Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update readme

Browse Source
This commit is contained in:
John Downs 2022-10-25 10:23:04 +13:00
parent 3226d364a8
commit 20eba75a88
1 changed files with 245 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

358
quickstart/101-front-door-standard-premium/readme.md
View File

@ -1,6 +1,6 @@
# Azure Front Door Standard/Premium # Azure Front Door Standard/Premium
This template deploys an [Azure Front Door Standard/Premium profile](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_frontdoor_profile) with classic application and network rules. This template deploys an [Azure Front Door Standard/Premium profile](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_frontdoor_profile) with an App Service origin.
## Resources ## Resources
@ -36,131 +36,263 @@ Terraform used the selected providers to generate the following execution plan.
Terraform will perform the following actions: Terraform will perform the following actions:
# azurerm_firewall.fw will be created # azurerm_cdn_frontdoor_endpoint.my_endpoint will be created
+ resource "azurerm_firewall" "fw" { + resource "azurerm_cdn_frontdoor_endpoint" "my_endpoint" {
+ id = (known after apply) + cdn_frontdoor_profile_id = (known after apply)
+ location = "eastus" + enabled = true
+ name = "testfirewall" + host_name = (known after apply)
+ resource_group_name = "test-resources" + id = (known after apply)
+ sku_name = (known after apply) + name = (known after apply)
+ sku_tier = (known after apply) }
+ threat_intel_mode = "Alert"
+ ip_configuration { # azurerm_cdn_frontdoor_origin.my_app_service_origin will be created
+ name = "configuration" + resource "azurerm_cdn_frontdoor_origin" "my_app_service_origin" {
+ private_ip_address = (known after apply) + cdn_frontdoor_origin_group_id = (known after apply)
+ public_ip_address_id = (known after apply) + certificate_name_check_enabled = true
+ subnet_id = (known after apply) + enabled = true
+ health_probes_enabled = (known after apply)
+ host_name = (known after apply)
+ http_port = 80
+ https_port = 443
+ id = (known after apply)
+ name = "MyAppServiceOrigin"
+ origin_host_header = (known after apply)
+ priority = 1
+ weight = 1000
}
# azurerm_cdn_frontdoor_origin_group.my_origin_group will be created
+ resource "azurerm_cdn_frontdoor_origin_group" "my_origin_group" {
+ cdn_frontdoor_profile_id = (known after apply)
+ id = (known after apply)
+ name = "MyOriginGroup"
+ restore_traffic_time_to_healed_or_new_endpoint_in_minutes = 10
+ session_affinity_enabled = true
+ health_probe {
+ interval_in_seconds = 100
+ path = "/"
+ protocol = "Https"
+ request_type = "HEAD"
}
+ load_balancing {
+ additional_latency_in_milliseconds = 50
+ sample_size = 4
+ successful_samples_required = 3
} }
} }
# azurerm_firewall_application_rule_collection.app-rc will be created # azurerm_cdn_frontdoor_profile.my_front_door will be created
+ resource "azurerm_firewall_application_rule_collection" "app-rc" { + resource "azurerm_cdn_frontdoor_profile" "my_front_door" {
+ action = "Allow" + id = (known after apply)
+ azure_firewall_name = "testfirewall" + name = "MyFrontDoor"
+ id = (known after apply) + resource_group_name = "FrontDoor"
+ name = "apptestcollection" + resource_guid = (known after apply)
+ priority = 100 + response_timeout_seconds = 120
+ resource_group_name = "test-resources" + sku_name = "Standard_AzureFrontDoor"
}
+ rule { # azurerm_cdn_frontdoor_route.my_route will be created
+ name = "testrule" + resource "azurerm_cdn_frontdoor_route" "my_route" {
+ source_addresses = [ + cdn_frontdoor_endpoint_id = (known after apply)
+ "10.0.0.0/16", + cdn_frontdoor_origin_group_id = (known after apply)
] + cdn_frontdoor_origin_ids = (known after apply)
+ target_fqdns = [ + enabled = true
