Merge pull request #148 from microsoft/feature-avm-bk

refactor: avm changes for log analytics and app insights

Author: brittneek

infra/main.bicep

@@ -141,9 +141,9 @@ module avmRoleAssignment 'br/public:avm/ptn/authorization/resource-role-assignme
 module avmKeyVault './modules/key-vault.bicep' = {
   name: format(deployment_param.resource_name_format_string, abbrs.security.keyVault)
   params: {
-    name: format(deployment_param.resource_name_format_string, abbrs.security.keyVault)
+    deployment_param: deployment_param
     keyVaultParams: {
-      keyvault_name: '${abbrs.security.keyVault}${deployment_param.solution_prefix}'
+      keyvaultName: '${abbrs.security.keyVault}${deployment_param.solution_prefix}'
       location: deployment_param.resource_group_location
       tags: {
         app: deployment_param.solution_prefix
@@ -182,41 +182,37 @@ module avmKeyVault './modules/key-vault.bicep' = {
 //   scope: resourceGroup(resourceGroup().name)
 // }
 
-// ========== Application insights ========== //
-module avmLogAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.11.2' = {
-  name: format(deployment_param.resource_name_format_string, abbrs.managementGovernance.logAnalyticsWorkspace)
-  params: {
-    name: '${abbrs.managementGovernance.logAnalyticsWorkspace}${deployment_param.solution_prefix}'
-    location: deployment_param.resource_group_location
-    diagnosticSettings: [{ useThisWorkspace: true }]
-    skuName: 'PerGB2018'
-    dataRetention: 30
-  }
-}
-
-module avmApplicationInsights 'br/public:avm/res/insights/component:0.6.0' = {
-  name: format(deployment_param.resource_name_format_string, abbrs.managementGovernance.applicationInsights)
+// ========== Application insights and Log Analytics Workspace (AVM module) ========== //
+module avmAppInsightsAndLogAnalytics './modules/app-insights.bicep' = {
+  name: format(deployment_param.resource_name_format_string, 'ai-law-avm')
   params: {
-    name: '${abbrs.managementGovernance.applicationInsights}${deployment_param.solution_prefix}'
-    location: deployment_param.resource_group_location
-    workspaceResourceId: avmLogAnalyticsWorkspace.outputs.resourceId
-    retentionInDays: 30
-    kind: 'web'
-    disableIpMasking: false
-    flowType: 'Bluefield'
-    diagnosticSettings: [{ workspaceResourceId: avmLogAnalyticsWorkspace.outputs.resourceId }]
+    deployment_param: deployment_param
+    appInsights_param: {
+      appInsightsName: '${abbrs.managementGovernance.applicationInsights}${deployment_param.solution_prefix}'
+      logAnalyticsWorkspaceName: '${abbrs.managementGovernance.logAnalyticsWorkspace}${deployment_param.solution_prefix}'
+      location: deployment_param.resource_group_location
+      kind: 'web'
+      retentionInDays: 30
+      features: {
+        searchVersion: 1
+      }
+      skuName: 'PerGB2018'
+      applicationType: 'web'
+      disableIpMasking: false
+      disableLocalAuth: false
+      flowType: 'Bluefield'
+      forceCustomerStorageForProfiler: false
+      //ImmediatePurgeDataOn30Days: true
+      //IngestionMode: 'LogAnalytics'
+      publicNetworkAccessForIngestion: 'Enabled'
+      publicNetworkAccessForQuery: 'Disabled'
+      requestSource: 'rest'
+      
+    }
   }
+  scope: resourceGroup(resourceGroup().name)
 }
 
