refactor: update resource naming conventions and improve parameter descriptions across Bicep modules

Author: Abdul-Microsoft

infra/main.bicep

@@ -2,22 +2,23 @@ metadata name = 'Modernize Your Code Solution Accelerator'
 metadata description = '''CSA CTO Gold Standard Solution Accelerator for Modernize Your Code. 
 '''
 
-@description('Set to true if you want to deploy WAF-aligned infrastructure.')
+@description('Required. Set to true if you want to deploy WAF-aligned infrastructure.')
 param useWafAlignedArchitecture bool
 
 @minLength(3)
 @maxLength(16)
 @description('Required. A unique application/solution name for all resources in this deployment. This should be 3-16 characters long.')
-param solutionName string
+param solutionName string = 'codemode'
 
 @maxLength(5)
 @description('Optional. A unique token for the solution. This is used to ensure resource names are unique for global resources. Defaults to a 5-character substring of the unique string generated from the subscription ID, resource group name, and solution name.')
 param solutionUniqueToken string = substring(uniqueString(subscription().id, resourceGroup().name, solutionName), 0, 5)
 
 @minLength(3)
 @metadata({ azd: { type: 'location' } })
-@description('Optional. Azure region for all services. Defaults to the resource group location.')
-param location string = resourceGroup().location
+@description('Optional. Azure region for all services. Defaults to the resource group location. Regions are restricted to guarantee compatibility with paired regions and replica locations for data redundancy and failover scenarios.')
+@allowed(['australiaeast','brazilsouth','canadacentral','centralindia','centralus','eastasia','eastus','eastus2','francecentral','germanywestcentral','japaneast','japanwest','koreacentral','northeurope','norwayeast','southafricanorth','southcentralus','southeastasia','swedencentral','switzerlandnorth','uaenorth','uksouth','westeurope','westus2','westus3'])
+param location string
 
 @allowed([
   'australiaeast'
@@ -53,7 +54,7 @@ param enableMonitoring bool = useWafAlignedArchitecture? true : false
 param enableScaling bool = useWafAlignedArchitecture? true : false
 
 @description('Optional. Enable redundancy for applicable resources. Defaults to false.')
-param enableRedundancy bool = false
+param enableRedundancy bool = useWafAlignedArchitecture? true : false
 
 @description('Optional. The secondary location for the Cosmos DB account if redundancy is enabled.')
 param secondaryLocation string?
@@ -74,8 +75,8 @@ param vmAdminUsername string?
 //param vmAdminPassword string = newGuid()
 param vmAdminPassword string?
 
-@description('Optional. Specifies the resource tags for all the resources. Tag "azd-env-name" is automatically added to all resources.')
-param tags object = {}
+@description('Optional. The tags to apply to all deployed Azure resources.')
+param tags resourceInput<'Microsoft.Resources/resourceGroups@2025-04-01'>.tags = {}
 
 @description('Optional. Enable/Disable usage telemetry for module.')
 param enableTelemetry bool = true
@@ -101,13 +102,6 @@ param azureExistingAIProjectResourceId string = ''
 
 param existingLogAnalyticsWorkspaceId string = ''
 
-var allTags = union(
-  {
-    'azd-env-name': solutionName
-  },
-  tags
-)
-
 var resourcesName = toLower(trim(replace(
   replace(
     replace(replace(replace(replace('${solutionName}${solutionUniqueToken}', '-', ''), '_', ''), '.', ''), '/', ''),
@@ -132,14 +126,12 @@ var modelDeployment = {
   raiPolicyName: 'Microsoft.Default'
 }
 
-var abbrs = loadJsonContent('./abbreviations.json')
-
 // ========== Resource Group Tag ========== //
 resource resourceGroupTags 'Microsoft.Resources/tags@2021-04-01' = {
   name: 'default'
   properties: {
     tags: {
-      ...allTags
+      ...tags
       TemplateName: 'Code Modernization'
     }
   }
@@ -167,12 +159,13 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT
   }
 }
 
+var appIdentityName = 'id-${resourcesName}'
 module appIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.1' = {
-  name: take('identity-app-${resourcesName}-deployment', 64)
+  name: take('avm.res.managed-identity.user-assigned-identity.${appIdentityName}', 64)
   params: {
-    name: '${abbrs.security.managedIdentity}${resourcesName}'
+    name: appIdentityName
     location: location
-    tags: allTags
+    tags: tags
     enableTelemetry: enableTelemetry
   }
 }
@@ -188,16 +181,17 @@ resource existingLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces
   scope: resourceGroup(existingLawSubscription, existingLawResourceGroup)
 }
 
