122 строки
2.5 KiB
Bicep
122 строки
2.5 KiB
Bicep
// Copyright (c) Microsoft Corporation.
|
|
// Licensed under the MIT License.
|
|
|
|
// Bicep documentation examples
|
|
|
|
@description('The location resources will be deployed.')
|
|
param location string = resourceGroup().location
|
|
|
|
// An example NSG with a single rule to deny outbound management traffic
|
|
resource nsg 'Microsoft.Network/networkSecurityGroups@2021-02-01' = {
|
|
name: 'nsg-001'
|
|
location: location
|
|
properties: {
|
|
securityRules: [
|
|
{
|
|
name: 'deny-hop-outbound'
|
|
properties: {
|
|
priority: 200
|
|
access: 'Deny'
|
|
protocol: 'Tcp'
|
|
direction: 'Outbound'
|
|
sourceAddressPrefix: 'VirtualNetwork'
|
|
destinationAddressPrefix: '*'
|
|
destinationPortRanges: [
|
|
'3389'
|
|
'22'
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
|
|
// An example App Gateway v2 with WAF enabled
|
|
resource appGw 'Microsoft.Network/applicationGateways@2021-02-01' = {
|
|
name: 'appGw-001'
|
|
location: location
|
|
properties: {
|
|
sku: {
|
|
name: 'WAF_v2'
|
|
tier: 'WAF_v2'
|
|
}
|
|
webApplicationFirewallConfiguration: {
|
|
enabled: true
|
|
firewallMode: 'Prevention'
|
|
ruleSetType: 'OWASP'
|
|
ruleSetVersion: '3.0'
|
|
}
|
|
}
|
|
}
|
|
|
|
// An example VNET with NSG configured
|
|
resource vnet 'Microsoft.Network/virtualNetworks@2021-02-01' = {
|
|
name: 'vnet-001'
|
|
location: location
|
|
properties: {
|
|
addressSpace: {
|
|
addressPrefixes: [
|
|
'10.0.0.0/16'
|
|
]
|
|
}
|
|
dhcpOptions: {
|
|
dnsServers: [
|
|
'10.0.1.4'
|
|
'10.0.1.5'
|
|
]
|
|
}
|
|
subnets: [
|
|
{
|
|
name: 'GatewaySubnet'
|
|
properties: {
|
|
addressPrefix: '10.0.0.0/24'
|
|
}
|
|
}
|
|
{
|
|
name: 'snet-001'
|
|
properties: {
|
|
addressPrefix: '10.0.1.0/24'
|
|
networkSecurityGroup: {
|
|
id: nsg.id
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
|
|
// An example storage account
|
|
resource st0000001 'Microsoft.Storage/storageAccounts@2021-04-01' = {
|
|
name: 'st0000001'
|
|
location: location
|
|
sku: {
|
|
name: 'Standard_GRS'
|
|
}
|
|
kind: 'StorageV2'
|
|
properties: {
|
|
supportsHttpsTrafficOnly: true
|
|
accessTier: 'Hot'
|
|
allowBlobPublicAccess: false
|
|
minimumTlsVersion: 'TLS1_2'
|
|
networkAcls: {
|
|
defaultAction: 'Deny'
|
|
}
|
|
}
|
|
}
|
|
|
|
// An example configuration for blob storage account
|
|
resource st0000001_blob 'Microsoft.Storage/storageAccounts/blobServices@2021-04-01' = {
|
|
name: 'default'
|
|
parent: st0000001
|
|
properties: {
|
|
deleteRetentionPolicy: {
|
|
enabled: true
|
|
days: 7
|
|
}
|
|
containerDeleteRetentionPolicy: {
|
|
enabled: true
|
|
days: 7
|
|
}
|
|
}
|
|
}
|