Microsoft.Cdn profiles/securityPolicies
Bicep resource definition
The profiles/securityPolicies resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Cdn/profiles/securityPolicies resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Cdn/profiles/securityPolicies@2023-07-01-preview' = {
name: 'string'
parent: resourceSymbolicName
properties: {
parameters: {
type: 'string'
// For remaining properties, see SecurityPolicyPropertiesParameters objects
}
}
}
SecurityPolicyPropertiesParameters objects
Set the type property to specify the type of object.
For WebApplicationFirewall, use:
type: 'WebApplicationFirewall'
associations: [
{
domains: [
{
id: 'string'
}
]
patternsToMatch: [
'string'
]
}
]
wafPolicy: {
id: 'string'
}
Property values
profiles/securityPolicies
| Name | Description | Value |
|---|---|---|
| name | The resource name See how to set names and types for child resources in Bicep. |
string (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: profiles |
| properties | The json object that contains properties required to create a security policy | SecurityPolicyProperties |
SecurityPolicyProperties
| Name | Description | Value |
|---|---|---|
| parameters | object which contains security policy parameters | SecurityPolicyPropertiesParameters |
SecurityPolicyPropertiesParameters
| Name | Description | Value |
|---|---|---|
| type | Set the object type | WebApplicationFirewall (required) |
SecurityPolicyWebApplicationFirewallParameters
| Name | Description | Value |
|---|---|---|
| type | The type of the Security policy to create. | 'WebApplicationFirewall' (required) |
| associations | Waf associations | SecurityPolicyWebApplicationFirewallAssociation[] |
| wafPolicy | Resource ID. | ResourceReference |
SecurityPolicyWebApplicationFirewallAssociation
| Name | Description | Value |
|---|---|---|
| domains | List of domains. | ActivatedResourceReference[] |
| patternsToMatch | List of paths | string[] |
ActivatedResourceReference
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
ResourceReference
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
FrontDoor CDN with WAF, Domains and Logs to EventHub |
This template creates a new Azure FrontDoor cdn profile. Create WAF with custom and managed rules, cdn routes, origin and groups with their association with WAF and routes, configures custom domains, create event hub and diagnostic settings for sending CDN access logs using event hub. |
| Front Door Premium with blob origin and Private Link |
This template creates a Front Door Premium and an Azure Storage blob container, and uses a private endpoint for Front Door to send traffic to the storage account. |
| Front Door Premium with WAF and Microsoft-managed rule sets |
This template creates a Front Door Premium including a web application firewall with the Microsoft-managed default and bot protection rule sets. |
| Front Door Standard/Premium with geo-filtering |
This template creates a Front Door Standard/Premium including a web application firewall with a geo-filtering rule. |
| Front Door Standard/Premium with rate limit |
This template creates a Front Door Standard/Premium including a web application firewall with a rate limit rule. |
| Front Door with blob origins for blobs upload |
This template creates a Front Door with origins, routes and ruleSets, and an Azure Storage accounts with blob containers. Front Door sends traffic to the storage accounts when uploading files. |
| Front Door Standard/Premium with WAF and custom rule |
This template creates a Front Door Standard/Premium including a web application firewall with a custom rule. |
| Function App secured by Azure Frontdoor |
This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link. |
ARM template resource definition
The profiles/securityPolicies resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Cdn/profiles/securityPolicies resource, add the following JSON to your template.
{
"type": "Microsoft.Cdn/profiles/securityPolicies",
"apiVersion": "2023-07-01-preview",
"name": "string",
"properties": {
"parameters": {
"type": "string"
// For remaining properties, see SecurityPolicyPropertiesParameters objects
}
}
}
SecurityPolicyPropertiesParameters objects
Set the type property to specify the type of object.
