This is an Azure Verified Module (AVM) for deploying and managing Azure App Service resources, including Web Apps, Function Apps, and Logic Apps (Standard).
It supports Linux and Windows operating systems, deployment slots, custom domains, managed identities, private endpoints, diagnostic settings, Application Insights integration, IP restrictions, auto heal, storage mounts, and Flex Consumption plans.
Starting with the azapi-based releases of this module, the main site resource
is implemented as a single azapi_resource.this regardless of the app kind.
Previous versions of this module used a different azurerm_* resource per
flavour (Web App, Function App, Flex Consumption, Logic App Standard, Linux
or Windows). Because Terraform cannot know which of those resource types
existed in your state, this module does not ship a built-in moved block
for the main site resource - shipping one would silently change the app
kind for users of the other flavours (for example turning a Function App
into a Web App) or produce an Ambiguous move statements error when combined
with a user-supplied moved block.
If you are upgrading from an earlier azurerm-based release and want to keep
your existing app in place (instead of having Terraform destroy and recreate
it), add a moved block in your root configuration that matches the
resource type you previously had in state. Pick the snippet below that
corresponds to your previous app flavour and adapt the module instance
address (for example module.web_app or module.web_app["my_key"]) to your
configuration.
Tip: run
terraform state list | grep -i <module-address>first to confirm the exact source address that is currently in state.
moved {
from = module.web_app.azurerm_linux_web_app.this[0]
to = module.web_app.azapi_resource.this
}moved {
from = module.web_app.azurerm_windows_web_app.this[0]
to = module.web_app.azapi_resource.this
}moved {
from = module.function_app.azurerm_linux_function_app.this[0]
to = module.function_app.azapi_resource.this
}moved {
from = module.function_app.azurerm_windows_function_app.this[0]
to = module.function_app.azapi_resource.this
}moved {
from = module.function_app.azurerm_function_app_flex_consumption.this[0]
to = module.function_app.azapi_resource.this
}moved {
from = module.logic_app.azurerm_logic_app_standard.this[0]
to = module.logic_app.azapi_resource.this
}If the module is instantiated with for_each / count, include the instance
key or index in the address, for example:
moved {
from = module.web_app["primary"].azurerm_linux_web_app.this[0]
to = module.web_app["primary"].azapi_resource.this
}Important: only add one
movedblock per module instance, matching the resource type that actually exists in your state. Adding moved blocks for resource types that were never in state is harmless (Terraform treats them as no-ops), but chaining amovedblock from oneazurerm_*flavour to a differentazurerm_*flavour (for example moving a Flex Consumption Function App toazurerm_linux_web_appfirst) will cause the body generated for the wrong app kind to be applied and can result in failed updates such asInvalidMaximumInstanceCountfrom the ARM API.
The following requirements are needed by this module:
-
terraform (>= 1.9, < 2.0)
-
azapi (~> 2.9)
-
modtm (~> 0.3)
-
random (>= 3.5.0, < 4.0.0)
-
time (>= 0.9.0, < 1.0.0)
The following resources are used by this module:
- azapi_resource.diagnostic_setting (resource)
- azapi_resource.lock (resource)
- azapi_resource.lock_private_endpoint (resource)
- azapi_resource.private_dns_zone_group (resource)
- azapi_resource.private_endpoint (resource)
- azapi_resource.role_assignment (resource)
- azapi_resource.role_assignment_private_endpoint (resource)
- azapi_resource.this (resource)
- azapi_resource_action.active_slot (resource)
- modtm_telemetry.telemetry (resource)
- random_uuid.telemetry (resource)
- time_sleep.wait_before_zip_deploy (resource)
- azapi_client_config.telemetry (data source)
- modtm_module_source.telemetry (data source)
The following input variables are required:
Description: Azure region where the resource should be deployed.
Type: string
Description: The name which should be used for the App Service.
Type: string
Description: The resource ID of the Resource Group where the App Service will be deployed.
Type: string
Description: The resource ID of the App Service Plan to deploy the App Service in.
Type: string
The following input variables are optional (have default values):
Description: Should child resources inherit tags from the parent resource? Defaults to true.
Type: bool
Default: true
Description: A map of always-ready instances for Flex Consumption Function Apps.
name: The trigger type or function name. Valid values:http,blob,durable,function:<target-function-app-name>.instance_count: The number of always-ready instances. Defaults to0.
Type:
map(object({
name = optional(string)
instance_count = optional(number, 0)
}))Default: {}
Description: Object that sets the active slot for the App Service.
slot_key- The key of the slot object to set as active.overwrite_network_config- Determines if the network configuration should be overwritten. Defaults totrue.
Type:
object({
slot_key = optional(string)
overwrite_network_config = optional(bool, true)
})Default: null
Description: A map of key-value pairs for App Settings and custom values to assign to the App Service.
These are set via the Microsoft.Web/sites/config (name: appsettings) sub-resource.
Type: map(string)
Default: {}
Description: The Application Insights connection string. Provide this from an externally managed Application Insights resource.
Type: string
Default: null
Description: The Application Insights instrumentation key. Provide this from an externally managed Application Insights resource.
Type: string
Default: null
Description: A map of authentication settings to assign to the App Service.
additional_login_parameters- (Optional) A map of additional login parameters.allowed_external_redirect_urls- (Optional) A list of allowed external redirect URLs.default_provider- (Optional) The default authentication provider.enabled- (Optional) Is authentication enabled? Defaults tofalse.issuer- (Optional) The issuer URI.runtime_version- (Optional) The runtime version of the authentication module.token_refresh_extension_hours- (Optional) Hours before token expiry to refresh. Defaults to72.token_store_enabled- (Optional) Should the token store be enabled? Defaults tofalse.unauthenticated_client_action- (Optional) The action to take for unauthenticated requests.active_directory- (Optional) An Active Directory authentication block.client_id- (Optional) The Client ID of the Azure AD application.allowed_audiences- (Optional) A list of allowed audience values.client_secret- (Optional) The Client Secret of the Azure AD application.client_secret_setting_name- (Optional) The app setting name that contains the client secret.
facebook- (Optional) A Facebook authentication block.app_id- (Optional) The App ID of the Facebook application.app_secret- (Optional) The App Secret of the Facebook application.app_secret_setting_name- (Optional) The app setting name that contains the app secret.oauth_scopes- (Optional) A list of OAuth scopes to request.
github- (Optional) A GitHub authentication block.client_id- (Optional) The Client ID of the GitHub application.client_secret- (Optional) The Client Secret of the GitHub application.client_secret_setting_name- (Optional) The app setting name that contains the client secret.oauth_scopes- (Optional) A list of OAuth scopes to request.
google- (Optional) A Google authentication block.client_id- (Optional) The Client ID of the Google application.client_secret- (Optional) The Client Secret of the Google application.client_secret_setting_name- (Optional) The app setting name that contains the client secret.oauth_scopes- (Optional) A list of OAuth scopes to request.
microsoft- (Optional) A Microsoft authentication block.client_id- (Optional) The Client ID of the Microsoft application.client_secret- (Optional) The Client Secret of the Microsoft application.client_secret_setting_name- (Optional) The app setting name that contains the client secret.oauth_scopes- (Optional) A list of OAuth scopes to request.
twitter- (Optional) A Twitter authentication block.consumer_key- (Optional) The consumer key of the Twitter application.consumer_secret- (Optional) The consumer secret of the Twitter application.consumer_secret_setting_name- (Optional) The app setting name that contains the consumer secret.
Type:
object({
additional_login_parameters = optional(map(string))
allowed_external_redirect_urls = optional(list(string))
default_provider = optional(string)
enabled = optional(bool, false)
issuer = optional(string)
runtime_version = optional(string)
token_refresh_extension_hours = optional(number, 72)
token_store_enabled = optional(bool, false)
unauthenticated_client_action = optional(string)
active_directory = optional(object({
client_id = optional(string)
allowed_audiences = optional(list(string))
client_secret = optional(string)
client_secret_setting_name = optional(string)
}))
facebook = optional(object({
app_id = optional(string)
app_secret = optional(string)
app_secret_setting_name = optional(string)
oauth_scopes = optional(list(string))
}))
github = optional(object({
client_id = optional(string)
client_secret = optional(string)
client_secret_setting_name = optional(string)
oauth_scopes = optional(list(string))
}))
google = optional(object({
client_id = optional(string)
client_secret = optional(string)
client_secret_setting_name = optional(string)
oauth_scopes = optional(list(string))
}))
microsoft = optional(object({
client_id = optional(string)
client_secret = optional(string)
client_secret_setting_name = optional(string)
oauth_scopes = optional(list(string))
}))
twitter = optional(object({
consumer_key = optional(string)
consumer_secret = optional(string)
consumer_secret_setting_name = optional(string)
}))
})Default: null
Description: Authentication settings V2 configuration for the App Service. Mirrors the API structure.
auth_enabled- (Optional) Is authentication enabled? Defaults tofalse.config_file_path- (Optional) The path to the auth configuration file.excluded_paths- (Optional) A list of paths excluded from authentication.forward_proxy_convention- (Optional) The convention for forwarding proxy headers. Defaults toNoProxy.forward_proxy_custom_host_header_name- (Optional) The custom host header name for the forward proxy.forward_proxy_custom_proto_header_name- (Optional) The custom proto header name for the forward proxy.http_route_api_prefix- (Optional) The prefix for the HTTP route API. Defaults to/.auth.redirect_to_provider- (Optional) The default authentication provider when multiple providers are configured.require_authentication- (Optional) Should authentication be required? Defaults tofalse.require_https- (Optional) Should HTTPS be required? Defaults totrue.runtime_version- (Optional) The runtime version of the auth module. Defaults to~1.unauthenticated_client_action- (Optional) The action for unauthenticated requests. Defaults toRedirectToLoginPage.identity_providers- (Optional) The identity providers configuration. See variable description in the submodule for full details.login- (Optional) The login configuration. See variable description in the submodule for full details.
