Azure-Website-IAC/main.bicep at main · dcox79/Azure-Website-IAC · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
/*
  Main Infrastructure Deployment Template

  This template orchestrates the deployment of a complete cloud infrastructure including:
  - Storage Accounts (Primary and Function storage)
  - Function Apps with staging slots
  - Front Door for global content delivery
  - DNS Zone configuration
  - App Service Plan
  - Cosmos DB Account

  The deployment supports both production and non-production environments with appropriate scaling.
*/

@description('The environment type for deployment (nonprod or prod)')
@allowed([
  'nonprod'
  'prod'
])
param environment string = 'prod'

@description('Azure region for resource deployment')
param location string = resourceGroup().location

@description('The domain name for DNS configuration')
param zoneName string

@description('Base name for the function app')
param funcName string

@description('Front Door profile name')
param profileName string

@description('DNS records configuration')
param dnsRecords object

@description('Resource tags')
param tags object

// Variables
var uniqueSuffix = uniqueString(subscription().subscriptionId, resourceGroup().id)
var storageAccountSkuName = (environment == 'prod') ? 'Standard_GRS' : 'Standard_LRS'
var appServicePlanSkuName = (environment == 'prod') ? 'P1V2' : 'B1'
var functionAppName = '${environment}-${funcName}-${uniqueSuffix}'
var primaryStorageAccountName = '${take(environment, 1)}stor${take(uniqueSuffix, 6)}'
var functionStorageAccountName = '${take(environment, 1)}func${take(uniqueSuffix, 6)}'

module primaryStorageAccountModule './modules/storageAccount.bicep' = {
  name: 'primaryStorageDeployment'
  params: {
    storageAccountName: primaryStorageAccountName
    location: location
    skuName: storageAccountSkuName
    accessTier: 'Hot'
    allowBlobPublicAccess: false
    allowSharedKeyAccess: true
    customDomain: zoneName
    tags: tags
  }
}

module functionStorageAccountModule './modules/storageAccount.bicep' = {
  name: 'functionStorageDeployment'
  params: {
    storageAccountName: functionStorageAccountName
    location: location
    skuName: storageAccountSkuName
    accessTier: 'Hot'
    allowBlobPublicAccess: false
    allowSharedKeyAccess: true
    tags: tags
  }
}

var functionContainers = [
  'azure-webjobs-hosts'
  'azure-webjobs-secrets'
  'function-releases'
  'scm-releases'
]

module functionContainerDeployments 'modules/createContainer.bicep' = [for container in functionContainers: {
  name: '${functionStorageAccountModule.name}-${container}-container'
  params: {
    storageAccountName: functionStorageAccountModule.outputs.storageAccountName
    containerName: container
  }
  dependsOn: [
    functionStorageAccountModule
  ]
}]

module frontDoorModule './modules/frontDoor.bicep' = {
  name: 'frontDoorDeployment'
  params: {
    profileName: profileName
    dnsZoneId: resourceId('Microsoft.Network/dnszones', zoneName)
    zoneName: zoneName
    tags: tags
  }
}

module dnsZoneModule './modules/dnsZone.bicep' = {
  name: 'dnsZoneDeployment'
  params: {
    zoneName: zoneName
    frontDoorEndpointId: frontDoorModule.outputs.endpointId
    dnsRecords: dnsRecords
  }
}

module appServicePlanModule './modules/appServicePlan.bicep' = {
  name: 'appServicePlanDeployment'
  params: {
    appServicePlanName: '${environment}-myproject-asp'
    location: location
    skuName: appServicePlanSkuName
    osType: 'Linux'
    skuTier: environment == 'prod' ? 'PremiumV2' : 'Basic'
    tags: tags
  }
}

module functionAppProdModule './modules/functionAppProd.bicep' = {
  name: 'functionAppProdDeployment'
  params: {
    functionAppName: functionAppName
    location: location
    appServicePlanId: appServicePlanModule.outputs.appServicePlanId
    zoneName: zoneName
    runtimeStack: 'dotnet-isolated|8.0'
    tags: tags
  }
}

module cosmosDbModule './modules/cosmosDbAccount.bicep' = {
  name: 'cosmosDbDeployment'
  params: {
    accountName: '${take(environment, 1)}cosmos${take(uniqueSuffix, 6)}'
    location: location
    defaultConsistencyLevel: 'Session'
    enableFreeTier: environment != 'prod'
  }
}

output primaryStorageAccountId string = primaryStorageAccountModule.outputs.storageAccountId
output primaryStorageAccountName string = primaryStorageAccountModule.outputs.storageAccountName
output functionStorageAccountId string = functionStorageAccountModule.outputs.storageAccountId
output functionStorageAccountName string = functionStorageAccountModule.outputs.storageAccountName