+ "*.google.com", + forwarding_protocol = "HttpsOnly"
] + https_redirect_enabled = true
+ id = (known after apply)
+ link_to_default_domain = true
+ name = "MyRoute"
+ patterns_to_match = [
+ "/*",
]
+ supported_protocols = [
+ "Http",
+ "Https",
]
}
+ protocol { # azurerm_resource_group.my_resource_group will be created
+ port = 443 + resource "azurerm_resource_group" "my_resource_group" {
+ type = "Https" + id = (known after apply)
+ location = "westus2"
+ name = "FrontDoor"
}
# azurerm_service_plan.app_service_plan will be created
+ resource "azurerm_service_plan" "app_service_plan" {
+ id = (known after apply)
+ kind = (known after apply)
+ location = "westus2"
+ maximum_elastic_worker_count = (known after apply)
+ name = "AppServicePlan"
+ os_type = "Windows"
+ per_site_scaling_enabled = false
+ reserved = (known after apply)
+ resource_group_name = "FrontDoor"
+ sku_name = "S1"
+ worker_count = 1
}
# azurerm_windows_web_app.app will be created
+ resource "azurerm_windows_web_app" "app" {
+ client_affinity_enabled = false
+ client_certificate_enabled = false
+ client_certificate_mode = "Required"
+ custom_domain_verification_id = (sensitive value)
+ default_hostname = (known after apply)
+ enabled = true
+ https_only = true
+ id = (known after apply)
+ key_vault_reference_identity_id = (known after apply)
+ kind = (known after apply)
+ location = "westus2"
+ name = (known after apply)
+ outbound_ip_address_list = (known after apply)
+ outbound_ip_addresses = (known after apply)
+ possible_outbound_ip_address_list = (known after apply)
+ possible_outbound_ip_addresses = (known after apply)
+ resource_group_name = "FrontDoor"
+ service_plan_id = (known after apply)
+ site_credential = (known after apply)
+ zip_deploy_file = (known after apply)
+ auth_settings {
+ additional_login_parameters = (known after apply)
+ allowed_external_redirect_urls = (known after apply)
+ default_provider = (known after apply)
+ enabled = (known after apply)
+ issuer = (known after apply)
+ runtime_version = (known after apply)
+ token_refresh_extension_hours = (known after apply)
+ token_store_enabled = (known after apply)
+ unauthenticated_client_action = (known after apply)
+ active_directory {
+ allowed_audiences = (known after apply)
+ client_id = (known after apply)
+ client_secret = (sensitive value)
+ client_secret_setting_name = (known after apply)
}
+ facebook {
+ app_id = (known after apply)
+ app_secret = (sensitive value)
+ app_secret_setting_name = (known after apply)
+ oauth_scopes = (known after apply)
}
+ github {
+ client_id = (known after apply)
+ client_secret = (sensitive value)
+ client_secret_setting_name = (known after apply)
+ oauth_scopes = (known after apply)
}
+ google {
+ client_id = (known after apply)
+ client_secret = (sensitive value)
+ client_secret_setting_name = (known after apply)
+ oauth_scopes = (known after apply)
}
+ microsoft {
+ client_id = (known after apply)
+ client_secret = (sensitive value)
+ client_secret_setting_name = (known after apply)
+ oauth_scopes = (known after apply)
}
+ twitter {
+ consumer_key = (known after apply)
+ consumer_secret = (sensitive value)
+ consumer_secret_setting_name = (known after apply)
}
}
+ site_config {
+ always_on = true
+ auto_heal_enabled = false
+ container_registry_use_managed_identity = false
+ default_documents = (known after apply)
+ detailed_error_logging_enabled = (known after apply)
+ ftps_state = "Disabled"
+ health_check_eviction_time_in_min = (known after apply)
+ http2_enabled = false
+ ip_restriction = [
+ {
+ action = "Allow"
+ headers = [
+ {
+ x_azure_fdid = (known after apply)
+ x_fd_health_probe = []
+ x_forwarded_for = []
+ x_forwarded_host = []
},
]
+ ip_address = null
+ name = "Allow traffic from Front Door"
+ priority = 100
+ service_tag = "AzureFrontDoor.Backend"
+ virtual_network_subnet_id = null
},
]
+ linux_fx_version = (known after apply)
+ load_balancing_mode = "LeastRequests"
+ local_mysql_enabled = false
+ managed_pipeline_mode = "Integrated"
+ minimum_tls_version = "1.2"
+ remote_debugging_enabled = false
+ remote_debugging_version = (known after apply)
+ scm_ip_restriction = (known after apply)
+ scm_minimum_tls_version = "1.2"
+ scm_type = (known after apply)
+ scm_use_main_ip_restriction = false
+ use_32_bit_worker = true
+ vnet_route_all_enabled = false
+ websockets_enabled = false
+ windows_fx_version = (known after apply)
+ worker_count = (known after apply)
+ application_stack {
+ current_stack = (known after apply)
+ docker_container_name = (known after apply)
+ docker_container_registry = (known after apply)
+ docker_container_tag = (known after apply)
+ dotnet_version = (known after apply)
+ java_container = (known after apply)
+ java_container_version = (known after apply)
+ java_version = (known after apply)
+ node_version = (known after apply)
+ php_version = (known after apply)
+ python_version = (known after apply)
} }
} }
} }
# azurerm_firewall_network_rule_collection.net-rc will be created # random_id.app_name will be created
+ resource "azurerm_firewall_network_rule_collection" "net-rc" { + resource "random_id" "app_name" {
+ action = "Allow" + b64_std = (known after apply)
+ azure_firewall_name = "testfirewall" + b64_url = (known after apply)
+ id = (known after apply) + byte_length = 8
+ name = "apptestcollection" + dec = (known after apply)
+ priority = 100 + hex = (known after apply)
+ resource_group_name = "test-resources" + id = (known after apply)
+ rule {
+ destination_addresses = [
+ "8.8.4.4",
+ "8.8.8.8",
]
+ destination_fqdns = []
+ destination_ip_groups = []
+ destination_ports = [
+ "53",
]
+ name = "dnsrule"
+ protocols = [
+ "TCP",
+ "UDP",
]
+ source_addresses = [
+ "10.0.0.0/16",
]
+ source_ip_groups = []
}
} }
# azurerm_public_ip.pip will be created # random_id.front_door_endpoint_name will be created
+ resource "azurerm_public_ip" "pip" { + resource "random_id" "front_door_endpoint_name" {
+ allocation_method = "Static" + b64_std = (known after apply)
+ availability_zone = (known after apply) + b64_url = (known after apply)
+ fqdn = (known after apply) + byte_length = 8
+ id = (known after apply) + dec = (known after apply)
+ idle_timeout_in_minutes = 4 + hex = (known after apply)
+ ip_address = (known after apply) + id = (known after apply)
+ ip_version = "IPv4"
+ location = "eastus"
+ name = "testpip"
+ resource_group_name = "test-resources"
+ sku = "Standard"
+ zones = (known after apply)
} }
# azurerm_resource_group.rg will be created Plan: 10 to add, 0 to change, 0 to destroy.
+ resource "azurerm_resource_group" "rg" {
+ id = (known after apply)
+ location = "eastus"
+ name = "test-resources"
}
# azurerm_subnet.subnet will be created Changes to Outputs:
+ resource "azurerm_subnet" "subnet" { + frontDoorEndpointHostName = (known after apply)
+ address_prefix = (known after apply)
+ address_prefixes = [
+ "10.0.1.0/24",
]
+ enforce_private_link_endpoint_network_policies = false
+ enforce_private_link_service_network_policies = false
+ id = (known after apply)
+ name = "AzureFirewallSubnet"
+ resource_group_name = "test-resources"
+ virtual_network_name = "testvnet"
}
# azurerm_virtual_network.vnet will be created
+ resource "azurerm_virtual_network" "vnet" {
+ address_space = [
+ "10.0.0.0/16",
]
+ dns_servers = (known after apply)
+ guid = (known after apply)
+ id = (known after apply)
+ location = "eastus"
+ name = "testvnet"
+ resource_group_name = "test-resources"
+ subnet = (known after apply)
+ vm_protection_enabled = false
}
Plan: 7 to add, 0 to change, 0 to destroy.
``` ```