This Terraform module creates an Azure App Service Web associated with an Application Insights component and activated Diagnostics Logs.
- Diagnostics logs only works fine for Windows for now.
- Untested with App Service slots.
- Using a single certificate file on multiple domains with the
custom_domainsvariable is not supported. Use a Key Vault certificate instead.
| Module version | Terraform version | AzureRM version |
|---|---|---|
| >= 4.x.x | 0.13.x | >= 2.0 |
| >= 3.x.x | 0.12.x | >= 2.0 |
| >= 2.x.x | 0.12.x | < 2.0 |
| < 2.x.x | 0.11.x | < 2.0 |
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper available in the documentation.
module "azure-region" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
location = module.azure-region.location
client_name = var.client_name
environment = var.environment
stack = var.stack
}
module "run-common" {
source = "claranet/run-common/azurerm"
version = "x.x.x"
client_name = var.client_name
location = module.azure-region.location
location_short = module.azure-region.location_short
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
tenant_id = var.azure_tenant_id
}
resource "azurerm_storage_account" "assets_storage" {
account_replication_type = "LRS"
account_tier = "Standard"
location = module.azure-region.location
name = "appserviceassets"
resource_group_name = module.rg.resource_group_name
}
resource "azurerm_storage_share" "assets_share" {
name = "assets"
storage_account_name = azurerm_storage_account.assets_storage.name
quota = 50
}
module "app_service_plan" {
source = "claranet/app-service-plan/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
location = module.azure-region.location
location_short = module.azure-region.location_short
resource_group_name = module.rg.resource_group_name
stack = var.stack
sku = {
tier = "Standard"
size = "S1"
}
kind = "Linux"
}
module "app_service" {
source = "claranet/app-service-web/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
location = module.azure-region.location
location_short = module.azure-region.location_short
resource_group_name = module.rg.resource_group_name
stack = var.stack
app_service_plan_id = module.app_service_plan.app_service_plan_id
app_settings = {
foo = "bar"
}
auth_settings = {
enabled = true
token_store_enabled = true
active_directory = {
client_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
client_secret = "xxxxxxxxxxxxxxxxxxxxx"
allowed_audiences = ["https://www.example.com"]
}
}
custom_domains = {
# Custom domain with SSL certificate file
"example.com" = {
certificate_file = "./example.com.pfx"
certificate_password = "xxxxxxxxx"
}
# Custom domain with SSL certificate stored in a keyvault
"example.com" = {
certificate_keyvault_id = data.azurerm_key_vault_secret.my_keyvault.id
}
# Custom domain without SSL certificate
"example2.com" = null
}
extra_tags = {
foo = "bar"
}
mount_points = [
{
account_name = azurerm_storage_account.assets_storage.name
share_name = azurerm_storage_share.assets_share.name
access_key = azurerm_storage_account.assets_storage.primary_access_key
mount_path = "/var/www/html/assets"
}
]
logs_destinations_ids = [
data.terraform_remote_state.run.outputs.logs_storage_account_id,
data.terraform_remote_state.run.outputs.log_analytics_workspace_id
]
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| app_insights_custom_name | Deprecated, use application_insights_custom_name |
string |
"" |
no |
| app_service_custom_name | Name of the App Service, generated if not set. | string |
"" |
no |
| app_service_plan_id | Id of the App Service Plan that hosts the App Service | string |
n/a | yes |
| app_service_vnet_integration_subnet_id | Id of the subnet to associate with the app service | string |
null |
no |
| app_settings | Application settings for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#app_settings | map(string) |
{} |
no |
| application_insights_custom_name | Name of the Application Insights, generated if not set. | string |
"" |
no |
| application_insights_enabled | Use Application Insights for this App Service | bool |
true |
no |
| application_insights_id | ID of the existing Application Insights to use instead of deploying a new one. | string |
null |
no |
| application_insights_type | Application type for Application Insights resource | string |
"web" |
no |
| auth_settings | Authentication settings. Issuer URL is generated thanks to the tenant ID. For active_directory block, the allowed_audiences list is filled with a value generated with the name of the App Service. See https://www.terraform.io/docs/providers/azurerm/r/app_service.html#auth_settings | any |
{} |
no |
| authorized_ips | IPs restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#ip_restriction | list(string) |
[] |
no |
| authorized_service_tags | Service Tags restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#ip_restriction | list(string) |
[] |
no |
| authorized_subnet_ids | Subnets restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#ip_restriction | list(string) |
[] |
no |
| backup_custom_name | Custom name for backup | string |
null |
no |
| backup_frequency_interval | Frequency interval for the App Service backup. | number |
1 |
no |
| backup_frequency_unit | Frequency unit for the App Service backup. Possible values are Day or Hour. | string |
