Manages a Windows Web App.
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_service_plan" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku_name = "P1v2"
os_type = "Windows"
}
resource "azurerm_windows_web_app" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_service_plan.example.location
service_plan_id = azurerm_service_plan.example.id
site_config {}
}
The following arguments are supported:
location
- (Required) The Azure Region where the Windows Web App should exist. Changing this forces a new Windows Web App to be created.
name
- (Required) The name which should be used for this Windows Web App. Changing this forces a new Windows Web App to be created.
resource_group_name
- (Required) The name of the Resource Group where the Windows Web App should exist. Changing this forces a new Windows Web App to be created.
service_plan_id
- (Required) The ID of the Service Plan that this Windows App Service will be created in.
site_config
- (Required) A site_config
block as defined below.
app_settings
- (Optional) A map of key-value pairs of App Settings.
auth_settings
- (Optional) An auth_settings
block as defined below.
auth_settings_v2
- (Optional) An auth_settings_v2
block as defined below.
backup
- (Optional) A backup
block as defined below.
client_affinity_enabled
- (Optional) Should Client Affinity be enabled?
client_certificate_enabled
- (Optional) Should Client Certificates be enabled?
client_certificate_mode
- (Optional) The Client Certificate mode. Possible values are Required
, Optional
, and OptionalInteractiveUser
. This property has no effect when client_cert_enabled
is false
. Defaults to Required
.
client_certificate_exclusion_paths
- (Optional) Paths to exclude when using client certificates, separated by ;
connection_string
- (Optional) One or more connection_string
blocks as defined below.
enabled
- (Optional) Should the Windows Web App be enabled? Defaults to true
.
ftp_publish_basic_authentication_enabled
- (Optional) Should the default FTP Basic Authentication publishing profile be enabled. Defaults to true
.
https_only
- (Optional) Should the Windows Web App require HTTPS connections. Defaults to false
.
public_network_access_enabled
- (Optional) Should public network access be enabled for the Web App. Defaults to true
.
identity
- (Optional) An identity
block as defined below.
key_vault_reference_identity_id
- (Optional) The User Assigned Identity ID used for accessing KeyVault secrets. The identity must be assigned to the application in the identity
block. For more information see - Access vaults with a user-assigned identity
logs
- (Optional) A logs
block as defined below.
sticky_settings
- (Optional) A sticky_settings
block as defined below.
storage_account
- (Optional) One or more storage_account
blocks as defined below.
tags
- (Optional) A mapping of tags which should be assigned to the Windows Web App.
virtual_network_subnet_id
- (Optional) The subnet id which will be used by this Web App for regional virtual network integration.
webdeploy_publish_basic_authentication_enabled
- (Optional) Should the default WebDeploy Basic Authentication publishing credentials enabled. Defaults to true
.zip_deploy_file
- (Optional) The local path and filename of the Zip packaged application to deploy to this Windows Web App.A action
block supports the following:
action_type
- (Required) Predefined action to be taken to an Auto Heal trigger. Possible values include: Recycle
, LogEvent
, and CustomAction
.
custom_action
- (Optional) A custom_action
block as defined below.
minimum_process_execution_time
- (Optional) The minimum amount of time in hh:mm:ss
the Windows Web App must have been running before the defined action will be run in the event of a trigger.
A active_directory
block supports the following:
client_id
- (Required) The ID of the Client to use to authenticate with Azure Active Directory.
allowed_audiences
- (Optional) Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory.
client_secret
- (Optional) The Client Secret for the Client ID. Cannot be used with client_secret_setting_name
.
client_secret_setting_name
- (Optional) The App Setting name that contains the client secret of the Client. Cannot be used with client_secret
.
A application_logs
block supports the following:
azure_blob_storage
- (Optional) An azure_blob_storage
block as defined below.
file_system_level
- (Required) Log level. Possible values include: Off
, Verbose
, Information
, Warning
, and Error
.
An application_stack
block supports the following:
current_stack
- (Optional) The Application Stack for the Windows Web App. Possible values include dotnet
, dotnetcore
, node
, python
, php
, and java
.docker_image_name
- (Optional) The docker image, including tag, to be used. e.g. azure-app-service/windows/parkingpage:latest
.
docker_registry_url
- (Optional) The URL of the container registry where the docker_image_name
is located. e.g. https://index.docker.io
or https://mcr.microsoft.com
. This value is required with docker_image_name
.
docker_registry_username
- (Optional) The User Name to use for authentication against the registry to pull the image.
docker_registry_password
- (Optional) The User Name to use for authentication against the registry to pull the image.
docker_container_name
- (Optional) The name of the container to be used. This value is required with docker_container_tag
.
docker_container_tag
- (Optional) The tag of the container to be used. This value is required with docker_container_name
.
dotnet_version
- (Optional) The version of .NET to use when current_stack
is set to dotnet
. Possible values include v2.0
,v3.0
, v4.0
, v5.0
, v6.0
, v7.0
and v8.0
.
dotnet_core_version
- (Optional) The version of .NET to use when current_stack
is set to dotnetcore
. Possible values include v4.0
.
tomcat_version
- (Optional) The version of Tomcat the Java App should use. Conflicts with java_embedded_server_enabled
java_embedded_server_enabled
- (Optional) Should the Java Embedded Server (Java SE) be used to run the app.
java_version
- (Optional) The version of Java to use when current_stack
is set to java
.
node_version
- (Optional) The version of node to use when current_stack
is set to node
. Possible values are ~12
, ~14
, ~16
, ~18
and ~20
.php_version
- (Optional) The version of PHP to use when current_stack
is set to php
. Possible values are 7.1
, 7.4
and Off
.python
- (Optional) Specifies whether this is a Python app. Defaults to false
.A auth_settings
block supports the following:
enabled
- (Required) Should the Authentication / Authorization feature is enabled for the Windows Web App be enabled?
active_directory
- (Optional) An active_directory
block as defined above.
additional_login_parameters
- (Optional) Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in.
allowed_external_redirect_urls
- (Optional) Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Windows Web App.
default_provider
- (Optional) The default authentication provider to use when multiple providers are configured. Possible values include: AzureActiveDirectory
, Facebook
, Google
, MicrosoftAccount
, Twitter
, Github
facebook
- (Optional) A facebook
block as defined below.
github
- (Optional) A github
block as defined below.
google
- (Optional) A google
block as defined below.
issuer
- (Optional) The OpenID Connect Issuer URI that represents the entity which issues access tokens for this Windows Web App.
microsoft
- (Optional) A microsoft
block as defined below.
runtime_version
- (Optional) The RuntimeVersion of the Authentication / Authorization feature in use for the Windows Web App.
token_refresh_extension_hours
- (Optional) The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72
hours.
token_store_enabled
- (Optional) Should the Windows Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to false
.
twitter
- (Optional) A twitter
block as defined below.
unauthenticated_client_action
- (Optional) The action to take when an unauthenticated client attempts to access the app. Possible values include: RedirectToLoginPage
, AllowAnonymous
.
An auth_settings_v2
block supports the following:
auth_enabled
- (Optional) Should the AuthV2 Settings be enabled. Defaults to false
.
runtime_version
- (Optional) The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to ~1
.
config_file_path
- (Optional) The path to the App Auth settings.
require_authentication
- (Optional) Should the authentication flow be used for all requests.
unauthenticated_action
- (Optional) The action to take for requests made without authentication. Possible values include RedirectToLoginPage
, AllowAnonymous
, Return401
, and Return403
. Defaults to RedirectToLoginPage
.
default_provider
- (Optional) The Default Authentication Provider to use when the unauthenticated_action
is set to RedirectToLoginPage
. Possible values include: apple
, azureactivedirectory
, facebook
, github
, google
, twitter
and the name
of your custom_oidc_v2
provider.
excluded_paths
- (Optional) The paths which should be excluded from the unauthenticated_action
when it is set to RedirectToLoginPage
.require_https
- (Optional) Should HTTPS be required on connections? Defaults to true
.
http_route_api_prefix
- (Optional) The prefix that should precede all the authentication and authorisation paths. Defaults to /.auth
.
forward_proxy_convention
- (Optional) The convention used to determine the url of the request made. Possible values include NoProxy
, Standard
, Custom
. Defaults to NoProxy
.
forward_proxy_custom_host_header_name
- (Optional) The name of the custom header containing the host of the request.
forward_proxy_custom_scheme_header_name
- (Optional) The name of the custom header containing the scheme of the request.
apple_v2
- (Optional) An apple_v2
block as defined below.
active_directory_v2
- (Optional) An active_directory_v2
block as defined below.
azure_static_web_app_v2
- (Optional) An azure_static_web_app_v2
block as defined below.
custom_oidc_v2
- (Optional) Zero or more custom_oidc_v2
blocks as defined below.
facebook_v2
- (Optional) A facebook_v2
block as defined below.
github_v2
- (Optional) A github_v2
block as defined below.
google_v2
- (Optional) A google_v2
block as defined below.
microsoft_v2
- (Optional) A microsoft_v2
block as defined below.
twitter_v2
- (Optional) A twitter_v2
block as defined below.
login
- (Required) A login
block as defined below.
An apple_v2
block supports the following:
client_id
- (Required) The OpenID Connect Client ID for the Apple web application.
client_secret_setting_name
- (Required) The app setting name that contains the client_secret
value used for Apple Login.
login_scopes
- A list of Login Scopes provided by this Authentication Provider.An active_directory_v2
block supports the following:
client_id
- (Required) The ID of the Client to use to authenticate with Azure Active Directory.
tenant_auth_endpoint
- (Required) The Azure Tenant Endpoint for the Authenticating Tenant. e.g. https://login.microsoftonline.com/{tenant-guid}/v2.0/
client_secret_setting_name
- (Optional) The App Setting name that contains the client secret of the Client.client_secret_certificate_thumbprint
- (Optional) The thumbprint of the certificate used for signing purposes.jwt_allowed_groups
- (Optional) A list of Allowed Groups in the JWT Claim.
jwt_allowed_client_applications
- (Optional) A list of Allowed Client Applications in the JWT Claim.
www_authentication_disabled
- (Optional) Should the www-authenticate provider should be omitted from the request? Defaults to false
.
allowed_groups
- (Optional) The list of allowed Group Names for the Default Authorisation Policy.
allowed_identities
- (Optional) The list of allowed Identities for the Default Authorisation Policy.
allowed_applications
- (Optional) The list of allowed Applications for the Default Authorisation Policy.
login_parameters
- (Optional) A map of key-value pairs to send to the Authorisation Endpoint when a user logs in.
allowed_audiences
- (Optional) Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory.
An azure_static_web_app_v2
block supports the following:
client_id
- (Required) The ID of the Client to use to authenticate with Azure Static Web App Authentication.A custom_oidc_v2
block supports the following:
name
- (Required) The name of the Custom OIDC Authentication Provider.client_id
- (Required) The ID of the Client to use to authenticate with the Custom OIDC.
openid_configuration_endpoint
- (Required) The app setting name that contains the client_secret
value used for the Custom OIDC Login.
name_claim_type
- (Optional) The name of the claim that contains the users name.
scopes
- (Optional) The list of the scopes that should be requested while authenticating.
client_credential_method
- The Client Credential Method used.
client_secret_setting_name
- The App Setting name that contains the secret for this Custom OIDC Client. This is generated from name
above and suffixed with _PROVIDER_AUTHENTICATION_SECRET
.
authorisation_endpoint
- The endpoint to make the Authorisation Request as supplied by openid_configuration_endpoint
response.
token_endpoint
- The endpoint used to request a Token as supplied by openid_configuration_endpoint
response.
issuer_endpoint
- The endpoint that issued the Token as supplied by openid_configuration_endpoint
response.
certification_uri
- The endpoint that provides the keys necessary to validate the token as supplied by openid_configuration_endpoint
response.
A facebook_v2
block supports the following:
app_id
- (Required) The App ID of the Facebook app used for login.
app_secret_setting_name
- (Required) The app setting name that contains the app_secret
value used for Facebook Login.
graph_api_version
- (Optional) The version of the Facebook API to be used while logging in.
login_scopes
- (Optional) The list of scopes that should be requested as part of Facebook Login authentication.
A github_v2
block supports the following:
client_id
- (Required) The ID of the GitHub app used for login..
client_secret_setting_name
- (Required) The app setting name that contains the client_secret
value used for GitHub Login.
login_scopes
- (Optional) The list of OAuth 2.0 scopes that should be requested as part of GitHub Login authentication.A google_v2
block supports the following:
client_id
- (Required) The OpenID Connect Client ID for the Google web application.
client_secret_setting_name
- (Required) The app setting name that contains the client_secret
value used for Google Login.
allowed_audiences
- (Optional) Specifies a list of Allowed Audiences that should be requested as part of Google Sign-In authentication.
login_scopes
- (Optional) The list of OAuth 2.0 scopes that should be requested as part of Google Sign-In authentication.
