additional_login_params |
(Optional) Login parameters to send to the OpenID Connect authorization endpoint when a user logs in. Each parameter must be in the form key=value. |
map(string) |
null |
allowed_external_redirect_urls |
(Optional) External URLs that can be redirected to as part of logging in or logging out of the app. |
list(string) |
[] |
always_on |
(Optional) Should the app be loaded at all times? Defaults to false. |
bool |
false |
app_command_line |
(Optional) App command line to launch, e.g. '/sbin/myserver -b 0.0.0.0'. |
string |
"" |
app_logs_azure_blob_storage |
(Optional) Needs to be set if app_logs_enabled = true. |
object({ # Possible values include Error, Warning, Information, Verbose and Off. # NOTE: below field is not available for http_logs level = string # The number of days to retain logs for. retention_in_days = number # The URL to the storage container, with a Service SAS token appended. sas_url = string }) |
null |
app_logs_enabled |
(Optional) Should Application logs be enabled? For this to work logs_enabled need to be true. |
bool |
false |
app_service_plan_id |
(Required) The ID of the App Service Plan within which to create this App Service. |
string |
null |
app_service_plan_kind |
(Required) The kind used for app service plan. Possible values are: 'Windows' and 'Linux'. Defaults to 'Windows'. |
string |
null |
app_settings |
(Optional) Map of KEY = VALUE pairs to pass to App Service environment, all values will be registered as plain text environment variables. |
map(string) |
{} |
auth_active_directory |
(Optional) Object defining AD authentication integration. Required: client_id and client_secret. |
object({ client_id = string client_secret = string allowed_audiences = list(string) }) |
null |
auth_enabled |
(Optional) Is Authentication enabled? |
bool |
false |
auth_facebook |
(Optional) Object defining Facebook authetication integration. Required: app_id and app_secret. |
object({ app_id = string app_secret = string oauth_scopes = list(string) }) |
null |
auth_google |
(Optional) Object defining Google authetication integration. Required: client_id and client_secret. |
object({ client_id = string client_secret = string oauth_scopes = list(string) }) |
null |
auth_microsoft |
(Optional) Object defining Microsoft authetication integration. Required: client_id and client_secret. |
object({ client_id = string client_secret = string oauth_scopes = list(string) }) |
null |
auth_twitter |
(Optional) Object defining Twitter authetication integration. Required: consumer_key and consumer_secret. |
object({ consumer_key = string consumer_secret = string }) |
null |
backup_enabled |
(Optional) Should backup be enabled? |
bool |
false |
backup_name |
(Optional) Specifies the name for this Backup. |
string |
"bak" |
backup_schedule |
(Optional) Object defining backup schedule, Required if backup_enabled = true. |
object({ frequency_interval = number frequency_unit = string keep_at_least_one_backup = bool retention_period_in_days = number start_time = string }) |
{ "frequency_interval": 1, "frequency_unit": "Day", "keep_at_least_one_backup": true, "retention_period_in_days": 30, "start_time": null } |
backup_storage_account_url |
The SAS URL to a Storage Container where Backups should be saved. |
string |
null |
cert_name |
(Optional) Name of the certificate resource. Defaults to App Service Name with '-cert' suffix. |
string |
null |
cert_path |
(Optional) Path to your certificate pfx, if this is set custom_domain is required. |
string |
null |
cert_secret |
(Optional) Password to your certificate pfx. |
string |
"" |
client_affinity_enabled |
(Optional) Should the App Service send session affinity cookies, which route client requests in the same session to the same instance? |
bool |
false |
client_cert_enabled |
(Optional) Does the App Service require client certificates for incoming requests? Defaults to false. |
bool |
false |
compose_file_path |
(Optional) Path to a docker-compose file for App Service to run. |
string |
null |
connection_string |
(Optional) Possible type values are APIHub, Custom, DocDb, EventHub, MySQL, NotificationHub, PostgreSQL, RedisCache, ServiceBus, SQLAzure and SQLServer. |
list(object({ name = string type = string value = string })) |
[] |
cors |
(Optional) Object to define CORS block in site config. |
object({ allowed_origins = list(string) support_credentials = bool }) |
{ "allowed_origins": [], "support_credentials": null } |
custom_domain |
(Optional) Custom domain to attach to the App Service. |
string |
null |
default_documents |
(Optional) The ordering of default documents to load, if an address isn't specified. |
list(string) |
null |
default_provider |
(Optional) The default provider to use when multiple providers have been set up. Possible values are AzureActiveDirectory, Facebook, Google, MicrosoftAccount and Twitter. |
string |
"AzureActiveDirectory" |
docker_container |
(Optional) <user/image:tag> to run a docker image. |
string |
null |
dotnet_framework_version |
(Optional) The version of the .NET framework's CLR used in this App Service. See https://en.wikipedia.org/wiki/.NET_Framework_version_history#Overview . |
string |
null |
enabled |
(Optional) Is the App Service Enabled? |
bool |
true |
ftps_state |
(Optional) State of FTP / FTPS service for this App Service. Possible values include: AllAllowed, FtpsOnly and Disabled. Defaults to Disabled. |
string |
"Disabled" |
http2_enabled |
(Optional) Is HTTP2 Enabled on this App Service? Defaults to true. |
bool |
true |
http_logs_azure_blob_storage |
(Optional) Needs to be set if http_logs_enabled == true and file_system storage is not set. |
object({ # The number of days to retain logs for. retention_in_days = number # The URL to the storage container, with a Service SAS token appended. sas_url = string }) |
null |
http_logs_enabled |
(Optional) Should HTTP logs be enabled? For this to work logs_enabled need to be true. |
bool |
false |
http_logs_file_system |
(Optional) Retention specs if https logs need to be stored on the file system, both values are required. |
object({ retention_in_days = number retention_in_mb = number }) |
null |
https_only |
(Optional) Can the App Service only be accessed via HTTPS? |
bool |
true |
identity |
(Optional) Toggle for SystemAssigned managed identity. Defaults to true. |
bool |
true |
identity_ids |
(Optional) Specifies a list of user managed identity ids to be assigned. Required if type is UserAssigned. |
list(string) |
null |
identity_type |
(Optional) Specifies the identity type of the App Service. Possible values are SystemAssigned (where Azure will generate a Service Principal for you), UserAssigned where you can specify the Service Principal IDs in the identity_ids field. |
string |
"SystemAssigned" |
ip_restriction |
(Optional) A Map representing IP restrictions to the App Service. |
map(map(string)) |
{} |
issuer |
(Optional) Issuer URI. When using Azure Active Directory, this value is the URI of the directory tenant, e.g. https://sts.windows.net/{tenant-guid}/. |
string |
null |
java |
(Optional) Java version possible values are 1.7, 1.8 and 11 and their specific versions. Java container possible values are JAVA, JETTY, and TOMCAT. |
object({ version = string container = string container_version = string }) |
null |
key_vault_secret_id |
(Optional) Key Vault Secret ID for your App Certificate, ether this or cert_path needs to be specified, if this is set custom_domain is required. |
string |
null |
kubernetes_file_path |
(Optional) Path to kubernetes manifest for App Service to run. |
string |
null |
linux_fx_version |
(Optional) Linux App Framework and version for the App Service. Contrary to the documentation there are more supported options than DOCKER| COMPOSE| and KUBE|. Values also available are DOTNETCORE| NODE| PHP| PYTHON| JAVA| RUBY|. |
string |
null |
local_mysql_enabled |
(Optional) This runs a local MySQL instance with your app and shares resources from the App Service plan. |
bool |
false |
location |
(Optional) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. |
string |
"westeurope" |
log_analytics_workspace_id |
(Optional) Resource ID of an existing log analytics workspace. Providing ID enables logging. |
string |
null |
logs_enabled |
(Optional) Should Logs be enabled? |
bool |
false |
managed_pipeline_mode |
(Optional) The Managed Pipeline Mode. Possible values are Integrated and Classic. |
string |
"Integrated" |
min_tls_version |
(Optional) The minimum supported TLS version for the app service. Possible values are '1.0', '1.1', and '1.2'. |
string |
"1.2" |
name |
(Required) Specifies the name of the App Service. Changing this forces a new resource to be created. |
string |
null |
php_version |
(Optional) The version of PHP to use in this App Service. Possible values are '5.5', '5.6', '7.0', '7.1', '7.2', '7.3' and '7.4'. |
string |
null |
python_version |
(Optional) The version of Python to use in this App Service. Possible values are '2.7' and '3.4'. |
string |
null |
remote_debugging_enabled |
(Optional) Is Remote Debugging Enabled? |
bool |
false |
remote_debugging_version |
(Optional) Which version of Visual Studio should the Remote Debugger be compatible with? Possible values are VS2012, VS2013, VS2015 and VS2017. |
string |
"VS2017" |
resource_group_name |
(Required) The name of the resource group in which to create the App Service. |
string |
null |
runtime_version |
(Optional) The runtime version of the Authentication/Authorization module. |
string |
null |
scm_ip_restriction |
(Optional) A Map representing IP restrictions to the Kudu Management page (scm) App Service. |
map(map(string)) |
{} |
scm_type |
(Optional) The type of Source Control enabled for this App Service. Defaults to None. Possible values are: BitbucketGit, BitbucketHg, CodePlexGit, CodePlexHg, Dropbox, ExternalGit, ExternalHg, GitHub, LocalGit, None, OneDrive, Tfs, VSO, and VSTSRM |
string |
"None" |
scm_use_main_ip_restriction |
(Optional) IP security restrictions for Kudu Managment page (scm) to use main IP restrictions. Defaults to true. |
bool |
true |
source_control |
(Optional) A Source Control block for the App Service. |
map(string) |
null |
ssl_state |
(Optional) The SSL type. Possible values are IpBasedEnabled and SniEnabled, if this is set cert thumbprint needs to be generated by ether providing cert_path or key_vault_secret_id |
string |
null |
storage_account |
(Optional) object that can include storage account block to the configuration. |
object({ # The name of the storage account identifier. name = string # Possible values are AzureBlob and AzureFiles. type = string # The name of the storage account. account_name = string # The name of the file share (container name, for Blob storage). share_name = string # The access key for the storage account. access_key = string # (Optional) The path to mount the storage within the site's runtime environment. mount_path = string }) |
null |
tags |
(Optional) A mapping of tags to assign to the resource. |
map(string) |
{} |
token_refresh_extension_hours |
(Optional) The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72. |
number |
null |
token_store_enabled |
(Optional) If enabled the module will durably store platform-specific security tokens that are obtained during login flows. Defaults to false. |
bool |
false |
unauthenticated_client_action |
(Optional) The action to take when an unauthenticated client attempts to access the app. Possible values are AllowAnonymous and RedirectToLoginPage. |
string |
"RedirectToLoginPage" |
use_32_bit_worker_process |
(Optional) When using an App Service Plan in the Free or Shared Tiers use_32_bit_worker_process must be set to true |
bool |
false |
websockets_enabled |
(Optional) Should WebSockets be enabled? |
bool |
false |
windows_fx_version |
(Optional) Windows App Framework and version for the App Service. |
string |
null |