Skip to content

Commit 6f0747b

Browse files
committed
edit pass: container-instances-tutorial-deploy-confidential-containers-cce-arm
1 parent c08f437 commit 6f0747b

File tree

2 files changed

+9
-9
lines changed

2 files changed

+9
-9
lines changed

articles/container-instances/container-instances-tutorial-deploy-confidential-containers-cce-arm.md

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
title: Tutorial - Prepare a deployment for a confidential container on Azure Container Instances
2+
title: "Tutorial: Prepare a deployment for a confidential container on Azure Container Instances"
33
description: Learn how to create an Azure Resource Manager template for a confidential container deployment with a custom confidential computing enforcement policy.
44
ms.topic: tutorial
55
ms.author: tomcassidy
@@ -28,7 +28,7 @@ In this tutorial, you learn how to:
2828

2929
## Create an ARM template for a Container Instances container group
3030

31-
In this tutorial, you deploy a Hello World application that generates a hardware attestation report. You start by creating an ARM template with a container group resource to define the properties of this application. You'll use this ARM template with the Azure CLI confcom tooling to generate a CCE policy for attestation.
31+
In this tutorial, you deploy a Hello World application that generates a hardware attestation report. You start by creating an ARM template with a container group resource to define the properties of this application. You then use this ARM template with the Azure CLI confcom tooling to generate a CCE policy for attestation.
3232

3333
This tutorial uses [this ARM template](https://raw.githubusercontent.com/Azure-Samples/aci-confidential-hello-world/main/template.json?token=GHSAT0AAAAAAB5B6SJ7VUYU3G6MMQUL7KKKY7QBZBA). To view the source code for this application, see [Azure Container Instances Confidential Hello World](https://aka.ms/ccacihelloworld).
3434

@@ -166,7 +166,7 @@ With the ARM template that you crafted and the Azure CLI confcom extension, you
166166
az confcom acipolicygen -a .\template.json --print-policy
167167
```
168168

169-
When this command finishes, you should see a Base64 string generated as output in the following format. This string is the CCE policy that you copy and paste into your ARM template as the value of the `ccePolicy` property.
169+
When this command finishes, a Base64 string generated as output should appear in the following format. This string is the CCE policy that you copy and paste into your ARM template as the value of the `ccePolicy` property.
170170

171171
```output
172172
cGFja2FnZSBwb2xpY3kKCmFwaV9zdm4gOj0gIjAuOS4wIgoKaW1wb3J0IGZ1dHVyZS5rZXl3b3Jkcy5ldmVyeQppbXBvcnQgZnV0dXJlLmtleXdvcmRzLmluCgpmcmFnbWVudHMgOj0gWwpdCgpjb250YWluZXJzIDo9IFsKICAgIHsKICAgICAgICAiY29tbWFuZCI6IFsiL3BhdXNlIl0sCiAgICAgICAgImVudl9ydWxlcyI6IFt7InBhdHRlcm4iOiAiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCAic3RyYXRlZ3kiOiAic3RyaW5nIiwgInJlcXVpcmVkIjogdHJ1ZX0seyJwYXR0ZXJuIjogIlRFUk09eHRlcm0iLCAic3RyYXRlZ3kiOiAic3RyaW5nIiwgInJlcXVpcmVkIjogZmFsc2V9XSwKICAgICAgICAibGF5ZXJzIjogWyIxNmI1MTQwNTdhMDZhZDY2NWY5MmMwMjg2M2FjYTA3NGZkNTk3NmM3NTVkMjZiZmYxNjM2NTI5OTE2OWU4NDE1Il0sCiAgICAgICAgIm1vdW50cyI6IFtdLAogICAgICAgICJleGVjX3Byb2Nlc3NlcyI6IFtdLAogICAgICAgICJzaWduYWxzIjogW10sCiAgICAgICAgImFsbG93X2VsZXZhdGVkIjogZmFsc2UsCiAgICAgICAgIndvcmtpbmdfZGlyIjogIi8iCiAgICB9LApdCmFsbG93X3Byb3BlcnRpZXNfYWNjZXNzIDo9IHRydWUKYWxsb3dfZHVtcF9zdGFja3MgOj0gdHJ1ZQphbGxvd19ydW50aW1lX2xvZ2dpbmcgOj0gdHJ1ZQphbGxvd19lbnZpcm9ubWVudF92YXJpYWJsZV9kcm9wcGluZyA6PSB0cnVlCmFsbG93X3VuZW5jcnlwdGVkX3NjcmF0Y2ggOj0gdHJ1ZQoKCm1vdW50X2RldmljZSA6PSB7ICJhbGxvd2VkIiA6IHRydWUgfQp1bm1vdW50X2RldmljZSA6PSB7ICJhbGxvd2VkIiA6IHRydWUgfQptb3VudF9vdmVybGF5IDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CnVubW91bnRfb3ZlcmxheSA6PSB7ICJhbGxvd2VkIiA6IHRydWUgfQpjcmVhdGVfY29udGFpbmVyIDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CmV4ZWNfaW5fY29udGFpbmVyIDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CmV4ZWNfZXh0ZXJuYWwgOj0geyAiYWxsb3dlZCIgOiB0cnVlIH0Kc2h1dGRvd25fY29udGFpbmVyIDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CnNpZ25hbF9jb250YWluZXJfcHJvY2VzcyA6PSB7ICJhbGxvd2VkIiA6IHRydWUgfQpwbGFuOV9tb3VudCA6PSB7ICJhbGxvd2VkIiA6IHRydWUgfQpwbGFuOV91bm1vdW50IDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CmdldF9wcm9wZXJ0aWVzIDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CmR1bXBfc3RhY2tzIDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CnJ1bnRpbWVfbG9nZ2luZyA6PSB7ICJhbGxvd2VkIiA6IHRydWUgfQpsb2FkX2ZyYWdtZW50IDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CnNjcmF0Y2hfbW91bnQgOj0geyAiYWxsb3dlZCIgOiB0cnVlIH0Kc2NyYXRjaF91bm1vdW50IDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CnJlYXNvbiA6PSB7ImVycm9ycyI6IGRhdGEuZnJhbWV3b3JrLmVycm9yc30K
@@ -176,7 +176,7 @@ With the ARM template that you crafted and the Azure CLI confcom extension, you
176176

