '7.4' 54 | } 55 | node: { 56 | appSettings: [ 57 | { 58 | name: 'WEBSITE_NODE_DEFAULT_VERSION' 59 | value: '12.15.0' 60 | } 61 | ] 62 | } 63 | } 64 | 65 | resource asp 'Microsoft.Web/serverfarms@2022-03-01' = { 66 | name: appServicePlanName 67 | location: location 68 | sku: { 69 | name: sku 70 | } 71 | } 72 | 73 | resource webApp 'Microsoft.Web/sites@2022-03-01' = { 74 | name: webAppName 75 | location: location 76 | identity: { 77 | type: 'SystemAssigned' 78 | } 79 | properties: { 80 | siteConfig: union(configReference[language],{ 81 | minTlsVersion: '1.2' 82 | scmMinTlsVersion: '1.2' 83 | ftpsState: 'FtpsOnly' 84 | }) 85 | serverFarmId: asp.id 86 | httpsOnly: true 87 | } 88 | } 89 | 90 | resource gitsource 'Microsoft.Web/sites/sourcecontrols@2022-03-01' = { 91 | parent: webApp 92 | name: 'web' 93 | properties: { 94 | repoUrl: gitRepoUrl 95 | branch: 'master' 96 | isManualIntegration: true 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Apps Command Center 2 | 3 | Developed by the Microsoft GPS LATAM Team, the ACC Solution Accelerator provides a set of templates to help you accelerate your deployment process. The ACC Solution Accelerator is designed to help you build solutions that are secure, scalable, and reliable based on Microsoft WAF Principals. 4 | 5 | ### Make your choice 6 | 7 | ```mermaid 8 | flowchart TD 9 | A[Start] --> B{Windows OS}; 10 | B -- Yes --> C{Does Windows App need console access?}; 11 | B -- No --> D{Does Linux App need console access?}; 12 | C -- Yes --> E[Enjoy Azure VM for Windows]; 13 | C -- No --> F{Code in Repo?}; 14 | D -- Yes --> G[Enjoy Azure VM for Linux]; 15 | D -- No --> H{Code in Repo?}; 16 | F -- Yes --> I[Enjoy App Service for Windows] 17 | F -- No --> J[Enjoy Azure VM for Windows]; 18 | H -- No --> K[Enjoy Azure VM for Linux]; 19 | H -- Yes --> L{Do you need to support containers?}; 20 | L -- Yes --> M[Enjoy Azure Container Apps]; 21 | L -- No --> N[Enjoy App Service for Linux]; 22 | ``` 23 | ### This solution is open source. You can adapt the templates to create an architecture that meets your needs. 24 | 25 | ## Contributing 26 | 27 | This project welcomes contributions and suggestions. Most contributions require you to agree to a 28 | Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us 29 | the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. 30 | 31 | When you submit a pull request, a CLA bot will automatically determine whether you need to provide 32 | a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions 33 | provided by the bot. You will only need to do this once across all repos using our CLA. 34 | 35 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 36 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or 37 | contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 38 | 39 | ## Trademarks 40 | 41 | This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft 42 | trademarks or logos is subject to and must follow 43 | [Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general). 44 | Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. 45 | Any use of third-party trademarks or logos are subject to those third-party's policies. 46 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ## Security 4 | 5 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). 6 | 7 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below. 8 | 9 | ## Reporting Security Issues 10 | 11 | **Please do not report security vulnerabilities through public GitHub issues.** 12 | 13 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report). 14 | 15 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey). 16 | 17 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 18 | 19 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: 20 | 21 | * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) 22 | * Full paths of source file(s) related to the manifestation of the issue 23 | * The location of the affected source code (tag/branch/commit or direct URL) 24 | * Any special configuration required to reproduce the issue 25 | * Step-by-step instructions to reproduce the issue 26 | * Proof-of-concept or exploit code (if possible) 27 | * Impact of the issue, including how an attacker might exploit the issue 28 | 29 | This information will help us triage your report more quickly. 30 | 31 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs. 32 | 33 | ## Preferred Languages 34 | 35 | We prefer all communications to be in English. 36 | 37 | ## Policy 38 | 39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd). 40 | 41 | 42 | -------------------------------------------------------------------------------- /ACC-ContainerApps-Linux/containerapps-linux.bicep: -------------------------------------------------------------------------------- 1 | @description('Specifies the name of the container app.') 2 | param containerAppName string = 'app-${uniqueString(resourceGroup().id)}' 3 | 4 | @description('Specifies the name of the container app environment.') 5 | param containerAppEnvName string = 'env-${uniqueString(resourceGroup().id)}' 6 | 7 | @description('Specifies the name of the log analytics workspace.') 8 | param containerAppLogAnalyticsName string = 'log-${uniqueString(resourceGroup().id)}' 9 | 10 | @description('Specifies the location for all resources.') 11 | param location string = resourceGroup().location 12 | 13 | @description('Specifies the docker container image to deploy.') 14 | param containerImage string = 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest' 15 | 16 | @description('Specifies the container port.') 17 | param targetPort int = 80 18 | 19 | @description('Number of CPU cores the container can use. Can be with a maximum of two decimals.') 20 | @allowed([ 21 | '0.25' 22 | '0.5' 23 | '0.75' 24 | '1' 25 | '1.25' 26 | '1.5' 27 | '1.75' 28 | '2' 29 | ]) 30 | param cpuCore string = '0.5' 31 | 32 | @description('Amount of memory (in gibibytes, GiB) allocated to the container up to 4GiB. Can be with a maximum of two decimals. Ratio with CPU cores must be equal to 2.') 33 | @allowed([ 34 | '0.5' 35 | '1' 36 | '1.5' 37 | '2' 38 | '3' 39 | '3.5' 40 | '4' 41 | ]) 42 | param memorySize string = '1' 43 | 44 | @description('Minimum number of replicas that will be deployed') 45 | @minValue(0) 46 | @maxValue(25) 47 | param minReplicas int = 1 48 | 49 | @description('Maximum number of replicas that will be deployed') 50 | @minValue(0) 51 | @maxValue(25) 52 | param maxReplicas int = 3 53 | 54 | resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { 55 | name: containerAppLogAnalyticsName 56 | location: location 57 | properties: { 58 | sku: { 59 | name: 'PerGB2018' 60 | } 61 | } 62 | } 63 | 64 | resource containerAppEnv 'Microsoft.App/managedEnvironments@2022-06-01-preview' = { 65 | name: containerAppEnvName 66 | location: location 67 | sku: { 68 | name: 'Consumption' 69 | } 70 | properties: { 71 | appLogsConfiguration: { 72 | destination: 'log-analytics' 73 | logAnalyticsConfiguration: { 74 | customerId: logAnalytics.properties.customerId 75 | sharedKey: logAnalytics.listKeys().primarySharedKey 76 | } 77 | } 78 | } 79 | } 80 | 81 | resource containerApp 'Microsoft.App/containerApps@2022-06-01-preview' = { 82 | name: containerAppName 83 | location: location 84 | properties: { 85 | managedEnvironmentId: containerAppEnv.id 86 | configuration: { 87 | ingress: { 88 | external: true 89 | targetPort: targetPort 90 | allowInsecure: false 91 | traffic: [ 92 | { 93 | latestRevision: true 94 | weight: 100 95 | } 96 | ] 97 | } 98 | } 99 | template: { 100 | revisionSuffix: 'firstrevision' 101 | containers: [ 102 | { 103 | name: containerAppName 104 | image: containerImage 105 | resources: { 106 | cpu: json(cpuCore) 107 | memory: '${memorySize}Gi' 108 | } 109 | } 110 | ] 111 | scale: { 112 | minReplicas: minReplicas 113 | maxReplicas: maxReplicas 114 | } 115 | } 116 | } 117 | } 118 | 119 | output containerAppFQDN string = containerApp.properties.configuration.ingress.fqdn 120 | -------------------------------------------------------------------------------- /ACC-VM-Linux/linux-vm.bicep: -------------------------------------------------------------------------------- 1 | @description('The name of you Virtual Machine.') 2 | param vmName string = 'simpleLinuxVM' 3 | 4 | @description('Username for the Virtual Machine.') 5 | param adminUsername string 6 | 7 | @description('Type of authentication to use on the Virtual Machine. SSH key is recommended.') 8 | @allowed([ 9 | 'sshPublicKey' 10 | 'password' 11 | ]) 12 | param authenticationType string = 'password' 13 | 14 | @description('SSH Key or password for the Virtual Machine. SSH key is recommended.') 15 | @secure() 16 | param adminPasswordOrKey string 17 | 18 | @description('Unique DNS Name for the Public IP used to access the Virtual Machine.') 19 | param dnsLabelPrefix string = toLower('${vmName}-${uniqueString(resourceGroup().id)}') 20 | 21 | @description('The Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version.') 22 | @allowed([ 23 | 'Ubuntu-1804' 24 | 'Ubuntu-2004' 25 | 'Ubuntu-2204' 26 | ]) 27 | param ubuntuOSVersion string = 'Ubuntu-2004' 28 | 29 | @description('Location for all resources.') 30 | param location string = resourceGroup().location 31 | 32 | @description('The size of the VM') 33 | param vmSize string = 'Standard_D2s_v3' 34 | 35 | @description('Name of the VNET') 36 | param virtualNetworkName string = 'vNet' 37 | 38 | @description('Name of the subnet in the virtual network') 39 | param subnetName string = 'Subnet' 40 | 41 | @description('Name of the Network Security Group') 42 | param networkSecurityGroupName string = 'SecGroupNet' 43 | 44 | @description('Security Type of the Virtual Machine.') 45 | @allowed([ 46 | 'Standard' 47 | 'TrustedLaunch' 48 | ]) 49 | param securityType string = 'TrustedLaunch' 50 | 51 | var imageReference = { 52 | 'Ubuntu-1804': { 53 | publisher: 'Canonical' 54 | offer: 'UbuntuServer' 55 | sku: '18_04-lts-gen2' 56 | version: 'latest' 57 | } 58 | 'Ubuntu-2004': { 59 | publisher: 'Canonical' 60 | offer: '0001-com-ubuntu-server-focal' 61 | sku: '20_04-lts-gen2' 62 | version: 'latest' 63 | } 64 | 'Ubuntu-2204': { 65 | publisher: 'Canonical' 66 | offer: '0001-com-ubuntu-server-jammy' 67 | sku: '22_04-lts-gen2' 68 | version: 'latest' 69 | } 70 | } 71 | var publicIPAddressName = '${vmName}PublicIP' 72 | var networkInterfaceName = '${vmName}NetInt' 73 | var osDiskType = 'Standard_LRS' 74 | var subnetAddressPrefix = '10.1.0.0/24' 75 | var addressPrefix = '10.1.0.0/16' 76 | var linuxConfiguration = { 77 | disablePasswordAuthentication: true 78 | ssh: { 79 | publicKeys: [ 80 | { 81 | path: '/home/${adminUsername}/.ssh/authorized_keys' 82 | keyData: adminPasswordOrKey 83 | } 84 | ] 85 | } 86 | } 87 | var securityProfileJson = { 88 | uefiSettings: { 89 | secureBootEnabled: true 90 | vTpmEnabled: true 91 | } 92 | securityType: securityType 93 | } 94 | var extensionName = 'GuestAttestation' 95 | var extensionPublisher = 'Microsoft.Azure.Security.LinuxAttestation' 96 | var extensionVersion = '1.0' 97 | var maaTenantName = 'GuestAttestation' 98 | var maaEndpoint = substring('emptystring', 