Microsoft.Network frontDoors

Bicep resource definition

The frontDoors resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/frontDoors resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/frontDoors@2021-06-01' = {
  location: 'string'
  name: 'string'
  properties: {
    backendPools: [
      {
        id: 'string'
        name: 'string'
        properties: {
          backends: [
            {
              address: 'string'
              backendHostHeader: 'string'
              enabledState: 'string'
              httpPort: int
              httpsPort: int
              priority: int
              privateLinkAlias: 'string'
              privateLinkApprovalMessage: 'string'
              privateLinkLocation: 'string'
              privateLinkResourceId: 'string'
              weight: int
            }
          ]
          healthProbeSettings: {
            id: 'string'
          }
          loadBalancingSettings: {
            id: 'string'
          }
        }
      }
    ]
    backendPoolsSettings: {
      enforceCertificateNameCheck: 'string'
      sendRecvTimeoutSeconds: int
    }
    enabledState: 'string'
    friendlyName: 'string'
    frontendEndpoints: [
      {
        id: 'string'
        name: 'string'
        properties: {
          hostName: 'string'
          sessionAffinityEnabledState: 'string'
          sessionAffinityTtlSeconds: int
          webApplicationFirewallPolicyLink: {
            id: 'string'
          }
        }
      }
    ]
    healthProbeSettings: [
      {
        id: 'string'
        name: 'string'
        properties: {
          enabledState: 'string'
          healthProbeMethod: 'string'
          intervalInSeconds: int
          path: 'string'
          protocol: 'string'
        }
      }
    ]
    loadBalancingSettings: [
      {
        id: 'string'
        name: 'string'
        properties: {
          additionalLatencyMilliseconds: int
          sampleSize: int
          successfulSamplesRequired: int
        }
      }
    ]
    routingRules: [
      {
        id: 'string'
        name: 'string'
        properties: {
          acceptedProtocols: [
            'string'
          ]
          enabledState: 'string'
          frontendEndpoints: [
            {
              id: 'string'
            }
          ]
          patternsToMatch: [
            'string'
          ]
          routeConfiguration: {
            @odata.type: 'string'
            // For remaining properties, see RouteConfiguration objects
          }
          rulesEngine: {
            id: 'string'
          }
          webApplicationFirewallPolicyLink: {
            id: 'string'
          }
        }
      }
    ]
  }
  tags: {
    {customized property}: 'string'
  }
}

RouteConfiguration objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration, use:

{
  @odata.type: '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration'
  backendPool: {
    id: 'string'
  }
  cacheConfiguration: {
    cacheDuration: 'string'
    dynamicCompression: 'string'
    queryParameters: 'string'
    queryParameterStripDirective: 'string'
  }
  customForwardingPath: 'string'
  forwardingProtocol: 'string'
}

For #Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration, use:

{
  @odata.type: '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration'
  customFragment: 'string'
  customHost: 'string'
  customPath: 'string'
  customQueryString: 'string'
  redirectProtocol: 'string'
  redirectType: 'string'
}

Property values

Backend

Name Description Value
address Location of the backend (IP address or FQDN) string
backendHostHeader The value to use as the host header sent to the backend. If blank or unspecified, this defaults to the incoming host. string
enabledState Whether to enable use of this backend. Permitted values are 'Enabled' or 'Disabled' 'Disabled'
'Enabled'
httpPort The HTTP TCP port number. Must be between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65535
httpsPort The HTTPS TCP port number. Must be between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65535
priority Priority to use for load balancing. Higher priorities will not be used for load balancing if any lower priority backend is healthy. int

Constraints:
Min value = 1
Max value = 5
privateLinkAlias The Alias of the Private Link resource. Populating this optional field indicates that this backend is 'Private' string
privateLinkApprovalMessage A custom message to be included in the approval request to connect to the Private Link string
privateLinkLocation The location of the Private Link resource. Required only if 'privateLinkResourceId' is populated string
privateLinkResourceId The Resource Id of the Private Link resource. Populating this optional field indicates that this backend is 'Private' string
weight Weight of this endpoint for load balancing purposes. int

Constraints:
Min value = 1
Max value = 1000

BackendPool

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the Front Door Backend Pool BackendPoolProperties

BackendPoolProperties

Name Description Value
backends The set of backends for this pool Backend[]
healthProbeSettings L7 health probe settings for a backend pool SubResource
loadBalancingSettings Load balancing settings for a backend pool SubResource

BackendPoolsSettings

Name Description Value
enforceCertificateNameCheck Whether to enforce certificate name check on HTTPS requests to all backend pools. No effect on non-HTTPS requests. 'Disabled'
'Enabled'
sendRecvTimeoutSeconds Send and receive timeout on forwarding request to the backend. When timeout is reached, the request fails and returns. int

Constraints:
Min value = 16

CacheConfiguration

Name Description Value
cacheDuration The duration for which the content needs to be cached. Allowed format is in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations). HTTP requires the value to be no more than a year string
dynamicCompression Whether to use dynamic compression for cached content 'Disabled'
'Enabled'
queryParameters query parameters to include or exclude (comma separated). string
queryParameterStripDirective Treatment of URL query terms when forming the cache key. 'StripAll'
'StripAllExcept'
'StripNone'
'StripOnly'

ForwardingConfiguration

Name Description Value
@odata.type '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' (required)
backendPool A reference to the BackendPool which this rule routes to. SubResource
cacheConfiguration The caching configuration associated with this rule. CacheConfiguration
customForwardingPath A custom path used to rewrite resource paths matched by this rule. Leave empty to use incoming path. string
forwardingProtocol Protocol this rule will use when forwarding traffic to backends. 'HttpOnly'
'HttpsOnly'
'MatchRequest'

FrontDoorProperties

Name Description Value
backendPools Backend pools available to routing rules. BackendPool[]
backendPoolsSettings Settings for all backendPools BackendPoolsSettings
enabledState Operational status of the Front Door load balancer. Permitted values are 'Enabled' or 'Disabled' 'Disabled'
'Enabled'
friendlyName A friendly name for the frontDoor string
frontendEndpoints Frontend endpoints available to routing rules. FrontendEndpoint[]
healthProbeSettings Health probe settings associated with this Front Door instance. HealthProbeSettingsModel[]
loadBalancingSettings Load balancing settings associated with this Front Door instance. LoadBalancingSettingsModel[]
routingRules Routing rules associated with this Front Door. RoutingRule[]

FrontendEndpoint

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the Frontend endpoint FrontendEndpointProperties

FrontendEndpointProperties

Name Description Value
hostName The host name of the frontendEndpoint. Must be a domain name. string
sessionAffinityEnabledState Whether to allow session affinity on this host. Valid options are 'Enabled' or 'Disabled' 'Disabled'
'Enabled'
sessionAffinityTtlSeconds UNUSED. This field will be ignored. The TTL to use in seconds for session affinity, if applicable. int
webApplicationFirewallPolicyLink Defines the Web Application Firewall policy for each host (if applicable) FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink
Name Description Value
id Resource ID. string

HealthProbeSettingsModel

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the health probe settings HealthProbeSettingsProperties

HealthProbeSettingsProperties

Name Description Value
enabledState Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. 'Disabled'
'Enabled'
healthProbeMethod Configures which HTTP method to use to probe the backends defined under backendPools. 'GET'
'HEAD'
intervalInSeconds The number of seconds between health probes. int
path The path to use for the health probe. Default is / string
protocol Protocol scheme to use for this probe 'Http'
'Https'

LoadBalancingSettingsModel

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the load balancing settings LoadBalancingSettingsProperties

LoadBalancingSettingsProperties

Name Description Value
additionalLatencyMilliseconds The additional latency in milliseconds for probes to fall into the lowest latency bucket int
sampleSize The number of samples to consider for load balancing decisions int
successfulSamplesRequired The number of samples within the sample period that must succeed int

Microsoft.Network/frontDoors

Name Description Value
location Resource location. string
name The resource name string

Constraints:
Min length = 5
Max length = 5
Pattern = ^[a-zA-Z0-9]+([-a-zA-Z0-9]?[a-zA-Z0-9])*$ (required)
properties Properties of the Front Door Load Balancer FrontDoorProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

RedirectConfiguration

Name Description Value
@odata.type '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required)
customFragment Fragment to add to the redirect URL. Fragment is the part of the URL that comes after #. Do not include the #. string
customHost Host to redirect. Leave empty to use the incoming host as the destination host. string
customPath The full path to redirect. Path cannot be empty and must start with /. Leave empty to use the incoming path as destination path. string
customQueryString The set of query strings to be placed in the redirect URL. Setting this value would replace any existing query string; leave empty to preserve the incoming query string. Query string must be in <key>=<value> format. The first ? and & will be added automatically so do not include them in the front, but do separate multiple query strings with &. string
redirectProtocol The protocol of the destination to where the traffic is redirected 'HttpOnly'
'HttpsOnly'
'MatchRequest'
redirectType The redirect type the rule will use when redirecting traffic. 'Found'
'Moved'
'PermanentRedirect'
'TemporaryRedirect'

ResourceTags

Name Description Value

RouteConfiguration

Name Description Value
@odata.type Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' for type ForwardingConfiguration. Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' for type RedirectConfiguration. '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration'
'#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required)

RoutingRule

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the Front Door Routing Rule RoutingRuleProperties

RoutingRuleProperties

Name Description Value
acceptedProtocols Protocol schemes to match for this rule String array containing any of:
'Http'
'Https'
enabledState Whether to enable use of this rule. Permitted values are 'Enabled' or 'Disabled' 'Disabled'
'Enabled'
frontendEndpoints Frontend endpoints associated with this rule SubResource[]
patternsToMatch The route patterns of the rule. string[]
routeConfiguration A reference to the routing configuration. RouteConfiguration
rulesEngine A reference to a specific Rules Engine Configuration to apply to this route. SubResource
webApplicationFirewallPolicyLink Defines the Web Application Firewall policy for each routing rule (if applicable) RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink
Name Description Value
id Resource ID. string

SubResource

Name Description Value
id Resource ID. string

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Add custom domain and custom certificate with Front Door This template onboards and secures a custom domain with Front Door with a customer-managed certificate
Add custom domain and managed certificate with Front Door This template onboards and secures a custom domain with Front Door
Control Health Probes for your backends on Front Door This template updates your Front Door to change the health probe settings by setting the probe path and also the intervals in which the probes will be sent.
Create a basic Front Door This template creates a basic Front Door configuration with a single backend.
Create a Front Door with HTTP to HTTPS redirection This template creates a Front Door configuration for HTTP to HTTPS redirection.

ARM template resource definition

The frontDoors resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/frontDoors resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/frontDoors",
  "apiVersion": "2021-06-01",
  "name": "string",
  "location": "string",
  "properties": {
    "backendPools": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "backends": [
            {
              "address": "string",
              "backendHostHeader": "string",
              "enabledState": "string",
              "httpPort": "int",
              "httpsPort": "int",
              "priority": "int",
              "privateLinkAlias": "string",
              "privateLinkApprovalMessage": "string",
              "privateLinkLocation": "string",
              "privateLinkResourceId": "string",
              "weight": "int"
            }
          ],
          "healthProbeSettings": {
            "id": "string"
          },
          "loadBalancingSettings": {
            "id": "string"
          }
        }
      }
    ],
    "backendPoolsSettings": {
      "enforceCertificateNameCheck": "string",
      "sendRecvTimeoutSeconds": "int"
    },
    "enabledState": "string",
    "friendlyName": "string",
    "frontendEndpoints": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "hostName": "string",
          "sessionAffinityEnabledState": "string",
          "sessionAffinityTtlSeconds": "int",
          "webApplicationFirewallPolicyLink": {
            "id": "string"
          }
        }
      }
    ],
    "healthProbeSettings": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "enabledState": "string",
          "healthProbeMethod": "string",
          "intervalInSeconds": "int",
          "path": "string",
          "protocol": "string"
        }
      }
    ],
    "loadBalancingSettings": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "additionalLatencyMilliseconds": "int",
          "sampleSize": "int",
          "successfulSamplesRequired": "int"
        }
      }
    ],
    "routingRules": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "acceptedProtocols": [ "string" ],
          "enabledState": "string",
          "frontendEndpoints": [
            {
              "id": "string"
            }
          ],
          "patternsToMatch": [ "string" ],
          "routeConfiguration": {
            "@odata.type": "string"
            // For remaining properties, see RouteConfiguration objects
          },
          "rulesEngine": {
            "id": "string"
          },
          "webApplicationFirewallPolicyLink": {
            "id": "string"
          }
        }
      }
    ]
  },
  "tags": {
    "{customized property}": "string"
  }
}

RouteConfiguration objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration, use:

{
  "@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration",
  "backendPool": {
    "id": "string"
  },
  "cacheConfiguration": {
    "cacheDuration": "string",
    "dynamicCompression": "string",
    "queryParameters": "string",
    "queryParameterStripDirective": "string"
  },
  "customForwardingPath": "string",
  "forwardingProtocol": "string"
}

