Do as I say, not as I do

azuredeploy.json

{
  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "baseName": {
      "type": "string",
      "defaultValue": "noelbundick"
    },
    "customHostname": {
      "type": "string",
      "defaultValue": "www.noelbundick.com"
    }
  },
  "variables": {
    "aciName": "[concat(parameters('baseName'), '-bootstrap')]",
    "functionappName": "[concat(parameters('baseName'), '-proxy')]",
    "identityName": "[concat(parameters('baseName'), '-bootstrap')]",
    "insightsName": "[concat(parameters('baseName'), '-proxy')]",
    "storageName": "[toLower(parameters('baseName'))]",
    "bootstrapRoleAssignmentId": "[guid(concat(resourceGroup().id, 'contributor'))]",
    "contributorRoleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",

    "domainParts": "[split(parameters('customHostname'), '.')]",
    "numDomainParts": "[length(variables('domainParts'))]",
    "lastDomainPart": "[variables('domainParts')[sub(variables('numDomainParts'), 1)]]",
    "penultimateDomainPart": "[variables('domainParts')[sub(variables('numDomainParts'), 2)]]",
    "nakedDomain": "[concat(variables('penultimateDomainPart'), '.', variables('lastDomainPart'))]"
  },
  "resources": [
    {
      "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
      "name": "[variables('identityName')]",
      "apiVersion": "2015-08-31-preview",
      "location": "[resourceGroup().location]"
    },
    {
      "type": "Microsoft.Authorization/roleAssignments",
      "apiVersion": "2017-05-01",
      "name": "[variables('bootstrapRoleAssignmentId')]",
      "dependsOn": [
        "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]"
      ],
      "properties": {
        "roleDefinitionId": "[variables('contributorRoleDefinitionId')]",
        "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName')), '2015-08-31-preview').principalId]",
        "scope": "[resourceGroup().id]"
      }
    },
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2018-07-01",
      "name": "[variables('storageName')]",
      "location": "[resourceGroup().location]",
      "kind": "StorageV2",
      "sku": {
        "name": "Standard_LRS"
      },
      "properties": {
        "encryption": {
          "keySource": "Microsoft.Storage",
          "services": {
            "blob": {
              "enabled": true
            },
            "file": {
              "enabled": true
            }
          }
        },
        "supportsHttpsTrafficOnly": true
      }
    },
    {
      "type": "Microsoft.ContainerInstance/containerGroups",
      "apiVersion": "2018-10-01",
      "name": "[variables('aciName')]",
      "location": "[resourceGroup().location]",
      "dependsOn": [
        "[resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))]",
        "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]",
        "[resourceId('Microsoft.Authorization/roleAssignments', variables('bootstrapRoleAssignmentId'))]"
      ],
      "identity": {
        "type": "UserAssigned",
        "userAssignedIdentities": {
          "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]": {}
        }
      },
      "properties": {
        "osType": "Linux",
        "restartPolicy": "OnFailure",
        "containers": [
          {
            "name": "azure-cli",
            "properties": {
              "image": "microsoft/azure-cli",
              "command": [
                "/bin/sh",
                "-c",
                "[concat('az login --identity -u ', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName')), ' && az extension add -n storage-preview -y && az storage blob service-properties update --account-name ', variables('storageName'), ' --static-website --404-document 404.html --index-document index.html')]"
              ],
              "resources": {
                "requests": {
                  "cpu": 1,
                  "memoryInGB": 1
                }
              }
            }
          }
        ]
      }
    },
    {
      "name": "[variables('insightsName')]",
      "apiVersion": "2015-05-01",
      "type": "Microsoft.Insights/components",
      "location": "West US 2",
      "tags": {
        "[concat('hidden-link:', resourceGroup().id, '/providers/Microsoft.Web/sites/', variables('functionappName'))]": "Resource"
      },
      "properties": {
        "ApplicationId": "[variables('functionappName')]"
      }
    },
    {
      "type": "Microsoft.Web/sites",
      "apiVersion": "2018-02-01",
      "name": "[variables('functionappName')]",
      "location": "[resourceGroup().location]",
      "kind": "functionapp",
      "dependsOn": [
        "[resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))]",
        "[resourceId('Microsoft.Insights/components', variables('insightsName'))]"
      ],
      "properties": {
        "name": "[variables('functionAppName')]",
        "reserved": false,
        "clientAffinityEnabled": false,
        "siteConfig": {
          "appSettings": [
            {
              "name": "FUNCTIONS_WORKER_RUNTIME",
              "value": "dotnet"
            },
            {
              "name": "AzureWebJobsStorage",
              "value": "[concat('DefaultEndpointsProtocol=https;AccountName=',variables('storageName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2018-02-01').keys[0].value)]"
            },
            {
              "name": "FUNCTIONS_EXTENSION_VERSION",
              "value": "~2"
            },
            {
              "name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
              "value": "[concat('DefaultEndpointsProtocol=https;AccountName=',variables('storageName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2018-02-01').keys[0].value)]"
            },
            {
              "name": "WEBSITE_CONTENTSHARE",
              "value": "[toLower(variables('functionAppName'))]"
            },
            {
              "name": "APPINSIGHTS_INSTRUMENTATIONKEY",
              "value": "[reference(resourceId('Microsoft.Insights/components/', variables('insightsName')), '2015-05-01').InstrumentationKey]"
            }
          ]
        }
      }
    },
    {
      "type": "Microsoft.Web/sites/hostnameBindings",
      "apiVersion": "2018-02-01",
      "name": "[concat(variables('functionappName'), '/', parameters('customHostname'))]",
      "location": "[resourceGroup().location]",
      "dependsOn": [
        "[resourceId('Microsoft.Web/sites', variables('functionappName'))]",
        "[resourceId('Microsoft.Insights/components', variables('insightsName'))]"
      ],
      "properties": {}
    },
    {
      "type": "Microsoft.Web/sites/hostnameBindings",
      "apiVersion": "2018-02-01",
      "name": "[concat(variables('functionappName'), '/', variables('nakedDomain'))]",
      "location": "[resourceGroup().location]",
      "dependsOn": [
        "[resourceId('Microsoft.Web/sites', variables('functionappName'))]",
        "[resourceId('Microsoft.Insights/components', variables('insightsName'))]",
        "[resourceId('Microsoft.Web/sites/hostnameBindings', variables('functionappName'), parameters('customHostname'))]"
      ],
      "properties": {}
    }
  ],
  "outputs": {
    "functionappName": {
      "type": "string",
      "value": "[variables('functionappName')]"
    },
    "storageName": {
      "type": "string",
      "value": "[variables('storageName')]"
    },
    "webEndpoint": {
      "type": "string",
      "value": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2018-02-01').primaryEndpoints.web]"
    }
  }
}