srnichols
diff --git a/‎AzureArchitecture/globalLayer.bicep‎
Lines changed: 20 additions & 16 deletions b/‎AzureArchitecture/globalLayer.bicep‎
Lines changed: 20 additions & 16 deletions
diff --git a/‎AzureArchitecture/host-main.bicep‎
Lines changed: 18 additions & 17 deletions b/‎AzureArchitecture/host-main.bicep‎
Lines changed: 18 additions & 17 deletions
diff --git a/‎AzureArchitecture/host-main.parameters.json‎
Lines changed: 17 additions & 17 deletions b/‎AzureArchitecture/host-main.parameters.json‎
Lines changed: 17 additions & 17 deletions
@@ -53,6 +53,8 @@ param enableGlobalCosmos bool = true
 @description('Array of regional endpoint FQDNs for Traffic Manager (e.g., Application Gateway FQDNs)')
 param regionalEndpoints array = []
 
+
+
 @description('APIM Gateway URL for Front Door origin configuration')
 param apimGatewayUrl string = ''
 
@@ -76,27 +78,29 @@ resource trafficManager 'Microsoft.Network/trafficManagerProfiles@2022-04-01' =
     profileStatus: 'Enabled'
     trafficRoutingMethod: 'Performance'
     dnsConfig: {
-  // Traffic Manager requires a single-label relative name, not a FQDN.
-  // Derive a label from the dnsZoneName by taking the first label before the dot.
-  relativeName: split(toLower(dnsZoneName), '.')[0]
+      // Traffic Manager requires a single-label relative name, not a FQDN.
+      // Derive a label from the dnsZoneName by taking the first label before the dot.
+      relativeName: split(toLower(dnsZoneName), '.')[0]
       ttl: 60
     }
     monitorConfig: {
       protocol: 'HTTPS'
       port: 443
       path: '/health'
     }
-    endpoints: [for (endpoint, i) in regionalEndpoints: {
-      name: 'regional-endpoint-${i + 1}'
-      type: 'Microsoft.Network/trafficManagerProfiles/externalEndpoints'
-      properties: {
-        target: endpoint.fqdn
-        endpointStatus: 'Enabled'
-        endpointLocation: endpoint.location
-        weight: 1
-        priority: i + 1
+    endpoints: [
+      for (endpoint, i) in regionalEndpoints: if (!empty(endpoint.fqdn)) {
+        name: 'regional-endpoint-${i + 1}'
+        type: 'Microsoft.Network/trafficManagerProfiles/externalEndpoints'
+        properties: {
+          target: endpoint.fqdn
+          endpointStatus: 'Enabled'
+          endpointLocation: endpoint.location
+          weight: 1
+          priority: i + 1
+        }
       }
-    }]
+    ]
   }
 }
 
@@ -181,7 +185,7 @@ resource apimRoute 'Microsoft.Cdn/profiles/afdEndpoints/routes@2023-05-01' = if
 }
 
 // Secondary Origin Group for regional Application Gateways (fallback/direct routing)
-resource regionalOriginGroup 'Microsoft.Cdn/profiles/originGroups@2023-05-01' = if (length(regionalEndpoints) > 0) {
+resource regionalOriginGroup 'Microsoft.Cdn/profiles/originGroups@2023-05-01' = if (length([for endpoint in regionalEndpoints: if (!empty(endpoint.fqdn)) endpoint]) > 0) {
   name: 'regional-agw-origins'
   parent: frontDoor
   properties: {
@@ -200,7 +204,7 @@ resource regionalOriginGroup 'Microsoft.Cdn/profiles/originGroups@2023-05-01' =
 }
 
 // Origins for each regional Application Gateway (fallback routing)
-resource regionalOrigins 'Microsoft.Cdn/profiles/originGroups/origins@2023-05-01' = [for (endpoint, i) in regionalEndpoints: if (length(regionalEndpoints) > 0) {
+resource regionalOrigins 'Microsoft.Cdn/profiles/originGroups/origins@2023-05-01' = [for (endpoint, i) in regionalEndpoints: if (!empty(endpoint.fqdn)) {
   name: 'agw-${endpoint.location}-origin'
   parent: regionalOriginGroup
   properties: {
@@ -216,7 +220,7 @@ resource regionalOrigins 'Microsoft.Cdn/profiles/originGroups/origins@2023-05-01
 }]
 
