-
Notifications
You must be signed in to change notification settings - Fork 179
/
FhirConverter-SingleAzureDeploy.bicep
198 lines (165 loc) · 9.03 KB
/
FhirConverter-SingleAzureDeploy.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
/*
This is the single-touch deployment template for deploying the following:
* dependent resources (key vault and/or template storage account)
* infrastructure for the container app
* the container app running the FHIR-Converter service
*/
targetScope = 'subscription'
@minLength(3)
@maxLength(9)
@description('Used as the prefix to name provisioned resources where a custom name is not provided. Should be alphanumeric, at least 3 characters and no more than 9 characters.')
param serviceName string
@description('Location where the resources are deployed.')
@allowed([
'australiaeast'
'brazilsouth'
'canadacentral'
'canadaeast'
'centralindia'
'centralus'
'chinanorth3'
'eastasia'
'eastus'
'eastus2'
'francecentral'
'germanywestcentral'
'japaneast'
'koreacentral'
'northcentralus'
'northeurope'
'norwayeast'
'southafricanorth'
'southcentralus'
'southeastasia'
'swedencentral'
'switzerlandnorth'
'uaenorth'
'uksouth'
'westeurope'
'westus'
'westus2'
'westus3'
])
param location string
@description('The tag of the image to pull from MCR. To see available image tags, visit the [FHIR Converter MCR page](https://mcr.microsoft.com/en-us/product/healthcareapis/fhir-converter/tags)')
param containerAppImageTag string
@description('Timestamp used to generate unique deployment names. Defaults to utcNow')
param timestamp string = utcNow('yyyyMMddHHmmss')
@description('Name of the resource group to deploy the resources to. If the resource group does not already exist, a new resource group will be provisioned with the given name or, if a name is not provided, with an autogenerated name based on serviceName.')
param resourceGroupName string = '${serviceName}-rg'
@description('Name of the container app environment. If a name is not provided, an autogenerated name based on serviceName will be used.')
param containerAppEnvName string = '${serviceName}-app-env'
@description('Name of the container app to run the FHIR Converter service. If a name is not provided, an autogenerated name based on serviceName will be used.')
param containerAppName string = '${serviceName}-app'
@description('Minimum number of replicas for the container app.')
param minReplicas int = 0
@description('Maximum number of replicas for the container app.')
param maxReplicas int = 30
@description('CPU limit for the container app.')
param cpuLimit string = '1.0'
@description('Memory limit for the container app.')
param memoryLimit string = '2Gi'
@description('Set to true to enable deployment of and integration with a storage account for custom templates.')
param templateStoreIntegrationEnabled bool = false
@description('Name of storage account containing custom templates. If a name is not provided and enableTemplateStoreIntegration is true, an autogenerated name based on serviceName will be used.')
param templateStorageAccountName string = '${serviceName}templatestorage'
@description('Name of storage account container containing custom templates. If a name is not provided and enableTemplateStoreIntegration is true, an autogenerated name based on serviceName will be used.')
param templateStorageAccountContainerName string = '${serviceName}templatecontainer'
@description('If set to true, Application Insights logs and metrics collection will be enabled for the container app.')
param applicationInsightsEnabled bool = true
@description('Name of the key vault to hold the application insights connection string as a secret. If a name is not provided, an autogenerated name based on serviceName will be used.')
param keyVaultName string = '${serviceName}-kv'
@description('Name of the user-assigned managed identity to be deployed for accessing the key vault. If a name is not provided, an autogenerated name based on serviceName will be used.')
param keyVaultUserAssignedIdentityName string = '${serviceName}-kv-identity'
@description('If set to true, security requirements will be enabled on the API endpoint. This is strongly recommended.')
param securityEnabled bool = false
@description('Audiences for the api authentication. Only applicable when securityEnabled is set to true.')
param securityAuthenticationAudiences array = []
@description('Authority for the api authentication. Only applicable when securityEnabled is set to true.')
param securityAuthenticationAuthority string = ''
@description('When set to true, the template Storage Account will only accept network traffic from within the specified Virtual Network, which the Container Apps environment will be onboarded to.')
param storageAccountNetworkIsolationEnabled bool = false
@description('The name of the Virtual Network linked to the Container Apps Environment and used to isolate the Storage Account. Only applicable when storageAccountNetworkIsolationEnabled is set to true.')
