From 20eba75a884b10039892268faf32915918f3eda3 Mon Sep 17 00:00:00 2001 From: John Downs Date: Tue, 25 Oct 2022 10:23:04 +1300 Subject: [PATCH] Update readme --- .../101-front-door-standard-premium/readme.md | 358 ++++++++++++------ 1 file changed, 245 insertions(+), 113 deletions(-) diff --git a/quickstart/101-front-door-standard-premium/readme.md b/quickstart/101-front-door-standard-premium/readme.md index 9f18dd38..98402cc1 100644 --- a/quickstart/101-front-door-standard-premium/readme.md +++ b/quickstart/101-front-door-standard-premium/readme.md @@ -1,6 +1,6 @@ # Azure Front Door Standard/Premium -This template deploys an [Azure Front Door Standard/Premium profile](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_frontdoor_profile) with classic application and network rules. +This template deploys an [Azure Front Door Standard/Premium profile](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_frontdoor_profile) with an App Service origin. ## Resources @@ -36,131 +36,263 @@ Terraform used the selected providers to generate the following execution plan. Terraform will perform the following actions: - # azurerm_firewall.fw will be created - + resource "azurerm_firewall" "fw" { - + id = (known after apply) - + location = "eastus" - + name = "testfirewall" - + resource_group_name = "test-resources" - + sku_name = (known after apply) - + sku_tier = (known after apply) - + threat_intel_mode = "Alert" + # azurerm_cdn_frontdoor_endpoint.my_endpoint will be created + + resource "azurerm_cdn_frontdoor_endpoint" "my_endpoint" { + + cdn_frontdoor_profile_id = (known after apply) + + enabled = true + + host_name = (known after apply) + + id = (known after apply) + + name = (known after apply) + } - + ip_configuration { - + name = "configuration" - + private_ip_address = (known after apply) - + public_ip_address_id = (known after apply) - + subnet_id = (known after apply) + # azurerm_cdn_frontdoor_origin.my_app_service_origin will be created + + resource "azurerm_cdn_frontdoor_origin" "my_app_service_origin" { + + cdn_frontdoor_origin_group_id = (known after apply) + + certificate_name_check_enabled = true + + enabled = true + + health_probes_enabled = (known after apply) + + host_name = (known after apply) + + http_port = 80 + + https_port = 443 + + id = (known after apply) + + name = "MyAppServiceOrigin" + + origin_host_header = (known after apply) + + priority = 1 + + weight = 1000 + } + + # azurerm_cdn_frontdoor_origin_group.my_origin_group will be created + + resource "azurerm_cdn_frontdoor_origin_group" "my_origin_group" { + + cdn_frontdoor_profile_id = (known after apply) + + id = (known after apply) + + name = "MyOriginGroup" + + restore_traffic_time_to_healed_or_new_endpoint_in_minutes = 10 + + session_affinity_enabled = true + + + health_probe { + + interval_in_seconds = 100 + + path = "/" + + protocol = "Https" + + request_type = "HEAD" + } + + + load_balancing { + + additional_latency_in_milliseconds = 50 + + sample_size = 4 + + successful_samples_required = 3 } } - # azurerm_firewall_application_rule_collection.app-rc will be created - + resource "azurerm_firewall_application_rule_collection" "app-rc" { - + action = "Allow" - + azure_firewall_name = "testfirewall" - + id = (known after apply) - + name = "apptestcollection" - + priority = 100 - + resource_group_name = "test-resources" + # azurerm_cdn_frontdoor_profile.my_front_door will be created + + resource "azurerm_cdn_frontdoor_profile" "my_front_door" { + + id = (known after apply) + + name = "MyFrontDoor" + + resource_group_name = "FrontDoor" + + resource_guid = (known after apply) + + response_timeout_seconds = 120 + + sku_name = "Standard_AzureFrontDoor" + } - + rule { - + name = "testrule" - + source_addresses = [ - + "10.0.0.0/16", - ] - + target_fqdns = [ - + "*.google.com", - ] + # azurerm_cdn_frontdoor_route.my_route will be created + + resource "azurerm_cdn_frontdoor_route" "my_route" { + + cdn_frontdoor_endpoint_id = (known after apply) + + cdn_frontdoor_origin_group_id = (known after apply) + + cdn_frontdoor_origin_ids = (known after apply) + + enabled = true + + forwarding_protocol = "HttpsOnly" + + https_redirect_enabled = true + + id = (known after apply) + + link_to_default_domain = true + + name = "MyRoute" + + patterns_to_match = [ + + "/*", + ] + + supported_protocols = [ + + "Http", + + "Https", + ] + } - + protocol { - + port = 443 - + type = "Https" + # azurerm_resource_group.my_resource_group will be created + + resource "azurerm_resource_group" "my_resource_group" { + + id = (known after apply) + + location = "westus2" + + name = "FrontDoor" + } + + # azurerm_service_plan.app_service_plan will be created + + resource "azurerm_service_plan" "app_service_plan" { + + id = (known after apply) + + kind = (known after apply) + + location = "westus2" + + maximum_elastic_worker_count = (known after apply) + + name = "AppServicePlan" + + os_type = "Windows" + + per_site_scaling_enabled = false + + reserved = (known after apply) + + resource_group_name = "FrontDoor" + + sku_name = "S1" + + worker_count = 1 + } + + # azurerm_windows_web_app.app will be created + + resource "azurerm_windows_web_app" "app" { + + client_affinity_enabled = false + + client_certificate_enabled = false + + client_certificate_mode = "Required" + + custom_domain_verification_id = (sensitive value) + + default_hostname = (known after apply) + + enabled = true + + https_only = true + + id = (known after apply) + + key_vault_reference_identity_id = (known after apply) + + kind = (known after apply) + + location = "westus2" + + name = (known after apply) + + outbound_ip_address_list = (known after apply) + + outbound_ip_addresses = (known after apply) + + possible_outbound_ip_address_list = (known after apply) + + possible_outbound_ip_addresses = (known after apply) + + resource_group_name = "FrontDoor" + + service_plan_id = (known after apply) + + site_credential = (known after apply) + + zip_deploy_file = (known after apply) + + + auth_settings { + + additional_login_parameters = (known after apply) + + allowed_external_redirect_urls = (known after apply) + + default_provider = (known after apply) + + enabled = (known after apply) + + issuer = (known after apply) + + runtime_version = (known after apply) + + token_refresh_extension_hours = (known after apply) + + token_store_enabled = (known after apply) + + unauthenticated_client_action = (known after apply) + + + active_directory { + + allowed_audiences = (known after apply) + + client_id = (known after apply) + + client_secret = (sensitive value) + + client_secret_setting_name = (known after apply) + } + + + facebook { + + app_id = (known after apply) + + app_secret = (sensitive value) + + app_secret_setting_name = (known after apply) + + oauth_scopes = (known after apply) + } + + + github { + + client_id = (known after apply) + + client_secret = (sensitive value) + + client_secret_setting_name = (known after apply) + + oauth_scopes = (known after apply) + } + + + google { + + client_id = (known after apply) + + client_secret = (sensitive value) + + client_secret_setting_name = (known after apply) + + oauth_scopes = (known after apply) + } + + + microsoft { + + client_id = (known after apply) + + client_secret = (sensitive value) + + client_secret_setting_name = (known after apply) + + oauth_scopes = (known after apply) + } + + + twitter { + + consumer_key = (known after apply) + + consumer_secret = (sensitive value) + + consumer_secret_setting_name = (known after apply) + } + } + + + site_config { + + always_on = true + + auto_heal_enabled = false + + container_registry_use_managed_identity = false + + default_documents = (known after apply) + + detailed_error_logging_enabled = (known after apply) + + ftps_state = "Disabled" + + health_check_eviction_time_in_min = (known after apply) + + http2_enabled = false + + ip_restriction = [ + + { + + action = "Allow" + + headers = [ + + { + + x_azure_fdid = (known after apply) + + x_fd_health_probe = [] + + x_forwarded_for = [] + + x_forwarded_host = [] + }, + ] + + ip_address = null + + name = "Allow traffic from Front Door" + + priority = 100 + + service_tag = "AzureFrontDoor.Backend" + + virtual_network_subnet_id = null + }, + ] + + linux_fx_version = (known after apply) + + load_balancing_mode = "LeastRequests" + + local_mysql_enabled = false + + managed_pipeline_mode = "Integrated" + + minimum_tls_version = "1.2" + + remote_debugging_enabled = false + + remote_debugging_version = (known after apply) + + scm_ip_restriction = (known after apply) + + scm_minimum_tls_version = "1.2" + + scm_type = (known after apply) + + scm_use_main_ip_restriction = false + + use_32_bit_worker = true + + vnet_route_all_enabled = false + + websockets_enabled = false + + windows_fx_version = (known after apply) + + worker_count = (known after apply) + + + application_stack { + + current_stack = (known after apply) + + docker_container_name = (known after apply) + + docker_container_registry = (known after apply) + + docker_container_tag = (known after apply) + + dotnet_version = (known after apply) + + java_container = (known after apply) + + java_container_version = (known after apply) + + java_version = (known after apply) + + node_version = (known after apply) + + php_version = (known after apply) + + python_version = (known after apply) } } } - # azurerm_firewall_network_rule_collection.net-rc will be created - + resource "azurerm_firewall_network_rule_collection" "net-rc" { - + action = "Allow" - + azure_firewall_name = "testfirewall" - + id = (known after apply) - + name = "apptestcollection" - + priority = 100 - + resource_group_name = "test-resources" - - + rule { - + destination_addresses = [ - + "8.8.4.4", - + "8.8.8.8", - ] - + destination_fqdns = [] - + destination_ip_groups = [] - + destination_ports = [ - + "53", - ] - + name = "dnsrule" - + protocols = [ - + "TCP", - + "UDP", - ] - + source_addresses = [ - + "10.0.0.0/16", - ] - + source_ip_groups = [] - } + # random_id.app_name will be created + + resource "random_id" "app_name" { + + b64_std = (known after apply) + + b64_url = (known after apply) + + byte_length = 8 + + dec = (known after apply) + + hex = (known after apply) + + id = (known after apply) } - # azurerm_public_ip.pip will be created - + resource "azurerm_public_ip" "pip" { - + allocation_method = "Static" - + availability_zone = (known after apply) - + fqdn = (known after apply) - + id = (known after apply) - + idle_timeout_in_minutes = 4 - + ip_address = (known after apply) - + ip_version = "IPv4" - + location = "eastus" - + name = "testpip" - + resource_group_name = "test-resources" - + sku = "Standard" - + zones = (known after apply) + # random_id.front_door_endpoint_name will be created + + resource "random_id" "front_door_endpoint_name" { + + b64_std = (known after apply) + + b64_url = (known after apply) + + byte_length = 8 + + dec = (known after apply) + + hex = (known after apply) + + id = (known after apply) } - # azurerm_resource_group.rg will be created - + resource "azurerm_resource_group" "rg" { - + id = (known after apply) - + location = "eastus" - + name = "test-resources" - } +Plan: 10 to add, 0 to change, 0 to destroy. - # azurerm_subnet.subnet will be created - + resource "azurerm_subnet" "subnet" { - + address_prefix = (known after apply) - + address_prefixes = [ - + "10.0.1.0/24", - ] - + enforce_private_link_endpoint_network_policies = false - + enforce_private_link_service_network_policies = false - + id = (known after apply) - + name = "AzureFirewallSubnet" - + resource_group_name = "test-resources" - + virtual_network_name = "testvnet" - } - - # azurerm_virtual_network.vnet will be created - + resource "azurerm_virtual_network" "vnet" { - + address_space = [ - + "10.0.0.0/16", - ] - + dns_servers = (known after apply) - + guid = (known after apply) - + id = (known after apply) - + location = "eastus" - + name = "testvnet" - + resource_group_name = "test-resources" - + subnet = (known after apply) - + vm_protection_enabled = false - } - -Plan: 7 to add, 0 to change, 0 to destroy. +Changes to Outputs: + + frontDoorEndpointHostName = (known after apply) ```