+var logAnalyticsWorkspaceResourceName = 'log-${resourcesName}'
 // Deploy new Log Analytics workspace only if required and not using existing
 module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.11.2' = if ((enableMonitoring || enablePrivateNetworking) && !useExistingLogAnalytics) {
-  name: take('log-analytics-${resourcesName}-deployment', 64)
+  name: take('avm.res.operational-insights.workspace.${logAnalyticsWorkspaceResourceName}', 64)
   params: {
-    name: '${abbrs.managementGovernance.logAnalyticsWorkspace}${resourcesName}'
+    name: logAnalyticsWorkspaceResourceName
     location: location
     skuName: 'PerGB2018'
     dataRetention: 30
     diagnosticSettings: [{ useThisWorkspace: true }]
-    tags: allTags
+    tags: tags
     enableTelemetry: enableTelemetry
   }
 }
@@ -207,45 +201,45 @@ var logAnalyticsWorkspaceResourceId = useExistingLogAnalytics ? existingLogAnaly
 var LogAnalyticsPrimarySharedKey string = useExistingLogAnalytics? existingLogAnalyticsWorkspace.listKeys().primarySharedKey : logAnalyticsWorkspace.outputs.primarySharedKey
 var LogAnalyticsWorkspaceId = useExistingLogAnalytics? existingLogAnalyticsWorkspace.properties.customerId : logAnalyticsWorkspace.outputs.logAnalyticsWorkspaceId
 
+var applicationInsightsResourceName = 'appi-${resourcesName}'
 module applicationInsights 'br/public:avm/res/insights/component:0.6.0' = if (enableMonitoring) {
-  name: take('app-insights-${resourcesName}-deployment', 64)
+  name: take('avm.res.insights.component.${applicationInsightsResourceName}', 64)
   params: {
-    name: '${abbrs.managementGovernance.applicationInsights}${resourcesName}'
+    name: applicationInsightsResourceName
     location: location
     workspaceResourceId: logAnalyticsWorkspaceResourceId
     diagnosticSettings: [{ workspaceResourceId: logAnalyticsWorkspaceResourceId }]
-    tags: allTags
+    tags: tags
     enableTelemetry: enableTelemetry
   }
 }
 
-
 module network 'modules/network.bicep' = if (enablePrivateNetworking) {
-  name: take('network-${resourcesName}-deployment', 64)
+  name: take('module.network.${resourcesName}', 64)
   params: {
     resourcesName: resourcesName
     logAnalyticsWorkSpaceResourceId: logAnalyticsWorkspaceResourceId
     vmAdminUsername: vmAdminUsername ?? 'JumpboxAdminUser'
     vmAdminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!'
     vmSize: vmSize ??  'Standard_DS2_v2' // Default VM size 
     location: location
-    tags: allTags
+    tags: tags
     enableTelemetry: enableTelemetry
   }
 }
 
 module aiServices 'modules/ai-foundry/main.bicep' = {
-  name: take('avm.res.cognitive-services.account.${resourcesName}', 64)
+  name: take('modules.ai-foundry.${resourcesName}', 64)
   #disable-next-line no-unnecessary-dependson
   dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency
   params: {
-    name: '${abbrs.ai.aiFoundry}${resourcesName}'
+    name: 'aif-${resourcesName}'
     location: aiDeploymentsLocation
     sku: 'S0'
     kind: 'AIServices'
     deployments: [ modelDeployment ]
-    projectName: '${abbrs.ai.aiFoundryProject}${resourcesName}'
-    projectDescription: '${abbrs.ai.aiFoundryProject}${resourcesName}'
+    projectName: 'aifp-${resourcesName}'
+    projectDescription: 'aifp-${resourcesName}'
     logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspaceResourceId : ''
     privateNetworking: enablePrivateNetworking
       ? {
@@ -286,21 +280,21 @@ module aiServices 'modules/ai-foundry/main.bicep' = {
         roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User
       }
     ]
-    tags: allTags
+    tags: tags
     enableTelemetry: enableTelemetry
   }
 }
 
 var appStorageContainerName = 'appstorage'
 
 module storageAccount 'modules/storageAccount.bicep' = {
-  name: take('storage-account-${resourcesName}-deployment', 64)
+  name: take('module.storageAccount.${resourcesName}', 64)
   #disable-next-line no-unnecessary-dependson
   dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency
   params: {
-    name: take('${abbrs.storage.storageAccount}${resourcesName}', 24)
+    name: take('st${resourcesName}', 24)
     location: location
-    tags: allTags
+    tags: tags
     skuName: enableRedundancy ? 'Standard_GZRS' : 'Standard_LRS'
     logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspaceResourceId : ''
     privateNetworking: enablePrivateNetworking
@@ -329,11 +323,11 @@ module storageAccount 'modules/storageAccount.bicep' = {
 }
 
