azurerm_cdn_frontdoor_custom_domain

Manages a Front Door (standard/premium) Custom Domain.

!>IMPORTANT: If you are using Terraform to manage your DNS Auth and DNS CNAME records for your Custom Domain you will need to add configuration blocks for both the azurerm_dns_txt_record(see the Example DNS Auth TXT Record Usage below) and the azurerm_dns_cname_record(see the Example CNAME Record Usage below) to your configuration file.

Example Usage

resource "azurerm_resource_group" "example" {
  name     = "example-cdn-frontdoor"
  location = "West Europe"
}

resource "azurerm_dns_zone" "example" {
  name                = "sub-domain.domain.com"
  resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_cdn_frontdoor_profile" "example" {
  name                = "example-profile"
  resource_group_name = azurerm_resource_group.example.name
  sku_name            = "Standard_AzureFrontDoor"
}

resource "azurerm_cdn_frontdoor_custom_domain" "example" {
  name                     = "example-customDomain"
  cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.example.id
  dns_zone_id              = azurerm_dns_zone.example.id
  host_name                = "contoso.fabrikam.com"

  tls {
    certificate_type    = "ManagedCertificate"
    minimum_tls_version = "TLS12"
  }
}

Example DNS Auth TXT Record Usage

The name of your DNS TXT record should be in the format of _dnsauth.<your_subdomain>. So, for example, if we use the host_name in the example usage above you would create a DNS TXT record with the name of _dnsauth.contoso which contains the value of the Front Door Custom Domains validation_token field. See the product documentation for more information.

resource "azurerm_dns_txt_record" "example" {
  name                = join(".", ["_dnsauth", "contoso"])
  zone_name           = azurerm_dns_zone.example.name
  resource_group_name = azurerm_resource_group.example.name
  ttl                 = 3600

  record {
    value = azurerm_cdn_frontdoor_custom_domain.example.validation_token
  }
}

Example CNAME Record Usage

!>IMPORTANT: You must include the depends_on meta-argument which references both the azurerm_cdn_frontdoor_route and the azurerm_cdn_frontdoor_security_policy that are associated with your Custom Domain. The reason for these depends_on meta-arguments is because all of the resources for the Custom Domain need to be associated within Front Door before the CNAME record can be written to the domains DNS, else the CNAME validation will fail and Front Door will not enable traffic to the Domain.

resource "azurerm_dns_cname_record" "example" {
  depends_on = [azurerm_cdn_frontdoor_route.example, azurerm_cdn_frontdoor_security_policy.example]

  name                = "contoso"
  zone_name           = azurerm_dns_zone.example.name
  resource_group_name = azurerm_resource_group.example.name
  ttl                 = 3600
  record              = azurerm_cdn_frontdoor_endpoint.example.host_name
}

Arguments Reference

The following arguments are supported:


A tls block supports the following:

->NOTE: It may take up to 15 minutes for the Front Door Service to validate the state and Domain ownership of the Custom Domain.


Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

Import

Front Door Custom Domains can be imported using the resource id, e.g.

terraform import azurerm_cdn_frontdoor_custom_domain.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Cdn/profiles/profile1/customDomains/customDomain1