This Terraform feature creates an Azure Function App. A Storage Account and an Application Insights are required and are created if not provided. An App Service Plan must be provided for hosting. This module also support Diagnostics Settings activation.
Module version | Terraform version | AzureRM version |
---|---|---|
>= 4.x.x | 0.13.x | >= 2.42 |
>= 3.x.x | 0.12.x | >= 2.0 |
>= 2.x.x | 0.12.x | < 2.0 |
< 2.x.x | 0.11.x | < 2.0 |
This module is optimized to work with the Claranet terraform-wrapper tool which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper available in the documentation.
Here's 2 examples combined with the function-app-with-plan
feature in order to have 2 functions on a dedicated App Service Plan.
module "azure-region" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
azure_region = module.azure-region.location
client_name = var.client_name
environment = var.environment
stack = var.stack
}
module "function-plan" {
source = "claranet/app-service-plan/azurerm"
version = "x.x.x"
location = module.azure-region.location
location_short = module.azure-region.location_short
client_name = var.client_name
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
kind = "Windows"
sku = {
size = "S1"
tier = "Standard"
}
}
module "function1" {
source = "claranet/function-app-single/azurerm"
version = "x.x.x"
location = module.azure-region.location
location_short = module.azure-region.location_short
client_name = var.client_name
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
function_app_name_prefix = "function2"
app_service_plan_id = module.function-plan.app_service_plan_id
function_app_application_settings = {
"tracker_id" = "AJKGDFJKHFDS"
"backend_api_url" = "https://backend.domain.tld/api"
}
}
module "azure-region" {
source = "claranet/regions/azurem"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
azure_region = module.azure-region.location
client_name = var.client_name
environment = var.environment
stack = var.stack
}
module "function-plan" {
source = "claranet/app-service-plan/azurerm"
version = "x.x.x"
location = module.azure-region.location
location_short = module.azure-region.location_short
client_name = var.client_name
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
kind = "Linux"
sku = {
size = "S1"
tier = "Standard"
}
}
module "function1" {
source = "claranet/function-app-single/azurerm"
location = module.azure-region.location
location_short = module.azure-region.location_short
client_name = var.client_name
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
function_app_name_suffix = "function2"
function_language_for_linux = "python"
app_service_plan_id = module.function-plan.app_service_plan_id
}
module "function-app" {
source = "claranet/function-app-single/azurerm"
version = "x.x.x"
location = module.azure-region.location
location_short = module.azure-region.location_short
client_name = var.client_name
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
function_app_name_prefix = "armv2"
storage_account_name = "MyStorageName"
app_service_plan_id = module.function-plan.app_service_plan_id
identity_type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.myIdentity.id]
function_app_application_settings = {
"tracker_id" = "AJKGDFJKHFDS"
"backend_api_url" = "https://backend.domain.tld/api"
}
logs_destinations_ids = [
data.terraform_remote_state.run.outputs.logs_storage_account_id,
data.terraform_remote_state.run.outputs.log_analytics_workspace_id
]
}
resource "azurerm_user_assigned_identity" "myIdentity" {
resource_group_name = module.rg.resource_group_name
location = module.azure-region.location
name = "MyManagedIdentity"
}
Name | Description | Type | Default | Required |
---|---|---|---|---|
app_service_plan_id | Id of the App Service Plan for Function App hosting | string |
n/a | yes |
application_insights_custom_name | Custom name for application insights | string |
"" |
no |
application_insights_enabled | Enable or disable the Application Insights deployment | bool |
true |
no |
application_insights_extra_tags | Extra tags to add to Application Insights | map(string) |
{} |
no |
application_insights_id | ID of the existing Application Insights to use instead of deploying a new one. | string |
null |
no |
application_insights_name_prefix | Application Insights name prefix | string |
"" |
no |
application_insights_type | Application Insights type if need to be generated | string |
"web" |
no |
authorized_ips | IPs restriction for Function. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction | list(string) |
[] |
no |
authorized_service_tags | Service Tags restriction for Function. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction | list(string) |
[] |
no |
authorized_subnet_ids | Subnets restriction for Function. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction | list(string) |
[] |
no |
client_name | Client name/account used in naming | string |
n/a | yes |
environment | Project environment | string |
