-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmain.bicep
119 lines (99 loc) · 2.82 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
param location string = resourceGroup().location
param prefix string = uniqueString(resourceGroup().id)
param cdnUrlBeforeDotAzureEdgeDotNet string
var tenantId = subscription().tenantId
resource webStorageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' = {
name: '${prefix}storage' // must be globally unique
location: location
kind: 'StorageV2'
sku: {
name: 'Standard_LRS'
}
properties:{
accessTier:'Hot'
networkAcls:{
bypass: 'AzureServices'
virtualNetworkRules: [
]
ipRules: [
]
defaultAction: 'Allow'
}
encryption: {
services:{
blob:{
enabled: true
}
}
keySource: 'Microsoft.Storage'
}
}
}
resource webStorageAccountBlobService 'Microsoft.Storage/storageAccounts/blobServices@2020-08-01-preview' = {
name: '${webStorageAccount.name}/default'
properties:{
cors:{
corsRules:[
]
}
deleteRetentionPolicy: {
enabled: false
}
}
}
resource webStorageAccountBlobServiceContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2020-08-01-preview' = {
name: '${webStorageAccount.name}/default/$web'
properties:{
publicAccess: 'None'
}
}
resource webCdn 'Microsoft.Cdn/profiles@2020-04-15' = {
name: '${prefix}cdn' // must be globally unique
location: location
sku: {
name: 'Standard_Microsoft'
}
}
var webStorageAccountStaticWeb = webStorageAccount.properties.primaryEndpoints.web
var webStorageAccountStaticWebHostnameOnly = substring(webStorageAccountStaticWeb, length('https://'), length(webStorageAccountStaticWeb)-length('https://')-1)
resource webCdnEndpoint 'Microsoft.Cdn/profiles/endpoints@2020-04-15' = {
name: '${prefix}cdn/${cdnUrlBeforeDotAzureEdgeDotNet}' // must be globally unique
location: location
properties:{
isHttpsAllowed: true
isHttpAllowed: false
queryStringCachingBehavior:'IgnoreQueryString'
originHostHeader: webStorageAccountStaticWebHostnameOnly
origins:[
{
name: webStorageAccount.name
properties:{
enabled: true
hostName: webStorageAccountStaticWebHostnameOnly
originHostHeader: webStorageAccountStaticWebHostnameOnly
httpsPort: 443
priority: 1
weight: 1000
}
}
]
}
}
resource symbolicname 'Microsoft.KeyVault/vaults@2019-09-01' = {
name: '${prefix}keyvault'
location: location
properties: {
tenantId: tenantId
sku: {
name: 'standard'
family: 'A'
}
enabledForTemplateDeployment: true
enableSoftDelete: true
softDeleteRetentionInDays: 30
enableRbacAuthorization: true
enablePurgeProtection: true
}
}
output webStorageAccountStaticWebHostnameOnly string = webStorageAccountStaticWebHostnameOnly
output webStorageAccountUrl string = webStorageAccountStaticWeb