A microsoft_v2
block supports the following:
client_id
- (Required) The OAuth 2.0 client ID that was created for the app used for authentication.
client_secret_setting_name
- (Required) The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication.
allowed_audiences
- (Optional) Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication.
login_scopes
- (Optional) The list of Login scopes that should be requested as part of Microsoft Account authentication.
A twitter_v2
block supports the following:
consumer_key
- (Required) The OAuth 1.0a consumer key of the Twitter application used for sign-in.
consumer_secret_setting_name
- (Required) The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in.
A login
block supports the following:
logout_endpoint
- (Optional) The endpoint to which logout requests should be made.
token_store_enabled
- (Optional) Should the Token Store configuration Enabled. Defaults to false
token_refresh_extension_time
- (Optional) The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72
hours.
token_store_path
- (Optional) The directory path in the App Filesystem in which the tokens will be stored.
token_store_sas_setting_name
- (Optional) The name of the app setting which contains the SAS URL of the blob storage containing the tokens.
preserve_url_fragments_for_logins
- (Optional) Should the fragments from the request be preserved after the login request is made. Defaults to false
.
allowed_external_redirect_urls
- (Optional) External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends.
cookie_expiration_convention
- (Optional) The method by which cookies expire. Possible values include: FixedTime
, and IdentityProviderDerived
. Defaults to FixedTime
.
cookie_expiration_time
- (Optional) The time after the request is made when the session cookie should expire. Defaults to 08:00:00
.
validate_nonce
- (Optional) Should the nonce be validated while completing the login flow. Defaults to true
.
nonce_expiration_time
- (Optional) The time after the request is made when the nonce should expire. Defaults to 00:05:00
.
A auto_heal_setting
block supports the following:
action
- (Required) An action
block as defined above.
trigger
- (Required) A trigger
block as defined below.
A azure_blob_storage
block supports the following:
level
- (Required) The level at which to log. Possible values include Error
, Warning
, Information
, Verbose
and Off
. NOTE: this field is not available for http_logs
retention_in_days
- (Required) The time in days after which to remove blobs. A value of 0
means no retention.
sas_url
- (Required) SAS url to an Azure blob container with read/write/list/delete permissions.
A backup
block supports the following:
name
- (Required) The name which should be used for this Backup.
schedule
- (Required) A schedule
block as defined below.
storage_account_url
- (Required) The SAS URL to the container.
enabled
- (Optional) Should this backup job be enabled? Defaults to true
.
A connection_string
block supports the following:
name
- (Required) The name of the Connection String.
type
- (Required) Type of database. Possible values include: APIHub
, Custom
, DocDb
, EventHub
, MySQL
, NotificationHub
, PostgreSQL
, RedisCache
, ServiceBus
, SQLAzure
, and SQLServer
.
value
- (Required) The connection string value.
A cors
block supports the following:
allowed_origins
- (Optional) Specifies a list of origins that should be allowed to make cross-origin calls.
support_credentials
- (Optional) Whether CORS requests with credentials are allowed. Defaults to false
A custom_action
block supports the following:
executable
- (Required) The executable to run for the custom_action
.
parameters
- (Optional) The parameters to pass to the specified executable
.
A facebook
block supports the following:
app_id
- (Required) The App ID of the Facebook app used for login.
app_secret
- (Optional) The App Secret of the Facebook app used for Facebook login. Cannot be specified with app_secret_setting_name
.
app_secret_setting_name
- (Optional) The app setting name that contains the app_secret
value used for Facebook login. Cannot be specified with app_secret
.
oauth_scopes
- (Optional) Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook login authentication.
A file_system
block supports the following:
retention_in_days
- (Required) The retention period in days. A values of 0
means no retention.
retention_in_mb
- (Required) The maximum size in megabytes that log files can use.
A github
block supports the following:
client_id
- (Required) The ID of the GitHub app used for login.
client_secret
- (Optional) The Client Secret of the GitHub app used for GitHub login. Cannot be specified with client_secret_setting_name
.
client_secret_setting_name
- (Optional) The app setting name that contains the client_secret
value used for GitHub login. Cannot be specified with client_secret
.
oauth_scopes
- (Optional) Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub login authentication.
