Created
May 18, 2018 03:07
-
-
Save mattchenderson/6491cd21c1fc713b776af52ee49562eb to your computer and use it in GitHub Desktop.
ARM template for Functions, MSI, and Key Vault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", | |
"contentVersion": "1.0.0.0", | |
"parameters": { | |
"resourcename_base": { | |
"type": "string", | |
"defaultValue": "[resourceGroup().name]" | |
}, | |
"storageAccountType": { | |
"type": "string", | |
"defaultValue": "Standard_LRS", | |
"allowedValues": [ | |
"Standard_LRS", | |
"Standard_GRS", | |
"Standard_ZRS", | |
"Premium_LRS" | |
], | |
"metadata": { | |
"description": "Storage Account type" | |
} | |
}, | |
"secretName": { | |
"type": "string", | |
"defaultValue": "MySecret" | |
}, | |
"secretValue": { | |
"type": "string", | |
"defaultValue": "It's a secret!" | |
} | |
}, | |
"variables": { | |
"storageAccountName": "[concat(parameters('resourcename_base'), 'sa')]", | |
"functionAppName": "[concat(parameters('resourcename_base'), '-func')]", | |
"appInsightsName": "[concat(parameters('resourcename_base'), '-ai')]", | |
"storageAccountid": "[concat(resourceGroup().id,'/providers/','Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]", | |
"keyVaultName": "[concat(parameters('resourcename_base'), '-kv')]" | |
}, | |
"resources": [ | |
{ | |
"type": "Microsoft.Storage/storageAccounts", | |
"name": "[variables('storageAccountName')]", | |
"apiVersion": "2017-06-01", | |
"location": "[resourceGroup().location]", | |
"kind": "Storage", | |
"sku": { | |
"name": "[parameters('storageAccountType')]" | |
} | |
}, | |
{ | |
"apiVersion": "2015-05-01", | |
"name": "[variables('appInsightsName')]", | |
"type": "Microsoft.Insights/components", | |
"kind": "web", | |
"location": "[resourceGroup().location]", | |
"tags": { | |
"[concat('hidden-link:', resourceGroup().id, '/providers/Microsoft.Web/sites/', variables('functionAppName'))]": "Resource" | |
}, | |
"properties": { | |
"Application_Type": "web", | |
"ApplicationId": "[variables('functionAppName')]" | |
} | |
}, | |
{ | |
"apiVersion": "2015-08-01", | |
"type": "Microsoft.Web/sites", | |
"name": "[variables('functionAppName')]", | |
"location": "[resourceGroup().location]", | |
"kind": "functionapp", | |
"identity": { | |
"type": "SystemAssigned" | |
}, | |
"dependsOn": [ | |
"[resourceId('Microsoft.Insights/components', variables('appInsightsName'))]", | |
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" | |
], | |
"properties": { | |
"siteConfig": { | |
"appSettings": [ | |
{ | |
"name": "AzureWebJobsDashboard", | |
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]" | |
}, | |
{ | |
"name": "AzureWebJobsStorage", | |
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]" | |
}, | |
{ | |
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING", | |
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]" | |
}, | |
{ | |
"name": "WEBSITE_CONTENTSHARE", | |
"value": "[toLower(variables('functionAppName'))]" | |
}, | |
{ | |
"name": "FUNCTIONS_EXTENSION_VERSION", | |
"value": "~1" | |
}, | |
{ | |
"name": "WEBSITE_NODE_DEFAULT_VERSION", | |
"value": "6.5.0" | |
}, | |
{ | |
"name": "APPINSIGHTS_INSTRUMENTATIONKEY", | |
"value": "[reference(resourceId('microsoft.insights/components/', variables('appInsightsName')), '2015-05-01').InstrumentationKey]" | |
} | |
] | |
} | |
} | |
}, | |
{ | |
"apiVersion": "2016-10-01", | |
"type": "Microsoft.KeyVault/vaults", | |
"name": "[variables('keyVaultName')]", | |
"location": "[resourceGroup().location]", | |
"dependsOn": [ | |
"[resourceId('Microsoft.Web/sites', variables('functionAppName'))]" | |
], | |
"properties": { | |
"sku": { | |
"name": "standard", | |
"family": "A" | |
}, | |
"tenantId": "[subscription().tenantId]", | |
"accessPolicies": [ | |
{ | |
"tenantId": "[reference(concat('Microsoft.Web/sites/', variables('functionAppName'), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2015-08-31-PREVIEW').tenantId]", | |
"objectId": "[reference(concat('Microsoft.Web/sites/', variables('functionAppName'), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2015-08-31-PREVIEW').principalId]", | |
"permissions": { | |
"secrets": [ | |
"get" | |
] | |
} | |
} | |
] | |
}, | |
"resources": [ | |
{ | |
"type": "secrets", | |
"name": "[parameters('secretName')]", | |
"apiVersion": "2016-10-01", | |
"tags": { | |
"displayName": "secret" | |
}, | |
"properties": { | |
"value": "[parameters('secretValue')]" | |
}, | |
"dependsOn": [ | |
"[concat('Microsoft.KeyVault/vaults/', variables('keyVaultName'))]" | |
] | |
} | |
] | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment