diff --git a/bicep-examples/deployment-stacks-outputs/README.md b/bicep-examples/deployment-stacks-outputs/README.md index c4329da..1e149c9 100644 --- a/bicep-examples/deployment-stacks-outputs/README.md +++ b/bicep-examples/deployment-stacks-outputs/README.md @@ -22,7 +22,7 @@ In this example, you’ll deploy a user-assigned managed identity in one stack, **Stack Bicep (outputs):** ```bicep -output userAssignedIdentityId string = modUserAssignedIdentity.outputs.resourceId +output userAssignedIdentityId string = modUserAssignedIdentity.outputs.principalId ``` **Main Bicep:** @@ -33,6 +33,15 @@ Here, we're referencing the existing stack resource in another subscription (the @description('The subscription ID where the referenced stack exists.') param stackSubscriptionId string +@description('Azure region for deployments chosen from the resource group.') +param location string = 'uksouth' + +@description('Name of the Key Vault resource.') +param keyVaultName string + +@description('Name of the resource group for the Key Vault.') +param rgName string + @description('Your Deployment Stack name that you want to pull outputs from.') var stackName = 'az-bicepify-stack-output' @@ -41,20 +50,35 @@ resource existingStack 'Microsoft.Resources/deploymentStacks@2024-03-01' existin scope: subscription(stackSubscriptionId) } -var stackOutputs = existingStack.properties.outputs +@description('Creating stack outputs variable to reference existing stack outputs.') +var stackOutputs object = existingStack.properties.outputs var stackOutputsUserAssignedIdentityId string = stackOutputs.userAssignedIdentityId.value // We get no intellisense here, so you have to know the output name and append the `.value` on the end for the string value. -module modStorageAccount 'br/public:avm/res/storage/storage-account:0.26.0' = { - // ...existing code... - managedIdentities: { - userAssignedResourceIds: [ - stackOutputsUserAssignedIdentityId +module modResourceGroup 'br/public:avm/res/resources-resource-group:0.4.1' = { + params: { + name: resourceGroupName + location: location + } +} + +module modKeyVault 'br/public:avm/res/key-vault/vault:0.13.1' = { + scope: resourceGroup(resourceGroupName) + params: { + name: keyVaultName + location: location + sku: 'standard' + roleAssignments: [ + { + principalId: stackOutputsUserAssignedIdentityId // Using the UMI resourceId from the existing stack + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Key Vault Secrets User' + } ] } } ``` -By referencing the stack output, you can connect resources across templates and scopes in a robust, automated way. +By referencing the stack output, you can connect resources across templates and scopes automatically! ## 🚀 Deployment @@ -76,8 +100,6 @@ az deployment sub create -l uksouth -f .\bicep-examples\deployment-stacks-output or PowerShell -PowerShell - ```powershell Connect-AzAccount Set-AzContext -Subscription "subscription name or id" diff --git a/bicep-examples/deployment-stacks-outputs/main.bicep b/bicep-examples/deployment-stacks-outputs/main.bicep index 39f144a..0b59567 100644 --- a/bicep-examples/deployment-stacks-outputs/main.bicep +++ b/bicep-examples/deployment-stacks-outputs/main.bicep @@ -10,14 +10,22 @@ metadata owner = 'dan@rios.engineer' param location string = 'uksouth' @maxLength(24) -@description('Name of the Storage Account resource.') -param storageAccountName string +@description('Name of the Key Vault resource.') +param keyVaultName string +@description('Name of the resource group for the Key Vault.') param resourceGroupName string + // Variables @description('Your Deployment Stack name that you want to pull outputs from.') var stackName = 'az-bicepify-stack-output' +// Existing Deployment Stack +resource existingStack 'Microsoft.Resources/deploymentStacks@2024-03-01' existing = { + name: stackName + scope: subscription(stackSubscriptionId) +} + @description('Creating stack outputs variable to reference existing stack outputs.') var stackOutputs object = existingStack.properties.outputs var stackOutputsUserAssignedIdentityId string = stackOutputs.userAssignedIdentityId.value @@ -25,12 +33,6 @@ var stackOutputsUserAssignedIdentityId string = stackOutputs.userAssignedIdentit @description('The subscription ID where the referenced stack exists.') param stackSubscriptionId string = '1417db09-accd-4799-b224-4346e5cb12c3' -// Existing Deployment Stack -resource existingStack 'Microsoft.Resources/deploymentStacks@2024-03-01' existing = { - name: stackName - scope: subscription(stackSubscriptionId) -} - // Modules module modResourceGroup 'br/public:avm/res/resources/resource-group:0.4.1' = { params: { @@ -39,23 +41,20 @@ module modResourceGroup 'br/public:avm/res/resources/resource-group:0.4.1' = { } } -module modStorageAccount 'br/public:avm/res/storage/storage-account:0.26.0' = { - name: '${uniqueString(deployment().name, location)}-storage' - scope: resourceGroup('${resourceGroupName}') +module modKeyVault 'br/public:avm/res/key-vault/vault:0.13.1' = { + scope: resourceGroup(resourceGroupName) params: { - name: storageAccountName + name: keyVaultName location: location - skuName: 'Standard_LRS' - kind: 'StorageV2' - managedIdentities: { - userAssignedResourceIds: [ - stackOutputsUserAssignedIdentityId // Using the stack output for user assigned identity ID - ] - } + sku: 'standard' + roleAssignments: [ + { + principalId: stackOutputsUserAssignedIdentityId // Using the UMI resourceId from the existing stack + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Key Vault Secrets User' + } + ] } - dependsOn: [ - modResourceGroup - ] } output test object = { diff --git a/bicep-examples/deployment-stacks-outputs/main.bicepparam b/bicep-examples/deployment-stacks-outputs/main.bicepparam index aa5833e..dbc10ba 100644 --- a/bicep-examples/deployment-stacks-outputs/main.bicepparam +++ b/bicep-examples/deployment-stacks-outputs/main.bicepparam @@ -1,5 +1,5 @@ using './main.bicep' -param storageAccountName = 'striosstackoutput' +param keyVaultName = 'kv-stackoutput' param resourceGroupName = 'rg-stackoutput' diff --git a/bicep-examples/deployment-stacks-outputs/stacks.bicep b/bicep-examples/deployment-stacks-outputs/stacks.bicep index 6edf20a..43ea19d 100644 --- a/bicep-examples/deployment-stacks-outputs/stacks.bicep +++ b/bicep-examples/deployment-stacks-outputs/stacks.bicep @@ -36,5 +36,5 @@ module modUserAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned ] } -output userAssignedIdentityId string = modUserAssignedIdentity.outputs.resourceId +output userAssignedIdentityId string = modUserAssignedIdentity.outputs.principalId output resourceGroupId string = modResourceGroup.outputs.name diff --git a/bicep-examples/resource-derived-types/README.md b/bicep-examples/resource-derived-types/README.md new file mode 100644 index 0000000..e69de29