Type:
object({
auth_enabled = optional(bool, false)
config_file_path = optional(string)
excluded_paths = optional(list(string))
forward_proxy_convention = optional(string, "NoProxy")
forward_proxy_custom_host_header_name = optional(string)
forward_proxy_custom_proto_header_name = optional(string)
http_route_api_prefix = optional(string, "/.auth")
redirect_to_provider = optional(string)
require_authentication = optional(bool, false)
require_https = optional(bool, true)
runtime_version = optional(string, "~1")
unauthenticated_client_action = optional(string, "RedirectToLoginPage")
identity_providers = optional(object({
apple = optional(object({
enabled = optional(bool)
login = optional(object({
scopes = optional(list(string))
}))
registration = optional(object({
client_id = optional(string)
client_secret_setting_name = optional(string)
}))
}))
azure_active_directory = optional(object({
enabled = optional(bool)
is_auto_provisioned = optional(bool)
login = optional(object({
disable_www_authenticate = optional(bool)
login_parameters = optional(list(string))
}))
registration = optional(object({
client_id = optional(string)
client_secret_certificate_issuer = optional(string)
client_secret_certificate_subject_alternative_name = optional(string)
client_secret_certificate_thumbprint = optional(string)
client_secret_setting_name = optional(string)
open_id_issuer = optional(string)
}))
validation = optional(object({
allowed_audiences = optional(list(string))
default_authorization_policy = optional(object({
allowed_applications = optional(list(string))
allowed_principals = optional(object({
groups = optional(list(string))
identities = optional(list(string))
}))
}))
jwt_claim_checks = optional(object({
allowed_client_applications = optional(list(string))
allowed_groups = optional(list(string))
}))
}))
}))
azure_static_web_apps = optional(object({
enabled = optional(bool)
registration = optional(object({
client_id = optional(string)
}))
}))
custom_open_id_connect_providers = optional(map(object({
enabled = optional(bool)
login = optional(object({
name_claim_type = optional(string)
scopes = optional(list(string))
}))
registration = optional(object({
client_id = optional(string)
client_credential = optional(object({
method = optional(string)
client_secret_setting_name = optional(string)
}))
open_id_connect_configuration = optional(object({
authorization_endpoint = optional(string)
certification_uri = optional(string)
issuer = optional(string)
token_endpoint = optional(string)
well_known_open_id_configuration = optional(string)
}))
}))
})))
facebook = optional(object({
enabled = optional(bool)
graph_api_version = optional(string)
login = optional(object({
scopes = optional(list(string))
}))
registration = optional(object({
app_id = optional(string)
app_secret_setting_name = optional(string)
}))
}))
github = optional(object({
enabled = optional(bool)
login = optional(object({
scopes = optional(list(string))
}))
registration = optional(object({
client_id = optional(string)
client_secret_setting_name = optional(string)
}))
}))
google = optional(object({
enabled = optional(bool)
login = optional(object({
scopes = optional(list(string))
}))
registration = optional(object({
client_id = optional(string)
client_secret_setting_name = optional(string)
}))
validation = optional(object({
allowed_audiences = optional(list(string))
}))
}))
legacy_microsoft_account = optional(object({
enabled = optional(bool)
login = optional(object({
scopes = optional(list(string))
}))
registration = optional(object({
client_id = optional(string)
client_secret_setting_name = optional(string)
}))
validation = optional(object({
allowed_audiences = optional(list(string))
}))
}))
twitter = optional(object({
enabled = optional(bool)
registration = optional(object({
consumer_key = optional(string)
consumer_secret_setting_name = optional(string)
}))
}))
}))
login = optional(object({
allowed_external_redirect_urls = optional(list(string))
cookie_expiration = optional(object({
convention = optional(string, "FixedTime")
time_to_expiration = optional(string, "08:00:00")
}))
nonce = optional(object({
nonce_expiration_interval = optional(string, "00:05:00")
validate_nonce = optional(bool, true)
}))
preserve_url_fragments_for_logins = optional(bool, false)
routes = optional(object({
logout_endpoint = optional(string)
}))
token_store = optional(object({
azure_blob_storage = optional(object({
sas_url_setting_name = optional(string)
}))
enabled = optional(bool, false)
file_system = optional(object({
directory = optional(string)
}))
token_refresh_extension_hours = optional(number, 72)
}))
}))
})Default: null
Description: (Optional) The scope of the auto-generated domain name label. Possible values are NoReuse, ResourceGroupReuse, SubscriptionReuse, and TenantReuse.
Type: string
Default: null
Description: A map of backup settings for the App Service.
enabled- (Optional) Is backup enabled? Defaults totrue.name- (Optional) The name of the backup.storage_account_url- (Optional) The SAS URL to the Storage Account container for backup.schedule- (Optional) A map of backup schedule settings.frequency_interval- (Optional) How often the backup should be executed.frequency_unit- (Optional) The unit of time for the backup frequency. Possible values areDayandHour.keep_at_least_one_backup- (Optional) Should at least one backup always be kept?retention_period_days- (Optional) The number of days to retain backups.start_time- (Optional) The start time for the backup schedule.
Type:
map(object({
enabled = optional(bool, true)
name = optional(string)
storage_account_url = optional(string)
schedule = optional(map(object({
frequency_interval = optional(number)
frequency_unit = optional(string)
keep_at_least_one_backup = optional(bool)
retention_period_days = optional(number)
start_time = optional(string)
})))
}))Default: {}
Description: Should builtin logging be enabled for the Function App? Defaults to true.
Type: bool
Default: true
Description: The version of the extension bundle to use. Defaults to [1.*, 2.0.0). (Logic App)
Type: string
Default: "[1.*, 2.0.0)"
Description: A map of Microsoft.Web/certificates resources to create on the App Service
plan. Each entry materialises a certificate that can be referenced from a
custom_domains entry (on the main site or any slot) via certificate_key,
removing the need for callers to invoke the certificate submodule directly.
Either key_vault_id + key_vault_secret_name (Key Vault sourced) or
pfx_blob (+ optional password) (inline upload) must be supplied; the two
modes are mutually exclusive. When sourcing from Key Vault the App Service
first-party service principal (abfa0a7c-a6b6-4736-8310-5855508787cd) must
have the Key Vault Certificate User role on the vault scope.
name- (Optional) The name of the certificate resource. Defaults to the map key.key_vault_id- (Optional) The resource ID of the Key Vault holding the certificate.key_vault_secret_name- (Optional) The Key Vault secret/certificate name.pfx_blob- (Optional) Base64-encoded PFX contents.password- (Optional) Password for the supplied PFX blob.host_names- (Optional) Hostnames the certificate applies to.tags- (Optional) Tags applied to the certificate resource.
Type:
map(object({
name = optional(string)
key_vault_id = optional(string)
key_vault_secret_name = optional(string)
pfx_blob = optional(string)
password = optional(string)
host_names = optional(list(string))
tags = optional(map(string))
}))Default: {}
Description: Should client affinity be enabled for the App Service? Defaults to false.
Type: bool
Default: false
Description: (Optional) Should client affinity partitioning (CHIPS cookie partitioning) be enabled? When enabled, the affinity cookie uses the CHIPS partitioned attribute.
Type: bool
Default: null
Description: (Optional) Should client affinity proxy be enabled? When enabled, the X-Forwarded-Host header overrides the host value used for affinity cookie routing.
Type: bool
Default: null
Description: Should client certificate be enabled for the App Service? Defaults to false.
Type: bool
Default: false
Description: The client certificate exclusion paths for the App Service.
Type: string
Default: null
Description: The client certificate mode for the App Service. Possible values are Required, Optional, and OptionalInteractiveUser. Defaults to Required.
Type: string
Default: "Required"
Description: A map of connection strings to assign to the App Service.
name- (Optional) The name of the connection string.type- (Optional) The type of the connection string.value- (Optional) The value of the connection string.
Type:
map(object({
name = optional(string)
type = optional(string)
value = optional(string)
}))Default: {}
Description: (Optional) The size of the function container in MB. Only applicable to Function Apps under a Consumption plan.
Type: number
Default: null
Description: Should content share be force disabled for the Function App? Defaults to false.
Type: bool
Default: false
Description: A map of custom domains to bind to the main App Service site.
To bind a custom domain to a deployment slot instead, set
custom_domains on the corresponding entry in var.deployment_slots.
This module only creates the hostname binding. It does not create the
underlying DNS records – those must be provisioned separately (for example
with Azure/avm-res-network-dnszone/azurerm) before the binding is applied.
Certificates may either be provisioned out of band and referenced by
thumbprint, or declared inline via var.certificates and referenced by
certificate_key.
Azure validates ownership of the custom hostname when the binding is created.
At least one of the following DNS records must already exist and be
resolvable, otherwise the binding will fail with errors such as
A TXT record pointing from asuid.{0} to {1} was not found.:
- A
CNAMErecord for the custom hostname pointing to<site-name>.azurewebsites.net(the module exposes this value via theresource_urioutput), or - A
TXTrecord atasuid.<custom-hostname>whose value is the App Service's
custom domain verification ID. This module exposes that value via thecustom_domain_verification_idoutput.
hostname- (Required) The custom domain hostname to bind.ssl_state- (Optional) The SSL state. Possible values areIpBasedEnabledandSniEnabled.thumbprint- (Optional) The thumbprint of a certificate already uploaded to the App Service. Mutually exclusive withcertificate_key.certificate_key- (Optional) The map key of an entry invar.certificateswhose thumbprint should be used for this binding. Mutually exclusive withthumbprint.
Type:
map(object({
hostname = string
ssl_state = optional(string)
thumbprint = optional(string)
certificate_key = optional(string)
}))Default: {}
Description: (Optional) The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects Function Apps under the consumption plan. Defaults to 0.
Type: number
Default: 0
Description: (Optional) Dapr configuration for the App Service. Only applicable to apps hosted in Azure Container Apps environments.
app_id- (Optional) The Dapr app identifier.app_port- (Optional) The port the application is listening on.enable_api_logging- (Optional) Should API logging be enabled for Dapr?enabled- (Optional) Is Dapr enabled?http_max_request_size- (Optional) The maximum size of HTTP request body in MB.http_read_buffer_size- (Optional) The maximum size of HTTP header read buffer in KB.log_level- (Optional) The Dapr log level. Possible values aredebug,error,info, andwarn.
Type:
object({
app_id = optional(string)
app_port = optional(number)
enable_api_logging = optional(bool)
enabled = optional(bool)
http_max_request_size = optional(number)
http_read_buffer_size = optional(number)
log_level = optional(string)
})Default: null
Description: A map of deployment slots to create for the App Service.
name- (Optional) The name of the slot.auto_generated_domain_name_label_scope- (Optional) The scope of the auto-generated domain name label.client_affinity_enabled- (Optional) Should client affinity be enabled? Defaults tofalse.client_affinity_partitioning_enabled- (Optional) Should client affinity partitioning (CHIPS) be enabled?client_affinity_proxy_enabled- (Optional) Should client affinity proxy be enabled?client_certificate_enabled- (Optional) Should client certificates be enabled? Defaults tofalse.client_certificate_exclusion_paths- (Optional) Paths to exclude from client certificate authentication.client_certificate_mode- (Optional) The client certificate mode. Defaults toRequired.container_size- (Optional) The size of the function container in MB.dapr_config- (Optional) Dapr configuration object.dns_configuration- (Optional) DNS configuration object.enabled- (Optional) Is the slot enabled? Defaults totrue.end_to_end_encryption_enabled- (Optional) Should end-to-end encryption be enabled?ftp_publish_basic_authentication_enabled- (Optional) Should FTP basic authentication be enabled? Defaults tofalse.hosting_environment_id- (Optional) The resource ID of the App Service Environment.host_names_disabled- (Optional) Should public hostnames be disabled?https_only- (Optional) Should the slot only be accessible over HTTPS? Defaults totrue.hyper_v- (Optional) Should the slot run in Hyper-V isolation?ip_mode- (Optional) The IP mode. Possible values:IPv4,IPv4AndIPv6,IPv6.key_vault_reference_identity- (Optional) The identity to use for Key Vault references.managed_environment_id- (Optional) The Azure Container Apps managed environment ID.managed_identities- (Optional) Controls the Managed Identity configuration on the deployment slot. Each slot has its own independent identity configuration.system_assigned- (Optional) Specifies if the System Assigned Managed Identity should be enabled. Defaults tofalse.user_assigned_resource_ids- (Optional) Specifies a set of User Assigned Managed Identity resource IDs to be assigned. Defaults to[].
public_network_access_enabled- (Optional) Should public network access be enabled? Defaults tofalse.redundancy_mode- (Optional) The site redundancy mode.resource_config- (Optional) Resource config for Container App environment hosted apps.scm_site_also_stopped- (Optional) Should the SCM site also be stopped?server_farm_id- (Optional) The server farm resource ID to use for the slot.ssh_enabled- (Optional) Should SSH be enabled?storage_account_required- (Optional) Should a storage account be required?tags- (Optional) Tags to apply to the slot.virtual_network_subnet_id- (Optional) The subnet ID for VNet integration.vnet_route_all_traffic- (Optional) Should all outbound traffic use VNet routing? Defaults tofalse.vnet_application_traffic_enabled- (Optional) Should application traffic use VNet routing? Defaults tofalse.vnet_backup_restore_enabled- (Optional) Should backup/restore traffic use VNet routing? Defaults tofalse.vnet_content_share_enabled- (Optional) Should content share traffic use VNet routing? Defaults tofalse.vnet_image_pull_enabled- (Optional) Should image pull traffic use VNet routing? Defaults tofalse.webdeploy_publish_basic_authentication_enabled- (Optional) Should WebDeploy basic authentication be enabled? Defaults tofalse.workload_profile_name- (Optional) The workload profile name.app_settings- (Optional) App settings for the slot.site_config- (Optional) Site configuration for the slot.always_on- (Optional) Should the slot always be on? Defaults totrue.api_definition_url- (Optional) The URL of the API definition.api_management_api_id- (Optional) The ID of the API Management API.app_command_line- (Optional) The App command line to launch.app_scale_limit- (Optional) The number of workers this function app can scale out to.auto_swap_slot_name- (Optional) The name of the slot to auto swap with.container_registry_managed_identity_client_id- (Optional) The Client ID of the MSI for Azure Container Registry.container_registry_use_managed_identity- (Optional) Should connections for Azure Container Registry use MSI.default_documents- (Optional) Specifies a list of Default Documents.detailed_error_logging_enabled- (Optional) Should detailed error logging be enabled?document_root- (Optional) The document root path.elastic_instance_minimum- (Optional) The number of minimum instances for Elastic Premium plans.elastic_web_app_scale_limit- (Optional) The maximum number of workers for Elastic scale.ftps_state- (Optional) State of FTP / FTPS service. Defaults toFtpsOnly.handler_mappings- (Optional) A list of handler mappings (Windows IIS).arguments- (Optional) The arguments to pass to the script processor.extension- (Optional) The file extension to handle.script_processor- (Optional) The path to the script processor executable.
health_check_path- (Optional) The path to be checked for health.http2_enabled- (Optional) Enable HTTP2 protocol. Defaults tofalse.http_logging_enabled- (Optional) Should HTTP logging be enabled?ip_restriction_default_action- (Optional) Default action for IP restrictions. Defaults toAllow.limits- (Optional) Resource limits.max_disk_size_in_mb- (Optional) The maximum disk size in MB.max_memory_in_mb- (Optional) The maximum memory in MB.max_percentage_cpu- (Optional) The maximum CPU percentage.
load_balancing_mode- (Optional) The Site load balancing mode. Defaults toLeastRequests.logs_directory_size_limit- (Optional) The HTTP log directory size limit in MB.managed_pipeline_mode- (Optional) Managed pipeline mode. Defaults toIntegrated.metadata- (Optional) A list of name-value pairs for siteConfig metadata (e.g.CURRENT_STACK). Auto-computed fromapplication_stackif not specified. User-supplied entries take precedence.name- (Required) The metadata key.value- (Required) The metadata value.
min_tls_cipher_suite- (Optional) The minimum TLS cipher suite.minimum_tls_version- (Optional) The minimum TLS version. Defaults to1.3.pre_warmed_instance_count- (Optional) The number of pre-warmed instances.remote_debugging_enabled- (Optional) Should Remote Debugging be enabled? Defaults tofalse.remote_debugging_version- (Optional) The Remote Debugging Version.request_tracing_enabled- (Optional) Should request tracing be enabled?request_tracing_expiration_time- (Optional) The expiration time for request tracing.runtime_scale_monitoring_enabled- (Optional) Should runtime scale monitoring be enabled?scm_ip_restriction_default_action- (Optional) Default action for SCM IP restrictions. Defaults toAllow.scm_minimum_tls_version- (Optional) SCM minimum TLS version. Defaults to1.2.scm_use_main_ip_restriction- (Optional) Should SCM use the main IP restriction? Defaults tofalse.tracing_options- (Optional) Azure tracing options.use_32_bit_worker- (Optional) Use a 32-bit worker process. Defaults tofalse.vnet_private_ports_count- (Optional) The number of private ports for VNet integration.vnet_route_all_enabled- (Optional) Route all outbound traffic through VNet. Defaults tofalse.website_time_zone- (Optional) The time zone for the website.websockets_enabled- (Optional) Enable Web Sockets. Defaults tofalse.worker_count- (Optional) The number of Workers.application_insights_connection_string- (Optional) The connection string for Application Insights.application_insights_key- (Optional) The instrumentation key for Application Insights.application_stack- (Optional) Application stack configuration.docker- (Optional) Docker configuration withdocker_image_name,docker_registry_url, anddocker_image_tag.dotnet- (Optional) .NET configuration withdotnet_version,current_stack,use_custom_runtime, anduse_dotnet_isolated_runtime.java- (Optional) Java configuration withjava_version,java_container, andjava_container_version.node- (Optional) Node.js configuration withnode_version.php- (Optional) PHP configuration withphp_version.python- (Optional) Python configuration withpython_version.powershell- (Optional) PowerShell configuration withpowershell_version.
