Parameterize diagsettings for appservice

deploy/main.bicep

@@ -1,6 +1,8 @@
 // Global parameters
 targetScope = 'subscription'
 
+import { appServiceDiagSettingsLogCategoryType } from './types/types.bicep'
+
 @description('GUID for Resource Naming')
 param guid string = newGuid()
 
@@ -23,6 +25,9 @@ param deployAsFunc bool = false
 @description('Flag to Deploy IPAM as a Container')
 param deployAsContainer bool = false
 
+@description('IPAM Container Image Tag to use')
+param acrImageTag string = 'latest'
+
 @description('IPAM-UI App Registration Client/App ID')
 param uiAppId string = '00000000-0000-0000-0000-000000000000'
 
@@ -53,6 +58,32 @@ param resourceNames object = {
   containerRegistryName: '${namePrefix}acr${uniqueString(guid)}'
 }
 
+@description('App Service Plan SKU name, this will determine the tier, size, family of the App Service Plan.')
+@metadata({
+  example: '''
+  'F1'
+  'B1'
+  'P1v3'
+  'I1v2'
+  '''
+})
+param appServicePlanSkuName string = 'P1v3'
+
+@description('Number of workers associated with the App Service Plan.')
+param appServicePlanSkuCapacity int = 1
+
+@description('Diagnostic settings for app service')
+param appServiceDiagSettingsLogCategory appServiceDiagSettingsLogCategoryType[] = [
+  'AppServiceAntivirusScanAuditLogs'
+  'AppServiceHTTPLogs'
+  'AppServiceConsoleLogs'
+  'AppServiceAppLogs'
+  'AppServiceFileAuditLogs'
+  'AppServiceAuditLogs'
+  'AppServiceIPSecAuditLogs'
+  'AppServicePlatformLogs'
+]
+
 // Resource Group
 resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
   location: location
@@ -143,6 +174,9 @@ module appService './modules/appService.bicep' = if (!deployAsFunc) {
     azureCloud: azureCloud
     appServiceName: resourceNames.appServiceName
     appServicePlanName: resourceNames.appServicePlanName
+    appServicePlanSkuName: appServicePlanSkuName
+    appServicePlanSkuCapacity: appServicePlanSkuCapacity
+    appServiceDiagSettingsLogCategory: appServiceDiagSettingsLogCategory
     keyVaultUri: keyVault.outputs.keyVaultUri
     cosmosDbUri: cosmos.outputs.cosmosDocumentEndpoint
     databaseName: resourceNames.cosmosDatabaseName
@@ -151,6 +185,7 @@ module appService './modules/appService.bicep' = if (!deployAsFunc) {
     managedIdentityClientId: managedIdentity.outputs.clientId
     workspaceId: logAnalyticsWorkspace.outputs.workspaceId
     deployAsContainer: deployAsContainer
+    acrImageTag: acrImageTag
     privateAcr: privateAcr
     privateAcrUri: privateAcr ? containerRegistry.outputs.acrUri : ''
   }
@@ -174,6 +209,7 @@ module functionApp './modules/functionApp.bicep' = if (deployAsFunc) {
     storageAccountName: resourceNames.storageAccountName
     workspaceId: logAnalyticsWorkspace.outputs.workspaceId
     deployAsContainer: deployAsContainer
+    acrImageTag: acrImageTag
     privateAcr: privateAcr
     privateAcrUri: privateAcr ? containerRegistry.outputs.acrUri : ''
   }

deploy/modules/appService.bicep

@@ -1,9 +1,29 @@
+import { appServiceDiagSettingsLogCategoryType } from '../types/types.bicep'
+
 @description('App Service Name')
 param appServiceName string
 
 @description('App Service Plan Name')
 param appServicePlanName string
 
+@description('The name of the SKU will Determine the tier, size, family of the App Service Plan.')
+@metadata({
+  example: '''
+  'F1'
+  'B1'
+  'P1v3'
+  'I1v2'
+  '''
+})
+param appServicePlanSkuName string = 'P1v3'
+
+@description('Number of workers associated with the App Service Plan.')
+@minValue(1)
+param appServicePlanSkuCapacity int = 1
+
+@description('Diagnostic settings for app service')
+param appServiceDiagSettingsLogCategory appServiceDiagSettingsLogCategoryType[] = []
+
 @description('CosmosDB URI')
 param cosmosDbUri string
 
@@ -34,6 +54,9 @@ param workspaceId string
 @description('Flag to Deploy IPAM as a Container')
 param deployAsContainer bool = false
 
+@description('IPAM Container Image Tag to use')
+param acrImageTag string = 'latest'
+
 @description('Flag to Deploy Private Container Registry')
 param privateAcr bool
 
