- Install az cli
https://docs.microsoft.com/ja-jp/cli/azure/install-azure-cli - bicep install https://github.com/Azure/bicep/blob/main/docs/installing.md#windows-installer
- Edit parameter File
- azuredeploy.parameters.dev.json
- require
xxx.xxx.xxx.xxx -> Your IP Address.
xxx(vmpassword)(At least 12 characters (uppercase, lowercase, and numbers))
xxxx (sshPublicKey)
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(UserObjectID)
xxxxx (keyvaultName) - option
vmuser -> Your choice Virtual Machine User ID.
Standard_D4s_v3 -> Your choice Virtual Machine Size.
- require
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"ipaddress": {
"value": "xxx.xxx.xxx.xxx"
},
"vmsize": {
"value": "Standard_D4s_v3"
},
"vmuser": {
"value": "adminuser"
},
"UserObjectID": {
"value": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
},
"sshPublicKey": {
"value": "xxxx"
},
"keyvaultName": {
"value": "xxxxx"
}
}
}
- Create SSH Private Key
ssh-keygen `
-t rsa `
-b 4096 `
-o `
-C "foo@sample.jpn.com" `
-f .\private_key `
-N passphrase
- View Public Key
ssh-keygen `
-y -f .\private_key
- Execute PowerShell Prompt
- Set Parameter(x)
set-variable -name TENANT_ID "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -option constant
set-variable -name SUBSCRIPTOIN_GUID "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -option constant
set-variable -name BICEP_FILE "main.bicep" -option constant
set-variable -name PARAMETER_FILE "azuredeploy.parameters.dev.json" -option constant
$resourceGroupName = "xxxxx"
$location = "xxxxx"
- Execute PowerShell Prompt
- Set Parameter(x)
setlocal
set TENANT_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
set SUBSCRIPTOIN_GUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
set BICEP_FILE=main.bicep
set PARAMETER_FILE=azuredeploy.parameters.dev.json
set resourceGroupName=xxxxx
set location=xxxxx
- Go to STEP2 (Azure CLI or PowerShell)
- Azure Login
Connect-AzAccount -Tenant ${TENANT_ID} -Subscription ${SUBSCRIPTOIN_GUID}
- Create Resource Group
New-AzResourceGroup -Name ${resourceGroupName} -Location ${location} -Verbose
- Create Deployment
New-AzResourceGroupDeployment `
-Name devenvironment `
-ResourceGroupName ${resourceGroupName} `
-TemplateFile ${BICEP_FILE} `
-TemplateParameterFile ${PARAMETER_FILE} `
-Verbose
- Azure Login
az login -t ${TENANT_ID} --verbose
- Set Subscription
az account set --subscription ${SUBSCRIPTOIN_GUID} --verbose
- Create Resource Group
az group create --name ${resourceGroupName} --location ${location} --verbose
- Deployment Create
az deployment group create --resource-group ${resourceGroupName} --template-file ${BICEP_FILE} --parameters ${PARAMETER_FILE} --verbose
- Azure Login
az login -t %TENANT_ID% --verbose
- Set Subscription
az account set --subscription %SUBSCRIPTOIN_GUID% --verbose
- Create Resource Group
az group create --name %resourceGroupName% --location %location% --verbose
- Deployment Create
az deployment group create --resource-group %resourceGroupName% --template-file %BICEP_FILE% --parameters %PARAMETER_FILE% --verbose
- replace to Key Vault name from from azuredeploy.parameters.dev.json
$keyVaultName = "xxxxx" #keyvaultName from azuredeploy.parameters.dev.json
$keyVault = Get-AzKeyVault -VaultName ${keyVaultName}
- set secret name xxxx-> your secret name
$secretName = "xxxx"
- set SSH private key
ex.)
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCfshZRFC
w2lrwiS516OZTQAAAAEAAAAAEAAAIXAAAAB3NzaC...
-----END OPENSSH PRIVATE KEY-----
$privateKey = @"
xxxx
"@
- Excecute command as below.
$secretvalue = ConvertTo-SecureString ${privateKey} -AsPlainText -Force
$secret = Set-AzKeyVaultSecret -VaultName ${keyVault}.VaultName -Name ${secretName} -SecretValue ${secretvalue}
- replace to Key Vault name from from azuredeploy.parameters.dev.json
$keyVault = az keyvault list --query '[?name==`xxxxx`]' | ConvertFrom-Json
- set secret name xxxx-> your secret name
$secretName = "xxxx"
- set SSH private key
ex.)
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCfshZRFC
w2lrwiS516OZTQAAAAEAAAAAEAAAIXAAAAB3NzaC...
-----END OPENSSH PRIVATE KEY-----
$privateKey = @"
xxxx
"@
- Excecute command as below.
Set-Content -Path .\secretfile.txt -Value ${privateKey}
az keyvault secret set --vault-name ${keyVault}.name --name ${secretName} --file ".\secretfile.txt"
Remove-Item .\secretfile.txt
本リポジトリにあるすべての成果物は情報提供のみを目的としており、本リポジトリにあるすべての成果物に記載されている情報は、状況等の変化により、内容は変更される場合があります。本リポジトリにあるすべての成果物の情報に対して明示的、黙示的または法的な、いかなる保証も行いません。