 module keyVault 'modules/keyVault.bicep' = {
-  name: take('keyvault-${resourcesName}-deployment', 64)
+  name: take('module.keyvault.${resourcesName}', 64)
   #disable-next-line no-unnecessary-dependson
   dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency
   params: {
-    name: take('${abbrs.security.keyVault}${resourcesName}', 24)
+    name: take('kv-${resourcesName}', 24)
     location: location
     sku: 'standard'
     logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspaceResourceId : ''
@@ -350,17 +344,17 @@ module keyVault 'modules/keyVault.bicep' = {
         roleDefinitionIdOrName: 'Key Vault Administrator'
       }
     ]
-    tags: allTags
+    tags: tags
     enableTelemetry: enableTelemetry
   }
 }
 
 module cosmosDb 'modules/cosmosDb.bicep' = {
-  name: take('cosmos-${resourcesName}-deployment', 64)
+  name: take('module.cosmos.${resourcesName}', 64)
   #disable-next-line no-unnecessary-dependson
   dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency
   params: {
-    name: take('${abbrs.databases.cosmosDBDatabase}${resourcesName}', 44)
+    name: take('cosmos-${resourcesName}', 44)
     location: location
     dataAccessIdentityPrincipalId: appIdentity.outputs.principalId
     logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspaceResourceId : ''
@@ -372,15 +366,15 @@ module cosmosDb 'modules/cosmosDb.bicep' = {
           subnetResourceId: network.outputs.subnetPrivateEndpointsResourceId
         }
       : null
-    tags: allTags
+    tags: tags
     enableTelemetry: enableTelemetry
   }
 }
 
-var containerAppsEnvironmentName = '${abbrs.containers.containerAppsEnvironment}${resourcesName}'
+var containerAppsEnvironmentName = 'cae-${resourcesName}'
 
 module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.11.2' = {
-  name: take('container-env-${resourcesName}-deployment', 64)
+  name: take('avm.res.app.managed-environment.${containerAppsEnvironmentName}', 64)
   #disable-next-line no-unnecessary-dependson
   dependsOn: [applicationInsights, logAnalyticsWorkspace, network] // required due to optional flags that could change dependency
   params: {
@@ -414,17 +408,18 @@ module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.11.
           }
         ]
       : []
-    tags: allTags
+    tags: tags
     enableTelemetry: enableTelemetry
   }
 }
 
+var containerAppBackendName = 'ca-${resourcesName}-backend'
 module containerAppBackend 'br/public:avm/res/app/container-app:0.17.0' = {
-  name: take('container-app-backend-${resourcesName}-deployment', 64)
+  name: take('avm.res.app.container-app.${containerAppBackendName}', 64)
   #disable-next-line no-unnecessary-dependson
   dependsOn: [applicationInsights] // required due to optional flags that could change dependency
   params: {
-    name: take('${abbrs.containers.containerApp}backend-${resourcesName}', 32)
+    name: containerAppBackendName
     location: location
     environmentResourceId: containerAppsEnvironment.outputs.resourceId
     managedIdentities: {
@@ -585,15 +580,16 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.17.0' = {
           ]
         : []
     }
-    tags: allTags
+    tags: tags
     enableTelemetry: enableTelemetry
   }
 }
 
+var containerAppFrontendName = 'ca-${resourcesName}-frontend'
 module containerAppFrontend 'br/public:avm/res/app/container-app:0.17.0' = {
-  name: take('container-app-frontend-${resourcesName}-deployment', 64)
+  name: take('avm.res.app.container-app.${containerAppFrontendName}', 64)
   params: {
-    name: take('${abbrs.containers.containerApp}frontend-${resourcesName}', 32)
+    name: containerAppFrontendName
     location: location
     environmentResourceId: containerAppsEnvironment.outputs.resourceId
     managedIdentities: {
@@ -639,7 +635,7 @@ module containerAppFrontend 'br/public:avm/res/app/container-app:0.17.0' = {
           ]
         : []
     }
-    tags: allTags
+    tags: tags
     enableTelemetry: enableTelemetry
   }
 }

infra/main.parameters.json

@@ -44,6 +44,12 @@
     "backendExists": {
       "value": "${SERVICE_BACKEND_RESOURCE_EXISTS=false}"
     },
+    "tags": {
+      "value": {
+        "solutionName": "${AZURE_ENV_NAME}",
+        "location": "${AZURE_LOCATION}"
+      }
+    },
     "backendDefinition": {
       "value": {
         "settings": [

