azurerm_application_gateway

Manages an Application Gateway.

Example Usage

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_virtual_network" "example" {
  name                = "example-network"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  address_space       = ["10.254.0.0/16"]
}

resource "azurerm_subnet" "example" {
  name                 = "example"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.254.0.0/24"]
}

resource "azurerm_public_ip" "example" {
  name                = "example-pip"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  allocation_method   = "Dynamic"
}

# since these variables are re-used - a locals block makes this more maintainable
locals {
  backend_address_pool_name      = "${azurerm_virtual_network.example.name}-beap"
  frontend_port_name             = "${azurerm_virtual_network.example.name}-feport"
  frontend_ip_configuration_name = "${azurerm_virtual_network.example.name}-feip"
  http_setting_name              = "${azurerm_virtual_network.example.name}-be-htst"
  listener_name                  = "${azurerm_virtual_network.example.name}-httplstn"
  request_routing_rule_name      = "${azurerm_virtual_network.example.name}-rqrt"
  redirect_configuration_name    = "${azurerm_virtual_network.example.name}-rdrcfg"
}

resource "azurerm_application_gateway" "network" {
  name                = "example-appgateway"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location

  sku {
    name     = "Standard_v2"
    tier     = "Standard_v2"
    capacity = 2
  }

  gateway_ip_configuration {
    name      = "my-gateway-ip-configuration"
    subnet_id = azurerm_subnet.example.id
  }

  frontend_port {
    name = local.frontend_port_name
    port = 80
  }

  frontend_ip_configuration {
    name                 = local.frontend_ip_configuration_name
    public_ip_address_id = azurerm_public_ip.example.id
  }

  backend_address_pool {
    name = local.backend_address_pool_name
  }

  backend_http_settings {
    name                  = local.http_setting_name
    cookie_based_affinity = "Disabled"
    path                  = "/path1/"
    port                  = 80
    protocol              = "Http"
    request_timeout       = 60
  }

  http_listener {
    name                           = local.listener_name
    frontend_ip_configuration_name = local.frontend_ip_configuration_name
    frontend_port_name             = local.frontend_port_name
    protocol                       = "Http"
  }

  request_routing_rule {
    name                       = local.request_routing_rule_name
    priority                   = 9
    rule_type                  = "Basic"
    http_listener_name         = local.listener_name
    backend_address_pool_name  = local.backend_address_pool_name
    backend_http_settings_name = local.http_setting_name
  }
}

Argument Reference

The following arguments are supported:



An authentication_certificate block supports the following:


A trusted_root_certificate block supports the following:


A backend_address_pool block supports the following:


A backend_http_settings block supports the following:


A authentication_certificate_backend block, within the backend_http_settings block supports the following:


A connection_draining block supports the following:


A frontend_ip_configuration block supports the following:


A frontend_port block supports the following:


A gateway_ip_configuration block supports the following:


A http_listener block supports the following:


An identity block supports the following:


A private_link_configuration block supports the following:

az feature register --name AllowApplicationGatewayPrivateLink --namespace Microsoft.Network

An ip_configuration block supports the following:


A match block supports the following:


A path_rule block supports the following:


A probe block supports the following:


A request_routing_rule block supports the following:


A global block supports the following:


A sku block supports the following:


A ssl_certificate block supports the following:


A url_path_map block supports the following:


A trusted_client_certificate block supports the following:


A ssl_profile block supports the following:


A ssl_policy block supports the following:

When using a policy_type of Predefined the following fields are supported:

When using a policy_type of Custom the following fields are supported:


A waf_configuration block supports the following:


A disabled_rule_group block supports the following:


A exclusion block supports the following:


A custom_error_configuration block supports the following:


A redirect_configuration block supports the following:


An autoscale_configuration block supports the following:


A rewrite_rule_set block supports the following:


A rewrite_rule block supports the following:


A condition block supports the following:


A request_header_configuration block supports the following:


A response_header_configuration block supports the following:


A url block supports the following:

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:


A authentication_certificate block exports the following:


A authentication_certificate block, within the backend_http_settings block exports the following:


A backend_address_pool block exports the following:


A backend_http_settings block exports the following:


A frontend_ip_configuration block exports the following:


A frontend_port block exports the following:


A gateway_ip_configuration block exports the following:


A http_listener block exports the following:


A path_rule block exports the following:


A private_endpoint_connection block exports the following:


A private_link_configuration block exports the following:


A probe block exports the following:


A request_routing_rule block exports the following:


A ssl_certificate block exports the following:


A url_path_map block exports the following:


A custom_error_configuration block exports the following:


A redirect_configuration block exports the following:


A rewrite_rule_set block exports the following:

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

Import

Application Gateway's can be imported using the resource id, e.g.

terraform import azurerm_application_gateway.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/applicationGateways/myGateway1