lock- (Optional) The lock to apply to the slot.kind- (Required) The type of lock. Possible values areCanNotDeleteandReadOnly.name- (Optional) The name of the lock.
private_endpoints- (Optional) Private endpoints for the slot.name- (Optional) The name of the private endpoint.role_assignments- (Optional) A map of role assignments for the private endpoint.role_definition_id_or_name- (Required) The ID or name of the role definition.principal_id- (Required) The ID of the principal.description- (Optional) The description of the role assignment.skip_service_principal_aad_check- (Optional) Skip the AAD check. Defaults tofalse.condition- (Optional) The condition for the role assignment.condition_version- (Optional) The condition version.delegated_managed_identity_resource_id- (Optional) The delegated managed identity resource ID.principal_type- (Optional) The type of the principal.
lock- (Optional) The lock for the private endpoint.kind- (Required) The type of lock.name- (Optional) The name of the lock.
tags- (Optional) Tags for the private endpoint.subnet_resource_id- (Required) The resource ID of the subnet.private_dns_zone_group_name- (Optional) The private DNS zone group name. Defaults todefault.private_dns_zone_resource_ids- (Optional) A set of private DNS zone resource IDs.application_security_group_associations- (Optional) A map of application security group associations.private_service_connection_name- (Optional) The private service connection name.network_interface_name- (Optional) The network interface name.location- (Optional) The Azure location.resource_group_name- (Optional) The resource group name.ip_configurations- (Optional) A map of IP configurations.name- (Required) The name of the IP configuration.private_ip_address- (Required) The private IP address.
role_assignments- (Optional) Role assignments for the slot.role_definition_id_or_name- (Required) The ID or name of the role definition.principal_id- (Required) The ID of the principal.description- (Optional) The description of the role assignment.skip_service_principal_aad_check- (Optional) Skip the AAD check. Defaults tofalse.condition- (Optional) The condition for the role assignment.condition_version- (Optional) The condition version.delegated_managed_identity_resource_id- (Optional) The delegated managed identity resource ID.principal_type- (Optional) The type of the principal.
storage_shares_to_mount- (Optional) A map of storage shares to mount to the deployment slot.account_name- (Required) The name of the Storage Account.mount_path- (Required) The path to mount the share at.name- (Required) The name of the storage mount.share_name- (Required) The name of the file share.type- (Optional) The type of storage. Defaults toAzureFiles.
connection_strings- (Optional) A map of connection strings for the slot.name- (Optional) The name of the connection string.type- (Optional) The type of the connection string.value- (Optional) The value of the connection string.
zip_deploy_file- (Optional) The path to the zip file to deploy to the slot.zip_deploy_wait_duration- (Optional) The duration to wait after the slot is configured before triggering zip deploy. Defaults to60s.custom_domains- (Optional) A map of custom domains to bind to this deployment slot. The same DNS prerequisites described on the top-levelcustom_domainsvariable apply.hostname- (Required) The custom domain hostname to bind.ssl_state- (Optional) The SSL state. Possible values areIpBasedEnabledandSniEnabled.thumbprint- (Optional) The thumbprint of a certificate already uploaded to the App Service.
Type:
map(object({
name = optional(string)
auto_generated_domain_name_label_scope = optional(string)
client_affinity_enabled = optional(bool, false)
client_affinity_partitioning_enabled = optional(bool)
client_affinity_proxy_enabled = optional(bool)
client_certificate_enabled = optional(bool, false)
client_certificate_exclusion_paths = optional(string, null)
client_certificate_mode = optional(string, "Required")
container_size = optional(number)
dapr_config = optional(object({
app_id = optional(string)
app_port = optional(number)
enable_api_logging = optional(bool)
enabled = optional(bool)
http_max_request_size = optional(number)
http_read_buffer_size = optional(number)
log_level = optional(string)
}))
dns_configuration = optional(object({
dns_alt_server = optional(string)
dns_max_cache_timeout = optional(number)
dns_retry_attempt_count = optional(number)
dns_retry_attempt_timeout = optional(number)
dns_servers = optional(list(string))
}))
enabled = optional(bool, true)
end_to_end_encryption_enabled = optional(bool)
ftp_publish_basic_authentication_enabled = optional(bool, false)
hosting_environment_id = optional(string)
host_names_disabled = optional(bool)
https_only = optional(bool, true)
hyper_v = optional(bool)
ip_mode = optional(string)
key_vault_reference_identity = optional(string, null)
managed_environment_id = optional(string)
managed_identities = optional(object({
system_assigned = optional(bool, false)
user_assigned_resource_ids = optional(set(string), [])
}), {})
public_network_access_enabled = optional(bool, false)
redundancy_mode = optional(string)
resource_config = optional(object({
cpu = optional(number)
memory = optional(string)
}))
scm_site_also_stopped = optional(bool)
server_farm_id = optional(string, null)
ssh_enabled = optional(bool)
storage_account_required = optional(bool)
tags = optional(map(string))
virtual_network_subnet_id = optional(string, null)
vnet_route_all_traffic = optional(bool, false)
vnet_application_traffic_enabled = optional(bool, false)
vnet_backup_restore_enabled = optional(bool, false)
vnet_content_share_enabled = optional(bool, false)
vnet_image_pull_enabled = optional(bool, false)
webdeploy_publish_basic_authentication_enabled = optional(bool, false)
workload_profile_name = optional(string)
app_settings = optional(map(string), {})
site_config = optional(object({
always_on = optional(bool, true)
api_definition_url = optional(string)
api_management_api_id = optional(string)
app_command_line = optional(string)
app_scale_limit = optional(number)
auto_heal_enabled = optional(bool)
auto_heal_rules = optional(object({
actions = optional(object({
action_type = string
custom_action = optional(object({
exe = string
parameters = optional(string)
}))
min_process_execution_time = optional(string, "00:00:00")
}))
triggers = optional(object({
private_bytes_in_kb = optional(number)
requests = optional(object({
count = number
time_interval = string
}))
slow_requests = optional(object({
count = number
time_interval = string
time_taken = string
path = optional(string)
}))
slow_requests_with_path = optional(list(object({
count = number
time_interval = string
time_taken = string
path = optional(string)
})), [])
status_codes = optional(list(object({
count = number
time_interval = string
status = number
path = optional(string)
sub_status = optional(number)
win32_status = optional(number)
})), [])
status_codes_range = optional(list(object({
count = number
time_interval = string
status_codes = string
path = optional(string)
})), [])
}))
}))
auto_swap_slot_name = optional(string)
container_registry_managed_identity_client_id = optional(string)
container_registry_use_managed_identity = optional(bool)
cors = optional(object({
allowed_origins = optional(list(string))
support_credentials = optional(bool, false)
}))
default_documents = optional(list(string))
detailed_error_logging_enabled = optional(bool)
document_root = optional(string)
dotnet_framework_version = optional(string)
elastic_instance_minimum = optional(number)
elastic_web_app_scale_limit = optional(number)
experiments = optional(object({
ramp_up_rules = optional(list(object({
action_host_name = optional(string)
change_decision_callback_url = optional(string)
change_interval_in_minutes = optional(number)
change_step = optional(number)
max_reroute_percentage = optional(number)
min_reroute_percentage = optional(number)
name = optional(string)
reroute_percentage = optional(number)
})), [])
}))
ftps_state = optional(string, "FtpsOnly")
handler_mappings = optional(list(object({
arguments = optional(string)
extension = optional(string)
script_processor = optional(string)
})))
health_check_path = optional(string)
http2_enabled = optional(bool, false)
http20_proxy_flag = optional(number)
http_logging_enabled = optional(bool)
ip_restriction = optional(list(object({
action = optional(string, "Allow")
ip_address = optional(string)
name = optional(string)
priority = optional(number, 65000)
service_tag = optional(string)
virtual_network_subnet_id = optional(string)
headers = optional(object({
x_azure_fdid = optional(list(string))
x_fd_health_probe = optional(list(string))
x_forwarded_for = optional(list(string))
x_forwarded_host = optional(list(string))
}))
})), [])
ip_restriction_default_action = optional(string, "Allow")
java_container = optional(string)
java_container_version = optional(string)
java_version = optional(string)
limits = optional(object({
max_disk_size_in_mb = optional(number)
max_memory_in_mb = optional(number)
max_percentage_cpu = optional(number)
}))
linux_fx_version = optional(string)
load_balancing_mode = optional(string, "LeastRequests")
local_mysql_enabled = optional(bool, false)
logs_directory_size_limit = optional(number)
managed_pipeline_mode = optional(string, "Integrated")
metadata = optional(list(object({
name = string
value = string
})))
min_tls_cipher_suite = optional(string)
minimum_tls_version = optional(string, "1.3")
node_version = optional(string)
php_version = optional(string)
powershell_version = optional(string)
pre_warmed_instance_count = optional(number)
python_version = optional(string)
remote_debugging_enabled = optional(bool, false)
remote_debugging_version = optional(string)
request_tracing_enabled = optional(bool)
request_tracing_expiration_time = optional(string)
runtime_scale_monitoring_enabled = optional(bool)
scm_ip_restriction = optional(list(object({
action = optional(string, "Allow")
ip_address = optional(string)
name = optional(string)
priority = optional(number, 65000)
service_tag = optional(string)
virtual_network_subnet_id = optional(string)
headers = optional(object({
x_azure_fdid = optional(list(string))
x_fd_health_probe = optional(list(string))
x_forwarded_for = optional(list(string))
x_forwarded_host = optional(list(string))
}))
})), [])
scm_ip_restriction_default_action = optional(string, "Allow")
scm_minimum_tls_version = optional(string, "1.2")
scm_type = optional(string, "None")
