From 1b2d599d39c031230d3585230c2344f2559f9cb4 Mon Sep 17 00:00:00 2001 From: xingyang-li Date: Fri, 22 Mar 2024 12:10:02 -0700 Subject: [PATCH] Update westcentralus --- templates/stf-westcentralus.json | 183 +++++++++++++++++++++++++++++-- 1 file changed, 175 insertions(+), 8 deletions(-) diff --git a/templates/stf-westcentralus.json b/templates/stf-westcentralus.json index fdc9e48..afeab95 100644 --- a/templates/stf-westcentralus.json +++ b/templates/stf-westcentralus.json @@ -75,10 +75,13 @@ "storageKeySecretResourceId": "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyvaultName'), variables('storageKeySecretName'))]", "storagePrivateEndpointConnName": "[concat(parameters('projectName'), '-stor-pe')]", "sitePrivateEndpointConnName": "[concat(parameters('projectName'), '-site-pe')]", + "filePrivateEndpointConnName": "[concat(parameters('projectName'), '-file-pe')]", "blobPrivateZoneName": "privatelink.blob.core.windows.net", "sitePrivateZoneName": "privatelink.azurewebsites.net", + "filePrivateZoneName": "privatelink.file.core.windows.net", "administratorLogin": "swiftadmin", - "administratorLoginPassword": "iis6!dfu" + "administratorLoginPassword": "iis6!dfu", + "mountPath": "/mounts/remote" }, "resources": [ { @@ -658,6 +661,21 @@ "provisioningState": "Succeeded" } }, + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2018-09-01", + "name": "[variables('filePrivateZoneName')]", + "location": "global", + "properties": { + "maxNumberOfRecordSets": 25000, + "maxNumberOfVirtualNetworkLinks": 1000, + "maxNumberOfVirtualNetworkLinksWithRegistration": 100, + "numberOfRecordSets": 3, + "numberOfVirtualNetworkLinks": 0, + "numberOfVirtualNetworkLinksWithRegistration": 0, + "provisioningState": "Succeeded" + } + }, { "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", "apiVersion": "2018-09-01", @@ -690,6 +708,22 @@ } } }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2018-09-01", + "name": "[concat(variables('filePrivateZoneName'), '/n33a3tkelqvqk')]", + "location": "global", + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', variables('filePrivateZoneName'))]", + "[resourceId('Microsoft.Network/virtualNetworks', variables('vNetName'))]" + ], + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[resourceId('Microsoft.Network/virtualNetworks', variables('vNetName'))]" + } + } + }, { "type": "Microsoft.Network/privateEndpoints", "apiVersion": "2020-11-01", @@ -754,6 +788,37 @@ } } }, + { + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2020-11-01", + "name": "[variables('filePrivateEndpointConnName')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]", + "[resourceId('Microsoft.Network/virtualNetworks', variables('vNetName'))]" + ], + "location": "[parameters('location')]", + "properties": { + "privateLinkServiceConnections": [ + { + "name": "[variables('filePrivateEndpointConnName')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]", + "groupIds": [ + "file" + ], + "privateLinkServiceConnectionState": { + "status": "Approved", + "description": "Auto-Approved", + "actionsRequired": "None" + } + } + } + ], + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vNetName'), variables('vNetSubnetName'))]" + } + } + }, { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2020-11-01", @@ -790,6 +855,24 @@ ] } }, + { + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2020-11-01", + "name": "[concat(variables('filePrivateEndpointConnName'), '/default')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', variables('filePrivateEndpointConnName'))]" + ], + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "privatelink-file-core-windows-net", + "properties": { + "privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', variables('filePrivateZoneName'))]" + } + } + ] + } + }, { "name": "[variables('storageAccountName')]", "type": "Microsoft.Storage/storageAccounts", @@ -801,13 +884,38 @@ "kind": "StorageV2", "properties": { "publicNetworkAccess": "Disabled", - "allowBlobPublicAccess": false + "allowBlobPublicAccess": false, + "networkAcls": { + "defaultAction": "Deny", + "bypass": "AzureServices" + } }, "sku": { - "name": "Premium_LRS", - "tier": "Premium" + "name": "Standard_LRS" } }, + { + "type": "Microsoft.Storage/storageAccounts/fileServices/shares", + "apiVersion": "2023-01-01", + "name": "[format('{0}/default/{1}', variables('storageAccountName'), 'windows')]", + "properties": { + "enabledProtocols": "SMB" + }, + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" + ] + }, + { + "type": "Microsoft.Storage/storageAccounts/fileServices/shares", + "apiVersion": "2023-01-01", + "name": "[format('{0}/default/{1}', variables('storageAccountName'), 