Created
February 15, 2024 12:04
-
-
Save sjorspa/f2e456a7f697203e8b9644894fe6bebd to your computer and use it in GitHub Desktop.
Function App with Integrated Security Storage
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@description('Specifies region of all resources.') | |
param location string = resourceGroup().location | |
@description('Suffix for function app, storage account, and key vault names.') | |
param appNameSuffix string = uniqueString(resourceGroup().id) | |
@description('Storage account SKU name.') | |
param storageSku string = 'Standard_LRS' | |
var functionAppName = 'fn-${appNameSuffix}' | |
var appServicePlanName = 'FunctionPlan' | |
var storageAccountName = 'fnstor${replace(appNameSuffix, '-', '')}' | |
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-04-01' = { | |
name: storageAccountName | |
location: location | |
sku: { | |
name: storageSku | |
} | |
kind: 'StorageV2' | |
properties: { | |
supportsHttpsTrafficOnly: true | |
encryption: { | |
services: { | |
file: { | |
keyType: 'Account' | |
enabled: true | |
} | |
blob: { | |
keyType: 'Account' | |
enabled: true | |
} | |
} | |
keySource: 'Microsoft.Storage' | |
} | |
accessTier: 'Hot' | |
} | |
} | |
// Role assignments | |
var blobOwnerRoleId = 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b' | |
resource roleDefinitionBlobContributor 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = { | |
scope: resourceGroup() | |
name: blobOwnerRoleId | |
} | |
resource roleAssignmentBlob 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = { | |
name: guid(functionAppName, blobOwnerRoleId) | |
scope: storageAccount | |
properties: { | |
roleDefinitionId: roleDefinitionBlobContributor.id | |
principalId: functionApp.identity.principalId | |
} | |
} | |
var storageContributorRoleId = '17d1049b-9a84-46fb-8f53-869881c3d3ab' | |
resource roleDefinitionStorageContributor 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = { | |
scope: resourceGroup() | |
name: storageContributorRoleId | |
} | |
resource roleAssignmentContrib 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = { | |
name: guid(functionAppName, storageContributorRoleId) | |
scope: storageAccount | |
properties: { | |
roleDefinitionId: roleDefinitionStorageContributor.id | |
principalId: functionApp.identity.principalId | |
} | |
} | |
resource plan 'Microsoft.Web/serverfarms@2020-12-01' = { | |
name: appServicePlanName | |
location: location | |
kind: 'functionapp' | |
sku: { | |
name: 'Y1' | |
} | |
properties: {} | |
} | |
resource functionApp 'Microsoft.Web/sites@2020-12-01' = { | |
name: functionAppName | |
location: location | |
kind: 'functionapp' | |
identity: { | |
type: 'SystemAssigned' | |
} | |
properties: { | |
serverFarmId: plan.id | |
siteConfig: { | |
appSettings: [ | |
{ | |
name: 'AzureWebJobsStorage__accountname' | |
value: storageAccountName | |
} | |
{ | |
name: 'FUNCTIONS_WORKER_RUNTIME' | |
value: 'dotnet' | |
} | |
{ | |
name: 'FUNCTIONS_EXTENSION_VERSION' | |
value: '~4' | |
} | |
] | |
} | |
httpsOnly: true | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment