PSRule.Rules.Azure/docs/examples-keyvault.json

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.28.1.47646",
      "templateHash": "14429599704704727241"
    }
  },
  "parameters": {
    "name": {
      "type": "string",
      "metadata": {
        "description": "The name of the resource."
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "The location resources will be deployed."
      }
    },
    "objectId": {
      "type": "string",
      "metadata": {
        "description": "The principal GUID of the object to assign to the access policy."
      }
    },
    "workspaceId": {
      "type": "string",
      "metadata": {
        "description": "A resource ID to a Log Analytics workspace."
      }
    }
  },
  "resources": [
    {
      "type": "Microsoft.KeyVault/vaults",
      "apiVersion": "2023-07-01",
      "name": "[parameters('name')]",
      "location": "[parameters('location')]",
      "properties": {
        "sku": {
          "family": "A",
          "name": "premium"
        },
        "tenantId": "[tenant().tenantId]",
        "softDeleteRetentionInDays": 90,
        "enableSoftDelete": true,
        "enablePurgeProtection": true,
        "accessPolicies": [
          {
            "objectId": "[parameters('objectId')]",
            "permissions": {
              "secrets": [
                "get",
                "list",
                "set"
              ]
            },
            "tenantId": "[tenant().tenantId]"
          }
        ]
      }
    },
    {
      "type": "Microsoft.KeyVault/vaults",
      "apiVersion": "2023-07-01",
      "name": "[parameters('name')]",
      "location": "[parameters('location')]",
      "properties": {
        "sku": {
          "family": "A",
          "name": "premium"
        },
        "tenantId": "[tenant().tenantId]",
        "softDeleteRetentionInDays": 90,
        "enableSoftDelete": true,
        "enablePurgeProtection": true,
        "enableRbacAuthorization": true,
        "networkAcls": {
          "defaultAction": "Deny",
          "bypass": "AzureServices"
        }
      }
    },
    {
      "type": "Microsoft.Insights/diagnosticSettings",
      "apiVersion": "2021-05-01-preview",
      "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('name'))]",
      "name": "logs",
      "properties": {
        "workspaceId": "[parameters('workspaceId')]",
        "logs": [
          {
            "category": "AuditEvent",
            "enabled": true
          }
        ]
      },
      "dependsOn": [
        "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]"
      ]
    }
  ]
}