Skip to content

Commit 469dbe9

Browse files
committed
Upgrade to v4 of azurerm
1 parent 1999e74 commit 469dbe9

13 files changed

+207
-514
lines changed

code/infra/alerts.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
resource "azurerm_monitor_activity_log_alert" "monitor_activity_log_alert_service_health" {
22
name = "${local.prefix}-alert-servicehealth"
3+
location = var.location
34
resource_group_name = azurerm_resource_group.logging_rg.name
45
tags = var.tags
56

code/infra/applicationinsights.tf

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
module "application_insights" {
2+
source = "github.com/PerfectThymeTech/terraform-azurerm-modules//modules/applicationinsights?ref=main"
3+
providers = {
4+
azurerm = azurerm
5+
}
6+
7+
location = var.location
8+
resource_group_name = azurerm_resource_group.logging_rg.name
9+
tags = var.tags
10+
application_insights_name = "${local.prefix}-appi001"
11+
application_insights_application_type = "other"
12+
application_insights_log_analytics_workspace_id = var.log_analytics_workspace_id
13+
diagnostics_configurations = {} # local.diagnostics_configurations # Disabled to avoid duplicate logs in LAW and App Insights
14+
}

code/infra/appserviceplan.tf

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
module "app_service_plan" {
2+
source = "github.com/PerfectThymeTech/terraform-azurerm-modules//modules/appserviceplan?ref=main"
3+
providers = {
4+
azurerm = azurerm
5+
}
6+
7+
location = var.location
8+
resource_group_name = azurerm_resource_group.app_rg.name
9+
tags = var.tags
10+
service_plan_name = "${local.prefix}-asp001"
11+
service_plan_maximum_elastic_worker_count = null
12+
service_plan_os_type = "Linux"
13+
service_plan_per_site_scaling_enabled = false
14+
service_plan_sku_name = var.function_sku
15+
service_plan_worker_count = 1 # Update to '3' for production
16+
service_plan_zone_balancing_enabled = false # Update to 'true' for production
17+
diagnostics_configurations = local.diagnostics_configurations
18+
}

code/infra/function.tf

Lines changed: 8 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -1,44 +1,3 @@
1-
resource "azurerm_service_plan" "service_plan" {
2-
name = "${local.prefix}-asp001"
3-
location = var.location
4-
resource_group_name = azurerm_resource_group.app_rg.name
5-
tags = var.tags
6-
7-
# maximum_elastic_worker_count = 20
8-
os_type = "Linux"
9-
per_site_scaling_enabled = false
10-
sku_name = var.function_sku
11-
worker_count = 1 # Update to '3' for production
12-
zone_balancing_enabled = false # Update to 'true' for production
13-
}
14-
15-
data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_service_plan" {
16-
resource_id = azurerm_service_plan.service_plan.id
17-
}
18-
19-
resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_service_plan" {
20-
name = "logAnalytics"
21-
target_resource_id = azurerm_service_plan.service_plan.id
22-
log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id
23-
24-
dynamic "enabled_log" {
25-
iterator = entry
26-
for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_service_plan.log_category_groups
27-
content {
28-
category_group = entry.value
29-
}
30-
}
31-
32-
dynamic "metric" {
33-
iterator = entry
34-
for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_service_plan.metrics
35-
content {
36-
category = entry.value
37-
enabled = true
38-
}
39-
}
40-
}
41-
421
resource "azapi_resource" "function" {
432
type = "Microsoft.Web/sites@2022-09-01"
443
parent_id = azurerm_resource_group.app_rg.id
@@ -65,7 +24,7 @@ resource "azapi_resource" "function" {
6524
redundancyMode = "None"
6625
reserved = true
6726
scmSiteAlsoStopped = true
68-
serverFarmId = azurerm_service_plan.service_plan.id
27+
serverFarmId = module.app_service_plan.service_plan_id
6928
storageAccountRequired = false
7029
vnetContentShareEnabled = true
7130
vnetImagePullEnabled = false # Set to 'true' when pulling image from private Azure Container Registry
@@ -91,7 +50,7 @@ resource "azapi_resource" "function" {
9150
appSettings = [
9251
{
9352
name = "APPLICATIONINSIGHTS_CONNECTION_STRING"
94-
value = azurerm_application_insights.application_insights.connection_string
53+
value = module.application_insights.application_insights_connection_string
9554
},
9655
{
9756
name = "AZURE_SDK_TRACING_IMPLEMENTATION"
@@ -123,23 +82,23 @@ resource "azapi_resource" "function" {
12382
},
12483
{
12584
name = "WEBSITE_OS_TYPE"
126-
value = azurerm_service_plan.service_plan.os_type
85+
value = module.app_service_plan.service_plan_os_type
12786
},
12887
{
12988
name = "WEBSITE_RUN_FROM_PACKAGE"
13089
value = "0"
13190
},
13291
{
13392
name = "AzureWebJobsStorage__accountName"
134-
value = azurerm_storage_account.storage.name
93+
value = module.storage_account.storage_account_name
13594
},
13695
{
13796
name = "AzureWebJobsSecretStorageType"
13897
value = "keyvault"
13998
},
14099
{
141100
name = "AzureWebJobsSecretStorageKeyVaultUri"
142-
value = azurerm_key_vault.key_vault.vault_uri
101+
value = module.key_vault.key_vault_uri
143102
},
144103
{
145104
name = "WEBSITES_ENABLE_APP_SERVICE_STORAGE" # Disable when not running a container
@@ -219,11 +178,8 @@ resource "azapi_resource" "function" {
219178
# "properties.siteConfig.appSettings"
220179
# ]
221180
depends_on = [
222-
azurerm_private_endpoint.key_vault_private_endpoint,
223-
azurerm_private_endpoint.storage_private_endpoint_blob,
224-
azurerm_private_endpoint.storage_private_endpoint_file,
225-
azurerm_private_endpoint.storage_private_endpoint_queue,
226-
azurerm_private_endpoint.storage_private_endpoint_table,
181+
module.key_vault.key_vault_setup_completed,
182+
module.storage_account.storage_setup_completed,
227183
]
228184
}
229185

@@ -267,7 +223,7 @@ resource "azurerm_private_endpoint" "function_private_endpoint" {
267223
private_connection_resource_id = azapi_resource.function.id
268224
subresource_names = ["sites"]
269225
}
270-
subnet_id = azapi_resource.subnet_services.id
226+
subnet_id = azapi_resource.subnet_private_endpoints.id
271227
private_dns_zone_group {
272228
name = "${azapi_resource.function.name}-arecord"
273229
private_dns_zone_ids = [

code/infra/keyvault.tf

Lines changed: 18 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -1,85 +1,30 @@
1-
resource "azurerm_key_vault" "key_vault" {
2-
name = "${local.prefix}-vault001"
3-
location = var.location
4-
resource_group_name = azurerm_resource_group.app_rg.name
5-
tags = var.tags
6-
7-
access_policy = []
8-
enable_rbac_authorization = true
9-
enabled_for_deployment = false
10-
enabled_for_disk_encryption = false
11-
enabled_for_template_deployment = false
12-
network_acls {
13-
bypass = "AzureServices"
14-
default_action = "Deny"
15-
ip_rules = []
16-
virtual_network_subnet_ids = []
1+
module "key_vault" {
2+
source = "github.com/PerfectThymeTech/terraform-azurerm-modules//modules/keyvault?ref=main"
3+
providers = {
4+
azurerm = azurerm
5+
time = time
176
}
18-
public_network_access_enabled = false
19-
purge_protection_enabled = true
20-
sku_name = "standard"
21-
soft_delete_retention_days = 7
22-
tenant_id = data.azurerm_client_config.current.tenant_id
7+
8+
location = var.location
9+
resource_group_name = azurerm_resource_group.app_rg.name
10+
tags = var.tags
11+
key_vault_name = "${local.prefix}-kv001"
12+
key_vault_sku_name = "standard"
13+
key_vault_soft_delete_retention_days = 7
14+
diagnostics_configurations = local.diagnostics_configurations
15+
subnet_id = azapi_resource.subnet_private_endpoints.id
16+
connectivity_delay_in_seconds = var.connectivity_delay_in_seconds
17+
private_dns_zone_id_vault = var.private_dns_zone_id_key_vault
2318
}
2419

2520
resource "azurerm_key_vault_secret" "key_vault_secret_sample" {
2621
name = "MySampleSecret"
27-
key_vault_id = azurerm_key_vault.key_vault.id
22+
key_vault_id = module.key_vault.key_vault_id
2823

2924
content_type = "text/plain"
3025
value = var.my_secret
3126

3227
depends_on = [
33-
azurerm_role_assignment.current_role_assignment_key_vault,
34-
azurerm_private_endpoint.key_vault_private_endpoint
28+
module.key_vault.key_vault_setup_completed,
3529
]
3630
}
37-
38-
data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_key_vault" {
39-
resource_id = azurerm_key_vault.key_vault.id
40-
}
41-
42-
resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_key_vault" {
43-
name = "logAnalytics"
44-
target_resource_id = azurerm_key_vault.key_vault.id
45-
log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id
46-
47-
dynamic "enabled_log" {
48-
iterator = entry
49-
for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_key_vault.log_category_groups
50-
content {
51-
category_group = entry.value
52-
}
53-
}
54-
55-
dynamic "metric" {
56-
iterator = entry
57-
for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_key_vault.metrics
58-
content {
59-
category = entry.value
60-
enabled = true
61-
}
62-
}
63-
}
64-
65-
resource "azurerm_private_endpoint" "key_vault_private_endpoint" {
66-
name = "${azurerm_key_vault.key_vault.name}-pe"
67-
location = var.location
68-
resource_group_name = azurerm_key_vault.key_vault.resource_group_name
69-
tags = var.tags
70-
71-
custom_network_interface_name = "${azurerm_key_vault.key_vault.name}-nic"
72-
private_service_connection {
73-
name = "${azurerm_key_vault.key_vault.name}-pe"
74-
is_manual_connection = false
75-
private_connection_resource_id = azurerm_key_vault.key_vault.id
76-
subresource_names = ["vault"]
77-
}
78-
subnet_id = azapi_resource.subnet_services.id
79-
private_dns_zone_group {
80-
name = "${azurerm_key_vault.key_vault.name}-arecord"
81-
private_dns_zone_ids = [
82-
var.private_dns_zone_id_key_vault
83-
]
84-
}
85-
}

code/infra/locals.tf

Lines changed: 23 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,39 @@
11
locals {
2+
# General locals
23
prefix = "${lower(var.prefix)}-${var.environment}"
4+
resource_providers_to_register = [
5+
"Microsoft.Authorization",
6+
"Microsoft.Insights",
7+
"Microsoft.KeyVault",
8+
"Microsoft.ManagedIdentity",
9+
"Microsoft.Network",
10+
"Microsoft.Resources",
11+
"Microsoft.Storage",
12+
"Microsoft.Web",
13+
]
314

15+
# Resource locals
416
virtual_network = {
517
resource_group_name = split("/", var.vnet_id)[4]
618
name = split("/", var.vnet_id)[8]
719
}
8-
920
network_security_group = {
1021
resource_group_name = split("/", var.nsg_id)[4]
1122
name = split("/", var.nsg_id)[8]
1223
}
13-
1424
route_table = {
1525
resource_group_name = split("/", var.route_table_id)[4]
1626
name = split("/", var.route_table_id)[8]
1727
}
28+
29+
# Logging locals
30+
diagnostics_configurations = [
31+
{
32+
log_analytics_workspace_id = var.log_analytics_workspace_id
33+
storage_account_id = ""
34+
}
35+
]
36+
37+
# CMK locals
38+
customer_managed_key = null
1839
}

0 commit comments

Comments
 (0)