Bicep
Last updated
Last updated
With Bicep we need only one file which is located in the directory c:\osdcloud\bicep.
Here is the content of the bicep file, we are only interested in line 62-63 we must come here and insert the Technicien Id.
@description('Specifies the name of the Azure Storage account.')
param storageAccountName string ='azosdcloud'
@description('Specifies the name of the Azure Storage account.')
param StorageAccuntList string ='azosdscripts'
@description('Specifies the name of the blob for logs container.')
param containerName string = 'logs'
@description('Specifies the location in which the Azure Storage resources should be deployed.')
param location string = resourceGroup().location
@description('Specifies container object list for wim images.')
param containers object = {
c1:{
name: 'server'
type: 'Container'
}
c2:{
name: 'retail'
type: 'Container'
}
c3:{
name: 'insiders'
type: 'Container'
}
c4:{
name: 'driverpack'
type: 'Container'
}
c5:{
name: 'bootimage'
type: 'Container'
}
}
@description('Specifies container object list for powershell scripts, packages, unattend.')
param scripts object = {
c1:{
name: 'scripts'
type: 'Container'
}
c2:{
name: 'packages'
type: 'Container'
}
c3:{
name: 'unattend'
type: 'Container'
}
c4:{
name: 'others'
type: 'Container'
}
}
@description('This is the built-in Storage Blob Data Reader.')
resource StorageBlobDataReaderDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
scope: subscription()
name: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'
}
@description('This is the ID for the AzureADAccount who can access.')
param principalId string = ''
resource AzStorage 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: storageAccountName
location: location
tags : {
OSDCloud :'production'
}
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
allowBlobPublicAccess: true
allowSharedKeyAccess:true
minimumTlsVersion: 'TLS1_2'
defaultToOAuthAuthentication: true
}
}
resource AzScripts 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: StorageAccuntList
location: location
tags : {
OSDScripts :'powershell'
}
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
allowBlobPublicAccess: true
allowSharedKeyAccess:true
allowCrossTenantReplication: true
minimumTlsVersion: 'TLS1_2'
defaultToOAuthAuthentication: true
}
}
resource log 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' = {
name: '${AzStorage.name}/default/${containerName}'
}
resource containerlist 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' =[for cont in items(containers):{
name:'${AzStorage.name}/default/${cont.value.name}'
properties: {
publicAccess: cont.value.type
}
}]
resource containerscriptlist 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' =[for cont in items(scripts):{
name:'${AzScripts.name}/default/${cont.value.name}'
properties: {
publicAccess: cont.value.type
}
}]
resource ActivateFeedStorage 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' = {
name: 'default'
parent: AzStorage
properties: {
changeFeed: {
enabled: true
}
}
}
resource ActivateFeedScript 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' = {
name: 'default'
parent: AzScripts
properties: {
changeFeed: {
enabled: true
}
}
}
resource roleAssignmentAzStorage 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = {
scope: AzStorage
name: guid(AzStorage.id, principalId, StorageBlobDataReaderDefinition.id)
properties: {
roleDefinitionId: StorageBlobDataReaderDefinition.id
principalId: principalId
principalType: 'User'
}
}
resource roleAssignmentAzSScripts 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = {
scope: AzScripts
name: guid(AzScripts.id, principalId, StorageBlobDataReaderDefinition.id)
properties: {
roleDefinitionId: StorageBlobDataReaderDefinition.id
principalId: principalId
principalType: 'User'
}
}
Once this Bicep file is executed your Azure environment will be configured with two storage accounts, one for wim image storage and a second one still expiring for powershell scripts, packages, unattend and others.