This repository contains Infrastructure as Code (IaC) templates to deploy a comprehensive Azure lab environment for AZ-104 certification preparation.
The environment consists of:
-
Hub-Spoke Network Topology
- Hub VNet with Azure Firewall, VPN Gateway, and Bastion
- Spoke VNet with workload subnet and AKS subnet
- Full VNet peering configuration
-
Compute Resources
- Windows Server 2022 VM in Hub
- Ubuntu 20.04 VM in Spoke
- All VMs use cost-optimized B-series SKUs
-
Monitoring & Security
- Log Analytics Workspace with full solutions
- NSG Flow Logs with Traffic Analytics
- Azure Bastion for secure VM access
- Network Security Groups on all subnets
-
Sample Logic App
- Demonstrates service health monitoring
- Managed Identity configuration
- Log Analytics integration
- Azure Subscription with appropriate permissions
- PowerShell 7.0 or later
- Az PowerShell module
- Key Vault with VM credentials (setup instructions provided separately)
- Clone this repository
- Navigate to the infrastructure directory
- Run the deployment script:
./deploy.ps1
The script will:
- Verify your Azure context
- Create/update resource group
- Deploy all resources
- Display connection information
- All VM access is through Azure Bastion only
- No public IPs on VMs
- NSGs restrict all unnecessary traffic
- All credentials are stored in Azure Key Vault
- All resources send logs to Log Analytics
- B-series VMs for cost efficiency
- NSG flow logs retention set to 30 days
- Standard SKU for Azure Firewall
- Consider stopping VMs when not in use
Please submit issues and pull requests for any improvements.
See LICENSE file.
This is a lab environment for learning purposes. Review and adjust security settings before using in any other scenario.
