diff --git a/.gitignore b/.gitignore
index 0712879..56d9d2f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -171,3 +171,5 @@ studio/dist
 .env-dev
 .env-prod
 dump.sql
+*.parameters.json
+*.bicepparam
\ No newline at end of file
diff --git a/deployments/bicep/README.md b/deployments/bicep/README.md
new file mode 100644
index 0000000..00f073f
--- /dev/null
+++ b/deployments/bicep/README.md
@@ -0,0 +1,5 @@
+```bash
+az deployment group create --name ExampleDeployment --resource-group jb-studio-test --parameters storage.bicepparam
+
+az deployment group create --resource-group jbstudiotest1 --template-file ./main.bicep --parameters main.bicepparam
+```
\ No newline at end of file
diff --git a/deployments/bicep/main.bicep b/deployments/bicep/main.bicep
new file mode 100644
index 0000000..7d37c7a
--- /dev/null
+++ b/deployments/bicep/main.bicep
@@ -0,0 +1,160 @@
+// create bicep version of the stuff above
+
+param resourceNamePrefix string
+param location string
+param postgresAdminUser string
+
+@secure()
+param postgresAdminPassword string
+
+param postgresDatabaseName string
+param cpu string = '0.5'
+param memory string = '1Gi'
+
+@secure()
+param AZURE_OPENAI_API_KEY string
+param AZURE_OPENAI_API_VERSION string
+param AZURE_OPENAI_ENDPOINT string
+param FAST_MODEL string = 'gpt-4-turbo'
+param SLOW_MODEL string = 'gpt-4-turbo'
+
+param pwrEngineImageName string
+param pwrServerImageName string
+@secure()
+param imagePassword string
+param imageRegistryLoginServer string
+param imageUsername string
+
+param AAD_APP_CLIENT_ID string
+param AAD_APP_TENANT_ID string
+param ISSUER string
+
+param SERVER_HOST string
+
+param keyVaultName string
+
+@description('The secret url for the certificate in Azure Key Vault.')
+@secure()
+param keyVaultSecretId string
+
+// deploy ./vnet.bicep
+
+module vnet './modules/vnet.bicep' = {
+  name: '${resourceNamePrefix}-vnet'
+  params: {
+    vnetName: '${resourceNamePrefix}-vnet'
+  }
+}
+
+// deploy the files ./eventhub.bicep and postgres.bicep
+
+module eventhub './modules/eventhub.bicep' = {
+  name: '${resourceNamePrefix}-eventhub'
+  params: {
+    eventHubNamespace: '${resourceNamePrefix}-eventhub-namespace'
+    location: location
+  }
+}
+
+module postgres './modules/postgres.bicep' = {
+  name: '${resourceNamePrefix}-postgres'
+  params: {
+    resourceNamePrefix: resourceNamePrefix
+    location: location
+    postgresAdminUser: postgresAdminUser
+    postgresAdminPassword: postgresAdminPassword
+    postgresDatabaseName: postgresDatabaseName
+  }
+}
+
+module storage './modules/storage.bicep' = {
+  name: '${resourceNamePrefix}-storage'
+  params: {
+    location: location
+    resourceNamePrefix: resourceNamePrefix
+  }
+}
+
+
+// create a public ip that will later be used for a load balancer
+
+resource publicIp 'Microsoft.Network/publicIPAddresses@2020-11-01' = {
+  name: '${resourceNamePrefix}-public-ip'
+  location: location
+  properties: {
+    publicIPAllocationMethod: 'Dynamic'
+  }
+}
+
+// deploy the files ./server.bicep and ./engine.bicep
+
+module engine './modules/containers/engine.bicep' = {
+  name: '${resourceNamePrefix}-engine'
+  params: {
+    location: location
+    AZURE_OPENAI_API_KEY: AZURE_OPENAI_API_KEY
+    AZURE_OPENAI_API_VERSION: AZURE_OPENAI_API_VERSION
+    AZURE_OPENAI_ENDPOINT: AZURE_OPENAI_ENDPOINT
+    FAST_MODEL: FAST_MODEL
+    SLOW_MODEL: SLOW_MODEL
+    
+    containerName: '${resourceNamePrefix}-pwr-engine'
+    imageName: pwrEngineImageName
+    imagePassword: imagePassword
+    imageRegistryLoginServer: imageRegistryLoginServer
+    imageUsername: imageUsername
+    KAFKA_BROKER: eventhub.outputs.kafkaBroker
+    KAFKA_CONSUMER_PASSWORD: eventhub.outputs.kafkaConnectionPassword
+    KAFKA_CONSUMER_USERNAME: eventhub.outputs.kafkaConnectionUsername
+    memory: memory
+    numberCpuCores: cpu
+  }
+}
+
+
+
+module server './modules/containers/server.bicep' = {