A google
block supports the following:
client_id
- (Required) The OpenID Connect Client ID for the Google web application.
client_secret
- (Optional) The client secret associated with the Google web application. Cannot be specified with client_secret_setting_name
.
client_secret_setting_name
- (Optional) The app setting name that contains the client_secret
value used for Google login. Cannot be specified with client_secret
.
oauth_scopes
- (Optional) Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, openid
, profile
, and email
are used as default scopes.
A headers
block supports the following:
x_azure_fdid
- (Optional) Specifies a list of Azure Front Door IDs.
x_fd_health_probe
- (Optional) Specifies if a Front Door Health Probe should be expected. The only possible value is 1
.
x_forwarded_for
- (Optional) Specifies a list of addresses for which matching should be applied. Omitting this value means allow any.
x_forwarded_host
- (Optional) Specifies a list of Hosts for which matching should be applied.
A http_logs
block supports the following:
azure_blob_storage
- (Optional) A azure_blob_storage_http
block as defined below.
file_system
- (Optional) A file_system
block as defined above.
An azure_blob_storage_http
block supports the following:
retention_in_days
- (Optional) The time in days after which to remove blobs. A value of 0
means no retention.
sas_url
- (Required) SAS url to an Azure blob container with read/write/list/delete permissions.
An identity
block supports the following:
type
- (Required) Specifies the type of Managed Service Identity that should be configured on this Windows Web App. Possible values are SystemAssigned
, UserAssigned
, SystemAssigned, UserAssigned
(to enable both).
identity_ids
- (Optional) A list of User Assigned Managed Identity IDs to be assigned to this Windows Web App.
A ip_restriction
block supports the following:
action
- (Optional) The action to take. Possible values are Allow
or Deny
. Defaults to Allow
.
headers
- (Optional) A headers
block as defined above.
ip_address
- (Optional) The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24
or 192.168.10.1/32
name
- (Optional) The name which should be used for this ip_restriction
.
priority
- (Optional) The priority value of this ip_restriction
. Defaults to 65000
.
service_tag
- (Optional) The Service Tag used for this IP Restriction.
virtual_network_subnet_id
- (Optional) The Virtual Network Subnet ID used for this IP Restriction.
description
- (Optional) The Description of this IP Restriction.A logs
block supports the following:
application_logs
- (Optional) A application_logs
block as defined above.
detailed_error_messages
- (Optional) Should detailed error messages be enabled.
failed_request_tracing
- (Optional) Should tracing be enabled for failed requests.
http_logs
- (Optional) A http_logs
block as defined above.
A microsoft
block supports the following:
client_id
- (Required) The OAuth 2.0 client ID that was created for the app used for authentication.
client_secret
- (Optional) The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name
.
client_secret_setting_name
- (Optional) The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret
.
oauth_scopes
- (Optional) Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, "wl.basic" is used as the default scope.
A requests
block supports the following:
count
- (Required) The number of requests in the specified interval
to trigger this rule.
interval
- (Required) The interval in hh:mm:ss
.
A schedule
block supports the following:
frequency_interval
- (Required) How often the backup should be executed (e.g. for weekly backup, this should be set to 7
and frequency_unit
should be set to Day
).frequency_unit
- (Required) The unit of time for how often the backup should take place. Possible values include: Day
, Hour
keep_at_least_one_backup
- (Optional) Should the service keep at least one backup, regardless of age of backup. Defaults to false
.
retention_period_days
- (Optional) After how many days backups should be deleted. Defaults to 30
.
start_time
- (Optional) When the schedule should start working in RFC-3339 format.
