-
-
Save ThomasPe/7a8d1d85a5d075eae9648e17adb37d77 to your computer and use it in GitHub Desktop.
Web App + Storage Account + Managed Identity
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param location string | |
param appServicePlanName string | |
param appServicePlanSku string | |
param webAppName string | |
param storageAccountName string | |
resource appServicePlan 'Microsoft.Web/serverfarms@2020-06-01' = { | |
name: appServicePlanName | |
location: location | |
kind: 'linux' | |
properties: { | |
reserved: true | |
} | |
sku: { | |
name: appServicePlanSku | |
} | |
} | |
resource webApp 'Microsoft.Web/sites@2022-09-01' = { | |
name: webAppName | |
location: location | |
properties: { | |
serverFarmId: appServicePlan.id | |
siteConfig: { | |
linuxFxVersion: 'DOTNETCORE|6.0' | |
alwaysOn: true | |
} | |
httpsOnly: true | |
clientAffinityEnabled: false | |
} | |
identity: { | |
type: 'SystemAssigned' | |
} | |
} | |
resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = { | |
name: storageAccountName | |
location: location | |
sku: { | |
name: 'Standard_LRS' | |
} | |
kind: 'StorageV2' | |
properties: { | |
accessTier: 'Hot' | |
allowBlobPublicAccess: true | |
supportsHttpsTrafficOnly: true | |
minimumTlsVersion: 'TLS1_2' | |
} | |
} | |
resource storageTableDataContributorRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = { | |
scope: subscription() | |
name: '17d1049b-9a84-46fb-8f53-869881c3d3ab' | |
} | |
resource tableRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { | |
name: guid(resourceGroup().id, webApp.id, storageTableDataContributorRoleDefinition.id) | |
scope: storageAccount | |
properties: { | |
roleDefinitionId: storageTableDataContributorRoleDefinition.id | |
principalId: webApp.identity.principalId | |
} | |
} | |
resource storageBlobDataContributorRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = { | |
scope: subscription() | |
name: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' | |
} | |
resource blobRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { | |
name: guid(resourceGroup().id, webApp.id, storageBlobDataContributorRoleDefinition.id) | |
scope: storageAccount | |
properties: { | |
roleDefinitionId: storageBlobDataContributorRoleDefinition.id | |
principalId: webApp.identity.principalId | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment