-
Notifications
You must be signed in to change notification settings - Fork 0
/
LandingZoneResourceCreation.ps1
208 lines (151 loc) · 8.19 KB
/
LandingZoneResourceCreation.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
[CmdletBinding()]
Param(
[string]$duration = "2",
[string]$userID = "<Username>",
[string]$TCKey,
[string]$createdBy = "<Username>",
[string]$resourceGroupName = "SAN-BaseInfra",
[string]$Environment = "nonprod",
[string]$SubscriptionName = "<SubscriptionName>",
[string]$BusinessUnit = "finance",
[string]$Region = "South Africa North",
[string]$Manager
)
#Define tags
$tags = @{"Duration"=$duration;"TCKey"=$TCKey;"CreatedOnDate"=$currentDate;"createdBy"=$createdBy;"BillingApplicationName"="Public Cloud Training";"Manager"=$Manager}
#Connect to Azure
Connect-AzAccount -SubscriptionName $SubscriptionName -TenantId "<TenantID>"
#Set subscription context | SB-SBG-InfrastructureTest-NonProd | 88203e18-d026-411d-b6b1-9b2dd235a7ed
Get-AzSubscription -SubscriptionName $SubscriptionName | Set-AzContext
#Check if RG exists
$resourceGroupName = "SAN-BaseInfra"
if (-Not(Get-AzResourceGroup -Name $resourceGroupName -Location $Region)) {
# Create resource group
# Set-AzContext -SubscriptionName "SandBoxSubscription-$userID"
Write-Output "AZ context Set"
New-AzResourceGroup -Name $resourceGroupName -Location $Region -Tag $tags
Write-Output "Resource Group Created"
Start-Sleep -Seconds 15
Write-Output "finished"
# Variables to construct the vNET resource names
$resourceGroupName = $resourceGroupName
$AzureRegions = @("san", "saw", "weu", "neu")
$SelectedRegion = $AzureRegions[0]
$WorkloadType = @("app","db","web","sqlmi")
$SelectedWorkload = $WorkloadType[0]
$vNETPrefix = 'vnet'
$SubnetPrefix = 'subn'
$RouteTablePrefix = 'rtt'
$RouteTableSuffix = 'default'
$StorageAccountPrefix = 'sa'
$kVaultPrefix = 'kv'
$NSGPrefix = 'nsg'
az pipelines show --name IpamReservationTool --org <ADO_Project> --project {AzureServiceCatalogue} --detect false
# Import the Azure DevOps PowerShell module
Import-Module Az.Pipelines
# Trigger a new pipeline run
$runId = Invoke-AzPipelinesRun -PipelineDefinitionId <pipeline_definition_id> -Parameters @{"BuildConfiguration" = "Debug"}
# Wait for the pipeline run to complete
Wait-AzPipelinesRun -RunId $runId
# Get the output of the "Build" task
$buildOutput = Get-AzPipelinesTaskOutput -RunId $runId -TaskId <task_id>
# Print the output of the "Build" task
Write-Host $buildOutput
# Call the IPAM API
#$CallIPAMAPIforAccessToekn = Get-AzAccessToken -ResourceUrl "" -TenantId ""
<# $accessToken = ConvertTo-SecureString (Get-AzAccessToken -ResourceUrl api://bd2ee934-4cb2-41f3-a1f6-3aa3530961a0).Token -AsPlainText
$engineClientId = 'bd2ee934-4cb2-41f3-a1f6-3aa3530961a0'
$appName = 'Azure-IPAM-Engine-Script'
$space = 'TestSpace'
$block = 'TestBlock'
$accessToken = ConvertTo-SecureString (Get-AzAccessToken -ResourceUrl api://$engineClientId).Token -AsPlainText
$requestUrl = "https://$appName.azurewebsites.net/api/spaces/$space/blocks/$block/reservations"
$body = @{
'size' = 24
} | ConvertTo-Json
$headers = @{
'Accept' = 'application/json'
'Content-Type' = 'application/json'
}
$response = Invoke-RestMethod `
-Method 'Post' `
-Uri $requestUrl `
-Authentication 'Bearer' `
-Token $accessToken `
-Headers $headers `
-Body $body #>
# Calling the Azure naming convention
# Import the Invoke-RestMethod cmdlet
# Import the Invoke-RestMethod cmdlet
# Import the Invoke-RestMethod cmdlet
Import-Module Invoke-RestMethod
# Import the Invoke-RestMethod cmdlet
Import-Module Invoke-RestMethod
# Set the Azure Naming Tool REST API endpoint
$apiUrl = "<EndpointURL>"
# Set the HTTP request headers
$headers = @{
Accept = "*/*"
APIKey = "<APIKey>"
}
# Invoke the Azure Naming Tool REST API
$response = Invoke-RestMethod -Uri $apiUrl -Method Get -Headers $headers
# Get the list of resource components
$resourceComponents = $response.Content
