Merge pull request #1 from kumarvna/develop

Final configuration for version 1.0

Author: kumarvna

.gitignore

@@ -4,6 +4,7 @@
 # .tfstate files
 *.tfstate
 *.tfstate.*
+*.terraform.lock.hcl
 
 # Crash log files
 crash.log

README.md

@@ -0,0 +1,22 @@
+# Azure Front Door Terraform Module
+
+Azure Front Door is a fast, reliable, and secure modern cloud CDN that uses the Microsoft global edge network and integrates with intelligent threat protection. It combines the capabilities of Azure Front Door, Azure Content Delivery Network (CDN) standard, and Azure Web Application Firewall (WAF) into a single secure cloud CDN platform.
+
+This Terraform module helps create Microsoft's highly available and scalable web application acceleration platform and global HTTP(s) load balancer Azure Front Door Service with Web Application Firewall policies and SSL offloading.
+
+## Module Usage for
+
+* [Frontdoor with SSL Offloading](frontdoor_with_custom_https_configuration/)
+* [Frontdoor with WAF Policies](frontdoor_with_waf_policies/)
+
+## Terraform Usage
+
+To run this example you need to execute following Terraform commands
+
+```hcl
+terraform init
+terraform plan
+terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.

examples/README.md

@@ -0,0 +1,119 @@
+# Azure Front Door Terraform Module
+
+Azure Front Door is a fast, reliable, and secure modern cloud CDN that uses the Microsoft global edge network and integrates with intelligent threat protection. It combines the capabilities of Azure Front Door, Azure Content Delivery Network (CDN) standard, and Azure Web Application Firewall (WAF) into a single secure cloud CDN platform.
+
+This Terraform module helps create Microsoft's highly available and scalable web application acceleration platform and global HTTP(s) load balancer Azure Front Door Service with Web Application Firewall policies and SSL offloading.
+
+## Module Usage for Frontdoor with SSL offloading
+
+```terraform
+# Azurerm Provider configuration
+provider "azurerm" {
+  features {}
+}
+
+module "frontdoor" {
+  source  = "kumarvna/frontdoor/azurerm"
+  version = "1.0.0"
+
+  # By default, this module will not create a resource group. Location will be same as existing RG.
+  # proivde a name to use an existing resource group, specify the existing resource group name, 
+  # set the argument to `create_resource_group = true` to create new resrouce group.
+  resource_group_name = "rg-shared-westeurope-01"
+  location            = "westeurope"
+  frontdoor_name      = "example-frontdoor51"
+
+  routing_rules = [
+    {
+      name               = "exampleRoutingRule1"
+      accepted_protocols = ["Http", "Https"]
+      patterns_to_match  = ["/*"]
+      frontend_endpoints = ["exampleFrontendEndpoint1"]
+      forwarding_configuration = {
+        forwarding_protocol = "MatchRequest"
+        backend_pool_name   = "exampleBackendBing"
+      }
+    }
+  ]
+
+  backend_pool_load_balancing = [
+    {
+      name = "exampleLoadBalancingSettings1"
+    }
+  ]
+
+  backend_pool_health_probes = [
+    {
+      name = "exampleHealthProbeSetting1"
+    }
+  ]
+
+  backend_pools = [
+    {
+      name = "exampleBackendBing"
+      backend = {
+        host_header = "www.bing.com"
+        address     = "www.bing.com"
+        http_port   = 80
+        https_port  = 443
+      }
+      load_balancing_name = "exampleLoadBalancingSettings1"
+      health_probe_name   = "exampleHealthProbeSetting1"
+    }
+  ]
+
+  # In order to enable the use of your own custom HTTPS certificate you must grant  
+  # Azure Front Door Service access to your key vault. For instuctions on how to  
+  # configure your Key Vault correctly. Please refer to the product documentation.
+  # https://bit.ly/38FuAZv
+
+  frontend_endpoints = [
+    {
+      name      = "exampleFrontendEndpoint1"
+      host_name = "example-frontdoor51.azurefd.net"
+    },
+    {
+      name      = "exampleFrontendEndpoint2"
+      host_name = "example-frontdoor52.azurefd.net"
+      custom_https_configuration = {
+        certificate_source = "FrontDoor"
+      }
+    },
+    {
+      name      = "exampleFrontendEndpoint3"
+      host_name = "example-frontdoor53.azurefd.net"
+      custom_https_configuration = {
+        certificate_source                         = "AzureKeyVault"
+        azure_key_vault_certificate_vault_id       = "" # valid keyvalut id
+        azure_key_vault_certificate_secret_name    = "" # valid certificate secret
+        azure_key_vault_certificate_secret_version = "Latest"
+      }
+    }
+  ]
+
+  # (Optional) To enable Azure Monitoring for Azure Frontdoor
+  # (Optional) Specify `storage_account_name` to save monitoring logs to storage. 
+  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
+  # Adding TAG's to your Azure resources 
+  tags = {
+    ProjectName  = "demo-internal"
+    Env          = "dev"
+    Owner        = "[email protected]"
+    BusinessUnit = "CORP"
+    ServiceClass = "Gold"
+  }
+}
+```
+
+## Terraform Usage
+
+To run this example you need to execute following Terraform commands
+
+```hcl
+terraform init
+terraform plan
+terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.

examples/frontdoor_with_custom_https_configuration/README.md

@@ -0,0 +1,97 @@
+# Azurerm Provider configuration
+provider "azurerm" {
+  features {}
+}
+
+module "frontdoor" {
+  source  = "kumarvna/frontdoor/azurerm"
+  version = "1.0.0"
+
+  # By default, this module will not create a resource group. Location will be same as existing RG.
+  # proivde a name to use an existing resource group, specify the existing resource group name, 
+  # set the argument to `create_resource_group = true` to create new resrouce group.
+  resource_group_name = "rg-shared-westeurope-01"
+  location            = "westeurope"
+  frontdoor_name      = "example-frontdoor51"
+
+  routing_rules = [
+    {
+      name               = "exampleRoutingRule1"
+      accepted_protocols = ["Http", "Https"]
+      patterns_to_match  = ["/*"]
+      frontend_endpoints = ["exampleFrontendEndpoint1"]
+      forwarding_configuration = {
+        forwarding_protocol = "MatchRequest"
+        backend_pool_name   = "exampleBackendBing"
+      }
+    }
+  ]
+
+  backend_pool_load_balancing = [
+    {
+      name = "exampleLoadBalancingSettings1"
+    }
+  ]
+
+  backend_pool_health_probes = [
+    {
+      name = "exampleHealthProbeSetting1"
+    }
+  ]
+
+  backend_pools = [
+    {
+      name = "exampleBackendBing"
+      backend = {
+        host_header = "www.bing.com"
+        address     = "www.bing.com"
+        http_port   = 80
+        https_port  = 443
+      }
+      load_balancing_name = "exampleLoadBalancingSettings1"
+      health_probe_name   = "exampleHealthProbeSetting1"
+    }
+  ]
+
+  # In order to enable the use of your own custom HTTPS certificate you must grant  
+  # Azure Front Door Service access to your key vault. For instuctions on how to  
+  # configure your Key Vault correctly. Please refer to the product documentation.
+  # https://bit.ly/38FuAZv
+
+  frontend_endpoints = [
+    {
+      name      = "exampleFrontendEndpoint1"
+      host_name = "example-frontdoor51.azurefd.net"
+    },
+    {
+      name      = "exampleFrontendEndpoint2"
+      host_name = "example-frontdoor52.azurefd.net"
+      custom_https_configuration = {
+        certificate_source = "FrontDoor"
+      }
+    },
+    {
+      name      = "exampleFrontendEndpoint3"
+      host_name = "example-frontdoor53.azurefd.net"
+      custom_https_configuration = {
+        certificate_source                         = "AzureKeyVault"
+        azure_key_vault_certificate_vault_id       = "" # valid keyvalut id
+        azure_key_vault_certificate_secret_name    = "" # valid certificate secret
+        azure_key_vault_certificate_secret_version = "Latest"
+      }
+    }
+  ]
+
+  # (Optional) To enable Azure Monitoring for Azure Frontdoor
+  # (Optional) Specify `storage_account_name` to save monitoring logs to storage. 
+  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
+  # Adding TAG's to your Azure resources 
+  tags = {
+    ProjectName  = "demo-internal"
+    Env          = "dev"
+    Owner        = "[email protected]"
+    BusinessUnit = "CORP"
+    ServiceClass = "Gold"
+  }
+}

examples/frontdoor_with_custom_https_configuration/main.tf

@@ -0,0 +1,40 @@
+output "backend_pool_ids" {
+  description = "The ID of the Azure Front Door Backend Pool"
+  value       = module.frontdoor.backend_pool_ids
+}
+
+output "backend_pool_health_probes" {
+  description = "The ID's of the Azure Front Door Backend Health Probe"
+  value       = module.frontdoor.backend_pool_health_probes
+}
+
+output "backend_pool_load_balancing" {
+  description = "The ID of the Azure Front Door Backend Load Balancer"
+  value       = module.frontdoor.backend_pool_load_balancing
+}
+
+output "frontend_endpoint_id" {
+  description = "The ID of the Azure Front Door Frontend Endpoint"
+  value       = module.frontdoor.frontend_endpoint_id
+}
+
+
+output "frontdoor_id" {
+  description = "The ID of the FrontDoor"
+  value       = module.frontdoor.frontdoor_id
+}
+
+output "frontdoor_waf_policy_id" {
+  description = "The ID of the FrontDoor Firewall Policy"
+  value       = module.frontdoor.frontdoor_waf_policy_id
+}
+
+output "frontdoor_waf_policy_location" {
+  description = "The Azure Region where this FrontDoor Firewall Policy exists"
+  value       = module.frontdoor.frontdoor_waf_policy_location
+}
+
+output "frontdoor_waf_policy_frontend_endpoint_ids" {
+  description = "The Frontend Endpoints associated with this Front Door Web Application Firewall policy"
+  value       = module.frontdoor.frontdoor_waf_policy_frontend_endpoint_ids
+}