For WebApplicationFirewall, use:
"type": "WebApplicationFirewall",
"associations": [
{
"domains": [
{
"id": "string"
}
],
"patternsToMatch": [ "string" ]
}
],
"wafPolicy": {
"id": "string"
}
Property values
profiles/securityPolicies
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Cdn/profiles/securityPolicies' |
| apiVersion | The resource api version | '2023-07-01-preview' |
| name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) |
| properties | The json object that contains properties required to create a security policy | SecurityPolicyProperties |
SecurityPolicyProperties
| Name | Description | Value |
|---|---|---|
| parameters | object which contains security policy parameters | SecurityPolicyPropertiesParameters |
SecurityPolicyPropertiesParameters
| Name | Description | Value |
|---|---|---|
| type | Set the object type | WebApplicationFirewall (required) |
SecurityPolicyWebApplicationFirewallParameters
| Name | Description | Value |
|---|---|---|
| type | The type of the Security policy to create. | 'WebApplicationFirewall' (required) |
| associations | Waf associations | SecurityPolicyWebApplicationFirewallAssociation[] |
| wafPolicy | Resource ID. | ResourceReference |
SecurityPolicyWebApplicationFirewallAssociation
| Name | Description | Value |
|---|---|---|
| domains | List of domains. | ActivatedResourceReference[] |
| patternsToMatch | List of paths | string[] |
ActivatedResourceReference
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
ResourceReference
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
| FrontDoor CDN with WAF, Domains and Logs to EventHub |
This template creates a new Azure FrontDoor cdn profile. Create WAF with custom and managed rules, cdn routes, origin and groups with their association with WAF and routes, configures custom domains, create event hub and diagnostic settings for sending CDN access logs using event hub. |
| Front Door Premium with blob origin and Private Link |
This template creates a Front Door Premium and an Azure Storage blob container, and uses a private endpoint for Front Door to send traffic to the storage account. |
| Front Door Premium with WAF and Microsoft-managed rule sets |
This template creates a Front Door Premium including a web application firewall with the Microsoft-managed default and bot protection rule sets. |
| Front Door Standard/Premium with geo-filtering |
This template creates a Front Door Standard/Premium including a web application firewall with a geo-filtering rule. |
| Front Door Standard/Premium with rate limit |
This template creates a Front Door Standard/Premium including a web application firewall with a rate limit rule. |
| Front Door with blob origins for blobs upload |
This template creates a Front Door with origins, routes and ruleSets, and an Azure Storage accounts with blob containers. Front Door sends traffic to the storage accounts when uploading files. |
| Front Door Standard/Premium with WAF and custom rule |
This template creates a Front Door Standard/Premium including a web application firewall with a custom rule. |
| Function App secured by Azure Frontdoor |
This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link. |
Terraform (AzAPI provider) resource definition
The profiles/securityPolicies resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Cdn/profiles/securityPolicies resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Cdn/profiles/securityPolicies@2023-07-01-preview"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
parameters = {
type = "string"
// For remaining properties, see SecurityPolicyPropertiesParameters objects
}
}
})
}
SecurityPolicyPropertiesParameters objects
Set the type property to specify the type of object.
For WebApplicationFirewall, use:
type = "WebApplicationFirewall"
associations = [
{
domains = [
{
id = "string"
}
]
patternsToMatch = [
"string"
]
}
]
wafPolicy = {
id = "string"
}
Property values
profiles/securityPolicies
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Cdn/profiles/securityPolicies@2023-07-01-preview" |
| name | The resource name | string (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: profiles |
| properties | The json object that contains properties required to create a security policy | SecurityPolicyProperties |
SecurityPolicyProperties
| Name | Description | Value |
|---|---|---|
| parameters | object which contains security policy parameters | SecurityPolicyPropertiesParameters |
SecurityPolicyPropertiesParameters
| Name | Description | Value |
|---|---|---|
| type | Set the object type | WebApplicationFirewall (required) |
SecurityPolicyWebApplicationFirewallParameters
| Name | Description | Value |
|---|---|---|
| type | The type of the Security policy to create. | "WebApplicationFirewall" (required) |
| associations | Waf associations | SecurityPolicyWebApplicationFirewallAssociation[] |
| wafPolicy | Resource ID. | ResourceReference |
SecurityPolicyWebApplicationFirewallAssociation
| Name | Description | Value |
|---|---|---|
| domains | List of domains. | ActivatedResourceReference[] |
| patternsToMatch | List of paths | string[] |
ActivatedResourceReference
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
ResourceReference
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |