Skip to content
Merged
38 changes: 21 additions & 17 deletions infra/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,7 @@
targetScope = 'resourceGroup'

metadata name = 'Multi-Agent Custom Automation Engine'
metadata description = '''This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.

> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.
'''
metadata description = 'This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.\n\n> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.\n'

@description('Optional. A unique application/solution name for all resources in this deployment. This should be 3-16 characters long.')
@minLength(3)
Expand Down Expand Up @@ -479,6 +476,7 @@ var dataCollectionRulesResourceName = 'dcr-${solutionSuffix}'
var dataCollectionRulesLocation = useExistingLogAnalytics
? existingLogAnalyticsWorkspace!.location
: logAnalyticsWorkspace!.outputs.location
var dcrLogAnalyticsDestinationName = 'la-${logAnalyticsWorkspaceResourceName}-destination'
module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-rule:0.11.0' = if (enablePrivateNetworking && enableMonitoring) {
name: take('avm.res.insights.data-collection-rule.${dataCollectionRulesResourceName}', 64)
params: {
Expand Down Expand Up @@ -550,19 +548,10 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
{
name: 'SecurityAuditEvents'
streams: [
'Microsoft-WindowsEvent'
]
eventLogName: 'Security'
eventTypes: [
{
eventType: 'Audit Success'
}
{
eventType: 'Audit Failure'
}
'Microsoft-Event'
]
xPathQueries: [
'Security!*[System[(EventID=4624 or EventID=4625)]]'
'Security!*[System[(band(Keywords,13510798882111488)) and (EventID != 4624)]]'
]
Comment thread
VishalS-Microsoft marked this conversation as resolved.
}
]
Expand All @@ -571,7 +560,7 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
logAnalytics: [
{
workspaceResourceId: logAnalyticsWorkspaceResourceId
name: 'la--1264800308'
name: dcrLogAnalyticsDestinationName
}
]
}
Expand All @@ -581,11 +570,21 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
'Microsoft-Perf'
]
destinations: [
'la--1264800308'
dcrLogAnalyticsDestinationName
]
transformKql: 'source'
outputStream: 'Microsoft-Perf'
}
{
streams: [
'Microsoft-Event'
]
destinations: [
dcrLogAnalyticsDestinationName
]
transformKql: 'source'
outputStream: 'Microsoft-Event'
}
]
}
}
Expand Down Expand Up @@ -1213,6 +1212,8 @@ module containerApp 'br/public:avm/res/app/container-app:0.22.0' = {
ingressTargetPort: 8000
ingressExternal: true
activeRevisionsMode: 'Single'
// SFI: Enforce HTTPS-only ingress. When false, HTTP requests are automatically redirected to HTTPS.
ingressAllowInsecure: false
corsPolicy: {
allowedOrigins: [
'https://${webSiteResourceName}.azurewebsites.net'
Expand Down Expand Up @@ -1421,6 +1422,8 @@ module containerAppMcp 'br/public:avm/res/app/container-app:0.22.0' = {
ingressTargetPort: 9000
ingressExternal: true
activeRevisionsMode: 'Single'
// SFI: Enforce HTTPS-only ingress. When false, HTTP requests are automatically redirected to HTTPS.
ingressAllowInsecure: false
corsPolicy: {
allowedOrigins: [
'https://${webSiteResourceName}.azurewebsites.net'
Expand Down Expand Up @@ -1596,6 +1599,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = {
tags: tags
accessTier: 'Hot'
supportsHttpsTrafficOnly: true
requireInfrastructureEncryption: true

