Skip to content
/ terraform-azurerm-windows-function-app Public
generated from libre-devops/terraform-module-template

A module used to deploy the NEW Windows function app resource as per Azurerm 3.0, with some parameters ⭐

License

MIT license
1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

libre-devops/terraform-azurerm-windows-function-app

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.github/workflows
.github/workflows
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
DOCS.md
DOCS.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
fnc-app.tf
fnc-app.tf
 
 
input.tf
input.tf
 
 
output.tf
output.tf
 
 

Repository files navigation

module "rg" {
  source = "registry.terraform.io/libre-devops/rg/azurerm"

  rg_name  = "rg-${var.short}-${var.loc}-${terraform.workspace}-build" // rg-ldo-euw-dev-build
  location = local.location                                            // compares var.loc with the var.regions var to match a long-hand name, in this case, "euw", so "westeurope"
  tags     = local.tags

  #  lock_level = "CanNotDelete" // Do not set this value to skip lock
}

// This module does not consider for CMKs and allows the users to manually set bypasses
#checkov:skip=CKV2_AZURE_1:CMKs are not considered in this module
#checkov:skip=CKV2_AZURE_18:CMKs are not considered in this module
#checkov:skip=CKV_AZURE_33:Storage logging is not configured by default in this module
#tfsec:ignore:azure-storage-queue-services-logging-enabled tfsec:ignore:azure-storage-allow-microsoft-service-bypass #tfsec:ignore:azure-storage-default-action-deny
module "sa" {
  source = "registry.terraform.io/libre-devops/storage-account/azurerm"

  rg_name  = module.rg.rg_name
  location = module.rg.rg_location
  tags     = module.rg.rg_tags

  storage_account_name            = "st${var.short}${var.loc}${terraform.workspace}01"
  access_tier                     = "Hot"
  identity_type                   = "SystemAssigned"
  allow_nested_items_to_be_public = true

  storage_account_properties = {

    // Set this block to enable network rules
    network_rules = {
      default_action = "Allow"
    }

    blob_properties = {
      versioning_enabled       = false
      change_feed_enabled      = false
      default_service_version  = "2020-06-12"
      last_access_time_enabled = false

      deletion_retention_policies = {
        days = 10
      }

      container_delete_retention_policy = {
        days = 10
      }
    }

    routing = {
      publish_internet_endpoints  = false
      publish_microsoft_endpoints = true
      choice                      = "MicrosoftRouting"
    }
  }
}

module "fnc_plan" {
  source = "registry.terraform.io/libre-devops/service-plan/azurerm"

  rg_name  = module.rg.rg_name
  location = module.rg.rg_location
  tags     = module.rg.rg_tags

  app_service_plan_name          = "asp-${var.short}-${var.loc}-${terraform.workspace}-01"
  add_to_app_service_environment = false

  os_type  = "Windows"
  sku_name = "Y1"
}

#checkov:skip=CKV2_AZURE_145:TLS 1.2 is allegedly the latest supported as per hashicorp docs
module "fnc_app" {
  source = "registry.terraform.io/libre-devops/windows-function-app/azurerm"

  rg_name  = module.rg.rg_name
  location = module.rg.rg_location
  tags     = module.rg.rg_tags

  app_name        = "fnc-${var.short}-${var.loc}-${terraform.workspace}-01"
  service_plan_id = module.fnc_plan.service_plan_id

  storage_account_name          = module.sa.sa_name
  storage_account_access_key    = module.sa.sa_primary_access_key
  storage_uses_managed_identity = "false"

  identity_type               = "SystemAssigned"
  functions_extension_version = "~4"

  settings = {
    site_config = {
      minimum_tls_version = "1.2"
      http2_enabled       = true

      application_stack = {
        powershell_core_version = 7
      }
    }

    auth_settings = {
      enabled = true
    }
  }
}

Requirements

No requirements.

Providers

Name Version
azurerm n/a

Modules

No modules.

Resources

Name Type
azurerm_app_service_virtual_network_swift_connection.function_vnet_integration resource
azurerm_windows_function_app.function_app resource

Inputs

Name Description Type Default Required
active_directory_auth_setttings Active directory authentication provider settings for app service any {} no
app_name The name of the function app string n/a yes
app_settings Function App application settings map(any) {} no
builtin_logging_enabled Whether AzureWebJobsDashboards should be enabled, default is true bool true no
client_certificate_enabled Whether client certificate auth is enabled, default is false bool false no
client_certificate_mode The option for client certificates string "Optional" no
connection_strings Connection strings for App Service list(map(string)) [] no
daily_memory_time_quota The amount of memory in gigabyte-seconds that your app can consume per day, defaults to 0 number 0 no
enabled Is the function app enabled? Default is true bool true no
force_disabled_content_share Should content share be disabled in storage account? Default is false bool false no
function_app_vnet_integration_enabled Enable VNET integration with the Function App. function_app_vnet_integration_subnet_id is mandatory if enabled bool false no
function_app_vnet_integration_subnet_id ID of the subnet to associate with the Function App (VNet integration) string null no
functions_extension_version The function extension version string n/a yes
https_only Disable http procotol and keep only https bool true no
identity_ids Specifies a list of user managed identity ids to be assigned to the VM. list(string) [] no
identity_type The Managed Service Identity Type of this Virtual Machine. string "" no
location Azure location. string n/a yes
rg_name Resource group name string n/a yes
service_plan_id Id of the App Service Plan for Function App hosting string n/a yes
settings Specifies the Authentication enabled or not bool false no
site_config Site config for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#site_config. IP restriction attribute is not managed in this block. any {} no
storage_account_access_key Access key the storage account to use. If null a new storage account is created string null no
storage_account_name Name of storage account string n/a yes
storage_container_name The name of the storage container to keep backups any null no
storage_key_vault_secret_id The secret ID for the connection string of the storage account used by the function app string "" no
storage_uses_managed_identity If you want the storage account to use a managed identity instead of a access key bool false no
tags A map of the tags to use on the resources that are deployed with this module. map(string) 
{
  "source": "terraform"
}
 no

Outputs

Name Description
custom_domain_vertification_id The identifier for DNS txt ownership
default_hostname The default hostname for the function app
fnc_app_id The ID of the App Service.
fnc_app_name The name of the App Service.
fnc_identity The managed identity block from the Function app
fnc_site_credential The site credential block
kind The kind of the functionapp
outbound_ip_addresses A comma separated list of outbound IP addresses
possible_outbound_ip_addresses A comma separated list of outbound IP addresses. not all of which are necessarily in use
site_credential The output of any site credentials

About

A module used to deploy the NEW Windows function app resource as per Azurerm 3.0, with some parameters ⭐

Topics

module azure terraform azurerm terraform-module azurerm-terraform-provider

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

2 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages