Path: blob/master/scenario-notebooks/Automated-Notebooks/DeploymentTemplate.json
3253 views
{1"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",2"contentVersion": "1.0.0.0",3"parameters": {4"vmName": {5"type": "string",6"defaultValue": "autonotebook",7"metadata": {8"description": "The name of your Virtual Machine used to execute notebooks."9}10},11"adminUsername": {12"type": "string",13"defaultValue" : "azureuser",14"metadata": {15"description": "Username for the Virtual Machine."16}17},18"authenticationType": {19"type": "string",20"defaultValue" : "sshPublicKey",21"allowedValues": [22"sshPublicKey",23"password"24],25"metadata": {26"description": "Type of authentication to use on the Virtual Machine. SSH key is recommended."27}28},29"adminPasswordOrKey": {30"type": "securestring",31"metadata": {32"description": "SSH Key or password for the Virtual Machine. SSH key is recommended."33}34},35"ubuntuOSVersion": {36"type": "string",37"defaultValue": "18.04-LTS",38"allowedValues": [39"12.04.5-LTS",40"14.04.5-LTS",41"16.04.0-LTS",42"18.04-LTS"43],44"metadata": {45"description": "The Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version."46}47},48"VmSize": {49"type": "string",50"defaultValue": "Standard_B2s",51"metadata": {52"description": "The size of the VM"53}54},55"SentinelRG" :{56"type": "string",57"metadata": {58"description": "The name of the Resource Group the Microsoft Sentinel Workspace is in - change if RG is different from RG this VM is being deployed in"59}60},61"SentinelSub" :{62"type": "string",63"metadata": {64"description": "The ID of the subscription the Microsoft Sentinel Workspace is in - change if RG is different from RG this VM is being deployed in"65}66},67"AzureMLSub" :{68"type": "string",69"metadata": {70"description": "The ID of the subscription the Azure ML Workspace is in - change if RG is different from RG this VM is being deployed in"71}72},73"AzureMLRG" :{74"type": "string",75"metadata": {76"description": "The name of the Resource Group the Azure ML Workspace is in - change if RG is different from RG this VM is being deployed in"77}78},79"builtInRoleType1": {80"type": "string",81"defaultValue": "Microsoft Sentinel Responder"82},83"builtInRoleType2": {84"type": "string",85"defaultValue": "Reader"86}87},88"variables": {89"rbac1Scope": "[concat('/subscriptions/', parameters('SentinelSub'), '/resourceGroups/', parameters('SentinelRG'))]",90"rbac2Scope": "[concat('/subscriptions/', parameters('AzureMLSub'), '/resourceGroups/', parameters('AzureMLRG'))]",91"virtualNetworkName": "[concat(parameters('vmName'),'-VNET')]",92"subnetName": "[concat(parameters('vmName'),'-subnet')]",93"vmResourceId": "[resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName'))]",94"Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",95"Microsoft Sentinel Responder": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '3e150937-b8fe-4cfb-8069-0eaf05ecd056')]",96"publicIpAddressName": "[concat(parameters('vmName'), 'PublicIP' )]",97"networkInterfaceName": "[concat(parameters('vmName'),'NetInt')]",98"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",99"osDiskType": "Standard_LRS",100"subnetAddressPrefix": "10.1.0.0/24",101"addressPrefix": "10.1.0.0/16",102"dnsLabelPrefix": "[toLower(concat('autonotebooks-', uniqueString(resourceGroup().id)))]",103"networkSecurityGroupName": "[concat(parameters('vmName'),'-NSG')]",104"rbacGuid1": "[guid(subscription().subscriptionId, deployment().name)]",105"rbacGuid2": "[guid(resourceGroup().id, deployment().name)]",106"linuxConfiguration": {107"disablePasswordAuthentication": true,108"ssh": {109"publicKeys": [110{111"path": "[concat('/home/', parameters('adminUsername'), '/.ssh/authorized_keys')]",112"keyData": "[parameters('adminPasswordOrKey')]"113}114]115}116}117},118"resources": [119{120"type": "Microsoft.Network/networkInterfaces",121"apiVersion": "2020-06-01",122"name": "[variables('networkInterfaceName')]",123"location": "[resourceGroup().location]",124"dependsOn": [125"[resourceId('Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]",126"[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",127"[resourceId('Microsoft.Network/publicIpAddresses/', variables('publicIpAddressName'))]"128],129"properties": {130"ipConfigurations": [131{132"name": "ipconfig1",133"properties": {134"subnet": {135"id": "[variables('subnetRef')]"136},137"privateIPAllocationMethod": "Dynamic",138"publicIpAddress": {139"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]"140}141}142}143],144"networkSecurityGroup": {145"id": "[resourceId('Microsoft.Network/networkSecurityGroups',variables('networkSecurityGroupName'))]"146}147}148},149{150"type": "Microsoft.Network/networkSecurityGroups",151"apiVersion": "2020-06-01",152"name": "[variables('networkSecurityGroupName')]",153"location": "[resourceGroup().location]",154"properties": {155"securityRules": [156{157"name": "SSH",158"properties": {159"priority": 