@@ -54,10 +77,8 @@ resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = {
   name: appServicePlanName
   location: location
   sku: {
-    name: 'P1v3'
-    size: 'P1v3'
-    tier: 'PremiumV3'
-    capacity: 1
+    name: appServicePlanSkuName
+    capacity: appServicePlanSkuCapacity
   }
   kind: 'linux'
   properties: {
@@ -83,7 +104,7 @@ resource appService 'Microsoft.Web/sites@2021-02-01' = {
       acrUseManagedIdentityCreds: privateAcr ? true : false
       acrUserManagedIdentityID: privateAcr ? managedIdentityClientId : null
       alwaysOn: true
-      linuxFxVersion: deployAsContainer ? 'DOCKER|${acrUri}/ipam:latest' : 'PYTHON|${pythonVersion}'
+      linuxFxVersion: deployAsContainer ? 'DOCKER|${acrUri}/ipam:${acrImageTag}' : 'PYTHON|${pythonVersion}'
       appCommandLine: !deployAsContainer ? 'bash ./init.sh 8000' : null
       healthCheckPath: '/api/status'
       appSettings: concat(
@@ -201,79 +222,15 @@ resource diagnosticSettingsApp 'Microsoft.Insights/diagnosticSettings@2021-05-01
   scope: appService
   properties: {
     logs: [
-      {
-        category: 'AppServiceAntivirusScanAuditLogs'
-        enabled: true
-        retentionPolicy: {
-          days: 0
-          enabled: false
-        }
-      }
-      {
-        category: 'AppServiceHTTPLogs'
-        enabled: true
-        retentionPolicy: {
-          days: 0
-          enabled: false
-        }
-      }
-      {
-        category: 'AppServiceConsoleLogs'
-        enabled: true
-        retentionPolicy: {
-          days: 0
-          enabled: false
-        }
-      }
-      {
-        category: 'AppServiceAppLogs'
+      for categoryName in appServiceDiagSettingsLogCategory : {
+        category: categoryName
         enabled: true
-        retentionPolicy: {
-          days: 0
-          enabled: false
-        }
-      }
-      {
-        category: 'AppServiceFileAuditLogs'
-        enabled: true
-        retentionPolicy: {
-          days: 0
-          enabled: false
-        }
-      }
-      {
-        category: 'AppServiceAuditLogs'
-        enabled: true
-        retentionPolicy: {
-          days: 0
-          enabled: false
-        }
-      }
-      {
-        category: 'AppServiceIPSecAuditLogs'
-        enabled: true
-        retentionPolicy: {
-          days: 0
-          enabled: false
-        }
-      }
-      {
-        category: 'AppServicePlatformLogs'
-        enabled: true
-        retentionPolicy: {
-          days: 0
-          enabled: false
-        }
       }
     ]
     metrics: [
       {
         category: 'AllMetrics'
         enabled: true
-        retentionPolicy: {
-          days: 0
-          enabled: false
-        }
       }
     ]
     workspaceId: workspaceId

deploy/modules/functionApp.bicep

@@ -37,6 +37,9 @@ param workspaceId string
 @description('Flag to Deploy IPAM as a Container')
 param deployAsContainer bool = false
 
+@description('IPAM Container Image Tag to use')
+param acrImageTag string = 'latest'
+
 @description('Flag to Deploy Private Container Registry')
 param privateAcr bool
 
@@ -87,7 +90,7 @@ resource functionApp 'Microsoft.Web/sites@2021-03-01' = {
     siteConfig: {
       acrUseManagedIdentityCreds: privateAcr ? true : false
       acrUserManagedIdentityID: privateAcr ? managedIdentityClientId : null
-      linuxFxVersion: deployAsContainer ? 'DOCKER|${acrUri}/ipamfunc:latest' : 'PYTHON|${pythonVersion}'
+      linuxFxVersion: deployAsContainer ? 'DOCKER|${acrUri}/ipamfunc:${acrImageTag}' : 'PYTHON|${pythonVersion}'
       healthCheckPath: '/api/status'
       appSettings: concat(
         [

deploy/types/types.bicep

@@ -0,0 +1,2 @@
+@export()
+type appServiceDiagSettingsLogCategoryType = ('AppServiceAntivirusScanAuditLogs' | 'AppServiceHTTPLogs' | 'AppServiceConsoleLogs' | 'AppServiceAppLogs' | 'AppServiceFileAuditLogs' | 'AppServiceAuditLogs' | 'AppServiceIPSecAuditLogs' | 'AppServicePlatformLogs')