azurermLogicAppStandard
Manages a Logic App (Standard / Single Tenant)
Example Usage (with App Service Plan)
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "azure-functions-test-rg",
}
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
this,
"example_1",
{
account_replication_type: "LRS",
account_tier: "Standard",
location: azurermResourceGroupExample.location,
name: "functionsapptestsa",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermAppServicePlanExample = new azurerm.appServicePlan.AppServicePlan(
this,
"example_2",
{
kind: "elastic",
location: azurermResourceGroupExample.location,
name: "azure-functions-test-service-plan",
resource_group_name: azurermResourceGroupExample.name,
sku: [
{
size: "WS1",
tier: "WorkflowStandard",
},
],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermAppServicePlanExample.overrideLogicalId("example");
const azurermLogicAppStandardExample =
new azurerm.logicAppStandard.LogicAppStandard(this, "example_3", {
app_service_plan_id: azurermAppServicePlanExample.id,
app_settings: [
{
FUNCTIONS_WORKER_RUNTIME: "node",
WEBSITE_NODE_DEFAULT_VERSION: "~18",
},
],
location: azurermResourceGroupExample.location,
name: "test-azure-functions",
resource_group_name: azurermResourceGroupExample.name,
storage_account_access_key: azurermStorageAccountExample.primaryAccessKey,
storage_account_name: azurermStorageAccountExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLogicAppStandardExample.overrideLogicalId("example");
Example Usage (for container mode)
\~> Note: You must set azurermAppServicePlan
kind
to linux
and reserved
to true
when used with linuxFxVersion
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "azure-functions-test-rg",
}
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
this,
"example_1",
{
account_replication_type: "LRS",
account_tier: "Standard",
location: azurermResourceGroupExample.location,
name: "functionsapptestsa",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermAppServicePlanExample = new azurerm.appServicePlan.AppServicePlan(
this,
"example_2",
{
kind: "Linux",
location: azurermResourceGroupExample.location,
name: "azure-functions-test-service-plan",
reserved: true,
resource_group_name: azurermResourceGroupExample.name,
sku: [
{
size: "WS1",
tier: "WorkflowStandard",
},
],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermAppServicePlanExample.overrideLogicalId("example");
const azurermLogicAppStandardExample =
new azurerm.logicAppStandard.LogicAppStandard(this, "example_3", {
app_service_plan_id: azurermAppServicePlanExample.id,
app_settings: [
{
DOCKER_REGISTRY_SERVER_PASSWORD: "password",
DOCKER_REGISTRY_SERVER_URL: "https://<server-name>.azurecr.io",
DOCKER_REGISTRY_SERVER_USERNAME: "username",
},
],
location: azurermResourceGroupExample.location,
name: "test-azure-functions",
resource_group_name: azurermResourceGroupExample.name,
site_config: [
{
linux_fx_version:
"DOCKER|mcr.microsoft.com/azure-functions/dotnet:3.0-appservice",
},
],
storage_account_access_key: azurermStorageAccountExample.primaryAccessKey,
storage_account_name: azurermStorageAccountExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLogicAppStandardExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
-
name
- (Required) Specifies the name of the Logic App Changing this forces a new resource to be created. -
resourceGroupName
- (Required) The name of the resource group in which to create the Logic App. Changing this forces a new resource to be created. -
location
- (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. -
appServicePlanId
- (Required) The ID of the App Service Plan within which to create this Logic App -
appSettings
- (Optional) A map of key-value pairs for App Settings and custom values.
\~> NOTE: There are a number of application settings that will be managed for you by this resource type and shouldn't be configured separately as part of the app_settings you specify. azureWebJobsStorage
is filled based on storageAccountName
and storageAccountAccessKey
. websiteContentshare
is detailed below. functionsExtensionVersion
is filled based on version
. appKind
is set to workflowApp and azureFunctionsJobHostExtensionBundleId
and azureFunctionsJobHostExtensionBundleVersion
are set as detailed below.
-
useExtensionBundle
- (Optional) Should the logic app use the bundled extension package? If true, then application settings forazureFunctionsJobHostExtensionBundleId
andazureFunctionsJobHostExtensionBundleVersion
will be created. Defaults totrue
. -
bundleVersion
- (Optional) IfuseExtensionBundle
then controls the allowed range for bundle versions. Default[1.*,200)
-
connectionString
- (Optional) AnconnectionString
block as defined below. -
clientAffinityEnabled
- (Optional) Should the Logic App send session affinity cookies, which route client requests in the same session to the same instance? -
clientCertificateMode
- (Optional) The mode of the Logic App's client certificates requirement for incoming requests. Possible values arerequired
andoptional
. -
enabled
- (Optional) Is the Logic App enabled? Defaults totrue
. -
httpsOnly
- (Optional) Can the Logic App only be accessed via HTTPS? Defaults tofalse
. -
identity
- (Optional) Anidentity
block as defined below. -
siteConfig
- (Optional) AsiteConfig
object as defined below. -
storageAccountName
- (Required) The backend storage account name which will be used by this Logic App (e.g. for Stateful workflows data). Changing this forces a new resource to be created. -
storageAccountAccessKey
- (Required) The access key which will be used to access the backend storage account for the Logic App -
storageAccountShareName
- (Optional) The name of the share used by the logic app, if you want to use a custom name. This corresponds to the WEBSITE_CONTENTSHARE appsetting, which this resource will create for you. If you don't specify a name, then this resource will generate a dynamic name. This setting is useful if you want to provision a storage account and create a share using azurerm_storage_share
\~> Note: When integrating a ci/cdPipeline
and expecting to run from a deployed package in azure
you must seed your appSettings
as part of terraform code for Logic App to be successfully deployed. importantDefaultKeyPairs
: ("websiteRunFromPackage" = ""
, "functionsWorkerRuntime" = "node"
(or Python, etc), "websiteNodeDefaultVersion" = "10141"
, "appinsightsInstrumentationkey" = ""
).
\~> Note: When using an App Service Plan in the free
or shared
Tiers use32BitWorkerProcess
must be set to true
.
-
version
- (Optional) The runtime version associated with the Logic App Defaults to~3
. -
virtualNetworkSubnetId
- (Optional) The subnet id which will be used by this resource for regional virtual network integration.
\~> NOTE on regional virtual network integration: The AzureRM Terraform provider provides regional virtual network integration via the standalone resource app_service_virtual_network_swift_connection and in-line within this resource using the virtualNetworkSubnetId
property. You cannot use both methods simutaneously.
\~> Note: Assigning the virtualNetworkSubnetId
property requires RBAC permissions on the subnet
tags
- (Optional) A mapping of tags to assign to the resource.
The connectionString
block supports the following:
-
name
- (Required) The name of the Connection String. -
type
- (Required) The type of the Connection String. Possible values areapiHub
,custom
,docDb
,eventHub
,mySql
,notificationHub
,postgreSql
,redisCache
,serviceBus
,sqlAzure
andsqlServer
. -
value
- (Required) The value for the Connection String.
The siteConfig
block supports the following:
-
alwaysOn
- (Optional) Should the Logic App be loaded at all times? Defaults tofalse
. -
appScaleLimit
- (Optional) The number of workers this Logic App can scale out to. Only applicable to apps on the Consumption and Premium plan. -
cors
- (Optional) Acors
block as defined below. -
dotnetFrameworkVersion
- (Optional) The version of the .NET framework's CLR used in this Logic App Possible values arev40
(including .NET Core 2.1 and 3.1),v50
andv60
. For more information on which .NET Framework version to use based on the runtime version you're targeting - please see this table. Defaults tov40
. -
elasticInstanceMinimum
- (Optional) The number of minimum instances for this Logic App Only affects apps on the Premium plan. -
ftpsState
- (Optional) State of FTP / FTPS service for this Logic App Possible values include:allAllowed
,ftpsOnly
anddisabled
. Defaults toallAllowed
. -
healthCheckPath
- (Optional) Path which will be checked for this Logic App health. -
http2Enabled
- (Optional) Specifies whether or not the HTTP2 protocol should be enabled. Defaults tofalse
. -
ipRestriction
- (Optional) A List of objects representing IP restrictions as defined below.
-> NOTE User has to explicitly set ipRestriction
to empty slice ([]
) to remove it.
scmIpRestriction
- (Optional) A List of objects representing SCM IP restrictions as defined below.
-> NOTE User has to explicitly set scmIpRestriction
to empty slice ([]
) to remove it.
-
scmUseMainIpRestriction
- (Optional) Should the Logic AppipRestriction
configuration be used for the SCM too. Defaults tofalse
. -
scmMinTlsVersion
- (Optional) Configures the minimum version of TLS required for SSL requests to the SCM site. Possible values are10
,11
and12
. -
scmType
- (Optional) The type of Source Control used by the Logic App in use by the Windows Function App. Defaults tonone
. Possible values are:bitbucketGit
,bitbucketHg
,codePlexGit
,codePlexHg
,dropbox
,externalGit
,externalHg
,gitHub
,localGit
,none
,oneDrive
,tfs
,vso
, andvstsrm
-
linuxFxVersion
- (Optional) Linux App Framework and version for the AppService, e.g.docker|(golang:latest)
. Setting this value will also set thekind
of application deployed tofunctionapp,linux,container,workflowapp
-
minTlsVersion
- (Optional) The minimum supported TLS version for the Logic App Possible values are10
,11
, and12
. Defaults to12
for new Logic Apps. -
preWarmedInstanceCount
- (Optional) The number of pre-warmed instances for this Logic App Only affects apps on the Premium plan. -
runtimeScaleMonitoringEnabled
- (Optional) Should Runtime Scale Monitoring be enabled?. Only applicable to apps on the Premium plan. Defaults tofalse
. -
use32BitWorkerProcess
- (Optional) Should the Logic App run in 32 bit mode, rather than 64 bit mode? Defaults totrue
.
