Merge remote-tracking branch 'origin/main' into antmarti/external_res…

…ources

docs/examples/101/front-door-basic/main.bicep

@@ -53,7 +53,7 @@ resource frontDoor 'Microsoft.Network/frontDoors@2020-01-01' = {
               address: backendAddress
               backendHostHeader: backendAddress
               httpPort: 80
-              httpsPort: 442
+              httpsPort: 443
               weight: 50
               priority: 1
               enabledState: 'Enabled'

docs/examples/101/front-door-basic/main.json

@@ -62,7 +62,7 @@
                   "address": "[parameters('backendAddress')]",
                   "backendHostHeader": "[parameters('backendAddress')]",
                   "httpPort": 80,
-                  "httpsPort": 442,
+                  "httpsPort": 443,
                   "weight": 50,
                   "priority": 1,
                   "enabledState": "Enabled"

docs/examples/101/front-door-custom-domain/main.bicep

@@ -62,7 +62,7 @@ resource frontDoor 'Microsoft.Network/frontDoors@2020-01-01' = {
               address: backendAddress
               backendHostHeader: backendAddress
               httpPort: 80
-              httpsPort: 442
+              httpsPort: 443
               weight: 50
               priority: 1
               enabledState: 'Enabled'

docs/examples/101/front-door-custom-domain/main.json

@@ -73,7 +73,7 @@
                   "address": "[parameters('backendAddress')]",
                   "backendHostHeader": "[parameters('backendAddress')]",
                   "httpPort": 80,
-                  "httpsPort": 442,
+                  "httpsPort": 443,
                   "weight": 50,
                   "priority": 1,
                   "enabledState": "Enabled"

docs/examples/101/front-door-redirect/main.bicep

@@ -53,7 +53,7 @@ resource frontDoor 'Microsoft.Network/frontDoors@2020-01-01' = {
               address: backendAddress
               backendHostHeader: backendAddress
               httpPort: 80
-              httpsPort: 442
+              httpsPort: 443
               weight: 50
               priority: 1
               enabledState: 'Enabled'

docs/examples/101/front-door-redirect/main.json

@@ -62,7 +62,7 @@
                   "address": "[parameters('backendAddress')]",
                   "backendHostHeader": "[parameters('backendAddress')]",
                   "httpPort": 80,
-                  "httpsPort": 442,
+                  "httpsPort": 443,
                   "weight": 50,
                   "priority": 1,
                   "enabledState": "Enabled"

docs/examples/301/web-app-managed-identity-sql-db/README.md

@@ -0,0 +1,19 @@
+
+# A common architecture deployed with Bicep
+A common architecture for Azure customers is Web App + Data + Managed Identity + Monitoring.
+
+**How easy it to deploy this with Bicep?**
+1. [Install Bicep CLI and VS Code extension](https://github.com/Azure/bicep/blob/main/docs/installing.md)
+2. Use example from [main.bicep](main.bicep)
+3. Arrange/re-order, update variables and params to your preference
+4. Use the Bicep CLI to run Bicep Build command: ``` Bicep Build ./main.bicep ``` to generate ARM Template (main._json_)
+5. Disregard the warning :warning:: ``` Warning BCP081: Resource type "Microsoft.Web/sites/config@2020-06-01" does not have types available. ```
+   Issue being tracked here: https://github.com/Azure/bicep/issues/657
+6. Create a resource group to deploy to using Azure CLI: ``` az group create --name YOURRESOURCEGROUPNAME --location centralus ```
+7. Deploy ARM template (main.json) to resource group above, using Azure CLI: ``` az deployment group create -f ./main.json -g YOURRESOURCEGROUPNAME ```
+8.  Enter parameters values for sqlAdministratorLogin, sqlAdministratorPassword, and managedIdentityName at command line.
+9.  Wait for deployment to complete
+10. Deployment complete!
+
+Diagram of resources that are deployed:
+![diagram](images/commonArchDiagram.PNG)

