Another example of cross-subscription and resource-group deployments

In this section, we create two storage accounts in two different subscriptions, resource groups, and regions from one ARM template and a single deployment. It uses the nested templates approach along with the copy element to provide different names and locations to these resource groups in different subscriptions. 

However, before we can execute the next set of ARM templates, an Azure Key Vault should be provisioned as a pre-requisites and a secret should be added to it. This is because the names of the stroage accounts are retrieved from Azure Key Vault as passed as parameters to ARM templates for provisioning the storage account.

To provision an Azure Key Vault using Azure PowerShell, the next set of commands can be executed. The code for commands shown next is available in CreateKeyVaultandSetSecret.ps1 file with accompanied code.

New-AzureRmResourceGroup -Location <<replace with location of your key vault>> -Name <<replace with name of your resource group for key vault>> -verbose
New-AzureRmKeyVault -Name <<replace with name of your key vault>> -ResourceGroupName <<replace with name of your resource group for key vault>>  -Location <<replace with location of your key vault>> -EnabledForDeployment -EnabledForTemplateDeployment -EnabledForDiskEncryption -EnableSoftDelete -EnablePurgeProtection -Sku Standard -Verbose

Readers should note the ResourceID value should be noted from the result of New-AzureRmKeyVault cmdlet. This value will be needed to replace in parameters file. See next image for details.

Execute the command shown next to add a new secret to the newly created Azure Key Vault.

Set-AzureKeyVaultSecret -VaultName <<replace with name of your key vault>> -Name <<replace with name of yoursecret>> -SecretValue $(ConvertTo-SecureString -String <<replace with value of your secret>> -AsPlainText -Force ) -Verbose

The code listing is available in file CrossSubscriptionNestedStorageAccount.json from within the accompanied code:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "hostingPlanNames": {
      "type": "array",
      "minLength": 1
    },
  ...
      "type": "Microsoft.Resources/deployments",
      "name": "deployment01",
      "apiVersion": "2017-05-10",
      "subscriptionId": "[parameters('subscriptions')[copyIndex()]]",
      "resourceGroup": "[parameters('resourceGroups')[copyIndex()]]",
      "copy": {
        "count": "[length(parameters('hostingPlanNames'))]",
        "name": "mywebsites",        "mode": "Parallel"
      },
    ...
              "kind": "Storage",
              "properties": {
              }
            }
          ]
...

Here's the code for the parameters file. It is available in file CrossSubscriptionNestedStorageAccount.parameters.json.

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "hostingPlanNames": {
   ...
    "storageKey": {
      "reference": {
        "keyVault": { "id": "<<replace it with the value of Key vault ResourceId noted before>>" },
        "secretName": "<<replace with the name of the secret available in Key vault>>"
      }
    }
  }
}

Here's the PowerShell code for deploying the previous template. The deployment script is available in file CrossSubscriptionNestedStorageAccount.ps1:

New-AzureRmResourceGroupDeployment  -TemplateFile "c:users
itessource
eposCrossSubscriptionCrossSubscriptionCrossSubscriptionNestedStorageAccount.json" -ResourceGroupName rg01 -TemplateParameterFile "c:users
itessource
eposCrossSubscriptionCrossSubscriptionCrossSubscriptionNestedStorageAccount.parameters.json" -Verbose
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.222.94.153