-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.bicep
156 lines (146 loc) · 4.3 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
param applicationName string
@description('Existing Azure DNS zone in target resource group')
param dnsZone string
var location = resourceGroup().location
var componentBase = '${substring(uniqueString(resourceGroup().id), 4)}-${applicationName}'
resource hostingPlan 'Microsoft.Web/serverfarms@2020-06-01' = {
name: '${componentBase}-asp'
location: location
sku: {
name: 'Y1'
tier: 'Dynamic'
size: 'Y1'
family: 'Y'
capacity: 0
}
}
resource storage 'Microsoft.Storage/storageAccounts@2019-06-01' = {
name: '${replace(componentBase, '-', '')}st'
location: location
kind: 'StorageV2'
sku: {
name: 'Standard_LRS'
}
}
resource appInsights 'Microsoft.Insights/components@2015-05-01' = {
name: '${componentBase}-ai'
location: location
kind: 'web'
properties: {
Application_Type: 'web'
}
}
resource functionApp 'Microsoft.Web/sites@2020-06-01' = {
name: '${componentBase}-functionapp'
location: location
kind: 'functionapp'
identity: {
type: 'SystemAssigned'
}
properties: {
httpsOnly: true
serverFarmId: hostingPlan.id
clientAffinityEnabled: false
siteConfig: {
http20Enabled: true
use32BitWorkerProcess: false
ftpsState: 'FtpsOnly'
alwaysOn: false
appSettings: [
{
name: 'FUNCTIONS_EXTENSION_VERSION'
value: '~3'
}
{
name: 'FUNCTIONS_WORKER_RUNTIME'
value: 'dotnet'
}
{
name: 'ASPNETCORE_ENVIRONMENT'
value: 'Production'
}
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsights.properties.InstrumentationKey
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: 'InstrumentationKey=${appInsights.properties.InstrumentationKey}'
}
{
name: 'AzureWebJobsStorage'
value: 'DefaultEndpointsProtocol=https;AccountName=${storage.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${storage.listKeys().keys[0].value}'
}
{
name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING'
value: 'DefaultEndpointsProtocol=https;AccountName=${storage.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${storage.listKeys().keys[0].value}'
}
{
name: 'WEBSITE_CONTENTSHARE'
value: '${componentBase}'
}
]
}
}
}
resource dnsTxt 'Microsoft.Network/dnsZones/TXT@2018-05-01' = {
name: '${dnsZone}/asuid.${applicationName}'
properties: {
TTL: 3600
TXTRecords: [
{
value: [
'${functionApp.properties.customDomainVerificationId}'
]
}
]
}
}
resource dnsCname 'Microsoft.Network/dnsZones/CNAME@2018-05-01' = {
name: '${dnsZone}/${applicationName}'
properties: {
TTL: 3600
CNAMERecord: {
cname: '${functionApp.name}.azurewebsites.net'
}
}
}
// Enabling Managed certificate for a webapp requires 3 steps
// 1. Add custom domain to webapp with SSL in disabled state
// 2. Generate certificate for the domain
// 3. enable SSL
//
// The last step requires deploying again Microsoft.Web/sites/hostNameBindings - and ARM template forbids this in one deplyment, therefore we need to use modules to chain this.
resource functionAppCustomHost 'Microsoft.Web/sites/hostNameBindings@2020-06-01' = {
name: '${functionApp.name}/${applicationName}.${dnsZone}'
dependsOn: [
dnsTxt
dnsCname
]
properties: {
hostNameType: 'Verified'
sslState: 'Disabled'
customHostNameDnsRecordType: 'CName'
siteName: functionApp.name
}
}
resource functionAppCustomHostCertificate 'Microsoft.Web/certificates@2020-06-01' = {
name: '${applicationName}.${dnsZone}'
location: location
dependsOn: [
functionAppCustomHost
]
properties: any({
serverFarmId: hostingPlan.id
canonicalName: '${applicationName}.${dnsZone}'
})
}
// we need to use a module to enable sni, as ARM forbids using resource with this same type-name combination twice in one deployment.
module functionAppCustomHostEnable './sni-enable.bicep' = {
name: '${deployment().name}-${applicationName}-sni-enable'
params: {
functionAppName: functionApp.name
functionAppHostname: '${functionAppCustomHostCertificate.name}'
certificateThumbprint: functionAppCustomHostCertificate.properties.thumbprint
}
}