A scm_ip_restriction
block supports the following:
action
- (Optional) The action to take. Possible values are Allow
or Deny
. Defaults to Allow
.
headers
- (Optional) A headers
block as defined above.
ip_address
- (Optional) The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24
or 192.168.10.1/32
name
- (Optional) The name which should be used for this ip_restriction
.
priority
- (Optional) The priority value of this ip_restriction
. Defaults to 65000
.
service_tag
- (Optional) The Service Tag used for this IP Restriction.
virtual_network_subnet_id
- (Optional) The Virtual Network Subnet ID used for this IP Restriction.
description
- (Optional) The Description of this IP Restriction.A site_config
block supports the following:
always_on
- (Optional) If this Windows Web App is Always On enabled. Defaults to true
.api_definition_url
- (Optional) The URL to the API Definition for this Windows Web App.
api_management_api_id
- (Optional) The API Management API ID this Windows Web App Slot is associated with.
app_command_line
- (Optional) The App command line to launch.
application_stack
- (Optional) A application_stack
block as defined above.
auto_heal_enabled
- (Optional) Should Auto heal rules be enabled. Required with auto_heal_setting
.
auto_heal_setting
- (Optional) A auto_heal_setting
block as defined above. Required with auto_heal
.
container_registry_managed_identity_client_id
- (Optional) The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry.
container_registry_use_managed_identity
- (Optional) Should connections for Azure Container Registry use Managed Identity.
cors
- (Optional) A cors
block as defined above.
default_documents
- (Optional) Specifies a list of Default Documents for the Windows Web App.
ftps_state
- (Optional) The State of FTP / FTPS service. Possible values include: AllAllowed
, FtpsOnly
, Disabled
. Defaults to Disabled
.
health_check_path
- (Optional) The path to the Health Check.
health_check_eviction_time_in_min
- (Optional) The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between 2
and 10
. Only valid in conjunction with health_check_path
.
http2_enabled
- (Optional) Should the HTTP2 be enabled?
ip_restriction
- (Optional) One or more ip_restriction
blocks as defined above.
ip_restriction_default_action
- (Optional) The Default action for traffic that does not match any ip_restriction
rule. possible values include Allow
and Deny
. Defaults to Allow
.
load_balancing_mode
- (Optional) The Site load balancing. Possible values include: WeightedRoundRobin
, LeastRequests
, LeastResponseTime
, WeightedTotalTraffic
, RequestHash
, PerSiteRoundRobin
. Defaults to LeastRequests
if omitted.
local_mysql_enabled
- (Optional) Use Local MySQL. Defaults to false
.
managed_pipeline_mode
- (Optional) Managed pipeline mode. Possible values include: Integrated
, Classic
. Defaults to Integrated
.
minimum_tls_version
- (Optional) The configures the minimum version of TLS required for SSL requests. Possible values include: 1.0
, 1.1
, and 1.2
. Defaults to 1.2
.
remote_debugging_enabled
- (Optional) Should Remote Debugging be enabled. Defaults to false
.
remote_debugging_version
- (Optional) The Remote Debugging Version. Possible values include VS2017
, VS2019
and VS2022
.
scm_ip_restriction
- (Optional) One or more scm_ip_restriction
blocks as defined above.
scm_ip_restriction_default_action
- (Optional) The Default action for traffic that does not match any scm_ip_restriction
rule. possible values include Allow
and Deny
. Defaults to Allow
.
scm_minimum_tls_version
- (Optional) The configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: 1.0
, 1.1
, and 1.2
. Defaults to 1.2
.
scm_use_main_ip_restriction
- (Optional) Should the Windows Web App ip_restriction
configuration be used for the SCM also.
use_32_bit_worker
- (Optional) Should the Windows Web App use a 32-bit worker. Defaults to true
.
handler_mapping
- (Optional) One or more handler_mapping
blocks as defined below.
virtual_application
- (Optional) One or more virtual_application
blocks as defined below.
vnet_route_all_enabled
- (Optional) Should all outbound traffic to have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to false
.
websockets_enabled
- (Optional) Should Web Sockets be enabled. Defaults to false
.
worker_count
- (Optional) The number of Workers for this Windows App Service.
A slow_request
block supports the following:
count
- (Required) The number of Slow Requests in the time interval
to trigger this rule.
interval
- (Required) The time interval in the form hh:mm:ss
.
time_taken
- (Required) The threshold of time passed to qualify as a Slow Request in hh:mm:ss
.
path
- (Optional) The path for which this slow request rule applies.
A slow_request_with_path
block supports the following:
count
- (Required) The number of Slow Requests in the time interval
to trigger this rule.
interval
- (Required) The time interval in the form hh:mm:ss
.
time_taken
- (Required) The threshold of time passed to qualify as a Slow Request in hh:mm:ss
.
path
- (Optional) The path for which this slow request rule applies.
