azurermCdnFrontdoorSecurityPolicy
Manages a Front Door (standard/premium) Security Policy.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-cdn-frontdoor",
}
);
const azurermCdnFrontdoorProfileExample =
new azurerm.cdnFrontdoorProfile.CdnFrontdoorProfile(this, "example_1", {
name: "example-profile",
resource_group_name: azurermResourceGroupExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorProfileExample.overrideLogicalId("example");
const azurermCdnFrontdoorFirewallPolicyExample =
new azurerm.cdnFrontdoorFirewallPolicy.CdnFrontdoorFirewallPolicy(
this,
"example_2",
{
custom_block_response_body:
"PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
custom_block_response_status_code: 403,
custom_rule: [
{
action: "Block",
enabled: true,
match_condition: [
{
match_values: ["192.168.1.0/24", "10.0.1.0/24"],
match_variable: "RemoteAddr",
negation_condition: false,
operator: "IPMatch",
},
],
name: "Rule1",
priority: 1,
rate_limit_duration_in_minutes: 1,
rate_limit_threshold: 10,
type: "MatchRule",
},
],
enabled: true,
mode: "Prevention",
name: "exampleWAF",
redirect_url: "https://www.contoso.com",
resource_group_name: azurermResourceGroupExample.name,
sku_name: azurermCdnFrontdoorProfileExample.skuName,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorFirewallPolicyExample.overrideLogicalId("example");
const azurermCdnFrontdoorSecurityPolicyExample =
new azurerm.cdnFrontdoorSecurityPolicy.CdnFrontdoorSecurityPolicy(
this,
"example_3",
{
cdn_frontdoor_profile_id: azurermCdnFrontdoorProfileExample.id,
name: "Example-Security-Policy",
security_policies: [
{
firewall: [
{
association: [
{
domain: [
{
cdn_frontdoor_domain_id:
"${azurerm_cdn_frontdoor_custom_domain.domain1.id}",
},
],
patterns_to_match: ["/*"],
},
],
cdn_frontdoor_firewall_policy_id:
azurermCdnFrontdoorFirewallPolicyExample.id,
},
],
},
],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorSecurityPolicyExample.overrideLogicalId("example");
Arguments Reference
The following arguments are supported:
-
name
- (Required) The name which should be used for this Front Door Security Policy. Possible values must not be an empty string. Changing this forces a new Front Door Security Policy to be created. -
cdnFrontdoorProfileId
- (Required) The Front Door Profile Resource Id that is linked to this Front Door Security Policy. Changing this forces a new Front Door Security Policy to be created. -
securityPolicies
- (Required) AnsecurityPolicies
block as defined below. Changing this forces a new Front Door Security Policy to be created.
A securityPolicies
block supports the following:
firewall
- (Required) Anfirewall
block as defined below. Changing this forces a new Front Door Security Policy to be created.
A firewall
block supports the following:
-
cdnFrontdoorFirewallPolicyId
- (Required) The Resource Id of the Front Door Firewall Policy that should be linked to this Front Door Security Policy. Changing this forces a new Front Door Security Policy to be created. -
association
- (Required) Anassociation
block as defined below. Changing this forces a new Front Door Security Policy to be created.
An association
block supports the following:
-
domain
- (Required) One or moredomain
blocks as defined below. Changing this forces a new Front Door Security Policy to be created. -
patternsToMatch
- (Required) The list of paths to match for this firewall policy. Possible value includes/*
. Changing this forces a new Front Door Security Policy to be created.
A domain
block supports the following:
\~> NOTE: The number of domain
blocks that maybe included in the configuration file varies depending on the skuName
field of the linked Front Door Profile. The standardAzureFrontDoor
sku may contain up to 100 domain
blocks and a premiumAzureFrontDoor
sku may contain up to 500 domain
blocks.
-
cdnFrontdoorDomainId
- (Required) The Resource Id of the Front Door Custom Domain or Front Door Endpoint that should be bound to this Front Door Security Policy. Changing this forces a new Front Door Security Policy to be created. -
active
- (Computed) Is the Front Door Custom Domain/Endpoint activated?
Attributes Reference
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Front Door Security Policy.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Front Door Security Policy.read
- (Defaults to 5 minutes) Used when retrieving the Front Door Security Policy.delete
- (Defaults to 30 minutes) Used when deleting the Front Door Security Policy.
Import
Front Door Security Policies can be imported using the resourceId
, e.g.