diff --git a/aca-revision-and-traffic-management/main.bicep b/aca-revision-and-traffic-management/main.bicep
index 70b786d..d83d9a7 100644
--- a/aca-revision-and-traffic-management/main.bicep
+++ b/aca-revision-and-traffic-management/main.bicep
@@ -1 +1,49 @@
 // TODO
+targetScope='subscription'
+
+param acaResourceGroupName string
+param environment string
+param location string
+param locationPrefix string
+param tags object
+
+resource rg 'Microsoft.Resources/resourceGroups@2022-09-01' = {
+  name: acaResourceGroupName
+  location: location
+}
+
+module common 'modules/common.bicep' = {
+  name: 'common'
+  scope: rg
+  params: {
+    environment: environment
+    location: location 
+    tags: tags
+  }
+}
+
+module acaenvironment 'modules/aca-environment.bicep' = {
+  name: 'aca-environment'
+  scope: rg
+  params: {
+    location: location
+    managedIdentityId: common.outputs.managedIdentityId
+    tags: tags
+  }
+  dependsOn: [common]
+}
+
+module aca 'modules/aca.bicep' = {
+  name: 'aca'
+  scope: rg
+  params: {
+    environmentId: acaenvironment.outputs.environmentId
+    location: location
+    managedIdentityId: common.outputs.managedIdentityId
+    tags: tags
+  }
+  dependsOn: [acaenvironment]
+}
+
+@description('URL for store application')
+output storeUrl string = aca.outputs.helloWorldAppUri
diff --git a/aca-revision-and-traffic-management/modules/aca-environment.bicep b/aca-revision-and-traffic-management/modules/aca-environment.bicep
new file mode 100644
index 0000000..05fbd3a
--- /dev/null
+++ b/aca-revision-and-traffic-management/modules/aca-environment.bicep
@@ -0,0 +1,19 @@
+param location string
+param managedIdentityId string
+param tags object
+
+resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-11-02-preview' = {
+  name: 'cae-aca-store'
+  location: location
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentityId}' : {}
+    }
+  }
+  tags: tags
+}
+
+
+output defaultDomain string = containerAppsEnvironment.properties.defaultDomain
+output environmentId string = containerAppsEnvironment.id
diff --git a/aca-revision-and-traffic-management/modules/aca.bicep b/aca-revision-and-traffic-management/modules/aca.bicep
new file mode 100644
index 0000000..65b4f80
--- /dev/null
+++ b/aca-revision-and-traffic-management/modules/aca.bicep
@@ -0,0 +1,72 @@
+param environmentId string
+param location string
+param managedIdentityId string
+param tags object
+
+resource helloworld 'Microsoft.App/containerApps@2023-05-02-preview' = {
+  name: 'aca-helloworld'
+  location: location
+  tags: tags
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentityId}' : {}
+    }
+  }
+  properties: {
+    managedEnvironmentId: environmentId
+    configuration: {
+      ingress: { 
+        external: true
+        targetPort: 80
+        transport: 'http'
+        clientCertificateMode: 'accept'
+      }
+    }
+    template: {
+      containers: [
+        {
+          image: 'mcr.microsoft.com/azuredocs/aks-helloworld:v1'
+          name: 'aca-helloworld'
+          resources: {
+            cpu: json('0.5')
+            memory: '1.0Gi'
+          }
+          env: [
+            {
+              name: 'TITLE'
+              value: 'Hello World from Azure Container Apps (ACA)!'
+            }
+          ]
+          probes: [
+            {
+              type: 'Liveness'
+              httpGet: {
+                path: '/'
+                port: 80
+              }
+              initialDelaySeconds: 3
+              periodSeconds: 3
+              failureThreshold: 5
+            }
+            {
+              type: 'Readiness'
+              httpGet: {
+                path: '/'
+                port: 80
+              }
+              initialDelaySeconds: 3
+              periodSeconds: 3
+              failureThreshold: 3
+            }
+          ]
+        }
+      ]
+      scale: {
+        minReplicas: 1
+      }
+    }
+  }
+}
+
+output helloWorldAppUri string = 'https://${helloworld.properties.configuration.ingress.fqdn}'
diff --git a/aca-revision-and-traffic-management/modules/common.bicep b/aca-revision-and-traffic-management/modules/common.bicep
index 70b786d..4c56c9c 100644
--- a/aca-revision-and-traffic-management/modules/common.bicep
+++ b/aca-revision-and-traffic-management/modules/common.bicep
@@ -1 +1,13 @@
 // TODO
+param environment string
+param location string
+param tags object
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: 'uaid-aca-helloworld-common-${environment}'
+  location: location
+  tags: tags
+}
+
+output managedIdentityId string = managedIdentity.id
+output managedIdentityName string = managedIdentity.name
diff --git a/aca-revision-and-traffic-management/parameters/dev.bicepparam b/aca-revision-and-traffic-management/parameters/dev.bicepparam
index db36da2..45bf94e 100644
--- a/aca-revision-and-traffic-management/parameters/dev.bicepparam
+++ b/aca-revision-and-traffic-management/parameters/dev.bicepparam
@@ -1,6 +1,6 @@
 using '../main.bicep'
 
