Manages the Custom HTTPS Configuration for an Azure Front Door (classic) Frontend Endpoint.
resource "azurerm_resource_group" "example" {
name = "FrontDoorExampleResourceGroup"
location = "West Europe"
}
data "azurerm_key_vault" "vault" {
name = "example-vault"
resource_group_name = "example-vault-rg"
}
resource "azurerm_frontdoor" "example" {
name = "example-FrontDoor"
resource_group_name = azurerm_resource_group.example.name
routing_rule {
name = "exampleRoutingRule1"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["exampleFrontendEndpoint1"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "exampleBackendBing"
}
}
backend_pool_load_balancing {
name = "exampleLoadBalancingSettings1"
}
backend_pool_health_probe {
name = "exampleHealthProbeSetting1"
}
backend_pool {
name = "exampleBackendBing"
backend {
host_header = "www.bing.com"
address = "www.bing.com"
http_port = 80
https_port = 443
}
load_balancing_name = "exampleLoadBalancingSettings1"
health_probe_name = "exampleHealthProbeSetting1"
}
frontend_endpoint {
name = "exampleFrontendEndpoint1"
host_name = "example-FrontDoor.azurefd.net"
}
frontend_endpoint {
name = "exampleFrontendEndpoint2"
host_name = "examplefd1.examplefd.net"
}
}
resource "azurerm_frontdoor_custom_https_configuration" "example_custom_https_0" {
frontend_endpoint_id = azurerm_frontdoor.example.frontend_endpoints["exampleFrontendEndpoint1"]
custom_https_provisioning_enabled = false
}
resource "azurerm_frontdoor_custom_https_configuration" "example_custom_https_1" {
frontend_endpoint_id = azurerm_frontdoor.example.frontend_endpoints["exampleFrontendEndpoint2"]
custom_https_provisioning_enabled = true
custom_https_configuration {
certificate_source = "AzureKeyVault"
azure_key_vault_certificate_secret_name = "examplefd1"
azure_key_vault_certificate_vault_id = data.azurerm_key_vault.vault.id
}
}
frontend_endpoint_id
- (Required) The ID of the Front Door Frontend Endpoint which this configuration refers to. Changing this forces a new resource to be created.
custom_https_provisioning_enabled
- (Required) Should the HTTPS protocol be enabled for this custom domain associated with the Front Door?
custom_https_configuration
- (Optional) A custom_https_configuration
block as defined above.
The custom_https_configuration
block supports the following:
certificate_source
- (Optional) Certificate source to encrypted HTTPS
traffic with. Allowed values are FrontDoor
or AzureKeyVault
. Defaults to FrontDoor
.The following attributes are only valid if certificate_source
is set to AzureKeyVault
:
azure_key_vault_certificate_vault_id
- (Optional) The ID of the Key Vault containing the SSL certificate.
azure_key_vault_certificate_secret_name
- (Optional) The name of the Key Vault secret representing the full certificate PFX.
azure_key_vault_certificate_secret_version
- (Optional) The version of the Key Vault secret representing the full certificate PFX.
id
- The ID of the Azure Front Door Custom HTTPS Configuration.
custom_https_configuration
- (Optional) A custom_https_configuration
block as defined below.
The custom_https_configuration
block exports the following:
minimum_tls_version
- Minimum client TLS version supported.The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 6 hours) Used when creating a Custom HTTPS Configuration.update
- (Defaults to 6 hours) Used when updating a Custom HTTPS Configuration.read
- (Defaults to 5 minutes) Used when retrieving a Custom HTTPS Configuration.delete
- (Defaults to 6 hours) Used when deleting a Custom HTTPS Configuration.Front Door Custom HTTPS Configurations can be imported using the resource id
of the Front Door Custom HTTPS Configuration, e.g.
terraform import azurerm_frontdoor_custom_https_configuration.example_custom_https_1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/frontDoors/frontdoor1/customHttpsConfiguration/endpoint1