Skip to content

fix: Update AVM & Bicep modules and resource versions #193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Akhileswara-Microsoft wants to merge 5 commits into
base: dev
Choose a base branch
from
Open

fix: Update AVM & Bicep modules and resource versions #193

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
42bb549
Update Bicep modules and resource versions for AI and networking serv…
Akhileswara-Microsoft Apr 20, 2026
7571c30
fix: Uncomment metadata section in azure.yaml for clarity
Akhileswara-Microsoft Apr 20, 2026
94a5a72
fix: Update dailyQuotaGb and availabilityZone settings for WAF compli…
Akhileswara-Microsoft Apr 22, 2026
f534c09
fix: Rename automaticFailover to enableAutomaticFailover and update r…
Akhileswara-Microsoft Apr 22, 2026
8dd27f6
fix: Resolve merge conflicts with origin/dev - keep updated AVM modul…
Copilot Apr 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 25 additions & 30 deletions infra/main.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ var existingLawSubscription = useExistingLogAnalytics ? split(existingLogAnalyti
var existingLawResourceGroup = useExistingLogAnalytics ? split(existingLogAnalyticsWorkspaceId, '/')[4] : ''
var existingLawName = useExistingLogAnalytics ? split(existingLogAnalyticsWorkspaceId, '/')[8] : ''

resource existingLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = if (useExistingLogAnalytics) {
resource existingLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2025-07-01' existing = if (useExistingLogAnalytics) {
name: existingLawName
scope: resourceGroup(existingLawSubscription, existingLawResourceGroup)
}
Expand Down Expand Up @@ -191,7 +191,7 @@ var allTags = union(

var existingTags = resourceGroup().tags ?? {}

resource resourceGroupTags 'Microsoft.Resources/tags@2021-04-01' = {
resource resourceGroupTags 'Microsoft.Resources/tags@2023-07-01' = {
name: 'default'
properties: {
tags: union(
Expand Down Expand Up @@ -225,7 +225,7 @@ var replicaLocation = replicaRegionPairs[resourceGroup().location]
// ========== User Assigned Identity ========== //
// WAF best practices for identity and access management: https://learn.microsoft.com/en-us/azure/well-architected/security/identity-access
var userAssignedIdentityResourceName = 'id-${solutionSuffix}'
module appIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.1' = {
module appIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.5.0' = {
name: take('avm.res.managed-identity.user-assigned-identity.${userAssignedIdentityResourceName}', 64)
params: {
name: userAssignedIdentityResourceName
Expand All @@ -239,7 +239,7 @@ module appIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.
// WAF best practices for Log Analytics: https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-log-analytics
// WAF PSRules for Log Analytics: https://azure.github.io/PSRule.Rules.Azure/en/rules/resource/#azure-monitor-logs
var logAnalyticsWorkspaceResourceName = 'log-${solutionSuffix}'
module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.12.0' = if ((enableMonitoring || enablePrivateNetworking) && !useExistingLogAnalytics) {
module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.15.0' = if ((enableMonitoring || enablePrivateNetworking) && !useExistingLogAnalytics) {
name: take('avm.res.operational-insights.workspace.${logAnalyticsWorkspaceResourceName}', 64)
params: {
name: logAnalyticsWorkspaceResourceName
Expand All @@ -251,7 +251,7 @@ module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0
enableTelemetry: enableTelemetry
features: { enableLogAccessUsingOnlyResourcePermissions: true }
// WAF aligned configuration for Redundancy
dailyQuotaGb: enableRedundancy ? 10 : null //WAF recommendation: 10 GB per day is a good starting point for most workloads
dailyQuotaGb: enableRedundancy ? '10' : '-1' //WAF recommendation: 10 GB per day is a good starting point for most workloads
replication: enableRedundancy
? {
enabled: true
Expand Down Expand Up @@ -302,7 +302,7 @@ module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0
// WAF best practices for Application Insights: https://learn.microsoft.com/en-us/azure/well-architected/service-guides/application-insights
// WAF PSRules for Application Insights: https://azure.github.io/PSRule.Rules.Azure/en/rules/resource/#application-insights
var applicationInsightsResourceName = 'appi-${solutionSuffix}'
module applicationInsights 'br/public:avm/res/insights/component:0.6.0' = if (enableMonitoring) {
module applicationInsights 'br/public:avm/res/insights/component:0.7.1' = if (enableMonitoring) {
name: take('avm.res.insights.component.${applicationInsightsResourceName}', 64)
#disable-next-line no-unnecessary-dependson
//dependsOn: [logAnalyticsWorkspace]
Expand Down Expand Up @@ -337,7 +337,7 @@ module virtualNetwork './modules/virtualNetwork.bicep' = if (enablePrivateNetwor

// Azure Bastion Host
var bastionHostName = 'bas-${solutionSuffix}' // Bastion host name must be between 3 and 15 characters in length and use numbers and lower-case letters only.
module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = if (enablePrivateNetworking) {
module bastionHost 'br/public:avm/res/network/bastion-host:0.8.2' = if (enablePrivateNetworking) {
name: take('avm.res.network.bastion-host.${bastionHostName}', 64)
params: {
name: bastionHostName
Expand All @@ -362,13 +362,13 @@ module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = if (enablePr
enableTelemetry: enableTelemetry
publicIPAddressObject: {
name: 'pip-${bastionHostName}'
zones: []
availabilityZones: []
}
}
}
// Jumpbox Virtual Machine
var jumpboxVmName = take('vm-jumpbox-${solutionSuffix}', 15)
module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.15.0' = if (enablePrivateNetworking) {
module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.22.0' = if (enablePrivateNetworking) {
name: take('avm.res.compute.virtual-machine.${jumpboxVmName}', 64)
params: {
name: take(jumpboxVmName, 15) // Shorten VM name to 15 characters to avoid Azure limits
Expand All @@ -377,7 +377,7 @@ module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.15.0' = if (enable
adminUsername: vmAdminUsername ?? 'JumpboxAdminUser'
adminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!'
tags: allTags
zone: 0
availabilityZone: -1
imageReference: {
Comment thread
Akhileswara-Microsoft marked this conversation as resolved.
offer: 'WindowsServer'
publisher: 'MicrosoftWindowsServer'
Expand Down Expand Up @@ -465,7 +465,7 @@ var aiRelatedDnsZoneIndices = [
// - Excludes AI-related zones when using with an existing Foundry project
// ===================================================
@batchSize(5)
module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.7.1' = [
module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.8.1' = [
for (zone, i) in privateDnsZones: if (enablePrivateNetworking && (empty(existingFoundryProjectResourceId) || !contains(
aiRelatedDnsZoneIndices,
i
Expand All @@ -488,7 +488,7 @@ module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.7.1' = [
// ========== AVM WAF ========== //
// ========== Storage account module ========== //
var storageAccountName = 'st${solutionSuffix}' // Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only.
module storageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
module storageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = {
name: take('avm.res.storage.storage-account.${storageAccountName}', 64)
params: {
name: storageAccountName
Expand Down Expand Up @@ -573,8 +573,6 @@ module storageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
]
}
queueServices: {
deleteRetentionPolicyEnabled: true
deleteRetentionPolicyDays: 7
queues: [
for queue in ([processQueueName, '${processQueueName}-dead-letter'] ?? []): {
name: queue
Expand Down Expand Up @@ -606,7 +604,7 @@ var cosmosDatabaseName = 'migration_db'
var processCosmosContainerName = 'processes'
var agentTelemetryCosmosContainerName = 'agent_telemetry'
var processControlCosmosContainerName = 'processcontrol'
module cosmosDb 'br/public:avm/res/document-db/database-account:0.15.0' = {
module cosmosDb 'br/public:avm/res/document-db/database-account:0.19.0' = {
name: take('avm.res.document-db.database-account.${cosmosDbResourceName}', 64)
params: {
name: cosmosDbResourceName
Expand Down Expand Up @@ -686,7 +684,7 @@ module cosmosDb 'br/public:avm/res/document-db/database-account:0.15.0' = {
: [
'EnableServerless'
]
automaticFailover: enableRedundancy ? true : false
enableAutomaticFailover: enableRedundancy ? true : false
failoverLocations: enableRedundancy
? [
{
Expand Down Expand Up @@ -722,7 +720,7 @@ module cosmosDb 'br/public:avm/res/document-db/database-account:0.15.0' = {
}
]
// Create custom data plane role definition and assignment
dataPlaneRoleDefinitions: [
sqlRoleDefinitions: [
{
roleName: 'CosmosDB Data Contributor Custom'
dataActions: [
Expand Down Expand Up @@ -759,7 +757,7 @@ var aiFoundryAiServicesResourceName = useExistingAiFoundryAiProject
var aiFoundryAiProjectResourceName = 'proj-${solutionSuffix}'
var aiFoundryAiProjectDescription = 'AI Foundry project for ${solutionName}'

resource existingAiFoundryAiServices 'Microsoft.CognitiveServices/accounts@2025-06-01' existing = if (useExistingAiFoundryAiProject) {
resource existingAiFoundryAiServices 'Microsoft.CognitiveServices/accounts@2025-12-01' existing = if (useExistingAiFoundryAiProject) {
name: aiFoundryAiServicesResourceName
scope: resourceGroup(aiFoundryAiServicesSubscriptionId, aiFoundryAiServicesResourceGroupName)
}
Expand Down Expand Up @@ -828,7 +826,7 @@ module existingAiFoundryAiServicesDeployments 'modules/ai-services-deployments.b
}

// ========== AI Foundry AI Services ========== //
module aiFoundryAiServices 'br/public:avm/res/cognitive-services/account:0.13.2' = if (!useExistingAiFoundryAiProject) {
module aiFoundryAiServices 'br/public:avm/res/cognitive-services/account:0.14.2' = if (!useExistingAiFoundryAiProject) {
name: take('avm.res.cognitive-services.account.${aiFoundryAiServicesResourceName}', 64)
params: {
name: aiFoundryAiServicesResourceName
Expand Down Expand Up @@ -913,7 +911,7 @@ module aiFoundryAiServices 'br/public:avm/res/cognitive-services/account:0.13.2'
}

// ========== AI Foundry Private Endpoint ========== //
module aiFoundryPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.8.1' = if (enablePrivateNetworking && !useExistingAiFoundryAiProject) {
module aiFoundryPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.12.0' = if (enablePrivateNetworking && !useExistingAiFoundryAiProject) {
name: take('pep-${aiFoundryAiServicesResourceName}-deployment', 64)
params: {
name: 'pep-${aiFoundryAiServicesResourceName}'
Expand Down Expand Up @@ -965,7 +963,7 @@ module aiFoundryProject 'modules/ai-project.bicep' = if (!useExistingAiFoundryAi
}

var aiServicesName = useExistingAiFoundryAiProject ? existingAiFoundryAiServices.name : aiFoundryAiServicesResourceName
module appConfiguration 'br/public:avm/res/app-configuration/configuration-store:0.9.1' = {
module appConfiguration 'br/public:avm/res/app-configuration/configuration-store:0.9.2' = {
name: take('avm.res.app-config.store.${solutionSuffix}', 64)
params: {
location: solutionLocation
Expand Down Expand Up @@ -1092,7 +1090,7 @@ module appConfiguration 'br/public:avm/res/app-configuration/configuration-store
dependsOn: useExistingAiFoundryAiProject ? [] : [aiFoundryAiServices]
}

module avmAppConfigUpdated 'br/public:avm/res/app-configuration/configuration-store:0.6.3' = if (enablePrivateNetworking) {
module avmAppConfigUpdated 'br/public:avm/res/app-configuration/configuration-store:0.9.2' = if (enablePrivateNetworking) {
name: take('avm.res.app-configuration.configuration-store-update.${solutionSuffix}', 64)
params: {
name: 'appcs-${solutionSuffix}'
Expand Down Expand Up @@ -1133,7 +1131,7 @@ var logAnalyticsWorkspaceId = useExistingLogAnalytics
? existingLogAnalyticsWorkspace!.properties.customerId
: logAnalyticsWorkspace!.outputs.logAnalyticsWorkspaceId
// ========== Container App Environment ========== //
module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.11.2' = {
module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.13.1' = {
name: take('avm.res.app.managed-environment.${solutionSuffix}', 64)
params: {
name: 'cae-${solutionSuffix}'
Expand All @@ -1142,10 +1140,7 @@ module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.11.
appLogsConfiguration: enableMonitoring
? {
destination: 'log-analytics'
logAnalyticsConfiguration: {
customerId: logAnalyticsWorkspaceId
sharedKey: logAnalyticsPrimarySharedKey
}
logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId
}
: null
workloadProfiles: [
Expand All @@ -1171,7 +1166,7 @@ module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.11.
var backendContainerPort = 80
var backendContainerAppName = take('ca-backend-api-${solutionSuffix}', 32)
var processorContainerAppName = take('ca-processor-${solutionSuffix}', 32)
module containerAppBackend 'br/public:avm/res/app/container-app:0.18.1' = {
module containerAppBackend 'br/public:avm/res/app/container-app:0.22.0' = {
name: take('avm.res.app.container-app.${backendContainerAppName}', 64)
#disable-next-line no-unnecessary-dependson
dependsOn: [applicationInsights]
Expand Down Expand Up @@ -1260,7 +1255,7 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.18.1' = {
}

var frontEndContainerAppName = take('ca-frontend-${solutionSuffix}', 32)
module containerAppFrontend 'br/public:avm/res/app/container-app:0.18.1' = {
module containerAppFrontend 'br/public:avm/res/app/container-app:0.22.0' = {
name: take('avm.res.app.container-app.${frontEndContainerAppName}', 64)
params: {
name: frontEndContainerAppName
Expand Down Expand Up @@ -1326,7 +1321,7 @@ module containerAppFrontend 'br/public:avm/res/app/container-app:0.18.1' = {
}
}

module containerAppProcessor 'br/public:avm/res/app/container-app:0.18.1' = {
module containerAppProcessor 'br/public:avm/res/app/container-app:0.22.0' = {
name: take('avm.res.app.container-app.${processorContainerAppName}', 64)
#disable-next-line no-unnecessary-dependson
dependsOn: [applicationInsights]
Expand Down
Loading
Loading