 // Fallback Route for direct regional access (bypassing APIM)
-resource regionalRoute 'Microsoft.Cdn/profiles/afdEndpoints/routes@2023-05-01' = if (length(regionalEndpoints) > 0) {
+resource regionalRoute 'Microsoft.Cdn/profiles/afdEndpoints/routes@2023-05-01' = if (length([for endpoint in regionalEndpoints: if (!empty(endpoint.fqdn)) endpoint]) > 0) {
   name: 'regional-fallback-route'
   parent: frontDoorEndpoint
   properties: {
 
@@ -68,13 +68,14 @@ var regionShortNames = {
   westus: 'wus'
   westus2: 'wus2'
   westus3: 'wus3'
+  centralus: 'cus'
   northeurope: 'neu'
   westeurope: 'weu'
 }
 
 // Short names for geographies, used in resource naming.
 var geoShortNames = {
-  northamerica: 'us'
+  northamerica: 'na'
   europe: 'eu'
   asia: 'apac'
 }
@@ -106,15 +107,15 @@ resource globalResourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
 // Create a resource group for each region
 // Each region gets its own RG for isolation and quota management.
 resource regionResourceGroups 'Microsoft.Resources/resourceGroups@2021-04-01' = [for region in regions: {
-  name: 'rg-stamps-region-${region.geoName}-${region.regionName}-${envShort}'
+  name: 'rg-stamps-region-${(geoShortNames[?region.geoName] ?? substring(region.geoName, 0, 2))}-${region.regionName}-${envShort}'
   location: region.regionName
   tags: union(tags, { geo: region.geoName, region: region.regionName, scope: 'region' })
 }]
 
 // Create a resource group for each CELL
 // CELLs are the core isolation boundary for tenants; each gets its own RG.
 resource cellResourceGroups 'Microsoft.Resources/resourceGroups@2021-04-01' = [for cell in cells: {
-  name: 'rg-stamps-cell-${cell.geoName}-${cell.regionName}-${cell.cellName}-${envShort}'
+  name: 'rg-stamps-cell-${(geoShortNames[?cell.geoName] ?? substring(cell.geoName, 0, 2))}-${cell.regionName}-${cell.cellName}-${envShort}'
   location: cell.regionName
   tags: union(tags, {
     geo: cell.geoName
@@ -135,8 +136,8 @@ resource cellResourceGroups 'Microsoft.Resources/resourceGroups@2021-04-01' = [f
 
 // Deploy regional modules into their region RGs
 module regionalNetworks './regionalNetwork.bicep' = [for (region, idx) in regions: {
-  name: 'regionalNetwork-${region.geoName}-${region.regionName}'
-  scope: resourceGroup('rg-stamps-region-${region.geoName}-${region.regionName}-${envShort}')
+  name: 'regionalNetwork-${(geoShortNames[?region.geoName] ?? substring(region.geoName, 0, 2))}-${region.regionName}'
+  scope: resourceGroup('rg-stamps-region-${(geoShortNames[?region.geoName] ?? substring(region.geoName, 0, 2))}-${region.regionName}-${envShort}')
   params: {
     location: region.regionName
     geoName: region.geoName
@@ -151,8 +152,8 @@ module regionalNetworks './regionalNetwork.bicep' = [for (region, idx) in region
 
 // Deploy monitoring and regional layers into their region RGs
 module monitoringLayers './monitoringLayer.bicep' = [for (region, idx) in regions: {
-  name: 'monitoring-${region.geoName}-${region.regionName}'
-  scope: resourceGroup('rg-region-${region.geoName}-${region.regionName}')
+  name: 'monitoring-${(geoShortNames[?region.geoName] ?? substring(region.geoName, 0, 2))}-${region.regionName}'
+  scope: resourceGroup('rg-stamps-region-${(geoShortNames[?region.geoName] ?? substring(region.geoName, 0, 2))}-${region.regionName}-${envShort}')
   params: {
     location: region.regionName
     logAnalyticsWorkspaceName: 'law-stamps-${(regionShortNames[?region.regionName] ?? substring(region.regionName, 0, 3))}-${envShort}'
@@ -162,8 +163,8 @@ module monitoringLayers './monitoringLayer.bicep' = [for (region, idx) in region
 }]
 
 module regionalLayers './regionalLayer.bicep' = [for (region, idx) in regions: {
-  name: 'regional-${region.geoName}-${region.regionName}'
-  scope: resourceGroup('rg-region-${region.geoName}-${region.regionName}')
+  name: 'regional-${(geoShortNames[?region.geoName] ?? substring(region.geoName, 0, 2))}-${region.regionName}'
+  scope: resourceGroup('rg-stamps-region-${(geoShortNames[?region.geoName] ?? substring(region.geoName, 0, 2))}-${region.regionName}-${envShort}')
   params: {
     location: region.regionName
     appGatewayName: 'agw-${(geoShortNames[?region.geoName] ?? substring(region.geoName, 0, 2))}-${(regionShortNames[?region.regionName] ?? substring(region.regionName, 0, 3))}-${envShort}'
@@ -183,17 +184,17 @@ module regionalLayers './regionalLayer.bicep' = [for (region, idx) in regions: {
 
 // Deploy the CELL module into each dedicated RG
 module deploymentStampLayers './deploymentStampLayer.bicep' = [for (cell, idx) in cells: {
-  name: 'cell-${cell.geoName}-${cell.regionName}-${cell.cellName}'
-  scope: resourceGroup('rg-stamps-cell-${cell.geoName}-${cell.regionName}-${cell.cellName}-${envShort}')
+  name: 'cell-${(geoShortNames[?cell.geoName] ?? substring(cell.geoName, 0, 2))}-${cell.regionName}-${cell.cellName}'
+  scope: resourceGroup('rg-stamps-cell-${(geoShortNames[?cell.geoName] ?? substring(cell.geoName, 0, 2))}-${cell.regionName}-${cell.cellName}-${envShort}')
   params: {
     location: cell.regionName
-    sqlServerName: toLower('sql-${(geoShortNames[?cell.geoName] ?? substring(cell.geoName, 0, 2))}-${(regionShortNames[?cell.regionName] ?? substring(cell.regionName, 0, 3))}-cell${(substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 0, 2) == '00' ? substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 2, 1) : (substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 0, 1) == '0' ? substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 1, 2) : substring(cell.cellName, length(cell.cellName) - 3, 3)))}-${envShort}')
+    sqlServerName: toLower('sql-${(geoShortNames[?cell.geoName] ?? substring(cell.geoName, 0, 2))}-${(regionShortNames[?cell.regionName] ?? substring(cell.regionName, 0, 3))}-cell${substring(cell.cellName, length(cell.cellName) - 2, 2)}-${envShort}')
     sqlAdminUsername: sqlAdminUsername
     sqlAdminPassword: sqlAdminPassword
-    sqlDbName: toLower('sqldb-cell${(substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 0, 2) == '00' ? substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 2, 1) : (substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 0, 1) == '0' ? substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 1, 2) : substring(cell.cellName, length(cell.cellName) - 3, 3)))}-z${string(length(cell.availabilityZones))}-${(regionShortNames[?cell.regionName] ?? substring(cell.regionName, 0, 3))}-${envShort}')
-    storageAccountName: toLower('st${(geoShortNames[?cell.geoName] ?? substring(cell.geoName, 0, 2))}${(regionShortNames[?cell.regionName] ?? substring(cell.regionName, 0, 3))}cell${(substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 0, 2) == '00' ? substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 2, 1) : (substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 0, 1) == '0' ? substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 1, 2) : substring(cell.cellName, length(cell.cellName) - 3, 3)))}z${string(length(cell.availabilityZones))}${envShort}${substring(uniqueString(subscription().id, cell.regionName, cell.cellName, deployment().name), 0, 2)}')
-    keyVaultName: toLower('kv-${(geoShortNames[?cell.geoName] ?? substring(cell.geoName, 0, 2))}-${(regionShortNames[?cell.regionName] ?? substring(cell.regionName, 0, 3))}-cell${(substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 0, 2) == '00' ? substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 2, 1) : (substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 0, 1) == '0' ? substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 1, 2) : substring(cell.cellName, length(cell.cellName) - 3, 3)))}-${envShort}-${substring(uniqueString(subscription().id, cell.regionName, cell.cellName), 0, 2)}')
-    cosmosDbStampName: toLower('cosmos${(geoShortNames[?cell.geoName] ?? substring(cell.geoName, 0, 2))}${(regionShortNames[?cell.regionName] ?? substring(cell.regionName, 0, 3))}cell${(substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 0, 2) == '00' ? substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 2, 1) : (substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 0, 1) == '0' ? substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 1, 2) : substring(cell.cellName, length(cell.cellName) - 3, 3)))}z${string(length(cell.availabilityZones))}${envShort}${substring(uniqueString(subscription().id, cell.regionName, cell.cellName, deployment().name), 0, 6)}')
+    sqlDbName: toLower('sqldb-cell${substring(cell.cellName, length(cell.cellName) - 2, 2)}-z${string(length(cell.availabilityZones))}-${(regionShortNames[?cell.regionName] ?? substring(cell.regionName, 0, 3))}-${envShort}')
+    storageAccountName: toLower('st${(geoShortNames[?cell.geoName] ?? substring(cell.geoName, 0, 2))}${(regionShortNames[?cell.regionName] ?? substring(cell.regionName, 0, 3))}cell${substring(cell.cellName, length(cell.cellName) - 2, 2)}z${string(length(cell.availabilityZones))}${envShort}${substring(uniqueString(subscription().id, cell.regionName, cell.cellName, deployment().name), 0, 2)}')
+    keyVaultName: toLower('kv-${(geoShortNames[?cell.geoName] ?? substring(cell.geoName, 0, 2))}-${(regionShortNames[?cell.regionName] ?? substring(cell.regionName, 0, 3))}-cell${substring(cell.cellName, length(cell.cellName) - 2, 2)}-${envShort}-${substring(uniqueString(subscription().id, cell.regionName, cell.cellName), 0, 2)}')
+    cosmosDbStampName: toLower('cosmos${(geoShortNames[?cell.geoName] ?? substring(cell.geoName, 0, 2))}${(regionShortNames[?cell.regionName] ?? substring(cell.regionName, 0, 3))}cell${substring(cell.cellName, length(cell.cellName) - 2, 2)}z${string(length(cell.availabilityZones))}${envShort}${substring(uniqueString(subscription().id, cell.regionName, cell.cellName, deployment().name), 0, 6)}')
     tags: union(tags, {
       geo: cell.geoName
       region: cell.regionName
@@ -204,7 +205,7 @@ module deploymentStampLayers './deploymentStampLayer.bicep' = [for (cell, idx) i
     })
     containerRegistryName: toLower('acr${(geoShortNames[?cell.geoName] ?? substring(cell.geoName, 0, 2))}${(regionShortNames[?cell.regionName] ?? substring(cell.regionName, 0, 3))}${envShort}')
     enableContainerRegistry: false
-    containerAppName: toLower('ca-cell${(substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 0, 2) == '00' ? substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 2, 1) : (substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 0, 1) == '0' ? substring(substring(cell.cellName, length(cell.cellName) - 3, 3), 1, 2) : substring(cell.cellName, length(cell.cellName) - 3, 3)))}-z${string(length(cell.availabilityZones))}-${(regionShortNames[?cell.regionName] ?? substring(cell.regionName, 0, 3))}-${envShort}')
+    containerAppName: toLower('ca-cell${substring(cell.cellName, length(cell.cellName) - 2, 2)}-z${string(length(cell.availabilityZones))}-${(regionShortNames[?cell.regionName] ?? substring(cell.regionName, 0, 3))}-${envShort}')
     baseDomain: cell.baseDomain
     globalLogAnalyticsWorkspaceId: globalLogAnalyticsWorkspaceId
     cosmosAdditionalLocations: cell.?cosmosAdditionalLocations ?? []
 
