Skip to content
This repository has been archived by the owner on Mar 6, 2023. It is now read-only.

Latest commit

 

History

History
308 lines (258 loc) · 18.1 KB

File metadata and controls

308 lines (258 loc) · 18.1 KB

DEPRECATED - Azure App Service Web

Changelog Notice Apache V2 License TF Registry

⚠ This module is deprecated, please use app-service module

This Terraform module creates an Azure App Service Web associated with an Application Insights component and activated Diagnostics Logs.

Limitations

  • Diagnostics logs only works fine for Windows for now.
  • Untested with App Service slots.
  • Using a single certificate file on multiple domains with the custom_domains variable is not supported. Use a Key Vault certificate instead.

Global versioning rule for Claranet Azure modules

Module version Terraform version AzureRM version
>= 6.x.x 1.x >= 3.0
>= 5.x.x 0.15.x >= 2.0
>= 4.x.x 0.13.x / 0.14.x >= 2.0
>= 3.x.x 0.12.x >= 2.0
>= 2.x.x 0.12.x < 2.0
< 2.x.x 0.11.x < 2.0

Usage

This module is optimized to work with the Claranet terraform-wrapper tool which set some terraform variables in the environment needed by this module. More details about variables set by the terraform-wrapper available in the documentation.

module "azure_region" {
  source  = "claranet/regions/azurerm"
  version = "x.x.x"

  azure_region = var.azure_region
}

module "rg" {
  source  = "claranet/rg/azurerm"
  version = "x.x.x"

  location    = module.azure_region.location
  client_name = var.client_name
  environment = var.environment
  stack       = var.stack
}

module "run_common" {
  source  = "claranet/run-common/azurerm"
  version = "x.x.x"

  client_name    = var.client_name
  location       = module.azure_region.location
  location_short = module.azure_region.location_short
  environment    = var.environment
  stack          = var.stack

  resource_group_name = module.rg.resource_group_name

  tenant_id = var.azure_tenant_id

  monitoring_function_splunk_token = null
}

resource "azurerm_storage_account" "assets_storage" {
  account_replication_type = "LRS"
  account_tier             = "Standard"
  location                 = module.azure_region.location
  name                     = "appserviceassets"
  resource_group_name      = module.rg.resource_group_name
}

resource "azurerm_storage_share" "assets_share" {
  name                 = "assets"
  storage_account_name = azurerm_storage_account.assets_storage.name
  quota                = 50
}

module "app_service_plan" {
  source  = "claranet/app-service-plan/azurerm"
  version = "x.x.x"

  client_name         = var.client_name
  environment         = var.environment
  location            = module.azure_region.location
  location_short      = module.azure_region.location_short
  resource_group_name = module.rg.resource_group_name
  stack               = var.stack

  logs_destinations_ids = [
    module.run_common.logs_storage_account_id,
    module.run_common.log_analytics_workspace_id
  ]

  sku = {
    tier = "Standard"
    size = "S1"
  }

  kind = "Linux"
}

module "app_service" {
  source  = "claranet/app-service-web/azurerm"
  version = "x.x.x"

  client_name         = var.client_name
  environment         = var.environment
  location            = module.azure_region.location
  location_short      = module.azure_region.location_short
  resource_group_name = module.rg.resource_group_name
  stack               = var.stack

  app_service_plan_id = module.app_service_plan.app_service_plan_id

  app_settings = {
    DOCKER_REGISTRY_SERVER_URL = "https://myacr.azurecr.io"
    FOO                        = "bar"
  }

  site_config = {
    linux_fx_version = "DOCKER|myacr.azurecr.io/myrepository/image:tag"
    http2_enabled    = true

