azurermFunctionAppSlot
Manages a Function App deployment Slot.
!> NOTE: This resource has been deprecated in version 3.0 of the AzureRM provider and will be removed in version 4.0. Please use azurermLinuxFunctionAppSlot
and azurermWindowsFunctionAppSlot
resources instead.
Example Usage (with App Service Plan)
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "azure-functions-test-rg",
}
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
this,
"example_1",
{
account_replication_type: "LRS",
account_tier: "Standard",
location: azurermResourceGroupExample.location,
name: "functionsapptestsa",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermAppServicePlanExample = new azurerm.appServicePlan.AppServicePlan(
this,
"example_2",
{
location: azurermResourceGroupExample.location,
name: "azure-functions-test-service-plan",
resource_group_name: azurermResourceGroupExample.name,
sku: [
{
size: "S1",
tier: "Standard",
},
],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermAppServicePlanExample.overrideLogicalId("example");
const azurermFunctionAppExample = new azurerm.functionApp.FunctionApp(
this,
"example_3",
{
app_service_plan_id: azurermAppServicePlanExample.id,
location: azurermResourceGroupExample.location,
name: "test-azure-functions",
resource_group_name: azurermResourceGroupExample.name,
storage_account_access_key: azurermStorageAccountExample.primaryAccessKey,
storage_account_name: azurermStorageAccountExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermFunctionAppExample.overrideLogicalId("example");
const azurermFunctionAppSlotExample =
new azurerm.functionAppSlot.FunctionAppSlot(this, "example_4", {
app_service_plan_id: azurermAppServicePlanExample.id,
function_app_name: azurermFunctionAppExample.name,
location: azurermResourceGroupExample.location,
name: "test-azure-functions_slot",
resource_group_name: azurermResourceGroupExample.name,
storage_account_access_key: azurermStorageAccountExample.primaryAccessKey,
storage_account_name: azurermStorageAccountExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermFunctionAppSlotExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
-
name
- (Required) Specifies the name of the Function App. Changing this forces a new resource to be created. -
resourceGroupName
- (Required) The name of the resource group in which to create the Function App Slot. Changing this forces a new resource to be created. -
location
- (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. -
appServicePlanId
- (Required) The ID of the App Service Plan within which to create this Function App Slot. Changing this forces a new resource to be created. -
functionAppName
- (Required) The name of the Function App within which to create the Function App Slot. Changing this forces a new resource to be created. -
storageAccountName
- (Required) The backend storage account name which will be used by the Function App (such as the dashboard, logs). Changing this forces a new resource to be created. -
storageAccountAccessKey
- (Required) The access key which will be used to access the backend storage account for the Function App. -
appSettings
- (Optional) A key-value pair of App Settings.
\~> Note: When integrating a ci/cdPipeline
and expecting to run from a deployed package in azure
you must seed your appSettings
as part of terraform code for function app to be successfully deployed. importantDefaultKeyPairs
: ("websiteRunFromPackage" = ""
, "functionsWorkerRuntime" = "node"
(or Python, etc), "websiteNodeDefaultVersion" = "10141"
, "appinsightsInstrumentationkey" = ""
).
\~> NOTE: The values for azureWebJobsStorage
and functionsExtensionVersion
will be filled by other input arguments and shouldn't be configured separately. azureWebJobsStorage
is filled based on storageAccountName
and storageAccountAccessKey
. functionsExtensionVersion
is filled based on version
.
\~> Note: When using an App Service Plan in the free
or shared
Tiers use32BitWorkerProcess
must be set to true
.
-
authSettings
- (Optional) AnauthSettings
block as defined below. -
enableBuiltinLogging
- (Optional) Should the built-in logging of the Function App be enabled? Defaults totrue
. -
connectionString
- (Optional) AconnectionString
block as defined below. -
osType
- (Optional) A string indicating the Operating System type for this function app. The only possible value islinux
. Changing this forces a new resource to be created.
\~> NOTE: This value will be linux
for Linux Derivatives or an empty string for Windows (default).
-
enabled
- (Optional) Is the Function App enabled? Defaults totrue
. -
httpsOnly
- (Optional) Can the Function App only be accessed via HTTPS? Defaults tofalse
. -
version
- (Optional) The runtime version associated with the Function App. Defaults to~1
. -
dailyMemoryTimeQuota
- (Optional) The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps under the consumption plan. -
siteConfig
- (Optional) AsiteConfig
object as defined below. -
identity
- (Optional) Anidentity
block as defined below. -
tags
- (Optional) A mapping of tags to assign to the resource.
The connectionString
block supports the following:
name
- (Required) The name of the Connection String.type
- (Required) The type of the Connection String. Possible values areapiHub
,custom
,docDb
,eventHub
,mySql
,notificationHub
,postgreSql
,redisCache
,serviceBus
,sqlAzure
andsqlServer
.value
- (Required) The value for the Connection String.
The siteConfig
block supports the following:
-
alwaysOn
- (Optional) Should the Function App be loaded at all times? Defaults tofalse
. -
use32BitWorkerProcess
- (Optional) Should the Function App run in 32 bit mode, rather than 64 bit mode? Defaults totrue
.
\~> Note: when using an App Service Plan in the free
or shared
Tiers use32BitWorkerProcess
must be set to true
.
-
websocketsEnabled
- (Optional) Should WebSockets be enabled? -
linuxFxVersion
- (Optional) Linux App Framework and version for the AppService, e.g.docker|(golang:latest)
. -
javaVersion
- (Optional) Java version hosted by the function app in Azure. Possible values are18
,11
&17
(In-Preview). -
http2Enabled
- (Optional) Specifies whether or not the HTTP2 protocol should be enabled. Defaults tofalse
. -
minTlsVersion
- (Optional) The minimum supported TLS version for the function app. Possible values are10
,11
, and12
. Defaults to12
for new function apps. -
ftpsState
- (Optional) State of FTP / FTPS service for this function app. Possible values include:allAllowed
,ftpsOnly
anddisabled
. -
healthCheckPath
- (Optional) Path which will be checked for this function app health. -
appScaleLimit
- (Optional) The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. -
runtimeScaleMonitoringEnabled
- (Optional) Should Runtime Scale Monitoring be enabled?. Only applicable to apps on the Premium plan. Defaults tofalse
. -
scmIpRestriction
- (Optional) A List of objects representing IP restrictions as defined below.
-> NOTE User has to explicitly set scmIpRestriction
to empty slice ([]
) to remove it.
scmType
- (Optional) The type of Source Control used by this function App. Valid values include:bitBucketGit
,bitBucketHg
,codePlexGit
,codePlexHg
,dropbox
,externalGit
,externalHg
,gitHub
,localGit
,none
(default),oneDrive
,tfs
,vso
, andvstsrm
.
\~> NOTE: This setting is incompatible with the sourceControl
block which updates this value based on the setting provided.
scmUseMainIpRestriction
- (Optional) IP security restrictions for scm to use main. Defaults tofalse
.
-> NOTE Any scmIpRestriction
blocks configured are ignored by the service when scmUseMainIpRestriction
is set to true
. Any scm restrictions will become active if this is subsequently set to false
or removed.
-
elasticInstanceMinimum
- (Optional) The number of minimum instances for this function app. Only applicable to apps on the Premium plan. -
preWarmedInstanceCount
- (Optional) The number of pre-warmed instances for this function app. Only affects apps on the Premium plan. -
dotnetFrameworkVersion
- (Optional) The version of the .NET framework's CLR used in this function app. Possible values arev40
(including .NET Core 2.1 and 3.1),v50
andv60
. For more information on which .NET Framework version to use based on the runtime version you're targeting - please see this table. Defaults tov40
. -
cors
- (Optional) Acors
block as defined below. -
ipRestriction
- (Optional) A List of objects representing IP restrictions as defined below. -
autoSwapSlotName
- (Optional) The name of the slot to automatically swap to during deployment
A cors
block supports the following:
-
allowedOrigins
- (Required) A list of origins which should be able to make cross-origin calls.*
can be used to allow all calls. -
supportCredentials
- (Optional) Are credentials supported?
