diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 6b7050f..fa436e6 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -63,32 +63,22 @@ provider "registry.terraform.io/hashicorp/azuread" {
}
provider "registry.terraform.io/hashicorp/azurerm" {
- version = "3.112.0"
+ version = "3.113.0"
constraints = ">= 3.52.0, >= 3.67.0, >= 3.76.0"
hashes = [
- "h1:0N5R6MrdL9HT1COS6CDkFdwoo2PpUoJFeO7i68mMhsI=",
- "h1:5KSVV/O2eG6ty/3/qpOLQFQqJd96KEPzsTHItslJaMw=",
- "h1:9+lgwARP8Ld5AzUuwI/XoviwLMEXdaz9hZTdLtymUxo=",
- "h1:9cjb/zjh9bkdwGrw4kGS0117NXQpwj29dk06QVJFOUg=",
- "h1:ZcbSNLRSNqJ5O879mo1RjwD91JIPvcYcXtUiyqFCwNU=",
- "h1:fQuhBPUe+WHAtRIKg3BWvapVnCSL+liJU292xqWmmnw=",
- "h1:kUASbDS43s4m5UAlPpmzOLTZg600XsakQ8GDEcA/MNU=",
- "h1:mrEwWYkyugci2yEURfIeGpF7ZCmUF5IH9br7b+VF56k=",
- "h1:sMafRNk4cD3zTRHp7o61n+iMImttlo37E0JmUkQ3TyE=",
- "h1:srmr//VF4aqoyRZTQWiavuTwNJpidO8SpDwVBqnj7iE=",
- "h1:tmCCfrLL0DsIri69WsxHIEtr+ABJJ/MRUoSeYo208uw=",
- "zh:341c22454d24a75792aa99fbbc0c156f368534b7bb04eef4701b85995c7526a4",
- "zh:3708656d75061c92f7208cc731b946c991ad343a443f8ff0ef082f077b7580b9",
- "zh:38ca06f9f45705c648f04f272bd9483397693ea8da6db788cd7955f49ab79d6b",
- "zh:3f305adb5ee0032e0ea68d198a089ecfd0127092930e99fa51377a250292b592",
- "zh:4ae2fc6065164a819f576f705e634ebf5059f983149a41dad909719fea96145a",
- "zh:5d376ac7dd71898a94038d6b6b8036dfec4c0216d832ec1135c855bf3e58eb5f",
- "zh:63d2ff296d3aee5787e12c759a6a3d5aa15a574456aebbe11b833f01adf3faef",
- "zh:8ad8746741f7f0ac10da6f1d105f26ebeb6e4d944f58ba749e86d7c9a67da3db",
- "zh:abec182594ee8a21d72a5f23d3aa7fa45247488539fce6ed648c9c255d8bf972",
- "zh:bf704b400be4181333b38c0306949f26326a9aa5ae68b4167e2fb8ee7fb13618",
- "zh:c072938f8695f725fc5fbe986a54890f00d520cce570006390dc5bbc51b2a4ea",
+ "h1:SbNQLapCxbTbhM37LaRALPizAZMiA5sTRC09sUWgZOo=",
+ "zh:12479f5664288943400447b55e50df675c28ae82ad8d373cc2e5682f3a3411f0",
+ "zh:1b42a14e80e568429d3b55fed753ca3ef0df9dcdfa107890d7264599c020940f",
+ "zh:381be6ca617f848de3baa3985a6e1788e91a803afe04a3c5c727453528b6310d",
+ "zh:3e70e2e07b6db1c363de3e5d0ca47f27fc956473df03329c7d2e54d3ac29176b",
+ "zh:87c7633aeaa828098c6055da9e67d4acaf4b46748b6b3f0267e105e55f05de25",
+ "zh:8d0d98226901f874770dd5220d4701a12ae8bd586994615aa7dcba12b9736bec",
+ "zh:9fd913acd42a60c3a90a18ce803567ef861db8779a59aacced91f2cbd86de9d9",
+ "zh:b6f3f7ae0a055437fb36c139af9bb3135e7f4dad172157ae1eb0177dc74d703f",
+ "zh:b927027ba2bf40d34e03d742fd2b6c5299023b5ab8e6f05e50aac76a46ad1094",
+ "zh:ceb5187b9d2a439f4e48944f3ffeeeaf47a03dbe6f3325ea1775bf659ce0aa88",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ "zh:fb9d78dfeca7489bffca9b1a1f3abee7f16dbbcba31388aea1102062c1d6dce8",
]
}
diff --git a/terraform/README.md b/terraform/README.md
index 7e2264b..b899e2c 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -133,13 +133,13 @@ If everything looks good, answer `yes` and wait for the new infrastructure to be
| Name | Version |
|------|---------|
-| [azurerm](#provider\_azurerm) | 3.112.0 |
+| [azurerm](#provider\_azurerm) | 3.113.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.9.0 |
+| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.10.1 |
| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.2 |
| [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.4 |
@@ -173,6 +173,7 @@ If everything looks good, answer `yes` and wait for the new infrastructure to be
| [cdn\_frontdoor\_host\_add\_response\_headers](#input\_cdn\_frontdoor\_host\_add\_response\_headers) | List of response headers to add at the CDN Front Door `[{ "name" = "Strict-Transport-Security", "value" = "max-age=31536000" }]` | `list(map(string))` | n/a | yes |