A status_code
block supports the following:
count
- (Required) The number of occurrences of the defined status_code
in the specified interval
on which to trigger this rule.
interval
- (Required) The time interval in the form hh:mm:ss
.
status_code_range
- (Required) The status code for this rule, accepts single status codes and status code ranges. e.g. 500
or 400-499
. Possible values are integers between 101
and 599
path
- (Optional) The path to which this rule status code applies.
sub_status
- (Optional) The Request Sub Status of the Status Code.
win32_status_code
- (Optional) The Win32 Status Code of the Request.
A sticky_settings
block supports the following:
app_setting_names
- (Optional) A list of app_setting
names that the Windows Web App will not swap between Slots when a swap operation is triggered.
connection_string_names
- (Optional) A list of connection_string
names that the Windows Web App will not swap between Slots when a swap operation is triggered.
A storage_account
block supports the following:
access_key
- (Required) The Access key for the storage account.
account_name
- (Required) The Name of the Storage Account.
name
- (Required) The name which should be used for this TODO.
share_name
- (Required) The Name of the File Share or Container Name for Blob storage.
type
- (Required) The Azure Storage Type. Possible values include AzureFiles
and AzureBlob
mount_path
- (Optional) The path at which to mount the storage share.
A trigger
block supports the following:
private_memory_kb
- (Optional) The amount of Private Memory to be consumed for this rule to trigger. Possible values are between 102400
and 13631488
.
requests
- (Optional) A requests
block as defined above.
slow_request
- (Optional) A slow_request
block as defined above.
slow_request_with_path
- (Optional) One or more slow_request_with_path
blocks as defined above.
status_code
- (Optional) One or more status_code
blocks as defined above.
A twitter
block supports the following:
consumer_key
- (Required) The OAuth 1.0a consumer key of the Twitter application used for sign-in.
consumer_secret
- (Optional) The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with consumer_secret_setting_name
.
consumer_secret_setting_name
- (Optional) The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with consumer_secret
.
A handler_mapping
block supports the following:
extension
- (Required) Specifies which extension to be handled by the specified FastCGI application.
script_processor_path
- (Required) Specifies the absolute path to the FastCGI application.
arguments
- (Optional) Specifies the command-line arguments to be passed to the script processor.
A virtual_application
block supports the following:
physical_path
- (Required) The physical path for the Virtual Application.
preload
- (Required) Should pre-loading be enabled.
virtual_directory
- (Optional) One or more virtual_directory
blocks as defined below.
virtual_path
- (Required) The Virtual Path for the Virtual Application.
A virtual_directory
block supports the following:
physical_path
- (Optional) The physical path for the Virtual Application.
virtual_path
- (Optional) The Virtual Path for the Virtual Application.
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Windows Web App.
custom_domain_verification_id
- The identifier used by App Service to perform domain ownership verification via DNS TXT record.
hosting_environment_id
- The ID of the App Service Environment used by App Service.
default_hostname
- The default hostname of the Windows Web App.
identity
- An identity
block as defined below.
kind
- The Kind value for this Windows Web App.
outbound_ip_address_list
- A list of outbound IP addresses - such as ["52.23.25.3", "52.143.43.12"]
outbound_ip_addresses
- A comma separated list of outbound IP addresses - such as 52.23.25.3,52.143.43.12
.
possible_outbound_ip_address_list
- A list of possible outbound ip address.
possible_outbound_ip_addresses
- A comma separated list of outbound IP addresses - such as 52.23.25.3,52.143.43.12,52.143.43.17
- not all of which are necessarily in use. Superset of outbound_ip_addresses
.
site_credential
- A site_credential
block as defined below.
An identity
block exports the following:
principal_id
- The Principal ID associated with this Managed Service Identity.
tenant_id
- The Tenant ID associated with this Managed Service Identity.
A site_credential
block exports the following:
name
- The Site Credentials Username used for publishing.
password
- The Site Credentials Password used for publishing.
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Windows Web App.read
- (Defaults to 5 minutes) Used when retrieving the Windows Web App.update
- (Defaults to 30 minutes) Used when updating the Windows Web App.delete
- (Defaults to 30 minutes) Used when deleting the Windows Web App.Windows Web Apps can be imported using the resource id
, e.g.
terraform import azurerm_windows_web_app.example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Web/sites/site1