Azure · ChrisSidebotham · Dec 7, 2023 · Nov 28, 2023 · Nov 28, 2023 · Dec 4, 2023
@@ -4,11 +4,11 @@ This module deploys an App Managed Environment (also known as a Container App En
 
 ## Navigation
 
-- [Resource Types](#Resource-Types)
-- [Usage examples](#Usage-examples)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
+- [Resource Types](#resource-types)
+- [Usage examples](#usage-examples)
+- [Parameters](#parameters)
+- [Outputs](#outputs)
+- [Cross-referenced modules](#cross-referenced-modules)
 
 ## Resource Types
 
@@ -34,7 +34,6 @@ The following section provides usage examples for the module, which were used to
 
 This instance deploys the module with the minimum set of required parameters.
 
-
 <details>
 
 <summary>via Bicep module</summary>
@@ -84,7 +83,6 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = {
 
 This instance deploys the module with most of its features enabled.
 
-
 <details>
 
 <summary>via Bicep module</summary>
@@ -108,7 +106,8 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = {
     }
     platformReservedCidr: '172.17.17.0/24'
     platformReservedDnsIP: '172.17.17.17'
-    skuName: 'Consumption'
+    infrastructureResourceGroupName: '<infrastructureResourceGroupName>'
+    workloadProfiles: '<workloadProfiles>'
     tags: {
       Env: 'test'
       'hidden-title': 'This is visible in the resource name'
@@ -164,8 +163,8 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = {
     "platformReservedDnsIP": {
       "value": "172.17.17.17"
     },
-    "skuName": {
-      "value": "Consumption"
+    "infrastructureResourceGroupName": {
+      "value": "<infrastructureResourceGroupName>"
     },
     "tags": {
       "value": {
@@ -184,7 +183,6 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = {
 
 This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.
 
-
 <details>
 
 <summary>via Bicep module</summary>
@@ -208,7 +206,8 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = {
     }
     platformReservedCidr: '172.17.17.0/24'
     platformReservedDnsIP: '172.17.17.17'
-    skuName: 'Consumption'
+    infrastructureResourceGroupName: '<infrastructureResourceGroupName>'
+    workloadProfiles: '<workloadProfiles>'
     tags: {
       Env: 'test'
       'hidden-title': 'This is visible in the resource name'
@@ -264,8 +263,8 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = {
     "platformReservedDnsIP": {
       "value": "172.17.17.17"
     },
-    "skuName": {
-      "value": "Consumption"
+    "infrastructureResourceGroupName": {
+      "value": "<infrastructureResourceGroupName>"
     },
     "tags": {
       "value": {
@@ -280,7 +279,6 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = {
 </details>
 <p>
 
-
 ## Parameters
 
 **Required parameters**
@@ -314,7 +312,7 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = {
 | [`platformReservedCidr`](#parameter-platformreservedcidr) | string | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. |
 | [`platformReservedDnsIP`](#parameter-platformreserveddnsip) | string | An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. |
 | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. |
-| [`skuName`](#parameter-skuname) | string | Managed environment SKU. |
+| [`infrastructureResourceGroupName`](#parameter-infrastructureresourcegroupname) | string | Custom Resource group name for infrastrcuture components. |
 | [`tags`](#parameter-tags) | object | Tags of the resource. |
 | [`workloadProfiles`](#parameter-workloadprofiles) | array | Workload profiles configured for the Managed Environment. |
 | [`zoneRedundant`](#parameter-zoneredundant) | bool | Whether or not this Managed Environment is zone-redundant. |
@@ -433,6 +431,7 @@ Specify the type of lock.
 - Required: No
 - Type: string
 - Allowed:
+
   ```Bicep
   [
     'CanNotDelete'
@@ -492,7 +491,7 @@ Array of role assignments to create.
 | :-- | :-- | :-- |
 | [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
 | [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. |
-| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. |
+| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource ID of the delegated managed identity resource. |
 | [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. |
 | [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. |
 
@@ -524,6 +523,7 @@ Version of the condition.
 - Required: No
 - Type: string
 - Allowed:
+
   ```Bicep
   [
     '2.0'
@@ -532,7 +532,7 @@ Version of the condition.
 
 ### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
 
-The Resource Id of the delegated managed identity resource.
+The Resource ID of the delegated managed identity resource.
 
 - Required: No
 - Type: string
@@ -551,6 +551,7 @@ The principal type of the assigned principal ID.
 - Required: No
 - Type: string
 - Allowed:
+
   ```Bicep
   [
     'Device'
@@ -561,20 +562,13 @@ The principal type of the assigned principal ID.
   ]
   ```
 
-### Parameter: `skuName`
+### Parameter: `infrastructureResourceGroupName`
 
-Managed environment SKU.
+Customer Resource Group name for additional infrastructure components.
 
 - Required: No
 - Type: string
-- Default: `'Consumption'`
-- Allowed:
-  ```Bicep
-  [
-    'Consumption'
-    'Premium'
-  ]
-  ```
+- Default: `'ME_ManagedEnvironmentName'`
 
 ### Parameter: `tags`
 
@@ -599,7 +593,6 @@ Whether or not this Managed Environment is zone-redundant.
 - Type: bool
 - Default: `False`
 
-
 ## Outputs
 
 | Output | Type | Description |

@@ -17,13 +17,6 @@ param tags object?
 @description('Optional. Array of role assignments to create.')
 param roleAssignments roleAssignmentType
 
-@allowed([
-  'Consumption'
-  'Premium'
-])
-@description('Optional. Managed environment SKU.')
-param skuName string = 'Consumption'
-
 @description('Optional. Logs destination.')
 param logsDestination string = 'log-analytics'
 
@@ -73,6 +66,9 @@ param lock lockType
 @description('Optional. Workload profiles configured for the Managed Environment.')
 param workloadProfiles array = []
 
+@description('Optional. Name of the infrastructure resource group. If not provided, it will be set with a default value.')
+param infrastructureResourceGroupName string = take('ME_${name}', 63)
+
 var builtInRoleNames = {
   Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
   Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
@@ -98,13 +94,10 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06
   scope: resourceGroup(split(logAnalyticsWorkspaceResourceId, '/')[2], split(logAnalyticsWorkspaceResourceId, '/')[4])
 }
 
-resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-10-01' = {
+resource managedEnvironment 'Microsoft.App/managedEnvironments@2023-05-01' = {
   name: name
   location: location
   tags: tags
-  sku: {
-    name: skuName
-  }
   properties: {
     appLogsConfiguration: {
       destination: logsDestination
@@ -122,13 +115,14 @@ resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-10-01' = {
     }
     vnetConfiguration: {
       internal: internal
-      infrastructureSubnetId: !empty(infrastructureSubnetId) && internal == true ? infrastructureSubnetId : null
-      dockerBridgeCidr: !empty(infrastructureSubnetId) && internal == true ? dockerBridgeCidr : null
-      platformReservedCidr: !empty(infrastructureSubnetId) && internal == true ? platformReservedCidr : null
-      platformReservedDnsIP: !empty(infrastructureSubnetId) && internal == true ? platformReservedDnsIP : null
+      infrastructureSubnetId: !empty(infrastructureSubnetId) ? infrastructureSubnetId : null
+      dockerBridgeCidr: !empty(infrastructureSubnetId) ? dockerBridgeCidr : null
+      platformReservedCidr: empty(workloadProfiles) && !empty(infrastructureSubnetId) ? platformReservedCidr : null
+      platformReservedDnsIP: empty(workloadProfiles) && !empty(infrastructureSubnetId) ? platformReservedDnsIP : null
     }
     workloadProfiles: !empty(workloadProfiles) ? workloadProfiles : null
     zoneRedundant: zoneRedundant
+    infrastructureResourceGroup: infrastructureResourceGroupName
   }
 }
 
@@ -167,6 +161,9 @@ output name string = managedEnvironment.name
 @description('The resource ID of the Managed Environment.')
 output resourceId string = managedEnvironment.id
 
+@description('The Default domain of the Managed Environment.')
+output defaultDomain string = managedEnvironment.properties.defaultDomain
+
 // =============== //
 //   Definitions   //
 // =============== //

@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.23.1.45101",
-      "templateHash": "15830956831455159038"
+      "templateHash": "6452494198386670014"
     },
     "name": "App ManagedEnvironments",
     "description": "This module deploys an App Managed Environment (also known as a Container App Environment).",
@@ -138,17 +138,6 @@
         "description": "Optional. Array of role assignments to create."
       }
     },
-    "skuName": {
-      "type": "string",
-      "defaultValue": "Consumption",
-      "allowedValues": [
-        "Consumption",
-        "Premium"
-      ],
-      "metadata": {
-        "description": "Optional. Managed environment SKU."
-      }
-    },
     "logsDestination": {
       "type": "string",
       "defaultValue": "log-analytics",
@@ -251,6 +240,13 @@
       "metadata": {
         "description": "Optional. Workload profiles configured for the Managed Environment."
       }
+    },
+    "infrastructureResourceGroupName": {
+      "type": "string",
+      "defaultValue": "[take(format('ME_{0}', parameters('name')), 63)]",
+      "metadata": {
+        "description": "Optional. Name of the infrastructure resource group. If not provided, it will be set with a default value."
+      }
     }
   },
   "variables": {
@@ -288,13 +284,10 @@
     },
     "managedEnvironment": {
       "type": "Microsoft.App/managedEnvironments",
-      "apiVersion": "2022-10-01",
+      "apiVersion": "2023-05-01",
       "name": "[parameters('name')]",
       "location": "[parameters('location')]",
       "tags": "[parameters('tags')]",
-      "sku": {
-        "name": "[parameters('skuName')]"
-      },
       "properties": {
         "appLogsConfiguration": {
           "destination": "[parameters('logsDestination')]",
@@ -312,13 +305,14 @@
         },
         "vnetConfiguration": {
           "internal": "[parameters('internal')]",
-          "infrastructureSubnetId": "[if(and(not(empty(parameters('infrastructureSubnetId'))), equals(parameters('internal'), true())), parameters('infrastructureSubnetId'), null())]",
-          "dockerBridgeCidr": "[if(and(not(empty(parameters('infrastructureSubnetId'))), equals(parameters('internal'), true())), parameters('dockerBridgeCidr'), null())]",
-          "platformReservedCidr": "[if(and(not(empty(parameters('infrastructureSubnetId'))), equals(parameters('internal'), true())), parameters('platformReservedCidr'), null())]",
-          "platformReservedDnsIP": "[if(and(not(empty(parameters('infrastructureSubnetId'))), equals(parameters('internal'), true())), parameters('platformReservedDnsIP'), null())]"
+          "infrastructureSubnetId": "[if(not(empty(parameters('infrastructureSubnetId'))), parameters('infrastructureSubnetId'), null())]",
+          "dockerBridgeCidr": "[if(not(empty(parameters('infrastructureSubnetId'))), parameters('dockerBridgeCidr'), null())]",
+          "platformReservedCidr": "[if(and(empty(parameters('workloadProfiles')), not(empty(parameters('infrastructureSubnetId')))), parameters('platformReservedCidr'), null())]",
+          "platformReservedDnsIP": "[if(and(empty(parameters('workloadProfiles')), not(empty(parameters('infrastructureSubnetId')))), parameters('platformReservedDnsIP'), null())]"
         },
         "workloadProfiles": "[if(not(empty(parameters('workloadProfiles'))), parameters('workloadProfiles'), null())]",
-        "zoneRedundant": "[parameters('zoneRedundant')]"
+        "zoneRedundant": "[parameters('zoneRedundant')]",
+        "infrastructureResourceGroup": "[parameters('infrastructureResourceGroupName')]"
       },
       "dependsOn": [
         "logAnalyticsWorkspace"
@@ -374,7 +368,7 @@
       "metadata": {
         "description": "The location the resource was deployed into."
       },
-      "value": "[reference('managedEnvironment', '2022-10-01', 'full').location]"
+      "value": "[reference('managedEnvironment', '2023-05-01', 'full').location]"
     },
     "name": {
       "type": "string",
@@ -389,6 +383,13 @@
         "description": "The resource ID of the Managed Environment."
       },
       "value": "[resourceId('Microsoft.App/managedEnvironments', parameters('name'))]"
+    },
+    "defaultDomain": {
+      "type": "string",
+      "metadata": {
+        "description": "The Default domain of the Managed Environment."
+      },
+      "value": "[reference('managedEnvironment').defaultDomain]"
     }
   }
 }
@@ -37,6 +37,14 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
         name: 'defaultSubnet'
         properties: {
           addressPrefix: cidrSubnet(addressPrefix, 16, 0)
+          delegations: [
+            {
+              name: 'Microsoft.App.environments'
+              properties: {
+                serviceName: 'Microsoft.App/environments'
+              }
+            }
+          ]
         }
       }
     ]

@@ -10,6 +10,9 @@ metadata description = 'This instance deploys the module with most of its featur
 @maxLength(90)
 param resourceGroupName string = 'dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg'
 
+@description('Optional. The name of the infrastructre resource group to deploy for testing purposes.')
+param infrastructureResourceGroupName string = 'me-dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg'
+
 @description('Optional. The location to deploy resources to.')
 param location string = deployment().location
 
@@ -22,6 +25,16 @@ param enableDefaultTelemetry bool = true
 @description('Optional. A token to inject into the name of each resource.')
 param namePrefix string = '[[namePrefix]]'
 
+@description('Optional. WorkloadProfile')
+param workloadProfiles array = [
+  {
+    workloadProfileType: 'D4'
+    name: 'CAW01'
+    minimumCount: 0
+    maximumCount: 3
+  }
+]
+
 // =========== //
 // Deployments //
 // =========== //
@@ -55,12 +68,13 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem'
     name: '${namePrefix}${serviceShort}001'
     logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId
     location: location
-    skuName: 'Consumption'
+    workloadProfiles: workloadProfiles
     internal: true
     dockerBridgeCidr: '172.16.0.1/28'
     platformReservedCidr: '172.17.17.0/24'
     platformReservedDnsIP: '172.17.17.17'
     infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId
+    infrastructureResourceGroupName: infrastructureResourceGroupName
     lock: {
       kind: 'CanNotDelete'
       name: 'myCustomLockName'