-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAzureImageBuilderExample.bicep
97 lines (92 loc) · 2.45 KB
/
AzureImageBuilderExample.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
param identityName string = 'aibBuilderUser-${utcNow('yyyyMMddTHHmmss')}'
var location = 'UK South'
var imageName = 'vmiFirstImage'
var runOutputName = 'aibWindows'
var roleDefinitionId = guid(resourceGroup().id)
var roleAssignmentId = guid(resourceGroup().id)
resource userIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
name: identityName
location: location
}
resource imageBuilderRole 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
name: roleDefinitionId
properties: {
roleName: identityName
description: ''
assignableScopes: [
resourceGroup().id
]
permissions: [
{
actions: [
'Microsoft.Compute/galleries/read'
'Microsoft.Compute/galleries/images/read'
'Microsoft.Compute/galleries/images/versions/read'
'Microsoft.Compute/galleries/images/versions/write'
'Microsoft.Compute/images/write'
'Microsoft.Compute/images/read'
'Microsoft.Compute/images/delete'
]
}
]
}
}
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: roleAssignmentId
scope: resourceGroup()
properties: {
roleDefinitionId: imageBuilderRole.id
principalId: userIdentity.properties.principalId
}
}
resource ExampleImageBuild 'Microsoft.VirtualMachineImages/imageTemplates@2020-02-14' = {
name: 'ExampleImageBuild'
location: location
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${userIdentity.id}' : {}
}
}
tags: {
imageBuilderTemplate: 'windows2019'
userIdentity: 'enabled'
}
properties: {
buildTimeoutInMinutes: 100
vmProfile: {
vmSize: 'Standard_D2_v2'
osDiskSizeGB: 127
}
source: {
type: 'PlatformImage'
publisher: 'MicrosoftWindowsServer'
offer: 'WindowsServer'
sku: '2019-Datacenter'
version: 'latest'
}
customize: [
{
type: 'WindowsUpdate'
searchCriteria: 'IsInstalled=0'
filters: [
'exclude:$_.Title -like \'*Preview*\''
'include:$true'
]
updateLimit: 20
}
]
distribute: [
{
type: 'ManagedImage'
imageId: '${resourceGroup().id}/providers/Microsoft.Compute/images/${imageName}'
location: location
runOutputName: runOutputName
artifactTags: {
source: 'azVmImageBuilder'
baseosimg: 'windows2019'
}
}
]
}
}