61 lines
1.6 KiB
Bicep
61 lines
1.6 KiB
Bicep
param keyVaultName string
|
|
param functionAppId string
|
|
param functionAppPrincipalId string
|
|
param functionAppTenantId string
|
|
param eventSubscriptionName string
|
|
param secretName string
|
|
|
|
// https://docs.microsoft.com/en-us/azure/templates/microsoft.keyvault/vaults?tabs=bicep
|
|
resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' existing = {
|
|
name: keyVaultName
|
|
}
|
|
|
|
// https://docs.microsoft.com/en-us/azure/templates/microsoft.keyvault/vaults/accesspolicies?tabs=bicep
|
|
resource keyVaultAccessPolicy 'Microsoft.KeyVault/vaults/accessPolicies@2021-06-01-preview' = {
|
|
name: 'add'
|
|
parent: keyVault
|
|
properties: {
|
|
accessPolicies: [
|
|
{
|
|
tenantId: functionAppTenantId
|
|
objectId: functionAppPrincipalId
|
|
permissions: {
|
|
secrets: [
|
|
'get'
|
|
'list'
|
|
'set'
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
|
|
// https://docs.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?tabs=bicep
|
|
resource keyVaultEventSubscription 'Microsoft.EventGrid/eventSubscriptions@2021-06-01-preview' = {
|
|
name: eventSubscriptionName
|
|
scope: keyVault
|
|
properties: {
|
|
destination: {
|
|
endpointType: 'AzureFunction'
|
|
properties: {
|
|
maxEventsPerBatch: 1
|
|
preferredBatchSizeInKilobytes: 64
|
|
resourceId: '${functionAppId}/functions/AKVSQLRotation'
|
|
}
|
|
}
|
|
filter: {
|
|
subjectBeginsWith: secretName
|
|
subjectEndsWith: secretName
|
|
includedEventTypes: [
|
|
'Microsoft.KeyVault.SecretNearExpiry'
|
|
]
|
|
}
|
|
eventDeliverySchema: 'EventGridSchema'
|
|
retryPolicy: {
|
|
eventTimeToLiveInMinutes: 60
|
|
maxDeliveryAttempts: 30
|
|
}
|
|
}
|
|
}
|