Andrew Matveychuk andrewmatveychuk
☁️
andrewmatveychuk
/ wordpress-basic.bicep
Created
June 25, 2025 15:06
A basic WordPress application definition on Radius platform
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| extension radius | |
| extension radiusResources | |
| @description('The Radius Application ID. Injected automatically by the rad CLI.') | |
| param application string | |
| @description('The env ID of your Radius Environment. Set automatically by the rad CLI.') | |
| param environment string | |
| @description('Tag to pull for the WordPress container image.') |
andrewmatveychuk
/ mysql.bicep
Created
June 25, 2025 15:04
A sample Radius recipe to provision a MySQL database as a container
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @description('Information about what resource is calling this Recipe. Generated by Radius.') | |
| param context object | |
| @description('MySQL database name') | |
| param database string = context.application.name | |
| @description('MySQL username') | |
| param user string = '${context.application.name}-user' | |
| @description('MySQL password') |
andrewmatveychuk
/ wordpress-on-radius.bicep
Created
June 25, 2025 14:59
A sample container resource to run WordPress as a container on the Radius platform
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| extension radius | |
| extension radiusResources | |
| @description('The Radius Application ID. Injected automatically by the rad CLI.') | |
| param application string | |
| @description('The env ID of your Radius Environment. Set automatically by the rad CLI.') | |
| param environment string | |
| @description('Tag to pull for the WordPress container image.') |
andrewmatveychuk
/ YourAzurePolicy.Tests.ps1
Created
June 24, 2025 12:13
A sample Pester test to validate your Azure Policy behavior
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # [Redacted] Importing required modules... | |
| Describe "Testing policy 'Require a minimum TLS version for a Storage account...'" { | |
| Context 'When a Storage account is created or updated' { | |
| It 'Should deny incompliant TLS version settings' { | |
| AzTest -ResourceGroup { | |
| param($ResourceGroup) | |
| #region Arrange | |
| # You can use PowerShell parameter splatting to setup the input for your test |
andrewmatveychuk
/ listStorageAccountKeys.bicep
Created
November 11, 2024 12:42
Referencing Storage account access keys in Bicep
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource existingStorageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' existing = { | |
| name: storageAccountName | |
| } | |
| resource existingWebApp 'Microsoft.Web/sites@2020-09-01' existing = { | |
| name: webAppName | |
| } | |
| resource siteConfig 'Microsoft.Web/sites/config@2023-12-01' = { | |
| parent: existingWebApp |
andrewmatveychuk
/ accessRestrictions.bicep
Created
November 11, 2024 12:38
Azure Web App access restrictions to a specific Azure Front Door instance
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource siteConfig 'Microsoft.Web/sites/config@2023-12-01' = { | |
| parent: existingWebApp | |
| name: 'web' | |
| properties: { | |
| ipSecurityRestrictions: [ | |
| { | |
| ipAddress: 'AzureFrontDoor.Backend' | |
| action: 'Allow' | |
| tag: 'ServiceTag' | |
| priority: 100 |
andrewmatveychuk
/ keyVaultRoleAssignment.bicep
Created
November 11, 2024 12:34
Create an RBAC role assignment for Azure Key Vault using Bicep
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Key Vault with RBAC authorization mode | |
| resource existingKeyVault 'Microsoft.KeyVault/vaults@2024-04-01-preview' = { | |
| name: keyVaultName | |
| } | |
| // Creating a Key Vault RBAC roles mapping for more intuitive assignments | |
| var roleIdMapping = { | |
| 'Key Vault Administrator': '00482a5a-887f-4fb3-b363-3b7fe8e74483' | |
| 'Key Vault Certificates Officer': 'a4417e6f-fecd-4de8-b567-7b0420556985' | |
| 'Key Vault Crypto Officer': '14b46e9e-c2b7-41b4-b07b-48a6ebf60603' |
andrewmatveychuk
/ webAppSettings.bicep
Created
November 11, 2024 12:27
How to use multi-line strings in Bicep to pass a certificate via an environment variable to connect to Azure Database for MySQL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource appSettings 'Microsoft.Web/sites/config@2023-12-01' = { | |
| parent: existingWebApp | |
| name: 'appsettings' | |
| properties: { | |
| // ... redacted | |
| database__connection__host: existingMySQLServer.properties.fullyQualifiedDomainName | |
| database__connection__user: databaseLogin | |
| database__connection__password: '@Microsoft.KeyVault(SecretUri=${databasePasswordSecretUri})' | |
| database__connection__database: databaseName | |
| // The public SSL certificate used by Azure Database for MySQL - Flexible Server (https://dl.cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem) |
andrewmatveychuk
/ appsettings.json
Created
June 24, 2024 09:38
An appsettings.json file to authenticate to Azure resources using a system-assigned managed identity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "KeyVault": { | |
| "vaultUri": "https://kv-4zdnwe1wgbwdp.vault.azure.net", // Your Key Vault URI | |
| "credential": "managedidentity" // Using the system-assigned managed identity of your Azure Arc-enabled server | |
| } | |
| } |
andrewmatveychuk
/ appsettings.json
Created
June 7, 2024 09:07
A redacted appsettings.json file to authenticate to Azure resources using the DefaultAzureCredential type
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "KeyVault": { | |
| "vaultUri": "https://kv-4zdnwe1wgbwdp.vault.azure.net" // Your Key Vault URI | |
| } | |
| } |
NewerOlder