An identity
block supports the following:
type
- (Required) Specifies the identity type of the Function App. Possible values aresystemAssigned
(where Azure will generate a Service Principal for you),userAssigned
where you can specify the Service Principal IDs in theidentityIds
field, andsystemAssigned,UserAssigned
which assigns both a system managed identity as well as the specified user assigned identities.
\~> NOTE: When type
is set to systemAssigned
, The assigned principalId
and tenantId
can be retrieved after the Function App has been created. More details are available below.
identityIds
- (Optional) Specifies a list of user managed identity ids to be assigned. Required iftype
isuserAssigned
.
An authSettings
block supports the following:
-
enabled
- (Required) Is Authentication enabled? -
activeDirectory
- (Optional) AnactiveDirectory
block as defined below. -
additionalLoginParams
- (Optional) login parameters to send to the OpenID Connect authorization endpoint when a user logs in. Each parameter must be in the form "key=value". -
allowedExternalRedirectUrls
- (Optional) External URLs that can be redirected to as part of logging in or logging out of the app. -
defaultProvider
- (Optional) The default provider to use when multiple providers have been set up. Possible values areazureActiveDirectory
,facebook
,google
,microsoftAccount
andtwitter
.
\~> NOTE: When using multiple providers, the default provider must be set for settings like unauthenticatedClientAction
to work.
-
facebook
- (Optional) Afacebook
block as defined below. -
google
- (Optional) Agoogle
block as defined below. -
issuer
- (Optional) Issuer URI. When using Azure Active Directory, this value is the URI of the directory tenant, e.g. https://sts.windows.net/{tenant-guid}/. -
microsoft
- (Optional) Amicrosoft
block as defined below. -
runtimeVersion
- (Optional) The runtime version of the Authentication/Authorization module. -
tokenRefreshExtensionHours
- (Optional) The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to72
. -
tokenStoreEnabled
- (Optional) If enabled the module will durably store platform-specific security tokens that are obtained during login flows. Defaults tofalse
. -
twitter
- (Optional) Atwitter
block as defined below. -
unauthenticatedClientAction
- (Optional) The action to take when an unauthenticated client attempts to access the app. Possible values areallowAnonymous
andredirectToLoginPage
.
An activeDirectory
block supports the following:
-
clientId
- (Required) The Client ID of this relying party application. Enables OpenIDConnection authentication with Azure Active Directory. -
clientSecret
- (Optional) The Client Secret of this relying party application. If no secret is provided, implicit flow will be used. -
allowedAudiences
- (Optional) Allowed audience values to consider when validating JWTs issued by Azure Active Directory.
A facebook
block supports the following:
-
appId
- (Required) The App ID of the Facebook app used for login -
appSecret
- (Required) The App Secret of the Facebook app used for Facebook login. -
oauthScopes
- (Optional) The OAuth 2.0 scopes that will be requested as part of Facebook login authentication. https://developers.facebook.com/docs/facebook-login
A google
block supports the following:
-
clientId
- (Required) The OpenID Connect Client ID for the Google web application. -
clientSecret
- (Required) The client secret associated with the Google web application. -
oauthScopes
- (Optional) The OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. https://developers.google.com/identity/sign-in/web/
A microsoft
block supports the following:
-
clientId
- (Required) The OAuth 2.0 client ID that was created for the app used for authentication. -
clientSecret
- (Required) The OAuth 2.0 client secret that was created for the app used for authentication. -
oauthScopes
- (Optional) The OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. https://msdn.microsoft.com/en-us/library/dn631845.aspx
A twitter
block supports the following:
-
consumerKey
- (Required) The OAuth 1.0a consumer key of the Twitter application used for sign-in. -
consumerSecret
- (Required) The OAuth 1.0a consumer secret of the Twitter application used for sign-in.
A ipRestriction
block supports the following:
-
ipAddress
- (Optional) The IP Address used for this IP Restriction in CIDR notation. -
serviceTag
- (Optional) The Service Tag used for this IP Restriction. -
virtualNetworkSubnetId
- (Optional) The Virtual Network Subnet ID used for this IP Restriction.
-> NOTE: One of either ipAddress
, serviceTag
or virtualNetworkSubnetId
must be specified
-
name
- (Optional) The name for this IP Restriction. -
priority
- (Optional) The priority for this IP Restriction. Restrictions are enforced in priority order. By default, priority is set to 65000 if not specified. -
action
- (Optional) Does this restrictionallow
ordeny
access for this IP range. Defaults toallow
. -
headers
- (Optional) The headers for this specificipRestriction
as defined below.
A scmIpRestriction
block supports the following:
-
ipAddress
- (Optional) The IP Address used for this IP Restriction in CIDR notation. -
serviceTag
- (Optional) The Service Tag used for this IP Restriction. -
virtualNetworkSubnetId
- (Optional) The Virtual Network Subnet ID used for this IP Restriction.
-> NOTE: One of either ipAddress
, serviceTag
or virtualNetworkSubnetId
must be specified
-
name
- (Optional) The name for this IP Restriction. -
priority
- (Optional) The priority for this IP Restriction. Restrictions are enforced in priority order. By default, priority is set to 65000 if not specified. -
action
- (Optional) Allow or Deny access for this IP range. Defaults toallow
. -
headers
- (Optional) The headers for this specificscmIpRestriction
as defined below.
A headers
block supports the following:
-
xAzureFdid
- (Optional) A list of allowed Azure FrontDoor IDs in UUID notation with a maximum of 8. -
xFdHealthProbe
- (Optional) A list to allow the Azure FrontDoor health probe header. Only allowed value is "1". -
xForwardedFor
- (Optional) A list of allowed 'X-Forwarded-For' IPs in CIDR notation with a maximum of 8 -
xForwardedHost
- (Optional) A list of allowed 'X-Forwarded-Host' domains with a maximum of 8.
Attributes Reference
The following attributes are exported:
-
id
- The ID of the Function App Slot -
defaultHostname
- The default hostname associated with the Function App - such asmysiteAzurewebsitesNet
-
outboundIpAddresses
- A comma separated list of outbound IP addresses - such as5223253,521434312
-
possibleOutboundIpAddresses
- A comma separated list of outbound IP addresses - such as5223253,521434312,521434317
- not all of which are necessarily in use. Superset ofoutboundIpAddresses
. -
identity
- Anidentity
block as defined below, which contains the Managed Service Identity information for this Function App Slot. -
siteCredential
- AsiteCredential
block as defined below, which contains the site-level credentials used to publish to this Function App Slot. -
kind
- The Function App kind - such asfunctionapp,linux,container
The identity
block exports the following:
-
principalId
- The Principal ID for the Service Principal associated with the Managed Service Identity of this App Service. -
tenantId
- The Tenant ID for the Service Principal associated with the Managed Service Identity of this App Service.
The siteCredential
block exports the following:
username
- The username which can be used to publish to this App Servicepassword
- The password associated with the username, which can be used to publish to this App Service.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Function App Deployment Slot.update
- (Defaults to 30 minutes) Used when updating the Function App Deployment Slot.read
- (Defaults to 5 minutes) Used when retrieving the Function App Deployment Slot.delete
- (Defaults to 30 minutes) Used when deleting the Function App Deployment Slot.
Import
Function Apps Deployment Slots can be imported using the resourceId
, e.g.