docs/examples/301/web-app-managed-identity-sql-db/main.bicep

@@ -0,0 +1,142 @@
+// Simple example to deploy Azure infrastructure for app + data + managed identity + monitoring
+
+// Region for all resources
+param location string = resourceGroup().location
+
+// Web App params
+param skuName string {
+  allowed: [
+    'F1'
+    'D1'
+    'B1'
+    'B2'
+    'B3'
+    'S1'
+    'S2'
+    'S3'
+    'P1'
+    'P2'
+    'P3'
+    'P4'
+  ]
+  default: 'F1'
+}
+param skuCapacity int {
+  minValue: 1
+  default: 1
+}
+
+// Data params
+param sqlAdministratorLogin string
+param sqlAdministratorLoginPassword string {
+  secure: true
+}
+
+// Managed Identity params
+param managedIdentityName string
+param roleDefinitionId string = 'b24988ac-6180-42a0-ab88-20f7382dd24c' //Default as contributor role
+
+// Variables
+var hostingPlanName = 'hostingplan${uniqueString(resourceGroup().id)}'
+var webSiteName = 'webSite${uniqueString(resourceGroup().id)}'
+var sqlserverName = 'sqlserver${uniqueString(resourceGroup().id)}'
+var databaseName = 'sampledb'
+
+// Data resources
+resource sqlserver 'Microsoft.Sql/servers@2019-06-01-preview' = {
+  name: sqlserverName
+  location: location
+  properties: {
+    administratorLogin: sqlAdministratorLogin
+    administratorLoginPassword: sqlAdministratorLoginPassword
+    version: '12.0'
+  }
+}
+
+resource sqlserverName_databaseName 'Microsoft.Sql/servers/databases@2020-08-01-preview' = {
+  name: '${sqlserver.name}/${databaseName}'
+  location: location
+  sku: {
+    name: 'Basic'
+  }
+  properties: {
+    collation: 'SQL_Latin1_General_CP1_CI_AS'
+    maxSizeBytes: 1073741824
+  }
+}
+
+resource sqlserverName_AllowAllWindowsAzureIps 'Microsoft.Sql/servers/firewallRules@2014-04-01' = {
+  name: '${sqlserver.name}/AllowAllWindowsAzureIps'
+  properties: {
+    endIpAddress: '0.0.0.0'
+    startIpAddress: '0.0.0.0'
+  }
+}
+
+// Web App resources
+resource hostingPlan 'Microsoft.Web/serverfarms@2020-06-01' = {
+  name: hostingPlanName
+  location: location
+  sku: {
+    name: skuName
+    capacity: skuCapacity
+  }
+}
+
+resource webSite 'Microsoft.Web/sites@2020-06-01' = {
+  name: webSiteName
+  location: location
+  tags: {
+    'hidden-related:${hostingPlan.id}': 'empty'
+    displayName: 'Website'
+  }
+  properties: {
+    serverFarmId: hostingPlan.id
+  }
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${msi.id}': {}
+    }
+  }
+}
+
+resource webSiteConnectionStrings 'Microsoft.Web/sites/config@2020-06-01' = {
+  name: '${webSite.name}/connectionstrings'
+  properties: {
+    DefaultConnection: {
+      value: 'Data Source=tcp:${sqlserver.properties.fullyQualifiedDomainName},1433;Initial Catalog=${databaseName};User Id=${sqlAdministratorLogin}@${sqlserver.properties.fullyQualifiedDomainName};Password=${sqlAdministratorLoginPassword};'
+      type: 'SQLAzure'
+    }
+  }
+}
+
+// Managed Identity resources
+resource msi 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+resource roleassignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
+  name: guid(roleDefinitionId, resourceGroup().id)
+
+  properties: {
+    principalType: 'ServicePrincipal'
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId)
+    principalId: msi.properties.principalId
+  }
+}
+
+// Monitor
+resource AppInsights_webSiteName 'Microsoft.Insights/components@2018-05-01-preview' = {
+  name: 'AppInsights${webSite.name}'
+  location: location
+  tags: {
+    'hidden-link:${webSite.id}': 'Resource'
+    displayName: 'AppInsightsComponent'
+  }
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+  }
+}

