-
Notifications
You must be signed in to change notification settings - Fork 112
/
azuredeploy.bicep
76 lines (67 loc) · 2.54 KB
/
azuredeploy.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
targetScope = 'subscription'
param rgName string
param readerRoleAssignmentGuid string = guid(subscription().subscriptionId, rgName)
param contributorRoleAssignmentGuid string = guid(rgName)
param projectLocation string
@description('The base URI where artifacts required by this template are located')
param templateLocation string
param storageAccountName string
param automationAccountName string
param sqlServerName string
param sqlDatabaseName string = 'azureoptimization'
param logAnalyticsReuse bool
param logAnalyticsWorkspaceName string
param logAnalyticsWorkspaceRG string
param logAnalyticsRetentionDays int = 120
param sqlBackupRetentionDays int = 7
param sqlAdminLogin string
@secure()
param sqlAdminPassword string
param cloudEnvironment string = 'AzureCloud'
param authenticationOption string = 'ManagedIdentity'
@description('Base time for all automation runbook schedules.')
param baseTime string = utcNow('u')
param resourceTags object
param roleReader string = '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7'
resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
name: rgName
location: projectLocation
tags: resourceTags
dependsOn: []
}
module resourcesDeployment './azuredeploy-nested.bicep' = {
name: 'resourcesDeployment'
scope: resourceGroup(rgName)
params: {
projectLocation: projectLocation
templateLocation: templateLocation
storageAccountName: storageAccountName
automationAccountName: automationAccountName
sqlServerName: sqlServerName
sqlDatabaseName: sqlDatabaseName
logAnalyticsReuse: logAnalyticsReuse
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
logAnalyticsWorkspaceRG: logAnalyticsWorkspaceRG
logAnalyticsRetentionDays: logAnalyticsRetentionDays
sqlBackupRetentionDays: sqlBackupRetentionDays
sqlAdminLogin: sqlAdminLogin
sqlAdminPassword: sqlAdminPassword
cloudEnvironment: cloudEnvironment
authenticationOption: authenticationOption
baseTime: baseTime
contributorRoleAssignmentGuid: contributorRoleAssignmentGuid
resourceTags: resourceTags
}
dependsOn: [
rg
]
}
resource readerRoleAssignmentGuid_resource 'Microsoft.Authorization/roleAssignments@2018-09-01-preview' = {
name: readerRoleAssignmentGuid
properties: {
roleDefinitionId: roleReader
principalId: resourcesDeployment.outputs.automationPrincipalId
principalType: 'ServicePrincipal'
}
}
output automationPrincipalId string = resourcesDeployment.outputs.automationPrincipalId