-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathApi.bicep
78 lines (68 loc) · 2.56 KB
/
Api.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import * as types from 'types.bicep'
param appServicePlanSku types.appServicePlanSkuType
param keyVaultName string
param appConfigurationName string
param templateSettings types.templateSettingsType
var logAnalyticsWorkspaceName = 'log-${templateSettings.sufix}-${templateSettings.env}'
var appInsightsName = 'appi-${templateSettings.sufix}-${templateSettings.env}'
var webAppName = 'app-${templateSettings.sufix}-${templateSettings.env}'
var webAppNamePlan = 'plan-${templateSettings.sufix}-${templateSettings.env}'
var keyVaultSecretReaderRoleId = '4633458b-17de-408a-b874-0445c86b69e6' // RBAC Role: Key Vault Secrets User
var appConfigurationReaderRoleId = '516239f1-63e1-4d78-a4de-a74fb236a071' // RBAC Role: App Configuration Data Reader
module applicationInsightsModule 'Modules/Insights/ApplicationInsights.bicep' = {
name: 'applicationInsightsModule'
params: {
applicationInsightsName: appInsightsName
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
location: templateSettings.location
}
}
module serverFarmModule 'Modules/WebApp/Serverfarm.bicep' = {
name: 'serverFarmModule'
params: {
name: webAppNamePlan
sku: appServicePlanSku
location: templateSettings.location
}
}
module webAppModule 'Modules/WebApp/WebApp.bicep' = {
name: 'webAppModule'
params: {
webAppName: webAppName
appServicePlanName: webAppNamePlan
appSettings: [
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: applicationInsightsModule.outputs.instrumentationKey
}
]
location: templateSettings.location
}
dependsOn: [
serverFarmModule
]
}
resource kv 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
name: keyVaultName
}
resource SecretReaderResource 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
name: guid(webAppName, keyVaultSecretReaderRoleId)
scope: kv
properties: {
roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', keyVaultSecretReaderRoleId)
principalType: 'ServicePrincipal'
principalId: webAppModule.outputs.principalId
}
}
resource appConfiguration 'Microsoft.AppConfiguration/configurationStores@2022-05-01' existing = {
name: appConfigurationName
}
resource ConfigurationReaderResource 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
name: guid(webAppName, appConfigurationReaderRoleId)
scope: appConfiguration
properties: {
roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', appConfigurationReaderRoleId)
principalType: 'ServicePrincipal'
principalId: webAppModule.outputs.principalId
}
}