+  name: '${resourceNamePrefix}-server'
+  params: {
+    location: location
+
+    containerName: '${resourceNamePrefix}-pwr-server'
+    AAD_APP_CLIENT_ID: AAD_APP_CLIENT_ID
+    AAD_APP_TENANT_ID: AAD_APP_TENANT_ID
+    ISSUER: ISSUER
+    // construct a full db string using the postgress params and the output server ip
+    dbConnectionString: 'postgresql://${postgresAdminUser}:${postgresAdminPassword}@${postgres.outputs.postgresqlServerIP}:5432/${postgresDatabaseName}'
+    SERVER_HOST: SERVER_HOST
+    
+    imageName: pwrServerImageName
+    imagePassword: imagePassword
+    imageRegistryLoginServer: imageRegistryLoginServer
+    imageUsername: imageUsername
+    KAFKA_BROKER: eventhub.outputs.kafkaBroker
+    KAFKA_PRODUCER_PASSWORD: eventhub.outputs.kafkaConnectionPassword
+    KAFKA_PRODUCER_USERNAME: eventhub.outputs.kafkaConnectionUsername
+    memory: memory
+    numberCpuCores: cpu
+    subnetId: vnet.outputs.defaultSubnetId
+
+  }
+}
+
+
+// create a load balancer that will be used to route traffic to the containers
+// module gateway './modules/gateway.bicep' = {
+//   name: '${resourceNamePrefix}-gateway'
+//   params: {
+//     resourceNamePrefix: resourceNamePrefix
+//     location: location
+//     subnetId: vnet.outputs.gatewaySubnetId
+//     publicIpId: publicIp.id
+//     backendIPAddress: server.outputs.containerIP
+//     keyVaultName: keyVaultName
+//     keyVaultSecretId: keyVaultSecretId
+//   }
+// }
+
+output eventhubNamespace string = eventhub.outputs.kafkaBroker
+output postgresqlServerName string = postgres.outputs.postgresqlServerIP
+
diff --git a/deployments/bicep/modules/containers/engine.bicep b/deployments/bicep/modules/containers/engine.bicep
new file mode 100644
index 0000000..11b725e
--- /dev/null
+++ b/deployments/bicep/modules/containers/engine.bicep
@@ -0,0 +1,99 @@
+param location string
+param containerName string
+
+param numberCpuCores string
+param memory string
+
+param imageRegistryLoginServer string
+param imageUsername string
+@secure()
+param imagePassword string
+param imageName string
+
+param KAFKA_BROKER string
+param KAFKA_CONSUMER_USERNAME string
+
+@secure()
+param KAFKA_CONSUMER_PASSWORD string
+
+@secure()
+param AZURE_OPENAI_API_KEY string
+param AZURE_OPENAI_API_VERSION string
+param AZURE_OPENAI_ENDPOINT string
+param FAST_MODEL string = 'gpt-4-turbo'
+param SLOW_MODEL string = 'gpt-4-turbo'
+
+resource container 'Microsoft.ContainerInstance/containerGroups@2022-10-01-preview' = {
+  location: location
+  name: containerName
+  properties: {
+    containers: [
+      {
+        name: containerName
+        properties: {
+          image: imageName
+          resources: {
+            requests: {
+              cpu: int(numberCpuCores)
+              memoryInGB: json(memory)
+            }
+          }
+          environmentVariables: [
+            {
+              name: 'KAFKA_BROKER'
+              value: KAFKA_BROKER
+            }
+            {
+              name: 'KAFKA_USE_SASL'
+              value: 'true'
+            }
+            {
+              name: 'KAFKA_CONSUMER_USERNAME'
+              value: KAFKA_CONSUMER_USERNAME
+            }
+            {
+              name: 'KAFKA_CONSUMER_PASSWORD'
+              secureValue: KAFKA_CONSUMER_PASSWORD
+            }
+            {
+              name: 'KAFKA_ENGINE_TOPIC'
+              value: 'pwr_engine'
+            }
+            {
+              name: 'AZURE_OPENAI_API_KEY'
+              value: AZURE_OPENAI_API_KEY
+            }
+            {
+              name: 'AZURE_OPENAI_API_VERSION'
+              value: AZURE_OPENAI_API_VERSION
+            }
+            {
+              name: 'AZURE_OPENAI_ENDPOINT'
+              value: AZURE_OPENAI_ENDPOINT
+            }
+            {
+              name: 'FAST_MODEL'
+              value: FAST_MODEL
+            }
+            {
+              name: 'SLOW_MODEL'
+              value: SLOW_MODEL
+            }
+          ]
+          ports: [{port: 80, protocol: 'TCP'}]
+        }
+      }
+    ]
+    restartPolicy: 'OnFailure'
+    osType: 'Linux'
+    sku: 'Standard'
+    imageRegistryCredentials: [
+      {
+        server: imageRegistryLoginServer
+        username: imageUsername
+        password: imagePassword
+      }
+    ]
+  }
+  tags: {}
+}
diff --git a/deployments/bicep/modules/containers/server.bicep b/deployments/bicep/modules/containers/server.bicep
new file mode 100644
index 0000000..c74c5be
--- /dev/null
+++ b/deployments/bicep/modules/containers/server.bicep
@@ -0,0 +1,118 @@
+param location string
+param containerName string
+param subnetId string
+
+param numberCpuCores string
+param memory string
+
+param imageRegistryLoginServer string
+param imageName string
+param imageUsername string
+@secure()
+param imagePassword string
+
+param SERVER_HOST string
+param dbConnectionString string
+
+param AAD_APP_CLIENT_ID string
+param AAD_APP_TENANT_ID string
+param ISSUER string
+
+param KAFKA_BROKER string
+param KAFKA_PRODUCER_USERNAME string
+@secure()
+param KAFKA_PRODUCER_PASSWORD string
+
+
+resource container 'Microsoft.ContainerInstance/containerGroups@2022-10-01-preview' = {
+  location: location
+  name: containerName
+  properties: {
+    containers: [
+      {
+        name: containerName
+        properties: {
+          image: imageName
+          resources: {
+            requests: {
+              cpu: int(numberCpuCores)
+              memoryInGB: json(memory)
+            }
+          }
+          environmentVariables: [
+            {
+              name: 'SERVER_HOST'
+              value: SERVER_HOST
+            }
+            {
+              name: 'DB_CONNECTION_STRING'
+              value: dbConnectionString
+            }
+            {
+              name: 'AAD_APP_CLIENT_ID'
+              value: AAD_APP_CLIENT_ID
+            }
+            {
+              name: 'AAD_APP_TENANT_ID'
+              value: AAD_APP_TENANT_ID
+            }
+            {
+              name: 'ISSUER'
+              value: ISSUER
+            }
+            {
+              name: 'KAFKA_BROKER'
+              value: KAFKA_BROKER
+            }
+            {
+              name: 'KAFKA_USE_SASL'
+              value: 'true'
+            }
+            {
+              name: 'KAFKA_ENGINE_TOPIC'
+              value: 'pwr_engine'
+            }
+            {
+              name: 'KAFKA_PRODUCER_USERNAME'
+              value: KAFKA_PRODUCER_USERNAME
+            }
+            {
+              name: 'KAFKA_PRODUCER_PASSWORD'
+              secureValue: KAFKA_PRODUCER_PASSWORD
+            }
+          ]
+          command: [
+            'uvicorn'
+            'app.main:app'
+            '--workers'
+            '1'
+            '--host'
+            '0.0.0.0'
+            '--port'
+            '80'
+          ]
+          ports: [{port: 80, protocol: 'TCP'}, {port: 3000, protocol: 'TCP'}]
+        }
+      }
+    ]
+    restartPolicy: 'OnFailure'
+    osType: 'Linux'
+    sku: 'Standard'
+    imageRegistryCredentials: [
+      {
+        server: imageRegistryLoginServer
+        username: imageUsername
+        password: imagePassword
+      }
+    ]
+    subnetIds: [
+      {id: subnetId}
+    ]
+  }
+  tags: {}
+}
+
+
+// output the private IP adress assigned to the container group from the subnet
+
+output containerIP string = container.properties.ipAddress.ip
diff --git a/deployments/bicep/modules/eventhub.bicep b/deployments/bicep/modules/eventhub.bicep
new file mode 100644
index 0000000..ac2ec0d
--- /dev/null
+++ b/deployments/bicep/modules/eventhub.bicep
@@ -0,0 +1,65 @@
+@description('The name of the Event Hub namespace.')
+param eventHubNamespace string
+
+@description('The location for the resources.')
+param location string
+
+resource eventhubNamespace_resource 'Microsoft.EventHub/namespaces@2024-01-01' = {
+  name: eventHubNamespace
+  location: location
+  sku: {
+    name: 'Standard'
+    tier: 'Standard'
+    capacity: 1
+  }
+  properties: {
+    minimumTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    disableLocalAuth: false
+    zoneRedundant: true
+    isAutoInflateEnabled: true
+    maximumThroughputUnits: 5
+    kafkaEnabled: true
+  }
+}
+
+resource eventhubNamespace_sendlisten 'Microsoft.EventHub/namespaces/authorizationrules@2024-01-01' = {
+  parent: eventhubNamespace_resource
+  name: 'sendlisten'
+  properties: {
+    rights: [
+      'Send'
+      'Listen'
+    ]
+  }
+}
+
+resource eventhubNamespace_pwr 'Microsoft.EventHub/namespaces/eventhubs@2024-01-01' = {
+  parent: eventhubNamespace_resource
+  name: 'pwr_engine'
+  properties: {
+    retentionDescription: {
+      cleanupPolicy: 'Delete'
+      retentionTimeInHours: 1
+    }
+    messageRetentionInDays: 1
+    partitionCount: 3
+    status: 'Active'
+  }
+}
+
+resource eventhubNamespace_pwr_Default 'Microsoft.EventHub/namespaces/eventhubs/consumergroups@2024-01-01' = {
+  parent: eventhubNamespace_pwr
+  name: '$Default'
+  properties: {}
+}
+
+resource eventhubNamespace_pwr_cooler_group_id 'Microsoft.EventHub/namespaces/eventhubs/consumergroups@2024-01-01' = {
+  parent: eventhubNamespace_pwr
+  name: 'cooler_group_id'
+  properties: {}
+}
+
+output kafkaConnectionUsername string = '$ConnectionString'
+output kafkaConnectionPassword string = eventhubNamespace_sendlisten.listKeys().primaryConnectionString
+output kafkaBroker string = '${eventHubNamespace}.servicebus.windows.net:9093'
diff --git a/deployments/bicep/modules/gateway.bicep b/deployments/bicep/modules/gateway.bicep
new file mode 100644
index 0000000..494cf10
--- /dev/null
+++ b/deployments/bicep/modules/gateway.bicep
@@ -0,0 +1,162 @@
+@description('The resource ID of the subnet to which the Application Gateway should be connected.')
+param subnetId string
+
+@description('The private IP address of the backend server.')
+param backendIPAddress string
+
+@description('The secret url for the certificate in Azure Key Vault.')
+@secure()
+param keyVaultSecretId string
+
+param location string = resourceGroup().location
+param resourceNamePrefix string
+param publicIpId string
+
+param keyVaultName string
+
+var managedIdentityName = '${resourceNamePrefix}-gateway-identity'
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: managedIdentityName
+  location: location
+}
+
+// assign the identity to keyvault with name 
+resource keyVaultAccess 'Microsoft.KeyVault/vaults/accessPolicies@2021-06-01-preview' = {
+  name: '${keyVaultName}/add'
+  properties: {
+    accessPolicies: [
+      {
+        tenantId: subscription().tenantId
+        objectId: managedIdentity.properties.principalId
+        permissions: {
+          keys: ['get', 'list']
+          secrets: ['get', 'list']
+        }
+      }
+    ]
+  }
+}
+
+
+resource appGateway 'Microsoft.Network/applicationGateways@2020-06-01' = {
+  name: '${resourceNamePrefix}-appGateway'
+  location: location
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      // add the reference to the managed identity
+      '${managedIdentity.id}': {}
+    }
+    
+  }
+  properties: {
+    sku: {
+      name: 'Standard_v2'
+      tier: 'Standard_v2'
+      capacity: 2
+    }
+    gatewayIPConfigurations: [
+      {
+        name: 'appGatewayIpConfig'
+        properties: {
+          subnet: {
+            id: subnetId
+          }
+        }
+      }
+    ]
+    frontendIPConfigurations: [
+      {
+        name: 'appGatewayFrontendIP'
+        properties: {
+          publicIPAddress: {
+            id: publicIpId
+          }
+        }
+      }
+    ]
+    frontendPorts: [
+      {
+        name: 'frontendPortHttps'
+        properties: {
+          port: 443
+        }
+      }
+    ]
+    backendAddressPools: [
+      {
+        name: 'backendPool'
+        properties: {
+          backendAddresses: [
+            {
+              ipAddress: backendIPAddress
+            }
+          ]
+        }
+      }
+    ]
+    backendHttpSettingsCollection: [
+      {
+        name: 'backendHttpSettings'
+        properties: {
+          port: 80
+          protocol: 'Http'
+          cookieBasedAffinity: 'Disabled'
+          pickHostNameFromBackendAddress: false
+          requestTimeout: 20
+        }
+      }
+    ]
+    httpListeners: [
+      {
+        name: 'httpsListener'
+        properties: {
+          frontendIPConfiguration: {
+            id: resourceId(
+              'Microsoft.Network/applicationGateways/frontendIPConfigurations',
+              'appGateway',
+              'appGatewayFrontendIP'
+            )
+          }
+          frontendPort: {
+            id: resourceId('Microsoft.Network/applicationGateways/frontendPorts', 'appGateway', 'frontendPortHttps')
+          }
+          protocol: 'Https'
+          sslCertificate: {
+            id: resourceId('Microsoft.Network/applicationGateways/sslCertificates', 'appGateway', 'sslCertificate')
+          }
+        }
+      }
+    ]
+    requestRoutingRules: [
+      {
+        name: 'routingRule'
+        properties: {
+          ruleType: 'Basic'
+          httpListener: {
+            id: resourceId('Microsoft.Network/applicationGateways/httpListeners', 'appGateway', 'httpsListener')
+          }
+          backendAddressPool: {
+            id: resourceId('Microsoft.Network/applicationGateways/backendAddressPools', 'appGateway', 'backendPool')
+          }
+          backendHttpSettings: {
+            id: resourceId(
+              'Microsoft.Network/applicationGateways/backendHttpSettingsCollection',
+              'appGateway',
+              'backendHttpSettings'
+            )
+          }
+        }
+      }
+    ]
+    sslCertificates: [
+      {
+        name: 'sslCertificate'
+        properties: {
+          keyVaultSecretId: keyVaultSecretId
+        }
+      }
+    ]
+  }
+}
diff --git a/deployments/bicep/modules/postgres.bicep b/deployments/bicep/modules/postgres.bicep
new file mode 100644
index 0000000..c162622
--- /dev/null
+++ b/deployments/bicep/modules/postgres.bicep
@@ -0,0 +1,85 @@
+@description('The prefix used by all resources created by this template.')
+param resourceNamePrefix string
+
+@description('The location for the resources.')
+param location string
+
+@description('The administrator username for the PostgreSQL Flexible Server.')
+param postgresAdminUser string
+
+@description('The administrator password for the PostgreSQL Flexible Server.')
+@secure()
+param postgresAdminPassword string
+
+@description('The name of the database to create in the PostgreSQL Flexible Server.')
+param postgresDatabaseName string
+
+var postgresqlServerName = '${resourceNamePrefix}-postgresql-server'
+
+resource postgresqlServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-12-01-preview' = {
+  name: postgresqlServerName
+  location: location
+  properties: {
+    replica: {
+      role: 'Primary'
+    }
+    storage: {
+      iops: 120
+      tier: 'P4'
+      storageSizeGB: 32
+      autoGrow: 'Enabled'
+    }
+    network: {
+      publicNetworkAccess: 'Enabled'
+    }
+    dataEncryption: {
+      type: 'SystemManaged'
+    }
+    authConfig: {
+      activeDirectoryAuth: 'Disabled'
+      passwordAuth: 'Enabled'
+    }
+    version: '16'
+    administratorLogin: postgresAdminUser
+    administratorLoginPassword: postgresAdminPassword
+    availabilityZone: '1'
+    backup: {
+      backupRetentionDays: 7
+      geoRedundantBackup: 'Disabled'
+    }
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    maintenanceWindow: {
+      customWindow: 'Disabled'
+      dayOfWeek: 0
+      startHour: 0
+      startMinute: 0
+    }
+    replicationRole: 'Primary'
+  }
+  sku: {
+    name: 'Standard_D2ds_v4'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource postgresAllowAllAzureIPs 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-12-01-preview' = {
+  parent: postgresqlServer
+  name: 'AllowAllAzureIPs'
+  properties: {
+    startIpAddress: '0.0.0.0'
+    endIpAddress: '0.0.0.0'
+  }
+}
+
+resource postgresqlServerName_postgresDatabase 'Microsoft.DBforPostgreSQL/flexibleServers/databases@2023-12-01-preview' = {
+  parent: postgresqlServer
+  name: postgresDatabaseName
+  properties: {
+    charset: 'UTF8'
+    collation: 'en_US.utf8'
+  }
+}
+
+output postgresqlServerIP string = postgresqlServer.properties.fullyQualifiedDomainName
diff --git a/deployments/bicep/modules/storage.bicep b/deployments/bicep/modules/storage.bicep
new file mode 100644
index 0000000..db6f0ed
--- /dev/null
+++ b/deployments/bicep/modules/storage.bicep
@@ -0,0 +1,107 @@
+@description('The prefix used by all resources created by this template.')
+param resourceNamePrefix string
+
+@description('The location for the resources.')
