forked from Azure/PSRule.Rules.Azure-quickstart
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.bicep
40 lines (33 loc) · 1.21 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
// Note:
// This Azure Bicep code demonistrates a deployment of one or more modules.
// This file has multiple template errors to show validation.
// An example Storage Account
module storage '../../../../../modules/storage/v1/main.bicep' = {
name: 'storage-deployment'
params: {
name: 'stbicepapp002'
// The Azure location must be valid
// Try setting this to 'Antarctica'
location: 'eastus'
// Don't allow anonymous access types of blob or container.
// Try setting this false to fail the Azure.Storage.BlobPublicAccess rule.
allowBlobPublicAccess: false
}
}
// An example Key Vault
module keyvault '../../../../../modules/keyvault/v1/main.bicep' = {
name: 'keyvault-deployment'
params: {
name: 'kv-bicep-app-002'
// Must have a workspace
// Try commenting out this line to have the Azure.KeyVault.Logs rule fail.
workspaceId: '/subscriptions/<subscription_id>/resourceGroups/rg-test/providers/Microsoft.OperationalInsights/workspaces/latest001'
// An env tag must be test, dev, or prod.
// Try setting this to 'demo' to fail the Org.Azure.Tags rule.
tags: {
env: 'dev'
}
}
}