Update acls, admin users, Makefile, *.json

Signed-off-by: Aaron Wislang <[email protected]>
Azure-Samples · Aug 29, 2024 · 6693c66 · 6693c66
1 parent 1849f35
commit 6693c66
Show file tree

Hide file tree

Showing 14 changed files with 51 additions and 29 deletions.
diff --git a/cloud-native/Makefile b/cloud-native/Makefile
@@ -1,8 +1,2 @@
 bicep:
-	az bicep build -f aks-arm64/main.bicep 
-	az bicep build -f aks-bicep-keda/01-aks/main.bicep 
-	az bicep build -f aks-bicep/01-aks/main.bicep 
-	az bicep build -f aks-open-service-mesh/main.bicep
-	az bicep build -f aks-webapp-routing/main.bicep 
 	az bicep build -f containerapps-bicep/main.bicep
-	az bicep build -f aks-bicep-k8s/main.bicep 
diff --git a/cloud-native/aks-azure-linux/aks.bicep b/cloud-native/aks-azure-linux/aks.bicep
@@ -76,7 +76,7 @@ resource containerRegistry 'Microsoft.ContainerRegistry/registries@2019-05-01' =
     name: 'Standard'
   }
   properties: {
-    adminUserEnabled: true
+    adminUserEnabled: false
   }
 }
 
@@ -88,6 +88,13 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-02-01' = {
     name: 'Premium_LRS'
   }
   properties: {
+    allowBlobPublicAccess: false
+    networkAcls: {
+      defaultAction: 'Deny'
+      bypass: 'AzureServices'
+      virtualNetworkRules: []
+      ipRules: []
+    }
     minimumTlsVersion: 'TLS1_2'
   }
 }

diff --git a/cloud-native/containerapps-bicep/containerapp.bicep b/cloud-native/containerapps-bicep/containerapp.bicep
@@ -18,7 +18,7 @@ resource containerRegistry 'Microsoft.ContainerRegistry/registries@2019-05-01' =
     name: 'Standard'
   }
   properties: {
-    adminUserEnabled: true
+    adminUserEnabled: false
   }
 }
 

diff --git a/cloud-native/containerapps-bicep/containerapp.json b/cloud-native/containerapps-bicep/containerapp.json
@@ -47,7 +47,7 @@
           "name": "Standard"
         },
         "properties": {
-          "adminUserEnabled": true
+          "adminUserEnabled": false
         }
       },
       {

diff --git a/cloud-native/containerapps-bicep/keyvault.bicep b/cloud-native/containerapps-bicep/keyvault.bicep
@@ -23,7 +23,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' = {
       family: 'A'
     }
     networkAcls: {
-      defaultAction: 'Allow'
+      defaultAction: 'Deny'
       bypass: 'AzureServices'
     }
     accessPolicies: [

diff --git a/cloud-native/containerapps-bicep/main.json b/cloud-native/containerapps-bicep/main.json
@@ -89,7 +89,7 @@
                 "name": "Standard"
               },
               "properties": {
-                "adminUserEnabled": true
+                "adminUserEnabled": false
               }
             },
             {
@@ -268,7 +268,7 @@
                   "family": "A"
                 },
                 "networkAcls": {
-                  "defaultAction": "Allow",
+                  "defaultAction": "Deny",
                   "bypass": "AzureServices"
                 },
                 "accessPolicies": [

diff --git a/cloud-native/containerapps-bicep/postgres-keyvault.bicep b/cloud-native/containerapps-bicep/postgres-keyvault.bicep
@@ -26,7 +26,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' = {
       family: 'A'
     }
     networkAcls: {
-      defaultAction: 'Allow'
+      defaultAction: 'Deny'
       bypass: 'AzureServices'
     }
     accessPolicies: [

diff --git a/cloud-native/containerapps-bicep/storage.bicep b/cloud-native/containerapps-bicep/storage.bicep
@@ -15,6 +15,13 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-02-01' = {
     name: 'Premium_LRS'
   }
   properties: {
+    allowBlobPublicAccess: false
+    networkAcls: {
+      defaultAction: 'Deny'
+      bypass: 'AzureServices'
+      virtualNetworkRules: []
+      ipRules: []
+    }
     minimumTlsVersion: 'TLS1_2'
   }
 }

diff --git a/linux/vm-flatcar-postgres/main.json b/linux/vm-flatcar-postgres/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.28.1.47646",
-      "templateHash": "16546506825093351762"
+      "version": "0.29.47.4906",
+      "templateHash": "61716172662635668"
     }
   },
   "parameters": {
@@ -59,8 +59,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.28.1.47646",
-              "templateHash": "5008762517955484404"
+              "version": "0.29.47.4906",
+              "templateHash": "13749006361708145984"
             }
           },
           "parameters": {
@@ -479,8 +479,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.28.1.47646",
-              "templateHash": "17782720627283437608"
+              "version": "0.29.47.4906",
+              "templateHash": "13926952482795887884"
             }
           },
           "parameters": {
@@ -594,8 +594,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.28.1.47646",
-                      "templateHash": "9620970338207014434"
+                      "version": "0.29.47.4906",
+                      "templateHash": "17815256772229698992"
                     }
                   },
                   "parameters": {

diff --git a/linux/vm-mariner/vm.bicep b/linux/vm-mariner/vm.bicep
@@ -351,6 +351,13 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-02-01' = {
     name: 'Premium_LRS'
   }
   properties: {
+    allowBlobPublicAccess: false
+    networkAcls: {
+      defaultAction: 'Deny'
+      bypass: 'AzureServices'
+      virtualNetworkRules: []
+      ipRules: []
+    }
     minimumTlsVersion: 'TLS1_2'
   }
 }

diff --git a/linux/vm-mariner/vm.json b/linux/vm-mariner/vm.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.28.1.47646",
-      "templateHash": "15024671018336532028"
+      "version": "0.29.47.4906",
+      "templateHash": "4772838773161597591"
     }
   },
   "parameters": {
@@ -414,6 +414,13 @@
         "name": "Premium_LRS"
       },
       "properties": {
+        "allowBlobPublicAccess": false,
+        "networkAcls": {
+          "defaultAction": "Deny",
+          "bypass": "AzureServices",
+          "virtualNetworkRules": [],
+          "ipRules": []
+        },
         "minimumTlsVersion": "TLS1_2"
       }
     },

diff --git a/linux/vm-mastodon/vm.json b/linux/vm-mastodon/vm.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.28.1.47646",
-      "templateHash": "9529550557696470493"
+      "version": "0.29.47.4906",
+      "templateHash": "1716787271065300818"
     }
   },
   "parameters": {

diff --git a/linux/vm/vm.json b/linux/vm/vm.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.28.1.47646",
-      "templateHash": "3859452481311857536"
+      "version": "0.29.47.4906",
+      "templateHash": "18192218196942100983"
     }
   },
   "parameters": {

diff --git a/linux/vmss/vmss.json b/linux/vmss/vmss.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.28.1.47646",
-      "templateHash": "9575926172091705339"
+      "version": "0.29.47.4906",
+      "templateHash": "14570331344852001599"
     }
   },
   "parameters": {