Skip to content

Commit

Permalink
Switch to Azure Health Data Services FHIR service
Browse files Browse the repository at this point in the history
  • Loading branch information
nickclyde committed Nov 3, 2023
1 parent 061cec7 commit aa87bb1
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 7 deletions.
43 changes: 37 additions & 6 deletions terraform/modules/shared/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -515,12 +515,43 @@ resource "azurerm_container_app_environment_storage" "custom_schema_storage" {

##### FHIR Server #####

resource "azurerm_healthcare_service" "fhir_server" {
name = "${terraform.workspace}fhir${substr(var.client_id, 0, 8)}"
location = "eastus"
locals {
fhir_server_name = "${terraform.workspace}fhir${substr(var.client_id, 0, 8)}"
}

resource "azurerm_healthcare_workspace" "fhir_server" {
name = local.fhir_server_name
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_healthcare_fhir_service" "fhir_server" {
name = local.fhir_server_name
location = var.location
resource_group_name = var.resource_group_name
workspace_id = azurerm_healthcare_workspace.fhir_server.id
kind = "fhir-R4"
cosmosdb_throughput = (terraform.workspace == "uat" ? 2000 : 400)

authentication {
authority = "https://login.microsoftonline.com/tenantId"
audience = "https://${local.fhir_server_name}.fhir.azurehealthcareapis.com"
}

access_policy_object_ids = [
data.azurerm_client_config.current.object_id
]

identity {
type = "SystemAssigned"
}

cors {
allowed_origins = ["*.${azurerm_container_app_environment.phdi.default_domain}"]
allowed_headers = ["*"]
allowed_methods = ["GET", "DELETE", "PUT"]
max_age_in_seconds = 3600
credentials_allowed = true
}

lifecycle {
ignore_changes = [name, tags]
Expand All @@ -533,13 +564,13 @@ resource "azurerm_healthcare_service" "fhir_server" {
}

resource "azurerm_role_assignment" "gh_sp_fhir_contributor" {
scope = azurerm_healthcare_service.fhir_server.id
scope = azurerm_healthcare_fhir_service.fhir_server.id
role_definition_name = "FHIR Data Contributor"
principal_id = var.object_id
}

resource "azurerm_role_assignment" "pipeline_runner_fhir_contributor" {
scope = azurerm_healthcare_service.fhir_server.id
scope = azurerm_healthcare_fhir_service.fhir_server.id
role_definition_name = "FHIR Data Contributor"
principal_id = azurerm_user_assigned_identity.pipeline_runner.principal_id
}
Expand Down
2 changes: 1 addition & 1 deletion terraform/modules/shared/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ output "phi_storage_account_key" {
}

output "fhir_server_name" {
value = azurerm_healthcare_service.fhir_server.name
value = azurerm_healthcare_fhir_service.fhir_server.name
}

output "pipeline_runner_id" {
Expand Down

0 comments on commit aa87bb1

Please sign in to comment.