Add App configuration AFD template#14668
Add App configuration AFD template#14668MaryanneNjeri wants to merge 16 commits intoAzure:masterfrom
Conversation
azure-quickstarts
added
readme violations
|
|
||
| ## Prerequisites | ||
|
|
||
| Before you begin, ensure you have: |
There was a problem hiding this comment.
Can we add our AFD doc link somewhere? https://aka.ms/appconfig/azurefrontdoor
There was a problem hiding this comment.
Updated to add AFD doc link
|
|
||
|
|
||
|
|
||
| `Tags: Azure4Student, AppConfiguration, Beginner, Microsoft.Storage/storageAccounts, Microsoft.Network/publicIPAddresses, Microsoft.Network/virtualNetworks, Microsoft.Network/networkInterfaces, Microsoft.Compute/virtualMachines` No newline at end of file |
There was a problem hiding this comment.
Are these standard tags used in other ARM templates? If there's room for improvement here, we should add front door/cdn specific tags
There was a problem hiding this comment.
Yes some most of our App config templates have these tags, I saw for the cdn templates they have the tag Tags: Microsoft.Resources/deployments, Microsoft.Web/serverfarms, Microsoft.Web/sites, Microsoft.Cdn/profiles, Microsoft.Cdn/profiles/afdEndpoints, Microsoft.Cdn/profiles/originGroups, Microsoft.Cdn/profiles/originGroups/origins, Microsoft.Cdn/profiles/afdEndpoints/routes.
I just want to confirm the tags we should add are Microsoft.Cdn/profiles, Microsoft.Cdn/profiles/afdEndpoints, Microsoft.Cdn/profiles/originGroups, Microsoft.Cdn/profiles/originGroups/origins, Microsoft.Cdn/profiles/afdEndpoints/routes ?
| 1. App Configuration Data Owner or App Configuration Data Reader role | ||
|
|
||
|
|
||
| Add the following key-values to you Azure App Configuration store: |
There was a problem hiding this comment.
| Add the following key-values to you Azure App Configuration store: | |
| Add the following key-value to your Azure App Configuration store: |
There was a problem hiding this comment.
Thanks for catching this, updated.
| Before you begin, ensure you have: | ||
|
|
||
| 1. An active Azure subscription | ||
| 1. An existing Azure App Configuration store. To create an App Configuration store using ARM template, see [App Configuration store](https://azure.microsoft.com/resources/templates/101-app-configuration-store/). |
There was a problem hiding this comment.
My bad, thanks for catching this. Updated
| 1. An existing Azure App Configuration store. To create an App Configuration store using ARM template, see [App Configuration store](https://azure.microsoft.com/resources/templates/101-app-configuration-store/). | ||
| 1. Permissions to create and manage Azure Front Door resources (Contributor or equivalent) | ||
| 1. Permissions to assign roles on the App Configuration resource (Owner or User Access Administrator) | ||
| 1. App Configuration Data Owner or App Configuration Data Reader role |
There was a problem hiding this comment.
We can add the same prereq from public docs:
Basic understanding of CDN and content delivery concepts
There was a problem hiding this comment.
Yes, updated to have the same prereq as the public docs
| @@ -0,0 +1,60 @@ | |||
| --- | |||
| description: This template creates an Azure FrontDoor resource and connects an existing App Configuration store to the newly created Azure Front Door resource. | |||
There was a problem hiding this comment.
Can you add a short description about the AFD endpoint setup? I think its ok if the description is slightly longer than usual since this is a more advanced scenario
There was a problem hiding this comment.
Updated description to include the AFD endpoint set up, please let me know what you think
| }, | ||
| "configurationStoreName": { | ||
| "type": "string", | ||
| "defaultValue": "[format('appconfig-{0}', uniqueString(resourceGroup().id))]", |
There was a problem hiding this comment.
Are you creating a config store in this template or using a pre-existing one?
There was a problem hiding this comment.
If user passes the name of a pre-existing store the template will update the store, if user doesn't then a new store will be created.
| }, | ||
| "afdResourceSku": { | ||
| "type": "string", | ||
| "defaultValue": "Premium_AzureFrontDoor", |
There was a problem hiding this comment.
We can use Standard AFD in the template. Premium is not necessary if standard has origin auth support.
| "name": "[parameters('skuName')]" | ||
| }, | ||
| "properties": { | ||
| "disableLocalAuth": true, |
| "updateConfigStoreUrl": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/updateConfigStore.json', parameters('_artifactsLocationSasToken')))]", | ||
| "roleAssignmentUrl": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/roleAssignment.json', parameters('_artifactsLocationSasToken')))]" | ||
| }, | ||
| "resources": [ |
There was a problem hiding this comment.
From copilot:
The configurationStore and frontDoorChildResources nested deployments are missing "expressionEvaluationOptions": { "scope": "inner" }, while frontDoor and roleAssignment have it. This inconsistency can lead to unexpected expression evaluation behavior (e.g., resourceGroup() evaluated in the outer vs. inner scope). All nested templates should consistently use "scope": "inner".
There was a problem hiding this comment.
This has been updated, thanks
| "queryStringCachingBehavior": "IncludeSpecifiedQueryStrings", | ||
| "queryParameters": "after,api-version,key,label,snapshot,tags", | ||
| "cacheBehavior": "OverrideAlways", | ||
| "cacheDuration": "00:10:10" |
There was a problem hiding this comment.
My bad it should be 10mins, not 10mins 10seconds. Updated to 10mins which is represented as 00:10:00
3 participants
PR Checklist
Check these items before submitting a PR...
Contribution Guide
Best Practice Guide
Changelog