âš This module is deprecated, please use app-service module |
---|
This Terraform module creates an Azure App Service Web associated with an Application Insights component and activated Diagnostics Logs.
- Diagnostics logs only works fine for Windows for now.
- Untested with App Service slots.
- Using a single certificate file on multiple domains with the
custom_domains
variable is not supported. Use a Key Vault certificate instead.
Module version | Terraform version | AzureRM version |
---|---|---|
>= 6.x.x | 1.x | >= 3.0 |
>= 5.x.x | 0.15.x | >= 2.0 |
>= 4.x.x | 0.13.x / 0.14.x | >= 2.0 |
>= 3.x.x | 0.12.x | >= 2.0 |
>= 2.x.x | 0.12.x | < 2.0 |
< 2.x.x | 0.11.x | < 2.0 |
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper
available in the documentation.
module "azure_region" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
location = module.azure_region.location
client_name = var.client_name
environment = var.environment
stack = var.stack
}
module "run_common" {
source = "claranet/run-common/azurerm"
version = "x.x.x"
client_name = var.client_name
location = module.azure_region.location
location_short = module.azure_region.location_short
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
tenant_id = var.azure_tenant_id
monitoring_function_splunk_token = null
}
resource "azurerm_storage_account" "assets_storage" {
account_replication_type = "LRS"
account_tier = "Standard"
location = module.azure_region.location
name = "appserviceassets"
resource_group_name = module.rg.resource_group_name
}
resource "azurerm_storage_share" "assets_share" {
name = "assets"
storage_account_name = azurerm_storage_account.assets_storage.name
quota = 50
}
module "app_service_plan" {
source = "claranet/app-service-plan/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
stack = var.stack
logs_destinations_ids = [
module.run_common.logs_storage_account_id,
module.run_common.log_analytics_workspace_id
]
sku = {
tier = "Standard"
size = "S1"
}
kind = "Linux"
}
module "app_service" {
source = "claranet/app-service-web/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
stack = var.stack
app_service_plan_id = module.app_service_plan.app_service_plan_id
app_settings = {
DOCKER_REGISTRY_SERVER_URL = "https://myacr.azurecr.io"
FOO = "bar"
}
site_config = {
linux_fx_version = "DOCKER|myacr.azurecr.io/myrepository/image:tag"
http2_enabled = true
# The "AcrPull" role must be assigned to the managed identity in the target Azure Container Registry
acr_use_managed_identity_credentials = true
}
auth_settings = {
enabled = true
token_store_enabled = true
active_directory = {
client_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
client_secret = "xxxxxxxxxxxxxxxxxxxxx"
allowed_audiences = ["https://www.example.com"]
}
}
custom_domains = {
# Custom domain with SSL certificate file
"example.com" = {
certificate_file = "./example.com.pfx"
certificate_password = "xxxxxxxxx"
}
# Custom domain with SSL certificate stored in a keyvault
"example.com" = {
certificate_keyvault_id = var.certificate_keyvault_id
}
# Custom domain without SSL certificate
"example2.com" = null
}
authorized_ips = ["1.2.3.4/32", "4.3.2.1/32"]
ip_restriction_headers = {
x_forwarded_host = ["myhost1.fr", "myhost2.fr"]
}
scm_ip_restriction_headers = {
x_forwarded_host = ["myhost1.fr", "myhost2.fr"]
}
staging_slot_custom_app_settings = {
John = "Doe"
}
extra_tags = {
foo = "bar"
}
mount_points = [
{
account_name = azurerm_storage_account.assets_storage.name
share_name = azurerm_storage_share.assets_share.name
access_key = azurerm_storage_account.assets_storage.primary_access_key
mount_path = "/var/www/html/assets"
}
]
logs_destinations_ids = [
module.run_common.logs_storage_account_id,
module.run_common.log_analytics_workspace_id
]
}
Name | Version |
---|---|
azurecaf | ~> 1.1 |
azurerm | >= 2.71 |
Name | Source | Version |
---|---|---|
backup_sas_token | claranet/storage-sas-token/azurerm | 2.0.0 |
diagnostics | claranet/diagnostic-settings/azurerm | 5.0.0 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
app_service_custom_name | Name of the App Service, generated if not set. | string |
"" |
no |
app_service_plan_id | Id of the App Service Plan that hosts the App Service | string |
n/a | yes |
app_service_vnet_integration_subnet_id | Id of the subnet to associate with the app service | string |
null |
no |
app_settings | Application settings for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#app_settings | map(string) |
{} |
no |
application_insights_custom_name | Name of the Application Insights, generated if not set. | string |
"" |
no |
application_insights_enabled | Use Application Insights for this App Service | bool |
true |
no |
application_insights_id | ID of the existing Application Insights to use instead of deploying a new one. | string |
null |
no |
application_insights_sampling_percentage | Specifies the percentage of sampled datas for Application Insights. Documentation here | number |
null |
no |
application_insights_type | Application type for Application Insights resource | string |
"web" |
no |
auth_settings | Authentication settings. Issuer URL is generated thanks to the tenant ID. For active_directory block, the allowed_audiences list is filled with a value generated with the name of the App Service. See https://www.terraform.io/docs/providers/azurerm/r/app_service.html#auth_settings | any |
{} |
no |
authorized_ips | IPs restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#ip_restriction | list(string) |
[] |
no |
authorized_service_tags | Service Tags restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#ip_restriction | list(string) |
[] |
no |
authorized_subnet_ids | Subnets restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#ip_restriction | list(string) |
[] |
no |
backup_custom_name | Custom name for backup | string |
null |
no |
backup_frequency_interval | Frequency interval for the App Service backup. | number |
1 |
no |
backup_frequency_unit | Frequency unit for the App Service backup. Possible values are Day or Hour. | string |
"Day" |
no |
backup_retention_period_in_days | Retention in days for the App Service backup. | number |
30 |
no |
backup_storage_account_container | Name of the container in the Storage Account if App Service backup is enabled | string |
"webapps" |
no |
backup_storage_account_name | Storage account name to use if App Service backup is enabled. | string |
null |
no |
backup_storage_account_rg | Storage account resource group to use if App Service backup is enabled. | string |
null |
no |
client_affinity_enabled | Client affinity activation for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#client_affinity_enabled | string |
"false" |
no |
client_cert_enabled | Client certificate activation for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#client_cert_enabled | string |
"false" |
no |
client_name | Client name/account used in naming | string |
n/a | yes |
connection_strings | Connection strings for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#connection_string | list(map(string)) |
[] |
no |
custom_diagnostic_settings_name | Custom name of the diagnostics settings, name will be 'default' if not set. | string |
"default" |
no |
custom_domains | Custom domains and SSL certificates of the App Service. Could declare a custom domain with SSL binding. SSL certificate could be provided from an Azure Keyvault Certificate Secret or from a file. | map(map(string)) |
null |
no |
default_tags_enabled | Option to enable or disable default tags. | bool |
true |
no |
enable_backup | true to enable App Service backup |
bool |
false |
no |
environment | Project environment | string |
n/a | yes |
extra_tags | Extra tags to add. | map(string) |
{} |
no |
https_only | HTTPS restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#https_only | string |
"false" |
no |
ip_restriction_headers | IPs restriction headers for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#headers | map(list(string)) |
null |
no |
location | Azure location. | string |
n/a | yes |
location_short | Short string for Azure location. | string |
n/a | yes |
logs_categories | Log categories to send to destinations. | list(string) |
null |
no |
logs_destinations_ids | List of destination resources Ids for logs diagnostics destination. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set. Empty list to disable logging. | list(string) |
n/a | yes |
logs_metrics_categories | Metrics categories to send to destinations. | list(string) |
null |
no |
logs_retention_days | Number of days to keep logs on storage account | number |
30 |
no |
mount_points | Storage Account mount points. Name is generated if not set and default type is AzureFiles. See https://www.terraform.io/docs/providers/azurerm/r/app_service.html#storage_account | list(map(string)) |
[] |
no |
name_prefix | Optional prefix for the generated name | string |
"" |
no |
name_suffix | Optional suffix for the generated name | string |
"" |
no |
resource_group_name | Resource group name | string |
n/a | yes |
scm_authorized_ips | SCM IPs restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#scm_ip_restriction | list(string) |
[] |
no |
scm_authorized_service_tags | SCM Service Tags restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#scm_ip_restriction | list(string) |
[] |
no |
scm_authorized_subnet_ids | SCM subnets restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#scm_ip_restriction | list(string) |
[] |
no |
scm_ip_restriction_headers | IPs restriction headers for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#headers | map(list(string)) |
null |
no |
site_config | Site config for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#site_config. IP restriction attribute is no more managed in this block. | any |
{} |
no |
stack | Project stack name | string |
n/a | yes |
staging_slot_custom_app_settings | Override staging slot with custom app settings | map(string) |
null |
no |
staging_slot_custom_name | Custom name of the app service slot | string |
null |
no |
staging_slot_enabled | Create a staging slot alongside the app service for blue/green deployment purposes. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_slot | bool |
true |
no |
use_caf_naming | Use the Azure CAF naming provider to generate default resource name. custom_name override this if set. Legacy default name is used if this is set to false . |
bool |
true |
no |
Name | Description |
---|---|
app_insights_app_id | Deprecated, use application_insights_app_id |
app_insights_application_type | Deprecated, use application_insights_application_type |
app_insights_id | Deprecated, use application_insights_id |
app_insights_instrumentation_key | Deprecated, use application_insights_instrumentation_key |
app_insights_name | Deprecated, use application_insights_name |
app_service_default_site_hostname | The Default Hostname associated with the App Service |
app_service_id | Id of the App Service |
app_service_identity_service_principal_id | Id of the Service principal identity of the App Service |
app_service_name | Name of the App Service |
app_service_outbound_ip_addresses | Outbound IP adresses of the App Service |
app_service_plan_id | Id of the App Service Plan |
app_service_possible_outbound_ip_addresses | Possible outbound IP adresses of the App Service |
app_service_site_credential | Site credential block of the App Service |
app_service_slot_identity_service_principal_id | Id of the Service principal identity of the App Service slot |
app_service_slot_name | Name of the App Service slot |
app_service_source_control | Source Control information block of the App Service |
application_insights_app_id | App id of the Application Insights associated to the App Service |
application_insights_application_type | Application Type of the Application Insights associated to the App Service |
application_insights_id | Id of the Application Insights associated to the App Service |
application_insights_instrumentation_key | Instrumentation key of the Application Insights associated to the App Service |
application_insights_name | Name of the Application Insights associated to the App Service |
Microsoft Azure documentation: docs.microsoft.com/en-us/azure/app-service/overview