Public/Core/keyvault/New-CmAzCoreKeyVault.json
|
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "ActionGroup": { "type": "Object" }, "KeyvaultDetails": { "type": "SecureObject" }, "ObjectID": { "type": "String" }, "Workspace": { "type": "Object" } }, "resources": [ { "name": "[concat('KeyvaultTemplates', copyIndex('KeyVaultCopy'))]", "type": "Microsoft.Resources/Deployments", "apiVersion": "2019-10-01", "properties": { "mode": "Incremental", "expressionEvaluationOptions": { "scope": "inner" }, "parameters": { "ActionGroupInner": { "value": "[parameters('ActionGroup')]" }, "KeyvaultInner": { "Value": "[parameters('KeyvaultDetails').keyVaults[copyIndex('KeyVaultCopy')]]" }, "ObjectIdInner": { "Value": "[parameters('ObjectId')]" }, "WorkspaceInner": { "value": "[parameters('Workspace')]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "ActionGroupInner": { "type": "Object" }, "KeyvaultInner": { "type": "SecureObject" }, "ObjectIdInner": { "type": "String" }, "WorkspaceInner": { "type": "Object" } }, "variables": { "workspaceRetentionPolicy": { "enabled": true, "days": 30 } }, "resources": [ { "name": "[parameters('KeyvaultInner').name]", "type": "Microsoft.KeyVault/Vaults", "apiVersion": "2016-10-01", "location": "[parameters('KeyvaultInner').location]", "tags": { "cm-service": "[parameters('KeyvaultInner').service.publish.keyvault]" }, "properties": { "enabledForDeployment": true, "enabledForTemplateDeployment": true, "enabledForDiskEncryption": true, "tenantId": "[subscription().tenantId]", "accessPolicies": [ { "tenantId": "[subscription().tenantId]", "objectId": "[parameters('ObjectIDInner')]", "permissions": { "keys": [ "encrypt", "decrypt", "wrapKey", "unwrapKey", "sign", "verify", "get", "list", "create", "update", "import", "delete", "backup", "restore", "recover" ], "secrets": [ "get", "list", "set", "delete", "backup", "restore", "recover" ], "certificates": [ "get", "list", "delete", "create", "import", "update", "backup", "restore", "managecontacts", "getissuers", "listissuers", "setissuers", "deleteissuers", "manageissuers", "recover" ], "storage": [ "get", "list", "delete", "set", "update", "regeneratekey", "setsas", "listsas", "getsas", "deletesas" ] } } ], "enableSoftDelete": "[parameters('KeyvaultInner').enableSoftDelete]", "softDeleteRetentionInDays": "[parameters('KeyvaultInner').softDeleteRetentionInDays]", "enablePurgeProtection": "[parameters('KeyvaultInner').enablePurgeProtection]", "sku": { "name": "standard", "family": "A" } } }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2019-09-01", "name": "[concat(parameters('KeyvaultInner').name, '/', parameters('KeyvaultInner').secrets[copyIndex('SecretCopy')].name)]", "location": "[resourceGroup().location]", "dependsOn": [ "[parameters('KeyvaultInner').name]" ], "properties": { "value": "[parameters('KeyvaultInner').secrets[copyIndex('SecretCopy')].value]" }, "copy": { "name": "SecretCopy", "count": "[length(parameters('KeyvaultInner').secrets)]" } }, { "type": "Microsoft.KeyVault/Vaults/Providers/DiagnosticSettings", "name": "[concat(parameters('KeyvaultInner').name, '/Microsoft.Insights/Service')]", "apiVersion": "2016-09-01", "location": "[parameters('KeyvaultInner').location]", "dependsOn": [ "[parameters('KeyvaultInner').name]" ], "properties": { "workspaceId": "[resourceId(parameters('WorkspaceInner').resourceGroupName, 'Microsoft.OperationalInsights/Workspaces', parameters('WorkspaceInner').name)]", "logs": [ { "category": "AuditEvent", "enabled": true, "retentionPolicy": "[variables('workspaceRetentionPolicy')]" } ] } }, { "type": "Microsoft.Insights/ActivityLogAlerts", "apiVersion": "2017-04-01", "name": "[concat(parameters('KeyvaultInner').name, 'Admin')]", "location": "Global", "dependsOn": [ "[parameters('KeyvaultInner').name]" ], "tags": { "cm-service": "[parameters('KeyvaultInner').service.publish.activityLogAlert]" }, "properties": { "scopes": [ "[subscription().Id]" ], "condition": { "allOf": [ { "field": "category", "equals": "Administrative" }, { "field": "resourceId", "equals": "[resourceId('Microsoft.KeyVault/Vaults', parameters('KeyvaultInner').name)]" } ] }, "actions": { "actionGroups": [ { "actionGroupId": "[resourceId(parameters('ActionGroupInner').resourceGroupName, 'Microsoft.Insights/ActionGroups', parameters('ActionGroupInner').name)]", "webhookProperties": {} } ] }, "enabled": true } } ] } }, "copy": { "name": "KeyVaultCopy", "count": "[length(parameters('KeyvaultDetails').keyVaults)]" } } ] } |