Use private networks, MI and AVM

.cruft.json

@@ -1,6 +1,6 @@
 {
   "template": "https://github.com/Azure-Samples/Azure-Python-Standardization-Template-Generator",
-  "commit": "619a6b29afba8ca26c528526bc313294d5c414a4",
+  "commit": "ab89511a94d0e2e2a58acb9428a5cf4875af1c23",
   "checkout": null,
   "context": {
     "cookiecutter": {

README.md

@@ -5,12 +5,10 @@ languages:
 - python
 - bicep
 - html
-- css
-- scss
 products:
 - azure
 - azure-container-apps
-- azure-postgresql
+- azure-database-postgresql
 urlFragment: azure-flask-postgres-flexible-aca
 name: Deploy Flask Application with PostgreSQL on Azure Container Apps (Python)
 description: This project deploys a web application for a space travel agency using Flask with Python, and is set up for easy deployment with the Azure Developer CLI.

infra/core/host/appservice.bicep

@@ -36,6 +36,7 @@ param scmDoBuildDuringDeployment bool = false
 param use32BitWorkerProcess bool = false
 param ftpsState string = 'FtpsOnly'
 param healthCheckPath string = ''
+param virtualNetworkSubnetId string = ''
 
 resource appService 'Microsoft.Web/sites@2022-03-01' = {
   name: name
@@ -65,6 +66,7 @@ resource appService 'Microsoft.Web/sites@2022-03-01' = {
     }
     clientAffinityEnabled: clientAffinityEnabled
     httpsOnly: true
+    virtualNetworkSubnetId: virtualNetworkSubnetId
   }
 
   identity: { type: managedIdentity ? 'SystemAssigned' : 'None' }

infra/core/host/container-apps.bicep

@@ -7,34 +7,49 @@ param containerAppsEnvironmentName string
 param containerRegistryName string
 param containerRegistryResourceGroupName string = ''
 param containerRegistryAdminUserEnabled bool = false
-param logAnalyticsWorkspaceName string
-param applicationInsightsName string = ''
+param logAnalyticsWorkspaceResourceId string
+param applicationInsightsName string = '' // Not used here, was used for DAPR
+param virtualNetworkSubnetId string = ''
 
-module containerAppsEnvironment 'container-apps-environment.bicep' = {
+@description('Optional user assigned identity IDs to assign to the resource')
+param userAssignedIdentityResourceIds array = []
+
+module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.5.2' = {
   name: '${name}-container-apps-environment'
   params: {
+    // Required parameters
+    logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId
+
+    managedIdentities: empty(userAssignedIdentityResourceIds) ? {
+      systemAssigned: true
+    } : {
+      userAssignedResourceIds: userAssignedIdentityResourceIds
+    }
+
     name: containerAppsEnvironmentName
+    // Non-required parameters
+    infrastructureResourceGroupName: containerRegistryResourceGroupName
+    infrastructureSubnetId: virtualNetworkSubnetId
+    // internal: true
     location: location
     tags: tags
-    logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
-    applicationInsightsName: applicationInsightsName
   }
 }
 
-module containerRegistry 'container-registry.bicep' = {
+module containerRegistry 'br/public:avm/res/container-registry/registry:0.3.1' = {
   name: '${name}-container-registry'
   scope: !empty(containerRegistryResourceGroupName) ? resourceGroup(containerRegistryResourceGroupName) : resourceGroup()
   params: {
     name: containerRegistryName
     location: location
-    adminUserEnabled: containerRegistryAdminUserEnabled
+    acrAdminUserEnabled: containerRegistryAdminUserEnabled
     tags: tags
   }
 }
 
 output defaultDomain string = containerAppsEnvironment.outputs.defaultDomain
 output environmentName string = containerAppsEnvironment.outputs.name
-output environmentId string = containerAppsEnvironment.outputs.id
+output environmentId string = containerAppsEnvironment.outputs.resourceId
 
 output registryLoginServer string = containerRegistry.outputs.loginServer
 output registryName string = containerRegistry.outputs.name

infra/core/monitor/monitoring.bicep

@@ -5,29 +5,39 @@ param applicationInsightsDashboardName string = ''
 param location string = resourceGroup().location
 param tags object = {}
 
-module logAnalytics 'loganalytics.bicep' = {
+module logAnalytics 'br/public:avm/res/operational-insights/workspace:0.4.0' = {
   name: 'loganalytics'
   params: {
     name: logAnalyticsName
     location: location
     tags: tags
+    skuName: 'PerGB2018'
+    dataRetention: 30
   }
 }
 
-module applicationInsights 'applicationinsights.bicep' = {
+module applicationInsights 'br/public:avm/res/insights/component:0.3.1' = {
   name: 'applicationinsights'
   params: {
     name: applicationInsightsName
     location: location
     tags: tags
-    dashboardName: applicationInsightsDashboardName
-    logAnalyticsWorkspaceId: logAnalytics.outputs.id
+    workspaceResourceId: logAnalytics.outputs.resourceId
+  }
+}
+
+module applicationInsightsDashboard 'applicationinsights-dashboard.bicep' = if (!empty(applicationInsightsDashboardName)) {
+  name: 'application-insights-dashboard'
+  params: {
+    name: applicationInsightsDashboardName
+    location: location
+    applicationInsightsName: applicationInsights.name
   }
 }
 
 output applicationInsightsConnectionString string = applicationInsights.outputs.connectionString
-output applicationInsightsId string = applicationInsights.outputs.id
+output applicationInsightsId string = applicationInsights.outputs.resourceId
 output applicationInsightsInstrumentationKey string = applicationInsights.outputs.instrumentationKey
 output applicationInsightsName string = applicationInsights.outputs.name
-output logAnalyticsWorkspaceId string = logAnalytics.outputs.id
+output logAnalyticsWorkspaceId string = logAnalytics.outputs.resourceId
 output logAnalyticsWorkspaceName string = logAnalytics.outputs.name