infra/modules/cosmosDb.bicep

@@ -55,7 +55,7 @@ var fileContainerName = 'cmsafile'
 var logContainerName = 'cmsalog'
 
 module cosmosAccount 'br/public:avm/res/document-db/database-account:0.15.0' = {
-  name: take('${name}-account-deployment', 64)
+  name: take('avm.res.document-db.database-account.${name}', 64)
   #disable-next-line no-unnecessary-dependson
   dependsOn: [privateDnsZone] // required due to optional flags that could change dependency
   params: {

infra/modules/keyVault.bicep

@@ -48,7 +48,7 @@ var privateDnsZoneResourceId = privateNetworking != null
   : ''
 
 module keyvault 'br/public:avm/res/key-vault/vault:0.12.1' = {
-  name: take('${name}-kv-deployment', 64)
+  name: take('avm.res.key-vault.${name}', 64)
   #disable-next-line no-unnecessary-dependson
   dependsOn: [privateDnsZone] // required due to optional flags that could change dependency
   params: {

infra/modules/network.bicep

@@ -64,7 +64,7 @@ param vmSize string
 // - For AVM modules, ensure only one delegation per subnet and leave delegations empty if not required.
 
 module network 'network/main.bicep' = {
-  name: take('network-${resourcesName}-create', 64)
+  name: take('module.network-main.${resourcesName}', 64)
   params: {
     resourcesName: resourcesName
     location: location

infra/modules/network/bastionHost.bicep

@@ -31,7 +31,7 @@ param subnet subnetType?
 // using AVM Network Security Group module
 // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/network-security-group
 module nsg 'br/public:avm/res/network/network-security-group:0.5.1' = if (!empty(subnet)) {
-  name: '${vnetName}-${subnet.?networkSecurityGroup.name}'
+  name: take('avm.res.network.network-security-group.${subnet.?networkSecurityGroup.name}', 64)
   params: {
     name: '${subnet.?networkSecurityGroup.name}-${vnetName}'
     location: location
@@ -44,7 +44,7 @@ module nsg 'br/public:avm/res/network/network-security-group:0.5.1' = if (!empty
 // 2. Create Azure Bastion Host using AVM Subnet Module with special config for Azure Bastion Subnet
 // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/virtual-network/subnet
 module bastionSubnet 'br/public:avm/res/network/virtual-network/subnet:0.1.2' = if (!empty(subnet)) {
-  name: take('bastionSubnet-${vnetName}', 64)
+  name: take('avm.res.network.virtual-network.subnet.AzureBastionSubnet', 64)
   params: {
     virtualNetworkName: vnetName
     name: 'AzureBastionSubnet' // this name required as is for Azure Bastion Host subnet
@@ -58,7 +58,7 @@ module bastionSubnet 'br/public:avm/res/network/virtual-network/subnet:0.1.2' =
 // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/bastion-host
 
 module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = {
-  name: take('bastionHost-${vnetName}-${name}', 64)
+  name: take('avm.res.network.bastion-host.${name}', 64)
   params: {
     name: name
     skuName: 'Standard'

infra/modules/network/jumpbox.bicep

@@ -38,7 +38,7 @@ param enableTelemetry bool = true
 // using AVM Network Security Group module
 // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/network-security-group
 module nsg 'br/public:avm/res/network/network-security-group:0.5.1' = if (!empty(subnet)) {
-  name: '${vnetName}-${subnet.?networkSecurityGroup.name}'
+  name: take('avm.res.network.network-security-group.${subnet.?networkSecurityGroup.name}', 64)
   params: {
     name: '${subnet.?networkSecurityGroup.name}-${vnetName}'
     location: location
@@ -52,7 +52,7 @@ module nsg 'br/public:avm/res/network/network-security-group:0.5.1' = if (!empty
 // using AVM Virtual Network Subnet module
 // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/virtual-network/subnet
 module subnetResource 'br/public:avm/res/network/virtual-network/subnet:0.1.2' = if (!empty(subnet)) {
-  name: subnet.?name ?? '${vnetName}-jumpbox-subnet'
+  name: take('avm.res.network.virtual-network.subnet.${subnet.?name}', 64)
   params: {
     virtualNetworkName: vnetName
     name: subnet.?name ?? ''
@@ -68,7 +68,7 @@ module subnetResource 'br/public:avm/res/network/virtual-network/subnet:0.1.2' =
 var vmName = take(name, 15) // Shorten VM name to 15 characters to avoid Azure limits
 
 module vm 'br/public:avm/res/compute/virtual-machine:0.15.0' = {
-  name: take('${vmName}-jumpbox', 64)
+  name: take('avm.res.compute.virtual-machine.${vmName}', 64)
   params: {
     name: vmName
     vmSize: size