moved app insights and diag settings for frontend

into its own module Jira ticket: CAMS-417
US-Trustee-Program · Dec 26, 2024 · 2f681f6 · 2f681f6
1 parent 4ea7609
commit 2f681f6
Show file tree

Hide file tree

Showing 5 changed files with 114 additions and 81 deletions.
diff --git a/.github/workflows/reusable-deploy.yml b/.github/workflows/reusable-deploy.yml
@@ -82,7 +82,7 @@ jobs:
             --deployVnet ${{ inputs.deployVnet }} \
             --camsReactSelectHash ${{ secrets.CAMS_REACT_SELECT_HASH }} \
             --ustpIssueCollectorHash ${{ secrets.USTP_ISSUE_COLLECTOR_HASH }} \
-            --createAlerts ${{ inputs.ghaEnvironment != 'Main-Gov' }} \
+            --createAlerts ${{ inputs.ghaEnvironment == 'Main-Gov' }} \
             --deployAppInsights true \
             --functionPlanType ${{ vars.AZ_PLAN_TYPE }} \
             --webappPlanType ${{ vars.AZ_PLAN_TYPE }} \

diff --git a/ops/cloud-deployment/backend-api-deploy.bicep b/ops/cloud-deployment/backend-api-deploy.bicep
@@ -210,7 +210,7 @@ var userAssignedIdentities = union(
   createSqlServerVnetRule ? { '${sqlIdentity.id}': {} } : {}
 )
 
-resource apiFunctionApp 'Microsoft.Web/sites@2022-09-01' = {
+resource apiFunctionApp 'Microsoft.Web/sites@2023-12-01' = {
   name: apiFunctionName
   location: location
   kind: 'functionapp,linux'
@@ -232,7 +232,7 @@ resource apiFunctionApp 'Microsoft.Web/sites@2022-09-01' = {
 }
 
 
-resource migrationFunctionApp 'Microsoft.Web/sites@2022-09-01' = {
+resource migrationFunctionApp 'Microsoft.Web/sites@2023-12-01' = {
   name: migrationFunctionName
   location: location
   kind: 'functionapp,linux'
@@ -492,7 +492,7 @@ var middlewareIpSecurityRestrictionsRules = [
 
 var migrationIpSecurityRestrictionsRules = concat(ipSecurityRestrictionsRules, middlewareIpSecurityRestrictionsRules)
 
-resource apiFunctionConfig 'Microsoft.Web/sites/config@2022-09-01' = {
+resource apiFunctionConfig 'Microsoft.Web/sites/config@2023-12-01' = {
   parent: apiFunctionApp
   name: 'web'
   properties: {
@@ -524,7 +524,7 @@ resource apiFunctionConfig 'Microsoft.Web/sites/config@2022-09-01' = {
   }
 }
 
-resource migrationFunctionConfig 'Microsoft.Web/sites/config@2022-09-01' = {
+resource migrationFunctionConfig 'Microsoft.Web/sites/config@2023-12-01' = {
   parent: migrationFunctionApp
   name: 'web'
   properties: {

diff --git a/ops/cloud-deployment/frontend-webapp-deploy.bicep b/ops/cloud-deployment/frontend-webapp-deploy.bicep
@@ -66,25 +66,6 @@ var appCommandLine = 'rm /etc/nginx/sites-enabled/default;envsubst < /home/site/
 @description('The prefered minimum TLS Cipher Suite to set for SSL negotiation. NOTE: Azure feature still in preview and limited to Premium plans')
 param preferedMinTLSCipherSuite string = 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
 
-resource serverFarm 'Microsoft.Web/serverfarms@2022-09-01' = {
-  location: location
-  name: planName
-  sku: planTypeToSkuMap[planType]
-  kind: 'app,linux'
-  properties: {
-    perSiteScaling: false
-    elasticScaleEnabled: false
-    maximumElasticWorkerCount: 1
-    isSpot: false
-    reserved: hostOSType
-    isXenon: false
-    hyperV: false
-    targetWorkerCount: 0
-    targetWorkerSizeId: 0
-    zoneRedundant: false
-  }
-}
-
 @description('Flag to enable Vercode access')
 param allowVeracodeScan bool = false
 
