Create a Windows Virtual Machine, NIC, Subnet, Storage Account, Public IP, NSG, DNS Zone and VNet using a Bicep file.
Task Details
1. Create a Windows Virtual Machine, NIC, Subnet, Storage Account, Public IP, NSG, and VNet using a Bicep file.
2. Creating an Azure DNS Zone and Record with Bicep
*
Steps
Create a Windows Virtual Machine, NIC, Subnet, Storage Account, Public IP, NSG, and VNet using a Bicep file.
*
Inspect the Bicep file
--SNIP--
*
Understanding the Bicep Script:
Azure Resources Deployed by the Template:
- Subnet – Microsoft.Network/virtualNetworks/subnets
- Storage Account – Microsoft.Storage/storageAccounts
- Public IP – Microsoft.Network/publicIPAddresses
- Network Security Group (NSG) – Microsoft.Network/networkSecurityGroups
- Virtual Network (VNet) – Microsoft.Network/virtualNetworks
- Network Interface (NIC) – Microsoft.Network/networkInterfaces
- Virtual Machine (VM) – Microsoft.Compute/virtualMachines
Let’s break down the main parts of the Bicep file:
1. Parameters
- adminUsername – Stores the VM’s username.
- adminPassword – Stores the VM’s password (@secure() ensures it is encrypted and @minLength(12) enforces a minimum length).
- dnsLabelPrefix – Stores the unique DNS name for the VM’s Public IP. Default value is generated using toLower('${vmName}-${uniqueString(resourceGroup().id, vmName)}').
- publicIpName – Name of the Public IP.
- publicIpAllocation – Allowed values: static or dynamic (default: dynamic).
- publicIpSKU – Allowed SKU values for the Public IP (default: Basic).
- osVersion – Allowed OS versions (default: 2022-datacenter-azure-edition).
- Other parameters define VM size, location, VM name, and security type.
2. Variables
- storageAccountName – Unique storage account name using 'bootdiags' + uniqueString(resourceGroup().id).
- Other variables define network resources: NIC name, VNet, subnet names, prefixes, NSG group, etc.
- securityProfileJson – JSON object containing security settings:
- uefiSettings – Secure Boot and vTPM enabled.
- securityType – Links to the securityType parameter.
- Additional variables store VM extension info like extensionName, extensionPublisher, extensionVersion.
3. Resources
- Storage Account – Declares the storage account with SKU and location.
- Public IP – Creates a Public IP resource with SKU, location, and properties.
- Network Security Group (NSG) – Creates NSG to control network traffic.
- Virtual Network (VNet) – Defines a VNet for the VM.
- Network Interface (NIC) – Defines NIC and depends on VNet deployment.
Virtual Machine (VM) – Declares VM with:
- Hardware profile
- OS profile
- OS disk and data disk
- Network profile
- Diagnostic profile
- VM Extension – Defines an extension for VM configuration.
4. Outputs
- hostname – Returns the fully qualified domain name (FQDN) of the Public IP assigned to the VM.
*
Deploy Bicep template
1. In the Azure Portal, open Cloud Shell by clicking the Cloud Shell icon.
- When prompted, choose Bash.
- In the setup box, enter the following:
- No storage account required
- Subscription: Select your resource group
- Click Apply.
*
2. In the Cloud Shell toolbar, click the Manage files icon, choose Upload from the dropdown, and upload the main.bicep file to the Cloud Shell home directory.
*
3. Deploy the resources using the following command. The deployment may take a few minutes to complete successfully.
Copy command: az deployment group create --resource-group <resource-group-name> --template-file main.bicep --parameters adminUsername=<admin-username>
Note: If you have "The content for this response was already consumed" error Include all required parameters in a parameters JSON file (@main.parameters.json), including secure strings like adminPassword then deploy it.
*
4. This command deploys resources in the specified resource group using the main.bicep template, applying all parameters from main.parameters.json, and shows detailed output with --verbose.
az deployment group create \
--resource-group <your-resource-group> \
--template-file main.bicep \
--parameters @main.parameters.json \
--verbose
--SNIP--
*
Verify your deployments
Note: You can choose your own resource names in Bicep templates
- Bicep allows you to customize names for all resources using parameters or variables.
- Examples from this template:
| Parameter / Variable | Description | Default / Example |
|---|---|---|
| adminUsername | VM administrator username | "admin01" |
| adminPassword | VM administrator password | Secure string, min 12 characters |
| dnsLabelPrefix | Unique DNS name for Public IP | Generated from VM name and resource group |
| publicIpName | Name for Public IP | "myPublicIP" |
| publicIPAllocationMethod | Static or Dynamic IP allocation | "Dynamic" |
| publicIpSku | SKU for Public IP | "Basic" |
| OSVersion | Windows OS version | "2022-datacenter-azure-edition" |
| vmSize | VM size | "Standard_B2s" |
| vmName | VM name | "simple-vm" |
| virtualNetworkName | Virtual network name | "MyVNET" |
| subnetName | Subnet name | "Subnet" |
| networkSecurityGroupName | NSG name | "default-NSG" |
| storageAccountName | Storage account name | "bootdiags${uniqueString(resourceGroup().id)}" |
| nicName | Network interface name | "myVMNic" |
Tip: You can replace the default values with your own names for easier identification in Azure.
Using parameters allows flexibility when deploying multiple VMs or repeating deployments in different resource groups.
For example you can replace storageAccountName: bootdiags${uniqueString(resourceGroup().id)} with "storage4567"
Note: bootdiags${uniqueString(resourceGroup().id)} generates a globally unique, deterministic name by appending a hash of the resource group ID to the prefix bootdiags.
