Giter Site home page Giter Site logo

azure-bicep-application-gateway-sample's Introduction

Application Gateway

This module will create an application gateway.

You can optionally configure the following:

  • Web Application Firewall (WAF)
  • Application Gateway Firewall Policy
  • Key vault integration with a managed identity for certificate retrieval
  • Diagnostic logs and resource lock

Usage

Example 1 - Application Gateway with diagnostic logs and resource lock

param deploymentName string = 'appgw${utcNow()}'

module appGateway 'applicationgateway.bicep' = {
  name: deploymentName
  params: {
    applicationGatewayName: 'MyApplicationGateway'
    sku: 'Standard_v2'
    tier: 'Standard_v2'
    zoneRedundant: true
    publicIpAddressName: 'MyPublicIpAddress'
    vNetResourceGroup: 'MyVnetResourceGroup'
    vNetName: 'MyVnetName'
    subnetName: 'MySubnetName'
    frontEndPorts: [
      {
        name: 'port_80'
        port: 80
      }
    ]
    httpListeners: [
      {
        name: 'MyHttpListener'
        protocol: 'Http'        
        frontEndPort: 'port_80'
      }
    ]
    backendAddressPools: [
      {
        name: 'MyBackendPool'
        backendAddresses: [
          {
            ipAddress: '10.1.2.3'
          }
        ]
      }
    ]
    backendHttpSettings: [
      {
        name: 'MyBackendHttpSetting'
        port: 80
        protocol: 'Http'
        cookieBasedAffinity: 'Enabled'
        affinityCookieName: 'MyCookieAffinityName'
        requestTimeout: 300
        connectionDraining: {
          drainTimeoutInSec: 60
          enabled: true
        }
      }
    ]
    rules: [
      {
        name: 'MyRuleName'
        ruleType: 'Basic'
        listener: 'MyHttpListener'
        backendPool: 'MyBackendPool'
        backendHttpSettings: 'MyBackendHttpSetting'
      }
    ]
    enableDeleteLock: true
    enableDiagnostics: true
    logAnalyticsWorkspaceId: 'MyLogAnalyticsWorkspaceResourceId'
    diagnosticStorageAccountId: 'MyStorageAccountResourceId'
  }
}

Example 2 - Application Gateway with WAF

param deploymentName string = 'appgw${utcNow()}'

module appGateway 'applicationgateway.bicep' = {
  name: deploymentName
  params: {
    applicationGatewayName: 'MyApplicationGateway'
    sku: 'WAF_v2'
    tier: 'WAF_v2'
    zoneRedundant: true
    enableWebApplicationFirewall: true
    firewallPolicyName: 'MyFirewallPolicyName'
    publicIpAddressName: 'MyPublicIpAddress'
    vNetResourceGroup: 'MyVnetResourceGroup'
    vNetName: 'MyVnetName'
    subnetName: 'MySubnetName'
    frontEndPorts: [
      {
        name: 'port_80'
        port: 80
      }
    ]
    httpListeners: [
      {
        name: 'MyHttpListener'
        protocol: 'Http'        
        frontEndPort: 'port_80'
      }
    ]
    backendAddressPools: [
      {
        name: 'MyBackendPool'
        backendAddresses: [
          {
            ipAddress: '10.1.2.3'
          }
        ]
      }
    ]
    backendHttpSettings: [
      {
        name: 'MyBackendHttpSetting'
        port: 80
        protocol: 'Http'
        cookieBasedAffinity: 'Enabled'
        affinityCookieName: 'MyCookieAffinityName'
        requestTimeout: 300
        connectionDraining: {
          drainTimeoutInSec: 60
          enabled: true
        }
      }
    ]
    rules: [
      {
        name: 'MyRuleName'
        ruleType: 'Basic'
        listener: 'MyHttpListener'
        backendPool: 'MyBackendPool'
        backendHttpSettings: 'MyBackendHttpSetting'
      }
    ]
  }
}

Example 3 - Application Gateway with custom probe

param deploymentName string = 'appgw${utcNow()}'

module appGateway 'applicationgateway.bicep' = {
  name: deploymentName
  params: {
    applicationGatewayName: 'MyApplicationGateway'
    sku: 'WAF_v2'
    tier: 'WAF_v2'
    enableWebApplicationFirewall: true
    firewallPolicyName: 'MyFirewallPolicyName'
    publicIpAddressName: 'MyPublicIpAddress'
    vNetResourceGroup: 'MyVnetResourceGroup'
    vNetName: 'MyVnetName'
    subnetName: 'MySubnetName'
    customProbes: [
      {
        name: 'MyCustomProbe'        
        protocol: 'Http'
        host: 'example.com.au'
        path: '/'
        interval: 30
        timeout: 10
        unhealthyThreshold: 3
        pickHostNameFromBackendHttpSettings: false
        minServers: 0
        match: {
          statusCodes: [
            '200-399'
          ]
        }        
      }
    ]
    frontEndPorts: [
      {
        name: 'port_80'
        port: 80
      }
    ]
    httpListeners: [
      {
        name: 'MyHttpListener'
        protocol: 'Http'        
        frontEndPort: 'port_80'
      }
    ]
    backendAddressPools: [
      {
        name: 'MyBackendPool'
        backendAddresses: [
          {
            ipAddress: '10.1.2.3'
          }
        ]
      }
    ]
    backendHttpSettings: [
      {
        name: 'MyBackendHttpSetting'
        port: 80
        protocol: 'Http'
        cookieBasedAffinity: 'Enabled'
        affinityCookieName: 'MyCookieAffinityName'
        requestTimeout: 300
        connectionDraining: {
          drainTimeoutInSec: 60
          enabled: true
        }
        probeName: 'MyCustomProbe'
      }
    ]
    rules: [
      {
        name: 'MyRuleName'
        ruleType: 'Basic'
        listener: 'MyHttpListener'
        backendPool: 'MyBackendPool'
        backendHttpSettings: 'MyBackendHttpSetting'
      }
    ]
  }
}

