uk-official-paas-webapp/azuredeploy.json

{
  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "baseResourceName": {
      "type": "string",
      "metadata": {
        "description": "Name of the resource"
      },
      "maxLength": 15,
      "defaultValue": "[uniqueString(resourceGroup().id)]"
    },
    "appServiceResourceGroup": {
      "type": "string",
      "metadata": {
        "description": "Name of the Resource Group to deploy the App Services to, defaults to the current resource group for the deployment"
      },
      "defaultValue": "[resourceGroup().name]"
    },
    "keyVaultResourceGroup": {
      "type": "string",
      "metadata": {
        "description": "Name of the Resource Group to deploy the Key Vaults to, defaults to the current resource group for the deployment"
      },
      "defaultValue": "[resourceGroup().name]"
    },
    "storageResourceGroup": {
      "type": "string",
      "metadata": {
        "description": "Name of the Resource Group to deploy the storage accounts & log analytics workspaces for diagnostics and Customer assets defaults to the current resource group for the deployment"
      },
      "defaultValue": "[resourceGroup().name]"
    },
    "azureSQLResourceGroup": {
      "type": "string",
      "metadata": {
        "description": "Name of the Resource Group to deploy the SQL Server to, defaults to the current resource group for the deployment"
      },
      "defaultValue": "[resourceGroup().name]"
    },
    "LogsWorkspaceLocation": {
      "type": "string",
      "allowedValues": [
        "eastus",
        "westeurope",
        "southeastasia",
        "australiasoutheast",
        "westcentralus",
        "japaneast",
        "uksouth",
        "centralindia",
        "canadacentral"
      ],
      "defaultValue": "westeurope",
      "metadata": {
        "description": "The Azure region the Logs Workspace will be deployed to"
      }
    },
    "LogAnalyticsSKU": {
      "type": "string",
      "defaultValue": "pergb2018",
      "allowedValues": [
        "Free",
        "pergb2018"
      ],
      "metadata": {
        "description": "The pricing tier of the Log Analytics workspace.  New workspaces should be ok 'pergb2018', some subscritpions may require 'Free' please see http://aka.ms/PricingTierWarning"
      }
    },
    "databaseServerName": {
      "type": "string",
      "metadata": {
        "description": "The name of the database server to provision"
      },
      "defaultValue": "[concat('svr-', uniqueString(resourceGroup().id))]"
    },
    "sqlServerAdminPassword": {
      "type": "securestring",
      "metadata": {
        "description": "The password for administering the SQL Server, this should be at least 8 characters and a mix of case and numerics - please see https://docs.microsoft.com/en-us/sql/relational-databases/security/strong-passwords?view=sql-server-2017 for more details."
      }
    },
    "useAADForSQLAdmin": {
      "type": "string",
      "allowedValues": [
        "Yes",
        "No"
      ],
      "defaultValue": "No",
      "metadata": {
        "description": "Should the deployed Azure SQL Server have an Azure Active Directory based user / group configured as an Administrator"
      }
    },
    "AADAdminLogin": {
      "type": "string",
      "metadata": {
        "description": "The Login ID for the Azure Active Directory user or group to be a server admin"
      },
      "defaultValue": "ignore"
    },
    "AADAdminObjectID": {
      "type": "string",
      "metadata": {
        "description": "The Object ID for the Azure Active Directory user or group to be a server admin"
      },
      "defaultValue": "ignore"
    },
    "AlertSendToEmailAddress": {
      "type": "string",
      "metadata": {
        "description": "Custom Email Address for alerts"
      },
      "defaultValue": null
    }
  },
  "functions": [
    {
      "namespace": "contoso",
      "members": {
        "resourceName": {
          "parameters": [
            {
              "name": "resourceId",
              "type": "string"
            }
          ],
          "output": {
            "type": "string",
            "value": "[last(split(parameters('resourceId'),'/'))]"
          }
        }
      }
    }
  ],
  "variables": {
    "templateBaseUrl": "https://raw.githubusercontent.com/Azure/uk-official-paas-webapp/master/",
    "appServiceTemplateUrl": "[concat(variables('templateBaseUrl'), 'Microsoft.Web/deployAppService.json')]",
    "storageAccountTemplateUrl": "[concat(variables('templateBaseUrl'), 'Microsoft.Storage/deployStorageAccount.json')]",
    "azureSQLTemplateUrl": "[concat(variables('templateBaseUrl'), 'Microsoft.SQL/deployAzureSQLPaaS.json')]",
    "azureKeyVaultTemplateUrl": "[concat(variables('templateBaseUrl'), 'Microsoft.KeyVault/deployKeyVault.json')]",
    "logAnalyticsTemplateUrl": "[concat(variables('templateBaseUrl'), 'Microsoft.OperationalInsights/deployLogAnalytics.json')]",
    "storageAccountBaseName": "[uniqueString(resourceGroup().id)]"
  },
  "resources": [
    {
      "apiVersion": "2017-05-10",
      "name": "pid-8286eaf5-74c6-4ddc-85cb-51f67af6a795",
      "type": "Microsoft.Resources/deployments",
      "properties": {
        "mode": "Incremental",
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "resources": []
        }
      }
    },    
    {
      "apiVersion": "2017-05-10",
      "name": "deployLogAnalyticsWorkspace",
      "type": "Microsoft.Resources/deployments",
      "resourceGroup": "[parameters('storageResourceGroup')]",
      "properties": {
        "mode": "Incremental",
        "templateLink": {
          "uri": "[variables('logAnalyticsTemplateUrl')]",
          "contentVersion": "1.0.0.0"

        },
        "parameters": {
          "logAnalyticsSKU": {
            "value": "[parameters('logAnalyticsSKU')]"
          }
        }
      }
    },
    {
      "apiVersion": "2017-05-10",
      "name": "deployStorageAccountForDiagnositics",
      "type": "Microsoft.Resources/deployments",
      "resourceGroup": "[parameters('storageResourceGroup')]",
      "properties": {
        "mode": "Incremental",
        "templateLink": {
          "uri": "[variables('storageAccountTemplateUrl')]",
          "contentVersion": "1.0.0.0"
        },
        "parameters": {
          "storageAccountName": {
            "value": "[concat('diags',variables('storageAccountBaseName'))]"
          }
        }
      }
    },
    {
      "apiVersion": "2017-05-10",
      "name": "deployStorageAccountForCustomerAssets",
      "type": "Microsoft.Resources/deployments",
      "resourceGroup": "[parameters('storageResourceGroup')]",
      "properties": {
        "mode": "Incremental",
        "templateLink": {
          "uri": "[variables('storageAccountTemplateUrl')]",
          "contentVersion": "1.0.0.0"
        },
        "parameters": {
          "storageAccountName": {
            "value": "[concat('cust',variables('storageAccountBaseName'))]"
          }
        }
      }
    },
    {
      "apiVersion": "2017-05-10",
      "name": "deployCustomerSite",
      "type": "Microsoft.Resources/deployments",
      "resourceGroup": "[parameters('appServiceResourceGroup')]",
      "properties": {
        "mode": "Incremental",
        "templateLink": {
          "uri": "[variables('appServiceTemplateUrl')]",
          "contentVersion": "1.0.0.0"
        },
        "parameters": {
          "appName": {
            "value": "[concat(parameters('baseResourceName'),'-Customer')]"
          },
          "appServiceKind": {
            "value": "app"
          },
          "allowedIPAddresses": {
            "value": [{}]
          },
          "workspaceId": {
            "value": "[reference('deployLogAnalyticsWorkspace').outputs.workspaceId.value]"
          },
          "storageAccountId": {
            "value": "[reference('deployStorageAccountForDiagnositics').outputs.storageAccountId.value]"
          }
        }
      }
    },
    {
      "apiVersion": "2017-05-10",
      "name": "deployOperatorSite",
      "type": "Microsoft.Resources/deployments",
      "resourceGroup": "[parameters('appServiceResourceGroup')]",
      "properties": {
        "mode": "Incremental",
        "templateLink": {
          "uri": "[variables('appServiceTemplateUrl')]",
          "contentVersion": "1.0.0.0"
        },
        "parameters": {
          "appName": {
            "value": "[concat(parameters('baseResourceName'),'-Operator')]"
          },
          "appServiceKind": {
            "value": "app"
          },
          "allowedIPAddresses": {
            "value": [{}]
          },
          "workspaceId": {
            "value": "[reference('deployLogAnalyticsWorkspace').outputs.workspaceId.value]"
          },
          "storageAccountId": {
            "value": "[reference('deployStorageAccountForDiagnositics').outputs.storageAccountId.value]"
          }
        }
      }
    },
    {
      "apiVersion": "2017-05-10",
      "name": "deployAPISite",
      "type": "Microsoft.Resources/deployments",
      "resourceGroup": "[parameters('appServiceResourceGroup')]",
      "properties": {
        "mode": "Incremental",
        "templateLink": {
          "uri": "[variables('appServiceTemplateUrl')]",
          "contentVersion": "1.0.0.0"
        },
        "parameters": {
          "appName": {
            "value": "[concat(parameters('baseResourceName'),'-API')]"
          },
          "appServiceKind": {
            "value": "api"
          },
          "allowedIPAddresses": {
            "value": [{}]
          },
          "workspaceId": {
            "value": "[reference('deployLogAnalyticsWorkspace').outputs.workspaceId.value]"
          },
