The PowerShell script can be used to provision the Azure resources required to deploy this Non-fungibleToken Solution Accelerator. You may skip this section if you prefer to provision your Azure resources via the Azure Portal, using the Azure Resource Manager(ARM) Template provided, or the Deploy to Azure button on the main documentation page.
The PowerShell script will provision the following resources to your Azure subscription:
- Azure Virtual Machine
- Azure Virtual Network
- Azure Public IP Address
- Azure Network Security Group
- Azure Network Interface
- Azure Disk
- Azure Container Registry
- Azure Kubernetes Service
- Azure Key Vault
- Azure Cosmos DB Account
- Azure Subscription - Required to deploy compute resources
- PowerShell 7.1 - Required to run deployment scripts
- Azure CLI installed - Required to run deployment scripts
- User Access Administrator Role - Assigned to the user in Azure Subscription
- PuTTy - Required for ssh connection into VM
Execute the following steps to deploy Azure resources:
Clone or download this repository, if you have not already done so.
Check here for more information on cloning a repository.
-
Run PowerShell 7.1
This script will also update appsettings.json with values required to communicate with your resources.
Remember to write down all of the output values printed on the screen. These are required in the next step (deploying the token service).
-
Run Change Directory command to Navigate to the Path using the resourcedeployment.ps1 location deployment/ARMTemplates/Bicep/
PS C:\Users\>cd <directory path> -
Run the resourcedeployment.ps1 with the following parameters:
.\resourcedeployment.ps1 <SubscriptionId> <location> <AdminName> <AdminPassword>SubscriptionId : The subscription ID for where you want to manage your resources location : Azure Data Center Region where resources will be deployed AdminName : Admin User Name for BlockChain Virtual Machine AdminPassword : Admin password for Blockchain Virtual Machine-
In case you get the below error for running the PowerShell script:
-
To resolve the above issue run the following command:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -
Then run
.\resourcedeployment.ps1 <SubscriptionId> <location> <AdminName> <AdminPassword> -
After the completion of the script, check to see that all of the Azure resources deployed successfully. Your resource groups should look similar to the image below.
-
Note: The managed identity name will differ by deployment. Your managed identity will be different. Ex. NFTUserIdentity-XXXXX
-
Step into the aks VM scale set
-
Under settings click on the identity
-
Click on the User Assigned tab and click on add and select NFTUserIdentity-XXX
-
Refresh to confirm identity assignment
-
Step into the key vault
-
Click on the Access control and click on add and select Add role assignment
-
Search for the "Key Vault Crypto Officer" in the search box given. Select the "Key Vault Crypto Officer" role and click next
-
Click on the select members and select NFTUserIdentity-XXX
-
Click on review + assign to add the role assignment
-
Refresh to confirm role assignment
-
Step into the key vault
-
Under settings click on the Access policies and click on the add access policy
-
Select Key Management in the template. Select the Get, Update, Create, Delete, Verify, and Sign in the key permissions
-
Click on the none selected and select NFTUserIdentity-XXX
-
Click on add to add access policy
-
Review the permissions and click on save to commit your changes
-
Refresh to confirm access policy
-
Step into the Cosmos DB account
-
Click on the Access control and click on add and select Add role assignment
-
Search for the "DocumentDB Account Contributor" in the search box given. Select the "DocumentDB Account Contributor" role and click next
-
Click on the select members and select NFTUserIdentity-XXX
-
Click on review + assign to add the role assignment
-
Refresh to confirm role assignment
You've successfully deployed all the resources!
Next, go to Quorum Configuration.