scm_use_main_ip_restriction = optional(bool, false)
tracing_options = optional(string)
use_32_bit_worker = optional(bool, false)
vnet_private_ports_count = optional(number)
vnet_route_all_enabled = optional(bool, false)
website_time_zone = optional(string)
websockets_enabled = optional(bool, false)
windows_fx_version = optional(string)
worker_count = optional(number)
application_insights_connection_string = optional(string)
application_insights_key = optional(string)
application_stack = optional(object({
docker = optional(object({
docker_image_name = optional(string)
docker_registry_url = optional(string)
docker_image_tag = optional(string, "latest")
}))
dotnet = optional(object({
dotnet_version = optional(string)
current_stack = optional(string)
use_custom_runtime = optional(bool, false)
use_dotnet_isolated_runtime = optional(bool, false)
}))
java = optional(object({
java_version = optional(string)
java_container = optional(string)
java_container_version = optional(string)
}))
node = optional(object({
node_version = optional(string)
}))
php = optional(object({
php_version = optional(string)
}))
python = optional(object({
python_version = optional(string)
}))
powershell = optional(object({
powershell_version = optional(string)
}))
}))
virtual_application = optional(list(object({
physical_path = optional(string, "site\\wwwroot")
preload_enabled = optional(bool, false)
virtual_path = optional(string, "/")
virtual_directory = optional(list(object({
physical_path = optional(string)
virtual_path = optional(string)
})), [])
})), [])
}), {})
lock = optional(object({
kind = string
name = optional(string, null)
}), null)
private_endpoints = optional(map(object({
name = optional(string, null)
role_assignments = optional(map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, false)
condition = optional(string, null)
condition_version = optional(string, null)
delegated_managed_identity_resource_id = optional(string, null)
principal_type = optional(string, null)
})), {})
lock = optional(object({
kind = string
name = optional(string, null)
}), null)
tags = optional(map(string), null)
subnet_resource_id = string
private_dns_zone_group_name = optional(string, "default")
private_dns_zone_resource_ids = optional(set(string), [])
application_security_group_associations = optional(map(string), {})
private_service_connection_name = optional(string, null)
network_interface_name = optional(string, null)
location = optional(string, null)
resource_group_name = optional(string, null)
ip_configurations = optional(map(object({
name = string
private_ip_address = string
member_name = optional(string, null)
})), {})
})), {})
role_assignments = optional(map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, false)
condition = optional(string, null)
condition_version = optional(string, null)
delegated_managed_identity_resource_id = optional(string, null)
principal_type = optional(string, null)
})), {})
storage_shares_to_mount = optional(map(object({
account_name = string
mount_path = string
name = string
share_name = string
type = optional(string, "AzureFiles")
})), {})
connection_strings = optional(map(object({
name = optional(string)
type = optional(string)
value = optional(string)
})), {})
zip_deploy_file = optional(string)
zip_deploy_wait_duration = optional(string, "60s")
custom_domains = optional(map(object({
hostname = string
ssl_state = optional(string)
thumbprint = optional(string)
certificate_key = optional(string)
})), {})
}))Default: {}
Description: Whether to inherit the lock from the parent resource for the deployment slots. Defaults to true.
Type: bool
Default: true
Description: A map of diagnostic settings to create on the App Service Environment (ASE). The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.
name- (Optional) The name of the diagnostic setting. One will be generated if not set, however this will not be unique if you want to create multiple diagnostic setting resources.logs- (Optional) A set of log configuration blocks.category- (Optional) The log category.category_group- (Optional) The log category group.enabled- (Optional) Is the log enabled? Defaults totrue.retention_policy- (Optional) A retention policy block.days- (Optional) The number of days to retain. Defaults to0.enabled- (Optional) Is the retention policy enabled? Defaults tofalse.
metrics- (Optional) A set of metric configuration blocks.category- (Optional) The metric category.enabled- (Optional) Is the metric enabled? Defaults totrue.retention_policy- (Optional) A retention policy block.days- (Optional) The number of days to retain. Defaults to0.enabled- (Optional) Is the retention policy enabled? Defaults tofalse.
log_analytics_destination_type- (Optional) The destination type for the diagnostic setting. Possible values areDedicatedandAzureDiagnostics. Defaults toDedicated.workspace_resource_id- (Optional) The resource ID of the log analytics workspace to send logs and metrics to.storage_account_resource_id- (Optional) The resource ID of the storage account to send logs and metrics to.event_hub_authorization_rule_resource_id- (Optional) The resource ID of the event hub authorization rule to send logs and metrics to.event_hub_name- (Optional) The name of the event hub. If none is specified, the default event hub will be selected.marketplace_partner_resource_id- (Optional) The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.
Type:
map(object({
name = optional(string, null)
logs = optional(set(object({
category = optional(string, null)
category_group = optional(string, null)
enabled = optional(bool, true)
retention_policy = optional(object({
days = optional(number, 0)
enabled = optional(bool, false)
}), {})
})), [])
metrics = optional(set(object({
category = optional(string, null)
enabled = optional(bool, true)
retention_policy = optional(object({
days = optional(number, 0)
enabled = optional(bool, false)
}), {})
})), [])
log_analytics_destination_type = optional(string, "Dedicated")
workspace_resource_id = optional(string, null)
storage_account_resource_id = optional(string, null)
event_hub_authorization_rule_resource_id = optional(string, null)
event_hub_name = optional(string, null)
marketplace_partner_resource_id = optional(string, null)
}))Default: {}
Description: (Optional) DNS configuration for the App Service.
dns_alt_server- (Optional) Alternate DNS server to be used by the App Service.dns_max_cache_timeout- (Optional) Custom time for DNS to be cached in seconds.dns_retry_attempt_count- (Optional) Total number of retries for DNS lookup.dns_retry_attempt_timeout- (Optional) Timeout for a single DNS lookup in seconds.dns_servers- (Optional) List of custom DNS servers to be used by the App Service.
Type:
object({
dns_alt_server = optional(string)
dns_max_cache_timeout = optional(number)
dns_retry_attempt_count = optional(number)
dns_retry_attempt_timeout = optional(number)
dns_servers = optional(list(string))
})Default: null
Description: This variable controls whether or not telemetry is enabled for the module.
For more information see https://aka.ms/avm/telemetryinfo.
If it is set to false, then no telemetry will be collected.
Type: bool
Default: true
Description: Is the App Service enabled? Defaults to true.
Type: bool
Default: true
Description: (Optional) Should end-to-end encryption be enabled between the App Service front ends and the workers?
Type: bool
Default: null
Description: The Runtime of the Flex Consumption Function App. Possible values are node, dotnet-isolated, powershell, python, java.
Type: string
Default: null
Description: The Runtime version of the Flex Consumption Function App.
Type: string
Default: null
Description: Should basic authentication be enabled for FTP publish? Defaults to false.
Type: bool
Default: false
Description: Should this Function App run on a Flex Consumption Plan? Defaults to false.
Type: bool
Default: false
Description: The version of the Azure Functions runtime to use. Defaults to ~4.
Type: string
Default: "~4"
Description: (Optional) Should the public hostnames of the app be disabled? When true, the app is only accessible via the API management process.
Type: bool
Default: null
Description: (Optional) The resource ID of the App Service Environment to host this App Service in.
Type: string
Default: null
Description: Should the App Service only be accessible over HTTPS? Defaults to true.
Type: bool
Default: true
Description: (Optional) Should the App Service run in Hyper-V isolation?
Type: bool
Default: null
Description: The amount of memory to allocate for Flex Consumption instances. Defaults to 2048.
Type: number
Default: 2048
Description: (Optional) Specifies the IP mode of the app. Possible values are IPv4, IPv4AndIPv6, and IPv6.
Type: string
Default: null
Description: The identity to use for Key Vault references.
Type: string
Default: null
Description: The type of App Service to deploy. This maps to the ARM API kind property.
Possible values are functionapp, webapp and logicapp. Defaults to webapp.
Type: string
Default: "webapp"
Description: The lock level to apply.
kind- (Required) The type of lock. Possible values areCanNotDeleteandReadOnly.name- (Optional) The name of the lock.
Type:
object({
kind = string
name = optional(string, null)
})Default: null
Description: The runtime version for the Logic App. Defaults to ~4.
Type: string
Default: "~4"
Description: A map of logs configuration for the App Service.
application_logs- (Optional) A map of application log settings.azure_blob_storage- (Optional) Azure Blob Storage configuration for application logs.level- (Optional) The log level. Defaults toOff.retention_in_days- (Optional) The retention period in days. Defaults to0.sas_url- (Required) The SAS URL to the Azure Blob Storage container.
file_system- (Optional) File system configuration for application logs.level- (Optional) The file system log level. Defaults toOff.
detailed_error_messages- (Optional) Should detailed error messages be enabled? Defaults tofalse.failed_requests_tracing- (Optional) Should failed request tracing be enabled? Defaults tofalse.http_logs- (Optional) A map of HTTP log settings.azure_blob_storage- (Optional) Azure Blob Storage configuration for HTTP logs.retention_in_days- (Optional) The retention period in days. Defaults to0.sas_url- (Required) The SAS URL to the Azure Blob Storage container.
file_system- (Optional) File system configuration for HTTP logs.retention_in_days- (Optional) The retention period in days. Defaults to0.retention_in_mb- (Required) The maximum size in MB before being rotated.
