☁️
OSDCloud.com
OSDeploy.comTwitter
  • About
  • Contributors
    • Damien Van Robaeys | MVP
    • Ákos Bakos
    • David Segura | MVP
    • Gary Blok
    • Jérôme Bezet-Torres | MVP
  • OSDCloud
    • Local Setup
      • OSDCloud Template
        • Build Process
        • Logs
        • Named Templates
        • WinRE WiFi
        • Public Content
        • Languages
        • Cumulative Updates
        • ISO Boot Media
        • Universal WinPE
      • OSDCloud Workspace
        • Get-OSDCloudWorkspace
        • Set-OSDCloudWorkspace
        • New-OSDCloudWorkspace
          • Restore from ISO
          • Restore from ISO URL
          • Restore from USB
        • Update-OSDCloudWorkspace
        • Configuration Files
      • OSDCloud WinPE
        • Default Wallpaper
        • Wallpaper
        • Drivers
        • PSModule
        • Startup
      • OSDCloud ISO
      • OSDCloud USB
        • New-OSDCloudUSB
        • Update-OSDCloudUSB
        • USB Drives
        • Secure USB Drives
      • 🚧OSDCloud VM
        • Get-OSDCloudVMDefaults
        • Get-OSDCloudVMSettings
        • Set-OSDCloudVMSettings
        • Reset-OSDCloudVMSettings
        • New-OSDCloudVM
    • Deployment
      • WinPE
        • Start-OSDCloud
          • OS Parameters
          • ZTI
        • Start-OSDCloudGUI
          • Parameters
          • Defaults
          • Global Variable
          • Customize
        • Start-OSDCloud Wrapping
      • First Boot
      • OOBE
      • Windows
  • Sandbox
    • OSDCloud
      • sandbox.osdcloud.com
      • WinPE Usage
      • OOBE Usage
      • Functions
    • OSDCloud Azure
      • az.osdcloud.com
    • WinPE Downloads
  • OSDCloud Automate
    • 🆕Basic Configuration
    • 🆕OSDCloudGUI Defaults
    • 🆕Autopilot
    • 🆕Provisioning
      • 🆕Windows Configuration Designer
      • 🆕MSI Application PPKG
      • 🆕Bulk Enroll PPKG
      • 🆕PowerShell Script PPKG
    • 🚧Scripts
  • OSDCloud Azure
    • Azure Setup
      • Azure Portal
        • Storage Accounts
        • Storage Containers
          • BootImage
          • DriverPack
        • Storage Access Control (IAM)
      • Infrastructure As Code
        • Prerequisites
        • Technicien
        • Workspace
        • Bicep
        • Terraform
        • Configure Azure
    • Deployment
      • Testing
      • OSDCloudRE Azure
    • Deep Dive
      • Cloud Functions and Scripts
      • Connect Azure in WinPE
      • Azure Tags
      • Log Files
  • Offline Deployment
    • ISO: Adding a WIM
  • Integration
    • ADK: Use the OSDCloud Boot.wim
    • MDT: Use the OSDCloud Boot.wim
    • MDT: Add OSDCloud WinPE Drivers
    • MDT: Use OSDCloud DriverPacks in a Task Sequence
    • OSDCloud IPU
      • Windows In-place Upgrades
      • Windows Media Download
  • Archive
    • 💡Tips
      • 🆕Media Cleanup
      • Firmware Update
      • Quick Setup
    • 🌎Community
      • OSDCloud: The ZTI Way
      • OSDCloud - Image devices without need of infrastructure
      • Trying out Windows 10 Deployment with OSDCloud
      • Deploying Windows 10 to bare metal devices with just WinPE & internet
    • 💔Under Review
      • ISO
      • WIM
    • 🪦Recycle Bin
      • Release Notes
      • Enable-OSDCloudODT
      • Deploy
        • OOBE Phase
      • Guides
        • OSDCloud WIM
        • Custom OSDCloud
        • AutoPilot
          • AutoPilot Configuration File
          • AutoPilot in Audit Mode
          • AutoPilot in OOBE
        • WiFi
      • OOBE
        • Start-OOBE.settings
        • Start-OOBE.wifi
        • Start-OOBE.autopilot
      • Concepts
        • K.I.S.S.
        • OSD Disks Logically
        • Office365 Specialize
        • Specialize DriverPacks
        • Model Reference Image
        • MDT OSDCloud DriverPacks
        • MDT DriverPacks
      • Blob SAS URL
      • Storage Containers (Public)
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. OSDCloud Azure
  2. Azure Setup
  3. Infrastructure As Code

Bicep

PreviousWorkspaceNextTerraform

Last updated 2 years ago

Was this helpful?