"Day" |
no |
| backup_retention_period_in_days | Retention in days for backup | number |
30 | no |
| backup_storage_account_container | Name of the container in the Storage Account if App Service backup is enabled | string |
"webapps" |
no |
| backup_storage_account_name | Storage account name to use if App Service backup is enabled. | string |
null |
no |
| backup_storage_account_rg | Storage account resource group to use if App Service backup is enabled. | string |
null |
no |
| client_affinity_enabled | Client affinity activation for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#client_affinity_enabled | string |
"false" |
no |
| client_cert_enabled | Client certificate activation for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#client_cert_enabled | string |
"false" |
no |
| client_name | Client name/account used in naming | string |
n/a | yes |
| connection_strings | Connection strings for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#connection_string | list(map(string)) |
[] |
no |
| custom_domains | Custom domains and SSL certificates of the App Service. Could declare a custom domain with SSL binding. SSL certificate could be provided from an Azure Keyvault Certificate Secret or from a file. | map(map(string)) |
null |
no |
| diag_settings_custom_name | Custom name of the diagnostics settings, generated if not set. | string |
"" |
no |
| enable_backup | "true" to enable App Service backup | bool |
false |
no |
| environment | Project environment | string |
n/a | yes |
| extra_tags | Extra tags to add | map(string) |
{} |
no |
| https_only | HTTPS restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#https_only | string |
"false" |
no |
| location | Azure location. | string |
n/a | yes |
| location_short | Short string for Azure location. | string |
n/a | yes |
| logs_categories | Log categories to send to destinations. | list(string) |
null |
no |
| logs_destinations_ids | List of destination resources Ids for logs diagnostics destination. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set. Empty list to disable logging. | list(string) |
n/a | yes |
| logs_metrics_categories | Metrics categories to send to destinations. | list(string) |
null |
no |
| logs_retention_days | Number of days to keep logs on storage account | number |
30 |
no |
| mount_points | Storage Account mount points. Name is generated if not set and default type is AzureFiles. See https://www.terraform.io/docs/providers/azurerm/r/app_service.html#storage_account | list(map(string)) |
[] |
no |
| name_prefix | Optional prefix for the generated name | string |
"" |
no |
| resource_group_name | Resource group name | string |
n/a | yes |
| scm_authorized_ips | SCM IPs restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#scm_ip_restriction | list(string) |
[] |
no |
| scm_authorized_service_tags | SCM Service Tags restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#scm_ip_restriction | list(string) |
[] |
no |
| scm_authorized_subnet_ids | SCM subnets restriction for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#scm_ip_restriction | list(string) |
[] |
no |
| site_config | Site config for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#site_config. IP restriction attribute is no more managed in this block. | any |
{} |
no |
| stack | Project stack name | string |
n/a | yes |
| Name | Description |
|---|---|
| app_insights_app_id | Deprecated, use application_insights_app_id |
| app_insights_application_type | Deprecated, use application_insights_application_type |
| app_insights_id | Deprecated, use application_insights_id |
| app_insights_instrumentation_key | Deprecated, use application_insights_instrumentation_key |
| app_insights_name | Deprecated, use application_insights_name |
| app_service_default_site_hostname | The Default Hostname associated with the App Service |
| app_service_id | Id of the App Service |
| app_service_identity_service_principal_id | Id of the Service principal identity of the App Service |
| app_service_name | Name of the App Service |
| app_service_outbound_ip_addresses | Outbound IP adresses of the App Service |
| app_service_plan_id | Id of the App Service Plan |
| app_service_possible_outbound_ip_addresses | Possible outbound IP adresses of the App Service |
| app_service_site_credential | Site credential block of the App Service |
| app_service_source_control | Source Control information block of the App Service |
| application_insights_app_id | App id of the Application Insights associated to the App Service |
| application_insights_application_type | Application Type of the Application Insights associated to the App Service |
| application_insights_id | Id of the Application Insights associated to the App Service |
| application_insights_instrumentation_key | Instrumentation key of the Application Insights associated to the App Service |
| application_insights_name | Name of the Application Insights associated to the App Service |
Terraform resource documentation: www.terraform.io/docs/providers/azurerm/r/app_service.html
Microsoft Azure documentation: docs.microsoft.com/en-us/azure/app-service/overview
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent