-
Notifications
You must be signed in to change notification settings - Fork 71
/
main.bicep
177 lines (152 loc) · 5.61 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
@description('Suffix for naming resources')
param appNameSuffix string = 'app${uniqueString(resourceGroup().id)}'
@allowed([
'dev'
'test'
'prod'
])
@description('Environment')
param environmentType string = 'dev'
@description('Do you want to create new APIM?')
param createApim bool = true
@description('APIM name')
param apimName string = 'apim-${appNameSuffix}-${environmentType}'
@description('APIM resource group')
param apimResourceGroup string = resourceGroup().name
@description('Do you want to create new vault?')
param createKeyVault bool = true
@description('Key Vault name')
param keyVaultName string = 'kv-${appNameSuffix}-${environmentType}'
@description('Key Vault resource group')
param keyVaultResourceGroup string = resourceGroup().name
@description('User assigned managed idenity name')
param userAssignedIdentityName string = 'umsi-${appNameSuffix}-${environmentType}'
@description('User assigned managed idenity resource group')
param userAssignedIdentityResourceGroup string = resourceGroup().name
@description('API friendly name')
param apimApiName string = '2do'
param resourceTags object = {
ProjectType: 'Azure Serverless Web'
Purpose: 'Demo'
}
var location = resourceGroup().location
var staticWebsiteStorageAccountName = '${appNameSuffix}${environmentType}'
var cdnProfileName = 'cdn-${appNameSuffix}-${environmentType}'
var functionStorageAccountName = 'fn${appNameSuffix}${environmentType}'
var functionAppName = 'fn-${appNameSuffix}-${environmentType}'
var functionRuntime = 'dotnet'
var appServicePlanName = 'asp-${appNameSuffix}-${environmentType}'
var appInsightsName = 'ai-${appNameSuffix}-${environmentType}'
var cosmosDbName = '${appNameSuffix}-${environmentType}'
var cosmosDbAccountName = 'cosmos-${appNameSuffix}-${environmentType}'
// SKUs
var functionSku = environmentType == 'prod' ? 'EP1' : 'Y1'
var apimSku = environmentType == 'prod' ? 'Standard' : 'Developer'
// static values
var cosmosDbCollectionName = 'items'
// Use existing User Assigned MSI. See https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-script-template#configure-the-minimum-permissions
resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' existing = {
name: userAssignedIdentityName
scope: resourceGroup(userAssignedIdentityResourceGroup)
}
resource appInsights 'Microsoft.Insights/components@2018-05-01-preview' = {
name: appInsightsName
location: location
kind: 'web'
properties: {
Application_Type: 'web'
publicNetworkAccessForIngestion: 'Enabled'
publicNetworkAccessForQuery: 'Enabled'
}
}
module staticWebsite 'modules/staticWebsite.bicep' = {
name: 'staticWebsite'
params: {
storageAccountName: staticWebsiteStorageAccountName
deploymentScriptServicePrincipalId: userAssignedIdentity.id
resourceTags: resourceTags
}
}
module cdn 'modules/cdn.bicep' = {
name: 'cdn'
params: {
cdnProfileName: cdnProfileName
staticWebsiteURL: staticWebsite.outputs.staticWebsiteURL
}
}
module cosmosDB 'modules/cosmosdb.bicep' = {
name: 'cosmosdb'
params: {
accountName: cosmosDbAccountName
databaseName: cosmosDbName
collectionName: cosmosDbCollectionName
}
}
module functionApp 'modules/function.bicep' = {
name: 'functionApp'
params: {
functionRuntime: functionRuntime
functionSku: functionSku
storageAccountName: functionStorageAccountName
functionAppName: functionAppName
appServicePlanName: appServicePlanName
appInsightsInstrumentationKey: appInsights.properties.InstrumentationKey
staticWebsiteURL: staticWebsite.outputs.staticWebsiteURL
cosmosAccountName: cosmosDbAccountName
cosmosDbName: cosmosDbName
cosmosDbCollectionName: cosmosDbCollectionName
keyVaultName: keyVaultName
apimIPAddress: apim.outputs.apiIPAddress
resourceTags: resourceTags
}
}
module keyVault 'modules/keyVault.bicep' = if (!createKeyVault) {
name: 'keyVault'
scope: resourceGroup(keyVaultResourceGroup)
params: {
keyVaultName: keyVaultName
functionAppName: functionApp.outputs.functionAppName
cosmosAccountName: cosmosDB.outputs.cosmosDBAccountName
deploymentScriptServicePrincipalId: userAssignedIdentity.id
currentResourceGroup: resourceGroup().name
}
}
module newKeyVault 'modules/newKeyVault.bicep' = if (createKeyVault) {
name: 'newKeyVault'
params: {
keyVaultName: keyVaultName
functionAppName: functionApp.outputs.functionAppName
cosmosAccountName: cosmosDB.outputs.cosmosDBAccountName
deploymentScriptServicePrincipalId: userAssignedIdentity.id
resourceTags: resourceTags
}
}
module apim 'modules/apim.bicep' = if (createApim) {
name: 'apim'
params: {
apimName: apimName
appInsightsName: appInsightsName
appInsightsInstrumentationKey: appInsights.properties.InstrumentationKey
sku: apimSku
resourceTags: resourceTags
}
}
module apimApi 'modules/apimAPI.bicep' = {
name: 'apimAPI'
scope: resourceGroup(apimResourceGroup)
params: {
apimName: apimName
currentResourceGroup: resourceGroup().name
backendApiName: functionApp.outputs.functionAppName
apiName: apimApiName
originUrl: cdn.outputs.cdnEndpointURL
}
}
output functionAppName string = functionApp.outputs.functionAppName
output apiUrl string = '${apim.outputs.gatewayUrl}/${apimApiName}'
output staticWebsiteStorageAccountName string = staticWebsiteStorageAccountName
output staticWebsiteUrl string = staticWebsite.outputs.staticWebsiteURL
output apimName string = apimName
output cdnEndpointName string = cdn.outputs.cdnEndpointName
output cdnProfileName string = cdn.outputs.cdnProfileName
output cdnEndpointURL string = cdn.outputs.cdnEndpointURL