{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json##", "contentVersion": "1.0.0.0", "parameters": { "companyname": { "type": "string", "defaultValue": "rg1", "metadata": { "description": "Default name for everything" } }, "location": { "type": "string", "defaultValue": "westeurope", "allowedValues": [ "westeurope", "northeurope" ], "metadata": { "description": "Location for the resourceGroup" } }, "addressSpaces": { "type": "string" }, "subnet0_name": { "type": "string" }, "subnet0_addressRange": { "type": "string" }, "subnet1_name": { "type": "string" }, "subnet1_addressRange": { "type": "string" }, "subnet2_name": { "type": "string" }, "subnet2_addressRange": { "type": "string" }, "subnet3_name": { "type": "string" }, "subnet3_addressRange": { "type": "string" }, "subnet4_name": { "type": "string" }, "subnet4_addressRange": { "type": "string" }, "subnet5_name": { "type": "string" }, "subnet5_addressRange": { "type": "string" }, "ddosProtectionPlanEnabled": { "type": "bool" }, "subnetName": { "type": "string" } }, "variables": { "rgName": "[toLower(concat('rg_', parameters('companyname')))]", "vnetName": "[toLower(concat('vnet-', parameters('companyname')))]", "vmName": "[toLower(concat('vm-', parameters('companyname')))]", "vmCompName": "[toLower(concat('vm-', parameters('companyname')))]", "vnetId": "[resourceId(variables('rgName'),'Microsoft.Network/virtualNetworks',variables('vnetName'))]", "subnetRef": "[concat(variables('vnetId'), '/subnets/', parameters('subnetName'))]", "nicName": "[concat('nic-', variables('vmName'))]" }, "resources": [ { "type": "Microsoft.Network/applicationSecurityGroups", "apiVersion": "2019-02-01", "name": "asg-RDPVms", "location": "[parameters('location')]", "tags": { "owner": "ict" }, "properties": {} }, { "name": "[variables('nicName')]", "type": "Microsoft.Network/networkInterfaces", "apiVersion": "2018-10-01", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.Network/applicationSecurityGroups', 'asg-RDPVms')]" ], "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "subnet": { "id": "[variables('subnetRef')]" }, "privateIPAllocationMethod": "Dynamic", "applicationSecurityGroups" : [ { "ID": "[resourceId('Microsoft.Network/applicationSecurityGroups', 'asg-RDPVms')]" } ] } } ] }, "tags": { "dtap": "production", "application": "management", "costcenter": "ict", "expiration": "never", "owner": "ict" } }, { "apiVersion": "2019-02-01", "type": "Microsoft.Network/networkSecurityGroups", "name": "nsg-AllowRDP", "location": "[parameters('location')]", "tags": { "owner": "ict" }, "dependsOn": [ "[resourceId('Microsoft.Network/applicationSecurityGroups', 'asg-RDPVms')]" ], "properties": { "securityRules": [ { "name": "rule_allow_rdp", "properties": { "description": "Allow Inbound RDP", "protocol": "Tcp", "sourcePortRange": "*", "destinationPortRange": "3389", "sourceAddressPrefix": "*", "destinationApplicationSecurityGroups": [ { "ID": "[resourceId('Microsoft.Network/applicationSecurityGroups', 'asg-RDPVms')]" } ], "access": "Allow", "priority": 100, "direction": "Inbound" } }, { "name": "DenyVnetInBound", "properties": { "protocol": "*", "sourcePortRange": "*", "destinationPortRange": "*", "sourceAddressPrefix": "VirtualNetwork", "destinationAddressPrefix": "*", "access": "Deny", "priority": 1500, "direction": "Inbound", "sourcePortRanges": [], "destinationPortRanges": [], "sourceAddressPrefixes": [], "destinationAddressPrefixes": [] } } ] } }, { "apiVersion": "2019-02-01", "type": "Microsoft.Network/networkSecurityGroups", "name": "nsg-subnet", "location": "[parameters('location')]", "tags": { "owner": "ict" }, "dependsOn": [], "properties": { "securityRules": [ { "name": "DenyVnetInBound", "properties": { "protocol": "*", "sourcePortRange": "*", "destinationPortRange": "*", "sourceAddressPrefix": "VirtualNetwork", "destinationAddressPrefix": "*", "access": "Deny", "priority": 1500, "direction": "Inbound", "sourcePortRanges": [], "destinationPortRanges": [], "sourceAddressPrefixes": [], "destinationAddressPrefixes": [] } } ] } }, { "name": "[variables('vnetName')]", "type": "Microsoft.Network/VirtualNetworks", "apiVersion": "2019-09-01", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.Network/networkSecurityGroups', 'nsg-subnet')]" ], "tags": { "owner": "ict", "costcenter": "ict", "ciarating": "333", "supportwindow": "7x24", "backup": "no" }, "properties": { "addressSpace": { "addressPrefixes": [ "[parameters('addressSpaces')]" ] }, "subnets": [ { "name": "[parameters('subnet0_name')]", "properties": { "addressPrefix": "[parameters('subnet0_addressRange')]", "networkSecurityGroup": { "ID" : "[resourceId('Microsoft.Network/networkSecurityGroups', 'nsg-subnet')]" } } }, { "name": "[parameters('subnet1_name')]", "properties": { "addressPrefix": "[parameters('subnet1_addressRange')]" } }, { "name": "[parameters('subnet2_name')]", "properties": { "addressPrefix": "[parameters('subnet2_addressRange')]", "networkSecurityGroup": { "ID" : "[resourceId('Microsoft.Network/networkSecurityGroups', 'nsg-subnet')]" } } }, { "name": "[parameters('subnet3_name')]", "properties": { "addressPrefix": "[parameters('subnet3_addressRange')]", "networkSecurityGroup": { "ID" : "[resourceId('Microsoft.Network/networkSecurityGroups', 'nsg-subnet')]" } } }, { "name": "[parameters('subnet4_name')]", "properties": { "addressPrefix": "[parameters('subnet4_addressRange')]", "networkSecurityGroup": { "ID" : "[resourceId('Microsoft.Network/networkSecurityGroups', 'nsg-subnet')]" } } }, { "name": "[parameters('subnet5_name')]", "properties": { "addressPrefix": "[parameters('subnet5_addressRange')]", "networkSecurityGroup": { "ID" : "[resourceId('Microsoft.Network/networkSecurityGroups', 'nsg-subnet')]" } } } ], "enableDdosProtection": "[parameters('ddosProtectionPlanEnabled')]" } } ] }