{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "clusterParentDomainName": { "type": "string" }, "databaseAccountName": { "type": "string" }, "fpServicePrincipalId": { "type": "string" }, "rpServicePrincipalId": { "type": "string" } }, "resources": [ { "properties": {}, "name": "[concat(resourceGroup().location, '.', parameters('clusterParentDomainName'))]", "type": "Microsoft.Network/dnsZones", "location": "global", "apiVersion": "2018-05-01" }, { "properties": { "addressSpace": { "addressPrefixes": [ "10.0.0.0/24" ] }, "subnets": [ { "properties": { "addressPrefix": "10.0.0.0/24", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'rp-nsg')]", "tags": null } }, "name": "rp-subnet" } ] }, "name": "rp-vnet", "type": "Microsoft.Network/virtualNetworks", "location": "[resourceGroup().location]", "apiVersion": "2019-07-01" }, { "properties": { "addressSpace": { "addressPrefixes": [ "10.0.4.0/22" ] }, "subnets": [ { "properties": { "addressPrefix": "10.0.4.0/22", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'rp-pe-nsg')]", "tags": null }, "privateEndpointNetworkPolicies": "Disabled" }, "name": "rp-pe-subnet" } ] }, "name": "rp-pe-vnet-001", "type": "Microsoft.Network/virtualNetworks", "location": "[resourceGroup().location]", "apiVersion": "2019-07-01" }, { "properties": { "allowVirtualNetworkAccess": true, "allowForwardedTraffic": true, "allowGatewayTransit": false, "useRemoteGateways": false, "remoteVirtualNetwork": { "id": "[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]" } }, "name": "rp-vnet/peering-rp-pe-vnet-001", "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2019-07-01", "dependsOn": [ "[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]", "[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]" ], "location": "[resourceGroup().location]" }, { "properties": { "allowVirtualNetworkAccess": true, "allowForwardedTraffic": true, "allowGatewayTransit": false, "useRemoteGateways": false, "remoteVirtualNetwork": { "id": "[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]" } }, "name": "rp-pe-vnet-001/peering-rp-vnet", "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2019-07-01", "dependsOn": [ "[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]", "[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]" ], "location": "[resourceGroup().location]" }, { "kind": "GlobalDocumentDB", "properties": { "consistencyPolicy": { "defaultConsistencyLevel": "Strong" }, "locations": [ { "locationName": "[resourceGroup().location]" } ], "databaseAccountOfferType": "Standard" }, "name": "[parameters('databaseAccountName')]", "type": "Microsoft.DocumentDB/databaseAccounts", "location": "[resourceGroup().location]", "tags": { "defaultExperience": "Core (SQL)" }, "apiVersion": "2019-08-01" }, { "name": "[guid(resourceGroup().id, parameters('rpServicePrincipalId'), 'RP / Reader')]", "type": "Microsoft.Authorization/roleAssignments", "properties": { "scope": "[resourceGroup().id]", "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", "principalId": "[parameters('rpServicePrincipalId')]", "principalType": "ServicePrincipal" }, "apiVersion": "2018-09-01-preview" }, { "name": "[guid(resourceGroup().id, 'FP / Network Contributor')]", "type": "Microsoft.Authorization/roleAssignments", "properties": { "scope": "[resourceGroup().id]", "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", "principalId": "[parameters('fpServicePrincipalId')]", "principalType": "ServicePrincipal" }, "apiVersion": "2018-09-01-preview" }, { "name": "[concat(parameters('databaseAccountName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName')), parameters('rpServicePrincipalId'), 'RP / DocumentDB Account Contributor'))]", "type": "Microsoft.DocumentDB/databaseAccounts/providers/roleAssignments", "properties": { "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]", "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", "principalId": "[parameters('rpServicePrincipalId')]", "principalType": "ServicePrincipal" }, "apiVersion": "2018-09-01-preview", "dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]" ] }, { "name": "[concat(resourceGroup().location, '.', parameters('clusterParentDomainName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.Network/dnsZones', concat(resourceGroup().location, '.', parameters('clusterParentDomainName')), 'FP / DNS Zone Contributor'))]", "type": "Microsoft.Network/dnsZones/providers/roleAssignments", "properties": { "scope": "[resourceId('Microsoft.Network/dnsZones', concat(resourceGroup().location, '.', parameters('clusterParentDomainName')))]", "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", "principalId": "[parameters('fpServicePrincipalId')]", "principalType": "ServicePrincipal" }, "apiVersion": "2018-09-01-preview", "dependsOn": [ "[resourceId('Microsoft.Network/dnsZones', concat(resourceGroup().location, '.', parameters('clusterParentDomainName')))]" ] } ] }