Azure Blueprint Tutorial

This repository contains source code for article published in Medium: Secured & Consistent Landing Zone for Cloud Workload using Azure Blueprint

It contains 2 parts, which is ARM template, and Azure Policy template.

Azure Resource Manager (ARM Template)

Deploy to Azure

This ARM template will deploy the following resources:

  1. Azure Virtual Network
  2. Network Security Group
  3. Azure Virtual Machine - Windows Server
  4. Azure Bastion
  5. Azure Storage Account

Here's the architecture diagram:

Diagram

Azure Policy

The folder contains the following Azure Policy template:

  1. No Application Gateway in designated Azure Virtual Network
  2. No Azure Firewall in designated Azure Virtual Network
  3. No public IP address on all network interface card
  4. Network Security Group to block direct internet inbound
  5. Network Security Group to block direct internet outbound
  6. Network Security Group to be presence in all subnets