This Terraform module creates an Azure Function App with its App Service Plan, a consumption plan by default. A Storage Account and an Application Insights are required and are created if not provided. This module allows to deploy a application from a local or remote ZIP file that will be stored on the associated storage account.
You can create an Azure Function without plan by using the submodule modules/functionapp.
Azure Functions v3 are now supported by this module and is the default one.
Based on a current limitation, you cannot mix Windows and Linux apps in the same resource group.
Limitations documentation: docs.microsoft.com/en-us/azure/app-service/containers/app-service-linux-intro#limitations
| Module version | Terraform version | AzureRM version |
|---|---|---|
| >= 5.x.x | 0.15.x & 1.0.x | >= 2.0 |
| >= 4.x.x | 0.13.x | >= 2.0 |
| >= 3.x.x | 0.12.x | >= 2.0 |
| >= 2.x.x | 0.12.x | < 2.0 |
| < 2.x.x | 0.11.x | < 2.0 |
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper available in the documentation.
module "azure_region" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
location = module.azure_region.location
client_name = var.client_name
environment = var.environment
stack = var.stack
}
module "logs" {
source = "claranet/run-common/azurerm//modules/logs"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
}
### Windows
module "function_app_windows" {
source = "claranet/function-app/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
name_prefix = "hello"
app_service_plan_os = "Windows"
function_app_application_settings = {
"tracker_id" = "AJKGDFJKHFDS"
"backend_api_url" = "https://backend.domain.tld/api"
}
logs_destinations_ids = [
module.logs.logs_storage_account_id,
module.logs.log_analytics_workspace_id
]
extra_tags = {
foo = "bar"
}
}
### Linux
module "function_app_linux" {
source = "claranet/function-app/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
name_prefix = "hello"
app_service_plan_os = "Linux"
function_language_for_linux = "python"
function_app_version = 3
function_app_application_settings = {
"tracker_id" = "AJKGDFJKHFDS"
"backend_api_url" = "https://backend.domain.tld/api"
}
logs_destinations_ids = [
module.logs.logs_storage_account_id,
module.logs.log_analytics_workspace_id
]
extra_tags = {
foo = "bar"
}
}
No providers.
| Name | Source | Version |
|---|---|---|
| app_service_plan | claranet/app-service-plan/azurerm | 5.1.0 |
| function_app | ./modules/functionapp | n/a |
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| app_service_plan_custom_name | Custom name for app service plan | string |
"" |
no |
| app_service_plan_extra_tags | Extra tags to add to App Service Plan | map(string) |
{} |
no |
| app_service_plan_name_prefix | App Service Plan name prefix | string |
"" |
no |
| app_service_plan_os | App Service Plan OS for dedicated plans, can be "Linux" or "Windows" | string |
n/a | yes |
| app_service_plan_reserved | Flag indicating if dedicated App Service Plan should be reserved | string |
"false" |
no |
| app_service_plan_sku | App Service Plan sku if created, consumption plan by default | map(string) |
{ |
no |
| application_insights_custom_name | Custom name for application insights deployed with function app | string |
"" |
no |
| application_insights_enabled | Enable or disable the Application Insights deployment | bool |
true |
no |
| application_insights_extra_tags | Extra tags to add to Application Insights | map(string) |
{} |
no |
| application_insights_id | ID of the existing Application Insights to use instead of deploying a new one. | string |
null |
no |
| application_insights_name_prefix | Application Insights name prefix | string |
"" |
no |
| application_insights_type | Application Insights type if need to be generated | string |
"web" |
no |
| application_zip_package_path | Local or remote path of a zip package to deploy on the Function App | string |
null |
no |
| authorized_ips | IPs restriction for Function. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction | list(string) |
[] |
no |
| authorized_service_tags | Service Tags restriction for Function. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction | list(string) |
[] |
no |
| authorized_subnet_ids | Subnets restriction for Function. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction | list(string) |
[] |
no |
| client_name | Client name/account used in naming | string |
n/a | yes |
| custom_diagnostic_settings_name | Custom name of the diagnostics settings, name will be 'default' if not set. | string |
"default" |
no |
| default_tags_enabled | Option to enable or disable default tags | bool |
true |
no |
| environment | Project environment | string |
n/a | yes |
| extra_tags | Extra tags to add | map(string) |
{} |
no |
| function_app_application_settings | Function App application settings | map(string) |
{} |
no |
| function_app_custom_name | Custom name for function app | string |
"" |
no |
| function_app_extra_tags | Extra tags to add to Function App | map(string) |
{} |
no |
| function_app_name_prefix | Function App name prefix | string |
"" |
no |
| function_app_site_config | Site config for Function App. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#site_config. IP restriction attribute is not managed in this block. | any |
{} |
no |
| function_app_version | Version of the function app runtime to use (Allowed values 2 or 3) | number |
3 |
no |
| function_app_vnet_integration_enabled | Enable VNET integration with the Function App. function_app_vnet_integration_subnet_id is mandatory if enabled |
bool |
false |
no |
| function_app_vnet_integration_subnet_id | ID of the subnet to associate with the Function App (VNet integration) | string |
null |
no |
| function_language_for_linux | Language of the Function App on Linux hosting, can be "dotnet", "node" or "python" | string |
"dotnet" |
no |
| https_only | Disable http procotol and keep only https | bool |
true |
no |
| identity_ids | UserAssigned Identities ID to add to Function App. Mandatory if type is UserAssigned | list(string) |
null |
no |
| identity_type | Add an Identity (MSI) to the function app. Possible values are SystemAssigned or UserAssigned | string |
"SystemAssigned" |
no |
| ip_restriction_headers | IPs restriction headers for Function. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#headers | map(list(string)) |
null |
no |
| location | Azure location for Function App and related resources | string |
n/a | yes |
| location_short | Short string for Azure location | string |
n/a | yes |
| logs_categories | Log categories to send to destinations. | list(string) |
null |
no |
| logs_destinations_ids | List of destination resources Ids for logs diagnostics destination. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set. Empty list to disable logging. | list(string) |
n/a | yes |
| logs_metrics_categories | Metrics categories to send to destinations. | list(string) |
null |
no |
| logs_retention_days | Number of days to keep logs on storage account | number |
30 |
no |
| name_prefix | Optional prefix for the generated name | string |
"" |
no |
| name_suffix | Optional suffix for the generated name | string |
"" |
no |
| resource_group_name | Resource group name | string |
n/a | yes |
| scm_authorized_ips | SCM IPs restriction for Function. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#scm_ip_restriction | list(string) |
[] |
no |
| scm_authorized_service_tags | SCM Service Tags restriction for Function. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#scm_ip_restriction | list(string) |
[] |
no |
| scm_authorized_subnet_ids | SCM subnets restriction for Function. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#scm_ip_restriction | list(string) |
[] |
no |
| scm_ip_restriction_headers | IPs restriction headers for Function. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#scm_ip_restriction | map(list(string)) |
null |
no |
| stack | Project stack name | string |
n/a | yes |
| storage_account_access_key | Access key the storage account to use. If null a new storage account is created | string |
null |
no |
| storage_account_enable_advanced_threat_protection | Boolean flag which controls if advanced threat protection is enabled, see here for more information. | bool |
false |
no |
| storage_account_enable_https_traffic_only | Boolean flag which controls if https traffic only is enabled. | bool |
true |
no |
| storage_account_extra_tags | Extra tags to add to Storage Account | map(string) |
{} |
no |
| storage_account_kind | Storage Account Kind | string |
"StorageV2" |
no |
| storage_account_min_tls_version | Storage Account minimal TLS version | string |
"TLS1_2" |
no |
| storage_account_name | Name of the Storage account to attach to function | string |
null |
no |
| storage_account_name_prefix | Storage Account name prefix | string |
"" |
no |
| use_caf_naming | Use the Azure CAF naming provider to generate default resource name. custom_name override this if set. Legacy default name is used if this is set to false. |
bool |
true |
no |
| Name | Description |
|---|---|
| app_service_plan_id | Id of the created App Service Plan |
| app_service_plan_name | Name of the created App Service Plan |
| application_insights_app_id | App id of the associated Application Insights |
| application_insights_application_type | Application Type of the associated Application Insights |
| application_insights_id | Id of the associated Application Insights |
| application_insights_instrumentation_key | Instrumentation key of the associated Application Insights |
| application_insights_name | Name of the associated Application Insights |
| function_app_connection_string | Connection string of the created Function App |
| function_app_id | Id of the created Function App |
| function_app_identity | Identity block output of the Function App |
| function_app_name | Name of the created Function App |
| function_app_outbound_ip_addresses | Outbound IP adresses of the created Function App |
| storage_account_id | Id of the associated Storage Account, empty if connection string provided |
| storage_account_name | Name of the associated Storage Account, empty if connection string provided |
| storage_account_primary_access_key | Primary connection string of the associated Storage Account, empty if connection string provided |
| storage_account_primary_connection_string | Primary connection string of the associated Storage Account, empty if connection string provided |
| storage_account_secondary_access_key | Secondary connection string of the associated Storage Account, empty if connection string provided |
| storage_account_secondary_connection_string | Secondary connection string of the associated Storage Account, empty if connection string provided |
Microsoft Azure Functions documentation: github.com/Azure/Azure-Functions#documentation-1