Azure Blueprint Tutorial
This repository contains source code for article published in Medium: Secured & Consistent Landing Zone for Cloud Workload using Azure Blueprint
It contains 2 parts, which is ARM template, and Azure Policy template.
Azure Resource Manager (ARM Template)
This ARM template will deploy the following resources:
- Azure Virtual Network
- Network Security Group
- Azure Virtual Machine - Windows Server
- Azure Bastion
- Azure Storage Account
Here's the architecture diagram:
Azure Policy
The folder contains the following Azure Policy template:
- No Application Gateway in designated Azure Virtual Network
- No Azure Firewall in designated Azure Virtual Network
- No public IP address on all network interface card
- Network Security Group to block direct internet inbound
- Network Security Group to block direct internet outbound
- Network Security Group to be presence in all subnets