From 818fbf60d2073b8678f1a28dbe33cba564c882f0 Mon Sep 17 00:00:00 2001 From: Abdul-Microsoft Date: Mon, 13 Oct 2025 23:42:41 +0530 Subject: [PATCH 1/2] Refactor Bicep templates: update parameter names, enhance naming conventions, and remove deprecated files --- infra/main.bicep | 429 +++++------------- infra/main.parameters.json | 2 +- ...ters.waf.json => main.waf.parameters.json} | 19 +- infra/modules/container-registry.bicep | 2 +- infra/modules/key-vault.bicep | 2 +- infra/modules/log-analytics-workspace.bicep | 2 +- 6 files changed, 129 insertions(+), 327 deletions(-) rename infra/{main.parameters.waf.json => main.waf.parameters.json} (67%) diff --git a/infra/main.bicep b/infra/main.bicep index 7274d675..e1160b17 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -5,8 +5,8 @@ metadata name = 'Content Processing Solution Accelerator' metadata description = 'Bicep template to deploy the Content Processing Solution Accelerator with AVM compliance.' // ========== Parameters ========== // -@description('Required. Name of the environment to deploy the solution into.') -param environmentName string +@description('Required. Name of the solution to deploy.') +param solutionName string = 'cps' @description('Optional. Location for all Resources.') param location string = resourceGroup().location @@ -50,7 +50,7 @@ param gptModelVersion string = '2024-08-06' @minValue(1) @description('Required. Capacity of the GPT deployment: (minimum 10).') -param gptDeploymentCapacity int +param gptDeploymentCapacity int = 100 @description('Optional. Location used for Azure Cosmos DB, Azure Container App deployment.') param secondaryLocation string = (location == 'eastus2') ? 'westus2' : 'eastus2' @@ -61,24 +61,27 @@ param publicContainerImageEndpoint string = 'cpscontainerreg.azurecr.io' @description('Optional. The resource group location.') param resourceGroupLocation string = resourceGroup().location -@description('Optional. The resource name format string.') -param resourceNameFormatString string = '{0}avm-cps' - @description('Optional. Enable WAF for the deployment.') -param enablePrivateNetworking bool +param enablePrivateNetworking bool = false @description('Optional. Enable/Disable usage telemetry for module.') param enableTelemetry bool = true +@description('Optional. Enable monitoring applicable resources, aligned with the Well Architected Framework recommendations. This setting enables Application Insights and Log Analytics and configures all the resources applicable resources to send logs. Defaults to false.') +param enableMonitoring bool = false + +@description('Optional. Enable redundancy for applicable resources, aligned with the Well Architected Framework recommendations. Defaults to false.') +param enableRedundancy bool = false + +@description('Optional. Enable scalability for applicable resources, aligned with the Well Architected Framework recommendations. Defaults to false.') +param enableScalability bool = false + @description('Optional. Tags to be applied to the resources.') param tags resourceInput<'Microsoft.Resources/resourceGroups@2025-04-01'>.tags = { app: 'Content Processing Solution Accelerator' location: resourceGroup().location } -@description('Optional. Enable scaling for the container apps. Defaults to false.') -param enableScaling bool = false - @description('Optional: Existing Log Analytics Workspace Resource ID') param existingLogAnalyticsWorkspaceId string = '' @@ -96,9 +99,19 @@ param vmAdminUsername string? @secure() param vmAdminPassword string? - -// ========== Variables ========== // -var solutionPrefix = 'cps-${padLeft(take(toLower(uniqueString(subscription().id, environmentName, resourceGroup().location, resourceGroup().name)), 12), 12, '0')}' +@maxLength(5) +@description('Optional. A unique text value for the solution. This is used to ensure resource names are unique for global resources. Defaults to a 5-character substring of the unique string generated from the subscription ID, resource group name, and solution name.') +param solutionUniqueText string = substring(uniqueString(subscription().id, resourceGroup().name, solutionName), 0, 5) + +var solutionSuffix = toLower(trim(replace( + replace( + replace(replace(replace(replace('${solutionName}${solutionUniqueText}', '-', ''), '_', ''), '.', ''), '/', ''), + ' ', + '' + ), + '*', + '' +))) // ============== // // Resources // // ============== // @@ -129,244 +142,22 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT } } -// ============== // -// WAF Resources // -// ============== // - -// ========== WAF Aligned ========== // -// When default_deployment_param.enable_waf is true, the WAF related module(virtual network, private network endpoints) will be deployed -// - -// ========== Network Security Group definition ========== // -// module avmNetworkSecurityGroup 'br/public:avm/res/network/network-security-group:0.5.1' = if (enablePrivateNetworking) { -// name: format(resourceNameFormatString, 'nsg-backend') -// params: { -// name: 'nsg-${solutionPrefix}-backend' -// location: resourceGroupLocation -// tags: tags -// enableTelemetry: enableTelemetry -// diagnosticSettings: [ -// { workspaceResourceId: logAnalyticsWorkspace.outputs.resourceId } -// ] -// securityRules: [ -// { -// name: 'Deny-hop-outbound' -// properties: { -// access: 'Deny' -// direction: 'Outbound' -// priority: 200 -// protocol: '*' -// sourcePortRange: '*' -// destinationPortRanges: ['3389', '22'] -// sourceAddressPrefix: 'VirtualNetwork' -// destinationAddressPrefix: '*' -// } -// } -// ] -// } -// } - -// // Securing a custom VNET in Azure Container Apps with Network Security Groups -// // https://learn.microsoft.com/en-us/azure/container-apps/firewall-integration?tabs=workload-profiles -// module avmNetworkSecurityGroup_Containers 'br/public:avm/res/network/network-security-group:0.5.1' = if (enablePrivateNetworking) { -// name: format(resourceNameFormatString, 'nsg-containers') -// params: { -// name: 'nsg-${solutionPrefix}-containers' -// location: resourceGroupLocation -// tags: tags -// enableTelemetry: enableTelemetry -// diagnosticSettings: [ -// { workspaceResourceId: logAnalyticsWorkspace.outputs.resourceId } -// ] -// securityRules: [ -// //Inbound Rules -// { -// name: 'AllowHttpsInbound' -// properties: { -// access: 'Allow' -// direction: 'Inbound' -// priority: 100 -// protocol: 'Tcp' -// sourceAddressPrefix: 'Internet' -// sourcePortRange: '*' -// destinationPortRanges: ['443', '80'] -// destinationAddressPrefixes: ['10.0.2.0/24'] -// } -// } -// { -// name: 'AllowAzureLoadBalancerInbound' -// properties: { -// access: 'Allow' -// direction: 'Inbound' -// priority: 102 -// protocol: '*' -// sourceAddressPrefix: 'AzureLoadBalancer' -// sourcePortRange: '*' -// destinationPortRanges: ['30000-32767'] -// destinationAddressPrefixes: ['10.0.2.0/24'] -// } -// } -// { -// name: 'AllowSideCarsInbound' -// properties: { -// access: 'Allow' -// direction: 'Inbound' -// priority: 103 -// protocol: '*' -// sourcePortRange: '*' -// sourceAddressPrefixes: ['10.0.2.0/24'] -// destinationPortRange: '*' -// destinationAddressPrefix: '*' -// } -// } -// //Outbound Rules -// { -// name: 'AllowOutboundToAzureServices' -// properties: { -// access: 'Allow' -// direction: 'Outbound' -// priority: 200 -// protocol: '*' -// sourceAddressPrefixes: ['10.0.2.0/24'] -// sourcePortRange: '*' -// destinationPortRange: '*' -// destinationAddressPrefix: '*' -// } -// } -// { -// name: 'deny-hop-outbound' -// properties: { -// access: 'Deny' -// direction: 'Outbound' -// priority: 100 -// protocol: '*' -// sourcePortRange: '*' -// destinationPortRanges: ['3389', '22'] -// sourceAddressPrefix: 'VirtualNetwork' -// destinationAddressPrefix: '*' -// } -// } -// ] -// } -// } - -// module avmNetworkSecurityGroup_Bastion 'br/public:avm/res/network/network-security-group:0.5.1' = if (enablePrivateNetworking) { -// name: format(resourceNameFormatString, 'nsg-bastion') -// params: { -// name: 'nsg-${solutionPrefix}-bastion' -// location: resourceGroupLocation -// tags: tags -// enableTelemetry: enableTelemetry -// diagnosticSettings: [ -// { workspaceResourceId: logAnalyticsWorkspace.outputs.resourceId } -// ] -// securityRules: [ -// { -// name: 'Deny-hop-outbound' -// properties: { -// access: 'Deny' -// direction: 'Outbound' -// priority: 200 -// protocol: '*' -// sourcePortRange: '*' -// destinationPortRanges: ['3389', '22'] -// sourceAddressPrefix: 'VirtualNetwork' -// destinationAddressPrefix: '*' -// } -// } -// ] -// } -// } - -// module avmNetworkSecurityGroup_Admin 'br/public:avm/res/network/network-security-group:0.5.1' = if (enablePrivateNetworking) { -// name: format(resourceNameFormatString, 'nsg-admin') -// params: { -// name: 'nsg-${solutionPrefix}-admin' -// location: resourceGroupLocation -// tags: tags -// enableTelemetry: enableTelemetry -// diagnosticSettings: [ -// { workspaceResourceId: logAnalyticsWorkspace.outputs.resourceId } -// ] -// securityRules: [ -// { -// name: 'Deny-hop-outbound' -// properties: { -// access: 'Deny' -// direction: 'Outbound' -// priority: 200 -// protocol: '*' -// sourcePortRange: '*' -// destinationPortRanges: ['3389', '22'] -// sourceAddressPrefix: 'VirtualNetwork' -// destinationAddressPrefix: '*' -// } -// } -// ] -// } -// } - -// // ========== Virtual Network definition ========== // -// // Azure Resources(Backend) : 10.0.0.0/24 - 10.0.0.255 -// // Containers : 10.0.2.0/24 - 10.0.2.255 -// // Admin : 10.0.1.0/27 - 10.0.1.31 -// // Bastion Hosts : 10.0.1.32/27 - 10.0.1.63 -// // VM(s) : - -// module avmVirtualNetwork 'br/public:avm/res/network/virtual-network:0.7.0' = if (enablePrivateNetworking) { -// name: format(resourceNameFormatString, 'vnet-') -// params: { -// // name: '${namingAbbrs.networking.virtualNetwork}${solutionPrefix}' -// name: 'vnet-cps-${solutionPrefix}' -// location: resourceGroupLocation -// tags: tags -// enableTelemetry: enableTelemetry -// addressPrefixes: ['10.0.0.0/8'] -// diagnosticSettings: [ -// { workspaceResourceId: logAnalyticsWorkspace.outputs.resourceId } -// ] -// subnets: [ -// { -// name: 'snet-backend' -// addressPrefix: '10.0.0.0/24' -// networkSecurityGroupResourceId: avmNetworkSecurityGroup.outputs.resourceId -// } -// { -// name: 'snet-containers' -// addressPrefix: '10.0.2.0/24' -// networkSecurityGroupResourceId: avmNetworkSecurityGroup_Containers.outputs.resourceId -// delegation: 'Microsoft.App/environments' -// // privateEndpointNetworkPolicies: 'Disabled' -// // privateLinkServiceNetworkPolicies: 'Enabled' -// } -// { -// name: 'snet-admin' -// addressPrefix: '10.0.1.0/27' -// networkSecurityGroupResourceId: avmNetworkSecurityGroup_Admin.outputs.resourceId -// } -// { -// name: 'snet-bastion' -// addressPrefix: '10.0.1.32/27' -// networkSecurityGroupResourceId: avmNetworkSecurityGroup_Bastion.outputs.resourceId -// } -// ] -// } -// } +// ========== Virtual Network ========== // module virtualNetwork './modules/virtualNetwork.bicep' = if (enablePrivateNetworking) { - name: format(resourceNameFormatString, 'vnet-') + name: take('module.virtual-network.${solutionSuffix}', 64) params: { - name: 'vnet-cps-${solutionPrefix}' + name: 'vnet-${solutionSuffix}' addressPrefixes: ['10.0.0.0/20'] location: resourceGroupLocation tags: tags logAnalyticsWorkspaceId: existingLogAnalyticsWorkspaceId - resourceSuffix: solutionPrefix + resourceSuffix: solutionSuffix enableTelemetry: enableTelemetry } } // Azure Bastion Host -var bastionHostName = 'bas-${solutionPrefix}' +var bastionHostName = 'bas-${solutionSuffix}' module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = if (enablePrivateNetworking) { name: take('avm.res.network.bastion-host.${bastionHostName}', 64) params: { @@ -395,7 +186,7 @@ module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = if (enablePr } } // Jumpbox Virtual Machine -var jumpboxVmName = take('vm-jumpbox-${solutionPrefix}', 15) +var jumpboxVmName = take('vm-jumpbox-${solutionSuffix}', 15) module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.15.0' = if (enablePrivateNetworking) { name: take('avm.res.compute.virtual-machine.${jumpboxVmName}', 64) params: { @@ -490,7 +281,7 @@ var dnsZoneIndex = { @batchSize(5) module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.7.1' = [ for (zone, i) in privateDnsZones: if (enablePrivateNetworking) { - name: 'dns-zone-${i}' + name: take('avm.res.network.private-dns-zone.${split(zone, '.')[1]}', 64) params: { name: zone tags: tags @@ -506,10 +297,10 @@ module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.7.1' = [ // ============== // // ========== Log Analytics & Application Insights ========== // -module logAnalyticsWorkspace 'modules/log-analytics-workspace.bicep' = { - name: 'deploy_log_analytics_workspace' +module logAnalyticsWorkspace 'modules/log-analytics-workspace.bicep' = if (enableMonitoring) { + name: take('module.log-analytics-workspace.${solutionSuffix}', 64) params: { - name: 'log-${solutionPrefix}' + name: 'log-${solutionSuffix}' location: location tags: tags enableTelemetry: enableTelemetry @@ -517,13 +308,13 @@ module logAnalyticsWorkspace 'modules/log-analytics-workspace.bicep' = { } } -module applicationInsights 'br/public:avm/res/insights/component:0.6.0' = { - name: 'deploy_application_insights' +module applicationInsights 'br/public:avm/res/insights/component:0.6.0' = if (enableMonitoring) { + name: take('avm.res.insights.component.${solutionSuffix}', 64) params: { - name: 'appi-${solutionPrefix}' + name: 'appi-${solutionSuffix}' location: location - workspaceResourceId: logAnalyticsWorkspace.outputs.resourceId - diagnosticSettings: [{ workspaceResourceId: logAnalyticsWorkspace.outputs.resourceId }] + workspaceResourceId: enableMonitoring ? logAnalyticsWorkspace!.outputs.resourceId : '' + diagnosticSettings: enableMonitoring ? [{ workspaceResourceId: logAnalyticsWorkspace!.outputs.resourceId }] : null tags: tags enableTelemetry: enableTelemetry disableLocalAuth: true @@ -546,8 +337,9 @@ resource resourceGroupTags 'Microsoft.Resources/tags@2021-04-01' = { // ========== Managed Identity ========== // module avmManagedIdentity './modules/managed-identity.bicep' = { + name: take('module.managed-identity.${solutionSuffix}', 64) params: { - name: 'id-${solutionPrefix}' + name: 'id-${solutionSuffix}' location: resourceGroupLocation tags: tags } @@ -556,8 +348,9 @@ module avmManagedIdentity './modules/managed-identity.bicep' = { // ========== Key Vault Module ========== // module avmKeyVault './modules/key-vault.bicep' = { + name: take('module.key-vault.${solutionSuffix}', 64) params: { - keyvaultName: 'kv-${solutionPrefix}' + keyvaultName: 'kv-${solutionSuffix}' location: resourceGroupLocation tags: tags roleAssignments: [ @@ -577,20 +370,19 @@ module avmKeyVault './modules/key-vault.bicep' = { enableVaultForTemplateDeployment: true softDeleteRetentionInDays: 7 publicNetworkAccess: (enablePrivateNetworking) ? 'Disabled' : 'Enabled' - logAnalyticsWorkspaceResourceId: logAnalyticsWorkspace.outputs.resourceId + logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspace!.outputs.resourceId : '' networkAcls: { bypass: 'AzureServices' defaultAction: 'Deny' } // privateEndpoints omitted for now, as not in strongly-typed params } - scope: resourceGroup(resourceGroup().name) } module avmContainerRegistry 'modules/container-registry.bicep' = { - //name: format(deployment_param.resource_name_format_string, abbrs.containers.containerRegistry) + name: take('module.container-registry.${solutionSuffix}', 64) params: { - acrName: 'cr${replace(solutionPrefix, '-', '')}' + acrName: 'cr${replace(solutionSuffix, '-', '')}' location: resourceGroupLocation acrSku: 'Standard' publicNetworkAccess: 'Enabled' @@ -608,9 +400,9 @@ module avmContainerRegistry 'modules/container-registry.bicep' = { // // ========== Storage Account ========== // module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = { - name: format(resourceNameFormatString, 'st') + name: take('module.storage-account.${solutionSuffix}', 64) params: { - name: 'st${replace(solutionPrefix, '-', '')}' + name: 'st${replace(solutionSuffix, '-', '')}' location: resourceGroupLocation //skuName: 'Standard_GRS' //kind: 'StorageV2' @@ -659,7 +451,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = { privateEndpoints: (enablePrivateNetworking) ? [ { - name: 'storage-private-endpoint-blob-${solutionPrefix}' + name: 'storage-private-endpoint-blob-${solutionSuffix}' privateDnsZoneGroup: { privateDnsZoneGroupConfigs: [ { @@ -672,7 +464,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = { service: 'blob' } { - name: 'storage-private-endpoint-queue-${solutionPrefix}' + name: 'storage-private-endpoint-queue-${solutionSuffix}' privateDnsZoneGroup: { privateDnsZoneGroupConfigs: [ { @@ -692,11 +484,11 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = { // // ========== AI Foundry and related resources ========== // module avmAiServices 'modules/account/main.bicep' = { - name: format(resourceNameFormatString, 'aisa-') + name: take('module.ai-services.