|
param location string = resourceGroup().location |
|
param appName string = 'fnapp${uniqueString(resourceGroup().id)}' |
|
param frontDoorEndpointName string = 'afd${uniqueString(resourceGroup().id)}' |
|
|
|
// Azure Function App |
|
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = { |
|
name: 'storageacc${uniqueString(resourceGroup().id)}' |
|
location: location |
|
sku: { |
|
name: 'Standard_LRS' |
|
} |
|
kind: 'Storage' |
|
} |
|
|
|
resource hostingPlan 'Microsoft.Web/serverfarms@2022-03-01' = { |
|
name: 'hpe${uniqueString(resourceGroup().id)}' |
|
location: location |
|
} |
|
|
|
resource exposedFunctionApp 'Microsoft.Web/sites@2022-03-01' = { |
|
name: 'e${appName}' |
|
location: location |
|
kind: 'functionapp' |
|
identity: { |
|
type: 'SystemAssigned' |
|
} |
|
properties: { |
|
serverFarmId: hostingPlan.id |
|
siteConfig: { |
|
appSettings: [ |
|
{ |
|
name: 'AzureWebJobsStorage' |
|
value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${storageAccount.listKeys().keys[0].value}' |
|
} |
|
{ |
|
name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING' |
|
value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${storageAccount.listKeys().keys[0].value}' |
|
} |
|
{ |
|
name: 'WEBSITE_CONTENTSHARE' |
|
value: toLower(appName) |
|
} |
|
{ |
|
name: 'FUNCTIONS_EXTENSION_VERSION' |
|
value: '~2' |
|
} |
|
{ |
|
name: 'WEBSITE_NODE_DEFAULT_VERSION' |
|
value: '~10' |
|
} |
|
{ |
|
name: 'FUNCTIONS_WORKER_RUNTIME' |
|
value: 'node' |
|
} |
|
] |
|
} |
|
httpsOnly: true |
|
} |
|
} |
|
|
|
// Azure Function App > Protected Function App |
|
resource functionApp 'Microsoft.Web/sites@2022-03-01' = { |
|
name: appName |
|
location: location |
|
kind: 'functionapp' |
|
identity: { |
|
type: 'SystemAssigned' |
|
} |
|
properties: { |
|
serverFarmId: hostingPlan.id |
|
siteConfig: { |
|
appSettings: [ |
|
{ |
|
name: 'AzureWebJobsStorage' |
|
value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${storageAccount.listKeys().keys[0].value}' |
|
} |
|
{ |
|
name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING' |
|
value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${storageAccount.listKeys().keys[0].value}' |
|
} |
|
{ |
|
name: 'WEBSITE_CONTENTSHARE' |
|
value: toLower(appName) |
|
} |
|
{ |
|
name: 'FUNCTIONS_EXTENSION_VERSION' |
|
value: '~2' |
|
} |
|
{ |
|
name: 'WEBSITE_NODE_DEFAULT_VERSION' |
|
value: '~10' |
|
} |
|
{ |
|
name: 'FUNCTIONS_WORKER_RUNTIME' |
|
value: 'node' |
|
} |
|
] |
|
ftpsState: 'Disabled' |
|
minTlsVersion: '1.2' |
|
ipSecurityRestrictions: [ |
|
{ |
|
tag: 'ServiceTag' |
|
ipAddress: 'AzureFrontDoor.Backend' |
|
action: 'Allow' |
|
priority: 100 |
|
headers: { |
|
'x-azure-fdid': [ |
|
frontDoorProfile.properties.frontDoorId |
|
] |
|
} |
|
name: 'Allow trafic from FrontDoor' |
|
} |
|
] |
|
} |
|
httpsOnly: true |
|
} |
|
} |
|
|
|
// Azure FrontDoor |
|
|
|
resource frontDoorProfile 'Microsoft.Cdn/profiles@2021-06-01' = { |
|
name: 'frontDoorProfile' |
|
location: 'global' |
|
sku: { |
|
name: 'Standard_AzureFrontDoor' |
|
} |
|
} |
|
|
|
resource appServicePlan 'Microsoft.Web/serverfarms@2022-03-01' = { |
|
name: 'hp${uniqueString(resourceGroup().id)}' |
|
location: location |
|
sku: { |
|
name: 'S1' |
|
capacity: 1 |
|
} |
|
kind: 'app' |
|
} |
|
|
|
resource frontDoorEndpoint 'Microsoft.Cdn/profiles/afdEndpoints@2021-06-01' = { |
|
name: frontDoorEndpointName |
|
parent: frontDoorProfile |
|
location: 'global' |
|
properties: { |
|
enabledState: 'Enabled' |
|
} |
|
} |
|
|
|
resource frontDoorOriginGroup 'Microsoft.Cdn/profiles/originGroups@2021-06-01' = { |
|
name: 'frontDoorOriginGroupName' |
|
parent: frontDoorProfile |
|
properties: { |
|
loadBalancingSettings: { |
|
sampleSize: 4 |
|
successfulSamplesRequired: 3 |
|
} |
|
healthProbeSettings: { |
|
probePath: '/' |
|
probeRequestType: 'HEAD' |
|
probeProtocol: 'Http' |
|
probeIntervalInSeconds: 100 |
|
} |
|
} |
|
} |
|
|
|
resource frontDoorOrigin 'Microsoft.Cdn/profiles/originGroups/origins@2021-06-01' = { |
|
name: 'frontDoorOriginName' |
|
parent: frontDoorOriginGroup |
|
properties: { |
|
hostName: functionApp.properties.defaultHostName |
|
httpPort: 80 |
|
httpsPort: 443 |
|
originHostHeader: functionApp.properties.defaultHostName |
|
priority: 1 |
|
weight: 1000 |
|
} |
|
} |
|
|
|
resource frontDoorRoute 'Microsoft.Cdn/profiles/afdEndpoints/routes@2021-06-01' = { |
|
name: 'frontDoorRouteName' |
|
parent: frontDoorEndpoint |
|
dependsOn: [ |
|
frontDoorOrigin |
|
] |
|
properties: { |
|
originGroup: { |
|
id: frontDoorOriginGroup.id |
|
} |
|
supportedProtocols: [ |
|
'Http' |
|
'Https' |
|
] |
|
patternsToMatch: [ |
|
'/*' |
|
] |
|
forwardingProtocol: 'HttpsOnly' |
|
linkToDefaultDomain: 'Enabled' |
|
httpsRedirect: 'Enabled' |
|
} |
|
} |
|
|
|
output appServiceHostName string = functionApp.properties.defaultHostName |
|
output frontDoorEndpointHostName string = frontDoorEndpoint.properties.hostName |