azurermCdnFrontdoorOrigin
Manages a Front Door (standard/premium) Origin.
!>IMPORTANT: If you are attempting to implement an Origin that uses its own Private Link Service with a Load Balancer the Profile resource in your configuration file must have a dependsOn
meta-argument which references the azurermPrivateLinkService
, see exampleUsageWithPrivateLinkService
below.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermCdnFrontdoorProfileExample =
new azurerm.cdnFrontdoorProfile.CdnFrontdoorProfile(this, "example_1", {
name: "example-profile",
resource_group_name: azurermResourceGroupExample.name,
sku_name: "Premium_AzureFrontDoor",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorProfileExample.overrideLogicalId("example");
const azurermCdnFrontdoorOriginGroupExample =
new azurerm.cdnFrontdoorOriginGroup.CdnFrontdoorOriginGroup(
this,
"example_2",
{
cdn_frontdoor_profile_id: azurermCdnFrontdoorProfileExample.id,
load_balancing: [{}],
name: "example-origingroup",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorOriginGroupExample.overrideLogicalId("example");
const azurermCdnFrontdoorOriginExample =
new azurerm.cdnFrontdoorOrigin.CdnFrontdoorOrigin(this, "example_3", {
cdn_frontdoor_origin_group_id: azurermCdnFrontdoorOriginGroupExample.id,
certificate_name_check_enabled: false,
enabled: true,
host_name: "contoso.com",
http_port: 80,
https_port: 443,
name: "example-origin",
origin_host_header: "www.contoso.com",
priority: 1,
weight: 1,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorOriginExample.overrideLogicalId("example");
Example Usage With Private Link
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
this,
"example_1",
{
account_replication_type: "LRS",
account_tier: "Premium",
allow_nested_items_to_be_public: false,
location: azurermResourceGroupExample.location,
name: "examplestoracc",
network_rules: [
{
default_action: "Deny",
},
],
resource_group_name: azurermResourceGroupExample.name,
tags: {
environment: "Example",
},
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermCdnFrontdoorProfileExample =
new azurerm.cdnFrontdoorProfile.CdnFrontdoorProfile(this, "example_2", {
name: "example-profile",
resource_group_name: azurermResourceGroupExample.name,
sku_name: "Premium_AzureFrontDoor",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorProfileExample.overrideLogicalId("example");
const azurermCdnFrontdoorOriginGroupExample =
new azurerm.cdnFrontdoorOriginGroup.CdnFrontdoorOriginGroup(
this,
"example_3",
{
cdn_frontdoor_profile_id: azurermCdnFrontdoorProfileExample.id,
load_balancing: [{}],
name: "example-origin-group",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorOriginGroupExample.overrideLogicalId("example");
const azurermCdnFrontdoorOriginExample =
new azurerm.cdnFrontdoorOrigin.CdnFrontdoorOrigin(this, "example_4", {
cdn_frontdoor_origin_group_id: azurermCdnFrontdoorOriginGroupExample.id,
certificate_name_check_enabled: true,
enabled: true,
host_name: azurermStorageAccountExample.primaryBlobHost,
name: "example-origin",
origin_host_header: azurermStorageAccountExample.primaryBlobHost,
priority: 1,
private_link: [
{
location: azurermStorageAccountExample.location,
private_link_target_id: azurermStorageAccountExample.id,
request_message: "Request access for Private Link Origin CDN Frontdoor",
target_type: "blob",
},
],
weight: 500,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorOriginExample.overrideLogicalId("example");
Example Usage With Private Link Service
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
this,
"example_1",
{
address_space: ["10.5.0.0/16"],
location: azurermResourceGroupExample.location,
name: "vn-example",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const dataAzurermClientConfigCurrent =
new azurerm.dataAzurermClientConfig.DataAzurermClientConfig(
this,
"current",
{}
);
const azurermPublicIpExample = new azurerm.publicIp.PublicIp(
this,
"example_3",
{
allocation_method: "Static",
location: azurermResourceGroupExample.location,
name: "ip-example",
resource_group_name: azurermResourceGroupExample.name,
sku: "Standard",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPublicIpExample.overrideLogicalId("example");
const azurermSubnetExample = new azurerm.subnet.Subnet(this, "example_4", {
address_prefixes: ["10.5.1.0/24"],
name: "sn-example",
private_link_service_network_policies_enabled: false,
resource_group_name: azurermResourceGroupExample.name,
virtual_network_name: azurermVirtualNetworkExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetExample.overrideLogicalId("example");
const azurermLbExample = new azurerm.lb.Lb(this, "example_5", {
frontend_ip_configuration: [
{
name: azurermPublicIpExample.name,
public_ip_address_id: azurermPublicIpExample.id,
},
],
location: azurermResourceGroupExample.location,
name: "lb-example",
resource_group_name: azurermResourceGroupExample.name,
sku: "Standard",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLbExample.overrideLogicalId("example");
const azurermPrivateLinkServiceExample =
new azurerm.privateLinkService.PrivateLinkService(this, "example_6", {
load_balancer_frontend_ip_configuration_ids: [
`\${${azurermLbExample.frontendIpConfiguration}.0.id}`,
],
location: azurermResourceGroupExample.location,
name: "pls-example",
nat_ip_configuration: [
{
name: "primary",
primary: true,
private_ip_address: "10.5.1.17",
private_ip_address_version: "IPv4",
subnet_id: azurermSubnetExample.id,
},
],
resource_group_name: azurermResourceGroupExample.name,
visibility_subscription_ids: [
dataAzurermClientConfigCurrent.subscriptionId,
],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPrivateLinkServiceExample.overrideLogicalId("example");
const azurermCdnFrontdoorProfileExample =
new azurerm.cdnFrontdoorProfile.CdnFrontdoorProfile(this, "example_7", {
depends_on: [`\${${azurermPrivateLinkServiceExample.fqn}}`],
name: "profile-example",
resource_group_name: azurermResourceGroupExample.name,