| [cdn\_frontdoor\_origin\_fqdn\_override](#input\_cdn\_frontdoor\_origin\_fqdn\_override) | Manually specify the hostname that the CDN Front Door should target. Defaults to the Container App FQDN | `string` | `""` | no |
| [cdn\_frontdoor\_origin\_host\_header\_override](#input\_cdn\_frontdoor\_origin\_host\_header\_override) | Manually specify the host header that the CDN sends to the target. Defaults to the recieved host header. Set to null to set it to the host\_name (`cdn_frontdoor_origin_fqdn_override`) | `string` | `""` | no |
+| [cdn\_frontdoor\_rate\_limiting\_duration\_in\_minutes](#input\_cdn\_frontdoor\_rate\_limiting\_duration\_in\_minutes) | CDN Front Door rate limiting duration in minutes | `number` | `5` | no |
| [cdn\_frontdoor\_waf\_custom\_rules](#input\_cdn\_frontdoor\_waf\_custom\_rules) | Map of all Custom rules you want to apply to the CDN WAF | map(object({
priority : number,
action : string
match_conditions : map(object({
match_variable : string,
match_values : optional(list(string), []),
operator : optional(string, "Any"),
selector : optional(string, null),
negation_condition : optional(bool, false),
}))
})) | `{}` | no |
| [container\_apps\_allow\_ips\_inbound](#input\_container\_apps\_allow\_ips\_inbound) | Restricts access to the Container Apps by creating a network security group rule that only allow inbound traffic from the provided list of IPs | `list(string)` | `[]` | no |
| [container\_command](#input\_container\_command) | Container command | `list(any)` | n/a | yes |
diff --git a/terraform/container-apps-hosting.tf b/terraform/container-apps-hosting.tf
index d1b5f01..0cb6827 100644
--- a/terraform/container-apps-hosting.tf
+++ b/terraform/container-apps-hosting.tf
@@ -1,5 +1,5 @@
module "azure_container_apps_hosting" {
- source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.9.0"
+ source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.10.1"
environment = local.environment
project_name = local.project_name
@@ -27,16 +27,17 @@ module "azure_container_apps_hosting" {
dns_txt_records = local.dns_txt_records
dns_mx_records = local.dns_mx_records
- enable_cdn_frontdoor = local.enable_cdn_frontdoor
- cdn_frontdoor_forwarding_protocol = local.cdn_frontdoor_forwarding_protocol
- cdn_frontdoor_enable_rate_limiting = local.cdn_frontdoor_enable_rate_limiting
- cdn_frontdoor_waf_custom_rules = local.cdn_frontdoor_waf_custom_rules
- cdn_frontdoor_host_add_response_headers = local.cdn_frontdoor_host_add_response_headers
- cdn_frontdoor_custom_domains = local.cdn_frontdoor_custom_domains
- cdn_frontdoor_origin_fqdn_override = local.cdn_frontdoor_origin_fqdn_override
- cdn_frontdoor_origin_host_header_override = local.cdn_frontdoor_origin_host_header_override
- enable_cdn_frontdoor_health_probe = local.enable_cdn_frontdoor_health_probe
- container_apps_allow_ips_inbound = local.container_apps_allow_ips_inbound
+ enable_cdn_frontdoor = local.enable_cdn_frontdoor
+ cdn_frontdoor_forwarding_protocol = local.cdn_frontdoor_forwarding_protocol
+ cdn_frontdoor_enable_rate_limiting = local.cdn_frontdoor_enable_rate_limiting
+ cdn_frontdoor_rate_limiting_duration_in_minutes = local.cdn_frontdoor_rate_limiting_duration_in_minutes
+ cdn_frontdoor_waf_custom_rules = local.cdn_frontdoor_waf_custom_rules
+ cdn_frontdoor_host_add_response_headers = local.cdn_frontdoor_host_add_response_headers
+ cdn_frontdoor_custom_domains = local.cdn_frontdoor_custom_domains
+ cdn_frontdoor_origin_fqdn_override = local.cdn_frontdoor_origin_fqdn_override
+ cdn_frontdoor_origin_host_header_override = local.cdn_frontdoor_origin_host_header_override
+ enable_cdn_frontdoor_health_probe = local.enable_cdn_frontdoor_health_probe
+ container_apps_allow_ips_inbound = local.container_apps_allow_ips_inbound
enable_monitoring = local.enable_monitoring
monitor_email_receivers = local.monitor_email_receivers
diff --git a/terraform/locals.tf b/terraform/locals.tf
index 73d6f81..a4a6436 100644
--- a/terraform/locals.tf
+++ b/terraform/locals.tf
@@ -1,51 +1,52 @@
locals {
- environment = var.environment
- project_name = var.project_name
- azure_location = var.azure_location
- tags = var.tags
- virtual_network_address_space = var.virtual_network_address_space
- enable_container_registry = var.enable_container_registry
- registry_admin_enabled = var.registry_admin_enabled
- registry_use_managed_identity = var.registry_use_managed_identity
- registry_managed_identity_assign_role = var.registry_managed_identity_assign_role
- registry_server = var.registry_server
- image_name = var.image_name
- image_tag = var.image_tag
- container_command = var.container_command
- container_secret_environment_variables = var.container_secret_environment_variables
- container_scale_http_concurrency = var.container_scale_http_concurrency
- container_health_probe_protocol = var.container_health_probe_protocol
- enable_dns_zone = var.enable_dns_zone
- dns_zone_domain_name = var.dns_zone_domain_name
- dns_ns_records = var.dns_ns_records
- dns_mx_records = var.dns_mx_records
- dns_txt_records = var.dns_txt_records
- enable_cdn_frontdoor = var.enable_cdn_frontdoor
- container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound
- cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting
- cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers
- cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains
- cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override
- enable_cdn_frontdoor_health_probe = var.enable_cdn_frontdoor_health_probe
- cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override
- cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol
- key_vault_access_ipv4 = var.key_vault_access_ipv4
- tfvars_filename = var.tfvars_filename
- enable_monitoring = var.enable_monitoring
- monitor_email_receivers = var.monitor_email_receivers
- enable_container_health_probe = var.enable_container_health_probe
- container_health_probe_path = var.container_health_probe_path
- cdn_frontdoor_health_probe_path = var.cdn_frontdoor_health_probe_path
- cdn_frontdoor_health_probe_protocol = var.cdn_frontdoor_health_probe_protocol
- monitor_endpoint_healthcheck = var.monitor_endpoint_healthcheck
- existing_logic_app_workflow = var.existing_logic_app_workflow
- existing_network_watcher_name = var.existing_network_watcher_name
- existing_network_watcher_resource_group_name = var.existing_network_watcher_resource_group_name
- statuscake_monitored_resource_addresses = var.statuscake_monitored_resource_addresses
- statuscake_contact_group_name = var.statuscake_contact_group_name
- statuscake_contact_group_integrations = var.statuscake_contact_group_integrations
- statuscake_contact_group_email_addresses = var.statuscake_contact_group_email_addresses
- cdn_frontdoor_waf_custom_rules = var.cdn_frontdoor_waf_custom_rules
- resource_prefix = "${local.environment}${local.project_name}"
- private_endpoint_configurations = var.private_endpoint_configurations
+ environment = var.environment
+ project_name = var.project_name
+ azure_location = var.azure_location
+ tags = var.tags
+ virtual_network_address_space = var.virtual_network_address_space
+ enable_container_registry = var.enable_container_registry
+ registry_admin_enabled = var.registry_admin_enabled
+ registry_use_managed_identity = var.registry_use_managed_identity
+ registry_managed_identity_assign_role = var.registry_managed_identity_assign_role
+ registry_server = var.registry_server
+ image_name = var.image_name
+ image_tag = var.image_tag
+ container_command = var.container_command
+ container_secret_environment_variables = var.container_secret_environment_variables
+ container_scale_http_concurrency = var.container_scale_http_concurrency
+ container_health_probe_protocol = var.container_health_probe_protocol
+ enable_dns_zone = var.enable_dns_zone
+ dns_zone_domain_name = var.dns_zone_domain_name
+ dns_ns_records = var.dns_ns_records
+ dns_mx_records = var.dns_mx_records
+ dns_txt_records = var.dns_txt_records
+ enable_cdn_frontdoor = var.enable_cdn_frontdoor
+ container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound
+ cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting
+ cdn_frontdoor_rate_limiting_duration_in_minutes = var.cdn_frontdoor_rate_limiting_duration_in_minutes
+ cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers
+ cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains
+ cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override
+ enable_cdn_frontdoor_health_probe = var.enable_cdn_frontdoor_health_probe
+ cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override
+ cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol
+ key_vault_access_ipv4 = var.key_vault_access_ipv4
+ tfvars_filename = var.tfvars_filename
+ enable_monitoring = var.enable_monitoring
+ monitor_email_receivers = var.monitor_email_receivers
+ enable_container_health_probe = var.enable_container_health_probe
+ container_health_probe_path = var.container_health_probe_path
+ cdn_frontdoor_health_probe_path = var.cdn_frontdoor_health_probe_path
+ cdn_frontdoor_health_probe_protocol = var.cdn_frontdoor_health_probe_protocol
+ monitor_endpoint_healthcheck = var.monitor_endpoint_healthcheck
+ existing_logic_app_workflow = var.existing_logic_app_workflow
+ existing_network_watcher_name = var.existing_network_watcher_name
+ existing_network_watcher_resource_group_name = var.existing_network_watcher_resource_group_name
+ statuscake_monitored_resource_addresses = var.statuscake_monitored_resource_addresses
+ statuscake_contact_group_name = var.statuscake_contact_group_name
+ statuscake_contact_group_integrations = var.statuscake_contact_group_integrations
+ statuscake_contact_group_email_addresses = var.statuscake_contact_group_email_addresses
+ cdn_frontdoor_waf_custom_rules = var.cdn_frontdoor_waf_custom_rules
+ resource_prefix = "${local.environment}${local.project_name}"
+ private_endpoint_configurations = var.private_endpoint_configurations
}
diff --git a/terraform/variables.tf b/terraform/variables.tf
index d3a991e..6051726 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -134,6 +134,12 @@ variable "cdn_frontdoor_enable_rate_limiting" {
type = bool
}
+variable "cdn_frontdoor_rate_limiting_duration_in_minutes" {
+ description = "CDN Front Door rate limiting duration in minutes"
+ type = number
+ default = 5
+}
+
variable "cdn_frontdoor_host_add_response_headers" {
description = "List of response headers to add at the CDN Front Door `[{ \"name\" = \"Strict-Transport-Security\", \"value\" = \"max-age=31536000\" }]`"
type = list(map(string))