-
Notifications
You must be signed in to change notification settings - Fork 1
/
avd-image-builder-module.bicep
164 lines (157 loc) · 5.33 KB
/
avd-image-builder-module.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
param siglocation string
param roleNameAIBCustom string = '${'BicepAIB'}${utcNow()}'
param uamiName string
param uamiId string = resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', uamiName)
param imageTemplateName string = '${'AVDBicep'}${utcNow()}'
param outputname string = uniqueString(resourceGroup().name)
param galleryImageId string
param imagePublisher string
param imageOffer string
param imageSKU string
param InvokeRunImageBuildThroughDeploymentScript bool
param rgname string = resourceGroup().name
resource managedidentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' existing = {
name: uamiName
}
// Create Image Template in SIG Resource Group
resource imageTemplateName_resource 'Microsoft.VirtualMachineImages/imageTemplates@2020-02-14' = {
name: imageTemplateName
location: siglocation
tags: {
imagebuilderTemplate: 'AzureImageBuilderSIG'
userIdentity: 'enabled'
}
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${managedidentity.id}': {}
}
}
properties: {
buildTimeoutInMinutes: 180
vmProfile: {
vmSize: 'Standard_D2_v2'
osDiskSizeGB: 127
}
source: {
type: 'PlatformImage'
publisher: imagePublisher
offer: imageOffer
sku: imageSKU
version: 'latest'
}
/* Uncomment if you wish to run OS Optimize Script, Teams Installer and Windows Updates
customize: [
{
type: 'PowerShell'
name: 'OptimizeOS'
runElevated: true
runAsSystem: true
scriptUri: 'https://raw.githubusercontent.com/danielsollondon/azvmimagebuilder/master/solutions/14_Building_Images_AVD/1_Optimize_OS_for_AVD.ps1'
}
{
type: 'WindowsRestart'
restartCheckCommand: 'write-host \'restarting post Optimizations\''
restartTimeout: '5m'
}
{
type: 'PowerShell'
name: 'Install Teams'
runElevated: true
runAsSystem: true
scriptUri: 'https://raw.githubusercontent.com/danielsollondon/azvmimagebuilder/master/solutions/14_Building_Images_AVD/2_installTeams.ps1'
}
{
type: 'WindowsRestart'
restartCheckCommand: 'write-host \'restarting post Teams Install\''
restartTimeout: '5m'
}
{
type: 'WindowsUpdate'
searchCriteria: 'IsInstalled=0'
filters: [
'exclude:$_.Title -like \'*Preview*\''
'include:$true'
]
updateLimit: 40
}
]
*/
distribute: [
{
type: 'SharedImage'
galleryImageId: galleryImageId
runOutputName: outputname
artifactTags: {
source: 'avd10'
baseosimg: 'windows10'
}
replicationRegions: []
}
]
}
}
//Create Role Definition with Image Builder to run Image Build and execute container cli script
resource aibdef 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = if (InvokeRunImageBuildThroughDeploymentScript) {
name: guid(roleNameAIBCustom)
properties: {
roleName: roleNameAIBCustom
description: 'Custom role for AIB to invoke build of VM Template from deployment'
permissions: [
{
actions: [
'Microsoft.VirtualMachineImages/imageTemplates/Run/action'
'Microsoft.Storage/storageAccounts/*'
'Microsoft.ContainerInstance/containerGroups/*'
'Microsoft.Resources/deployments/*'
'Microsoft.Resources/deploymentScripts/*'
]
}
]
assignableScopes: [
resourceGroup().id
]
}
}
// Map AIB Runner Custom Role Assignment to Managed Identity
resource aibrunnerassignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = if (InvokeRunImageBuildThroughDeploymentScript) {
name: guid(resourceGroup().id, aibdef.id, managedidentity.id)
properties: {
roleDefinitionId: aibdef.id
principalId: managedidentity.properties.principalId
principalType: 'ServicePrincipal'
}
}
// Map Managed Identity Operator Role to to Managed Identity - Not required if not running Powershell Deployment Script for AIB
resource miorole 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = if (InvokeRunImageBuildThroughDeploymentScript) {
name: guid(resourceGroup().id, '/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830', managedidentity.id)
properties: {
roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830'
principalId: managedidentity.properties.principalId
principalType: 'ServicePrincipal'
}
}
// Run Deployment Script to Start build of Virtual Machine Image using AIB
resource scriptName_BuildVMImage 'Microsoft.Resources/deploymentScripts@2020-10-01' = if (InvokeRunImageBuildThroughDeploymentScript) {
name: 'BuildVMImage'
location: resourceGroup().location
kind: 'AzurePowerShell'
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${uamiId}': {}
}
}
properties: {
forceUpdateTag: '1'
azPowerShellVersion: '5.9'
arguments: ''
scriptContent: 'Invoke-AzResourceAction -ResourceName ${imageTemplateName} -ResourceGroupName ${rgname} -ResourceType Microsoft.VirtualMachineImages/imageTemplates -ApiVersion "2020-02-14" -Action Run -Force'
timeout: 'PT5M'
cleanupPreference: 'Always'
retentionInterval: 'P1D'
}
dependsOn: [
imageTemplateName_resource
]
}