sku_name: "Premium_AzureFrontDoor",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorProfileExample.overrideLogicalId("example");
const azurermCdnFrontdoorOriginGroupExample =
new azurerm.cdnFrontdoorOriginGroup.CdnFrontdoorOriginGroup(
this,
"example_8",
{
cdn_frontdoor_profile_id: azurermCdnFrontdoorProfileExample.id,
load_balancing: [
{
additional_latency_in_milliseconds: 0,
sample_size: 16,
successful_samples_required: 3,
},
],
name: "group-example",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorOriginGroupExample.overrideLogicalId("example");
const azurermCdnFrontdoorOriginExample =
new azurerm.cdnFrontdoorOrigin.CdnFrontdoorOrigin(this, "example_9", {
cdn_frontdoor_origin_group_id: azurermCdnFrontdoorOriginGroupExample.id,
certificate_name_check_enabled: false,
enabled: true,
host_name: "example.com",
name: "origin-example",
origin_host_header: "example.com",
priority: 1,
private_link: [
{
location: azurermResourceGroupExample.location,
private_link_target_id: azurermPrivateLinkServiceExample.id,
request_message: "Request access for Private Link Origin CDN Frontdoor",
},
],
weight: 1000,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorOriginExample.overrideLogicalId("example");
Arguments Reference
The following arguments are supported:
-
name
- (Required) The name which should be used for this Front Door Origin. Changing this forces a new Front Door Origin to be created. -
cdnFrontdoorOriginGroupId
- (Required) The ID of the Front Door Origin Group within which this Front Door Origin should exist. Changing this forces a new Front Door Origin to be created. -
hostName
- (Required) The IPv4 address, IPv6 address or Domain name of the Origin.
!> IMPORTANT: This must be unique across all Front Door Origins within a Front Door Endpoint.
-
certificateNameCheckEnabled
- (Required) Specifies whether certificate name checks are enabled for this origin. -
enabled
- (Optional) Should the origin be enabled? Possible values aretrue
orfalse
. Defaults totrue
.
-> NOTE: The enabled
field will need to be explicitly set until the 4.0 provider is released due to the deprecation of the healthProbesEnabled
property in version 3.x of the AzureRM Provider.
-
httpPort
- (Optional) The value of the HTTP port. Must be between1
and65535
. Defaults to80
. -
httpsPort
- (Optional) The value of the HTTPS port. Must be between1
and65535
. Defaults to443
. -
originHostHeader
- (Optional) The host header value (an IPv4 address, IPv6 address or Domain name) which is sent to the origin with each request. If unspecified the hostname from the request will be used.
-> Azure Front Door Origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin's hostname. This field's value overrides the host header defined in the Front Door Endpoint. For more information on how to properly set the origin host header value please see the product documentation.
-
priority
- (Optional) Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy. Must be between1
and5
(inclusive). Defaults to1
. -
privateLink
- (Optional) AprivateLink
block as defined below.
-> NOTE: Private Link requires that the Front Door Profile this Origin is hosted within is using the SKU premiumAzureFrontDoor
and that the certificateNameCheckEnabled
field is set to true
.
weight
- (Optional) The weight of the origin in a given origin group for load balancing. Must be between1
and1000
. Defaults to500
.
A privateLink
block supports the following:
\~> NOTE: At this time the Private Link Endpoint must be approved manually - for more information and region availability please see the product documentation.
!> IMPORTANT: Origin support for direct private end point connectivity is limited to storage (azureBlobs)
, appServices
and internalLoadBalancers
. The Azure Front Door Private Link feature is region agnostic but for the best latency, you should always pick an Azure region closest to your origin when choosing to enable Azure Front Door Private Link endpoint.
!> IMPORTANT: To associate a Load Balancer with a Front Door Origin via Private Link you must stand up your own azurermPrivateLinkService
- and ensure that a dependsOn
exists on the azurermCdnFrontdoorOrigin
resource to ensure it's destroyed before the azurermPrivateLinkService
resource (e.g. dependsOn = [azurermPrivateLinkServiceExample]
) due to the design of the Front Door Service.
-
requestMessage
- (Optional) Specifies the request message that will be submitted to theprivateLinkTargetId
when requesting the private link endpoint connection. Values must be between1
and140
characters in length. Defaults toaccessRequestForCdnFrontDoorPrivateLinkOrigin
. -
targetType
- (Optional) Specifies the type of target for this Private Link Endpoint. Possible values areblob
,blobSecondary
,web
andsites
.
-> NOTE: targetType
cannot be specified when using a Load Balancer as an Origin.
-
location
- (Required) Specifies the location where the Private Link resource should exist. Changing this forces a new resource to be created. -
privateLinkTargetId
- (Required) The ID of the Azure Resource to connect to via the Private Link.
-> Note: the privateLinkTargetId
property must specify the Resource ID of the Private Link Service when using Load Balancer as an Origin.
Example HCL Configurations
- Private Link Origin with Storage Account Blob
- Private Link Origin with Storage Account Static Web Site
- Private Link Origin with Linux Web Application
- Private Link Origin with Internal Load Balancer
Attributes Reference
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Front Door Origin.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Front Door Origin.read
- (Defaults to 5 minutes) Used when retrieving the Front Door Origin.update
- (Defaults to 30 minutes) Used when updating the Front Door Origin.delete
- (Defaults to 30 minutes) Used when deleting the Front Door Origin.
Import
Front Door Origins can be imported using the resourceId
, e.g.