diff --git a/main.bicep b/main.bicep
index 941a650..7dccd08 100644
--- a/main.bicep
+++ b/main.bicep
@@ -3,28 +3,47 @@ targetScope = 'subscription'
 param location string = 'westeurope'
 
 var acrResourceGroupName = 'rg-xprtzbv-acr'
+var infrastructureResourceGroupName = 'rg-xprtzbv-infrastructure'
 
-resource acrResourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+resource acrResourceGroup 'Microsoft.Resources/resourceGroups@2024-03-01' = {
   name: acrResourceGroupName
   location: location
 }
 
+resource infrastructureResourceGroup 'Microsoft.Resources/resourceGroups@2024-03-01' = {
+  name: infrastructureResourceGroupName
+  location: location
+}
+
 module acr 'modules/acr.bicep' = {
   scope: acrResourceGroup
-  name: 'Deploy-Acr'
+  name: 'deployAcr'
   params: {
     location: location
   }
 }
 
 module customRoleDefinitions 'modules/customroledefinitions.bicep' = {
-  name: 'Deploy-Custom-RoleDefinitions'
+  name: 'deployCustomRoleDefinitions'
 }
 
 module roleAssignments 'modules/roleassignments.bicep' = {
   scope: acrResourceGroup
-  name: 'Deploy-Role-Assignments'
+  name: 'deployRoleAssignments'
   params: {
     deploymentsWriterRoleDefinitionId: customRoleDefinitions.outputs.roleDefinitionId
   }
 }
+
+module analytics 'modules/analytics.bicep' = {
+  scope: infrastructureResourceGroup
+  name: 'deployAnalytics'
+}
+
+module frontDoorProfile 'modules/frontDoorProfile.bicep' = {
+  scope: infrastructureResourceGroup
+  name: 'deployFrontDoorProfile'
+  params: {
+    logAnalyticsWorkspaceId: analytics.outputs.logAnalyticsWorkspaceId
+  }
+}
diff --git a/modules/analytics.bicep b/modules/analytics.bicep
new file mode 100644
index 0000000..a4beeb9
--- /dev/null
+++ b/modules/analytics.bicep
@@ -0,0 +1,13 @@
+var logAnalyticsWorkspaceName = 'log-xprtzbv-websites'
+
+resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' = {
+  name: logAnalyticsWorkspaceName
+  location: resourceGroup().location
+  properties: {
+    sku: {
+      name: 'PerGB2018'
+    }
+  }
+}
+
+output logAnalyticsWorkspaceId string = logAnalyticsWorkspace.id
diff --git a/modules/frontDoorProfile.bicep b/modules/frontDoorProfile.bicep
new file mode 100644
index 0000000..c9833ac
--- /dev/null
+++ b/modules/frontDoorProfile.bicep
@@ -0,0 +1,44 @@
+@allowed([
+  'Standard_AzureFrontDoor'
+  'Premium_AzureFrontDoor'
+])
+param frontDoorSkuName string = 'Standard_AzureFrontDoor'
+param logAnalyticsWorkspaceId string
+
+var frontDoorProfileName = 'afd-xprtzbv-websites'
+
+resource frontDoorProfile 'Microsoft.Cdn/profiles@2024-02-01' = {
+  name: frontDoorProfileName
+  location: 'global'
+  sku: {
+    name: frontDoorSkuName
+  }
+}
+
+resource diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
+  name: 'diagnostics-${frontDoorProfileName}'
+  scope: frontDoorProfile
+  properties: {
+    workspaceId: logAnalyticsWorkspaceId
+    logs: [
+      {
+        category: 'FrontDoorAccessLog'
+        enabled: true
+      }
+      {
+        category: 'FrontDoorHealthProbeLog'
+        enabled: true
+      }
+      {
+        category: 'FrontDoorWebApplicationFirewallLog'
+        enabled: true
+      }
+    ]
+    metrics: [
+      {
+        enabled: true
+        category: 'AllMetrics'
+      }
+    ]
+  }
+}