module "rg" {
source = "registry.terraform.io/libre-devops/rg/azurerm"
rg_name = "rg-${var.short}-${var.loc}-${terraform.workspace}-build" // rg-ldo-euw-dev-build
location = local.location // compares var.loc with the var.regions var to match a long-hand name, in this case, "euw", so "westeurope"
tags = local.tags
# lock_level = "CanNotDelete" // Do not set this value to skip lock
}
// This module does not consider for CMKs and allows the users to manually set bypasses
#checkov:skip=CKV2_AZURE_1:CMKs are not considered in this module
#checkov:skip=CKV2_AZURE_18:CMKs are not considered in this module
#checkov:skip=CKV_AZURE_33:Storage logging is not configured by default in this module
#tfsec:ignore:azure-storage-queue-services-logging-enabled tfsec:ignore:azure-storage-allow-microsoft-service-bypass #tfsec:ignore:azure-storage-default-action-deny
module "sa" {
source = "registry.terraform.io/libre-devops/storage-account/azurerm"
rg_name = module.rg.rg_name
location = module.rg.rg_location
tags = module.rg.rg_tags
storage_account_name = "st${var.short}${var.loc}${terraform.workspace}01"
access_tier = "Hot"
identity_type = "SystemAssigned"
allow_nested_items_to_be_public = true
storage_account_properties = {
// Set this block to enable network rules
network_rules = {
default_action = "Allow"
}
blob_properties = {
versioning_enabled = false
change_feed_enabled = false
default_service_version = "2020-06-12"
last_access_time_enabled = false
deletion_retention_policies = {
days = 10
}
container_delete_retention_policy = {
days = 10
}
}
routing = {
publish_internet_endpoints = false
publish_microsoft_endpoints = true
choice = "MicrosoftRouting"
}
}
}
module "fnc_plan" {
source = "registry.terraform.io/libre-devops/service-plan/azurerm"
rg_name = module.rg.rg_name
location = module.rg.rg_location
tags = module.rg.rg_tags
app_service_plan_name = "asp-${var.short}-${var.loc}-${terraform.workspace}-01"
add_to_app_service_environment = false
os_type = "Windows"
sku_name = "Y1"
}
#checkov:skip=CKV2_AZURE_145:TLS 1.2 is allegedly the latest supported as per hashicorp docs
module "fnc_app" {
source = "registry.terraform.io/libre-devops/windows-function-app/azurerm"
rg_name = module.rg.rg_name
location = module.rg.rg_location
tags = module.rg.rg_tags
app_name = "fnc-${var.short}-${var.loc}-${terraform.workspace}-01"
service_plan_id = module.fnc_plan.service_plan_id
storage_account_name = module.sa.sa_name
storage_account_access_key = module.sa.sa_primary_access_key
storage_uses_managed_identity = "false"
identity_type = "SystemAssigned"
functions_extension_version = "~4"
settings = {
site_config = {
minimum_tls_version = "1.2"
http2_enabled = true
application_stack = {
powershell_core_version = 7
}
}
auth_settings = {
enabled = true
}
}
}
No requirements.
Name | Version |
---|---|
azurerm | n/a |
No modules.
Name | Type |
---|---|
azurerm_app_service_virtual_network_swift_connection.function_vnet_integration | resource |
azurerm_windows_function_app.function_app | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
active_directory_auth_setttings | Active directory authentication provider settings for app service | any |
{} |
no |
app_name | The name of the function app | string |
n/a | yes |
app_settings | Function App application settings | map(any) |
{} |
no |
builtin_logging_enabled | Whether AzureWebJobsDashboards should be enabled, default is true | bool |
true |
no |
client_certificate_enabled | Whether client certificate auth is enabled, default is false | bool |
false |
no |
client_certificate_mode | The option for client certificates | string |
"Optional" |
no |
connection_strings | Connection strings for App Service | list(map(string)) |
[] |
no |
daily_memory_time_quota | The amount of memory in gigabyte-seconds that your app can consume per day, defaults to 0 | number |
0 |
no |
enabled | Is the function app enabled? Default is true | bool |
true |
no |
force_disabled_content_share | Should content share be disabled in storage account? Default is false | bool |
false |
no |
function_app_vnet_integration_enabled | Enable VNET integration with the Function App. function_app_vnet_integration_subnet_id is mandatory if enabled |
bool |
false |
no |
function_app_vnet_integration_subnet_id | ID of the subnet to associate with the Function App (VNet integration) | string |
null |
no |
functions_extension_version | The function extension version | string |
n/a | yes |
https_only | Disable http procotol and keep only https | bool |
true |
no |
identity_ids | Specifies a list of user managed identity ids to be assigned to the VM. | list(string) |
[] |
no |
identity_type | The Managed Service Identity Type of this Virtual Machine. | string |
"" |
no |
location | Azure location. | string |
n/a | yes |
rg_name | Resource group name | string |
n/a | yes |
service_plan_id | Id of the App Service Plan for Function App hosting | string |
n/a | yes |
settings | Specifies the Authentication enabled or not | bool |
false |
no |
site_config | Site config for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#site_config. IP restriction attribute is not managed in this block. | any |
{} |
no |
storage_account_access_key | Access key the storage account to use. If null a new storage account is created | string |
null |
no |
storage_account_name | Name of storage account | string |
n/a | yes |
storage_container_name | The name of the storage container to keep backups | any |
null |
no |
storage_key_vault_secret_id | The secret ID for the connection string of the storage account used by the function app | string |
"" |
no |
storage_uses_managed_identity | If you want the storage account to use a managed identity instead of a access key | bool |
false |
no |
tags | A map of the tags to use on the resources that are deployed with this module. | map(string) |
{ |
no |
Name | Description |
---|---|
custom_domain_vertification_id | The identifier for DNS txt ownership |
default_hostname | The default hostname for the function app |
fnc_app_id | The ID of the App Service. |
fnc_app_name | The name of the App Service. |
fnc_identity | The managed identity block from the Function app |
fnc_site_credential | The site credential block |
kind | The kind of the functionapp |
outbound_ip_addresses | A comma separated list of outbound IP addresses |
possible_outbound_ip_addresses | A comma separated list of outbound IP addresses. not all of which are necessarily in use |
site_credential | The output of any site credentials |