roleAssignments: [
{
Expand Down
39 changes: 25 additions & 14 deletions infra/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"_generator": {
"name": "bicep",
"version": "0.43.8.12551",
"templateHash": "12475542446442392463"
"templateHash": "6587818059632090787"
},
"name": "Multi-Agent Custom Automation Engine",
"description": "This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.\n\n> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.\n"
Expand Down Expand Up @@ -415,6 +415,7 @@
"bastionResourceName": "[format('bas-{0}', variables('solutionSuffix'))]",
"maintenanceConfigurationResourceName": "[format('mc-{0}', variables('solutionSuffix'))]",
"dataCollectionRulesResourceName": "[format('dcr-{0}', variables('solutionSuffix'))]",
"dcrLogAnalyticsDestinationName": "[format('la-{0}-destination', variables('logAnalyticsWorkspaceResourceName'))]",
"proximityPlacementGroupResourceName": "[format('ppg-{0}', variables('solutionSuffix'))]",
"virtualMachineResourceName": "[format('vm-{0}', variables('solutionSuffix'))]",
"virtualMachineAvailabilityZone": 1,
Expand Down Expand Up @@ -10065,19 +10066,10 @@
{
"name": "SecurityAuditEvents",
"streams": [
"Microsoft-WindowsEvent"
],
"eventLogName": "Security",
"eventTypes": [
{
"eventType": "Audit Success"
},
{
"eventType": "Audit Failure"
}
"Microsoft-Event"
],
"xPathQueries": [
"Security!*[System[(EventID=4624 or EventID=4625)]]"
"Security!*[System[(band(Keywords,13510798882111488)) and (EventID != 4624)]]"
]
}
]
Expand All @@ -10086,7 +10078,7 @@
"logAnalytics": [
{
"workspaceResourceId": "[if(variables('useExistingLogAnalytics'), parameters('existingLogAnalyticsWorkspaceId'), reference('logAnalyticsWorkspace').outputs.resourceId.value)]",
"name": "la--1264800308"
"name": "[variables('dcrLogAnalyticsDestinationName')]"
}
]
},
Expand All @@ -10096,10 +10088,20 @@
"Microsoft-Perf"
],
"destinations": [
"la--1264800308"
"[variables('dcrLogAnalyticsDestinationName')]"
],
"transformKql": "source",
"outputStream": "Microsoft-Perf"
},
{
"streams": [
"Microsoft-Event"
],
"destinations": [
"[variables('dcrLogAnalyticsDestinationName')]"
],
"transformKql": "source",
"outputStream": "Microsoft-Event"
}
]
}
Expand Down Expand Up @@ -38445,6 +38447,9 @@
"activeRevisionsMode": {
"value": "Single"
},
"ingressAllowInsecure": {
"value": false
},
"corsPolicy": {
"value": {
"allowedOrigins": [
Expand Down Expand Up @@ -40187,6 +40192,9 @@
"activeRevisionsMode": {
"value": "Single"
},
"ingressAllowInsecure": {
"value": false
},
"corsPolicy": {
"value": {
"allowedOrigins": [
Expand Down Expand Up @@ -44510,6 +44518,9 @@
"supportsHttpsTrafficOnly": {
"value": true
},
"requireInfrastructureEncryption": {
"value": true
},
"roleAssignments": {
"value": [
{
Expand Down
38 changes: 21 additions & 17 deletions infra/main_custom.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,7 @@
targetScope = 'resourceGroup'

metadata name = 'Multi-Agent Custom Automation Engine'
metadata description = '''This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.

> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.
'''
metadata description = 'This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.\n\n> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.\n'

@description('Optional. A unique application/solution name for all resources in this deployment. This should be 3-16 characters long.')
@minLength(3)
Expand Down Expand Up @@ -478,6 +475,7 @@ var dataCollectionRulesResourceName = 'dcr-${solutionSuffix}'
var dataCollectionRulesLocation = useExistingLogAnalytics
? existingLogAnalyticsWorkspace!.location
: logAnalyticsWorkspace!.outputs.location
var dcrLogAnalyticsDestinationName = 'la-${logAnalyticsWorkspaceResourceName}-destination'
module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-rule:0.11.0' = if (enablePrivateNetworking && enableMonitoring) {
name: take('avm.res.insights.data-collection-rule.${dataCollectionRulesResourceName}', 64)
params: {
Expand Down Expand Up @@ -549,19 +547,10 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
{
name: 'SecurityAuditEvents'
streams: [
'Microsoft-WindowsEvent'
]
eventLogName: 'Security'
eventTypes: [
{
eventType: 'Audit Success'
}
{
eventType: 'Audit Failure'
}
'Microsoft-Event'
]
xPathQueries: [
'Security!*[System[(EventID=4624 or EventID=4625)]]'
'Security!*[System[(band(Keywords,13510798882111488)) and (EventID != 4624)]]'
]
Comment thread
VishalS-Microsoft marked this conversation as resolved.
}
]
Expand All @@ -570,7 +559,7 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
logAnalytics: [
{
workspaceResourceId: logAnalyticsWorkspaceResourceId
name: 'la--1264800308'
name: dcrLogAnalyticsDestinationName
}
]
}
Expand All @@ -580,11 +569,21 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
'Microsoft-Perf'
]
destinations: [
'la--1264800308'
dcrLogAnalyticsDestinationName
]
transformKql: 'source'
outputStream: 'Microsoft-Perf'
}
{
streams: [
'Microsoft-Event'
]
destinations: [
dcrLogAnalyticsDestinationName
]
transformKql: 'source'
outputStream: 'Microsoft-Event'
}
]
}
}
Expand Down Expand Up @@ -1240,6 +1239,8 @@ module containerApp 'br/public:avm/res/app/container-app:0.22.0' = {
ingressTargetPort: 8000
ingressExternal: true
activeRevisionsMode: 'Single'
// SFI: Enforce HTTPS-only ingress. When false, HTTP requests are automatically redirected to HTTPS.
ingressAllowInsecure: false
corsPolicy: {
allowedOrigins: [
'https://${webSiteResourceName}.azurewebsites.net'
Expand Down Expand Up @@ -1463,6 +1464,8 @@ module containerAppMcp 'br/public:avm/res/app/container-app:0.22.0' = {
ingressTargetPort: 9000
ingressExternal: true
activeRevisionsMode: 'Single'
// SFI: Enforce HTTPS-only ingress. When false, HTTP requests are automatically redirected to HTTPS.
ingressAllowInsecure: false
corsPolicy: {
allowedOrigins: [
'https://${webSiteResourceName}.azurewebsites.net'
Expand Down Expand Up @@ -1648,6 +1651,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = {
tags: tags
accessTier: 'Hot'
supportsHttpsTrafficOnly: true
requireInfrastructureEncryption: true

roleAssignments: [
{
Expand Down