177177
## Deploy the template
178178

179-
In the following steps, you use the Azure portal to deploy the template. In addition to the Azure portal, you can use the Azure PowerShell, Azure CLI, and REST API. To learn about other deployment methods, see [Deploy templates](../azure-resource-manager/templates/deploy-cli.md).
179+
In the following steps, you use the Azure portal to deploy the template. You can also use Azure PowerShell, the Azure CLI, and the REST API. To learn about other deployment methods, see [Deploy templates](../azure-resource-manager/templates/deploy-cli.md).
180180

181181
1. Select the **Deploy to Azure** button to sign in to Azure and begin a Container Instances deployment.
182182

@@ -188,7 +188,7 @@ In the following steps, you use the Azure portal to deploy the template. In addi
188188

189189
The template JSON that appears is mostly blank.
190190

191-
1. Select **Load file** and upload **template.json**, which you modified by adding the CCE policy in the previous steps.
191+
1. Select **Load file** and upload *template.json*, which you modified by adding the CCE policy in the previous steps.
192192

193193
![Screenshot of the button for loading a file.](./media/container-instances-confidential-containers-tutorials/confidential-containers-cce-load-file.png)
194194

@@ -198,8 +198,8 @@ In the following steps, you use the Azure portal to deploy the template. In addi
198198

199199
* **Subscription**: Select an Azure subscription.
200200
* **Resource group**: Select **Create new**, enter a unique name for the resource group, and then select **OK**.
201-
* **Location**: Select a location for the resource group. Choose a region where [confidential containers are supported](./container-instances-region-availability.md#linux-container-groups). Example: **North Europe**.
202201
* **Name**: Accept the generated name for the instance, or enter a name.
202+
* **Location**: Select a location for the resource group. Choose a region where [confidential containers are supported](./container-instances-region-availability.md#linux-container-groups). Example: **North Europe**.
203203
* **Image**: Accept the default image name. This sample Linux image displays a hardware attestation.
204204

205205
Accept default values for the remaining properties, and then select **Review + create**.
@@ -228,11 +228,11 @@ In the following steps, you use the Azure portal to review the properties of the
228228

229229
The presence of the attestation report below the Azure Container Instances logo confirms that the container is running on hardware that supports a TEE.
230230

231-
If you deploy to hardware that doesn't support a TEE (for example, by choosing a region where Container Instances Confidential is not available), no attestation report will appear.
231+
If you deploy to hardware that doesn't support a TEE (for example, by choosing a region where Container Instances Confidential is not available), no attestation report appears.
232232

233233
## Related content
234234

235-
Now that you deployed a confidential container group on Container Instances, you can learn more about how policies are enforced:
235+
Now that you've deployed a confidential container group on Container Instances, you can learn more about how policies are enforced:
236236

237237
* [Confidential containers on Azure Container Instances](./container-instances-confidential-overview.md)
238238
* [Azure CLI confcom extension examples](https://github.com/Azure/azure-cli-extensions/blob/main/src/confcom/azext_confcom/README.md)

includes/container-instances-tutorial-prerequisites-confidential-containers.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ To complete this tutorial, you must satisfy the following requirements:
1515

1616
* **Azure CLI**: You must have Azure CLI version 2.44.1 or later installed on your local computer. To find your version, run `az --version`. If you need to install or upgrade, see [Install the Azure CLI][azure-cli-install].
1717

18-
* **Azure CLI confcom extension**: You must have the Azure CLI confcom extension version 0.30+ installed to generate confidential computing enforcement policies.
18+
* **Azure CLI confcom extension**: You must have Azure CLI confcom extension version 0.30+ installed to generate confidential computing enforcement policies.
1919

2020
```bash
2121
az extension add -n confcom

0 commit comments

Comments
 (0)