With Bicep we need only one file which is located in the directory c:\osdcloud\bicep.

Here is the content of the bicep file, we are only interested in line 62-63 we must come here and insert the Technicien Id.

@description('Specifies the name of the Azure Storage account.')
param storageAccountName string ='azosdcloud'

@description('Specifies the name of the Azure Storage account.')
param StorageAccuntList string ='azosdscripts'

@description('Specifies the name of the blob for logs container.')
param containerName string = 'logs'

@description('Specifies the location in which the Azure Storage resources should be deployed.')
param location string = resourceGroup().location

@description('Specifies container object list for wim images.')
param containers object = {
  c1:{
    name: 'server'
    type: 'Container'
  }
  c2:{
    name: 'retail'
    type: 'Container'
  }
  c3:{
    name: 'insiders'
    type: 'Container'
  }
  c4:{
    name: 'driverpack'
    type: 'Container'
  }
  c5:{
    name: 'bootimage'
    type: 'Container'
  }

}
@description('Specifies container object list for powershell scripts, packages, unattend.')
param scripts object = {
  c1:{
    name: 'scripts'
    type: 'Container'
  }
  c2:{
    name: 'packages'
    type: 'Container'
  }
  c3:{
    name: 'unattend'
    type: 'Container'
  }
  c4:{
    name: 'others'
    type: 'Container'
  }
}

@description('This is the built-in Storage Blob Data Reader.')
resource StorageBlobDataReaderDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
  scope: subscription()
  name: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'
}
@description('This is the ID for the AzureADAccount who can access.')
param principalId string = ''

resource AzStorage 'Microsoft.Storage/storageAccounts@2021-06-01' = {
  name: storageAccountName
  location: location
  tags : {
    OSDCloud :'production' 
  }
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
  properties: {
    accessTier: 'Hot'
    allowBlobPublicAccess: true
    allowSharedKeyAccess:true
    minimumTlsVersion: 'TLS1_2'
    defaultToOAuthAuthentication: true
    
  }
}
resource AzScripts 'Microsoft.Storage/storageAccounts@2021-06-01' = {
  name: StorageAccuntList
  location: location
  tags : {
    OSDScripts :'powershell' 
  }
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
  properties: {
    accessTier: 'Hot'
    allowBlobPublicAccess: true
    allowSharedKeyAccess:true
    allowCrossTenantReplication: true
    minimumTlsVersion: 'TLS1_2'
    defaultToOAuthAuthentication: true
  }
}

resource log 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' = {
  name: '${AzStorage.name}/default/${containerName}'

}

resource containerlist 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' =[for cont in items(containers):{
  name:'${AzStorage.name}/default/${cont.value.name}'
  properties: {
    publicAccess: cont.value.type
}
}]

resource containerscriptlist 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' =[for cont in items(scripts):{
  name:'${AzScripts.name}/default/${cont.value.name}'
  properties: {
    publicAccess: cont.value.type
}
}]

resource ActivateFeedStorage 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' = {
  name: 'default'
  parent: AzStorage
  properties: {
    changeFeed: {
      enabled: true
    }
  }
}
resource ActivateFeedScript 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' = {
  name: 'default'
  parent: AzScripts
  properties: {
    changeFeed: {
      enabled: true
    }
  }
}

resource roleAssignmentAzStorage 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = {
  scope: AzStorage
  name: guid(AzStorage.id, principalId, StorageBlobDataReaderDefinition.id)
  properties: {
    roleDefinitionId: StorageBlobDataReaderDefinition.id
    principalId: principalId
    principalType: 'User'
  }
}
resource roleAssignmentAzSScripts 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = {
  scope: AzScripts
  name: guid(AzScripts.id, principalId, StorageBlobDataReaderDefinition.id)
  properties: {
    roleDefinitionId: StorageBlobDataReaderDefinition.id
    principalId: principalId
    principalType: 'User'
  }
}

Once this Bicep file is executed your Azure environment will be configured with two storage accounts, one for wim image storage and a second one still expiring for powershell scripts, packages, unattend and others.

Sponsor

HomeRecast Software
OSDeploy is sponsored by Recast Software
Logo