          "storageAccountId": {
            "value": "[reference('deployStorageAccountForDiagnositics').outputs.storageAccountId.value]"
          }
        }
      }
    },
    {
      "apiVersion": "2017-05-10",
      "name": "deployKeyVaultForCustomerAssetsSecretsManagement",
      "type": "Microsoft.Resources/deployments",
      "resourceGroup": "[parameters('keyVaultResourceGroup')]",
      "dependsOn": [
        "deployStorageAccountForCustomerAssets"
      ],
      "properties": {
        "mode": "Incremental",
        "templateLink": {
          "uri": "[variables('azureKeyVaultTemplateUrl')]",
          "contentVersion": "1.0.0.0"
        },
        "parameters": {
          "vaultNameSuffix": {
            "value": "cust"
          },
          "storageAccountId": {
            "value": "[reference('deployStorageAccountForDiagnositics').outputs.storageAccountId.value]"
          },
          "workspaceId": {
            "value": "[reference('deployLogAnalyticsWorkspace').outputs.workspaceId.value]"
          },
          "accessPolicies": {
            "value": [{
              "tenantId": "[reference('deployCustomerSite').outputs.appServiceMSITenantId.value]",
              "objectId": "[reference('deployCustomerSite').outputs.appServiceMSIObjectId.value]",
              "permissions": {
                "keys": [
                  "get"
                ],
                "secrets": [
                  "get"
                ]
              }
            }]
          },
          "secretsAndKeys": {
            "value": [{
              "type": "secrets",
              "name": "blobkey",
              "apiVersion": "2015-06-01",
              "properties": {
                "value": "123"
              }
            }]
          }
        }
      }
    },
    {
      "apiVersion": "2017-05-10",
      "name": "deployAzureSQLDatabase",
      "type": "Microsoft.Resources/deployments",
      "resourceGroup": "[parameters('azureSQLResourceGroup')]",
      "properties": {
        "mode": "Incremental",
        "templateLink": {
          "uri": "[variables('azureSQLTemplateUrl')]",
          "contentVersion": "1.0.0.0"
        },
        "parameters": {
          "storageAccountId": {
            "value": "[reference('deployStorageAccountForDiagnositics').outputs.storageAccountId.value]"
          },
          "databaseServerName": {
            "value": "[parameters('databaseServerName')]"
          },
          "sqlServerAdminPassword": {
            "value": "[parameters('sqlServerAdminPassword')]"
          },
          "AlertSendToEmailAddress": {
            "value": "[parameters('AlertSendToEmailAddress')]"
          },
          "useAADForSQLAdmin": {
            "value": "[parameters('useAADForSQLAdmin')]"
          },
          "AADAdminLogin": {
            "value": "[parameters('AADAdminLogin')]"
          },
          "AADAdminObjectId": {
            "value": "[parameters('AADAdminObjectID')]"
          },
          "workspaceId": {
            "value": "[reference('deployLogAnalyticsWorkspace').outputs.workspaceId.value]"
          }
        }
      }
    },
    {
      "apiVersion": "2017-05-10",
      "name": "deployKeyVaultForSQLServerSecretsManagement",
      "type": "Microsoft.Resources/deployments",
      "resourceGroup": "[parameters('keyVaultResourceGroup')]",
      "dependsOn": [
        "deployAzureSQLDatabase"
      ],
      "properties": {
        "mode": "Incremental",
        "templateLink": {
          "uri": "[variables('azureKeyVaultTemplateUrl')]",
          "contentVersion": "1.0.0.0"
        },
        "parameters": {
          "vaultNameSuffix": {
            "value": "sql"
          },
          "storageAccountId": {
            "value": "[reference('deployStorageAccountForDiagnositics').outputs.storageAccountId.value]"
          },
          "workspaceId": {
            "value": "[reference('deployLogAnalyticsWorkspace').outputs.workspaceId.value]"
          },
          "accessPolicies": {
            "value": [{
              "tenantId": "[reference('deployAzureSQLDatabase').outputs.azureSQLPaaSMSITenantId.value]",
              "objectId": "[reference('deployAzureSQLDatabase').outputs.azureSQLPaaSMSIObjectId.value]",
              "permissions": {
                "keys": [
                  "get",
                  "wrapKey",
                  "unwrapKey"
                ],
                "secrets": []
              }
            }
          ]
          },
          "secretsAndKeys": {
            "value": [{
              "type": "secrets",
              "name": "[concat(parameters('databaseServerName'),'-admin')]",
              "apiVersion": "2015-06-01",
              "properties": {
                "value": "[parameters('sqlServerAdminPassword')]"
              }
            }]
          }
        }
      }
    }
  ]
}