Type:
map(object({
application_logs = optional(map(object({
azure_blob_storage = optional(object({
level = optional(string, "Off")
retention_in_days = optional(number, 0)
sas_url = string
}))
file_system = optional(object({
level = optional(string, "Off")
}), {})
})), {})
detailed_error_messages = optional(bool, false)
failed_requests_tracing = optional(bool, false)
http_logs = optional(map(object({
azure_blob_storage = optional(object({
retention_in_days = optional(number, 0)
sas_url = string
}))
file_system = optional(object({
retention_in_days = optional(number, 0)
retention_in_mb = number
}))
})), {})
}))Default: {}
Description: (Optional) The Azure Resource Manager ID of the Azure Container Apps managed environment to host this App Service in.
Type: string
Default: null
Description: Managed identities to be created for the resource.
system_assigned- (Optional) Should a system-assigned managed identity be created? Defaults tofalse.user_assigned_resource_ids- (Optional) A set of user-assigned managed identity resource IDs to assign. Defaults to[].
Type:
object({
system_assigned = optional(bool, false)
user_assigned_resource_ids = optional(set(string), [])
})Default: {}
Description: The number of workers this function app can scale out to.
Type: number
Default: null
Description: The operating system type. Linux sets reserved = true on the ARM resource. Defaults to Linux.
Type: string
Default: "Linux"
Description: A map of private endpoints to create on this resource. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.
name- (Optional) The name of the private endpoint. One will be generated if not set.role_assignments- (Optional) A map of role assignments to create on the private endpoint.role_definition_id_or_name- (Required) The ID or name of the role definition.principal_id- (Required) The ID of the principal.description- (Optional) The description of the role assignment.skip_service_principal_aad_check- (Optional) Skip the AAD check. Defaults tofalse.condition- (Optional) The condition for the role assignment.condition_version- (Optional) The condition version.delegated_managed_identity_resource_id- (Optional) The delegated managed identity resource ID.principal_type- (Optional) The type of the principal.
lock- (Optional) The lock level to apply to the private endpoint.kind- (Required) The type of lock. Possible values areCanNotDeleteandReadOnly.name- (Optional) The name of the lock.
tags- (Optional) A mapping of tags to assign to the private endpoint.subnet_resource_id- The resource ID of the subnet to deploy the private endpoint in.private_dns_zone_group_name- (Optional) The name of the private DNS zone group.private_dns_zone_resource_ids- (Optional) A set of resource IDs of private DNS zones to associate.application_security_group_associations- (Optional) A map of resource IDs of application security groups.private_service_connection_name- (Optional) The name of the private service connection.network_interface_name- (Optional) The name of the network interface.location- (Optional) The Azure location. Defaults to the resource group location.resource_group_name- (Optional) The resource group. Defaults to the resource group of this resource.ip_configurations- (Optional) A map of IP configurations for the private endpoint.name- (Required) The name of the IP configuration.private_ip_address- (Required) The private IP address.
Type:
map(object({
name = optional(string, null)
role_assignments = optional(map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, false)
condition = optional(string, null)
condition_version = optional(string, null)
delegated_managed_identity_resource_id = optional(string, null)
principal_type = optional(string, null)
})), {})
lock = optional(object({
kind = string
name = optional(string, null)
}), null)
tags = optional(map(string), null)
subnet_resource_id = string
private_dns_zone_group_name = optional(string, "default")
private_dns_zone_resource_ids = optional(set(string), [])
application_security_group_associations = optional(map(string), {})
private_service_connection_name = optional(string, null)
network_interface_name = optional(string, null)
location = optional(string, null)
resource_group_name = optional(string, null)
ip_configurations = optional(map(object({
name = string
private_ip_address = string
member_name = optional(string, null)
})), {})
}))Default: {}
Description: Should the private endpoints inherit the lock from the parent resource? Defaults to true.
Type: bool
Default: true
Description: Whether to manage private DNS zone groups with this module. If set to false, you must manage private DNS zone groups externally. Defaults to true.
Type: bool
Default: true
Description: Should the App Service be accessible from the public network? Defaults to false.
Type: bool
Default: false
Description: (Optional) The site redundancy mode. Possible values are ActiveActive, Failover, GeoRedundant, Manual, and None.
Type: string
Default: null
Description: (Optional) Function app resource requirements for Container App environment hosted apps.
cpu- (Optional) The required number of CPU cores.memory- (Optional) The required memory size (e.g.1.0Gi).
Type:
object({
cpu = optional(number)
memory = optional(string)
})Default: null
Description: Retry configuration for all azapi resources. Defaults to retrying on 409 Conflict errors caused by concurrent operations.
error_message_regex- (Required) A list of regular expressions to match against error messages. If any match, the operation will be retried.interval_seconds- (Optional) The initial interval in seconds between retries. Defaults to10.max_retries- (Optional) The maximum number of retries. Defaults to3.
Type:
object({
error_message_regex = list(string)
interval_seconds = optional(number, 10)
max_retries = optional(number, 3)
})Default:
{
"error_message_regex": [
"Cannot modify this site because another operation is in progress"
]
}Description: A map of role assignments to create on this resource. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.
role_definition_id_or_name- The ID or name of the role definition to assign to the principal.principal_id- The ID of the principal to assign the role to.description- The description of the role assignment.skip_service_principal_aad_check- If set to true, skips the Azure Active Directory check for the service principal in the tenant.condition- The condition which will be used to scope the role assignment.condition_version- The version of the condition syntax. Valid values are2.0.delegated_managed_identity_resource_id- The delegated Azure Resource Id which contains a Managed Identity.principal_type- The type of theprincipal_id. Possible values areUser,GroupandServicePrincipal.
Type:
map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, false)
condition = optional(string, null)
condition_version = optional(string, null)
delegated_managed_identity_resource_id = optional(string, null)
principal_type = optional(string, null)
}))Default: {}
Description: Should basic authentication be enabled for SCM publish? Defaults to true.
Type: bool
Default: true
Description: (Optional) Should the SCM site also be stopped when the app is stopped? Defaults to false.
Type: bool
Default: null
Description: An object that configures the App Service's site configuration. These map to the ARM API siteConfig properties.
always_on- (Optional) If this App is Always On enabled. Defaults totrue.api_definition_url- (Optional) The URL of the API definition.api_management_api_id- (Optional) The ID of the API Management API.app_command_line- (Optional) The App command line to launch.app_scale_limit- (Optional) The number of workers this function app can scale out to.auto_heal_enabled- (Optional) Should Auto Heal be enabled? Maps toautoHealEnabledin the API.auto_heal_rules- (Optional) Configures the Auto Heal rules for the App Service. Maps toautoHealRulesin the API.actions- (Optional) The action to take when the trigger is activated.action_type- (Required) The type of action. Possible values areRecycle,LogEvent, andCustomAction.custom_action- (Optional) A custom action block.exe- (Required) The executable to run.parameters- (Optional) The parameters to pass to the executable.
min_process_execution_time- (Optional) The minimum process execution time. Defaults to00:00:00.
triggers- (Optional) The trigger conditions for auto heal.private_bytes_in_kb- (Optional) The amount of private memory in KB that triggers the action.requests- (Optional) The request count trigger.count- (Required) The number of requests within the interval.time_interval- (Required) The time interval.
slow_requests- (Optional) The slow request trigger.count- (Required) The number of slow requests within the interval.time_interval- (Required) The time interval.time_taken- (Required) The threshold for time taken.path- (Optional) The request path to match.
slow_requests_with_path- (Optional) A list of slow request triggers with path matching.count- (Required) The number of slow requests within the interval.time_interval- (Required) The time interval.time_taken- (Required) The threshold for time taken.path- (Optional) The request path to match.
status_codes- (Optional) A list of status code-based triggers.count- (Required) The number of occurrences within the interval.time_interval- (Required) The time interval.status- (Required) The status code.path- (Optional) The request path to match.sub_status- (Optional) The sub-status code.win32_status- (Optional) The Win32 status code.
status_codes_range- (Optional) A list of status code range-based triggers.count- (Required) The number of occurrences within the interval.time_interval- (Required) The time interval.status_codes- (Required) The status code range (e.g.500-599).path- (Optional) The request path to match.
auto_swap_slot_name- (Optional) The name of the slot to auto swap with.container_registry_managed_identity_client_id- (Optional) The Client ID of the MSI for Azure Container Registry.container_registry_use_managed_identity- (Optional) Should connections for Azure Container Registry use MSI.default_documents- (Optional) Specifies a list of Default Documents.detailed_error_logging_enabled- (Optional) Should detailed error logging be enabled?document_root- (Optional) The document root path.dotnet_framework_version- (Optional) The .NET Framework version. Takes precedence overapplication_stack.dotnet.dotnet_version.elastic_instance_minimum- (Optional) The number of minimum instances for Elastic Premium plans.elastic_web_app_scale_limit- (Optional) The maximum number of workers for Elastic scale.experiments- (Optional) Traffic routing experiments configuration.ramp_up_rules- (Optional) A list of ramp-up rules for traffic routing.action_host_name- (Optional) The hostname of the slot to route traffic to.change_decision_callback_url- (Optional) URL to a custom decision algorithm.change_interval_in_minutes- (Optional) Interval in minutes at which to re-evaluate routing percentage.change_step- (Optional) The percentage to change the routing by at each interval.max_reroute_percentage- (Optional) The maximum percentage of traffic to reroute.min_reroute_percentage- (Optional) The minimum percentage of traffic to reroute.name- (Optional) The name of the ramp-up rule (typically the slot name).reroute_percentage- (Optional) The current percentage of traffic to reroute.
