PerfectThymeTech
diff --git a/‎code/infra/data.tf
Lines changed: 16 additions & 0 deletions b/‎code/infra/data.tf
Lines changed: 16 additions & 0 deletions
diff --git a/‎code/infra/function.tf
Lines changed: 133 additions & 0 deletions b/‎code/infra/function.tf
Lines changed: 133 additions & 0 deletions
diff --git a/‎code/infra/keyvault.tf
Lines changed: 80 additions & 0 deletions b/‎code/infra/keyvault.tf
Lines changed: 80 additions & 0 deletions
diff --git a/‎code/infra/locals.tf
Lines changed: 18 additions & 0 deletions b/‎code/infra/locals.tf
Lines changed: 18 additions & 0 deletions
diff --git a/‎code/infra/logging.tf
Lines changed: 103 additions & 0 deletions b/‎code/infra/logging.tf
Lines changed: 103 additions & 0 deletions
diff --git a/‎code/infra/main.tf
Lines changed: 11 additions & 0 deletions b/‎code/infra/main.tf
Lines changed: 11 additions & 0 deletions
@@ -0,0 +1,16 @@
+data "azurerm_client_config" "current" {}
+
+data "azurerm_virtual_network" "virtual_network" {
+  name                = local.virtual_network.name
+  resource_group_name = local.virtual_network.resource_group_name
+}
+
+data "azurerm_network_security_group" "network_security_group" {
+  name                = local.network_security_group.name
+  resource_group_name = local.network_security_group.resource_group_name
+}
+
+data "azurerm_route_table" "route_table" {
+  name                = local.route_table.name
+  resource_group_name = local.route_table.resource_group_name
+}
@@ -0,0 +1,133 @@
+resource "azurerm_service_plan" "service_plan" {
+  name                = "${local.prefix}-asp001"
+  location            = var.location
+  resource_group_name = azurerm_resource_group.app_rg.name
+  tags                = var.tags
+
+  # maximum_elastic_worker_count = 20
+  os_type                  = "Linux"
+  per_site_scaling_enabled = false
+  sku_name                 = "P1v3"
+  worker_count             = 3
+  zone_balancing_enabled   = true
+}
+
+resource "azapi_resource" "function" {
+  type      = "Microsoft.Web/sites@2022-09-01"
+  parent_id = azurerm_resource_group.app_rg.id
+  name      = "${local.prefix}-fctn001"
+  location  = var.location
+  tags      = var.tags
+  identity {
+    type = "SystemAssigned"
+  }
+
+  body = jsonencode({
+    kind = "functionapp,linux"
+    properties = {
+      clientAffinityEnabled     = false
+      clientCertEnabled         = false
+      clientCertMode            = "Required"
+      enabled                   = true
+      hostNamesDisabled         = false
+      httpsOnly                 = true
+      hyperV                    = false
+      isXenon                   = false
+      keyVaultReferenceIdentity = "SystemAssigned"
+      publicNetworkAccess       = "Disabled"
+      redundancyMode            = "None"
+      reserved                  = true
+      scmSiteAlsoStopped        = false
+      serverFarmId              = azurerm_service_plan.service_plan.id
+      storageAccountRequired    = false
+      virtualNetworkSubnetId    = azapi_resource.subnet_function.id
+      siteConfig = {
+        autoHealEnabled            = false
+        acrUseManagedIdentityCreds = false
+        alwaysOn                   = true
+        appSettings = [
+          {
+            name  = "APPLICATIONINSIGHTS_CONNECTION_STRING"
+            value = azurerm_application_insights.application_insights.connection_string
+          },
+          {
+            name  = "APPINSIGHTS_INSTRUMENTATIONKEY"
+            value = azurerm_application_insights.application_insights.instrumentation_key
+          },
+          {
+            name  = "FUNCTIONS_EXTENSION_VERSION"
+            value = "~4"
+          },
+          {
+            name  = "FUNCTIONS_WORKER_RUNTIME"
+            value = "python"
+          },
+          {
+            name  = "WEBSITE_CONTENTOVERVNET"
+            value = "1"
+          },
+          {
+            name  = "AzureWebJobsStorage__accountName"
+            value = azurerm_storage_account.storage.name
+          }
+        ]
+        azureStorageAccounts                   = {}
+        detailedErrorLoggingEnabled            = true
+        functionAppScaleLimit                  = 0
+        functionsRuntimeScaleMonitoringEnabled = false
+        ftpsState                              = "FtpsOnly"
+        http20Enabled                          = false
+        ipSecurityRestrictionsDefaultAction    = "Deny"
+        linuxFxVersion                         = "Python|3.10"
+        localMySqlEnabled                      = false
+        loadBalancing                          = "LeastRequests"
+        minTlsVersion                          = "1.2"
+        minimumElasticInstanceCount            = 0
+        numberOfWorkers                        = 1
+        preWarmedInstanceCount                 = 0
+        scmMinTlsVersion                       = "1.2"
+        scmIpSecurityRestrictionsUseMain       = false
+        scmIpSecurityRestrictionsDefaultAction = "Deny"
+        use32BitWorkerProcess                  = true
+        vnetRouteAllEnabled                    = true
+        vnetPrivatePortsCount                  = 0
+        webSocketsEnabled                      = false
+      }
+    }
+  })
+}
+
+data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_function" {
+  resource_id = azapi_resource.function.id
+}
+
+resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_function" {
+  name                       = "logAnalytics"
+  target_resource_id         = azapi_resource.function.id
+  log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id
+
+  dynamic "enabled_log" {
+    iterator = entry
+    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_function.log_category_groups
+    content {
+      category_group = entry.value
+      retention_policy {
+        enabled = true
+        days    = 30
+      }
+    }
+  }
+
+  dynamic "metric" {
+    iterator = entry
+    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_function.metrics
+    content {
+      category = entry.value
+      enabled  = true
+      retention_policy {
+        enabled = true
+        days    = 30
+      }
+    }
+  }
+}
@@ -0,0 +1,80 @@
+resource "azurerm_key_vault" "key_vault" {
+  name                = "${local.prefix}-vault001"
+  location            = var.location
+  resource_group_name = azurerm_resource_group.app_rg.name
+  tags                = var.tags
+
+  access_policy                   = []
+  enable_rbac_authorization       = true
+  enabled_for_deployment          = false
+  enabled_for_disk_encryption     = false
+  enabled_for_template_deployment = false
+  network_acls {
+    bypass                     = "AzureServices"
+    default_action             = "Deny"
+    ip_rules                   = []
+    virtual_network_subnet_ids = []
+  }
+  public_network_access_enabled = false
+  purge_protection_enabled      = true
+  sku_name                      = "standard"
+  soft_delete_retention_days    = 7
+  tenant_id                     = data.azurerm_client_config.current.tenant_id
+}
+
+data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_key_vault" {
+  resource_id = azurerm_key_vault.key_vault.id
+}
+
+resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_key_vault" {
+  name                       = "logAnalytics"
+  target_resource_id         = azurerm_key_vault.key_vault.id
+  log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id
+
+  dynamic "enabled_log" {
+    iterator = entry
+    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_key_vault.log_category_groups
+    content {
+      category_group = entry.value
+      retention_policy {
+        enabled = true
+        days    = 30
+      }
+    }
+  }
+
+  dynamic "metric" {
+    iterator = entry
+    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_key_vault.metrics
+    content {
+      category = entry.value
+      enabled  = true
+      retention_policy {
+        enabled = true
+        days    = 30
+      }
+    }
+  }
+}
+
+resource "azurerm_private_endpoint" "key_vault_private_endpoint" {
+  name                = "${azurerm_key_vault.key_vault.name}-pe"
+  location            = var.location
+  resource_group_name = azurerm_key_vault.key_vault.resource_group_name
+  tags                = var.tags
+
+  custom_network_interface_name = "${azurerm_key_vault.key_vault.name}-nic"
+  private_service_connection {
+    name                           = "${azurerm_key_vault.key_vault.name}-pe"
+    is_manual_connection           = false
+    private_connection_resource_id = azurerm_key_vault.key_vault.id
+    subresource_names              = ["vault"]
+  }
+  subnet_id = azapi_resource.subnet_services.id
+  private_dns_zone_group {
+    name = "${azurerm_key_vault.key_vault.name}-arecord"
+    private_dns_zone_ids = [
+      var.private_dns_zone_id_key_vault
+    ]
+  }
+}
@@ -0,0 +1,18 @@
+locals {
+  prefix = "${lower(var.prefix)}-${var.environment}"
+
+  virtual_network = {
+    resource_group_name = split("/", var.vnet_id)[4]
+    name                = split("/", var.vnet_id)[8]
+  }
+
+  network_security_group = {
+    resource_group_name = split("/", var.nsg_id)[4]
+    name                = split("/", var.nsg_id)[8]
+  }
+
+  route_table = {
+    resource_group_name = split("/", var.route_table_id)[4]
+    name                = split("/", var.route_table_id)[8]
+  }
+}
@@ -0,0 +1,103 @@
+resource "azurerm_application_insights" "application_insights" {
+  name                = "${local.prefix}-appi001"
+  location            = var.location
+  resource_group_name = azurerm_resource_group.logging_rg.name
+  tags                = var.tags
+
+  application_type                      = "other"
+  daily_data_cap_notifications_disabled = false
+  disable_ip_masking                    = false
+  force_customer_storage_for_profiler   = false
+  internet_ingestion_enabled            = true
+  internet_query_enabled                = true
+  local_authentication_disabled         = true
+  retention_in_days                     = 90
+  sampling_percentage                   = 100
+  workspace_id                          = azurerm_log_analytics_workspace.log_analytics_workspace.id
+}
+
+data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_application_insights" {
+  resource_id = azurerm_application_insights.application_insights.id
+}
+
+resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_application_insights" {
+  name                       = "logAnalytics"
+  target_resource_id         = azurerm_application_insights.application_insights.id
+  log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id
+
+  dynamic "enabled_log" {
+    iterator = entry
+    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_application_insights.log_category_groups
+    content {
+      category_group = entry.value
+      retention_policy {
+        enabled = true
+        days    = 30
+      }
+    }
+  }
+
+  dynamic "metric" {
+    iterator = entry
+    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_application_insights.metrics
+    content {
+      category = entry.value
+      enabled  = true
+      retention_policy {
+        enabled = true
+        days    = 30
+      }
+    }
+  }
+}
+
+resource "azurerm_log_analytics_workspace" "log_analytics_workspace" {
+  name                = "${local.prefix}-log001"
+  location            = var.location
+  resource_group_name = azurerm_resource_group.logging_rg.name
+  tags                = var.tags
+
+  allow_resource_only_permissions = true
+  cmk_for_query_forced            = false
+  daily_quota_gb                  = -1
+  internet_ingestion_enabled      = true
+  internet_query_enabled          = true
+  local_authentication_disabled   = true
+  retention_in_days               = 30
+  sku                             = "PerGB2018"
+}
+
+data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_log_analytics_workspace" {
+  resource_id = azurerm_log_analytics_workspace.log_analytics_workspace.id
+}
+
+resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_log_analytics_workspace" {
+  name                       = "logAnalytics"
+  target_resource_id         = azurerm_log_analytics_workspace.log_analytics_workspace.id
+  log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id
+
+  dynamic "enabled_log" {
+    iterator = entry
+    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_log_analytics_workspace.log_category_groups
+    content {
+      category_group = entry.value
+      retention_policy {
+        enabled = true
+        days    = 30
+      }
+    }
+  }
+
+  dynamic "metric" {
+    iterator = entry
+    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_log_analytics_workspace.metrics
+    content {
+      category = entry.value
+      enabled  = true
+      retention_policy {
+        enabled = true
+        days    = 30
+      }
+    }
+  }
+}
@@ -0,0 +1,11 @@
+resource "azurerm_resource_group" "app_rg" {
+  name     = "${local.prefix}-app-rg"
+  location = var.location
+  tags     = var.tags
+}
+
+resource "azurerm_resource_group" "logging_rg" {
+  name     = "${local.prefix}-logging-rg"
+  location = var.location
+  tags     = var.tags
+}