Azure
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 0 deletions b/‎.gitignore‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 1517 additions & 1399 deletions b/‎README.md‎
Lines changed: 1517 additions & 1399 deletions
diff --git a/‎_header.md‎
Lines changed: 3 additions & 7 deletions b/‎_header.md‎
Lines changed: 3 additions & 7 deletions
diff --git a/‎avm.tflint.override.hcl‎
Lines changed: 7 additions & 0 deletions b/‎avm.tflint.override.hcl‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎avm.tflint_module.override.hcl‎
Lines changed: 15 additions & 0 deletions b/‎avm.tflint_module.override.hcl‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎data.tf‎
Lines changed: 1 addition & 0 deletions b/‎data.tf‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎examples/always_ready/.e2eignore‎ b/‎examples/always_ready/.e2eignore‎
diff --git a/‎examples/always_ready/README.md‎
Lines changed: 115 additions & 90 deletions b/‎examples/always_ready/README.md‎
Lines changed: 115 additions & 90 deletions
diff --git a/‎examples/always_ready/_header.md‎
Lines changed: 6 additions & 2 deletions b/‎examples/always_ready/_header.md‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎examples/always_ready/data.tf‎
Lines changed: 7 additions & 0 deletions b/‎examples/always_ready/data.tf‎
Lines changed: 7 additions & 0 deletions
@@ -52,3 +52,6 @@ examples/*/policy
 sensitive.variables.tf
 *.mptfbackup
 .avm
+
+# Generated zip files
+examples/zip_deploy_file/resources_for_zip_deploy.zip
@@ -1,9 +1,5 @@
-# terraform-azurerm-avm-res-web-site
+# Azure Verified Module for App Service (Web Apps, Function Apps, and Logic Apps)
 
-This is the module to deploy function apps in Azure.
+This is an Azure Verified Module (AVM) for deploying and managing Azure App Service resources, including Web Apps, Function Apps, and Logic Apps (Standard).
 
-NOTES:
-
-- `0.13.0` supports `azurerm` `4.8` and later versions.
-- For `azurerm` `4.x` support, please use `0.12.x` and later versions.
-- For `azurerm` `3.x` support, please use `0.11.x` and prior versions.
+It supports Linux and Windows operating systems, deployment slots, custom domains, managed identities, private endpoints, diagnostic settings, Application Insights integration, IP restrictions, auto heal, storage mounts, and Flex Consumption plans.
@@ -0,0 +1,7 @@
+rule "diagnostic_settings" {
+  enabled = false
+}
+
+rule "private_endpoints" {
+  enabled = false
+}
@@ -0,0 +1,15 @@
+rule "required_output_rmfr7" {
+  enabled = false
+}
+
+rule "terraform_required_providers_declaration" {
+  enabled = false
+}
+
+rule "required_module_source_tffr1" {
+  enabled = false
+}
+
+rule "private_endpoints" {
+  enabled = false
+}
@@ -0,0 +1 @@
+
@@ -1,117 +1,165 @@
 <!-- BEGIN_TF_DOCS -->
 <!-- Code generated by terraform-docs. DO NOT EDIT. -->
-# Flex Consumption (FC1) with Always Ready feature example
+# Flex Consumption with Always Ready Instances
 
-This deploys the module with a Linux Function App utilizing the Flex Consumption Plan, with always-ready instances.
+This example deploys a Linux Function App on the Azure Flex Consumption (FC1) plan with always-ready instances configured.
 
-```hcl
-## Section to provide a random Azure region for the resource group
-# This allows us to randomize the region for the resource group.
-module "regions" {
-  source  = "Azure/regions/azurerm"
-  version = "0.8.0"
-}
+Always-ready instances keep a specified number of pre-warmed workers for designated trigger types (e.g., `http`, `blob`, `durable`), reducing cold-start latency for critical functions. This example demonstrates how to configure the `always_ready` variable to reserve instances for specific triggers.
+
+The example uses `kind = "functionapp"`, `os_type = "Linux"`, and `function_app_uses_fc1 = true`.
 
-# This allows us to randomize the region for the resource group.
+```hcl
 resource "random_integer" "region_index" {
   max = length(local.azure_regions) - 1
   min = 0
 }
-## End of section to provide a random Azure region for the resource group
 
-# This ensures we have unique CAF compliant names for our resources.
 module "naming" {
   source  = "Azure/naming/azurerm"
   version = "0.4.2"
 }
 
-resource "azurerm_resource_group" "example" {
+resource "azapi_resource" "resource_group" {
   location = local.azure_regions[random_integer.region_index.result]
   name     = module.naming.resource_group.name_unique
+  type     = "Microsoft.Resources/resourceGroups@2025-04-01"
+  body     = {}
+  tags = {
+    SecurityControl = "Ignore" # Useful for test environments
+  }
 }
 
-resource "azurerm_service_plan" "example" {
-  location            = azurerm_resource_group.example.location
-  name                = module.naming.app_service_plan.name_unique
-  os_type             = "Linux"
-  resource_group_name = azurerm_resource_group.example.name
-  sku_name            = "FC1"
+resource "azapi_resource" "service_plan" {
+  location  = azapi_resource.resource_group.location
+  name      = module.naming.app_service_plan.name_unique
+  parent_id = azapi_resource.resource_group.id
+  type      = "Microsoft.Web/serverfarms@2025-03-01"
+  body = {
+    kind = "functionapp"
+    sku = {
+      name = "FC1"
+    }
+    properties = {
+      reserved      = true
+      zoneRedundant = true
+    }
+  }
   tags = {
     app = "${module.naming.function_app.name_unique}-always-ready"
   }
 }
 
-resource "azurerm_user_assigned_identity" "user" {
-  location            = azurerm_resource_group.example.location
-  name                = module.naming.user_assigned_identity.name_unique
-  resource_group_name = azurerm_resource_group.example.name
+resource "azapi_resource" "user_assigned_identity" {
+  location  = azapi_resource.resource_group.location
+  name      = module.naming.user_assigned_identity.name_unique
+  parent_id = azapi_resource.resource_group.id
+  type      = "Microsoft.ManagedIdentity/userAssignedIdentities@2024-11-30"
+  body      = {}
 }
 
-resource "azurerm_storage_account" "example" {
-  account_replication_type = "ZRS"
-  account_tier             = "Standard"
-  location                 = azurerm_resource_group.example.location
-  name                     = module.naming.storage_account.name_unique
-  resource_group_name      = azurerm_resource_group.example.name
+resource "azapi_resource" "storage_account" {
+  location  = azapi_resource.resource_group.location
+  name      = module.naming.storage_account.name_unique
+  parent_id = azapi_resource.resource_group.id
+  type      = "Microsoft.Storage/storageAccounts@2025-01-01"
+  body = {
+    kind = "StorageV2"
+    sku = {
+      name = "Standard_ZRS"
+    }
+    properties = {
+      networkAcls = {
+        defaultAction = "Allow"
+        bypass        = "AzureServices"
+      }
+    }
+  }
   tags = {
     SecurityControl = "Ignore"
   }
+}
 
-  network_rules {
-    default_action = "Allow"
-    bypass         = ["AzureServices"]
+resource "azapi_resource" "storage_container" {
+  name      = "example-always-ready-container"
+  parent_id = "${azapi_resource.storage_account.id}/blobServices/default"
+  type      = "Microsoft.Storage/storageAccounts/blobServices/containers@2025-01-01"
+  body      = {}
+}
+
+resource "azapi_resource" "log_analytics_workspace" {
+  location  = azapi_resource.resource_group.location
+  name      = "${module.naming.log_analytics_workspace.name}-always-ready"
+  parent_id = azapi_resource.resource_group.id
+  type      = "Microsoft.OperationalInsights/workspaces@2025-02-01"
+  body = {
+    properties = {
+      retentionInDays = 30
+      sku = {
+        name = "PerGB2018"
+      }
+    }
   }
 }
 