1000,160"protocol": "TCP",161"access": "Allow",162"direction": "Inbound",163"sourceAddressPrefix": "*",164"sourcePortRange": "*",165"destinationAddressPrefix": "*",166"destinationPortRange": "22"167}168}169]170}171},172{173"type": "Microsoft.Network/virtualNetworks",174"apiVersion": "2020-06-01",175"name": "[variables('virtualNetworkName')]",176"location": "[resourceGroup().location]",177"properties": {178"addressSpace": {179"addressPrefixes": [180"[variables('addressPrefix')]"181]182},183"subnets": [184{185"name": "[variables('subnetName')]",186"properties": {187"addressPrefix": "[variables('subnetAddressPrefix')]",188"privateEndpointNetworkPolicies": "Enabled",189"privateLinkServiceNetworkPolicies": "Enabled"190}191}192]193}194},195{196"type": "Microsoft.Network/publicIpAddresses",197"apiVersion": "2020-06-01",198"name": "[variables('publicIpAddressName')]",199"location": "[resourceGroup().location]",200"sku": {201"name": "Basic",202"tier": "Regional"203},204"properties": {205"publicIpAllocationMethod": "Dynamic",206"publicIPAddressVersion": "IPv4",207"dnsSettings": {208"domainNameLabel": "[variables('dnsLabelPrefix')]"209},210"idleTimeoutInMinutes": 4211}212},213{214"type": "Microsoft.Compute/virtualMachines",215"apiVersion": "2020-06-01",216"name": "[parameters('vmName')]",217"location": "[resourceGroup().location]",218"identity": {219"type": "SystemAssigned"220},221"dependsOn": [222"[resourceId('Microsoft.Network/networkInterfaces/', variables('networkInterfaceName'))]"223],224"properties": {225"hardwareProfile": {226"vmSize": "[parameters('VmSize')]"227},228"storageProfile": {229"osDisk": {230"createOption": "fromImage",231"managedDisk": {232"storageAccountType": "[variables('osDiskType')]"233}234},235"imageReference": {236"publisher": "Canonical",237"offer": "UbuntuServer",238"sku": "[parameters('ubuntuOSVersion')]",239"version": "latest"240}241},242"networkProfile": {243"networkInterfaces": [244{245"id": "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]"246}247]248},249"osProfile": {250"computerName": "[parameters('vmName')]",251"adminUsername": "[parameters('adminUsername')]",252"adminPassword": "[parameters('adminPasswordOrKey')]",253"linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), json('null'), variables('linuxConfiguration'))]"254}255}256},257{258"apiVersion": "2020-10-01",259"name": "assignRole",260"type": "Microsoft.Resources/deployments",261"subscriptionId": "[parameters('SentinelSub')]",262"resourceGroup": "[parameters('SentinelRG')]",263"properties": {264"mode": "Incremental",265"template": {266"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",267"contentVersion": "1.0.0.0",268"resources": [269{270"name": "[guid(variables('rbacGuid1'))]",271"type": "Microsoft.Authorization/roleAssignments",272"apiVersion": "2017-09-01",273"properties": {274"roleDefinitionId": "[variables(parameters('builtInRoleType1'))]",275"principalId": "[reference(variables('vmResourceId'), '2017-12-01', 'Full').identity.principalId]",276"scope": ""277}278}279]280}281}282},283{284"apiVersion": "2020-10-01",285"name": "assignRole2",286"type": "Microsoft.Resources/deployments",287"subscriptionId": "[parameters('AzureMLSub')]",288"resourceGroup": "[parameters('AzureMLRG')]",289"properties": {290"mode": "Incremental",291"template": {292"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",293"contentVersion": "1.0.0.0",294"resources": [295{296"name": "[guid(variables('rbacGuid2'))]",297"type": "Microsoft.Authorization/roleAssignments",298"apiVersion": "2017-09-01",299"properties": {300"roleDefinitionId": "[variables(parameters('builtInRoleType2'))]",301"principalId": "[reference(variables('vmResourceId'), '2017-12-01', 'Full').identity.principalId]",302"scope": ""303}304}305]306}307}308}309],310"outputs": {311"adminUsername": {312"type": "string",313"value": "[parameters('adminUsername')]"314},315"hostname": {316"type": "string",317"value": "[reference(variables('publicIPAddressName')).dnsSettings.fqdn]"318},319"sshCommand": {320"type": "string",321"value": "[concat('ssh ', parameters('adminUsername'), '@', reference(variables('publicIPAddressName')).dnsSettings.fqdn)]"322}323}324}325326