The Azure Quickstart templates are currently available in English
This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint.
この Azure Resource Manager (ARM) テンプレートは、マイクロソフトではなく、コミュニティのメンバーによって作成されました。各 ARM テンプレートは、マイクロソフトではなく、テンプレートの所有者によるライセンス契約に基づいて使用許諾されます。マイクロソフトは、コミュニティ メンバーによって提供および使用許諾される ARM テンプレートに対して責任を負わず、セキュリティ、互換性、パフォーマンスなどについての調査を行っていません。コミュニティ ARM テンプレートは、Microsoft サポート プログラムまたはサービスのサポート対象ではなく、手を加えずに提供され、いかなる保証もありません。
パラメーター
| パラメーター名 | 説明 |
|---|---|
| location | Specifies the location for all the resources. |
| virtualNetworkName | Specifies the name of the virtual network hosting the virtual machine. |
| virtualNetworkAddressPrefix | Specifies the address prefix of the virtual network hosting the virtual machine. |
| subnetName | Specifies the name of the subnet hosting the virtual machine. |
| subnetAddressPrefix | Specifies the address prefix of the subnet hosting the virtual machine. |
| blobStorageAccountName | Specifies the globally unique name for the storage account used to store the boot diagnostics logs of the virtual machine. |
| vmName | Specifies the name of the virtual machine. |
| vmSize | Specifies the size of the virtual machine. |
| imagePublisher | Specifies the image publisher of the disk image used to create the virtual machine. |
| imageOffer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. |
| imageSku | Specifies the Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version. |
| authenticationType | Specifies the type of authentication when accessing the Virtual Machine. SSH key is recommended. |
| adminUsername | Specifies the name of the administrator account of the virtual machine. |
| adminPasswordOrKey | Specifies the SSH Key or password for the virtual machine. SSH key is recommended. |
| diskStorageAccounType | Defines the storage account type for OS and data disk. |
| numDataDisks | Specifies the number of data disks of the virtual machine. |
| osDiskSize | The size in GB of the OS disk of the VM. |
| dataDiskSize | Specifies the size in GB of the OS disk of the virtual machine. |
| dataDiskCaching | Specifies the caching requirements for the data disks. |
| _artifactsLocation | Specifies the base URI where artifacts required by this template are located including a trailing '/' |
| _artifactsLocationSasToken | Specifies the sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured. |
| scriptFileName | Specifies the script to download from the URI specified by the scriptFilePath parameter. |
| deployLogAnalytics | Specifies whether to deploy a Log Analytics workspace to monitor the health and performance of the virtual machine. |
| workspaceName | Specifies the globally unique name of the Log Analytics workspace. |
| workspaceSku | Specifies the SKU of the Log Analytics workspace. |
| keyVaultName | Specifies the name of the key vault. |
| enabledForDeployment | Specifies whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. |
| enabledForDiskEncryption | Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. |
| enabledForTemplateDeployment | Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault. |
| enableSoftDelete | Specifies whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. |
| softDeleteRetentionInDays | Specifies the softDelete data retention days. It accepts >=7 and <=90. |
| enableRbacAuthorization | Controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored (warning: this is a preview feature). When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. |
| tenantId | Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet. |
| keysPermissions | Specifies the permissions to keys in the vault. Valid values are: all, encrypt, decrypt, wrapKey, unwrapKey, sign, verify, get, list, create, update, import, delete, backup, restore, recover, and purge. |
| secretsPermissions | Specifies the permissions to secrets in the vault. Valid values are: all, get, list, set, delete, backup, restore, recover, and purge. |
| certificatesPermissions | Specifies the permissions to certificates in the vault. Valid values are: all, get, list, set, delete, managecontacts, getissuers, listissuers, setissuers, deleteissuers, manageissuers, backup, and recover. |
| skuName | Specifies whether the key vault is a standard vault or a premium vault. |
| secretsArray | Specifies all secrets {"secretName":"","secretValue":""} wrapped in a secure object. |
| keyVaultPrivateEndpointName | Specifies the name of the private link to key vault. |
| blobStorageAccountPrivateEndpointName | Specifies the name of the private link to the boot diagnostics storage account. |
テンプレートを使用する
PowerShell
New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deploymentAzure PowerShell のインストールと構成
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.keyvault/key-vault-private-endpoint/azuredeploy.json
コマンド ライン
az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deploymentAzure クロス プラットフォーム コマンド ライン インターフェイスのインストールと構成
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.keyvault/key-vault-private-endpoint/azuredeploy.json