diff --git a/functions.tf b/functions.tf index 0ec1f92..201fabc 100644 --- a/functions.tf +++ b/functions.tf @@ -37,16 +37,21 @@ resource "azurerm_function_app" "igss_businesslogic_function" { } -resource "azurerm_storage_account" "igss_iotbackendfunction_sa" { - name = "iotbefuncsa01" +################# +# Backend Function +################# +resource "azurerm_storage_account" "igss_backend_function_sa" { + name = "igssbefuncsa01" resource_group_name = "${azurerm_resource_group.igss_iot_backend_rg.name}" location = "${azurerm_resource_group.igss_iot_backend_rg.location}" account_tier = "Standard" account_replication_type = "LRS" } -resource "azurerm_app_service_plan" "igss_iotbackend_appplan" { - name = "igss-iot-backend-appplan" + +resource "azurerm_app_service_plan" "igss_backend_appplan" { + name = "igss-backend-appplan" + location = "${azurerm_resource_group.igss_iot_backend_rg.location}" resource_group_name = "${azurerm_resource_group.igss_iot_backend_rg.name}" kind = "FunctionApp" @@ -57,10 +62,15 @@ resource "azurerm_app_service_plan" "igss_iotbackend_appplan" { } } -resource "azurerm_function_app" "igss_iotbackend_function" { - name = "igss-iot-backend-function" + +resource "azurerm_function_app" "igss_backend_function" { + name = "igss-backend-functions" location = "${azurerm_resource_group.igss_iot_backend_rg.location}" resource_group_name = "${azurerm_resource_group.igss_iot_backend_rg.name}" - app_service_plan_id = "${azurerm_app_service_plan.igss_iotbackend_appplan.id}" - storage_connection_string = "${azurerm_storage_account.igss_iotbackendfunction_sa.primary_connection_string}" + app_service_plan_id = "${azurerm_app_service_plan.igss_backend_appplan.id}" + storage_connection_string = "${azurerm_storage_account.igss_backend_function_sa.primary_connection_string}" + identity { + type = "SystemAssigned" + } + } \ No newline at end of file diff --git a/iot-backend.tf b/iot-backend.tf index 2e667b7..b0a4d51 100644 --- a/iot-backend.tf +++ b/iot-backend.tf @@ -103,3 +103,40 @@ resource "azurerm_template_deployment" "igss_streamanalyitics_deployment" { } #Further configuration is done with powershell scripts in ./StreamAnalytics/... +################## +# Cosmos DB +################## + +resource "random_integer" "ri" { + min = 10000 + max = 99999 +} + +resource "azurerm_cosmosdb_account" "igss_cosmosdb" { + name = "igss-iot-cosmosdb-${random_integer.ri.result}" + location = "${azurerm_resource_group.igss_iot_backend_rg.location}" + resource_group_name = "${azurerm_resource_group.igss_iot_backend_rg.name}" + offer_type = "Standard" + kind = "MongoDB" + + enable_automatic_failover = true + + consistency_policy { + consistency_level = "BoundedStaleness" + max_interval_in_seconds = 10 + max_staleness_prefix = 200 + } + + geo_location { + prefix = "igss-iot-cosmosdb-${random_integer.ri.result}-customid" + location = "${azurerm_resource_group.igss_iot_backend_rg.location}" + failover_priority = 0 + } +} + +resource "azurerm_key_vault_secret" "igss_cosmosdb_connectionstring" { + name = "igss-cosmosdb-connectionstring" + value = "${azurerm_cosmosdb_account.igss_cosmosdb.connection_strings[0]}" + key_vault_id = "${azurerm_key_vault.igss_keyvault.id}" + depends_on = ["azurerm_key_vault_access_policy.igss_keyvault_accesspolicy02"] +} \ No newline at end of file diff --git a/security.tf b/security.tf index dea3e09..295b780 100644 --- a/security.tf +++ b/security.tf @@ -111,3 +111,22 @@ resource "azurerm_key_vault_access_policy" "igss_keyvault_accesspolicy03" { ] } + +/* +resource "azurerm_key_vault_access_policy" "igss_keyvault_accesspolicy04" { + vault_name = "${azurerm_key_vault.igss_keyvault.name}" + resource_group_name = "${azurerm_key_vault.igss_keyvault.resource_group_name}" + + tenant_id = "${data.azurerm_client_config.clientconfig_current.tenant_id}" + object_id = "${azurerm_function_app.igss_backend_function.identity.principal_id}" + + key_permissions = [ + "get" + ] + + secret_permissions = [ + "get" + ] + depends_on = ["azurerm_function_app.igss_backend_function"] +} +*/ \ No newline at end of file