Storage accounts, DB and servers, keyvault IDA

scripts/automation/deploy.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+deploymentName="IDA$(date +%Y%m%d%H%M%S)"
+location="northeurope"
+bicepTemplateFile="scripts/automation/infrastructure.bicep"
+bicepParameterFile="scripts/automation/infrastructure.bicepparam"
+
+administratorLoginPassword=$(date +%s%N | sha256sum | head -c48)
+
+
+az deployment sub create \
+    --location $location \
+    --name $deploymentName \
+    --template-file $bicepTemplateFile \
+    --parameters $bicepParameterFile \
+    --parameters administratorLoginPassword="$administratorLoginPassword"
+
+if [ $? -eq 0 ]; then
+    echo "Deployment succeeded."
+else
+    echo "Deployment failed."
+    exit 1
+fi

scripts/automation/infrastructure.bicep

@@ -0,0 +1,73 @@
+targetScope = 'subscription'
+
+param environment string
+param resourceGroupName string = 'IDA-${environment}'
+param location string
+
+param storageAccountNameRaw string
+param storageAccountNameAnon string
+param storageAccountNameVis string
+
+param keyVaultName string
+param objectIdFgRobots string
+
+param administratorLogin string
+@secure()
+param administratorLoginPassword string
+param serverName string
+
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2024-03-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module storageAccountRaw 'modules/storage-account-raw.bicep' = {
+  scope: resourceGroup
+  name: 'infrastructure-sa-raw'
+  params: {
+    location: location
+    storageAccountNameRaw: storageAccountNameRaw
+  }
+}
+
+module storageAccountAnon 'modules/storage-account-anon.bicep' = {
+  scope: resourceGroup
+  name: 'infrastructure-sa-anon'
+  params: {
+    location: location
+    storageAccountNameAnon: storageAccountNameAnon
+  }
+}
+
+module storageAccountVis 'modules/storage-account-visualize.bicep' = {
+  scope: resourceGroup
+  name: 'infrastructure-sa-vis'
+  params: {
+    location: location
+    storageAccountNameVis: storageAccountNameVis
+  }
+}
+
+module keyVault 'modules/key-vault.bicep' = {
+  scope: resourceGroup
+  name: 'infrastructure-kv'
+  params: {
+    location: location
+    keyVaultName: keyVaultName
+    objectIdFgRobots: objectIdFgRobots
+    secrets: [
+      { name: 'administratorLoginPassword', value: administratorLoginPassword }
+    ]
+  }
+}
+
+module postgreSQLFlexibleServer 'modules/db-postgreSQL-flexibleserver.bicep' = {
+  scope: resourceGroup
+  name: 'infrastructure-db'
+  params: {
+    location: location
+    administratorLogin: administratorLogin
+    administratorLoginPassword: administratorLoginPassword
+    serverName: serverName
+  }
+}

scripts/automation/infrastructure.bicepparam

@@ -0,0 +1,17 @@
+using 'infrastructure.bicep'
+
+param resourceGroupName = 'IDA-${environment}'
+
+param environment = 'YourEnvName'
+param location = 'northeurope'
+param objectIdFgRobots = '5ac08731-48dd-4499-9151-7bf6b8ab8eac'
+
+param keyVaultName = 'ida1-${environment}'
+
+param administratorLogin = 'idapostgresqlserver_${environment}'
+param administratorLoginPassword = ''
+param serverName = 'ida-server-${environment}'
+
+param storageAccountNameAnon = 'storageanon1${environment}'
+param storageAccountNameRaw = 'storageraw1${environment}'
+param storageAccountNameVis = 'storagevis1${environment}'

scripts/automation/modules/db-postgreSQL-flexibleserver.bicep

@@ -0,0 +1,38 @@
+@description('User name for administrator login')
+param administratorLogin string
+
+@description('Password for administrator password login. Required on creation time regardless of authentication method configuration')
+@secure()
+param administratorLoginPassword string
+param location string
+param serverName string
+param serverEdition string = 'GeneralPurpose'
+param skuSizeGB int = 256
+param dbInstanceType string = 'Standard_D4ds_v4'
+param availabilityZone string = '1'
+param version string = '14'
+
+resource serverName_resource 'Microsoft.DBforPostgreSQL/flexibleServers@2021-06-01' = {
+  name: serverName
+  location: location
+  sku: {
+    name: dbInstanceType
+    tier: serverEdition
+  }
+  properties: {
+    version: version
+    administratorLogin: administratorLogin
+    administratorLoginPassword: administratorLoginPassword
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    storage: {
+      storageSizeGB: skuSizeGB
+    }
+    backup: {
+      backupRetentionDays: 7
+      geoRedundantBackup: 'Disabled'
+    }
+    availabilityZone: availabilityZone
+  }
+}

scripts/automation/modules/key-vault.bicep

@@ -0,0 +1,54 @@
+param location string
+param keyVaultName string
+param objectIdFgRobots string
+param secrets array
+
+resource keyVault 'Microsoft.KeyVault/vaults@2024-04-01-preview' = {
+  name: keyVaultName
+  location: location
+  properties: {
+    enabledForDeployment: true
+    enabledForTemplateDeployment: true
+    enabledForDiskEncryption: true
+    tenantId: tenant().tenantId
+    accessPolicies: []
+    sku: {
+      name: 'standard'
+      family: 'A'
+    }
+  }
+}
+
+resource keyVaultAccessPolicy 'Microsoft.KeyVault/vaults/accessPolicies@2024-04-01-preview' = {
+  parent: keyVault
+  name: 'add'
+  properties: {
+    accessPolicies: [
+      {
+        tenantId: keyVault.properties.tenantId
+        objectId: objectIdFgRobots
+        permissions: {
+          keys: [
+            'list'
+            'create'
+          ]
+          secrets: [
+            'set'
+            'get'
+            'list'
+          ]
+        }
+      }
+    ]
+  }
+}
+
+resource keyVaultSecret 'Microsoft.KeyVault/vaults/secrets@2024-04-01-preview' = [
+  for secret in secrets: {
+    name: secret.name
+    parent: keyVault
+    properties: {
+      value: secret.value
+    }
+  }
+]

scripts/automation/modules/storage-account-anon.bicep

@@ -0,0 +1,12 @@
+param storageAccountNameAnon string
+param location string
+
+resource storageAccountAnon 'Microsoft.Storage/storageAccounts@2023-05-01' = {
+  name: storageAccountNameAnon
+  location: location
+  sku: {
+    name: 'Standard_LRS'
+  }
+  kind: 'StorageV2'
+  properties: {}
+}

scripts/automation/modules/storage-account-raw.bicep

@@ -0,0 +1,12 @@
+param storageAccountNameRaw string
+param location string
+
+resource storageAccountRaw 'Microsoft.Storage/storageAccounts@2023-05-01' = {
+  name: storageAccountNameRaw
+  location: location
+  sku: {
+    name: 'Standard_LRS'
+  }
+  kind: 'StorageV2'
+  properties: {}
+}

scripts/automation/modules/storage-account-visualize.bicep

@@ -0,0 +1,12 @@
+param storageAccountNameVis string
+param location string
+
+resource storageAccountVis 'Microsoft.Storage/storageAccounts@2023-05-01' = {
+  name: storageAccountNameVis
+  location: location
+  sku: {
+    name: 'Standard_LRS'
+  }
+  kind: 'StorageV2'
+  properties: {}
+}