n/a | yes |
extra_tags | Extra tags to add | map(string) |
{} |
no |
function_app_application_settings | Function App application settings | map(string) |
{} |
no |
function_app_custom_name | Custom name for function app | string |
"" |
no |
function_app_extra_tags | Extra tags to add to Function App | map(string) |
{} |
no |
function_app_name_prefix | Function App name prefix | string |
"" |
no |
function_app_version | Version of function app to use | number |
2 |
no |
function_language_for_linux | Language of the Function App on Linux hosting, can be "dotnet", "node" or "python" | string |
"dotnet" |
no |
https_only | Disable http procotol and keep only https | bool |
true |
no |
identity_ids | UserAssigned Identities ID to add to Function App. Mandatory if type is UserAssigned | list(string) |
null |
no |
identity_type | Add an Identity (MSI) to the function app. Possible values are SystemAssigned or UserAssigned | string |
"SystemAssigned" |
no |
location | Azure location. | string |
n/a | yes |
location_short | Short string for Azure location. | string |
n/a | yes |
log_retention_days | Number of days to keep logs | number |
31 |
no |
logs_destinations_ids | List of destination resources Ids for logs diagnostics destination. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set. Empty list to disable logging. | list(string) |
[] |
no |
logs_logs_categories | Logs categories to send to destinations | list(string) |
[ |
no |
logs_metrics_categories | Metrics categories to send to destinations. | list(string) |
[ |
no |
name_prefix | Name prefix for all resources generated name | string |
"" |
no |
os_type | A string indicating the Operating System type for this function app. | string |
null |
no |
resource_group_name | Resource group name | string |
n/a | yes |
site_config | Site config for App Service. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#site_config. IP restriction attribute is not managed in this block. | any |
{} |
no |
stack | Project stack name | string |
n/a | yes |
storage_account_enable_advanced_threat_protection | Boolean flag which controls if advanced threat protection is enabled, see here for more information. | bool |
false |
no |
storage_account_enable_https_traffic_only | Boolean flag which controls if https traffic only is enabled. | bool |
true |
no |
storage_account_extra_tags | Extra tags to add to Storage Account | map(string) |
{} |
no |
storage_account_kind | Storage Account Kind | string |
"StorageV2" |
no |
storage_account_min_tls_version | Storage Account minimal TLS version | string |
"TLS1_2" |
no |
storage_account_name | Name of the Storage account to attach to function | string |
null |
no |
storage_account_name_prefix | Storage Account name prefix | string |
"" |
no |
storage_account_primary_access_key | Primary access key the storage account to use. If null a new storage account is created | string |
null |
no |
Name | Description |
---|---|
app_insights_application_type | Application Type of the associated Application Insights |
app_service_plan_id | Id of the created App Service Plan |
application_insights_app_id | App id of the associated Application Insights |
application_insights_id | Id of the associated Application Insights |
application_insights_instrumentation_key | Instrumentation key of the associated Application Insights |
application_insights_name | Name of the associated Application Insights |
function_app_connection_string | Connection string of the created Function App |
function_app_id | Id of the created Function App |
function_app_identity | Identity block output of the Function App |
function_app_name | Name of the created Function App |
function_app_outbound_ip_addresses | Outbound IP adresses of the created Function App |
function_app_possible_outbound_ip_addresses | All possible outbound IP adresses of the created Function App |
storage_account_id | Id of the associated Storage Account, empty if connection string provided |
storage_account_name | Name of the associated Storage Account, empty if connection string provided |
storage_account_primary_access_key | Primary connection string of the associated Storage Account, empty if connection string provided |
storage_account_primary_connection_string | Primary connection string of the associated Storage Account, empty if connection string provided |
storage_account_secondary_access_key | Secondary connection string of the associated Storage Account, empty if connection string provided |
storage_account_secondary_connection_string | Secondary connection string of the associated Storage Account, empty if connection string provided |
- Microsoft Azure Functions documentation: github.com/Azure/Azure-Functions#documentation-1
- Microsoft Managed Identities documentation: docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
- Microsoft Azure Diagnostics Settings documentation docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-settings