This is the web hosting environment (App Service Environment) resource module for the Azure Verified Modules library. This module deploys an App Service Environment (ASE). It leverages the AzureRM provider and sets a number of initial defaults to minimize the overall inputs for simple configurations.
Important
As the overall AVM framework is not GA (generally available) yet - the CI framework and test automation is not fully functional and implemented across all supported languages yet - breaking changes are expected, and additional customer feedback is yet to be gathered and incorporated. Hence, modules WILL NOT be published at version 1.0.0 or higher at this time.
However, it is important to note that this DOES NOT mean that this module cannot be consumed and utilized. It CAN be leveraged in all types of environments (dev, test, prod etc.). Consumers can treat this just like any other IaC module and raise issues or feature requests against it as they learn from the usage of the module. Consumers should also read the release notes for each version, if considering updating to a more recent version of a module to see if there are any considerations or breaking changes etc.
The following requirements are needed by this module:
The following providers are used by this module:
The following resources are used by this module:
- azurerm_app_service_environment_v3.this (resource)
- azurerm_management_lock.this (resource)
- azurerm_resource_group_template_deployment.telemetry (resource)
- azurerm_role_assignment.this (resource)
- random_id.telem (resource)
The following input variables are required:
Description: The name of the this resource.
Type: string
Description: The resource group where the resources will be deployed.
Type: string
Description: The ID of the Subnet which the App Service Environment should be connected to.
Type: string
The following input variables are optional (have default values):
Description: Should new Private Endpoint Connections be allowed. Defaults to true.
Type: bool
Default: null
Description: You can store App Service Environment customizations by using an array in the new clusterSettings attribute. This attribute is found in the ''Properties'' dictionary of the hostingEnvironments Azure Resource Manager entity.
Type:
map(object({
name = optional(string, null)
value = optional(string, null)
}))Default: {}
Description: Customer managed keys that should be associated with the resource.
Type:
object({
key_vault_resource_id = string
key_name = string
key_version = optional(string, null)
user_assigned_identity = optional(object({
resource_id = string
}), null)
})Default: null
Description: This ASEv3 should use dedicated Hosts. Possible values are 2
Type: number
Default: null
Description: This variable controls whether or not telemetry is enabled for the module.
For more information see https://aka.ms/avm/telemetryinfo.
If it is set to false, then no telemetry will be collected.
Type: bool
Default: true
Description: Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment.
Type: string
Default: "None"
Description: Controls the Resource Lock configuration for this resource. The following properties can be specified:
kind- (Required) The type of lock. Possible values are\"CanNotDelete\"and\"ReadOnly\".name- (Optional) The name of the lock. If not specified, a name will be generated based on thekindvalue. Changing this forces the creation of a new resource.
Type:
object({
kind = string
name = optional(string, null)
})Default: null
Description: Managed identities to be created for the resource.
Type:
object({
system_assigned = optional(bool, false)
user_assigned_resource_ids = optional(set(string), [])
})Default: {}
Description: Specifies if remote debugging is enabled. Defaults to false.
Type: bool
Default: null
Description: A map of role assignments to create on the . The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.
role_definition_id_or_name- The ID or name of the role definition to assign to the principal.principal_id- The ID of the principal to assign the role to.description- (Optional) The description of the role assignment.skip_service_principal_aad_check- (Optional) If set to true, skips the Azure Active Directory check for the service principal in the tenant. Defaults to false.condition- (Optional) The condition which will be used to scope the role assignment.condition_version- (Optional) The version of the condition syntax. Leave asnullif you are not using a condition, if you are then valid values are '2.0'.delegated_managed_identity_resource_id- (Optional) The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created. This field is only used in cross-tenant scenario.principal_type- (Optional) The type of theprincipal_id. Possible values areUser,GroupandServicePrincipal. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
Note: only set
skip_service_principal_aad_checkto true if you are assigning a role to a service principal.
Type:
map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, false)
condition = optional(string, null)
condition_version = optional(string, null)
delegated_managed_identity_resource_id = optional(string, null)
principal_type = optional(string, null)
}))Default: {}
Description: (Optional) Tags of the resource.
Type: map(string)
Default: null
Description: Specifies if the App Service Environment is zone redundant. Defaults to true. Zonal ASEs can only be deployed in some regions
Type: bool
Default: true
The following outputs are exported:
Description: The name of the resource.
Description: The full resource object
Description: This is the full output for the resource.
No modules.
The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.