arm/cluster.json
|
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.1", "parameters": { "rgName": { "type": "string" }, "rgLocation": { "type": "string" }, "storagePostfix": { "type": "string", "maxLength": 11 }, "keyVaultPostfix": { "type": "string", "maxLength": 11 }, "networkSecurityGroupName": { "type": "string", "maxLength": 24 }, "tenantId": { "type": "string", "metadata": { "description": "Tenant Id for the subscription and use assigned access to the vault. Available from the Get-AzureRMSubscription PowerShell cmdlet" } }, "objectId": { "type": "string", "metadata": { "description": "Object Id of the AAD user or service principal that will have access to the vault. Available from the Get-AzureRMADUser or the Get-AzureRMADServicePrincipal cmdlets" } }, "objectIdForServicePrincipal": { "type": "string", "metadata": { "description": "Object Id of the AAD user or service principal that will have access to the vault. Available from the Get-AzureRMADUser or the Get-AzureRMADServicePrincipal cmdlets" } }, "keysPermissions": { "type": "array", "defaultValue": [ "all" ], "metadata": { "description": "Permissions to grant user to keys in the vault. Valid values are: all, create, import, update, get, list, delete, backup, restore, encrypt, decrypt, wrapkey, unwrapkey, sign, and verify." } }, "secretsPermissions": { "type": "array", "defaultValue": [ "all" ], "metadata": { "description": "Permissions to grant user to secrets in the vault. Valid values are: all, get, set, list, and delete." } }, "vaultSku": { "type": "string", "defaultValue": "Standard", "allowedValues": [ "Standard", "Premium" ], "metadata": { "description": "SKU for the vault" } }, "enabledForDeployment": { "type": "bool", "defaultValue": true, "metadata": { "description": "Specifies if the vault is enabled for VM or Service Fabric deployment" } }, "enabledForTemplateDeployment": { "type": "bool", "defaultValue": true, "metadata": { "description": "Specifies if the vault is enabled for ARM template deployment" } }, "enableVaultForVolumeEncryption": { "type": "bool", "defaultValue": false, "metadata": { "description": "Specifies if the vault is enabled for volume encryption" } }, "secretName": { "type": "string", "metadata": { "description": "Name of the secret to store in the vault" } }, "secretValue": { "type": "string", "metadata": { "description": "Value of the secret to store in the vault" } } }, "variables": { "storageName": "[concat(parameters('rgName'), parameters('storagePostfix'))]", "keyVaultName": "[concat(parameters('rgName'), parameters('keyVaultPostfix'))]" }, "resources": [ { "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2017-10-01", "name": "[variables('storageName')]", "location": "[parameters('rgLocation')]", "kind": "StorageV2", "sku": { "name": "Standard_LRS" } }, { "type": "Microsoft.KeyVault/vaults", "apiVersion": "2015-06-01", "name": "[variables('keyVaultName')]", "location": "[resourceGroup().location]", "tags": { "displayName": "[variables('keyVaultName')]" }, "properties": { "enabledForDeployment": "[parameters('enabledForDeployment')]", "enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]", "enabledForVolumeEncryption": "[parameters('enableVaultForVolumeEncryption')]", "tenantId": "[parameters('tenantId')]", "accessPolicies": [ { "tenantId": "[parameters('tenantId')]", "objectId": "[parameters('objectId')]", "permissions": { "keys": "[parameters('keysPermissions')]", "secrets": "[parameters('secretsPermissions')]" } }, { "tenantId": "[parameters('tenantId')]", "objectId": "[parameters('objectIdForServicePrincipal')]", "permissions": { "keys": "[parameters('keysPermissions')]", "secrets": "[parameters('secretsPermissions')]" } } ], "sku": { "name": "[parameters('vaultSku')]", "family": "A" } }, "resources": [ { "type": "secrets", "name": "[parameters('secretName')]", "apiVersion": "2015-06-01", "properties": { "value": "[parameters('secretValue')]" }, "dependsOn": [ "[concat('Microsoft.KeyVault/vaults/', variables('keyVaultName'))]" ] } ] }, { "apiVersion": "2017-06-01", "type": "Microsoft.Network/networkSecurityGroups", "name": "[parameters('networkSecurityGroupName')]", "location": "[resourceGroup().location]", "properties": { "securityRules": [] } }, { "apiVersion": "2015-06-15", "type": "Microsoft.Network/publicIPAddresses", "name": "IngressPublicIP", "location": "[resourceGroup().location]", "tags": { "displayName": "IngressPublicIP" }, "properties": { "publicIPAllocationMethod": "Static" } } ], "outputs": {} } |