ftps_state- (Optional) State of FTP / FTPS service. Possible values:AllAllowed,FtpsOnly,Disabled. Defaults toFtpsOnly.handler_mappings- (Optional) A list of handler mappings (Windows IIS).arguments- (Optional) The arguments to pass to the script processor.extension- (Optional) The file extension to handle.script_processor- (Optional) The path to the script processor executable.
health_check_path- (Optional) The path to be checked for health.http2_enabled- (Optional) Enable HTTP2 protocol. Defaults tofalse.http20_proxy_flag- (Optional) HTTP/2 proxy flag.0= disabled,1= pass through HTTP/2,2= gRPC only.http_logging_enabled- (Optional) Should HTTP logging be enabled?ip_restriction_default_action- (Optional) Default action for IP restrictions. Defaults toAllow.limits- (Optional) Resource limits for the App Service.max_disk_size_in_mb- (Optional) The maximum disk size in MB.max_memory_in_mb- (Optional) The maximum memory in MB.max_percentage_cpu- (Optional) The maximum CPU percentage.
java_container- (Optional) The Java container type (e.g.TOMCAT,JETTY). Direct alternative toapplication_stack.java.java_container.java_container_version- (Optional) The Java container version. Direct alternative toapplication_stack.java.java_container_version.java_version- (Optional) The Java version. Direct alternative toapplication_stack.java.java_version.linux_fx_version- (Optional) The Linux App Framework and version for the App Service. Direct value takes precedence overapplication_stackderived value.load_balancing_mode- (Optional) The Site load balancing mode. Defaults toLeastRequests.local_mysql_enabled- (Optional) Should Local MySQL be enabled? Defaults tofalse.logs_directory_size_limit- (Optional) The HTTP log directory size limit in MB.managed_pipeline_mode- (Optional) Managed pipeline mode. Defaults toIntegrated.metadata- (Optional) A list of name-value pairs for siteConfig metadata (e.g.CURRENT_STACK). Auto-computed fromapplication_stackif not specified. User-supplied entries take precedence.name- (Required) The metadata key.value- (Required) The metadata value.
min_tls_cipher_suite- (Optional) The minimum TLS cipher suite. E.g.TLS_AES_256_GCM_SHA384.minimum_tls_version- (Optional) The minimum TLS version. Defaults to1.3.node_version- (Optional) The Node.js version. Direct alternative toapplication_stack.node.node_version.php_version- (Optional) The PHP version. Direct alternative toapplication_stack.php.php_version.powershell_version- (Optional) The PowerShell version. Direct alternative toapplication_stack.powershell.powershell_version.pre_warmed_instance_count- (Optional) The number of pre-warmed instances.python_version- (Optional) The Python version. Direct alternative toapplication_stack.python.python_version.remote_debugging_enabled- (Optional) Should Remote Debugging be enabled. Defaults tofalse.remote_debugging_version- (Optional) The Remote Debugging Version.request_tracing_enabled- (Optional) Should request tracing be enabled?request_tracing_expiration_time- (Optional) The expiration time for request tracing.runtime_scale_monitoring_enabled- (Optional) Should runtime scale monitoring be enabled?scm_ip_restriction_default_action- (Optional) Default action for SCM IP restrictions. Defaults toAllow.scm_minimum_tls_version- (Optional) SCM minimum TLS version. Defaults to1.2.scm_type- (Optional) The SCM type. Defaults toNone.scm_use_main_ip_restriction- (Optional) Should SCM use the main IP restriction.tracing_options- (Optional) Azure tracing options.use_32_bit_worker- (Optional) Use a 32-bit worker process. Defaults tofalse.vnet_private_ports_count- (Optional) The number of private ports assigned to the app for VNet integration.vnet_route_all_enabled- (Optional) Route all outbound traffic through VNet. Defaults tofalse.website_time_zone- (Optional) The time zone for the website (e.g.Eastern Standard Time).websockets_enabled- (Optional) Enable Web Sockets. Defaults tofalse.windows_fx_version- (Optional) The Windows App Framework and version for the App Service. Direct value takes precedence overapplication_stackderived value.worker_count- (Optional) The number of Workers.application_insights_connection_string- (Optional) The connection string for Application Insights.application_insights_key- (Optional) The instrumentation key for Application Insights.cors- (Optional) CORS configuration.allowed_origins- (Optional) A list of allowed origins.support_credentials- (Optional) Should credentials be supported? Defaults tofalse.
ip_restriction- (Optional) A list of IP restriction rules.action- (Optional) The action. Defaults toAllow.ip_address- (Optional) The CIDR notation IP address.name- (Optional) The name of the rule.priority- (Optional) The priority. Defaults to65000.service_tag- (Optional) The service tag.virtual_network_subnet_id- (Optional) The subnet resource ID.headers- (Optional) Header-based restrictions.x_azure_fdid- (Optional) A list of Azure Front Door IDs.x_fd_health_probe- (Optional) A list of health probe values.x_forwarded_for- (Optional) A list of forwarded-for addresses.x_forwarded_host- (Optional) A list of forwarded hosts.
scm_ip_restriction- (Optional) A list of SCM IP restriction rules.action- (Optional) The action. Defaults toAllow.ip_address- (Optional) The CIDR notation IP address.name- (Optional) The name of the rule.priority- (Optional) The priority. Defaults to65000.service_tag- (Optional) The service tag.virtual_network_subnet_id- (Optional) The subnet resource ID.headers- (Optional) Header-based restrictions.x_azure_fdid- (Optional) A list of Azure Front Door IDs.x_fd_health_probe- (Optional) A list of health probe values.x_forwarded_for- (Optional) A list of forwarded-for addresses.x_forwarded_host- (Optional) A list of forwarded hosts.
application_stack- (Optional) Application stack configuration.docker- (Optional) Docker configuration.docker_image_name- (Optional) The Docker image name.docker_registry_url- (Optional) The Docker registry URL.docker_image_tag- (Optional) The Docker image tag. Defaults tolatest.
dotnet- (Optional) .NET configuration.dotnet_version- (Optional) The .NET version.current_stack- (Optional) The current stack.use_custom_runtime- (Optional) Use a custom runtime? Defaults tofalse.use_dotnet_isolated_runtime- (Optional) Use the isolated runtime? Defaults tofalse.
java- (Optional) Java configuration.java_version- (Optional) The Java version.java_container- (Optional) The Java container.java_container_version- (Optional) The Java container version.
node- (Optional) Node.js configuration.node_version- (Optional) The Node.js version.
php- (Optional) PHP configuration.php_version- (Optional) The PHP version.
python- (Optional) Python configuration.python_version- (Optional) The Python version.
powershell- (Optional) PowerShell configuration.powershell_version- (Optional) The PowerShell version.
virtual_application- (Optional) A list of virtual application configurations.physical_path- (Optional) The physical path. Defaults tosite\\wwwroot.preload_enabled- (Optional) Should preloading be enabled? Defaults tofalse.virtual_path- (Optional) The virtual path. Defaults to/.virtual_directory- (Optional) A list of virtual directories.physical_path- (Optional) The physical path.virtual_path- (Optional) The virtual path.
