-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathmain-demo.bicep
127 lines (112 loc) · 3.11 KB
/
main-demo.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
//parameters
//parameter string with defaults
param projectName string = 'bicep-demo'
//variables
// derived from context using ARM functions
var suffix = uniqueString(subscription().subscriptionId, subscription().tenantId)
//string interpolation
var uniqueName = '${projectName}-${suffix}'
var identityName = 'id-${uniqueName}'
var kvName = 'kv-${projectName}-${take(suffix, 9)}'
var workspaceName = 'workspace-${uniqueName}'
var insightsName = 'insights-${uniqueName}'
var hostingplanName = 'serviceplan-${uniqueName}'
var storageName = 'st${suffix}'
// complex object type
var tags = {
'tag 1': 'tag 1 value'
'tag 2': 'tag 2 value'
}
//resource definitions
resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
name: identityName
location: resourceGroup().location
}
resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' = {
name: kvName
location: resourceGroup().location
properties: {
enabledForDeployment: true
enabledForTemplateDeployment: true
enabledForDiskEncryption: true
tenantId: subscription().tenantId
sku: {
name: 'standard'
family: 'A'
}
enableRbacAuthorization: true
}
tags: tags
}
resource loganalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' = {
name: workspaceName
location: resourceGroup().location
properties: {
sku: {
name: 'Free'
}
}
}
module appInsights 'app-insights.bicep' = {
name: 'appInsights-demo'
params: {
insightsName: insightsName
logAnalyticsWorkspaceId: loganalyticsWorkspace.id
tags: tags
}
}
resource functionAppStorage 'Microsoft.Storage/storageAccounts@2021-04-01' = {
name: storageName
location: resourceGroup().location
kind: 'StorageV2'
sku: {
name: 'Standard_ZRS'
}
properties: {
accessTier: 'Hot'
allowBlobPublicAccess: false
supportsHttpsTrafficOnly: true
}
}
resource blobservice 'Microsoft.Storage/storageAccounts/blobServices@2021-06-01' existing = {
name: 'default'
parent: functionAppStorage
}
var blobNames = [
'incoming'
'outgoing'
'quarantine'
]
resource storagecontainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' = [for blobname in blobNames: {
name: '${blobname}'
parent: blobservice
}]
module kvRoleAssignment 'kv-role-assignment-module.bicep' = {
name: 'managedIdentityKeyVaultRole'
params: {
identityName: managedIdentity.name
keyVaultName: keyVault.name
}
}
module storageRoleAssignment 'st-role-assignment-module.bicep' = {
name: 'managedIdentityStorageRole'
params: {
storageName: functionAppStorage.name
identityName: managedIdentity.name
}
}
module appService 'appservice.bicep' ={
name: 'appservice-deployment'
params:{
appInsightsConnectionString: appInsights.outputs.connection_string
appInsightsKey: appInsights.outputs.instrumentation_key
functionAppStorageConnectionString: keyVault.getSecret('webJobStorageConnectionString')
hostingPlanName: hostingplanName
managedIdentityName: managedIdentity.name
uniqueName: uniqueName
}
dependsOn:[
storageRoleAssignment
kvRoleAssignment
]
}