azurermAppServiceEnvironmentV3

Manages a 3rd Generation (v3) App Service Environment.

Example Usage

This example provisions an App Service Environment V3. Additional examples of how to use the azurermAppServiceEnvironmentV3 resource can be found in the /examples/appServiceEnvironmentV3 directory within the GitHub Repository.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "exampleRG1",
  }
);
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example_1",
  {
    address_space: ["10.0.0.0/16"],
    location: azurermResourceGroupExample.location,
    name: "example-vnet",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const azurermSubnetExample = new azurerm.subnet.Subnet(this, "example_2", {
  address_prefixes: ["10.0.2.0/24"],
  delegation: [
    {
      name: "Microsoft.Web.hostingEnvironments",
      service_delegation: [
        {
          actions: ["Microsoft.Network/virtualNetworks/subnets/action"],
          name: "Microsoft.Web/hostingEnvironments",
        },
      ],
    },
  ],
  name: "example-subnet",
  resource_group_name: azurermResourceGroupExample.name,
  virtual_network_name: azurermVirtualNetworkExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetExample.overrideLogicalId("example");
const azurermAppServiceEnvironmentV3Example =
  new azurerm.appServiceEnvironmentV3.AppServiceEnvironmentV3(
    this,
    "example_3",
    {
      cluster_setting: [
        {
          name: "DisableTls1.0",
          value: "1",
        },
        {
          name: "InternalEncryption",
          value: "true",
        },
        {
          name: "FrontEndSSLCipherSuiteOrder",
          value:
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        },
      ],
      internal_load_balancing_mode: "Web, Publishing",
      name: "example-asev3",
      resource_group_name: azurermResourceGroupExample.name,
      subnet_id: azurermSubnetExample.id,
      tags: {
        env: "production",
        terraformed: "true",
      },
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermAppServiceEnvironmentV3Example.overrideLogicalId("example");
const azurermServicePlanExample = new azurerm.servicePlan.ServicePlan(
  this,
  "example_4",
  {
    app_service_environment_id: azurermAppServiceEnvironmentV3Example.id,
    location: azurermResourceGroupExample.location,
    name: "example",
    os_type: "Linux",
    resource_group_name: azurermResourceGroupExample.name,
    sku_name: "I1v2",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermServicePlanExample.overrideLogicalId("example");

Argument Reference

name - (Required) The name of the App Service Environment. Changing this forces a new resource to be created.
resourceGroupName - (Required) The name of the Resource Group where the App Service Environment exists. Defaults to the Resource Group of the Subnet (specified by subnetId). Changing this forces a new resource to be created.
subnetId - (Required) The ID of the Subnet which the App Service Environment should be connected to. Changing this forces a new resource to be created.

\~> NOTE a /24 or larger CIDR is required. Once associated with an ASE, this size cannot be changed.

\~> NOTE: This Subnet requires a delegation to microsoftWeb/hostingEnvironments as detailed in the example above.

allowNewPrivateEndpointConnections - (Optional) Should new Private Endpoint Connections be allowed. Defaults to true.
clusterSetting - (Optional) Zero or more clusterSetting blocks as defined below.
dedicatedHostCount - (Optional) This ASEv3 should use dedicated Hosts. Possible values are 2. Changing this forces a new resource to be created.
zoneRedundant - (Optional) Set to true to deploy the ASEv3 with availability zones supported. Zonal ASEs can be deployed in some regions, you can refer to Availability Zone support for App Service Environments. You can only set either dedicatedHostCount or zoneRedundant but not both. Changing this forces a new resource to be created.

\~> NOTE: Setting this value will provision 2 Physical Hosts for your App Service Environment V3, this is done at additional cost, please be aware of the pricing commitment in the General Availability Notes

internalLoadBalancingMode - (Optional) Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. Possible values are none (for an External VIP Type), and "web,Publishing" (for an Internal VIP Type). Defaults to none. Changing this forces a new resource to be created.
tags - (Optional) A mapping of tags to assign to the resource.

\~> NOTE: The underlying API does not currently support changing Tags on this resource. Making changes in the portal for tags will cause Terraform to detect a change that will force a recreation of the ASEV3 unless ignoreChanges lifecycle meta-argument is used.

A clusterSetting block supports the following:

\~> NOTE: If this block is specified it must contain the frontEndSslCipherSuiteOrder setting, with the value tlsEcdheRsaWithAes256GcmSha384,tlsEcdheRsaWithAes128GcmSha256.

name - (Required) The name of the Cluster Setting.
value - (Required) The value for the Cluster Setting.

Attributes Reference

In addition to the Arguments above, the following Attributes are exported:

id - The ID of the App Service Environment.
dnsSuffix - the DNS suffix for this App Service Environment V3.
externalInboundIpAddresses - The external inbound IP addresses of the App Service Environment V3.
inboundNetworkDependencies - An Inbound Network Dependencies block as defined below.
internalInboundIpAddresses - The internal inbound IP addresses of the App Service Environment V3.
ipSslAddressCount - The number of IP SSL addresses reserved for the App Service Environment V3.
linuxOutboundIpAddresses - Outbound addresses of Linux based Apps in this App Service Environment V3
location - The location where the App Service Environment exists.
pricingTier - Pricing tier for the front end instances.
windowsOutboundIpAddresses - Outbound addresses of Windows based Apps in this App Service Environment V3.

An inboundNetworkDependencies block exports the following:

description - A short description of the purpose of the network traffic.
ipAddresses - A list of IP addresses that network traffic will originate from in CIDR notation.
ports - The ports that network traffic will arrive to the App Service Environment V3 on.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

create - (Defaults to 6 hours) Used when creating the 3rd Generation (v3) App Service Environment.
update - (Defaults to 6 hours) Used when updating the 3rd Generation (v3) App Service Environment.
read - (Defaults to 5 minutes) Used when retrieving the 3rd Generation (v3) App Service Environment.
delete - (Defaults to 6 hours) Used when deleting the 3rd Generation (v3) App Service Environment.

Import

A 3rd Generation (v3) App Service Environment can be imported using the resourceId, e.g.

terraform import azurerm_app_service_environment_v3.myAppServiceEnv /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Web/hostingEnvironments/myAppServiceEnv