-
Notifications
You must be signed in to change notification settings - Fork 1
/
Deploy-AzureLighthouse.ps1
72 lines (60 loc) · 3.37 KB
/
Deploy-AzureLighthouse.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
param(
[parameter(mandatory)][string]$ManagementGroupName,
[parameter(mandatory)][string]$SubscriptionID,
[parameter(mandatory)][string]$ResourceGroupName,
[parameter(mandatory)][string]$Region,
[parameter(mandatory)][string]$Country
#[parameter(mandatory)][string]$Delivery
)
$Country = $Country.ToLower()
$Delivery = 'global'
$RGTemplateParameterFile = ('.\templates\resourcegroup.' + $Delivery + '.' + $Country + '.template.parameters.json')
$SubscriptionTemplateParameterFile = ('.\templates\subscription.' + $Delivery + '.' + $Country + '.template.parameters.json')
if (-not (Get-Module -Name Az.ResourceGraph -ErrorAction SilentlyContinue)) {
Install-Module Az.ResourceGraph -Force -Confirm:$false
}
Write-Host "Switching to Azure Guardian Subscription" -ForegroundColor Cyan
Set-AzContext -Subscription $SubscriptionID
$ResourceGroup = Get-AzResourceGroup -ResourceGroupName $ResourceGroupName -ErrorAction SilentlyContinue
if ($ResourceGroup -eq $null) {
Write-Host "$ResourceGroupName does not exist" -ForegroundColor Yellow
do {
$ResourceGroupName = Read-Host "Enter name of Resource Group"
}until(($ResourceGroup = Get-AzResourceGroup -ResourceGroupName $ResourceGroupName) -ne $null)
}
else { Write-Host "Validated Resource Group Name" -ForegroundColor Cyan }
Write-Host "Deploying Azure Lighthouse to $ResourceGroupName" -ForegroundColor Cyan
New-AzSubscriptionDeployment -Name "RGDeployment" -Location $Region -TemplateFile .\resourcegroup.template.json -TemplateParameterFile $RGTemplateParameterFile -rgName $ResourceGroupName
Write-Host "Deployed Azure Lighthouse to $ResourceGroupName" -ForegroundColor Cyan
$ManagementGroup = Get-AzManagementGroup | Where-Object { $_.displayName -eq $ManagementGroupName }
if ($ManagementGroup -eq $null) {
Write-Host "$ManagementGroupName does not exist" -ForegroundColor Yellow
do {
$ManagementGroupName = Read-Host "Enter name of Management Group"
}until(($ManagementGroup = Get-AzManagementGroup | Where-Object { $_.displayName -eq $ManagementGroupName }) -ne $null)
}
else { Write-Host "Validated Management Group Name" -ForegroundColor Cyan }
$subscriptions = Search-AzGraph -Query "ResourceContainers | where type =~ 'microsoft.resources/subscriptions'" -ManagementGroup $managementGroup.Name
$enrollmentstatus = @()
ForEach ($subscription in $subscriptions) {
try {
Write-Host "Deploying Azure Lighthouse to"$subscription.Name -ForegroundColor Cyan
Set-AzContext -Subscription $subscription.subscriptionId
New-AzSubscriptionDeployment -Location $Region -TemplateFile .\subscription.template.json -TemplateParameterFile $SubscriptionTemplateParameterFile
$data = "" | Select-Object SubscriptionName, SubscriptionID, Status
$data.SubscriptionName = $subscription.Name
$data.SubscriptionID = $subscription.subscriptionId
$data.Status = 'Enrolled'
$enrollmentstatus += $data
}
catch {
$data = "" | Select-Object SubscriptionName, SubscriptionID, Status
$data.SubscriptionName = $subscription.Name
$data.SubscriptionID = $subscription.subscriptionId
$data.Status = 'NotEnrolled'
$enrollmentstatus += $data
}
}
Write-Host "Deployed Azure Lighthouse to subscription/s under" $managementGroup.DisplayName -ForegroundColor Cyan
Write-Host "Enrollment Status for each subscription"
$enrollmentstatus