Deploy Azure Verified Modules using Azure CLI (Bicep)
Step 1.
First lets create a simple parameters file that will hold the main parameters we need for our infrastructure.
- Resouce group Name
- Location
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceGroupName": {
"value": "ResourceGroupName"
},
"location": {
"value": "westus2"
}
}
}
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceGroupName": {
"value": "ResourceGroupName"
},
"location": {
"value": "westus2"
}
}
}
Step 2.
Next lets define some resources in main.bicep
- Resource Group
- Azure Keyvault
- Storage Account
- Azure Static App
- Server Farm (for function app)
- Function App
targetScope = 'subscription'
param location string
param resourceGroupName string
param deploySecrets bool = true // Condition to deploy secrets
param deployKeys bool = true // Condition to deploy keys
@description('Optional String to append to resources to make unique')
var resourceToken = uniqueString(subscription().subscriptionId, location)
@description('Create a resource group')
resource rg 'Microsoft.Resources/resourceGroups@2024-03-01' = {
name: resourceGroupName
location: location
}
module vault 'br/public:avm/res/key-vault/vault:0.11.2' = {
name: 'vaultDeployment'
scope: rg
params: {
// Required parameters
name: toLower(resourceGroupName)
// Non-required parameters
enablePurgeProtection: true
enableSoftDelete: true
keys: deployKeys
? [
{
attributes: {
exp: 1725109032
nbf: 10000
}
kty: 'RSA'
name: 'customerManagedKey'
rotationPolicy: {
attributes: {
expiryTime: 'P2Y'
}
lifetimeActions: [
{
action: {
type: 'Rotate'
}
trigger: {
timeBeforeExpiry: 'P2M'
}
}
{
action: {
type: 'Notify'
}
trigger: {
timeBeforeExpiry: 'P30D'
}
}
]
}
}
]
: []
secrets: deploySecrets
? [
{
attributes: {
enabled: true
exp: 1702648632
nbf: 10000
}
contentType: 'Something'
name: 'secretName'
value: 'secretValue'
}
]
: []
}
}
@description('Create a static web app')
module swa 'br/public:avm/res/web/static-site:0.3.0' = {
name: 'client'
scope: rg
params: {
name: toLower(resourceGroupName)
location: location
sku: 'Free'
}
}
@description('Create a storage account')
module storageAccount 'br/public:avm/res/storage/storage-account:0.17.0' = {
name: 'storageAccountDeployment'
scope: rg
params: {
// Required parameters
name: toLower(resourceGroupName)
allowBlobPublicAccess: false
// Non-required parameters
kind: 'BlobStorage'
location: location
skuName: 'Standard_LRS'
blobServices: {
containers: [
{
name: 'stocks'
publicAccess: 'None'
}
{
name: 'users'
publicAccess: 'None'
}
]
}
// customerManagedKey: {
// keyName: 'customerManagedKey'
// keyVaultResourceId: vault.outputs.resourceId
// }
managedIdentities: {
systemAssigned: true
}
}
}
@description('Create a server farm')
module serverfarm 'br/public:avm/res/web/serverfarm:0.4.1' = {
name: 'serverfarmDeployment'
scope: rg
params: {
kind: 'functionApp'
zoneRedundant: false
name: toLower(resourceGroupName)
skuName: 'Y1'
skuCapacity: 0
targetWorkerCount: 0
targetWorkerSize: 0
maximumElasticWorkerCount: 1
reserved: true
perSiteScaling: false
elasticScaleEnabled: false
}
}
@description('Create a function app')
module site 'br/public:avm/res/web/site:0.13.1' = {
name: 'siteDeployment'
scope: rg
params: {
// Required parameters
kind: 'functionapp'
name: toLower(resourceGroupName)
serverFarmResourceId: serverfarm.outputs.resourceId
siteConfig: {
alwaysOn: false
appSettings: [
{}
]
httpsOnly: true
ftpsState: 'FtpsOnly'
minTlsVersion: '1.2'
}
}
}
@description('Output the default hostname')
output endpoint string = swa.outputs.defaultHostname
@description('Output the static web app name')
output staticWebAppName string = swa.outputs.name
Comments
Post a Comment