Deploys a Application Gateway in Azure
Based of original module: https://github.com/kumarvna/terraform-azurerm-application-gateway
It supports creating:
- Public IP
- Application Gateway
- Diagnostic Settings
You can go to the tests folder, or review the examples folder: examples
Perform the following commands on the root folder:
terraform initto get the pluginsterraform planto see the infrastructure planterraform applyto apply the infrastructure buildterraform destroyto destroy the built infrastructure
< use terraform-docs to create Inputs and Outpus documentation > terraform-docs
terraform-docs markdown .
The following dependencies must be installed on the development system:
Azure
- Terraform Provider for Azure
- CLI Tool az
| Name | Version |
|---|---|
| azurerm | n/a |
No modules.
| Name | Type |
|---|---|
| azurerm_application_gateway.main | resource |
| azurerm_monitor_diagnostic_setting.agw-diag | resource |
| azurerm_monitor_diagnostic_setting.pip-diag | resource |
| azurerm_public_ip.pip | resource |
| azurerm_log_analytics_workspace.logws | data source |
| azurerm_resource_group.rgrp | data source |
| azurerm_storage_account.storeacc | data source |
| azurerm_subnet.snet | data source |
| azurerm_virtual_network.vnet | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| agw_diag_logs | Application Gateway Monitoring Category details for Azure Diagnostic setting | list |
[ |
no |
| app_gateway_name | The name of the application gateway | string |
"" |
no |
| authentication_certificates | Authentication certificates to allow the backend with Azure Application Gateway | list(object({ |
[] |
no |
| autoscale_configuration | Minimum or Maximum capacity for autoscaling. Accepted values are for Minimum in the range 0 to 100 and for Maximum in the range 2 to 125 | object({ |
null |
no |
| backend_address_pools | List of backend address pools | list(object({ |
n/a | yes |
| backend_http_settings | List of backend HTTP settings. | list(object({ |
n/a | yes |
| custom_error_configuration | Global level custom error configuration for application gateway | list(map(string)) |
[] |
no |
| domain_name_label | Label for the Domain Name. Will be used to make up the FQDN. | any |
null |
no |
| enable_http2 | Is HTTP2 enabled on the application gateway resource? | bool |
false |
no |
| firewall_policy_id | The ID of the Web Application Firewall Policy which can be associated with app gateway | any |
null |
no |
| health_probes | List of Health probes used to test backend pools health. | list(object({ |
= number<br> unhealthy_threshold = number<br> port = optional(number)<br> pick_host_name_from_backend_http_settings = optional(bool)<br> minimum_servers = optional(number)<br> match = optional(object({<br> body = optional(string)<br> status_code = optional(list(string))<br> }))<br> }))</pre> | `[]` | no |
| http_listeners | List of HTTP/HTTPS listeners. SSL Certificate name is required |
list(object({
name = string
host_name = optional(string)
host_names = optional(list(string))
require_sni = optional(bool)
ssl_certificate_name = optional(string)
firewall_policy_id = optional(string)
ssl_profile_name = optional(string)
custom_error_configuration = optional(list(object({
status_code = string
custom_error_page_url = string
})))
})) | n/a | yes |
| identity_ids | Specifies a list with a single user managed identity id to be assigned to the Application Gateway | any | null | no |
| location | The location/region to keep all your network resources. To get the list of all locations with table format from azure cli, run 'az account list-locations -o table' | string | "" | no |
| log_analytics_workspace_name | The name of log analytics workspace name | any | null | no |
| pip_diag_logs | Load balancer Public IP Monitoring Category details for Azure Diagnostic setting | list | [| no | | private_ip_address | Private IP Address to assign to the Load Balancer. |
"DDoSProtectionNotifications",
"DDoSMitigationFlowLogs",
"DDoSMitigationReports"
]
any | null | no |
| redirect_configuration | list of maps for redirect configurations | list(map(string)) | [] | no |
| request_routing_rules | List of Request routing rules to be used for listeners. | list(object({
name
= string
rule_type = string
http_listener_name = string
backend_address_pool_name = optional(string)
backend_http_settings_name = optional(string)
redirect_configuration_name = optional(string)
rewrite_rule_set_name = optional(string)
url_path_map_name = optional(string)
})) | [] | no |
| resource_group_name | A container that holds related resources for an Azure solution | string | "" | no |
| rewrite_rule_set | List of rewrite rule set including rewrite rules | any | [] | no |
| sku | The sku pricing model of v1 and v2 | object({
name = string
tier = string
capacity = optional(number)
}) | n/a | yes |
| ssl_certificates | List of SSL certificates data for Application gateway | list(object({
name = string
data = optional(string)
password = optional(string)
key_vault_secret_id = optional(string)
})) | [] | no |
| ssl_policy | Application Gateway SSL configuration | object({
disabled_protocols = optional(list(string))
policy_type = optional(string)
policy_name = optional(string)
cipher_suites = optional(list(string))
min_protocol_version = optional(string)
}) | null | no |
| storage_account_name | The name of the hub storage account to store logs | any | null | no |
| subnet_name | The name of the subnet to use in VM scale set | string | "" | no |
| tags | A map of tags to add to all resources | map(string) | {} | no |
| trusted_root_certificates | Trusted root certificates to allow the backend with Azure Application Gateway | list(object({
name = string
data = string
})) | [] | no |
| url_path_maps | List of URL path maps associated to path-based rules. | list(object({
name = string
default_backend_http_settings_name = optional(string)
default_backend_address_pool_name = optional(string)
default_redirect_configuration_name = optional(string)
default_rewrite_rule_set_name = optional(string)
path_rules = list(object({
name = string
backend_address_pool_name = optional(string)
backend_http_settings_name = optional(string)
paths = list(string)
redirect_configuration_name = optional(string)
rewrite_rule_set_name = optional(string)
firewall_policy_id = optional(string)
}))
})) | [] | no |
| virtual_network_name | The name of the virtual network | string | "" | no |
| vnet_resource_group_name | The resource group name where the virtual network is created | any | null | no |
| waf_configuration | Web Application Firewall support for your Azure Application Gateway | object({
firewall_mode = string
rule_set_version = string
file_upload_limit_mb = optional(number)
request_body_check = optional(bool)
max_request_body_size_kb = optional(number)
disabled_rule_group = optional(list(object({
rule_group_name = string
rules = optional(list(string))
})))
exclusion = optional(list(object({
match_variable = string
selector_match_operator = optional(string)
selector = optional(string)
})))
}) | null | no |
| zones | A collection of availability zones to spread the Application Gateway over. | list(string) | [] | no |
| Name | Description |
|---|---|
| application_gateway_id | The ID of the Application Gateway |
| authentication_certificate_id | The ID of the Authentication Certificate |
| backend_address_pool_id | The ID of the Backend Address Pool |
| backend_http_settings_id | The ID of the Backend HTTP Settings Configuration |
| backend_http_settings_probe_id | The ID of the Backend HTTP Settings Configuration associated Probe |
| custom_error_configuration_id | The ID of the Custom Error Configuration |
| frontend_ip_configuration_id | The ID of the Frontend IP Configuration |
| frontend_port_id | The ID of the Frontend Port |
| gateway_ip_configuration_id | The ID of the Gateway IP Configuration |
| http_listener_frontend_ip_configuration_id | The ID of the associated Frontend Configuration |
| http_listener_frontend_port_id | The ID of the associated Frontend Port |
| http_listener_id | The ID of the HTTP Listener |
| http_listener_ssl_certificate_id | The ID of the associated SSL Certificate |
| probe_id | The ID of the health Probe |
| redirect_configuration_id | The ID of the Redirect Configuration |
| request_routing_rule_backend_address_pool_id | The ID of the Request Routing Rule associated Backend Address Pool |
| request_routing_rule_backend_http_settings_id | The ID of the Request Routing Rule associated Backend HTTP Settings Configuration |
| request_routing_rule_http_listener_id | The ID of the Request Routing Rule associated HTTP Listener |
| request_routing_rule_id | The ID of the Request Routing Rule |
| request_routing_rule_redirect_configuration_id | The ID of the Request Routing Rule associated Redirect Configuration |
| request_routing_rule_rewrite_rule_set_id | The ID of the Request Routing Rule associated Rewrite Rule Set |
| request_routing_rule_url_path_map_id | The ID of the Request Routing Rule associated URL Path Map |
| rewrite_rule_set_id | The ID of the Rewrite Rule Set |
| ssl_certificate_id | The ID of the SSL Certificate |
| ssl_certificate_public_cert_data | The Public Certificate Data associated with the SSL Certificate |
| url_path_map_default_backend_address_pool_id | The ID of the Default Backend Address Pool associated with URL Path Map |
| url_path_map_default_backend_http_settings_id | The ID of the Default Backend HTTP Settings Collection associated with URL Path Map |
| url_path_map_default_redirect_configuration_id | The ID of the Default Redirect Configuration associated with URL Path Map |
| url_path_map_id | The ID of the URL Path Map |
Refer to the contribution guidelines for information on contributing to this module.