/
deploy.bicep
111 lines (103 loc) · 2.73 KB
/
deploy.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
param appName string
param location string = resourceGroup().location
param packageName string
var storageBlobDataOwnerRoleId = 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
name: '${appName}storage'
location: location
kind: 'StorageV2'
sku: {
name: 'Standard_ZRS'
}
properties: {
defaultToOAuthAuthentication: true
supportsHttpsTrafficOnly: true
accessTier: 'Hot'
allowBlobPublicAccess: false
allowSharedKeyAccess: false
minimumTlsVersion: 'TLS1_2'
}
}
resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2023-01-01' = {
name: 'default'
parent: storageAccount
}
resource releasesContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-01-01' = {
name: 'releases'
parent: blobServices
properties: {
publicAccess: 'None'
}
}
resource hostingPlan 'Microsoft.Web/serverfarms@2022-09-01' = {
name: appName
location: location
sku: {
name: 'Y1'
tier: 'Dynamic'
}
properties:{
reserved: true
}
}
resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2021-09-30-preview' = {
name: appName
location: location
}
resource functionApp 'Microsoft.Web/sites@2022-09-01' = {
name: '${appName}-func'
location: location
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${identity.id}' : { }
}
}
kind: 'functionapp,linux'
properties: {
reserved: true
enabled: true
serverFarmId: hostingPlan.id
siteConfig: {
appSettings: [
{
name: 'FUNCTIONS_EXTENSION_VERSION'
value: '~4'
}
{
name: 'FUNCTIONS_WORKER_RUNTIME'
value: 'dotnet'
}
{
name: 'WEBSITE_RUN_FROM_PACKAGE'
value: '${storageAccount.properties.primaryEndpoints.blob}releases/${packageName}'
}
{
name: 'WEBSITE_RUN_FROM_PACKAGE_BLOB_MI_RESOURCE_ID'
value: identity.id
}
{
name: 'AzureWebJobsStorage__accountName'
value: storageAccount.name
}
{
name: 'AzureWebJobsStorage__credential'
value: 'managedIdentity'
}
{
name: 'AzureWebJobsStorage__clientId'
value: identity.properties.clientId
}
]
}
}
}
resource functionAppStorageBlodDataOwnerUserAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
name: guid(storageAccount.id, storageBlobDataOwnerRoleId, identity.id)
scope: storageAccount
properties: {
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', storageBlobDataOwnerRoleId)
principalId: identity.properties.principalId
principalType: 'ServicePrincipal'
}
}