docs/examples/301/web-app-managed-identity-sql-db/main.json

@@ -0,0 +1,178 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "location": {
+      "type": "string",
+      "defaultValue": "[resourceGroup().location]"
+    },
+    "skuName": {
+      "type": "string",
+      "defaultValue": "F1",
+      "allowedValues": [
+        "F1",
+        "D1",
+        "B1",
+        "B2",
+        "B3",
+        "S1",
+        "S2",
+        "S3",
+        "P1",
+        "P2",
+        "P3",
+        "P4"
+      ]
+    },
+    "skuCapacity": {
+      "type": "int",
+      "minValue": 1,
+      "defaultValue": 1
+    },
+    "sqlAdministratorLogin": {
+      "type": "string"
+    },
+    "sqlAdministratorLoginPassword": {
+      "type": "secureString"
+    },
+    "managedIdentityName": {
+      "type": "string"
+    },
+    "roleDefinitionId": {
+      "type": "string",
+      "defaultValue": "b24988ac-6180-42a0-ab88-20f7382dd24c"
+    }
+  },
+  "functions": [],
+  "variables": {
+    "hostingPlanName": "[format('hostingplan{0}', uniqueString(resourceGroup().id))]",
+    "webSiteName": "[format('webSite{0}', uniqueString(resourceGroup().id))]",
+    "sqlserverName": "[format('sqlserver{0}', uniqueString(resourceGroup().id))]",
+    "databaseName": "sampledb"
+  },
+  "resources": [
+    {
+      "type": "Microsoft.Sql/servers",
+      "apiVersion": "2019-06-01-preview",
+      "name": "[variables('sqlserverName')]",
+      "location": "[parameters('location')]",
+      "properties": {
+        "administratorLogin": "[parameters('sqlAdministratorLogin')]",
+        "administratorLoginPassword": "[parameters('sqlAdministratorLoginPassword')]",
+        "version": "12.0"
+      }
+    },
+    {
+      "type": "Microsoft.Sql/servers/databases",
+      "apiVersion": "2020-08-01-preview",
+      "name": "[format('{0}/{1}', variables('sqlserverName'), variables('databaseName'))]",
+      "location": "[parameters('location')]",
+      "sku": {
+        "name": "Basic"
+      },
+      "properties": {
+        "collation": "SQL_Latin1_General_CP1_CI_AS",
+        "maxSizeBytes": 1073741824
+      },
+      "dependsOn": [
+        "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]"
+      ]
+    },
+    {
+      "type": "Microsoft.Sql/servers/firewallRules",
+      "apiVersion": "2014-04-01",
+      "name": "[format('{0}/AllowAllWindowsAzureIps', variables('sqlserverName'))]",
+      "properties": {
+        "endIpAddress": "0.0.0.0",
+        "startIpAddress": "0.0.0.0"
+      },
+      "dependsOn": [
+        "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]"
+      ]
+    },
+    {
+      "type": "Microsoft.Web/serverfarms",
+      "apiVersion": "2020-06-01",
+      "name": "[variables('hostingPlanName')]",
+      "location": "[parameters('location')]",
+      "sku": {
+        "name": "[parameters('skuName')]",
+        "capacity": "[parameters('skuCapacity')]"
+      }
+    },
+    {
+      "type": "Microsoft.Web/sites",
+      "apiVersion": "2020-06-01",
+      "name": "[variables('webSiteName')]",
+      "location": "[parameters('location')]",
+      "tags": {
+        "[format('hidden-related:{0}', resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName')))]": "empty",
+        "displayName": "Website"
+      },
+      "properties": {
+        "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]"
+      },
+      "identity": {
+        "type": "UserAssigned",
+        "userAssignedIdentities": {
+          "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName'))]": {}
+        }
+      },
+      "dependsOn": [
+        "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
+        "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName'))]"
+      ]
+    },
+    {
+      "type": "Microsoft.Web/sites/config",
+      "apiVersion": "2020-06-01",
+      "name": "[format('{0}/connectionstrings', variables('webSiteName'))]",
+      "properties": {
+        "DefaultConnection": {
+          "value": "[format('Data Source=tcp:{0},1433;Initial Catalog={1};User Id={2}@{3};Password={4};', reference(resourceId('Microsoft.Sql/servers', variables('sqlserverName'))).fullyQualifiedDomainName, variables('databaseName'), parameters('sqlAdministratorLogin'), reference(resourceId('Microsoft.Sql/servers', variables('sqlserverName'))).fullyQualifiedDomainName, parameters('sqlAdministratorLoginPassword'))]",
+          "type": "SQLAzure"
+        }
+      },
+      "dependsOn": [
+        "[resourceId('Microsoft.Sql/servers', variables('sqlserverName'))]",
+        "[resourceId('Microsoft.Web/sites', variables('webSiteName'))]"
+      ]
+    },
+    {
+      "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
+      "apiVersion": "2018-11-30",
+      "name": "[parameters('managedIdentityName')]",
+      "location": "[parameters('location')]"
+    },
+    {
+      "type": "Microsoft.Authorization/roleAssignments",
+      "apiVersion": "2020-04-01-preview",
+      "name": "[guid(parameters('roleDefinitionId'), resourceGroup().id)]",
+      "properties": {
+        "principalType": "ServicePrincipal",
+        "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]",
+        "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName'))).principalId]"
+      },
+      "dependsOn": [
+        "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName'))]"
+      ]
+    },
+    {
+      "type": "Microsoft.Insights/components",
+      "apiVersion": "2018-05-01-preview",
+      "name": "[format('AppInsights{0}', variables('webSiteName'))]",
+      "location": "[parameters('location')]",
+      "tags": {
+        "[format('hidden-link:{0}', resourceId('Microsoft.Web/sites', variables('webSiteName')))]": "Resource",
+        "displayName": "AppInsightsComponent"
+      },
+      "kind": "web",
+      "properties": {
+        "Application_Type": "web"
+      },
+      "dependsOn": [
+        "[resourceId('Microsoft.Web/sites', variables('webSiteName'))]"
+      ]
+    }
+  ]
+}