@@ -6,38 +6,38 @@
   "managementClientTenantId": { "value": "30dd575a-bca7-491b-adf6-41d5f39275d4" },
   "tags": { "value": { "environment": "tst", "project": "StampsPattern" } },
     "sqlAdminUsername": { "value": "sqladmin" },
-    "sqlAdminPassword": { "value": "REPLACE_WITH_SECURE_PASSWORD" },
-    "globalLogAnalyticsWorkspaceId": { "value": "REPLACE_WITH_HUB_LAW_ID" },
-  "smoke": { "value": false },
+    "sqlAdminPassword": { "value": "G7!rT9p#xQ2z@LmS" },
+    "globalLogAnalyticsWorkspaceId": { "value": "/subscriptions/2fb123ca-e419-4838-9b44-c2eb71a21769/resourceGroups/rg-stamps-global-tst/providers/Microsoft.OperationalInsights/workspaces/law-stamps-na-wus3" },
+  "smoke": { "value": true },
     "regions": {
       "value": [
-        {
-          "geoName": "northamerica",
-          "regionName": "westus2",
-          "cells": ["cell-01", "cell-02", "cell-03"],
-          "baseDomain": "westus2.stamps.sdp-saas.com",
-          "keyVaultName": "kv-stamps-na-wus2",
-          "logAnalyticsWorkspaceName": "law-stamps-na-wus2"
-        },
         {
           "geoName": "northamerica",
           "regionName": "westus3",
           "cells": ["cell-01", "cell-02", "cell-03"],
           "baseDomain": "westus3.stamps.sdp-saas.com",
           "keyVaultName": "kv-stamps-na-wus3",
           "logAnalyticsWorkspaceName": "law-stamps-na-wus3"
+        },
+        {
+          "geoName": "northamerica",
+          "regionName": "centralus",
+          "cells": ["cell-01", "cell-02", "cell-03"],
+          "baseDomain": "centralus.stamps.sdp-saas.com",
+          "keyVaultName": "kv-stamps-na-cus",
+          "logAnalyticsWorkspaceName": "law-stamps-na-cus"
         }
       ]
     },
     "cells": {
       "value": [
-  { "geoName": "northamerica", "regionName": "westus2", "cellName": "CELL-001", "cellType": "Shared",    "availabilityZones": [],              "maxTenantCount": 100, "baseDomain": "westus2.stamps.sdp-saas.com" },
-  { "geoName": "northamerica", "regionName": "westus2", "cellName": "CELL-002", "cellType": "Shared",    "availabilityZones": ["1", "2"],      "maxTenantCount": 100, "baseDomain": "westus2.stamps.sdp-saas.com" },
-  { "geoName": "northamerica", "regionName": "westus2", "cellName": "CELL-003", "cellType": "Dedicated", "availabilityZones": ["1", "2", "3"], "maxTenantCount": 1,   "baseDomain": "westus2.stamps.sdp-saas.com" },
+  { "geoName": "northamerica", "regionName": "westus3", "cellName": "CELL-01", "cellType": "Shared",    "availabilityZones": [], "maxTenantCount": 100, "baseDomain": "westus3.stamps.sdp-saas.com" },
+  { "geoName": "northamerica", "regionName": "westus3", "cellName": "CELL-02", "cellType": "Shared",    "availabilityZones": [], "maxTenantCount": 100, "baseDomain": "westus3.stamps.sdp-saas.com" },
+  { "geoName": "northamerica", "regionName": "westus3", "cellName": "CELL-03", "cellType": "Dedicated", "availabilityZones": [], "maxTenantCount": 1,   "baseDomain": "westus3.stamps.sdp-saas.com" },
 
-  { "geoName": "northamerica", "regionName": "westus3", "cellName": "CELL-001", "cellType": "Dedicated", "availabilityZones": [],              "maxTenantCount": 1,   "baseDomain": "westus3.stamps.sdp-saas.com" },
-  { "geoName": "northamerica", "regionName": "westus3", "cellName": "CELL-002", "cellType": "Shared",    "availabilityZones": ["1", "2"],      "maxTenantCount": 100, "baseDomain": "westus3.stamps.sdp-saas.com" },
-  { "geoName": "northamerica", "regionName": "westus3", "cellName": "CELL-003", "cellType": "Dedicated", "availabilityZones": ["1", "2", "3"], "maxTenantCount": 1,   "baseDomain": "westus3.stamps.sdp-saas.com" }
+  { "geoName": "northamerica", "regionName": "centralus", "cellName": "CELL-01", "cellType": "Dedicated", "availabilityZones": [], "maxTenantCount": 1,   "baseDomain": "centralus.stamps.sdp-saas.com" },
+  { "geoName": "northamerica", "regionName": "centralus", "cellName": "CELL-02", "cellType": "Shared",    "availabilityZones": [], "maxTenantCount": 100, "baseDomain": "centralus.stamps.sdp-saas.com" },
+  { "geoName": "northamerica", "regionName": "centralus", "cellName": "CELL-03", "cellType": "Dedicated", "availabilityZones": [], "maxTenantCount": 1,   "baseDomain": "centralus.stamps.sdp-saas.com" }
       ]
     }
   }