Manages a Front Door (standard/premium) Custom Domain.
!>IMPORTANT: If you are using Terraform to manage your DNS Auth and DNS CNAME records for your Custom Domain you will need to add configuration blocks for both the azurerm_dns_txt_record
(see the Example DNS Auth TXT Record Usage
below) and the azurerm_dns_cname_record
(see the Example CNAME Record Usage
below) to your configuration file.
resource "azurerm_resource_group" "example" {
name = "example-cdn-frontdoor"
location = "West Europe"
}
resource "azurerm_dns_zone" "example" {
name = "sub-domain.domain.com"
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_cdn_frontdoor_profile" "example" {
name = "example-profile"
resource_group_name = azurerm_resource_group.example.name
sku_name = "Standard_AzureFrontDoor"
}
resource "azurerm_cdn_frontdoor_custom_domain" "example" {
name = "example-customDomain"
cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.example.id
dns_zone_id = azurerm_dns_zone.example.id
host_name = "contoso.fabrikam.com"
tls {
certificate_type = "ManagedCertificate"
minimum_tls_version = "TLS12"
}
}
The name of your DNS TXT record should be in the format of _dnsauth.<your_subdomain>
. So, for example, if we use the host_name
in the example usage above you would create a DNS TXT record with the name of _dnsauth.contoso
which contains the value of the Front Door Custom Domains validation_token
field. See the product documentation for more information.
resource "azurerm_dns_txt_record" "example" {
name = join(".", ["_dnsauth", "contoso"])
zone_name = azurerm_dns_zone.example.name
resource_group_name = azurerm_resource_group.example.name
ttl = 3600
record {
value = azurerm_cdn_frontdoor_custom_domain.example.validation_token
}
}
!>IMPORTANT: You must include the depends_on
meta-argument which references both the azurerm_cdn_frontdoor_route
and the azurerm_cdn_frontdoor_security_policy
that are associated with your Custom Domain. The reason for these depends_on
meta-arguments is because all of the resources for the Custom Domain need to be associated within Front Door before the CNAME record can be written to the domains DNS, else the CNAME validation will fail and Front Door will not enable traffic to the Domain.
resource "azurerm_dns_cname_record" "example" {
depends_on = [azurerm_cdn_frontdoor_route.example, azurerm_cdn_frontdoor_security_policy.example]
name = "contoso"
zone_name = azurerm_dns_zone.example.name
resource_group_name = azurerm_resource_group.example.name
ttl = 3600
record = azurerm_cdn_frontdoor_endpoint.example.host_name
}
The following arguments are supported:
name
- (Required) The name which should be used for this Front Door Custom Domain. Possible values must be between 2 and 260 characters in length, must begin with a letter or number, end with a letter or number and contain only letters, numbers and hyphens. Changing this forces a new Front Door Custom Domain to be created.
cdn_frontdoor_profile_id
- (Required) The ID of the Front Door Profile. Changing this forces a new Front Door Custom Domain to be created.
host_name
- (Required) The host name of the domain. The host_name
field must be the FQDN of your domain(e.g. contoso.fabrikam.com
). Changing this forces a new Front Door Custom Domain to be created.
dns_zone_id
- (Optional) The ID of the Azure DNS Zone which should be used for this Front Door Custom Domain. If you are using Azure to host your DNS domains, you must delegate the domain provider's domain name system (DNS) to an Azure DNS Zone. For more information, see Delegate a domain to Azure DNS. Otherwise, if you're using your own domain provider to handle your DNS, you must validate the Front Door Custom Domain by creating the DNS TXT records manually.
tls
- (Required) A tls
block as defined below.A tls
block supports the following:
certificate_type
- (Optional) Defines the source of the SSL certificate. Possible values include CustomerCertificate
and ManagedCertificate
. Defaults to ManagedCertificate
.->NOTE: It may take up to 15 minutes for the Front Door Service to validate the state and Domain ownership of the Custom Domain.
minimum_tls_version
- (Optional) TLS protocol version that will be used for Https. Possible values include TLS10
and TLS12
. Defaults to TLS12
.
cdn_frontdoor_secret_id
- (Optional) Resource ID of the Front Door Secret.
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Front Door Custom Domain.
expiration_date
- The date time that the token expires.
validation_token
- Challenge used for DNS TXT record or file based validation.
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 12 hours) Used when creating the Front Door Custom Domain.read
- (Defaults to 5 minutes) Used when retrieving the Front Door Custom Domain.update
- (Defaults to 24 hours) Used when updating the Front Door Custom Domain.delete
- (Defaults to 12 hours) Used when deleting the Front Door Custom Domain.Front Door Custom Domains can be imported using the resource id
, e.g.
terraform import azurerm_cdn_frontdoor_custom_domain.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Cdn/profiles/profile1/customDomains/customDomain1