Created
May 18, 2018 03:07
-
-
Save mattchenderson/6491cd21c1fc713b776af52ee49562eb to your computer and use it in GitHub Desktop.
ARM template for Functions, MSI, and Key Vault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "resourcename_base": { | |
| "type": "string", | |
| "defaultValue": "[resourceGroup().name]" | |
| }, | |
| "storageAccountType": { | |
| "type": "string", | |
| "defaultValue": "Standard_LRS", | |
| "allowedValues": [ | |
| "Standard_LRS", | |
| "Standard_GRS", | |
| "Standard_ZRS", | |
| "Premium_LRS" | |
| ], | |
| "metadata": { | |
| "description": "Storage Account type" | |
| } | |
| }, | |
| "secretName": { | |
| "type": "string", | |
| "defaultValue": "MySecret" | |
| }, | |
| "secretValue": { | |
| "type": "string", | |
| "defaultValue": "It's a secret!" | |
| } | |
| }, | |
| "variables": { | |
| "storageAccountName": "[concat(parameters('resourcename_base'), 'sa')]", | |
| "functionAppName": "[concat(parameters('resourcename_base'), '-func')]", | |
| "appInsightsName": "[concat(parameters('resourcename_base'), '-ai')]", | |
| "storageAccountid": "[concat(resourceGroup().id,'/providers/','Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]", | |
| "keyVaultName": "[concat(parameters('resourcename_base'), '-kv')]" | |
| }, | |
| "resources": [ | |
| { | |
| "type": "Microsoft.Storage/storageAccounts", | |
| "name": "[variables('storageAccountName')]", | |
| "apiVersion": "2017-06-01", | |
| "location": "[resourceGroup().location]", | |
| "kind": "Storage", | |
| "sku": { | |
| "name": "[parameters('storageAccountType')]" | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-05-01", | |
| "name": "[variables('appInsightsName')]", | |
| "type": "Microsoft.Insights/components", | |
| "kind": "web", | |
| "location": "[resourceGroup().location]", | |
| "tags": { | |
| "[concat('hidden-link:', resourceGroup().id, '/providers/Microsoft.Web/sites/', variables('functionAppName'))]": "Resource" | |
| }, | |
| "properties": { | |
| "Application_Type": "web", | |
| "ApplicationId": "[variables('functionAppName')]" | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-08-01", | |
| "type": "Microsoft.Web/sites", | |
| "name": "[variables('functionAppName')]", | |
| "location": "[resourceGroup().location]", | |
| "kind": "functionapp", | |
| "identity": { | |
| "type": "SystemAssigned" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.Insights/components', variables('appInsightsName'))]", | |
| "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" | |
| ], | |
| "properties": { | |
| "siteConfig": { | |
| "appSettings": [ | |
| { | |
| "name": "AzureWebJobsDashboard", | |
| "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]" | |
| }, | |
| { | |
| "name": "AzureWebJobsStorage", | |
| "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]" | |
| }, | |
| { | |
| "name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING", | |
| "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]" | |
| }, | |
| { | |
| "name": "WEBSITE_CONTENTSHARE", | |
| "value": "[toLower(variables('functionAppName'))]" | |
| }, | |
| { | |
| "name": "FUNCTIONS_EXTENSION_VERSION", | |
| "value": "~1" | |
| }, | |
| { | |
| "name": "WEBSITE_NODE_DEFAULT_VERSION", | |
| "value": "6.5.0" | |
| }, | |
| { | |
| "name": "APPINSIGHTS_INSTRUMENTATIONKEY", | |
| "value": "[reference(resourceId('microsoft.insights/components/', variables('appInsightsName')), '2015-05-01').InstrumentationKey]" | |
| } | |
| ] | |
| } | |
| } | |
| }, | |
| { | |
| "apiVersion": "2016-10-01", | |
| "type": "Microsoft.KeyVault/vaults", | |
| "name": "[variables('keyVaultName')]", | |
| "location": "[resourceGroup().location]", | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.Web/sites', variables('functionAppName'))]" | |
| ], | |
| "properties": { | |
| "sku": { | |
| "name": "standard", | |
| "family": "A" | |
| }, | |
| "tenantId": "[subscription().tenantId]", | |
| "accessPolicies": [ | |
| { | |
| "tenantId": "[reference(concat('Microsoft.Web/sites/', variables('functionAppName'), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2015-08-31-PREVIEW').tenantId]", | |
| "objectId": "[reference(concat('Microsoft.Web/sites/', variables('functionAppName'), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2015-08-31-PREVIEW').principalId]", | |
| "permissions": { | |
| "secrets": [ | |
| "get" | |
| ] | |
| } | |
| } | |
| ] | |
| }, | |
| "resources": [ | |
| { | |
| "type": "secrets", | |
| "name": "[parameters('secretName')]", | |
| "apiVersion": "2016-10-01", | |
| "tags": { | |
| "displayName": "secret" | |
| }, | |
| "properties": { | |
| "value": "[parameters('secretValue')]" | |
| }, | |
| "dependsOn": [ | |
| "[concat('Microsoft.KeyVault/vaults/', variables('keyVaultName'))]" | |
| ] | |
| } | |
| ] | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment