This Terraform module creates an Azure Function App with its App Service Plan, a consumption plan by default. A Storage Account and an Application Insights are required and are created if not provided. This module allows to deploy a application from a local or remote ZIP file that will be stored on the associated storage account.
You can create an Azure Function without plan by using the submodule modules/functionapp
.
Azure Functions v3 are now supported by this module and is the default one.
Based on a current limitation, you cannot mix Windows and Linux apps in the same resource group.
Limitations documentation: docs.microsoft.com/en-us/azure/app-service/containers/app-service-linux-intro#limitations
Module version | Terraform version | AzureRM version |
---|---|---|
>= 6.x.x | 1.x | >= 3.0 |
>= 5.x.x | 0.15.x | >= 2.0 |
>= 4.x.x | 0.13.x / 0.14.x | >= 2.0 |
>= 3.x.x | 0.12.x | >= 2.0 |
>= 2.x.x | 0.12.x | < 2.0 |
< 2.x.x | 0.11.x | < 2.0 |
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper
available in the documentation.
module "azure_region" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
location = module.azure_region.location
client_name = var.client_name
environment = var.environment
stack = var.stack
}
module "logs" {
source = "claranet/run-common/azurerm//modules/logs"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
}
### Windows
module "function_app_windows" {
source = "claranet/function-app/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
name_prefix = "hello"
os_type = "Windows"
function_app_application_settings = {
"tracker_id" = "AJKGDFJKHFDS"
"backend_api_url" = "https://backend.domain.tld/api"
}
storage_account_identity_type = "SystemAssigned"
logs_destinations_ids = [
module.logs.logs_storage_account_id,
module.logs.log_analytics_workspace_id
]
extra_tags = {
foo = "bar"
}
}
### Linux
module "function_app_linux" {
source = "claranet/function-app/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
name_prefix = "hello"
os_type = "Linux"
function_language_for_linux = "python"
function_app_version = 3
function_app_application_settings = {
"tracker_id" = "AJKGDFJKHFDS"
"backend_api_url" = "https://backend.domain.tld/api"
}
storage_account_identity_type = "SystemAssigned"
logs_destinations_ids = [
module.logs.logs_storage_account_id,
module.logs.log_analytics_workspace_id
]
extra_tags = {
foo = "bar"
}
}
No providers.
Name | Source | Version |
---|---|---|
linux_function | ./modules/linux-function | n/a |
service_plan | claranet/app-service-plan/azurerm | 6.0.0 |
windows_function | ./modules/windows-function | n/a |
No resources.
Name | Description | Type | Default | Required |
---|---|---|---|---|
app_service_environment_id | The ID of the App Service Environment to create this Service Plan in. Requires an Isolated SKU. Use one of I1, I2, I3 for azurerm_app_service_environment, or I1v2, I2v2, I3v2 for azurerm_app_service_environment_v3 | string |
null |
no |
application_insights_custom_name | Custom name for application insights deployed with function app | string |
"" |
no |
application_insights_daily_data_cap | Daily data volume cap (in GB) for Application Insights | number |
null |
no |
application_insights_daily_data_cap_notifications_disabled | Disable email notifications when data volume cap is met | bool |
null |
no |
application_insights_enabled | Enable or disable the Application Insights deployment | bool |
true |
no |
application_insights_extra_tags | Extra tags to add to Application Insights | map(string) |
{} |
no |
application_insights_force_customer_storage_for_profiler | Enable Application Insights component to force users to create their own storage account for profiling | bool |
false |
no |
application_insights_id | ID of the existing Application Insights to use instead of deploying a new one. | string |
null |
no |
application_insights_internet_ingestion_enabled | Enable ingestion support from Application Insights component over the Public Internet | bool |
true |
no |
application_insights_internet_query_enabled | Enable querying support from Application Insights component over the Public Internet | bool |
true |
no |
application_insights_ip_masking_disabled | Disable IP masking in logs | bool |
false |
no |
application_insights_local_authentication_disabled | Disable Non-Azure AD based Auth | bool |
false |
no |
application_insights_log_analytics_workspace_id | ID of the Log Analytics Workspace to be used with Application Insights | string |
null |
no |
application_insights_name_prefix | Application Insights name prefix | string |
"" |
no |
application_insights_retention | Specify retention period (in days) for logs | number |
90 |
no |
application_insights_sampling_percentage | Percentage of data produced by the monitored application sampled for Application Insights telemetry | number |
null |
no |
application_insights_type | Application Insights type if need to be generated. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_insights#application_type | string |
"web" |
no |
application_zip_package_path | Local or remote path of a zip package to deploy on the Function App | string |
null |
no |
authorized_ips | IPs restriction for Function in CIDR format. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#ip_restriction | list(string) |
[] |
no |
authorized_service_tags | Service Tags restriction for Function. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction | list(string) |
[] |
no |
authorized_subnet_ids | Subnets restriction for Function. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction | list(string) |
[] |
no |
builtin_logging_enabled | Should built in logging be enabled | bool |
true |
no |
client_certificate_enabled | Should the function app use Client Certificates | bool |
null |
no |
client_certificate_mode | (Optional) The mode of the Function App's client certificates requirement for incoming requests. Possible values are Required , Optional , and OptionalInteractiveUser . |
string |
null |
no |
client_name | Client name/account used in naming | string |
n/a | yes |
custom_diagnostic_settings_name | Custom name of the diagnostics settings, name will be 'default' if not set. | string |
"default" |
no |
default_tags_enabled | Option to enable or disable default tags | bool |
true |
no |
environment | Project environment | string |
n/a | yes |
extra_tags | Extra tags to add | map(string) |
{} |
no |
function_app_application_settings | Function App application settings | map(string) |
{} |
no |
function_app_custom_name | Custom name for function app | string |
"" |
no |
function_app_extra_tags | Extra tags to add to Function App | map(string) |
{} |
no |
function_app_name_prefix | Function App name prefix | string |
"" |
no |
function_app_site_config | Site config for Function App. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#site_config. IP restriction attribute is not managed in this block. | any |
{} |
no |
function_app_version | Version of the function app runtime to use (Allowed values 2 or 3) | number |
3 |
no |
function_app_vnet_integration_enabled | Enable VNET integration with the Function App. function_app_vnet_integration_subnet_id is mandatory if enabled |
bool |
false |
no |
function_app_vnet_integration_subnet_id | ID of the subnet to associate with the Function App (VNet integration) | string |
null |
no |
function_language_for_linux | Language of the Function App on Linux hosting, can be "dotnet", "node" or "python" | string |
"dotnet" |
no |
https_only | Disable http procotol and keep only https | bool |
true |
no |
identity_ids | UserAssigned Identities ID to add to Function App. Mandatory if type is UserAssigned | list(string) |
null |
no |
identity_type | Add an Identity (MSI) to the function app. Possible values are SystemAssigned or UserAssigned | string |
"SystemAssigned" |
no |
ip_restriction_headers | IPs restriction headers for Function. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#headers | map(list(string)) |
null |
no |
location | Azure location for Function App and related resources | string |
n/a | yes |
location_short | Short string for Azure location | string |
n/a | yes |
logs_categories | Log categories to send to destinations. | list(string) |
null |
no |
logs_destinations_ids | List of destination resources Ids for logs diagnostics destination. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set. Empty list to disable logging. | list(string) |
n/a | yes |
logs_metrics_categories | Metrics categories to send to destinations. | list(string) |
null |
no |
logs_retention_days | Number of days to keep logs on storage account | number |
30 |
no |
maximum_elastic_worker_count | The maximum number of workers to use in an Elastic SKU Plan. Cannot be set unless using an Elastic SKU. | number |
null |
no |
name_prefix | Optional prefix for the generated name | string |
"" |
no |
name_suffix | Optional suffix for the generated name | string |
"" |
no |
os_type | The O/S type for the App Services to be hosted in this plan. Possible values include Windows , Linux , and WindowsContainer . |
string |
n/a | yes |
per_site_scaling_enabled | Should Per Site Scaling be enabled. | bool |
false |
no |
resource_group_name | Resource group name | string |
n/a | yes |
scm_authorized_ips | SCM IPs restriction for Function. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#scm_ip_restriction | list(string) |
[] |
no |
scm_authorized_service_tags | SCM Service Tags restriction for Function. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#scm_ip_restriction | list(string) |
[] |
no |
scm_authorized_subnet_ids | SCM subnets restriction for Function. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#scm_ip_restriction | list(string) |
[] |
no |
scm_ip_restriction_headers | IPs restriction headers for Function. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#scm_ip_restriction | map(list(string)) |
null |
no |
service_plan_custom_name | Name of the App Service Plan, generated if not set. | string |
"" |
no |
service_plan_extra_tags | Extra tags to add. | map(string) |
{} |
no |
sku_name | The SKU for the plan. Possible values include B1, B2, B3, D1, F1, FREE, I1, I2, I3, I1v2, I2v2, I3v2, P1v2, P2v2, P3v2, P1v3, P2v3, P3v3, S1, S2, S3, SHARED, EP1, EP2, EP3, WS1, WS2, and WS3. | string |
"Y1" |
no |
stack | Project stack name | string |
n/a | yes |
storage_account_access_key | Access key the storage account to use. If null a new storage account is created | string |
null |
no |
storage_account_authorized_ips | IPs restriction for Function storage account in CIDR format | list(string) |
[] |
no |
storage_account_enable_advanced_threat_protection | Boolean flag which controls if advanced threat protection is enabled, see here for more information. | bool |
false |
no |
storage_account_enable_https_traffic_only | Boolean flag which controls if https traffic only is enabled. | bool |
true |
no |
storage_account_extra_tags | Extra tags to add to Storage Account | map(string) |
{} |
no |
storage_account_identity_ids | Specifies a list of User Assigned Managed Identity IDs to be assigned to this Storage Account | list(string) |
null |
no |
storage_account_identity_type | Specifies the type of Managed Service Identity that should be configured on this Storage Account | string |
null |
no |
storage_account_kind | Storage Account Kind | string |
"StorageV2" |
no |
storage_account_min_tls_version | Storage Account minimal TLS version | string |
"TLS1_2" |
no |
storage_account_name | Name of the Storage account to attach to function | string |
null |
no |
storage_account_name_prefix | Storage Account name prefix | string |
"" |
no |
storage_account_network_bypass | Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are any combination of Logging , Metrics , AzureServices , or None . |
list(string) |
[ |
no |
storage_account_network_rules_enabled | Enable Storage account network default rules for functions | bool |
true |
no |
use_caf_naming | Use the Azure CAF naming provider to generate default resource name. custom_name override this if set. Legacy default name is used if this is set to false . |
bool |
true |
no |
worker_count | The number of Workers (instances) to be allocated. | number |
null |
no |
Name | Description |
---|---|
application_insights_app_id | App ID of the associated Application Insights |
application_insights_application_type | Application Type of the associated Application Insights |
application_insights_id | ID of the associated Application Insights |
application_insights_instrumentation_key | Instrumentation key of the associated Application Insights |
application_insights_name | Name of the associated Application Insights |
linux_function_app | Linux Function App output object if Linux is choosen. Please refer to ./modules/linux-function/README.md |
service_plan_id | ID of the created Service Plan |
service_plan_name | Name of the created Service Plan |
storage_account_id | ID of the associated Storage Account, empty if connection string provided |
storage_account_name | Name of the associated Storage Account, empty if connection string provided |
storage_account_network_rules | Network rules of the associated Storage Account |
storage_account_primary_access_key | Primary connection string of the associated Storage Account, empty if connection string provided |
storage_account_primary_connection_string | Primary connection string of the associated Storage Account, empty if connection string provided |
storage_account_secondary_access_key | Secondary connection string of the associated Storage Account, empty if connection string provided |
storage_account_secondary_connection_string | Secondary connection string of the associated Storage Account, empty if connection string provided |
windows_function_app | Windows Function App output object if Windows is choosen. Please refer to ./modules/windows-function/README.md |
Microsoft Azure Functions documentation: github.com/Azure/Azure-Functions#documentation-1