-resource "azurerm_storage_container" "example" {
-  name               = "example-always-ready-container"
-  storage_account_id = azurerm_storage_account.example.id
+resource "azapi_resource" "application_insights" {
+  location  = azapi_resource.resource_group.location
+  name      = "${module.naming.application_insights.name_unique}-always-ready"
+  parent_id = azapi_resource.resource_group.id
+  type      = "Microsoft.Insights/components@2020-02-02"
+  body = {
+    kind = "web"
+    properties = {
+      Application_Type    = "web"
+      WorkspaceResourceId = azapi_resource.log_analytics_workspace.id
+    }
+  }
+  response_export_values = ["properties.ConnectionString", "properties.InstrumentationKey"]
 }
 
 module "avm_res_web_site" {
   source = "../../"
 
-  kind     = "functionapp"
-  location = azurerm_resource_group.example.location
-  name     = "${module.naming.function_app.name_unique}-always-ready"
-  # Uses an existing app service plan
-  os_type                  = azurerm_service_plan.example.os_type
-  resource_group_name      = azurerm_resource_group.example.name
-  service_plan_resource_id = azurerm_service_plan.example.id
+  location                 = azapi_resource.resource_group.location
+  name                     = "${module.naming.function_app.name_unique}-always-ready"
+  parent_id                = azapi_resource.resource_group.id
+  service_plan_resource_id = azapi_resource.service_plan.id
   always_ready = {
     http = {
       name           = "http"
       instance_count = 3
     }
     blob = {
       name           = "blob"
-      instance_count = 0
+      instance_count = 3
     }
     durable = {
       name           = "durable"
-      instance_count = 0
+      instance_count = 3
     }
   }
-  enable_telemetry      = var.enable_telemetry
-  fc1_runtime_name      = "node"
-  fc1_runtime_version   = "20"
-  function_app_uses_fc1 = true
-  instance_memory_in_mb = 2048
+  application_insights_connection_string = azapi_resource.application_insights.output.properties.ConnectionString
+  application_insights_key               = azapi_resource.application_insights.output.properties.InstrumentationKey
+  enable_telemetry                       = var.enable_telemetry
+  fc1_runtime_name                       = "node"
+  fc1_runtime_version                    = "20"
+  function_app_uses_fc1                  = true
+  instance_memory_in_mb                  = 2048
+  kind                                   = "functionapp"
   managed_identities = {
     # Identities can only be used with the Standard SKU
     system_assigned = true
     user_assigned_resource_ids = [
-      azurerm_user_assigned_identity.user.id
+      azapi_resource.user_assigned_identity.id
     ]
   }
-  maximum_instance_count = 100
-  # Uses an existing storage account
-  storage_account_access_key = azurerm_storage_account.example.primary_access_key
-  # storage_authentication_type = "StorageAccountConnectionString"
-  storage_authentication_type       = "UserAssignedIdentity"
-  storage_container_endpoint        = azurerm_storage_container.example.id
-  storage_container_type            = "blobContainer"
-  storage_user_assigned_identity_id = azurerm_user_assigned_identity.user.id
+  maximum_instance_count            = 100
+  os_type                           = "Linux"
+  public_network_access_enabled     = true
+  storage_account_access_key        = data.azapi_resource_action.storage_keys.output.keys[0].value
+  storage_authentication_type       = "userassignedidentity"
+  storage_container_endpoint        = azapi_resource.storage_container.id
+  storage_container_type            = "blobcontainer"
+  storage_user_assigned_identity_id = azapi_resource.user_assigned_identity.id
   tags = {
     module          = "Azure/avm-res-web-site/azurerm"
     version         = "0.19.3"
@@ -127,20 +175,23 @@ The following requirements are needed by this module:
 
