diff --git a/infrastructure/azure.tf b/infrastructure/azure.tf
index f3c23209..74a639ce 100644
--- a/infrastructure/azure.tf
+++ b/infrastructure/azure.tf
@@ -2,7 +2,7 @@
 # Set up environment variables before running this script (see README.md)
 
 provider "azurerm" {
-  version = "~> 0.3"
+  version = "~> 1.0"
 }
 
 provider "random" {
@@ -54,6 +54,16 @@ variable "azurerm_storage_container" {
     type = "string"
 }
 
+variable "message_blob_container" {
+  type = "string"
+  description = "Name of the message container blob"
+}
+
+variable "azurerm_functionapp" {
+  type = "string"
+  description = "Name of the main Functions application"
+}
+
 # Name of the storage account for functions
 variable "azurerm_functionapp_storage_account" {
     type = "string"
@@ -192,6 +202,8 @@ resource "azurerm_storage_account" "azurerm_storage_account" {
     # see https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption
     enable_blob_encryption = true
 
+    enable_https_traffic_only = true
+
     tags {
         environment = "${var.environment}"
     }
@@ -210,6 +222,8 @@ resource "azurerm_storage_account" "azurerm_functionapp_storage_account" {
     # see https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption
     enable_blob_encryption = true
 
+    enable_https_traffic_only = true
+
     tags {
         environment = "${var.environment}"
     }
@@ -238,6 +252,18 @@ resource "azurerm_storage_queue" "azurerm_storage_queue_createdmessages" {
     storage_account_name = "${azurerm_storage_account.azurerm_storage_account.name}"
 }
 
+## BLOBS
+
+resource "azurerm_storage_blob" "azurerm_message_blob" {
+  name = "${var.message_blob_container}"
+
+  resource_group_name    = "${azurerm_resource_group.azurerm_resource_group.name}"
+  storage_account_name   = "${azurerm_storage_account.azurerm_storage_account.name}"
+  storage_container_name = "${azurerm_storage_container.azurerm_storage_container.name}"
+
+  type = "block"
+}
+
 ## DATABASE
 
 resource "azurerm_cosmosdb_account" "azurerm_cosmosdb" {
@@ -328,6 +354,32 @@ resource "azurerm_app_service_plan" "azurerm_app_service_plan" {
     # }
 }
 
+## FUNCTIONS
+
+resource "azurerm_function_app" "azurerm_function_app" {
+  name                      = "${var.azurerm_functionapp}"
+  location                  = "${azurerm_resource_group.azurerm_resource_group.location}"
+  resource_group_name       = "${azurerm_resource_group.azurerm_resource_group.name}"
+  app_service_plan_id       = "${azurerm_app_service_plan.azurerm_app_service_plan.id}"
+  storage_connection_string = "${azurerm_storage_account.azurerm_functionapp_storage_account.primary_connection_string}"
+  version                   = "~1"
+
+  app_settings = {
+    # "AzureWebJobsStorage" = "${azurerm_storage_account.azurerm_functionapp_storage_account.primary_connection_string}"
+    # "AzureWebJobsDashboard" = "${azurerm_storage_account.azurerm_functionapp_storage_account.primary_connection_string}"
+    "COSMOSDB_NAME" = "${var.azurerm_cosmosdb_documentdb}"
+    "QueueStorageConnection" = "${azurerm_storage_account.azurerm_storage_account.primary_connection_string}"
+    "APPINSIGHTS_INSTRUMENTATIONKEY" = "${azurerm_application_insights.azurerm_application_insights.instrumentation_key}"
+    "FUNCTION_APP_EDIT_MODE" = "readonly"
+    "AzureWebJobsSecretStorageType" = "disabled"
+    "WEBSITE_HTTPLOGGING_RETENTION_DAYS" = "3"
+    "DIAGNOSTICS_AZUREBLOBRETENTIONINDAYS" = "1"
+    "WEBSITE_NODE_DEFAULT_VERSION" = "6.11.2"
+    "SCM_USE_FUNCPACK_BUILD" = "1"
+    "MESSAGE_CONTAINER_NAME" = "${azurerm_storage_blob.azurerm_message_blob.name}"
+  }
+}
+
 ### DEVELOPER PORTAL TASKS
 
 resource "azurerm_app_service_plan" "azurerm_app_service_plan_portal" {
diff --git a/infrastructure/env/common/config.json b/infrastructure/env/common/config.json
index ba7d6a27..eefa943a 100644
--- a/infrastructure/env/common/config.json
+++ b/infrastructure/env/common/config.json
@@ -43,7 +43,6 @@
       "policyFile": "admin.xml"
     }
   ],
-  "message_blob_container": "message-content",
   "azure_portal_ips": [
     "104.42.195.92",
     "40.76.54.131",
diff --git a/infrastructure/env/common/tfvars.json b/infrastructure/env/common/tfvars.json
index 061c0c9f..3fdaa494 100644
--- a/infrastructure/env/common/tfvars.json
+++ b/infrastructure/env/common/tfvars.json
@@ -7,5 +7,6 @@
     "notifications": "messageId",
     "services": "serviceId"
   },
-  "app_service_portal_git_repo": "https://github.com/teamdigitale/digital-citizenship-onboarding"
+  "app_service_portal_git_repo": "https://github.com/teamdigitale/digital-citizenship-onboarding",
+  "message_blob_container": "message-content"
 }