+param location string
+
+var storageAccountName = '${resourceNamePrefix}storageaccount'
+var storageContainerName = '${resourceNamePrefix}-storage-container'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
+  name: storageAccountName
+  location: location
+  sku: {
+    name: 'Standard_LRS'
+  }
+  kind: 'StorageV2'
+  properties: {
+    dnsEndpointType: 'Standard'
+    defaultToOAuthAuthentication: false
+    publicNetworkAccess: 'Enabled'
+    allowCrossTenantReplication: false
+    minimumTlsVersion: 'TLS1_2'
+    allowBlobPublicAccess: true
+    allowSharedKeyAccess: true
+    networkAcls: {
+      bypass: 'AzureServices'
+      virtualNetworkRules: []
+      ipRules: []
+      defaultAction: 'Allow'
+    }
+    supportsHttpsTrafficOnly: true
+    encryption: {
+      requireInfrastructureEncryption: false
+      services: {
+        file: {
+          keyType: 'Account'
+          enabled: true
+        }
+        blob: {
+          keyType: 'Account'
+          enabled: true
+        }
+      }
+      keySource: 'Microsoft.Storage'
+    }
+    accessTier: 'Hot'
+  }
+}
+
+resource storageAccountName_default 'Microsoft.Storage/storageAccounts/blobServices@2023-05-01' = {
+  parent: storageAccount
+  name: 'default'
+  properties: {
+    changeFeed: {
+      enabled: false
+    }
+    restorePolicy: {
+      enabled: false
+    }
+    containerDeleteRetentionPolicy: {
+      enabled: true
+      days: 7
+    }
+    cors: {
+      corsRules: []
+    }
+    deleteRetentionPolicy: {
+      allowPermanentDelete: false
+      enabled: true
+      days: 7
+    }
+    isVersioningEnabled: false
+  }
+}
+
+resource storageAccountName_default_storageContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-05-01' = {
+  parent: storageAccountName_default
+  name: storageContainerName
+  properties: {
+    immutableStorageWithVersioning: {
+      enabled: false
+    }
+    defaultEncryptionScope: '$account-encryption-key'
+    denyEncryptionScopeOverride: false
+    publicAccess: 'None'
+  }
+}
+
+resource storageAccountName_default_web 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-05-01' = {
+  parent: storageAccountName_default
+  name: '$web'
+  properties: {
+    immutableStorageWithVersioning: {
+      enabled: false
+    }
+    defaultEncryptionScope: '$account-encryption-key'
+    denyEncryptionScopeOverride: false
+    publicAccess: 'Container'
+  }
+  dependsOn: [
+    storageAccountName_default_storageContainer
+  ]
+}
+
+output AZURE_STORAGE_ACCOUNT_URL string = storageAccount.properties.primaryEndpoints.blob
+output AZURE_STORAGE_ACCOUNT_KEY string = listKeys(storageAccountName, '2023-05-01').keys[0].value
+output AZURE_STORAGE_CONTAINER string = storageContainerName
diff --git a/deployments/bicep/modules/vnet.bicep b/deployments/bicep/modules/vnet.bicep
new file mode 100644
index 0000000..ad1f0ce
--- /dev/null
+++ b/deployments/bicep/modules/vnet.bicep
@@ -0,0 +1,47 @@
+@description('The name of the virtual network.')
+param vnetName string
+
+
+// create a virtual network with two subnets
+resource pwrStudioVnet 'Microsoft.Network/virtualNetworks@2023-11-01' = {
+  name: vnetName
+  location: 'centralindia'
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    subnets: [
+      {
+        name: 'default'
+        properties: {
+          addressPrefix: '10.0.0.0/24'
+          delegations: [
+            {
+              name: 'Microsoft.ContainerInstance/containerGroups'
+              properties: {
+                serviceName: 'Microsoft.ContainerInstance/containerGroups'
+              }
+            }
+          ]
+        }
+      }
+      {
+        name: 'gateway'
+        properties: {
+          addressPrefix: '10.0.1.0/24'
+        }
+      }
+    ]
+  }
+}
+
+
+// output the subnets as well as network info
+
+output defaultSubnetId string = pwrStudioVnet.properties.subnets[0].id
+output gatewaySubnetId string = pwrStudioVnet.properties.subnets[1].id
+
+// output network info too
+output vnetId string = pwrStudioVnet.id
diff --git a/docs/assets/pwr-studio-hld.drawio b/docs/assets/pwr-studio-hld.drawio
new file mode 100644
index 0000000..53ba6bb
--- /dev/null
+++ b/docs/assets/pwr-studio-hld.drawio
@@ -0,0 +1,85 @@
+<mxfile host="app.diagrams.net" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0" version="24.7.5">
+  <diagram name="Page-1" id="O_AO09EJojjPOY5_WfxG">
+    <mxGraphModel dx="1562" dy="846" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
+      <root>
+        <mxCell id="0" />
+        <mxCell id="1" parent="0" />
+        <mxCell id="-q9hSwCupJCB5PW47J8L-9" value="" style="rounded=0;whiteSpace=wrap;html=1;fillColor=none;dashed=1;strokeWidth=2;strokeColor=#007FFF;" parent="1" vertex="1">
+          <mxGeometry x="430" y="120" width="420" height="240" as="geometry" />
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-1" value="VNET" style="image;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/azure2/networking/Subnet.svg;" parent="1" vertex="1">
+          <mxGeometry x="783" y="360" width="66.8" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-2" value="" style="image;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/azure2/compute/Container_Instances.svg;" parent="1" vertex="1">
+          <mxGeometry x="467" y="206.5" width="64" height="68" as="geometry" />
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-3" value="Container Instances" style="image;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/azure2/containers/Container_Instances.svg;" parent="1" vertex="1">
+          <mxGeometry x="495" y="205.5" width="64" height="69" as="geometry" />
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-4" value="" style="image;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/azure2/containers/Container_Instances.svg;" parent="1" vertex="1">
+          <mxGeometry x="531" y="205.5" width="64" height="69" as="geometry" />
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-5" value="Postgres" style="image;sketch=0;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/mscae/Azure_Database_for_PostgreSQL_servers.svg;" parent="1" vertex="1">
+          <mxGeometry x="720" y="128" width="53.2" height="70" as="geometry" />
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-6" value="Event Hub&lt;div&gt;(Kafka connector)&lt;/div&gt;" style="image;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/azure2/analytics/Event_Hub_Clusters.svg;" parent="1" vertex="1">
+          <mxGeometry x="710" y="238.5" width="89.23" height="72.5" as="geometry" />
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-8" value="API Gateway" style="sketch=0;html=1;verticalAlign=top;labelPosition=center;verticalLabelPosition=bottom;align=center;spacingTop=-6;fontSize=11;fontStyle=1;fontColor=#999999;shape=image;aspect=fixed;imageAspect=0;image=data:image/svg+xml,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iMzY3LjgxODMyODg1NzQyMTkiIHZpZXdCb3g9IjcuMTA1NDI3MzU3NjAxMDAyZS0xNSAwIDM2Ni40MTAxODY3Njc1NzgxIDM2Ny44MTgzMjg4NTc0MjE5IiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCBtZWV0IiB3aWR0aD0iMzY2LjQxMDE5Njc2NzU3OTEiIHZlcnNpb249IjEuMSIgaWQ9InN2Zzk4NyIgem9vbUFuZFBhbj0ibWFnbmlmeSI+JiN4YTsgIDxwYXRoIGQ9Im0gNDguMjUxOTYsMTExLjUzOTA2IGMgLTcuNjE4NjQsMmUtNCAtMTMuNzk0NzIsNi4xNzYyOCAtMTMuNzk0OTMsMTMuNzk0OTIgMi4xZS00LDcuNjE4NjQgNi4xNzYyOSwxMy43OTQ3MiAxMy43OTQ5MywxMy43OTQ5MiBoIDE0NS4xNDY5MiB2IC0yNy41ODk4NCB6IG0gMjM4LjYwODU5LDU3LjQ1MTE3IGggNjUuNzU0NjkgYyA3LjYxODY0LC0yLjFlLTQgMTMuNzk0NzEsLTYuMTc2MjggMTMuNzk0OTIsLTEzLjc5NDkyIC0yLjFlLTQsLTcuNjE4NjQgLTYuMTc2MjgsLTEzLjc5NDcxIC0xMy43OTQ5MiwtMTMuNzk0OTIgSCAyODQuODUwNiBaIE0gMTMuNzk0OTIsMTcwLjk3NDYxIEMgNi4xNzYyODAxLDE3MC45NzQ4MiAyLjEwMDkxOWUtNCwxNzcuMTUwODkgOS4xODk5MjFlLTgsMTg0Ljc2OTUzIC04LjY5OTA4MWUtNCwxOTIuMzg4OTMgNi4xNzU1MjAxLDE5OC41NjYxOSAxMy43OTQ5MiwxOTguNTY2NCBIIDE5My4zOTg4OCBWIDE3MC45NzQ2MSBaIE0gMjg0LjMwNzgsMjI3LjU2NjQgaCA2OC4zMDc0NCBjIDcuNjE4NjQsLTIuMWUtNCAxMy43OTQ3MSwtNi4xNzYyOCAxMy43OTQ5MiwtMTMuNzk0OTIgLTIuMWUtNCwtNy42MTg2NCAtNi4xNzYyOCwtMTMuNzk0NzEgLTEzLjc5NDkyLC0xMy43OTQ5MiBoIC02NS45MjE3OCB6IG0gLTIzNi4wNTU4NCwxLjY5NzI3IGMgLTcuNjE4NjQsMmUtNCAtMTMuNzk0NzIsNi4xNzYyOCAtMTMuNzk0OTMsMTMuNzk0OTIgMi4xZS00LDcuNjE4NjQgNi4xNzYyOSwxMy43OTQ3MiAxMy43OTQ5MywxMy43OTQ5MiBIIDE5My4zOTg4OCBWIDIyOS4yNjM2NyBaIE0gMTg5LjUyMTQ5LDAgYyAtMjQuNTc0MTEsMCAtNDkuMTY3MzcsMjAuMDU1MDcgLTU5LjQzNzUsNzUuMzczMDQgaCAzMC41ODAwNyBjIDQuNjE2MzMsLTI0LjE2MjA2IDE1LjM0ODk2LC00Ny41MjE0OCAyNy44NTM1MiwtNDcuNTIxNDggMTIuMTU4OCwwIDM5LjQ1ODk4LDU3LjQ1MDQ0IDM5LjQ1ODk4LDE2MC40MTQwNiAwLDY5LjkxNTEzIC0xOS41NzgwOSwxNTIuMTE1MjQgLTQxLjE3MTg3LDE1Mi4xMTUyMyAtMTUuMjY4ODEsMmUtNSAtMjEuMjE2NjgsLTI4LjMzMzU2IC0yNS40NDMzNiwtNDYuNzE4NzQgbCAtMzAuNDE0MDYsLTAuMDY4NCBjIDQuMjIwNzQsMjAuNTQwODcgMTYuOTA3NjgsNzQuMjI0NiA1Ny43MTI4OSw3NC4yMjQ2IDUzLjQzNjcyLDAgNjguOTEyMTEsLTExMS45OTMwNSA2OC45MTIxMSwtMTgwLjQ2Mjg5IEMgMjU3LjU3MjI3LDkzLjgwMDc2IDIzNi41ODM0LDAgMTg5LjUyMTQ5LDAgWiIgc3R5bGU9ImNvbG9yOiMwMDAwMDA7b3BhY2l0eToxO2ZpbGw6IzQyODVmNDtmaWxsLW9wYWNpdHk6MTtzdHJva2UtbGluZWNhcDpyb3VuZDstaW5rc2NhcGUtc3Ryb2tlOm5vbmUiLz4mI3hhOzwvc3ZnPg==;" parent="1" vertex="1">