Type:
object({
always_on = optional(bool, true)
api_definition_url = optional(string)
api_management_api_id = optional(string)
app_command_line = optional(string)
app_scale_limit = optional(number)
auto_heal_enabled = optional(bool)
auto_heal_rules = optional(object({
actions = optional(object({
action_type = string
custom_action = optional(object({
exe = string
parameters = optional(string)
}))
min_process_execution_time = optional(string, "00:00:00")
}))
triggers = optional(object({
private_bytes_in_kb = optional(number)
requests = optional(object({
count = number
time_interval = string
}))
slow_requests = optional(object({
count = number
time_interval = string
time_taken = string
path = optional(string)
}))
slow_requests_with_path = optional(list(object({
count = number
time_interval = string
time_taken = string
path = optional(string)
})), [])
status_codes = optional(list(object({
count = number
time_interval = string
status = number
path = optional(string)
sub_status = optional(number)
win32_status = optional(number)
})), [])
status_codes_range = optional(list(object({
count = number
time_interval = string
status_codes = string
path = optional(string)
})), [])
}))
}))
auto_swap_slot_name = optional(string)
container_registry_managed_identity_client_id = optional(string)
container_registry_use_managed_identity = optional(bool)
default_documents = optional(list(string))
detailed_error_logging_enabled = optional(bool)
document_root = optional(string)
dotnet_framework_version = optional(string)
elastic_instance_minimum = optional(number)
elastic_web_app_scale_limit = optional(number)
experiments = optional(object({
ramp_up_rules = optional(list(object({
action_host_name = optional(string)
change_decision_callback_url = optional(string)
change_interval_in_minutes = optional(number)
change_step = optional(number)
max_reroute_percentage = optional(number)
min_reroute_percentage = optional(number)
name = optional(string)
reroute_percentage = optional(number)
})), [])
}))
ftps_state = optional(string, "FtpsOnly")
handler_mappings = optional(list(object({
arguments = optional(string)
extension = optional(string)
script_processor = optional(string)
})))
health_check_path = optional(string)
http2_enabled = optional(bool, false)
http20_proxy_flag = optional(number)
http_logging_enabled = optional(bool)
ip_restriction_default_action = optional(string, "Allow")
java_container = optional(string)
java_container_version = optional(string)
java_version = optional(string)
limits = optional(object({
max_disk_size_in_mb = optional(number)
max_memory_in_mb = optional(number)
max_percentage_cpu = optional(number)
}))
linux_fx_version = optional(string)
load_balancing_mode = optional(string, "LeastRequests")
local_mysql_enabled = optional(bool, false)
logs_directory_size_limit = optional(number)
managed_pipeline_mode = optional(string, "Integrated")
metadata = optional(list(object({
name = string
value = string
})))
min_tls_cipher_suite = optional(string)
minimum_tls_version = optional(string, "1.3")
node_version = optional(string)
php_version = optional(string)
powershell_version = optional(string)
pre_warmed_instance_count = optional(number)
python_version = optional(string)
remote_debugging_enabled = optional(bool, false)
remote_debugging_version = optional(string)
request_tracing_enabled = optional(bool)
request_tracing_expiration_time = optional(string)
runtime_scale_monitoring_enabled = optional(bool)
scm_ip_restriction_default_action = optional(string, "Allow")
scm_minimum_tls_version = optional(string, "1.2")
scm_type = optional(string, "None")
scm_use_main_ip_restriction = optional(bool, false)
tracing_options = optional(string)
use_32_bit_worker = optional(bool, false)
vnet_private_ports_count = optional(number)
vnet_route_all_enabled = optional(bool, false)
website_time_zone = optional(string)
websockets_enabled = optional(bool, false)
windows_fx_version = optional(string)
worker_count = optional(number)
application_insights_connection_string = optional(string)
application_insights_key = optional(string)
cors = optional(object({
allowed_origins = optional(list(string))
support_credentials = optional(bool, false)
}))
ip_restriction = optional(list(object({
action = optional(string, "Allow")
ip_address = optional(string)
name = optional(string)
priority = optional(number, 65000)
service_tag = optional(string)
virtual_network_subnet_id = optional(string)
headers = optional(object({
x_azure_fdid = optional(list(string))
x_fd_health_probe = optional(list(string))
x_forwarded_for = optional(list(string))
x_forwarded_host = optional(list(string))
}))
})), [])
scm_ip_restriction = optional(list(object({
action = optional(string, "Allow")
ip_address = optional(string)
name = optional(string)
priority = optional(number, 65000)
service_tag = optional(string)
virtual_network_subnet_id = optional(string)
headers = optional(object({
x_azure_fdid = optional(list(string))
x_fd_health_probe = optional(list(string))
x_forwarded_for = optional(list(string))
x_forwarded_host = optional(list(string))
}))
})), [])
application_stack = optional(object({
docker = optional(object({
docker_image_name = optional(string)
docker_registry_url = optional(string)
docker_image_tag = optional(string, "latest")
}))
dotnet = optional(object({
dotnet_version = optional(string)
current_stack = optional(string)
use_custom_runtime = optional(bool, false)
use_dotnet_isolated_runtime = optional(bool, false)
}))
java = optional(object({
java_version = optional(string)
java_container = optional(string)
java_container_version = optional(string)
}))
node = optional(object({
node_version = optional(string)
}))
php = optional(object({
php_version = optional(string)
}))
python = optional(object({
python_version = optional(string)
}))
powershell = optional(object({
powershell_version = optional(string)
}))
}))
virtual_application = optional(list(object({
physical_path = optional(string, "site\\wwwroot")
preload_enabled = optional(bool, false)
virtual_path = optional(string, "/")
virtual_directory = optional(list(object({
physical_path = optional(string)
virtual_path = optional(string)
})), [])
})), [])
})Default: {}
Description: A map of sensitive app settings to apply to the deployment slot(s). The key MUST be the same key as the slot key.
Type: map(map(string))
Default: {}
Description: A map of sensitive values (Storage Access Key) for the Storage Account SMB file shares to mount to the deployment slots.
The key is the supplied input to var.deployment_slots.<slot_key>.storage_shares_to_mount.
The value is the secret value (storage access key).
Type: map(string)
Default: {}
Description: (Optional) Should SSH be enabled for the App Service?
Type: bool
Default: null
Description: A map of sticky settings to assign to the App Service.
app_setting_names- (Optional) A list of app setting names that should be sticky to the slot.connection_string_names- (Optional) A list of connection string names that should be sticky to the slot.
Type:
map(object({
app_setting_names = optional(list(string))
connection_string_names = optional(list(string))
}))Default: {}
Description: The access key of the Storage Account for the Function App.
Type: string
Default: null
Description: The name of the Storage Account for the Function App.
Type: string
Default: null
Description: (Optional) Should a storage account be required for the Function App? When set, the storage account must be specified in the app settings.
Type: bool
Default: null
Description: The name of the storage account file share (Logic App).
Type: string
Default: null
Description: The authentication type for the backend storage account. Possible values are StorageAccountConnectionString, SystemAssignedIdentity, and UserAssignedIdentity.
Type: string
Default: null
Description: The backend storage container endpoint for Flex Consumption Function Apps.
Type: string
Default: null
Description: The storage container type. The current supported type is blobContainer.
Type: string
Default: null
Description: A map of Storage Account file shares to mount to the App Service.
access_key- (Required) The access key for the Storage Account.account_name- (Required) The name of the Storage Account.mount_path- (Required) The path to mount the share at within the App Service.name- (Required) The name of the storage mount.share_name- (Required) The name of the file share.type- (Optional) The type of storage. Defaults toAzureFiles.
Type:
map(object({
access_key = string
account_name = string
mount_path = string
name = string
share_name = string
type = optional(string, "AzureFiles")
}))Default: {}
Description: The ID of the User Assigned Managed Identity for storage.
Type: string
Default: null
Description: Should the Storage Account use a Managed Identity? Defaults to false.
Type: bool
Default: false
Description: The map of tags to be applied to the resource.
Type: map(string)
Default: null
Description: - create - (Defaults to 30 minutes) Used when creating the App Service.
delete- (Defaults to 30 minutes) Used when deleting the App Service.read- (Defaults to 5 minutes) Used when retrieving the App Service.update- (Defaults to 30 minutes) Used when updating the App Service.
Type:
object({
create = optional(string)
delete = optional(string)
read = optional(string)
update = optional(string)
})Default: null
Description: Should the extension bundle be used? (Logic App) Defaults to true.
Type: bool
Default: true
Description: Should backup and restore operations over the linked virtual network be enabled? Defaults to false.
Type: bool
Default: false
Description: The ID of the subnet to deploy the App Service in for regional VNet integration.
Type: string
Default: null
Description: Should application traffic be routed over virtual network? Maps to outboundVnetRouting.applicationTraffic. Defaults to false.
Type: bool
Default: false
Description: Should the traffic for the content share be routed over virtual network? Defaults to false.
Type: bool
Default: false
Description: Should the traffic for image pull be routed over virtual network? Defaults to false.
Type: bool
Default: false
Description: Should all outbound traffic be routed over virtual network? Maps to outboundVnetRouting.allTraffic. Defaults to false.
Type: bool
Default: false
Description: (Optional) The workload profile name for apps hosted in a Container Apps environment.
Type: string
Default: null
Description: The path to the zip file to deploy to the App Service.
Type: string
Default: null
Description: The duration to wait after applying app settings and connection strings before triggering zip deploy. This allows the SCM site to pick up settings like SCM_DO_BUILD_DURING_DEPLOYMENT before the deploy starts.
Type: string
Default: "60s"
The following outputs are exported:
Description: The active slot resource ID.
Description: The custom domain verification ID for the App Service. Use this value to create
an asuid.<custom-hostname> TXT record in your DNS zone before binding a custom
domain via var.custom_domains. See the custom_domains variable documentation
for details on the DNS prerequisites that Azure enforces.
Description: The locks of the deployment slots.
Description: The deployment slots.
Description: The system-assigned managed identity principal ID of the resource.
Description: The kind of app service.
Description: The location of the resource.
Description: The name of the resource.
Description: The operating system type of the resource.
Description: A map of private endpoints. The map key is the supplied input to var.private_endpoints.
Description: This is the full output for the resource.
Description: The resource ID of the App Service.
Description: The locks of the resources.
Description: A map of private endpoints. The map key is the supplied input to var.private_endpoints. The map value is the entire azapi_resource.
Description: The default hostname of the resource.
Description: The system-assigned managed identity principal ID.
Description: Map of system-assigned managed identity principal IDs for deployment slots.
The following Modules are called:
Source: Azure/avm-utl-interfaces/azure
Version: 0.5.1
Source: ./modules/certificate
Version:
Source: ./modules/config_appsettings
Version:
Source: ./modules/config_authsettings
Version:
Source: ./modules/config_authsettingsv2
Version:
Source: ./modules/config_azurestorageaccounts
Version:
Source: ./modules/config_backup
Version:
Source: ./modules/config_connectionstrings
Version:
Source: ./modules/config_logs
Version:
Source: ./modules/config_metadata
Version:
Source: ./modules/config_slotconfignames
Version:
Source: ./modules/extensions_zipdeploy
Version:
Source: ./modules/publishing_credential_policy
Version:
Source: ./modules/hostname_binding
Version:
Source: ./modules/publishing_credential_policy
Version:
Source: ./modules/site_config_helpers
Version:
Source: ./modules/slot
Version:
Source: ./modules/hostname_binding
Version:
The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.