'linux')]", + "properties": { + "enabledProtocols": "SMB" + }, + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" + ] + }, { "name": "[variables('funcStorageAccountName')]", "type": "Microsoft.Storage/storageAccounts", @@ -890,7 +998,7 @@ "apiVersion": "2021-11-01-preview", "name": "[format('{0}/{1}', variables('keyVaultName'), variables('storageKeySecretName'))]", "properties": { - "value": "listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2015-05-01-preview').key1)" + "value": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2018-11-01').keys[0].value]" }, "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]", @@ -1052,12 +1160,37 @@ "properties": { "secret1": "[concat('@Microsoft.KeyVault(SecretUri=', reference(variables('secret1ResourceId')).secretUriWithVersion, ')')]", "storageKeySecret": "[concat('@Microsoft.KeyVault(SecretUri=', reference(variables('storageKeySecretResourceId')).secretUriWithVersion, ')')]", + "WEBSITE_DNS_SERVER": "168.63.129.16", "WEBSITE_VNET_ROUTE_ALL": "1", + "WEBSITE_CONTENTOVERVNET": "1", + "WEBSITE_CONTENTSHARE": "windows", + "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2015-05-01-preview').key1)]", "ResourceGroup": "[parameters('projectName')]" }, "dependsOn": [ "[resourceId('Microsoft.Web/Sites', variables('windowsAppName'))]", - "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyvaultName'), variables('secret1Name'))]" + "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyvaultName'), variables('secret1Name'))]", + "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyvaultName'), variables('storageKeySecretName'))]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" + ] + }, + { + "name": "azurestorageaccounts", + "type": "config", + "apiVersion": "2022-09-01", + "properties": { + "remote": { + "type": "AzureFiles", + "accountName": "[variables('storageAccountName')]", + "shareName": "windows", + "mountPath": "[variables('mountPath')]", + "accessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2018-11-01').keys[0].value]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/Sites', variables('windowsAppName'))]", + "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyvaultName'), variables('storageKeySecretName'))]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" ] } ] @@ -1097,7 +1230,16 @@ "connectionString": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2015-05-01-preview').key1)]", "type": "Custom" } - ] + ], + "azureStorageAccounts": { + "remote": { + "mountPath": "[variables('mountPath')]", + "accountName": "[variables('storageAccountName')]", + "type": "AzureFiles", + "shareName": "linux", + "accessKey": "listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2015-05-01-preview').key1)" + } + } }, "scmSiteAlsoStopped": false, "clientAffinityEnabled": false, @@ -1121,11 +1263,36 @@ "secret1": "[concat('@Microsoft.KeyVault(SecretUri=', reference(variables('secret1ResourceId')).secretUriWithVersion, ')')]", "storageKeySecret": "[concat('@Microsoft.KeyVault(SecretUri=', reference(variables('storageKeySecretResourceId')).secretUriWithVersion, ')')]", "WEBSITE_VNET_ROUTE_ALL": "1", + "WEBSITE_DNS_SERVER": "168.63.129.16", + "WEBSITE_CONTENTOVERVNET": "1", + "WEBSITE_CONTENTSHARE": "windows", + "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2015-05-01-preview').key1)]", "ResourceGroup": "[parameters('projectName')]" }, "dependsOn": [ "[resourceId('Microsoft.Web/Sites', variables('linuxAppName'))]", - "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyvaultName'), variables('secret1Name'))]" + "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyvaultName'), variables('secret1Name'))]", + "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyvaultName'), variables('storageKeySecretName'))]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" + ] + }, + { + "name": "azurestorageaccounts", + "type": "config", + "apiVersion": "2022-09-01", + "properties": { + "remote": { + "type": "AzureFiles", + "accountName": "[variables('storageAccountName')]", + "shareName": "linux", + "mountPath": "[variables('mountPath')]", + "accessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2018-11-01').keys[0].value]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/Sites', variables('linuxAppName'))]", + "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyvaultName'), variables('storageKeySecretName'))]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" ] } ]