# Print the resource components
foreach ($resourceComponent in $resourceComponents) {
Write-Host $resourceComponent.Name
}
# Get the list of resource components
$resourceComponents = Invoke-RestMethod -Uri "<EndpointURL>" -Method Get -Headers @{ Accept = "*/*"; APIKey = "<APIKey>" }.Content
# Construct the compliant name for the Azure virtual machine
$compliantName = "my-vm-{0}".Format($resourceComponents.First().Name)
# Print the compliant name
Write-Host $compliantName
# Declare variables for network resource creation
$vNETName = "${vNETPrefix}-${SelectedRegion}-${businessUnit}-${Environment}"
$SubnetName = "${SubnetPrefix}-${Environment}-${businessUnit}"
$RTTname = "${RouteTablePrefix}-${SelectedRegion}-${businessUnit}-${Environment}-${RouteTableSuffix}"
# Create baseinfra vNET and default subnet
$defaultSubnet = New-AzVirtualNetworkSubnetConfig -Name $SubnetName -AddressPrefix "172.17.0.0/24"
$virtualNetwork = New-AzVirtualNetwork -Name $vNETName -ResourceGroupName $resourceGroupName -Location $Region -AddressPrefix "172.17.0.0/16" -Subnet $defaultSubnet | Out-Host
# Create baseinfra route table naming convention
$defaultRouteName = "${RouteTablePrefix}-${SelectedRegion}-${businessUnit}-${Environment}-${RouteTableSuffix}"
# Deploy the new route table
$newDefaultRoute = New-AzRouteConfig -name $defaultRouteName -AddressPrefix "0.0.0.0/0" -NextHopType VirtualAppliance -NextHopIpAddress "1.1.1.1"
# Deploy the default route table and set the default route
$routeTable = New-AzRouteTable -Name $RTTname -ResourceGroupName $resourceGroupName -Location $Region -Route $newDefaultRoute -Tag $tags
# Get the virtual network with subnets
$virtualNetwork = Get-AzVirtualNetwork -ResourceGroupName $resourceGroupName -Name $vNETName
# Iterate through the subnets and associate the route table
foreach ($subnet in $virtualNetwork.Subnets) {
$subnetConfig = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $virtualNetwork -Name $subnet.Name
$subnetConfig.RouteTable = $routeTable
}
# Update the virtual network to apply the changes
Set-AzVirtualNetwork -VirtualNetwork $virtualNetwork
# Naming convention for the NSG
$NSGname = "${NSGPrefix}-${SelectedRegion}-${businessUnit}-${Environment}-${SubnetPrefix}-${SelectedWorkload}"
# Define two default rules, one for RDP and one for SSH, both rules allowing on-premises networks.
$RDPrule = New-AzNetworkSecurityRuleConfig -Name "Allow-RDP-ALL" -Description "Allow-RDP-ALL" `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix @("10.0.0.0/8", "172.17.0.0/16") -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389
$SSHrule = New-AzNetworkSecurityRuleConfig -Name "Allow-SSH-ALL" -Description "Allow-SSH-ALL" `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 101 -SourceAddressPrefix `
@("10.0.0.0/8","172.17.0.0/16") -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 22
# Deploy the NSG with the default rules above
$defaultNSG = New-AzNetworkSecurityGroup -ResourceGroupName $resourceGroupName -Location $Region -Name `
$NSGname -SecurityRules $RDPrule,$SSHrule
# Create the Azure storage account naming convention
$storage_account_name = "${StorageAccountPrefix}${SelectedRegion}${businessUnit}${environment}"
# Create the storage account
New-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storage_account_name -Type "Standard_LRS" -Location $Region
# Declare the key vault variable, kv naming convention
$key_vault_name = "${kVaultPrefix}-${SelectedRegion}-${BusinessUnit}-${Environment}"
# Create the key vault
New-AzKeyVault -Name $key_vault_name -ResourceGroupName $resourceGroupName -Location $Region -Sku "Standard" -SoftDeleteRetentionInDays '7' -EnableRbacAuthorization -Tag $tags
}
# Remaining work
#Peering to hub vNet
#Ensure we don't have config drift
#If sub is prod then this mgmt
#Move sub to respective mgmt group based on zar, sbg, nonprod / prod