param vnetName string = '${serviceName}-vnet'
@description('A list of address blocks reserved for the VirtualNetwork in CIDR notation. Only applicable when storageAccountNetworkIsolationEnabled is set to true. Be sure to review the FHIR Converter documentation on Enabling Storage Account Network Isolation is selecting a custom value.')
param vnetAddressPrefixes array = [ '10.0.0.0/20' ]
@description('The name of the subnet in the virtual network. Only applicable when storageAccountNetworkIsolationEnabled is set to true.')
param subnetName string = 'default'
@description('The address prefix for the subnet. Only applicable when storageAccountNetworkIsolationEnabled is set to true. Be sure to review the FHIR Converter documentation on Enabling Storage Account Network Isolation is selecting a custom value.')
param subnetAddressPrefix string = '10.0.0.0/23'
var deploymentTemplateVersion = '1'
resource resourceGroup 'Microsoft.Resources/resourceGroups@2020-06-01' = {
name: resourceGroupName
location: location
tags: {
fhirConverterDeploymentTemplateVersion: deploymentTemplateVersion
}
}
// Deploy a keyVault if it is needed
var deployKeyVault = applicationInsightsEnabled
// Deploy key vault and/or template storage account as required
module dependentResourceDeploy 'Deploy-DependentResources.bicep' = if (templateStoreIntegrationEnabled || deployKeyVault) {
name: 'dependentResourceDeploy_${timestamp}'
scope: resourceGroup
params: {
location: location
deployTemplateStore: templateStoreIntegrationEnabled
templateStorageAccountName: templateStorageAccountName
templateStorageAccountContainerName: templateStorageAccountContainerName
deployKeyVault: deployKeyVault
keyVaultName: keyVaultName
keyVaultUserAssignedIdentityName: keyVaultUserAssignedIdentityName
configureNetworkIsolation: storageAccountNetworkIsolationEnabled
vnetName: vnetName
vnetAddressPrefixes: vnetAddressPrefixes
subnetName: subnetName
subnetAddressPrefix: subnetAddressPrefix
}
}
// Deploy the infrastructure for the container app
module convertInfrastructureDeploy 'Deploy-Infrastructure.bicep' = {
name: 'convertInfrastructureDeploy_${timestamp}'
scope: resourceGroup
params: {
location: location
envName: containerAppEnvName
deployApplicationInsights: applicationInsightsEnabled
keyVaultName: keyVaultName
linkToVnet: storageAccountNetworkIsolationEnabled
cAppEnvVnetName: vnetName
cAppEnvSubnetName: subnetName
}
dependsOn: [
dependentResourceDeploy
]
}
// Deploy the container app
module fhirConverterDeploy 'Deploy-FhirConverterService.bicep' = {
name: 'fhirConverterDeploy_${timestamp}'
scope: resourceGroup
params: {
location: location
containerAppImageTag: containerAppImageTag
containerAppName: containerAppName
containerAppEnvName: convertInfrastructureDeploy.outputs.containerAppEnvironmentName
minReplicas: minReplicas
maxReplicas: maxReplicas
cpuLimit: cpuLimit
memoryLimit: memoryLimit
securityEnabled: securityEnabled
securityAuthenticationAudiences: securityAuthenticationAudiences
securityAuthenticationAuthority: securityAuthenticationAuthority
templateStorageAccountName: templateStoreIntegrationEnabled ? dependentResourceDeploy.outputs.templateStorageAccountName : ''
templateStorageAccountContainerName: templateStoreIntegrationEnabled ? dependentResourceDeploy.outputs.templateStorageAccountContainerName : ''
keyVaultName: deployKeyVault ? dependentResourceDeploy.outputs.keyVaultName : ''
keyVaultUserAssignedIdentityName: deployKeyVault ? dependentResourceDeploy.outputs.keyVaultUAMIName : ''
applicationInsightsUserAssignedIdentityName: applicationInsightsEnabled ? convertInfrastructureDeploy.outputs.applicationInsightsUAMIName: ''
applicationInsightsConnectionStringSecretName: applicationInsightsEnabled ? convertInfrastructureDeploy.outputs.applicationInsightsConnStringSecretName : ''
}
dependsOn: [
dependentResourceDeploy
convertInfrastructureDeploy
]
}
output fhirConverterApiEndpoint string = fhirConverterDeploy.outputs.containerAppFQDN
output resourceGroupName string = resourceGroup.name