@@ -129,66 +110,30 @@ param privateDnsZoneResourceGroup string = virtualNetworkResourceGroupName
 param privateDnsZoneSubscriptionId string = subscription().subscriptionId
 
 var createApplicationInsights = deployAppInsights && !empty(analyticsWorkspaceId)
-module appInsights './lib/app-insights/app-insights.bicep' =
-  if (createApplicationInsights) {
-    name: '${webappName}-application-insights-module'
-    params: {
-      location: location
-      kind: 'web'
-      appInsightsName: 'appi-${webappName}'
-      applicationType: 'web'
-      workspaceResourceId: analyticsWorkspaceId
-    }
-  }
-module healthAlertRule './lib/monitoring-alerts/metrics-alert-rule.bicep' =
-  if (createAlerts) {
-    name: '${webappName}-healthcheck-alert-rule-module'
-    params: {
-      alertName: '${webappName}-health-check-alert'
-      appId: webapp.id
-      timeAggregation: 'Average'
-      operator: 'LessThan'
-      targetResourceType: 'Microsoft.Web/sites'
-      metricName: 'HealthCheckStatus'
-      severity: 2
-      threshold: 100
-      actionGroupName: actionGroupName
-      actionGroupResourceGroupName: actionGroupResourceGroupName
-    }
-  }
-module httpAlertRule './lib/monitoring-alerts/metrics-alert-rule.bicep' =
-  if (createAlerts) {
-    name: '${webappName}-http-error-alert-rule-module'
-    params: {
-      alertName: '${webappName}-http-error-alert'
-      appId: webapp.id
-      timeAggregation: 'Total'
-      operator: 'GreaterThanOrEqual'
-      targetResourceType: 'Microsoft.Web/sites'
-      metricName: 'Http5xx'
-      severity: 1
-      threshold: 1
-      actionGroupName: actionGroupName
-      actionGroupResourceGroupName: actionGroupResourceGroupName
-    }
-  }
-module diagnosticSettings './lib/app-insights/diagnostics-settings-webapp.bicep' =
-  if (createApplicationInsights) {
-  name: '${webappName}-diagnostic-settings-module'
-  params: {
-    webappName: webappName
-    workspaceResourceId: analyticsWorkspaceId
+
+resource serverFarm 'Microsoft.Web/serverfarms@2022-09-01' = {
+  location: location
+  name: planName
+  sku: planTypeToSkuMap[planType]
+  kind: 'app,linux'
+  properties: {
+    perSiteScaling: false
+    elasticScaleEnabled: false
+    maximumElasticWorkerCount: 1
+    isSpot: false
+    reserved: hostOSType
+    isXenon: false
+    hyperV: false
+    targetWorkerCount: 0
+    targetWorkerSizeId: 0
+    zoneRedundant: false
   }
-  dependsOn: [
-    appInsights
-    webapp
-  ]
 }
 
