Skip to content

Instantly share code, notes, and snippets.

@ljtill

ljtill/main.bicep

Last active March 1, 2023 17:49
Show Gist options
  • Save ljtill/9931bace1a1fc5a0a34c4bd47d5dff7b to your computer and use it in GitHub Desktop.
Save ljtill/9931bace1a1fc5a0a34c4bd47d5dff7b to your computer and use it in GitHub Desktop.
Download ZIP
Provides the ability to run Windows 11 on Azure with Trusted Launch
Raw
main.bicep
// ------
// Scopes
// ------
targetScope = 'resourceGroup'
// ---------
// Resources
// ---------
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' = {
name: 'VN-01'
location: location
properties: {
addressSpace: {
addressPrefixes: [
'10.0.0.0/16'
]
}
subnets: [
{
name: 'default'
properties: {
addressPrefix: '10.0.0.0/24'
networkSecurityGroup: {
id: securityGroup.id
}
}
}
]
}
tags: tags
}
resource networkInterface 'Microsoft.Network/networkInterfaces@2021-05-01' = {
name: 'NI-01'
location: location
properties: {
ipConfigurations: [
{
name: 'ipconfig1'
properties: {
privateIPAllocationMethod: 'Dynamic'
subnet: {
id: '${virtualNetwork.id}/subnets/default'
}
}
}
]
}
tags: tags
}
resource securityGroup 'Microsoft.Network/networkSecurityGroups@2021-05-01' = {
name: 'SG-01'
location: location
properties: {
securityRules: []
}
tags: tags
}
resource virtualMachine 'Microsoft.Compute/virtualMachines@2022-03-01' = {
name: 'VM-01'
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
hardwareProfile: {
vmSize: 'Standard_E4bs_v5'
}
storageProfile: {
imageReference: {
publisher: 'microsoftwindowsdesktop'
offer: 'windows-11'
sku: 'win11-21h2-ent'
version: 'latest'
}
osDisk: {
name: 'DS-01'
createOption: 'FromImage'
managedDisk: {
storageAccountType: 'Premium_LRS'
}
deleteOption: 'Delete'
}
dataDisks: [
{
name: 'DS-02'
lun: 0
createOption: 'Empty'
diskSizeGB: 256
managedDisk: {
storageAccountType: 'StandardSSD_LRS'
}
deleteOption: 'Delete'
}
]
}
networkProfile: {
networkInterfaces: [
{
id: networkInterface.id
properties: {
deleteOption: 'Delete'
}
}
]
}
osProfile: {
computerName: 'VM-01'
adminUsername: adminUsername
adminPassword: adminPassword
}
securityProfile: {
securityType: 'TrustedLaunch'
uefiSettings: {
secureBootEnabled: true
vTpmEnabled: true
}
}
diagnosticsProfile: {
bootDiagnostics: {
enabled: true
}
}
licenseType: 'Windows_Client'
}
tags: tags
resource attestation 'extensions' = {
name: 'GuestAttestation'
location: location
properties: {
type: 'GuestAttestation'
typeHandlerVersion: '1.0'
publisher: 'Microsoft.Azure.Security.WindowsAttestation'
autoUpgradeMinorVersion: true
settings: {
AttestationEndpointCfg: {
maaEndpoint: 'https://shareduks.uks.attest.azure.net/'
maaTenantName: 'GuestAttestation'
ascReportingEndpoint: 'https://sharedeus2.eus2.attest.azure.net/'
useAlternativeToken: false
disableAlerts: false
}
}
}
}
}
// ---------
// Variables
// ---------
var tags = {
created: '01/08/22'
modifed: date
}
// ----------
// Parameters
// ----------
param date string = utcNow('dd/MM/yy')
param location string = 'uksouth'
@secure()
param adminUsername string
@secure()
param adminPassword string
Raw
main.yml
name: "Deploy"
on:
workflow_dispatch:
permissions:
id-token: write
contents: read
jobs:
deploy:
name: "Deploy"
runs-on: ubuntu-latest
environment: Development
steps:
- name: "Checkout"
uses: actions/checkout@v3
- name: "Login"
uses: azure/login@v1
with:
client-id: ${{ secrets.CLIENT_ID }}
subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
tenant-id: ${{ secrets.TENANT_ID }}
- name: "Deploy"
run: |
az group create \
--name "Desktop" \
--location "uksouth"
az deployment group create \
--resource-group "Desktop" \
--name "Microsoft.Resources" \
--template-file "./src/main.bicep" \
--parameters \
adminUsername=${{ secrets.ADMIN_USERNAME }} \
adminPassword=${{ secrets.ADMIN_PASSWORD }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment