Switching Azure Cache for Redis to Azure Manged Redis

robertopc1 · robertopc1 · commit 6ab5431224f5 · 2025-11-07T12:49:37.000-05:00
diff --git a/README.md b/README.md
@@ -195,7 +195,7 @@ App Service Environment must always be deployed in its own subnet in the enterpr
     echo $JUMPBOX_SUBNET_NAME
    ```
 
-### 8. Deploy services: cosmos, sql, servicebus and storage
+### 8. Deploy services: cosmos, sql, azure managed redis, servicebus and storage
    This module provisions the essential backend services required for the application. It includes a Cosmos DB instance for distributed caching, a secure SQL Server and database for relational data, and an Azure Key Vault for managing secrets using role-based access control. A premium-tier Service Bus is configured to enable reliable messaging between application components. Additionally, a storage account with a blob container provides scalable storage for static resources, while a second storage account is designated for use by the Function App as Azure WebJob storage. All services are deployed with public network access disabled where applicable, ensuring a secure and private infrastructure.
 
    ```bash
@@ -221,6 +221,8 @@ App Service Environment must always be deployed in its own subnet in the enterpr
     echo $RESOURCES_CONTAINER_NAME
     export SERVICEBUS_NAMESPACE_NAME=$(az deployment group show -g rg-app-service-environments-centralus -n services --query properties.outputs.serviceBusName.value -o tsv)
     echo $SERVICEBUS_NAMESPACE_NAME
+    export AMR_NAME=$(az deployment group show -g rg-app-service-environments-centralus -n services --query properties.outputs.amrName.value -o tsv)
+    echo $AMR_NAME
    ```
 
 ### 9. Uploads image to the storage account
@@ -241,7 +243,7 @@ App Service Environment must always be deployed in its own subnet in the enterpr
    # [This takes about thirty minutes to run.]
    # For HA change zoneRedundant to true
     az deployment group create -g rg-app-service-environments-centralus --template-file templates/sites.bicep -n sites --parameters aseName=$ASE_NAME \
-    vnetName=$VNET_NAME cosmosDbName=$COSMOSDB_NAME sqlServerName=$SQL_SERVER sqlDatabaseName=$SQL_DATABASE keyVaultName=$KEYVAULT_NAME serviceBusNamespace=$SERVICEBUS_NAMESPACE_NAME  storageAccountName=$RESOURCES_STORAGE_ACCOUNT_FUNCTION_APP \
+    amrName=$AMR_NAME cosmosDbName=$COSMOSDB_NAME sqlServerName=$SQL_SERVER sqlDatabaseName=$SQL_DATABASE keyVaultName=$KEYVAULT_NAME serviceBusNamespace=$SERVICEBUS_NAMESPACE_NAME  storageAccountName=$RESOURCES_STORAGE_ACCOUNT_FUNCTION_APP \
     aseDnsSuffix=$ASE_DNS_SUFFIX  zoneRedundant=false
 	
     export INTERNAL_APP1_URL=$(az deployment group show -g rg-app-service-environments-centralus -n sites --query properties.outputs.votingAppUrl.value -o tsv) && \
diff --git a/code/web-app-ri/VotingWeb/Program.cs b/code/web-app-ri/VotingWeb/Program.cs
@@ -75,9 +75,8 @@
     c.DefaultRequestHeaders.Add(HeaderNames.Accept, MediaTypeNames.Application.Json);
 });
 
-var host = configuration["RedisHost"];
-var port = configuration["RedisPort"];
-var options = ConfigurationOptions.Parse($"{host}:{port}");
+var redisConnectionString = configuration["ConnectionStrings:Redis"];
+var options = ConfigurationOptions.Parse(redisConnectionString);
 await options.ConfigureForAzureWithTokenCredentialAsync(new DefaultAzureCredential());
 var redis = await ConnectionMultiplexer.ConnectAsync(options);
 
diff --git a/deployment/templates/privateendpoints.bicep b/deployment/templates/privateendpoints.bicep
@@ -24,6 +24,9 @@ param akvName string
 @description('The name of the existing storage account for creating the private endpoint.')
 param storageAccountName string
 
+@description('The name of the existing azure managed redis namespace for creating the private endpoint.')
+param amrName string
+
 @description('The ip address prefix that services subnet will use.')
 param subnetAddressPrefix string = '10.0.50.0/24'
 
@@ -38,6 +41,7 @@ param sqlServerId string = '/subscriptions/${SubId}/resourceGroups/${resourceGro
 param cosmosId string = '/subscriptions/${SubId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DocumentDB/databaseAccounts/${cosmosDBName}'
 param akvId string = '/subscriptions/${SubId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.KeyVault/vaults/${akvName}'
 param storageId string = '/subscriptions/${SubId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Storage/storageAccounts/${storageAccountName}'
+param amrId string = '/subscriptions/${SubId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Cache/redisEnterprise/${amrName}'
 
 //1. Create a private endpoint for the SQL Server
 
@@ -373,7 +377,7 @@ resource privateDnsZoneARecordAKV 'Microsoft.Network/privateDnsZones/A@2024-06-0
   }
 }
 
-// 5. Create a private endpoint for the Storage Account
+//5. Create a private endpoint for the Storage Account
 
 //Create variables for the private endpoint
 var storageHostName = '.blob.${environment().suffixes.storage}'
@@ -454,3 +458,81 @@ resource privateDnsZoneARecordStorage 'Microsoft.Network/privateDnsZones/A@2024-
     ]
   }
 }
+
+//6. Create private endpoint for Azure Managed Redis
+
+// Create variables for the private endpoint
+var amrHostName = ''
+var privateEndpointAMRName = 'voting-AMR-PE-${servicesSubnetName}'
+var privateDnsZoneAMRName = 'privatelink${amrHostName}'
+var pvtEndpointDnsGroupAMRName = '${privateEndpointAMRName}/sbdnsgroupname'
+
+// Create private endpoint
+resource privateEndpointAMR 'Microsoft.Network/privateEndpoints@2024-07-01' = {
+  name: privateEndpointAMRName
+  location: location
+  properties: {
+    subnet: {
+      id: servicesSubnet.id
+    }
+    privateLinkServiceConnections: [
+      {
+        name: privateEndpointAMRName
+        properties: {
+          privateLinkServiceId: amrId
+          groupIds: [
+            'redisEnterprise'
+          ]
+        }
+      }
+    ]
+  }
+}
+
+resource privateDnsZoneAMR 'Microsoft.Network/privateDnsZones@2024-06-01' = {
+  name: privateDnsZoneAMRName
+  location: 'global'
+  properties: {}
+}
+
+resource privateDnsZoneLinkAMR 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2024-06-01' = {
+  parent: privateDnsZoneCosmos
+  name: '${privateDnsZoneAMRName}-link'
+  location: 'global'
+  properties: {
+    registrationEnabled: false
+    virtualNetwork: {
+      id: vnetId
+    }
+  }
+}
+
+resource pvtEndpointDnsGroupAMR 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2024-07-01' = {
+  name: pvtEndpointDnsGroupAMRName
+  properties: {
+    privateDnsZoneConfigs: [
+      {
+        name: 'config1'
+        properties: {
+          privateDnsZoneId: privateDnsZoneAMR.id
+        }
+      }
+    ]
+  }
+  dependsOn: [
+    privateEndpointAMR
+  ]
+}
+
+resource privateDnsZoneARecordAMR 'Microsoft.Network/privateDnsZones/A@2024-06-01' = {
+  parent: privateDnsZoneAMR
+  name: '${privateEndpointAMRName}.${privateDnsZoneAMRName}'
+  properties: {
+    ttl: 3600
+    aRecords: [
+      {
+        ipv4Address: privateEndpointAMR.properties.customDnsConfigs[0].ipAddresses[0]
+      }
+    ]
+  }
+}
diff --git a/deployment/templates/services.bicep b/deployment/templates/services.bicep
@@ -28,7 +28,23 @@ var resourcesStorageAccountName = toLower('resources${uniqueString(resourceGroup
 var resourcesStorageAccountFunctionAppName = toLower('stfa${uniqueString(resourceGroup().id)}')
 var resourcesContainerName = 'rscontainer'
 var keyVaultName = 'akeyvault1-${uniqueString(resourceGroup().id)}'
- 
+var amrName = 'amr-${uniqueString(resourceGroup().id)}'
+var amrDbName = 'default'
+var amrOptions = {
+  clusteringPolicy: 'EnterpriseCluster'
+  evictionPolicy: 'NoEviction'
+  modulesEnabled: [
+    'RedisBloom'
+    'RedisTimeSeries'
+    'RedisJSON'
+    'RedisSearch'
+  ]
+  aofPersistence: false
+  aofFrequency: '1s'
+  rdbPersistence: true
+  rdbFrequency: '6h' // 12h, 1h, 6h
+}
+
 resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2025-04-15' = {
   name: cosmosName
   location: location
@@ -260,6 +276,48 @@ resource resourcesStorageAccountFunctionApp 'Microsoft.Storage/storageAccounts@2
   }
 }
 
+resource amr 'Microsoft.Cache/redisEnterprise@2025-05-01-preview' = {
+  location: location
+  name: amrName
+  properties: {
+    highAvailability: zoneRedundant ? 'Enabled' : 'Disabled'
+    minimumTlsVersion: '1.2'
+  }
+  identity:{
+    type: 'SystemAssigned'
+  }
+  sku: {
+    name: 'Balanced_B1'
+  }
+}
+
+resource amrDb 'Microsoft.Cache/redisEnterprise/databases@2024-09-01-preview' = {
+  name: amrDbName
+  parent: amr
+  properties: {
+    clientProtocol:'Encrypted'
+    port: 10000
+    clusteringPolicy: amrOptions.clusteringPolicy
+    evictionPolicy: amrOptions.evictionPolicy
+    persistence: {
+      aofEnabled: amrOptions.aofPersistence
+      aofFrequency: amrOptions.aofPersistence ? amrOptions.aofFrequency : null
+      rdbEnabled: amrOptions.rdbPersistence
+      rdbFrequency: amrOptions.rdbPersistence ? amrOptions.rdbFrequency : null
+    }
+    modules: [for module in amrOptions.modulesEnabled: {
+      name: module
+    }]
+  }
+}
+
+resource keyVaultAmrConnectionStringSecret 'Microsoft.KeyVault/vaults/secrets@2024-11-01' = {
+  parent: keyVault
+  name: 'RedisConnectionString'
+  properties: {
+    value: '${amr.properties.hostName}:10000,abortConnect=false,ssl=true,password=${listKeys(amr.id, '2015-08-01').primaryKey}'
+  }
+}
 
 output cosmosDbName string = cosmosName
 output sqlServerName string = sqlServerName
@@ -269,3 +327,4 @@ output resourcesStorageAccountFunctionAppName string = resourcesStorageAccountFu
 output resourcesContainerName string = resourcesContainerName
 output keyVaultName string = keyVaultName
 output serviceBusName string = serviceBusName
+output amrName string = amr.name
diff --git a/deployment/templates/sites.bicep b/deployment/templates/sites.bicep