 - <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (~> 1.9)
 
-- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 4.21.1)
+- <a name="requirement_azapi"></a> [azapi](#requirement\_azapi) (~> 2.4)
 
 - <a name="requirement_random"></a> [random](#requirement\_random) (>= 3.5.0, < 4.0.0)
 
 ## Resources
 
 The following resources are used by this module:
 
-- [azurerm_resource_group.example](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource)
-- [azurerm_service_plan.example](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/service_plan) (resource)
-- [azurerm_storage_account.example](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) (resource)
-- [azurerm_storage_container.example](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) (resource)
-- [azurerm_user_assigned_identity.user](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) (resource)
+- [azapi_resource.application_insights](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) (resource)
+- [azapi_resource.log_analytics_workspace](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) (resource)
+- [azapi_resource.resource_group](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) (resource)
+- [azapi_resource.service_plan](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) (resource)
+- [azapi_resource.storage_account](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) (resource)
+- [azapi_resource.storage_container](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) (resource)
+- [azapi_resource.user_assigned_identity](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) (resource)
 - [random_integer.region_index](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) (resource)
+- [azapi_resource_action.storage_keys](https://registry.terraform.io/providers/Azure/azapi/latest/docs/data-sources/resource_action) (data source)
 
 <!-- markdownlint-disable MD013 -->
 ## Required Inputs
@@ -185,34 +236,14 @@ Description: The ID of the app service
 
 Description: Full output of service plan created
 
-### <a name="output_sku_name"></a> [sku\_name](#output\_sku\_name)
-
-Description: The number of workers
-
 ### <a name="output_storage_account_id"></a> [storage\_account\_id](#output\_storage\_account\_id)
 
 Description: The ID of the storage account
 
-### <a name="output_storage_account_kind"></a> [storage\_account\_kind](#output\_storage\_account\_kind)
-
-Description: The kind of storage account
-
 ### <a name="output_storage_account_name"></a> [storage\_account\_name](#output\_storage\_account\_name)
 
 Description: Full output of storage account created
 
-### <a name="output_storage_account_replication_type"></a> [storage\_account\_replication\_type](#output\_storage\_account\_replication\_type)
-
-Description: The kind of storage account
-
-### <a name="output_worker_count"></a> [worker\_count](#output\_worker\_count)
-
-Description: The number of workers
-
-### <a name="output_zone_redundant"></a> [zone\_redundant](#output\_zone\_redundant)
-
-Description: The number of workers
-
 ## Modules
 
 The following Modules are called:
@@ -229,12 +260,6 @@ Source: Azure/naming/azurerm
 
 Version: 0.4.2
 
-### <a name="module_regions"></a> [regions](#module\_regions)
-
-Source: Azure/regions/azurerm
-
-Version: 0.8.0
-
 <!-- markdownlint-disable-next-line MD041 -->
 ## Data Collection
 
 
@@ -1,3 +1,7 @@
-# Flex Consumption (FC1) with Always Ready feature example
+# Flex Consumption with Always Ready Instances
 
-This deploys the module with a Linux Function App utilizing the Flex Consumption Plan, with always-ready instances.
+This example deploys a Linux Function App on the Azure Flex Consumption (FC1) plan with always-ready instances configured.
+
+Always-ready instances keep a specified number of pre-warmed workers for designated trigger types (e.g., `http`, `blob`, `durable`), reducing cold-start latency for critical functions. This example demonstrates how to configure the `always_ready` variable to reserve instances for specific triggers.
+
+The example uses `kind = "functionapp"`, `os_type = "Linux"`, and `function_app_uses_fc1 = true`.
@@ -0,0 +1,7 @@
+data "azapi_resource_action" "storage_keys" {
+  action                 = "listKeys"
+  method                 = "POST"
+  resource_id            = azapi_resource.storage_account.id
+  type                   = "Microsoft.Storage/storageAccounts@2025-01-01"
+  response_export_values = ["keys"]
+}