${solutionSuffix}', 64) params: { - name: 'aisa-${solutionPrefix}' - projectName: 'aifp-${solutionPrefix}' - projectDescription: 'aifp-${solutionPrefix}' + name: 'aif-${solutionSuffix}' + projectName: 'proj-${solutionSuffix}' + projectDescription: 'proj-${solutionSuffix}' existingFoundryProjectResourceId: existingProjectResourceId location: aiDeploymentsLocation sku: 'S0' @@ -704,15 +496,11 @@ module avmAiServices 'modules/account/main.bicep' = { managedIdentities: { systemAssigned: true } kind: 'AIServices' tags: { - app: solutionPrefix + app: solutionSuffix location: aiDeploymentsLocation } - customSubDomainName: 'aisa-${solutionPrefix}' - diagnosticSettings: [ - { - workspaceResourceId: logAnalyticsWorkspace.outputs.resourceId - } - ] + customSubDomainName: 'aif-${solutionSuffix}' + diagnosticSettings: enableMonitoring ? [{ workspaceResourceId: logAnalyticsWorkspace!.outputs.resourceId }] : null roleAssignments: [ { principalId: avmManagedIdentity.outputs.principalId @@ -753,7 +541,7 @@ module avmAiServices 'modules/account/main.bicep' = { privateEndpoints: (enablePrivateNetworking && empty(existingProjectResourceId)) ? [ { - name: 'ai-services-private-endpoint-${solutionPrefix}' + name: 'ai-services-private-endpoint-${solutionSuffix}' privateEndpointResourceId: virtualNetwork.outputs.resourceId privateDnsZoneGroup: { privateDnsZoneGroupConfigs: [ @@ -787,10 +575,10 @@ module avmAiServices 'modules/account/main.bicep' = { } module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.11.0' = { - name: format(resourceNameFormatString, 'aicu-') + name: take('avm.res.cognitive-services.account.content-understanding.${solutionSuffix}', 64) params: { - name: 'aicu-${solutionPrefix}' + name: 'aicu-${solutionSuffix}' location: contentUnderstandingLocation sku: 'S0' managedIdentities: { @@ -801,10 +589,10 @@ module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.11.0' = } kind: 'AIServices' tags: { - app: solutionPrefix + app: solutionSuffix location: resourceGroupLocation } - customSubDomainName: 'aicu-${solutionPrefix}' + customSubDomainName: 'aicu-${solutionSuffix}' disableLocalAuth: true enableTelemetry: enableTelemetry networkAcls: { @@ -824,7 +612,7 @@ module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.11.0' = privateEndpoints: (enablePrivateNetworking) ? [ { - name: 'aicu-private-endpoint-${solutionPrefix}' + name: 'aicu-private-endpoint-${solutionSuffix}' privateEndpointResourceId: virtualNetwork.outputs.resourceId privateDnsZoneGroup: { privateDnsZoneGroupConfigs: [ @@ -849,20 +637,20 @@ module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.11.0' = // ========== Container App Environment ========== // module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.2' = { - name: format(resourceNameFormatString, 'cae-') + name: take('avm.res.app.managed-environment.${solutionSuffix}', 64) params: { - name: 'cae-${solutionPrefix}' + name: 'cae-${solutionSuffix}' location: resourceGroupLocation tags: { - app: solutionPrefix + app: solutionSuffix location: resourceGroupLocation } managedIdentities: { systemAssigned: true } appLogsConfiguration: { destination: 'log-analytics' logAnalyticsConfiguration: { - customerId: logAnalyticsWorkspace.outputs.logAnalyticsWorkspaceId - sharedKey: logAnalyticsWorkspace.outputs.primarySharedKey + customerId: enableMonitoring ? logAnalyticsWorkspace!.outputs.logAnalyticsWorkspaceId : '' + sharedKey: enableMonitoring ? logAnalyticsWorkspace.outputs.primarySharedKey : '' } } workloadProfiles: [ @@ -887,21 +675,20 @@ module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.2' = { // //=========== Managed Identity for Container Registry ========== // module avmContainerRegistryReader 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.1' = { - name: format(resourceNameFormatString, 'acr-reader-mid-') + name: take('avm.res.managed-identity.user-assigned-identity.${solutionSuffix}', 64) params: { - name: 'acr-reader-mid${solutionPrefix}' + name: 'acr-reader-mid${solutionSuffix}' location: resourceGroupLocation tags: tags enableTelemetry: enableTelemetry } - scope: resourceGroup(resourceGroup().name) } // ========== Container App ========== // module avmContainerApp 'br/public:avm/res/app/container-app:0.17.0' = { - name: format(resourceNameFormatString, 'caapp-') + name: take('avm.res.app.container-app.${solutionSuffix}', 64) params: { - name: 'ca-${solutionPrefix}-app' + name: 'ca-${solutionSuffix}-app' location: resourceGroupLocation environmentResourceId: avmContainerAppEnv.outputs.resourceId workloadProfileName: 'Consumption' @@ -916,7 +703,7 @@ module avmContainerApp 'br/public:avm/res/app/container-app:0.17.0' = { containers: [ { - name: 'ca-${solutionPrefix}' + name: 'ca-${solutionSuffix}' image: '${publicContainerImageEndpoint}/contentprocessor:latest' resources: { @@ -939,8 +726,8 @@ module avmContainerApp 'br/public:avm/res/app/container-app:0.17.0' = { ingressExternal: false disableIngress: true scaleSettings: { - maxReplicas: enableScaling ? 3 : 2 - minReplicas: enableScaling ? 2 : 1 + maxReplicas: enableScalability ? 3 : 2 + minReplicas: enableScalability ? 2 : 1 } tags: tags } @@ -948,9 +735,9 @@ module avmContainerApp 'br/public:avm/res/app/container-app:0.17.0' = { // ========== Container App API ========== // module avmContainerApp_API 'br/public:avm/res/app/container-app:0.17.0' = { - name: format(resourceNameFormatString, 'caapi-') + name: take('avm.res.app.container-app-api.${solutionSuffix}', 64) params: { - name: 'ca-${solutionPrefix}-api' + name: 'ca-${solutionSuffix}-api' location: resourceGroupLocation environmentResourceId: avmContainerAppEnv.outputs.resourceId workloadProfileName: 'Consumption' @@ -965,7 +752,7 @@ module avmContainerApp_API 'br/public:avm/res/app/container-app:0.17.0' = { } containers: [ { - name: 'ca-${solutionPrefix}-api' + name: 'ca-${solutionSuffix}-api' image: '${publicContainerImageEndpoint}/contentprocessorapi:latest' resources: { cpu: '4' @@ -1021,8 +808,8 @@ module avmContainerApp_API 'br/public:avm/res/app/container-app:0.17.0' = { } ] scaleSettings: { - maxReplicas: enableScaling ? 3 : 2 - minReplicas: enableScaling ? 2 : 1 + maxReplicas: enableScalability ? 3 : 2 + minReplicas: enableScalability ? 2 : 1 rules: [ { name: 'http-scaler' @@ -1060,9 +847,9 @@ module avmContainerApp_API 'br/public:avm/res/app/container-app:0.17.0' = { //========== Container App Web ========== // module avmContainerApp_Web 'br/public:avm/res/app/container-app:0.17.0' = { - name: format(resourceNameFormatString, 'caweb-') + name: take('avm.res.app.container-app-web.${solutionSuffix}', 64) params: { - name: 'ca-${solutionPrefix}-web' + name: 'ca-${solutionSuffix}-web' location: resourceGroupLocation environmentResourceId: avmContainerAppEnv.outputs.resourceId workloadProfileName: 'Consumption' @@ -1080,8 +867,8 @@ module avmContainerApp_Web 'br/public:avm/res/app/container-app:0.17.0' = { ingressTransport: 'auto' //ingressAllowInsecure: true scaleSettings: { - maxReplicas: enableScaling ? 3 : 2 - minReplicas: enableScaling ? 2 : 1 + maxReplicas: enableScalability ? 3 : 2 + minReplicas: enableScalability ? 2 : 1 rules: [ { name: 'http-scaler' @@ -1095,7 +882,7 @@ module avmContainerApp_Web 'br/public:avm/res/app/container-app:0.17.0' = { } containers: [ { - name: 'ca-${solutionPrefix}-web' + name: 'ca-${solutionSuffix}-web' image: '${publicContainerImageEndpoint}/contentprocessorweb:latest' resources: { cpu: '4' @@ -1134,9 +921,9 @@ module avmContainerApp_Web 'br/public:avm/res/app/container-app:0.17.0' = { // ========== Cosmos Database for Mongo DB ========== // module avmCosmosDB 'br/public:avm/res/document-db/database-account:0.15.0' = { - name: format(resourceNameFormatString, 'cosmos-') + name: take('avm.res.document-db.database-account.${solutionSuffix}', 64) params: { - name: 'cosmos-${solutionPrefix}' + name: 'cosmos-${solutionSuffix}' location: resourceGroupLocation mongodbDatabases: [ { @@ -1168,7 +955,7 @@ module avmCosmosDB 'br/public:avm/res/document-db/database-account:0.15.0' = { privateEndpoints: (enablePrivateNetworking) ? [ { - name: 'cosmosdb-private-endpoint-${solutionPrefix}' + name: 'cosmosdb-private-endpoint-${solutionSuffix}' privateEndpointResourceId: virtualNetwork.outputs.resourceId privateDnsZoneGroup: { privateDnsZoneGroupConfigs: [ @@ -1189,12 +976,12 @@ module avmCosmosDB 'br/public:avm/res/document-db/database-account:0.15.0' = { // ========== App Configuration ========== // module avmAppConfig 'br/public:avm/res/app-configuration/configuration-store:0.6.3' = { - name: format(resourceNameFormatString, 'appcs-') + name: take('avm.res.app.configuration-store.${solutionSuffix}', 64) params: { - name: 'appcs-${solutionPrefix}' + name: 'appcs-${solutionSuffix}' location: resourceGroupLocation tags: { - app: solutionPrefix + app: solutionSuffix location: resourceGroupLocation } enableTelemetry: enableTelemetry @@ -1202,7 +989,7 @@ module avmAppConfig 'br/public:avm/res/app-configuration/configuration-store:0.6 sku: 'Standard' diagnosticSettings: [ { - workspaceResourceId: logAnalyticsWorkspace.outputs.resourceId + workspaceResourceId: enableMonitoring ? logAnalyticsWorkspace!.outputs.resourceId : '' logCategoriesAndGroups: [ { categoryGroup: 'allLogs' @@ -1338,16 +1125,16 @@ module avmAppConfig 'br/public:avm/res/app-configuration/configuration-store:0.6 } module avmAppConfig_update 'br/public:avm/res/app-configuration/configuration-store:0.6.3' = if (enablePrivateNetworking) { - name: format(resourceNameFormatString, 'appcs-update') + name: take('avm.res.app.configuration-store.update.${solutionSuffix}', 64) params: { - name: 'appcs-${solutionPrefix}' + name: 'appcs-${solutionSuffix}' location: resourceGroupLocation enableTelemetry: enableTelemetry tags: tags publicNetworkAccess: 'Disabled' privateEndpoints: [ { - name: 'appconfig-private-endpoint-${solutionPrefix}' + name: 'appconfig-private-endpoint-${solutionSuffix}' privateDnsZoneGroup: { privateDnsZoneGroupConfigs: [ { @@ -1369,9 +1156,9 @@ module avmAppConfig_update 'br/public:avm/res/app-configuration/configuration-st // ========== Container App Update Modules ========== // module avmContainerApp_update 'br/public:avm/res/app/container-app:0.17.0' = { - name: format(resourceNameFormatString, 'caapp-update-') + name: take('avm.res.app.container-app-update.${solutionSuffix}', 64) params: { - name: 'ca-${solutionPrefix}-app' + name: 'ca-${solutionSuffix}-app' location: resourceGroupLocation enableTelemetry: enableTelemetry environmentResourceId: avmContainerAppEnv.outputs.resourceId @@ -1386,7 +1173,7 @@ module avmContainerApp_update 'br/public:avm/res/app/container-app:0.17.0' = { } containers: [ { - name: 'ca-${solutionPrefix}' + name: 'ca-${solutionSuffix}' image: '${publicContainerImageEndpoint}/contentprocessor:latest' resources: { @@ -1409,9 +1196,9 @@ module avmContainerApp_update 'br/public:avm/res/app/container-app:0.17.0' = { ingressExternal: false disableIngress: true scaleSettings: { - maxReplicas: enableScaling ? 3 : 2 - minReplicas: enableScaling ? 2 : 1 - rules: enableScaling + maxReplicas: enableScalability ? 3 : 2 + minReplicas: enableScalability ? 2 : 1 + rules: enableScalability ? [ { name: 'http-scaler' @@ -1428,9 +1215,9 @@ module avmContainerApp_update 'br/public:avm/res/app/container-app:0.17.0' = { } module avmContainerApp_API_update 'br/public:avm/res/app/container-app:0.17.0' = { - name: format(resourceNameFormatString, 'caapi-update-') + name: take('avm.res.app.container-app-api.update.${solutionSuffix}', 64) params: { - name: 'ca-${solutionPrefix}-api' + name: 'ca-${solutionSuffix}-api' location: resourceGroupLocation enableTelemetry: enableTelemetry environmentResourceId: avmContainerAppEnv.outputs.resourceId @@ -1446,7 +1233,7 @@ module avmContainerApp_API_update 'br/public:avm/res/app/container-app:0.17.0' = containers: [ { - name: 'ca-${solutionPrefix}-api' + name: 'ca-${solutionSuffix}-api' image: '${publicContainerImageEndpoint}/contentprocessorapi:latest' resources: { cpu: '4' @@ -1502,8 +1289,8 @@ module avmContainerApp_API_update 'br/public:avm/res/app/container-app:0.17.0' = } ] scaleSettings: { - maxReplicas: enableScaling ? 3 : 2 - minReplicas: enableScaling ? 2 : 1 + maxReplicas: enableScalability ? 3 : 2 + minReplicas: enableScalability ? 2 : 1 rules: [ { name: 'http-scaler' diff --git a/infra/main.parameters.json b/infra/main.parameters.json index 90f79dc6..b2454555 100644 --- a/infra/main.parameters.json +++ b/infra/main.parameters.json @@ -2,7 +2,7 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { - "environmentName": { + "solutionName": { "value": "${AZURE_ENV_NAME}" }, "secondaryLocation": { diff --git a/infra/main.parameters.waf.json b/infra/main.waf.parameters.json similarity index 67% rename from infra/main.parameters.waf.json rename to infra/main.waf.parameters.json index 36b8e1ce..b865950d 100644 --- a/infra/main.parameters.waf.json +++ b/infra/main.waf.parameters.json @@ -2,7 +2,7 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { - "environmentName": { + "solutionName": { "value": "${AZURE_ENV_NAME}" }, "secondaryLocation": { @@ -29,8 +29,23 @@ "existingLogAnalyticsWorkspaceId": { "value": "${AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID}" }, + "existingFoundryProjectResourceId": { + "value": "${AZURE_ENV_FOUNDRY_PROJECT_ID}" + }, + "enableMonitoring": { + "value": true + }, "enablePrivateNetworking": { - "value": "true" + "value": true + }, + "enableScalability": { + "value": true + }, + "virtualMachineAdminUsername": { + "value": "${AZURE_ENV_VM_ADMIN_USERNAME}" + }, + "virtualMachineAdminPassword": { + "value": "${AZURE_ENV_VM_ADMIN_PASSWORD}" } } } \ No newline at end of file diff --git a/infra/modules/container-registry.bicep b/infra/modules/container-registry.bicep index 9731ce61..15724080 100644 --- a/infra/modules/container-registry.bicep +++ b/infra/modules/container-registry.bicep @@ -24,7 +24,7 @@ param roleAssignments roleAssignmentType[]? param tags object = {} module avmContainerRegistry 'br/public:avm/res/container-registry/registry:0.9.1' = { - name: acrName + name: take('avm.res.container-registry.registry-${acrName}', 64) params: { name: acrName location: location diff --git a/infra/modules/key-vault.bicep b/infra/modules/key-vault.bicep index 2c107c24..09cfedc3 100644 --- a/infra/modules/key-vault.bicep +++ b/infra/modules/key-vault.bicep @@ -73,7 +73,7 @@ param networkAcls object = { param logAnalyticsWorkspaceResourceId string = '' module avmKeyVault 'br/public:avm/res/key-vault/vault:0.13.0' = { - name: 'deploy_keyvault' + name: take('avm.res.key-vault.vault-${keyvaultName}', 64) params: { name: keyvaultName location: location diff --git a/infra/modules/log-analytics-workspace.bicep b/infra/modules/log-analytics-workspace.bicep index e03083ba..5799cc37 100644 --- a/infra/modules/log-analytics-workspace.bicep +++ b/infra/modules/log-analytics-workspace.bicep @@ -23,7 +23,7 @@ var existingLawResourceGroup = useExistingWorkspace ? split(existingLogAnalytics var existingLawName = useExistingWorkspace ? split(existingLogAnalyticsWorkspaceId, '/')[8] : '' module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.11.2' = if(!useExistingWorkspace) { - name: 'deploy_new_log_analytics_workspace' + name: take('avm.res.operational-insights.workspace-${name}', 24) params: { name: name location: location From 770385a12cfd8b0f847f7fc5105a6819aaac7789 Mon Sep 17 00:00:00 2001 From: Abdul-Microsoft Date: Tue, 14 Oct 2025 10:13:50 +0530 Subject: [PATCH 2/2] Update log analytics workspace ID handling and standardize naming conventions in virtual network module --- infra/main.bicep | 7 +++---- infra/modules/virtualNetwork.bicep | 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index e1160b17..0f5389db 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -150,7 +150,7 @@ module virtualNetwork './modules/virtualNetwork.bicep' = if (enablePrivateNetwor addressPrefixes: ['10.0.0.0/20'] location: resourceGroupLocation tags: tags - logAnalyticsWorkspaceId: existingLogAnalyticsWorkspaceId + logAnalyticsWorkspaceId: enableMonitoring ? logAnalyticsWorkspace!.outputs.resourceId : '' resourceSuffix: solutionSuffix enableTelemetry: enableTelemetry } @@ -168,7 +168,7 @@ module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = if (enablePr diagnosticSettings: [ { name: 'bastionDiagnostics' - workspaceResourceId: existingLogAnalyticsWorkspaceId + workspaceResourceId: enableMonitoring ? logAnalyticsWorkspace!.outputs.resourceId : '' logCategoriesAndGroups: [ { categoryGroup: 'allLogs' @@ -223,7 +223,7 @@ module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.15.0' = if (enable diagnosticSettings: [ { name: 'jumpboxDiagnostics' - workspaceResourceId: existingLogAnalyticsWorkspaceId + workspaceResourceId: enableMonitoring ? logAnalyticsWorkspace!.outputs.resourceId : '' logCategoriesAndGroups: [ { categoryGroup: 'allLogs' @@ -346,7 +346,6 @@ module avmManagedIdentity './modules/managed-identity.bicep' = { } // ========== Key Vault Module ========== // - module avmKeyVault './modules/key-vault.bicep' = { name: take('module.key-vault.${solutionSuffix}', 64) params: { diff --git a/infra/modules/virtualNetwork.bicep b/infra/modules/virtualNetwork.bicep index d2c792c6..84a2f254 100644 --- a/infra/modules/virtualNetwork.bicep +++ b/infra/modules/virtualNetwork.bicep @@ -13,11 +13,11 @@ param addressPrefixes array @description('An array of subnets to be created within the virtual network. Each subnet can have its own configuration and associated Network Security Group (NSG).') param subnets subnetType[] = [ { - name: 'Containers' + name: 'containers' addressPrefixes: ['10.0.2.0/24'] // /24 (10.0.2.0 - 10.0.2.255), 256 addresses delegation: 'Microsoft.App/environments' networkSecurityGroup: { - name: 'nsg-Containers' + name: 'nsg-containers' securityRules: [ //Inbound Rules {