    # The "AcrPull" role must be assigned to the managed identity in the target Azure Container Registry
    acr_use_managed_identity_credentials = true
  }

  auth_settings = {
    enabled             = true
    token_store_enabled = true

    active_directory = {
      client_id         = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
      client_secret     = "xxxxxxxxxxxxxxxxxxxxx"
      allowed_audiences = ["https://www.example.com"]
    }
  }

  custom_domains = {
    # Custom domain with SSL certificate file
    "example.com" = {
      certificate_file     = "./example.com.pfx"
      certificate_password = "xxxxxxxxx"
    }
    # Custom domain with SSL certificate stored in a keyvault
    "example.com" = {
      certificate_keyvault_id = var.certificate_keyvault_id
    }
    # Custom domain without SSL certificate
    "example2.com" = null
  }

  authorized_ips = ["1.2.3.4/32", "4.3.2.1/32"]

  ip_restriction_headers = {
    x_forwarded_host = ["myhost1.fr", "myhost2.fr"]
  }
  scm_ip_restriction_headers = {
    x_forwarded_host = ["myhost1.fr", "myhost2.fr"]
  }

  staging_slot_custom_app_settings = {
    John = "Doe"
  }

  extra_tags = {
    foo = "bar"
  }

  mount_points = [
    {
      account_name = azurerm_storage_account.assets_storage.name
      share_name   = azurerm_storage_share.assets_share.name
      access_key   = azurerm_storage_account.assets_storage.primary_access_key
      mount_path   = "/var/www/html/assets"
    }
  ]

  logs_destinations_ids = [
    module.run_common.logs_storage_account_id,
    module.run_common.log_analytics_workspace_id
  ]
}

Providers

Name Version
azurecaf ~> 1.1
azurerm >= 2.71

Modules

Name Source Version
backup_sas_token claranet/storage-sas-token/azurerm 2.0.0
diagnostics claranet/diagnostic-settings/azurerm 5.0.0

Resources

Name Type
azurecaf_name.app_service_web resource
azurecaf_name.application_insights resource
azurerm_app_service.app_service resource
azurerm_app_service_certificate.app_service_certificate resource
azurerm_app_service_custom_hostname_binding.app_service_custom_hostname_binding resource
azurerm_app_service_slot.app_service_slot resource
azurerm_app_service_slot_virtual_network_swift_connection.app_service_slot_vnet_integration resource
azurerm_app_service_virtual_network_swift_connection.app_service_vnet_integration resource
azurerm_application_insights.app_insights resource
azurerm_application_insights.app_insights data source
azurerm_client_config.main data source
azurerm_subscription.current_subscription data source

