🧑‍💻 DevOps - Provision Blob Storage Static Site (#1828)

* create archive bicep * added az script * added deployment script to bicep file * changed default sku * Added tags * Added public access + blob services * added settings from test deployment arm * added managed identity to run script * fixed title of storage account * fixed name of storage account * Added unique name for storage account * Fixed unique string to align to SSW rules * Fixed naming for storage account * Changed to correct storage account prefix + extended unique substring
SSWConsulting · Dec 5, 2023 · 02d13a7 · 02d13a7
1 parent a1fe4c4
commit 02d13a7
Show file tree

Hide file tree

Showing 3 changed files with 144 additions and 2 deletions.
diff --git a/infra/archiveStorage.bicep b/infra/archiveStorage.bicep
@@ -0,0 +1,129 @@
+param location string = resourceGroup().location
+
+var tags = {
+  'cost-category': 'core'
+}
+
+@allowed([
+  'Premium_LRS'
+  'Premium_ZRS'
+  'Standard_GRS'
+  'Standard_GZRS'
+  'Standard_LRS'
+  'Standard_RAGRS'
+  'Standard_RAGZRS'
+  'Standard_ZRS'
+])
+param skuName string
+
+var unique = substring(uniqueString(resourceGroup().id), 0, 12)
+
+resource blobStorage 'Microsoft.Storage/storageAccounts@2022-09-01' = {
+  name: 'stsswwebsite${unique}'
+  location: location
+  tags: tags
+  sku: {
+    name: skuName
+  }
+  kind: 'BlobStorage'
+  properties: {
+    allowBlobPublicAccess: true
+    publicNetworkAccess: 'Enabled'
+    accessTier: 'Hot'
+    supportsHttpsTrafficOnly: true
+  }
+}
+
+resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' = {
+  name: 'default'
+  parent: blobStorage
+  properties: {
+    changeFeed: {
+      enabled: false
+    }
+    restorePolicy: {
+      enabled: false
+    }
+    containerDeleteRetentionPolicy: {
+      enabled: true
+      days: 7
+    }
+    deleteRetentionPolicy: {
+      allowPermanentDelete: false
+      enabled: true
+      days: 7
+    }
+    cors: {
+      corsRules: [
+        {
+          allowedHeaders: [
+            '*'
+          ]
+          allowedMethods: [
+            'GET'
+            'HEAD'
+            'OPTIONS'
+          ]
+          allowedOrigins: [
+            '*'
+          ]
+          exposedHeaders: [
+            '*'
+          ]
+          maxAgeInSeconds: 86400
+        }
+      ]
+    }
+  }
+}
+
+resource webContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  name: '$web'
+  parent: blobServices
+  properties: {
+    publicAccess: 'Container'
+  }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: 'blob-archive-static-site-script'
+  location: location
+}
+
+
+resource enableStaticSite 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: 'enableStaticSite'
+  location: location
+  kind: 'AzurePowerShell'
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentity.id}': {}
+    }
+  }
+  properties: {
+    azPowerShellVersion: '3.0'
+    scriptContent: loadTextContent('./scripts/enable-static-site.ps1')
+    retentionInterval: 'PT24H'
+    environmentVariables: [
+      {
+        name: 'IndexDocumentPath'
+        value: 'index.html'
+      }
+      {
+        name: 'ErrorDocument404Path'
+        value: '404.html'
+      }
+      {
+        name: 'ResourceGroupName'
+        value: resourceGroup().name
+      }
+      {
+        name: 'StorageAccountName'
+        value: blobStorage.name
+      }
+    ]
+  }
+}
+
+output staticWebsiteUrl string = blobStorage.properties.primaryEndpoints.web
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -56,8 +56,8 @@ module appInsight 'appInsight.bicep' = {
   name: 'appInsight-${now}'
   params: {
     projectName: projectName
-    location:location
-    tags:value
+    location: location
+    tags: value
   }
 }
 
@@ -87,5 +87,13 @@ module kVServicePrincipalRoleAssignment 'keyVaultRoleAssignment.bicep' = {
   }
 }
 
+module websiteArchive 'archiveStorage.bicep' = {
+  name: 'websiteArchive-${now}'
+  params: {
+    location: location
+    skuName: 'Standard_LRS'
+  }
+}
+
 output acrLoginServer string = acr.outputs.acrLoginServer
 output appServiceHostName string = appService.outputs.appServiceHostName
diff --git a/infra/scripts/enable-static-site.ps1 b/infra/scripts/enable-static-site.ps1
@@ -0,0 +1,5 @@
+$ErrorActionPreference = 'Stop'
+$storageAccount = Get-AzStorageAccount -ResourceGroupName $env:ResourceGroupName -AccountName $env:StorageAccountName
+
+$ctx = $storageAccount.Context
+Enable-AzStorageStaticWebsite -Context $ctx -IndexDocument $env:IndexDocumentPath -ErrorDocument404Path $env:ErrorDocument404Path