diff --git a/infra/archiveStorage.bicep b/infra/archiveStorage.bicep new file mode 100644 index 0000000000..ba3aa244bb --- /dev/null +++ b/infra/archiveStorage.bicep @@ -0,0 +1,129 @@ +param location string = resourceGroup().location + +var tags = { + 'cost-category': 'core' +} + +@allowed([ + 'Premium_LRS' + 'Premium_ZRS' + 'Standard_GRS' + 'Standard_GZRS' + 'Standard_LRS' + 'Standard_RAGRS' + 'Standard_RAGZRS' + 'Standard_ZRS' +]) +param skuName string + +var unique = substring(uniqueString(resourceGroup().id), 0, 12) + +resource blobStorage 'Microsoft.Storage/storageAccounts@2022-09-01' = { + name: 'stsswwebsite${unique}' + location: location + tags: tags + sku: { + name: skuName + } + kind: 'BlobStorage' + properties: { + allowBlobPublicAccess: true + publicNetworkAccess: 'Enabled' + accessTier: 'Hot' + supportsHttpsTrafficOnly: true + } +} + +resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' = { + name: 'default' + parent: blobStorage + properties: { + changeFeed: { + enabled: false + } + restorePolicy: { + enabled: false + } + containerDeleteRetentionPolicy: { + enabled: true + days: 7 + } + deleteRetentionPolicy: { + allowPermanentDelete: false + enabled: true + days: 7 + } + cors: { + corsRules: [ + { + allowedHeaders: [ + '*' + ] + allowedMethods: [ + 'GET' + 'HEAD' + 'OPTIONS' + ] + allowedOrigins: [ + '*' + ] + exposedHeaders: [ + '*' + ] + maxAgeInSeconds: 86400 + } + ] + } + } +} + +resource webContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = { + name: '$web' + parent: blobServices + properties: { + publicAccess: 'Container' + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { + name: 'blob-archive-static-site-script' + location: location +} + + +resource enableStaticSite 'Microsoft.Resources/deploymentScripts@2020-10-01' = { + name: 'enableStaticSite' + location: location + kind: 'AzurePowerShell' + identity: { + type: 'UserAssigned' + userAssignedIdentities: { + '${managedIdentity.id}': {} + } + } + properties: { + azPowerShellVersion: '3.0' + scriptContent: loadTextContent('./scripts/enable-static-site.ps1') + retentionInterval: 'PT24H' + environmentVariables: [ + { + name: 'IndexDocumentPath' + value: 'index.html' + } + { + name: 'ErrorDocument404Path' + value: '404.html' + } + { + name: 'ResourceGroupName' + value: resourceGroup().name + } + { + name: 'StorageAccountName' + value: blobStorage.name + } + ] + } +} + +output staticWebsiteUrl string = blobStorage.properties.primaryEndpoints.web diff --git a/infra/main.bicep b/infra/main.bicep index 4f2de1c8f2..43c5e9e3fc 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -56,8 +56,8 @@ module appInsight 'appInsight.bicep' = { name: 'appInsight-${now}' params: { projectName: projectName - location:location - tags:value + location: location + tags: value } } @@ -87,5 +87,13 @@ module kVServicePrincipalRoleAssignment 'keyVaultRoleAssignment.bicep' = { } } +module websiteArchive 'archiveStorage.bicep' = { + name: 'websiteArchive-${now}' + params: { + location: location + skuName: 'Standard_LRS' + } +} + output acrLoginServer string = acr.outputs.acrLoginServer output appServiceHostName string = appService.outputs.appServiceHostName diff --git a/infra/scripts/enable-static-site.ps1 b/infra/scripts/enable-static-site.ps1 new file mode 100644 index 0000000000..d27e0e2c52 --- /dev/null +++ b/infra/scripts/enable-static-site.ps1 @@ -0,0 +1,5 @@ +$ErrorActionPreference = 'Stop' +$storageAccount = Get-AzStorageAccount -ResourceGroupName $env:ResourceGroupName -AccountName $env:StorageAccountName + +$ctx = $storageAccount.Context +Enable-AzStorageStaticWebsite -Context $ctx -IndexDocument $env:IndexDocumentPath -ErrorDocument404Path $env:ErrorDocument404Path