{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.38.33.27573", "templateHash": "7279368042836242919" } }, "parameters": { "userObjectId": { "type": "securestring", "metadata": { "description": "The user object id for role assignments." } } }, "resources": [ { "type": "Microsoft.OperationalInsights/workspaces", "apiVersion": "2022-10-01", "name": "[format('mylogs{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))]", "location": "[resourceGroup().location]", "identity": { "type": "SystemAssigned" }, "properties": { "sku": { "name": "PerGB2018" } } }, { "type": "Microsoft.Monitor/accounts", "apiVersion": "2023-04-03", "name": "[format('myprometheus{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))]", "location": "[resourceGroup().location]" }, { "type": "Microsoft.ContainerRegistry/registries", "apiVersion": "2023-11-01-preview", "name": "[format('myregistry{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))]", "location": "[resourceGroup().location]", "sku": { "name": "Standard" }, "identity": { "type": "SystemAssigned" } }, { "type": "Microsoft.KeyVault/vaults", "apiVersion": "2023-07-01", "name": "[format('mykeyvault{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))]", "location": "[resourceGroup().location]", "properties": { "enableRbacAuthorization": true, "sku": { "family": "A", "name": "standard" }, "tenantId": "[subscription().tenantId]" } }, { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2023-01-31", "name": "[format('myidentity{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))]", "location": "[resourceGroup().location]" }, { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[format('Microsoft.KeyVault/vaults/{0}', format('mykeyvault{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]", "name": "[guid(subscription().id, resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('myidentity{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))), 'Key Vault Secrets User')]", "properties": { "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('myidentity{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))), '2023-01-31').principalId]", "principalType": "ServicePrincipal", "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6')]" }, "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', format('mykeyvault{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]", "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('myidentity{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]" ] }, { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[format('Microsoft.KeyVault/vaults/{0}', format('mykeyvault{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]", "name": "[guid(subscription().id, resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('myidentity{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))), 'Key Vault Certificate User')]", "properties": { "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('myidentity{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))), '2023-01-31').principalId]", "principalType": "ServicePrincipal", "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'db79e9a7-68ee-4b58-9aeb-b90e7c24fcba')]" }, "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', format('mykeyvault{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]", "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('myidentity{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]" ] }, { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[format('Microsoft.KeyVault/vaults/{0}', format('mykeyvault{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]", "name": "[guid(subscription().id, resourceGroup().id, parameters('userObjectId'), 'Key Vault Administrator')]", "properties": { "principalId": "[parameters('userObjectId')]", "principalType": "User", "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483')]" }, "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', format('mykeyvault{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]" ] }, { "type": "Microsoft.Insights/components", "apiVersion": "2020-02-02", "name": "[format('myappinsights{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))]", "location": "[resourceGroup().location]", "kind": "web", "properties": { "Application_Type": "web", "WorkspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', format('mylogs{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]" }, "dependsOn": [ "[resourceId('Microsoft.OperationalInsights/workspaces', format('mylogs{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]" ] } ], "outputs": { "metricsWorkspaceId": { "type": "string", "value": "[resourceId('Microsoft.Monitor/accounts', format('myprometheus{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]" }, "logWorkspaceId": { "type": "string", "value": "[resourceId('Microsoft.OperationalInsights/workspaces', format('mylogs{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]" }, "azureKeyVaultId": { "type": "string", "value": "[resourceId('Microsoft.KeyVault/vaults', format('mykeyvault{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]" }, "azureKeyVaultName": { "type": "string", "value": "[format('mykeyvault{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))]" }, "azureKeyVaultUri": { "type": "string", "value": "[reference(resourceId('Microsoft.KeyVault/vaults', format('mykeyvault{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))), '2023-07-01').vaultUri]" }, "containerRegistryId": { "type": "string", "value": "[resourceId('Microsoft.ContainerRegistry/registries', format('myregistry{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4)))]" }, "containerRegistryUrl": { "type": "string", "value": "[reference(resourceId('Microsoft.ContainerRegistry/registries', format('myregistry{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))), '2023-11-01-preview').loginServer]" }, "appInsightsConnectionString": { "type": "string", "value": "[reference(resourceId('Microsoft.Insights/components', format('myappinsights{0}', take(uniqueString(subscription().id, resourceGroup().id, deployment().name), 4))), '2020-02-02').ConnectionString]" } } }