\~> Note: when using an App Service Plan in the free
or shared
Tiers use32BitWorkerProcess
must be set to true
.
-
vnetRouteAllEnabled
- (Optional) Should all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. -
websocketsEnabled
- (Optional) Should WebSockets be enabled?
A cors
block supports the following:
-
allowedOrigins
- (Required) A list of origins which should be able to make cross-origin calls.*
can be used to allow all calls. -
supportCredentials
- (Optional) Are credentials supported?
An identity
block supports the following:
type
- (Required) Specifies the type of Managed Service Identity that should be configured on this Logic App Standard. Possible values aresystemAssigned
,userAssigned
andsystemAssigned,UserAssigned
(to enable both).identityIds
- (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this Logic App Standard.
\~> NOTE: When type
is set to systemAssigned
, The assigned principalId
and tenantId
can be retrieved after the Logic App has been created. More details are available below.
\~> NOTE: The identityIds
is required when type
is set to userAssigned
or systemAssigned,UserAssigned
.
A ipRestriction
block supports the following:
-
ipAddress
- (Optional) The IP Address used for this IP Restriction in CIDR notation. -
serviceTag
- (Optional) The Service Tag used for this IP Restriction. -
virtualNetworkSubnetId
- (Optional) The Virtual Network Subnet ID used for this IP Restriction.
-> NOTE: One of either ipAddress
, serviceTag
or virtualNetworkSubnetId
must be specified
-
name
- (Optional) The name for this IP Restriction. -
priority
- (Optional) The priority for this IP Restriction. Restrictions are enforced in priority order. By default, the priority is set to 65000 if not specified. -
action
- (Optional) Does this restrictionallow
ordeny
access for this IP range. Defaults toallow
. -
headers
- (Optional) The headers for this specificipRestriction
as defined below.
A scmIpRestriction
block supports the following:
-
ipAddress
- (Optional) The IP Address used for this IP Restriction in CIDR notation. -
serviceTag
- (Optional) The Service Tag used for this IP Restriction. -
virtualNetworkSubnetId
- (Optional) The Virtual Network Subnet ID used for this IP Restriction.
-> NOTE: One of either ipAddress
, serviceTag
or virtualNetworkSubnetId
must be specified
-
name
- (Optional) The name for this IP Restriction. -
priority
- (Optional) The priority for this IP Restriction. Restrictions are enforced in priority order. By default, the priority is set to 65000 if not specified. -
action
- (Optional) Does this restrictionallow
ordeny
access for this IP range. Defaults toallow
. -
headers
- (Optional) The headers for this specificipRestriction
as defined below.
A headers
block supports the following:
-
xAzureFdid
- (Optional) A list of allowed Azure FrontDoor IDs in UUID notation with a maximum of 8. -
xFdHealthProbe
- (Optional) A list to allow the Azure FrontDoor health probe header. Only allowed value is "1". -
xForwardedFor
- (Optional) A list of allowed 'X-Forwarded-For' IPs in CIDR notation with a maximum of 8 -
xForwardedHost
- (Optional) A list of allowed 'X-Forwarded-Host' domains with a maximum of 8.
Attributes Reference
The following attributes are exported:
-
id
- The ID of the Logic App -
customDomainVerificationId
- An identifier used by App Service to perform domain ownership verification via DNS TXT record. -
defaultHostname
- The default hostname associated with the Logic App - such asmysiteAzurewebsitesNet
-
outboundIpAddresses
- A comma separated list of outbound IP addresses - such as5223253,521434312
-
possibleOutboundIpAddresses
- A comma separated list of outbound IP addresses - such as5223253,521434312,521434317
- not all of which are necessarily in use. Superset ofoutboundIpAddresses
. -
identity
- Anidentity
block as defined below, which contains the Managed Service Identity information for this App Service. -
siteCredential
- AsiteCredential
block as defined below, which contains the site-level credentials used to publish to this App Service. -
kind
- The Logic App kind - will befunctionapp,workflowapp
The identity
block exports the following:
-
principalId
- The Principal ID for the Service Principal associated with the Managed Service Identity of this App Service. -
tenantId
- The Tenant ID for the Service Principal associated with the Managed Service Identity of this App Service.
-> You can access the Principal ID via azurermAppServiceExampleIdentity0PrincipalId
and the Tenant ID via azurermAppServiceExampleIdentity0TenantId
The siteCredential
block exports the following:
-
username
- The username which can be used to publish to this App Service -
password
- The password associated with the username, which can be used to publish to this App Service.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Logic Appupdate
- (Defaults to 30 minutes) Used when updating the Logic Appread
- (Defaults to 5 minutes) Used when retrieving the Logic Appdelete
- (Defaults to 30 minutes) Used when deleting the Logic App
Import
Logic Apps can be imported using the resourceId
, e.g.