sjorspa/gist:f2e456a7f697203e8b9644894fe6bebd

## gistfile1.bicep
@description('Specifies region of all resources.')
param location string = resourceGroup().location
@description('Suffix for function app, storage account, and key vault names.')
param appNameSuffix string = uniqueString(resourceGroup().id)
@description('Storage account SKU name.')
param storageSku string = 'Standard_LRS'

var functionAppName = 'fn-${appNameSuffix}'
var appServicePlanName = 'FunctionPlan'
var storageAccountName = 'fnstor${replace(appNameSuffix, '-', '')}'

resource storageAccount 'Microsoft.Storage/storageAccounts@2021-04-01' = {
  name: storageAccountName
  location: location
  sku: {
    name: storageSku
  }
  kind: 'StorageV2'
  properties: {
    supportsHttpsTrafficOnly: true
    encryption: {
      services: {
        file: {
          keyType: 'Account'
          enabled: true
        }
        blob: {
          keyType: 'Account'
          enabled: true
        }
      }
      keySource: 'Microsoft.Storage'
    }
    accessTier: 'Hot'
  }
}


// Role assignments
var blobOwnerRoleId = 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'
resource roleDefinitionBlobContributor 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
  scope: resourceGroup()
  name: blobOwnerRoleId
}

resource roleAssignmentBlob 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
  name: guid(functionAppName, blobOwnerRoleId)
  scope: storageAccount
  properties: {
    roleDefinitionId: roleDefinitionBlobContributor.id
    principalId: functionApp.identity.principalId
  }
}

var storageContributorRoleId = '17d1049b-9a84-46fb-8f53-869881c3d3ab'
resource roleDefinitionStorageContributor 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
  scope: resourceGroup()
  name: storageContributorRoleId
}

resource roleAssignmentContrib 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
  name: guid(functionAppName, storageContributorRoleId)
  scope: storageAccount
  properties: {
    roleDefinitionId: roleDefinitionStorageContributor.id
    principalId: functionApp.identity.principalId
  }
}

resource plan 'Microsoft.Web/serverfarms@2020-12-01' = {
  name: appServicePlanName
  location: location
  kind: 'functionapp'
  sku: {
    name: 'Y1'
  }
  properties: {}
}

resource functionApp 'Microsoft.Web/sites@2020-12-01' = {
  name: functionAppName
  location: location
  kind: 'functionapp'
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    serverFarmId: plan.id
    siteConfig: {
      appSettings: [
        {
          name: 'AzureWebJobsStorage__accountname'
          value: storageAccountName
        }
        {
          name: 'FUNCTIONS_WORKER_RUNTIME'
          value: 'dotnet'
        }
        {
          name: 'FUNCTIONS_EXTENSION_VERSION'
          value: '~4'
        }
      ]
    }
    httpsOnly: true
  }
}
	@description('Specifies region of all resources.')
	param location string = resourceGroup().location
	@description('Suffix for function app, storage account, and key vault names.')
	param appNameSuffix string = uniqueString(resourceGroup().id)
	@description('Storage account SKU name.')
	param storageSku string = 'Standard_LRS'

	var functionAppName = 'fn-${appNameSuffix}'
	var appServicePlanName = 'FunctionPlan'
	var storageAccountName = 'fnstor${replace(appNameSuffix, '-', '')}'

	resource storageAccount 'Microsoft.Storage/storageAccounts@2021-04-01' = {
	name: storageAccountName
	location: location
	sku: {
	name: storageSku
	}
	kind: 'StorageV2'
	properties: {
	supportsHttpsTrafficOnly: true
	encryption: {
	services: {
	file: {
	keyType: 'Account'
	enabled: true
	}
	blob: {
	keyType: 'Account'
	enabled: true
	}
	}
	keySource: 'Microsoft.Storage'
	}
	accessTier: 'Hot'
	}
	}


	// Role assignments
	var blobOwnerRoleId = 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'
	resource roleDefinitionBlobContributor 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
	scope: resourceGroup()
	name: blobOwnerRoleId
	}

	resource roleAssignmentBlob 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
	name: guid(functionAppName, blobOwnerRoleId)
	scope: storageAccount
	properties: {
	roleDefinitionId: roleDefinitionBlobContributor.id
	principalId: functionApp.identity.principalId
	}
	}

	var storageContributorRoleId = '17d1049b-9a84-46fb-8f53-869881c3d3ab'
	resource roleDefinitionStorageContributor 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
	scope: resourceGroup()
	name: storageContributorRoleId
	}

	resource roleAssignmentContrib 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
	name: guid(functionAppName, storageContributorRoleId)
	scope: storageAccount
	properties: {
	roleDefinitionId: roleDefinitionStorageContributor.id
	principalId: functionApp.identity.principalId
	}
	}

	resource plan 'Microsoft.Web/serverfarms@2020-12-01' = {
	name: appServicePlanName
	location: location
	kind: 'functionapp'
	sku: {
	name: 'Y1'
	}
	properties: {}
	}

	resource functionApp 'Microsoft.Web/sites@2020-12-01' = {
	name: functionAppName
	location: location
	kind: 'functionapp'
	identity: {
	type: 'SystemAssigned'
	}
	properties: {
	serverFarmId: plan.id
	siteConfig: {
	appSettings: [
	{
	name: 'AzureWebJobsStorage__accountname'
	value: storageAccountName
	}
	{
	name: 'FUNCTIONS_WORKER_RUNTIME'
	value: 'dotnet'
	}
	{
	name: 'FUNCTIONS_EXTENSION_VERSION'
	value: '~4'
	}
	]
	}
	httpsOnly: true
	}
	}