diff --git a/cloud-native/aks-arm/NOTES.md b/cloud-native/aks-arm/NOTES.md
new file mode 100644
index 0000000..728c2b8
--- /dev/null
+++ b/cloud-native/aks-arm/NOTES.md
@@ -0,0 +1,7 @@
+# NOTES
+
+https://azure.github.io/Azure-Verified-Modules/indexes/bicep/bicep-resource-modules/
+
+https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/container-service/managed-cluster#example-3-using-only-defaults
+
+https://techcommunity.microsoft.com/blog/linuxandopensourceblog/azure-linux-3-0-now-in-preview-on-azure-kubernetes-service-v1-31/4287229
diff --git a/cloud-native/aks-arm/README.md b/cloud-native/aks-arm/README.md
new file mode 100644
index 0000000..695abd3
--- /dev/null
+++ b/cloud-native/aks-arm/README.md
@@ -0,0 +1,55 @@
+# Azure Kubernetes Service (AKS)
+
+## Prerequisites
+
+- Azure CLI
+- Bicep
+- Azure Subscription
+
+## Deploy
+
+Azure Linux V3 Preview feature registration:
+
+```bash
+az feature register \
+    --namespace Microsoft.ContainerService \
+    --name AzureLinuxV3Preview
+```
+
+```bash
+az feature show \
+    --namespace Microsoft.ContainerService \
+    --name AzureLinuxV3Preview
+```
+
+```bash
+az provider register \
+    -n Microsoft.ContainerService
+```
+
+Create resource group:
+
+```bash
+az group create \
+    --name 250100-aks \
+    --location eastus
+```
+
+Deploy Azure Kubernetes Service (AKS) cluster:
+
+```bash
+az deployment group create \
+    --resource-group 250100-aks \
+    --template-file cloud-native/aks-arm/aks.bicep
+```
+
+## Cleanup
+
+Deploy the empty Bicep template:
+
+```bash
+az deployment group create \
+    --resource-group 250100-aks \
+    --mode Complete \
+    --template-file cloud-native/aks-arm/empty.bicep
+```
diff --git a/cloud-native/aks-arm/aks.bicep b/cloud-native/aks-arm/aks.bicep
new file mode 100644
index 0000000..d39f865
--- /dev/null
+++ b/cloud-native/aks-arm/aks.bicep
@@ -0,0 +1,47 @@
+param location string = resourceGroup().location
+
+var managedIdentityName = '${resourceGroup().name}-identity'
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.6.2' = {
+  name: 'managedClusterDeployment'
+  params: {
+    // Required parameters
+    name: 'aks-1'
+    kubernetesVersion: '1.31.2'
+    primaryAgentPoolProfiles: [
+      {
+        count: 1
+        mode: 'System'
+        name: 'systempool'
+        osSKU: 'AzureLinux'
+        vmSize: 'Standard_D2pds_v6'
+        orchestratorVersion: '1.31.2'
+      }
+      {
+        count: 1
+        mode: 'User'
+        name: 'pool1'
+        osSKU: 'AzureLinux'
+        vmSize: 'Standard_D2pds_v6'
+        orchestratorVersion: '1.31.2'
+      }
+    ]
+    // Non-required parameters
+    location: location
+    aadProfile: {
+      aadProfileEnableAzureRBAC: true
+      aadProfileManaged: true
+    }
+    disableLocalAccounts: true
+    managedIdentities: {
+      userAssignedResourceIds: [
+        managedIdentity.id
+      ]
+    }
+  }
+}
diff --git a/cloud-native/aks-arm/empty.bicep b/cloud-native/aks-arm/empty.bicep
new file mode 100644
index 0000000..e69de29