Sample bicep template that deploys a private ASEv3, App Service Plan and a Web App with direct VNet access

sample.bicep

param vnetName string = 'sampleVnet'
param aseName string = 'sampleAse'
param webAppName string = 'sampleWebApp'
param storageAccountName string = 'samplestorage'
param functionAppName string = 'sampleFunctionApp'
param aseLocation string = resourceGroup().location

@description('Existing Sample Virtual Network')
resource aseVirtualNetwork 'Microsoft.Network/virtualNetworks@2023-02-01' existing = {
  name: vnetName
}

resource sampleStorage 'Microsoft.Storage/storageAccounts@2022-09-01' existing = {
  name: storageAccountName
}

@description('Sample App Service Environment')
resource sampleAse 'Microsoft.Web/hostingEnvironments@2022-09-01' = {
  name: aseName
  location: aseLocation
  kind: 'ASEV3'
  properties: {
    virtualNetwork: {
      id: aseVirtualNetwork.id
      subnet: 'appsvcsubnet'
    }
    internalLoadBalancingMode: 'Web, Publishing'
  }
}

@description('Sample App Service Plan deployed to ASE')
resource sampleAsePlan 'Microsoft.Web/serverfarms@2021-02-01' = {
  name: 'sampleAsePlan'
  location: aseLocation
  sku: {
    name: 'I1V2'
    tier: 'IsolatedV2'
  }
  properties: {
    hostingEnvironmentProfile: {
      id: sampleAse.id
    }
  }
}

@description('Sample Web App')
resource site 'Microsoft.Web/sites@2021-01-15' = {
  name: webAppName
  location: aseLocation
  properties: {
    siteConfig: {
      // Ensures that direct access from the Virtual Network is enabled
      publicNetworkAccess: 'Enabled'
    }
    serverFarmId: sampleAsePlan.id
    clientAffinityEnabled: true
    hostingEnvironmentProfile: {
      id: sampleAse.id
    }
  }
}

@description('Sample Function App')
resource sampleFunctionApp 'Microsoft.Web/sites@2021-01-15' = {
  name: functionAppName
  location: aseLocation
  kind: 'functionapp'
  properties: {
    siteConfig: {
      // Ensures that direct access from the Virtual Network is enabled
      publicNetworkAccess: 'Enabled'
      // Allows any IP address on your Virtual Network to access your Function App
      ipSecurityRestrictions: [
        {
          ipAddress: '*'
          action: 'Allow'
        }
      ]
      // Inherit the main site IP restrictions for SCM subsite
      scmIpSecurityRestrictionsUseMain: true
      appSettings: [
        {
          name: 'AzureWebJobsStorage'
          value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccountName};EndpointSuffix=${environment().suffixes.storage};AccountKey=${sampleStorage.listKeys().keys[0].value}'
        }
        {
          name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING'
          value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccountName};EndpointSuffix=${environment().suffixes.storage};AccountKey=${sampleStorage.listKeys().keys[0].value}'
        }
        {
          name: 'WEBSITE_CONTENTSHARE'
          value: toLower(functionAppName)
        }
        {
          name: 'FUNCTIONS_EXTENSION_VERSION'
          value: '~4'
        }
        {
          name: 'WEBSITE_NODE_DEFAULT_VERSION'
          value: '~18'
        }
        {
          name: 'FUNCTIONS_WORKER_RUNTIME'
          value: 'node'
        }
      ]
      ftpsState: 'FtpsOnly'
      minTlsVersion: '1.2'
    }
    serverFarmId: sampleAsePlan.id
    clientAffinityEnabled: true
    hostingEnvironmentProfile: {
      id: sampleAse.id
    }
  }
}