-// module applicationInsights 'deploy_app_insights.bicep' = {
-//   name: 'deploy_app_insights'
-//   params: {
-//     applicationInsightsName: '${abbrs.managementGovernance.applicationInsights}${solutionPrefix}'
-//     logAnalyticsWorkspaceName: '${abbrs.managementGovernance.logAnalyticsWorkspace}${solutionPrefix}'
-//   }
-// }
-
-// // ========== Container Registry ========== //
 module avmContainerRegistry 'br/public:avm/res/container-registry/registry:0.9.1' = {
   name: format(deployment_param.resource_name_format_string, abbrs.containers.containerRegistry)
   params: {
@@ -375,7 +371,7 @@ module avmAiServices_storage_hub 'br/public:avm/res/storage/storage-account:0.20
     allowSharedKeyAccess: false
     diagnosticSettings: [
       {
-        workspaceResourceId: avmLogAnalyticsWorkspace.outputs.resourceId
+        workspaceResourceId: avmAppInsightsAndLogAnalytics.outputs.logAnalyticsWorkspaceId
       }
     ]
     blobServices: {
@@ -384,7 +380,7 @@ module avmAiServices_storage_hub 'br/public:avm/res/storage/storage-account:0.20
       containerDeleteRetentionPoloicyEnabled: false
       diagnosticSettings: [
         {
-          workspaceResourceId: avmLogAnalyticsWorkspace.outputs.resourceId
+          workspaceResourceId: avmAppInsightsAndLogAnalytics.outputs.logAnalyticsWorkspaceId
         }
       ]
     }
@@ -416,7 +412,7 @@ module avmAiHub 'br/public:avm/res/machine-learning-services/workspace:0.12.1' =
     associatedKeyVaultResourceId: avmKeyVault.outputs.resourceId
     associatedStorageAccountResourceId: avmAiServices_storage_hub.outputs.resourceId
     associatedContainerRegistryResourceId: avmContainerRegistry.outputs.resourceId
-    associatedApplicationInsightsResourceId: avmApplicationInsights.outputs.resourceId
+    associatedApplicationInsightsResourceId: avmAppInsightsAndLogAnalytics.outputs.applicationInsightsId
 
     kind: 'Hub'
     connections: [
@@ -470,6 +466,18 @@ module avmAiProject 'br/public:avm/res/machine-learning-services/workspace:0.12.
 //   scope: resourceGroup(resourceGroup().name)
 // }
 
+//TODO: Remove
+
+module avmLogAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.11.2' = {
+  name: 'workspaceDeployment'
+  params: {
+    // Required parameters
+    name: avmAppInsightsAndLogAnalytics.outputs.logAnalyticsWorkspaceName
+  }
+  scope: resourceGroup(resourceGroup().name)
+}
+
+
 // ========== Container App Environment ========== //
 module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.1' = {
   name: format(deployment_param.resource_name_format_string, abbrs.containers.containerAppsEnvironment)
@@ -484,7 +492,7 @@ module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.1' = {
     appLogsConfiguration: {
       destination: 'log-analytics'
       logAnalyticsConfiguration: {
-        customerId: avmLogAnalyticsWorkspace.outputs.logAnalyticsWorkspaceId
+        customerId: avmAppInsightsAndLogAnalytics.outputs.logAnalyticsWorkspaceId
         sharedKey: avmLogAnalyticsWorkspace.outputs.primarySharedKey
       }
     }

infra/modules/app-insights.bicep

@@ -0,0 +1,58 @@
+// modules/app-insights-avm.bicep
+metadata name = 'AVM Application Insights and Log Analytics Workspace Module'
+// AVM-compliant Application Insights and Log Analytics Workspace deployment
+// param applicationInsightsName string
+// param logAnalyticsWorkspaceName string
+// param location string
+// param dataRetention int = 30
+// param skuName string = 'PerGB2018'
+// param kind string = 'web'
+// param disableIpMasking bool = false
+// param flowType string = 'Bluefield'
+
+import {
+  app_insights_param_type
+  default_deployment_param_type
+} from './types.bicep'
+
+
+param appInsights_param app_insights_param_type
+param deployment_param default_deployment_param_type
+
+module avmLogAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.11.2' = {
+  name: 'deploy_log_analytics_workspace'
+  params: {
+    name: appInsights_param.logAnalyticsWorkspaceName
+    location: appInsights_param.location
+    skuName: appInsights_param.skuName
+    dataRetention: appInsights_param.retentionInDays
+    // features: {
+    //   searchVersion: appInsights_param.features.searchVersion
+    // }
+  }
+}
+
+module avmApplicationInsights 'br/public:avm/res/insights/component:0.6.0' = {
+  name: 'deploy_application_insights'
+  params: {
+    name: appInsights_param.appInsightsName
+    location: appInsights_param.location
+    workspaceResourceId: avmLogAnalyticsWorkspace.outputs.resourceId
+    kind: appInsights_param.kind
+    applicationType: appInsights_param.applicationType
+    disableIpMasking: appInsights_param.disableIpMasking
+    disableLocalAuth: appInsights_param.disableLocalAuth
+    flowType: appInsights_param.flowType
+    forceCustomerStorageForProfiler: appInsights_param.forceCustomerStorageForProfiler
+    //immediatePurgeDataOn30Days: false
+    //IngestionMode: 'LogAnalytics'
+    publicNetworkAccessForIngestion: appInsights_param.publicNetworkAccessForIngestion
+    publicNetworkAccessForQuery: appInsights_param.publicNetworkAccessForQuery
+    requestSource: appInsights_param.requestSource
+
+  }
+}
+
+output applicationInsightsId string = avmApplicationInsights.outputs.resourceId
+output logAnalyticsWorkspaceId string = avmLogAnalyticsWorkspace.outputs.resourceId
+output logAnalyticsWorkspaceName string = avmLogAnalyticsWorkspace.outputs.name

infra/modules/key-vault.bicep

@@ -17,15 +17,15 @@ metadata name = 'Key Vault Module'
 
 import {
   key_vault_param_type
+  default_deployment_param_type
 } from './types.bicep'
 
 param keyVaultParams key_vault_param_type
-param name string
-
+param deployment_param default_deployment_param_type
 module avmKeyVault 'br/public:avm/res/key-vault/vault:0.12.1' = {
-  name: name
+  name: 'deploy_keyvault'
   params: {
-    name: keyVaultParams.name
+    name: keyVaultParams.keyvaultName
     location: keyVaultParams.location
     tags: keyVaultParams.tags
     roleAssignments: keyVaultParams.roleAssignments
@@ -42,5 +42,7 @@ module avmKeyVault 'br/public:avm/res/key-vault/vault:0.12.1' = {
   }
 }
 
+// Adding additional resource deployment for WAF enabled
+
 output resourceId string = avmKeyVault.outputs.resourceId
 output vaultUri string = avmKeyVault.outputs.uri

infra/modules/parameters.bicep

@@ -61,6 +61,7 @@ var deployment_param default_deployment_param_type = {
   resource_group_location: resourceGroupLocation
   resource_name_prefix: {}
   resource_name_format_string: resource_format_string
+  enable_waf: false // Set to true if you want to enable WAF
 }
 
 var ai_deployment ai_deployment_param_type = {

infra/modules/types.bicep

@@ -72,7 +72,7 @@ type keyvault_public_network_access_type = 'Disabled' | 'Enabled'
 @export()
 type key_vault_param_type = {
   @description('Name of the Key Vault')
-  keyvault_name: string
+  keyvaultName: string
   @description('Location of the Key Vault')
   location: string
   @description('Tags for the Key Vault')
@@ -100,3 +100,52 @@ type key_vault_param_type = {
   @description('Enable telemetry for the Key Vault')
   enableTelemetry: bool
 }
+
+
+type app_insights_retention_in_days = 30 | 60 | 90 | 120 | 180 | 270 | 365
+type app_insights_kind = 'web' | 'other'
+type app_insights_applicationType = 'web' | 'other'
+type app_insights_flow_type = 'Bluefield' | 'Basic'
+type app_insights_sku_name = 'PerGB2018' | 'CapacityReservation' | 'Premium' | 'Standard' | 'Free' | 'PerNode' | 'LACluster' | 'Standalone'
+
+@export()
+type app_insights_param_type = {
+  @description('Name of the Application Insights resource')
+  appInsightsName: string
+  @description('Location for the Application Insights and Log Analytics Workspace resources')
+  location: string
+  // @description('Workspace resource ID for the Application Insights resource')
+  // workspaceResourceId: string
+  @description('Retention period in days for the Application Insights resource')
+  retentionInDays: app_insights_retention_in_days
+  @description('Kind of the Application Insights resource')
+  kind: app_insights_kind
+  @description('Disable IP masking for the Application Insights resource')
+  disableIpMasking: bool
+  @description('Flow type for the Application Insights resource')
+  flowType: app_insights_flow_type
+  @description('Application Type for the Application Insights resource')
+  applicationType: app_insights_applicationType
+  @description('Disable local authentication for the Application Insights resource')
+  disableLocalAuth: bool
+  @description('Force customer storage for profiler in Application Insights resource')
+  forceCustomerStorageForProfiler: bool
+  @description('Public network access for ingestion in Application Insights resource')
+  publicNetworkAccessForIngestion: 'Enabled' | 'Disabled'
+  @description('Public network access for query in Application Insights resource')
+  publicNetworkAccessForQuery: 'Enabled' | 'Disabled'
+  @description('Request source for the Application Insights resource')
+  requestSource: 'rest' | 'other'
+
+  @description('Name of the Log Analytics Workspace resource')
+  logAnalyticsWorkspaceName: string
+  @description('SKU name for the Log Analytics Workspace resource')
+  skuName: app_insights_sku_name
+  @description('This is the features properties for Log Analytics Workspace resource')
+  features: {
+    @description('Search version for the Log Analytics Workspace resource')
+    searchVersion: 1
+  }
+
+
+}