+          <mxGeometry x="402" y="220" width="42" height="42" as="geometry" />
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-11" value="Azure Key Vault" style="image;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/azure2/security/Key_Vaults.svg;" parent="1" vertex="1">
+          <mxGeometry x="248" y="32" width="68" height="68" as="geometry" />
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-12" value="Storage Account" style="image;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/azure2/storage/Storage_Accounts.svg;" parent="1" vertex="1">
+          <mxGeometry x="140" y="100" width="65" height="52" as="geometry" />
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-13" value="Storage Container&lt;div&gt;(frontend)&lt;/div&gt;" style="image;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/azure2/general/Storage_Container.svg;" parent="1" vertex="1">
+          <mxGeometry x="248" y="222.5" width="64" height="52" as="geometry" />
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-14" value="CDN Profiles" style="image;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/azure2/app_services/CDN_Profiles.svg;" parent="1" vertex="1">
+          <mxGeometry x="60" y="234.5" width="68" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-15" value="Managed Identity" style="image;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/azure2/identity/Managed_Identities.svg;" parent="1" vertex="1">
+          <mxGeometry x="334" y="347" width="68" height="66" as="geometry" />
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-19" value="" style="endArrow=classic;startArrow=classic;html=1;rounded=0;entryX=0.928;entryY=0.413;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="704.18" y="170" as="sourcePoint" />
+            <mxPoint x="610.0019999999997" y="224.49700000000007" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-20" value="" style="endArrow=classic;startArrow=classic;html=1;rounded=0;exitX=-0.011;exitY=0.705;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.966;entryY=0.691;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="-q9hSwCupJCB5PW47J8L-6" target="-q9hSwCupJCB5PW47J8L-4" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="709.1936000000003" y="217.94" as="sourcePoint" />
+            <mxPoint x="590.0019999999997" y="287.5570000000001" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-21" value="" style="endArrow=none;dashed=1;html=1;dashPattern=1 3;strokeWidth=2;rounded=0;exitX=1.009;exitY=0.623;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="-q9hSwCupJCB5PW47J8L-12" target="-q9hSwCupJCB5PW47J8L-11" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="400" y="270" as="sourcePoint" />
+            <mxPoint x="450" y="220" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-22" value="" style="endArrow=none;dashed=1;html=1;dashPattern=1 3;strokeWidth=2;rounded=0;entryX=0.929;entryY=0.912;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0;exitY=0;exitDx=0;exitDy=0;" parent="1" source="-q9hSwCupJCB5PW47J8L-8" target="-q9hSwCupJCB5PW47J8L-11" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="400" y="270" as="sourcePoint" />
+            <mxPoint x="450" y="220" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-24" value="" style="endArrow=none;dashed=1;html=1;dashPattern=1 3;strokeWidth=2;rounded=0;entryX=0.063;entryY=0.144;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="-q9hSwCupJCB5PW47J8L-12" target="-q9hSwCupJCB5PW47J8L-13" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="400" y="270" as="sourcePoint" />
+            <mxPoint x="450" y="220" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="-q9hSwCupJCB5PW47J8L-25" value="" style="endArrow=classic;html=1;rounded=0;" parent="1" source="-q9hSwCupJCB5PW47J8L-14" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="130" y="240" as="sourcePoint" />
+            <mxPoint x="240" y="256" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+      </root>
+    </mxGraphModel>
+  </diagram>
+</mxfile>