azurermAppServiceEnvironmentV3
Manages a 3rd Generation (v3) App Service Environment.
Example Usage
This example provisions an App Service Environment V3. Additional examples of how to use the azurermAppServiceEnvironmentV3
resource can be found in the /examples/appServiceEnvironmentV3
directory within the GitHub Repository.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "exampleRG1",
}
);
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
this,
"example_1",
{
address_space: ["10.0.0.0/16"],
location: azurermResourceGroupExample.location,
name: "example-vnet",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const azurermSubnetExample = new azurerm.subnet.Subnet(this, "example_2", {
address_prefixes: ["10.0.2.0/24"],
delegation: [
{
name: "Microsoft.Web.hostingEnvironments",
service_delegation: [
{
actions: ["Microsoft.Network/virtualNetworks/subnets/action"],
name: "Microsoft.Web/hostingEnvironments",
},
],
},
],
name: "example-subnet",
resource_group_name: azurermResourceGroupExample.name,
virtual_network_name: azurermVirtualNetworkExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetExample.overrideLogicalId("example");
const azurermAppServiceEnvironmentV3Example =
new azurerm.appServiceEnvironmentV3.AppServiceEnvironmentV3(
this,
"example_3",
{
cluster_setting: [
{
name: "DisableTls1.0",
value: "1",
},
{
name: "InternalEncryption",
value: "true",
},
{
name: "FrontEndSSLCipherSuiteOrder",
value:
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
},
],
internal_load_balancing_mode: "Web, Publishing",
name: "example-asev3",
resource_group_name: azurermResourceGroupExample.name,
subnet_id: azurermSubnetExample.id,
tags: {
env: "production",
terraformed: "true",
},
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermAppServiceEnvironmentV3Example.overrideLogicalId("example");
const azurermServicePlanExample = new azurerm.servicePlan.ServicePlan(
this,
"example_4",
{
app_service_environment_id: azurermAppServiceEnvironmentV3Example.id,
location: azurermResourceGroupExample.location,
name: "example",
os_type: "Linux",
resource_group_name: azurermResourceGroupExample.name,
sku_name: "I1v2",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermServicePlanExample.overrideLogicalId("example");
Argument Reference
-
name
- (Required) The name of the App Service Environment. Changing this forces a new resource to be created. -
resourceGroupName
- (Required) The name of the Resource Group where the App Service Environment exists. Defaults to the Resource Group of the Subnet (specified bysubnetId
). Changing this forces a new resource to be created. -
subnetId
- (Required) The ID of the Subnet which the App Service Environment should be connected to. Changing this forces a new resource to be created.
\~> NOTE a /24 or larger CIDR is required. Once associated with an ASE, this size cannot be changed.
\~> NOTE: This Subnet requires a delegation to microsoftWeb/hostingEnvironments
as detailed in the example above.
-
allowNewPrivateEndpointConnections
- (Optional) Should new Private Endpoint Connections be allowed. Defaults totrue
. -
clusterSetting
- (Optional) Zero or moreclusterSetting
blocks as defined below. -
dedicatedHostCount
- (Optional) This ASEv3 should use dedicated Hosts. Possible values are2
. Changing this forces a new resource to be created. -
zoneRedundant
- (Optional) Set totrue
to deploy the ASEv3 with availability zones supported. Zonal ASEs can be deployed in some regions, you can refer to Availability Zone support for App Service Environments. You can only set eitherdedicatedHostCount
orzoneRedundant
but not both. Changing this forces a new resource to be created.
\~> NOTE: Setting this value will provision 2 Physical Hosts for your App Service Environment V3, this is done at additional cost, please be aware of the pricing commitment in the General Availability Notes
-
internalLoadBalancingMode
- (Optional) Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. Possible values arenone
(for an External VIP Type), and"web,Publishing"
(for an Internal VIP Type). Defaults tonone
. Changing this forces a new resource to be created. -
tags
- (Optional) A mapping of tags to assign to the resource.
\~> NOTE: The underlying API does not currently support changing Tags on this resource. Making changes in the portal for tags will cause Terraform to detect a change that will force a recreation of the ASEV3 unless ignoreChanges
lifecycle meta-argument is used.
A clusterSetting
block supports the following:
\~> NOTE: If this block is specified it must contain the frontEndSslCipherSuiteOrder
setting, with the value tlsEcdheRsaWithAes256GcmSha384,tlsEcdheRsaWithAes128GcmSha256
.
-
name
- (Required) The name of the Cluster Setting. -
value
- (Required) The value for the Cluster Setting.
Attributes Reference
In addition to the Arguments above, the following Attributes are exported:
-
id
- The ID of the App Service Environment. -
dnsSuffix
- the DNS suffix for this App Service Environment V3. -
externalInboundIpAddresses
- The external inbound IP addresses of the App Service Environment V3. -
inboundNetworkDependencies
- An Inbound Network Dependencies block as defined below. -
internalInboundIpAddresses
- The internal inbound IP addresses of the App Service Environment V3. -
ipSslAddressCount
- The number of IP SSL addresses reserved for the App Service Environment V3. -
linuxOutboundIpAddresses
- Outbound addresses of Linux based Apps in this App Service Environment V3 -
location
- The location where the App Service Environment exists. -
pricingTier
- Pricing tier for the front end instances. -
windowsOutboundIpAddresses
- Outbound addresses of Windows based Apps in this App Service Environment V3.
An inboundNetworkDependencies
block exports the following:
-
description
- A short description of the purpose of the network traffic. -
ipAddresses
- A list of IP addresses that network traffic will originate from in CIDR notation. -
ports
- The ports that network traffic will arrive to the App Service Environment V3 on.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 6 hours) Used when creating the 3rd Generation (v3) App Service Environment.update
- (Defaults to 6 hours) Used when updating the 3rd Generation (v3) App Service Environment.read
- (Defaults to 5 minutes) Used when retrieving the 3rd Generation (v3) App Service Environment.delete
- (Defaults to 6 hours) Used when deleting the 3rd Generation (v3) App Service Environment.
Import
A 3rd Generation (v3) App Service Environment can be imported using the resourceId
, e.g.