azKeyvault

Deploy an Azure KeyVault to the relevant subscription.

Attributes

Attribute	Type	Mandatory	Default
Name	String	Yes
ResourceGroupName	String	Yes
Location	String	Yes
Zone	String	No
Sku	String	No
EnabledForDeployment	Boolean	No	False
EnabledForTemplateDeployment	Boolean	No	False
EnabledForDiskEncryption	Boolean	No	False
EnablePurgeProtection	Boolean	No	False
Network	Object	No
Diagnostic	Object	No
Tag	Object	No
Lock	Object	No

Network

Attribute	Type	Mandatory	Values	Default	Notes
PrivateEndpoint	Object	No
PublicAccess	Object	No

PublicAccess

Attribute	Type	Mandatory	Default
Enabled	Boolean	No	True
Firewall	Object	No
VNet	Object	No

Firewall Rule

Attribute	Type	Mandatory	Values	Default	Notes
IPRange	Array	Yes

VNet Rule

Attribute	Type	Mandatory
SubnetName	String	Yes
VNetResourceGroupName	String	Yes
VNetName	String	Yes

Diagnostic

Attribute	Type	Mandatory	Default
Name	String	Yes	True
Log	Object	No	True
Metric	Object	No	True
Target	Object	No	True

Diagnostic Log

Attribute	Type	Mandatory	Values	Notes
Enabled	Boolean	No		Defaults to true if Category is not null
Category	Array	No	AuditEvent
			AzurePolicyEvaluationDetails

Diagnostic Metric

Attribute	Type	Mandatory	Values	Default	Notes
Enabled	Boolean
Category	Array		AllMetrics

Input by YAML

Object model for YAML deployment:

azKeyVault:
    # Mandatory
  - Name: 'string'
    ResourceGroupName: 'string'
    Location: 'string'
    # Optional
    Sku:                                            # Standard (D), Premium
    EnabledForDeployment: boolean                   # True, False (D)
    EnabledForTemplateDeployment: boolean           # True, False (D)
    EnabledForDiskEncryption: boolean               # True, False (D)
    EnablePurgeProtection: boolean                  # True, False (D)
    Network:
      PrivateEndPoint:
        Name: 'string'
        Location: 'string'
        PrivateLinkName: 'string'                   # Defaults to pl-resource
        NetworkInterfaceName: 'string'              # Defaults to pe-nic-resource
        ResourceGroupName: 'string'                 # Defaults to RG of the resource
        VirtualNetwork:
          VNetName: 'string'
          SubnetName: 'string'
          ResourceGroupName: 'string'               # Defaults to RG of the resource
          SubscriptionName: 'string'                # Defaults to Sub of the resource
      PublicAccess:
        Enabled: 'string'                           # True (D), False
        Firewall:
          IPRange:
            - 'string'
        VNet:
          - SubnetName: 'string'
            VnetName: 'string'
            VNetResourceGroupName: 'string'
    Diagnostic:
      - Name: 'string'
        Log:
          Enabled: boolean                          # True (D if Category not null), False
          Category: [array]                         # Defaults to all if enabled
        Metric:
          Enabled: boolean                          # True (D if MetricCategory not null), False
          Category: [array]                         # Defaults to all if enabled
        Target:
          Blob:
            StorageAccount: 'string' 
            ResourceGroupName: 'string'             # Defaults to RG of resource
            Subscription: 'string'                  # Defaults to Sub of resource
            StorageKeyType: 'string'                # Primary, Secondary
            RetentionInDays: number
          EventHub:
            Name: 'string'
            Namespace: 'string'
            ResourceGroupName: 'string'             # Defaults to RG of resource
            Subscription: 'string'                  # Defaults to Sub of resource
            SharedAccessPolicy: 'string'            # RootManageSharedAccessKey (D)
          LogAnalytics:
            Workspace: 'string'
            ResourceGroupName: 'string'             # Defaults to RG of resource
            Subscription: 'string'                  # Defaults to Sub of resource
    Tag: 
      'keyvalue-pairs'
    Lock:
      - Name: 'string'
        Level: 'string'                             # CanNotDelete, ReadOnly
        Notes: 'string'

Input by JSON

Object model for JSON deployment:

{
  "azKeyVault": [
    {
      "Name": "string",
      "ResourceGroupName": "string",
      "Location": "string",
      "Sku": "string",
      "EnabledForDeployment": boolean,
      "EnabledForTemplateDeployment": boolean,
      "EnabledForDiskEncryption": boolean,
      "EnablePurgeProtection": boolean,
      "Network": {
        "PrivateEndPoint": {
          "Name": "string",
          "Location": "string",
          "PrivateLinkName": "string",
          "NetworkInterfaceName": "string",
          "ResourceGroupName": "string",
          "VirtualNetwork": {
            "VNetName": "string",
            "SubnetName": "string",
            "ResourceGroupName": "string",
            "SubscriptionName": "string"
          }
        },
        "PublicAccess": {
          "Enabled": "string",
          "Firewall": {
            "IPRange": [
              "string"
            ]
          },
          "VNet": [
            {
              "SubnetName": "string",
              "VnetName": "string",
              "VNetResourceGroupName": "string"
            }
          ]
        }
      },
      "Diagnostic": [
        {
          "Name": "string",
          "Log": {
            "Enabled": boolean,
            "Category": [array]
          },
          "Metric": {
            "Enabled": boolean,
            "Category": [array]
          },
          "Target": {
            "Blob": {
              "StorageAccount": "string",
              "ResourceGroupName": "string",
              "Subscription": "string",
              "StorageKeyType": "string",
              "RetentionInDays": number
            },
            "EventHub": {
              "Name": "string",
              "Namespace": "string",
              "ResourceGroupName": "string",
              "Subscription": "string",
              "SharedAccessPolicy": "string"
            },
            "LogAnalytics": {
              "Workspace": "string",
              "ResourceGroupName": "string",
              "Subscription": "string"
            }
          }
        }
      ],
      "Tag": {
        "key": "value"
      },
      "Lock": [
        {
          "Name": "string",
          "Level": "string",
          "Notes": "string"
        }
      ]
    }
  ]
}

Validation

The following validation is performed by Powershell function Confirm-JDResource.

Attribute: Name
Validation:
  Mandatory: cannot be null

Attribute: ResourceGroupName
Validation:
  Mandatory: cannot be null

Attribute: Location
Validation:
  Mandatory: cannot be null

Attributes​

Network​

PublicAccess​

Firewall Rule​

VNet Rule​

Diagnostic​

Diagnostic Log​

Diagnostic Metric​

Input by YAML​

Input by JSON​

Validation​