0, 0) 99 | 100 | resource networkInterface 'Microsoft.Network/networkInterfaces@2021-05-01' = { 101 | name: networkInterfaceName 102 | location: location 103 | properties: { 104 | ipConfigurations: [ 105 | { 106 | name: 'ipconfig1' 107 | properties: { 108 | subnet: { 109 | id: subnet.id 110 | } 111 | privateIPAllocationMethod: 'Dynamic' 112 | publicIPAddress: { 113 | id: publicIPAddress.id 114 | } 115 | } 116 | } 117 | ] 118 | networkSecurityGroup: { 119 | id: networkSecurityGroup.id 120 | } 121 | } 122 | } 123 | 124 | resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-05-01' = { 125 | name: networkSecurityGroupName 126 | location: location 127 | properties: { 128 | securityRules: [ 129 | { 130 | name: 'SSH' 131 | properties: { 132 | priority: 1000 133 | protocol: 'Tcp' 134 | access: 'Allow' 135 | direction: 'Inbound' 136 | sourceAddressPrefix: '*' 137 | sourcePortRange: '*' 138 | destinationAddressPrefix: '*' 139 | destinationPortRange: '22' 140 | } 141 | } 142 | ] 143 | } 144 | } 145 | 146 | resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' = { 147 | name: virtualNetworkName 148 | location: location 149 | properties: { 150 | addressSpace: { 151 | addressPrefixes: [ 152 | addressPrefix 153 | ] 154 | } 155 | } 156 | } 157 | 158 | resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-05-01' = { 159 | parent: virtualNetwork 160 | name: subnetName 161 | properties: { 162 | addressPrefix: subnetAddressPrefix 163 | privateEndpointNetworkPolicies: 'Enabled' 164 | privateLinkServiceNetworkPolicies: 'Enabled' 165 | } 166 | } 167 | 168 | resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2021-05-01' = { 169 | name: publicIPAddressName 170 | location: location 171 | sku: { 172 | name: 'Basic' 173 | } 174 | properties: { 175 | publicIPAllocationMethod: 'Dynamic' 176 | publicIPAddressVersion: 'IPv4' 177 | dnsSettings: { 178 | domainNameLabel: dnsLabelPrefix 179 | } 180 | idleTimeoutInMinutes: 4 181 | } 182 | } 183 | 184 | resource vm 'Microsoft.Compute/virtualMachines@2021-11-01' = { 185 | name: vmName 186 | location: location 187 | properties: { 188 | hardwareProfile: { 189 | vmSize: vmSize 190 | } 191 | storageProfile: { 192 | osDisk: { 193 | createOption: 'FromImage' 194 | managedDisk: { 195 | storageAccountType: osDiskType 196 | } 197 | } 198 | imageReference: imageReference[ubuntuOSVersion] 199 | } 200 | networkProfile: { 201 | networkInterfaces: [ 202 | { 203 | id: networkInterface.id 204 | } 205 | ] 206 | } 207 | osProfile: { 208 | computerName: vmName 209 | adminUsername: adminUsername 210 | adminPassword: adminPasswordOrKey 211 | linuxConfiguration: ((authenticationType == 'password') ? null : linuxConfiguration) 212 | } 213 | securityProfile: ((securityType == 'TrustedLaunch') ? securityProfileJson : json('null')) 214 | } 215 | } 216 | 217 | resource vmExtension 'Microsoft.Compute/virtualMachines/extensions@2022-03-01' = if ((securityType == 'TrustedLaunch') && ((securityProfileJson.uefiSettings.secureBootEnabled == true) && (securityProfileJson.uefiSettings.vTpmEnabled == true))) { 218 | parent: vm 219 | name: extensionName 220 | location: location 221 | properties: { 222 | publisher: extensionPublisher 223 | type: extensionName 224 | typeHandlerVersion: extensionVersion 225 | autoUpgradeMinorVersion: true 226 | settings: { 227 | AttestationConfig: { 228 | MaaSettings: { 229 | maaEndpoint: maaEndpoint 230 | maaTenantName: maaTenantName 231 | } 232 | } 233 | } 234 | } 235 | } 236 | 237 | output adminUsername string = adminUsername 238 | output hostname string = publicIPAddress.properties.dnsSettings.fqdn 239 | output sshCommand string = 'ssh ${adminUsername}@${publicIPAddress.properties.dnsSettings.fqdn}' 240 | -------------------------------------------------------------------------------- /ACC-VM-Win/win-vm.bicep: -------------------------------------------------------------------------------- 1 | @description('Username for the Virtual Machine.') 2 | param adminUsername string 3 | 4 | @description('Password for the Virtual Machine.') 5 | @minLength(12) 6 | @secure() 7 | param adminPassword string 8 | 9 | @description('Unique DNS Name for the Public IP used to access the Virtual Machine.') 10 | param dnsLabelPrefix string = toLower('${vmName}-${uniqueString(resourceGroup().id, vmName)}') 11 | 12 | @description('Name for the Public IP used to access the Virtual Machine.') 13 | param publicIpName string = 'myPublicIP' 14 | 15 | @description('Allocation method for the Public IP used to access the Virtual Machine.') 16 | @allowed([ 17 | 'Dynamic' 18 | 'Static' 19 | ]) 20 | param publicIPAllocationMethod string = 'Dynamic' 21 | 22 | @description('SKU for the Public IP used to access the Virtual Machine.') 23 | @allowed([ 24 | 'Basic' 25 | 'Standard' 26 | ]) 27 | param publicIpSku string = 'Basic' 28 | 29 | @description('The Windows version for the VM. This will pick a fully patched image of this given Windows version.') 30 | @allowed([ 31 | '2016-datacenter-gensecond' 32 | '2016-datacenter-server-core-g2' 33 | '2016-datacenter-server-core-smalldisk-g2' 34 | '2016-datacenter-smalldisk-g2' 35 | '2016-datacenter-with-containers-g2' 36 | '2016-datacenter-zhcn-g2' 37 | '2019-datacenter-core-g2' 38 | '2019-datacenter-core-smalldisk-g2' 39 | '2019-datacenter-core-with-containers-g2' 40 | '2019-datacenter-core-with-containers-smalldisk-g2' 41 | '2019-datacenter-gensecond' 42 | '2019-datacenter-smalldisk-g2' 43 | '2019-datacenter-with-containers-g2' 44 | '2019-datacenter-with-containers-smalldisk-g2' 45 | '2019-datacenter-zhcn-g2' 46 | '2022-datacenter-azure-edition' 47 | '2022-datacenter-azure-edition-core' 48 | '2022-datacenter-azure-edition-core-smalldisk' 49 | '2022-datacenter-azure-edition-smalldisk' 50 | '2022-datacenter-core-g2' 51 | '2022-datacenter-core-smalldisk-g2' 52 | '2022-datacenter-g2' 53 | '2022-datacenter-smalldisk-g2' 54 | ]) 55 | param OSVersion string = '2022-datacenter-azure-edition' 56 | 57 | @description('Size of the virtual machine.') 58 | param vmSize string = 'Standard_D2s_v5' 59 | 60 | @description('Location for all resources.') 61 | param location string = resourceGroup().location 62 | 63 | @description('Name of the virtual machine.') 64 | param vmName string = 'simple-vm' 65 | 66 | @description('Security Type of the Virtual Machine.') 67 | @allowed([ 68 | 'Standard' 69 | 'TrustedLaunch' 70 | ]) 71 | param securityType string = 'TrustedLaunch' 72 | 73 | var storageAccountName = 'bootdiags${uniqueString(resourceGroup().id)}' 74 | var nicName = 'myVMNic' 75 | var addressPrefix = '10.0.0.0/16' 76 | var subnetName = 'Subnet' 77 | var subnetPrefix = '10.0.0.0/24' 78 | var virtualNetworkName = 'MyVNET' 79 | var networkSecurityGroupName = 'default-NSG' 80 | var securityProfileJson = { 81 | uefiSettings: { 82 | secureBootEnabled: true 83 | vTpmEnabled: true 84 | } 85 | securityType: securityType 86 | } 87 | var extensionName = 'GuestAttestation' 88 | var extensionPublisher = 'Microsoft.Azure.Security.WindowsAttestation' 89 | var extensionVersion = '1.0' 90 | var maaTenantName = 'GuestAttestation' 91 | var maaEndpoint = substring('emptyString', 0, 0) 92 | 93 | resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = { 94 | name: storageAccountName 95 | location: location 96 | sku: { 97 | name: 'Standard_LRS' 98 | } 99 | kind: 'Storage' 100 | } 101 | 102 | resource publicIp 'Microsoft.Network/publicIPAddresses@2022-05-01' = { 