Example 4 - Application Gateway with redirection rule

param deploymentName string = 'appgw${utcNow()}'

module appGateway 'applicationgateway.bicep' = {
  name: deploymentName
  params: {
    applicationGatewayName: 'MyApplicationGateway'
    sku: 'WAF_v2'
    tier: 'WAF_v2'
    enableWebApplicationFirewall: true
    firewallPolicyName: 'MyFirewallPolicyName'
    publicIpAddressName: 'MyPublicIpAddress'
    vNetResourceGroup: 'MyVnetResourceGroup'
    vNetName: 'MyVnetName'
    subnetName: 'MySubnetName'
    redirectConfigurations: [
      {
        name: 'MyRedirectonRuleName'
        redirectType: 'Permanent'
        targetUrl: 'https://www.example.com.au'
        includePath: true
        includeQueryString: true
        requestRoutingRule: 'MyRuleName'
      }
    ]
    customProbes: [
      {
        name: 'MyCustomProbe'        
        protocol: 'Http'
        host: 'example.com.au'
        path: '/'
        interval: 30
        timeout: 10
        unhealthyThreshold: 3
        pickHostNameFromBackendHttpSettings: false
        minServers: 0
        match: {
          statusCodes: [
            '200-399'
          ]
        }        
      }
    ]
    frontEndPorts: [
      {
        name: 'port_80'
        port: 80
      }
    ]
    httpListeners: [
      {
        name: 'MyHttpListener'
        protocol: 'Http'        
        frontEndPort: 'port_80'
      }
    ]
    rules: [
      {
        name: 'MyRuleName'
        ruleType: 'Basic'
        listener: 'MyHttpListener'
        redirectConfiguration: 'MyRedirectonRuleName'
      }
    ]
  }
}

Example 5 - Application Gateway retrieving certificates from key vault

param deploymentName string = 'appgw${utcNow()}'

module appGateway 'applicationgateway.bicep' = {
  name: deploymentName
  params: {
    applicationGatewayName: 'MyApplicationGateway'
    sku: 'WAF_v2'
    tier: 'WAF_v2'
    enableWebApplicationFirewall: true
    firewallPolicyName: 'MyFirewallPolicyName'
    publicIpAddressName: 'MyPublicIpAddress'
    vNetResourceGroup: 'MyVnetResourceGroup'
    vNetName: 'MyVnetName'
    subnetName: 'MySubnetName'
    managedIdentityResourceId: 'MyManagedIdentityResourceId'
    sslCertificates: [
      {
        name: 'MySslCertName'
        keyVaultResourceId: 'MyKeyVaultResourceId'
        secretName: 'MySecretName'
      }
    ]
    trustedRootCertificates: [
      {
        name: 'MyTrustedRootCertName'
        keyVaultResourceId: 'MyKeyVaultResourceId'
        secretName: 'MySecretName'
      }
    ]
    customProbes: [
      {
        name: 'MyCustomProbe'        
        protocol: 'Http'
        host: 'example.com.au'
        path: '/'
        interval: 30
        timeout: 10
        unhealthyThreshold: 3
        pickHostNameFromBackendHttpSettings: false
        minServers: 0
        match: {
          statusCodes: [
            '200-399'
          ]
        }        
      }
    ]
    frontEndPorts: [
      {
        name: 'port_80'
        port: 80
      }
      {
        name: 'port_443'
        port: 443
      }
    ]
    httpListeners: [
      {
        name: 'MyHttpListener'
        protocol: 'Http'        
        frontEndPort: 'port_80'
      }
      {
        name: 'MyHttpsListener'
        protocol: 'Https'
        port: 443
        frontEndPort: 'port_443'
        sslCertificate: 'MySslCertName'
        hostNames: [
          'example.com.au'
        ]
        firewallPolicy: 'enabled'
      }
    ]
    backendAddressPools: [
      {
        name: 'MyBackendPool'
        backendAddresses: [
          {
            fqdn: 'example.com'
          }
        ]
      }
    ]
    backendHttpSettings: [
      {
        name: 'MyBackendHttpSetting'
        port: 80
        protocol: 'Http'
        cookieBasedAffinity: 'Enabled'
        affinityCookieName: 'MyCookieAffinityName'
        requestTimeout: 300
        connectionDraining: {
          drainTimeoutInSec: 60
          enabled: true
        }
        probeName: 'MyCustomProbe'
      }
      {
        name: 'MyBackendHttpsSetting'
        port: 443
        protocol: 'Https'
        cookieBasedAffinity: 'Disabled'
        requestTimeout: 300
        connectionDraining: {
          drainTimeoutInSec: 60
          enabled: true
        }
        trustedRootCertificate: 'MyTrustedRootCertName'
        hostName: 'ca.example.com'
      }
    ]
    rules: [
      {
        name: 'MyRuleName'
        ruleType: 'Basic'
        listener: 'MyHttpListener'
        backendPool: 'MyBackendPool'
        backendHttpSettings: 'MyBackendHttpSetting'
      }
    ]
  }
}

azure-bicep-application-gateway-sample's People

Contributors

tw3lveparsecs avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.