-param acaResourceGroupName = 'rg-aca-helloworld-revision-${locationPrefix}-${environment}'
+param acaResourceGroupName = 'rg-aca-helloworld-${locationPrefix}-${environment}'
 param environment = 'dev'
 param location = 'northeurope'
 param locationPrefix = 'neu'
diff --git a/aca-revision-and-traffic-management/parameters/prod.bicepparam b/aca-revision-and-traffic-management/parameters/prod.bicepparam
index 6eed6e8..be0d182 100644
--- a/aca-revision-and-traffic-management/parameters/prod.bicepparam
+++ b/aca-revision-and-traffic-management/parameters/prod.bicepparam
@@ -1,11 +1,11 @@
 using '../main.bicep'
 
-param acaResourceGroupName = 'rg-aca-aci-${locationPrefix}-${environment}'
+param acaResourceGroupName = 'rg-aca-helloworld-${locationPrefix}-${environment}'
 param environment = 'prod'
 param location = 'northeurope'
 param locationPrefix = 'neu'
 
 param tags = {
-  application: 'aca-win-aci'
+  application: 'aca-revision-traffic-mgmt'
   environment: environment
 }
diff --git a/aks-store-on-aca/main.bicep b/aks-store-on-aca/main.bicep
index 04ab672..6595ba1 100644
--- a/aks-store-on-aca/main.bicep
+++ b/aks-store-on-aca/main.bicep
@@ -106,6 +106,7 @@ module acacommon 'modules/aca-common.bicep' = {
     location: location
     logAnalyticsCustomerId: azuremonitor.outputs.logAnalyticsCustomerId
     logAnalyticsKey: keyVaultACAShared.getSecret(azuremonitor.outputs.logAnalyticsKey)
+    managedIdentityId: common.outputs.managedIdentityId
     nsgName: vnet.outputs.nsgName
     subnetId: vnet.outputs.acaSubnetId
     tags: tags
@@ -132,7 +133,6 @@ module frontend 'modules/aca-public-apps.bicep' = {
   name: 'frontend'
   scope: rg
   params: {
-    //defaultDomain: acacommon.outputs.defaultDomain
     environmentId: acacommon.outputs.environmentId
     location: location
     makelineServiceUri: backend.outputs.makelineServiceUri
diff --git a/aks-store-on-aca/modules/aca-common.bicep b/aks-store-on-aca/modules/aca-common.bicep
index 8547286..9dcd5d3 100644
--- a/aks-store-on-aca/modules/aca-common.bicep
+++ b/aks-store-on-aca/modules/aca-common.bicep
@@ -1,5 +1,6 @@
 param location string
 param logAnalyticsCustomerId string
+param managedIdentityId string
 param nsgName string
 param subnetId string
 param tags object
@@ -15,6 +16,12 @@ param logAnalyticsKey string
 resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-11-02-preview' = {
   name: 'cae-aca-store'
   location: location
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentityId}' : {}
+    }
+  }  
   properties: {
     appInsightsConfiguration: {
       connectionString: appInsightsConnectionString
@@ -48,5 +55,4 @@ resource containerAppsInboundNsgRule 'Microsoft.Network/networkSecurityGroups/se
   }
 }
 
-output defaultDomain string = containerAppsEnvironment.properties.defaultDomain
 output environmentId string = containerAppsEnvironment.id
diff --git a/aks-store-on-aca/modules/aca-public-apps.bicep b/aks-store-on-aca/modules/aca-public-apps.bicep
index 248f793..2af7a3d 100644
--- a/aks-store-on-aca/modules/aca-public-apps.bicep
+++ b/aks-store-on-aca/modules/aca-public-apps.bicep
@@ -123,15 +123,12 @@ resource storefront 'Microsoft.App/containerApps@2023-05-02-preview' = {
               secretRef: 'nginx-conf'
               path: 'default.conf'
             }
-            {
-              secretRef: 'nginx-conf'
-              path: 'nginx.conf.template'
-            }
           ]
         }
       ]
     }
   }
+  tags: tags
 }
 
 resource storeadmin 'Microsoft.App/containerApps@2023-05-02-preview' = {
@@ -236,10 +233,6 @@ resource storeadmin 'Microsoft.App/containerApps@2023-05-02-preview' = {
               secretRef: 'nginx-conf'
               path: 'default.conf'
             }
-            {
-              secretRef: 'nginx-conf'
-              path: 'nginx.conf.template'
-            }
           ]
         }
       ]
diff --git a/aks-store-on-aca/modules/keyvault.bicep b/aks-store-on-aca/modules/keyvault.bicep
index 945ea49..8dda8a1 100644
--- a/aks-store-on-aca/modules/keyvault.bicep
+++ b/aks-store-on-aca/modules/keyvault.bicep
@@ -16,11 +16,11 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-
 }
 
 resource keyVault 'Microsoft.KeyVault/vaults@2021-10-01' = {
-  name: 'kv-${uniqueString('keyvault', resourceGroup().id)}'
+  name: 'kv-${uniqueString('keyvault', resourceGroup().id, deployment().name)}'
   location: location
   properties: {
     enabledForTemplateDeployment: true
-    enablePurgeProtection: false // for production you would want it to be enabled, i.e. set to 'true'
+    enableSoftDelete: false // for production you would want it to be enabled, i.e. set to 'true', together with purge protection (enablePurgeProtection: true)    
     enableRbacAuthorization: true
     publicNetworkAccess: 'Disabled'
     tenantId: tenantId