103 | name: publicIpName 104 | location: location 105 | sku: { 106 | name: publicIpSku 107 | } 108 | properties: { 109 | publicIPAllocationMethod: publicIPAllocationMethod 110 | dnsSettings: { 111 | domainNameLabel: dnsLabelPrefix 112 | } 113 | } 114 | } 115 | 116 | resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2022-05-01' = { 117 | name: networkSecurityGroupName 118 | location: location 119 | properties: { 120 | securityRules: [ 121 | { 122 | name: 'default-allow-3389' 123 | properties: { 124 | priority: 1000 125 | access: 'Allow' 126 | direction: 'Inbound' 127 | destinationPortRange: '3389' 128 | protocol: 'Tcp' 129 | sourcePortRange: '*' 130 | sourceAddressPrefix: '*' 131 | destinationAddressPrefix: '*' 132 | } 133 | } 134 | ] 135 | } 136 | } 137 | 138 | resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-05-01' = { 139 | name: virtualNetworkName 140 | location: location 141 | properties: { 142 | addressSpace: { 143 | addressPrefixes: [ 144 | addressPrefix 145 | ] 146 | } 147 | subnets: [ 148 | { 149 | name: subnetName 150 | properties: { 151 | addressPrefix: subnetPrefix 152 | networkSecurityGroup: { 153 | id: networkSecurityGroup.id 154 | } 155 | } 156 | } 157 | ] 158 | } 159 | } 160 | 161 | resource nic 'Microsoft.Network/networkInterfaces@2022-05-01' = { 162 | name: nicName 163 | location: location 164 | properties: { 165 | ipConfigurations: [ 166 | { 167 | name: 'ipconfig1' 168 | properties: { 169 | privateIPAllocationMethod: 'Dynamic' 170 | publicIPAddress: { 171 | id: publicIp.id 172 | } 173 | subnet: { 174 | id: resourceId('Microsoft.Network/virtualNetworks/subnets', virtualNetworkName, subnetName) 175 | } 176 | } 177 | } 178 | ] 179 | } 180 | dependsOn: [ 181 | 182 | virtualNetwork 183 | ] 184 | } 185 | 186 | resource vm 'Microsoft.Compute/virtualMachines@2022-03-01' = { 187 | name: vmName 188 | location: location 189 | properties: { 190 | hardwareProfile: { 191 | vmSize: vmSize 192 | } 193 | osProfile: { 194 | computerName: vmName 195 | adminUsername: adminUsername 196 | adminPassword: adminPassword 197 | } 198 | storageProfile: { 199 | imageReference: { 200 | publisher: 'MicrosoftWindowsServer' 201 | offer: 'WindowsServer' 202 | sku: OSVersion 203 | version: 'latest' 204 | } 205 | osDisk: { 206 | createOption: 'FromImage' 207 | managedDisk: { 208 | storageAccountType: 'StandardSSD_LRS' 209 | } 210 | } 211 | dataDisks: [ 212 | { 213 | diskSizeGB: 1023 214 | lun: 0 215 | createOption: 'Empty' 216 | } 217 | ] 218 | } 219 | networkProfile: { 220 | networkInterfaces: [ 221 | { 222 | id: nic.id 223 | } 224 | ] 225 | } 226 | diagnosticsProfile: { 227 | bootDiagnostics: { 228 | enabled: true 229 | storageUri: storageAccount.properties.primaryEndpoints.blob 230 | } 231 | } 232 | securityProfile: ((securityType == 'TrustedLaunch') ? securityProfileJson : null) 233 | } 234 | } 235 | 236 | resource vmExtension 'Microsoft.Compute/virtualMachines/extensions@2022-03-01' = if ((securityType == 'TrustedLaunch') && ((securityProfileJson.uefiSettings.secureBootEnabled == true) && (securityProfileJson.uefiSettings.vTpmEnabled == true))) { 237 | parent: vm 238 | name: extensionName 239 | location: location 240 | properties: { 241 | publisher: extensionPublisher 242 | type: extensionName 243 | typeHandlerVersion: extensionVersion 244 | autoUpgradeMinorVersion: true 245 | enableAutomaticUpgrade: true 246 | settings: { 247 | AttestationConfig: { 248 | MaaSettings: { 249 | maaEndpoint: maaEndpoint 250 | maaTenantName: maaTenantName 251 | } 252 | } 253 | } 254 | } 255 | } 256 | 257 | output hostname string = publicIp.properties.dnsSettings.fqdn 258 | --------------------------------------------------------------------------------