Inputs

Name Description Type Default Required
app_service_custom_name Name of the App Service, generated if not set. string "" no
app_service_plan_id Id of the App Service Plan that hosts the App Service string n/a yes
app_service_vnet_integration_subnet_id Id of the subnet to associate with the app service string null no
app_settings Application settings for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#app_settings map(string) {} no
application_insights_custom_name Name of the Application Insights, generated if not set. string "" no
application_insights_enabled Use Application Insights for this App Service bool true no
application_insights_id ID of the existing Application Insights to use instead of deploying a new one. string null no
application_insights_sampling_percentage Specifies the percentage of sampled datas for Application Insights. Documentation here number null no
application_insights_type Application type for Application Insights resource string "web" no
auth_settings Authentication settings. Issuer URL is generated thanks to the tenant ID. For active_directory block, the allowed_audiences list is filled with a value generated with the name of the App Service. See https://www.terraform.io/docs/providers/azurerm/r/app_service.html#auth_settings any {} no
authorized_ips IPs restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#ip_restriction list(string) [] no
authorized_service_tags Service Tags restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#ip_restriction list(string) [] no
authorized_subnet_ids Subnets restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#ip_restriction list(string) [] no
backup_custom_name Custom name for backup string null no
backup_frequency_interval Frequency interval for the App Service backup. number 1 no
backup_frequency_unit Frequency unit for the App Service backup. Possible values are Day or Hour. string "Day" no
backup_retention_period_in_days Retention in days for the App Service backup. number 30 no
backup_storage_account_container Name of the container in the Storage Account if App Service backup is enabled string "webapps" no
backup_storage_account_name Storage account name to use if App Service backup is enabled. string null no
backup_storage_account_rg Storage account resource group to use if App Service backup is enabled. string null no
client_affinity_enabled Client affinity activation for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#client_affinity_enabled string "false" no
client_cert_enabled Client certificate activation for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#client_cert_enabled string "false" no
client_name Client name/account used in naming string n/a yes
connection_strings Connection strings for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#connection_string list(map(string)) [] no
custom_diagnostic_settings_name Custom name of the diagnostics settings, name will be 'default' if not set. string "default" no
custom_domains Custom domains and SSL certificates of the App Service. Could declare a custom domain with SSL binding. SSL certificate could be provided from an Azure Keyvault Certificate Secret or from a file. map(map(string)) null no
default_tags_enabled Option to enable or disable default tags. bool true no
enable_backup true to enable App Service backup bool false no
environment Project environment string n/a yes
extra_tags Extra tags to add. map(string) {} no
https_only HTTPS restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#https_only string "false" no
ip_restriction_headers IPs restriction headers for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#headers map(list(string)) null no
location Azure location. string n/a yes
location_short Short string for Azure location. string n/a yes
logs_categories Log categories to send to destinations. list(string) null no
logs_destinations_ids List of destination resources Ids for logs diagnostics destination. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set. Empty list to disable logging. list(string) n/a yes
logs_metrics_categories Metrics categories to send to destinations. list(string) null no
logs_retention_days Number of days to keep logs on storage account number 30 no
mount_points Storage Account mount points. Name is generated if not set and default type is AzureFiles. See https://www.terraform.io/docs/providers/azurerm/r/app_service.html#storage_account list(map(string)) [] no
name_prefix Optional prefix for the generated name string "" no
name_suffix Optional suffix for the generated name string "" no
resource_group_name Resource group name string n/a yes
scm_authorized_ips SCM IPs restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#scm_ip_restriction list(string) [] no
scm_authorized_service_tags SCM Service Tags restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#scm_ip_restriction list(string) [] no
scm_authorized_subnet_ids SCM subnets restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#scm_ip_restriction list(string) [] no
scm_ip_restriction_headers IPs restriction headers for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#headers map(list(string)) null no
site_config Site config for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#site_config. IP restriction attribute is no more managed in this block. any {} no
stack Project stack name string n/a yes
staging_slot_custom_app_settings Override staging slot with custom app settings map(string) null no
staging_slot_custom_name Custom name of the app service slot string null no
staging_slot_enabled Create a staging slot alongside the app service for blue/green deployment purposes. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_slot bool true no
use_caf_naming Use the Azure CAF naming provider to generate default resource name. custom_name override this if set. Legacy default name is used if this is set to false. bool true no

Outputs

Name Description
app_insights_app_id Deprecated, use application_insights_app_id
app_insights_application_type Deprecated, use application_insights_application_type
app_insights_id Deprecated, use application_insights_id
app_insights_instrumentation_key Deprecated, use application_insights_instrumentation_key
app_insights_name Deprecated, use application_insights_name
app_service_default_site_hostname The Default Hostname associated with the App Service
app_service_id Id of the App Service
app_service_identity_service_principal_id Id of the Service principal identity of the App Service
app_service_name Name of the App Service
app_service_outbound_ip_addresses Outbound IP adresses of the App Service
app_service_plan_id Id of the App Service Plan
app_service_possible_outbound_ip_addresses Possible outbound IP adresses of the App Service
app_service_site_credential Site credential block of the App Service
app_service_slot_identity_service_principal_id Id of the Service principal identity of the App Service slot
app_service_slot_name Name of the App Service slot
app_service_source_control Source Control information block of the App Service
application_insights_app_id App id of the Application Insights associated to the App Service
application_insights_application_type Application Type of the Application Insights associated to the App Service
application_insights_id Id of the Application Insights associated to the App Service
application_insights_instrumentation_key Instrumentation key of the Application Insights associated to the App Service
application_insights_name Name of the Application Insights associated to the App Service

Related documentation

Microsoft Azure documentation: docs.microsoft.com/en-us/azure/app-service/overview