 /*
   Create webapp
 */
-resource webapp 'Microsoft.Web/sites@2022-03-01' = {
+resource webapp 'Microsoft.Web/sites@2023-12-01' = {
   name: webappName
   location: location
   kind: 'app'
@@ -199,6 +144,22 @@ resource webapp 'Microsoft.Web/sites@2022-03-01' = {
     virtualNetworkSubnetId: webappSubnetId
   }
 }
+
+module webappInsights 'lib/app-insights/webapp-insights.bicep' = {
+  name: '${webappName}-appi-settings-module'
+  params: {
+    actionGroupName: actionGroupName
+    actionGroupResourceGroupName: actionGroupResourceGroupName
+    analyticsWorkspaceId: analyticsWorkspaceId
+    createAlerts: createAlerts
+    createApplicationInsights: createApplicationInsights
+    webappName: webappName
+  }
+  dependsOn: [
+    webapp
+  ]
+}
+
 var applicationSettings = concat(
   [
     {
@@ -230,7 +191,7 @@ var applicationSettings = concat(
         }
         {
           name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
-          value: appInsights.outputs.connectionString
+          value: webappInsights.outputs.connectionString
         }
       ]
     : []
@@ -258,7 +219,7 @@ var ipSecurityRestrictionsRules = concat(
       ]
     : []
 )
-resource webappConfig 'Microsoft.Web/sites/config@2022-09-01' = {
+resource webappConfig 'Microsoft.Web/sites/config@2023-12-01' = {
   parent: webapp
   name: 'web'
   properties: union(

diff --git a/ops/cloud-deployment/lib/app-insights/function-app-insights.bicep b/ops/cloud-deployment/lib/app-insights/function-app-insights.bicep
@@ -10,7 +10,7 @@ param actionGroupName string
 
 param actionGroupResourceGroupName string
 
-resource functionApp 'Microsoft.Web/sites@2022-09-01' existing = {
+resource functionApp 'Microsoft.Web/sites@2023-12-01' existing = {
   name: functionAppName
 }
 

diff --git a/ops/cloud-deployment/lib/app-insights/webapp-insights.bicep b/ops/cloud-deployment/lib/app-insights/webapp-insights.bicep
@@ -0,0 +1,72 @@
+param webappName string
+
+param analyticsWorkspaceId string
+
+param createAlerts bool
+
+param createApplicationInsights bool
+
+param actionGroupName string
+
+param actionGroupResourceGroupName string
+
+resource webapp 'Microsoft.Web/sites@2023-12-01' existing = {
+  name: webappName
+}
+
+module appInsights './app-insights.bicep' = if (createApplicationInsights) {
+  name: '${webappName}-application-insights-module'
+  params: {
+    location: webapp.location
+    kind: 'web'
+    appInsightsName: 'appi-${webappName}'
+    applicationType: 'web'
+    workspaceResourceId: analyticsWorkspaceId
+  }
+}
+
+module diagnosticSettings './diagnostics-settings-webapp.bicep' = if (createApplicationInsights) {
+  name: '${webappName}-diagnostic-settings-module'
+  params: {
+    webappName: webappName
+    workspaceResourceId: analyticsWorkspaceId
+  }
+  dependsOn: [
+    appInsights
+    webapp
+  ]
+}
+
+module healthAlertRule '../monitoring-alerts/metrics-alert-rule.bicep' = if (createAlerts) {
+  name: '${webappName}-healthcheck-alert-rule-module'
+  params: {
+    alertName: '${webappName}-health-check-alert'
+    appId: webapp.id
+    timeAggregation: 'Average'
+    operator: 'LessThan'
+    targetResourceType: 'Microsoft.Web/sites'
+    metricName: 'HealthCheckStatus'
+    severity: 2
+    threshold: 100
+    actionGroupName: actionGroupName
+    actionGroupResourceGroupName: actionGroupResourceGroupName
+  }
+}
+
+module httpAlertRule '../monitoring-alerts/metrics-alert-rule.bicep' = if (createAlerts) {
+  name: '${webappName}-http-error-alert-rule-module'
+  params: {
+    alertName: '${webappName}-http-error-alert'
+    appId: webapp.id
+    timeAggregation: 'Total'
+    operator: 'GreaterThanOrEqual'
+    targetResourceType: 'Microsoft.Web/sites'
+    metricName: 'Http5xx'
+    severity: 1
+    threshold: 1
+    actionGroupName: actionGroupName
+    actionGroupResourceGroupName: actionGroupResourceGroupName
+  }
+}
+
+output connectionString string = appInsights.outputs.connectionString