For #Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration, use:

{
  "@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration",
  "customFragment": "string",
  "customHost": "string",
  "customPath": "string",
  "customQueryString": "string",
  "redirectProtocol": "string",
  "redirectType": "string"
}

Property values

Backend

Name Description Value
address Location of the backend (IP address or FQDN) string
backendHostHeader The value to use as the host header sent to the backend. If blank or unspecified, this defaults to the incoming host. string
enabledState Whether to enable use of this backend. Permitted values are 'Enabled' or 'Disabled' 'Disabled'
'Enabled'
httpPort The HTTP TCP port number. Must be between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65535
httpsPort The HTTPS TCP port number. Must be between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65535
priority Priority to use for load balancing. Higher priorities will not be used for load balancing if any lower priority backend is healthy. int

Constraints:
Min value = 1
Max value = 5
privateLinkAlias The Alias of the Private Link resource. Populating this optional field indicates that this backend is 'Private' string
privateLinkApprovalMessage A custom message to be included in the approval request to connect to the Private Link string
privateLinkLocation The location of the Private Link resource. Required only if 'privateLinkResourceId' is populated string
privateLinkResourceId The Resource Id of the Private Link resource. Populating this optional field indicates that this backend is 'Private' string
weight Weight of this endpoint for load balancing purposes. int

Constraints:
Min value = 1
Max value = 1000

BackendPool

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the Front Door Backend Pool BackendPoolProperties

BackendPoolProperties

Name Description Value
backends The set of backends for this pool Backend[]
healthProbeSettings L7 health probe settings for a backend pool SubResource
loadBalancingSettings Load balancing settings for a backend pool SubResource

BackendPoolsSettings

Name Description Value
enforceCertificateNameCheck Whether to enforce certificate name check on HTTPS requests to all backend pools. No effect on non-HTTPS requests. 'Disabled'
'Enabled'
sendRecvTimeoutSeconds Send and receive timeout on forwarding request to the backend. When timeout is reached, the request fails and returns. int

Constraints:
Min value = 16

CacheConfiguration

Name Description Value
cacheDuration The duration for which the content needs to be cached. Allowed format is in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations). HTTP requires the value to be no more than a year string
dynamicCompression Whether to use dynamic compression for cached content 'Disabled'
'Enabled'
queryParameters query parameters to include or exclude (comma separated). string
queryParameterStripDirective Treatment of URL query terms when forming the cache key. 'StripAll'
'StripAllExcept'
'StripNone'
'StripOnly'

ForwardingConfiguration

Name Description Value
@odata.type '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' (required)
backendPool A reference to the BackendPool which this rule routes to. SubResource
cacheConfiguration The caching configuration associated with this rule. CacheConfiguration
customForwardingPath A custom path used to rewrite resource paths matched by this rule. Leave empty to use incoming path. string
forwardingProtocol Protocol this rule will use when forwarding traffic to backends. 'HttpOnly'
'HttpsOnly'
'MatchRequest'

FrontDoorProperties

Name Description Value
backendPools Backend pools available to routing rules. BackendPool[]
backendPoolsSettings Settings for all backendPools BackendPoolsSettings
enabledState Operational status of the Front Door load balancer. Permitted values are 'Enabled' or 'Disabled' 'Disabled'
'Enabled'
friendlyName A friendly name for the frontDoor string
frontendEndpoints Frontend endpoints available to routing rules. FrontendEndpoint[]
healthProbeSettings Health probe settings associated with this Front Door instance. HealthProbeSettingsModel[]
loadBalancingSettings Load balancing settings associated with this Front Door instance. LoadBalancingSettingsModel[]
routingRules Routing rules associated with this Front Door. RoutingRule[]

FrontendEndpoint

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the Frontend endpoint FrontendEndpointProperties

FrontendEndpointProperties

Name Description Value
hostName The host name of the frontendEndpoint. Must be a domain name. string
sessionAffinityEnabledState Whether to allow session affinity on this host. Valid options are 'Enabled' or 'Disabled' 'Disabled'
'Enabled'
sessionAffinityTtlSeconds UNUSED. This field will be ignored. The TTL to use in seconds for session affinity, if applicable. int
webApplicationFirewallPolicyLink Defines the Web Application Firewall policy for each host (if applicable) FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink
Name Description Value
id Resource ID. string

HealthProbeSettingsModel

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the health probe settings HealthProbeSettingsProperties

HealthProbeSettingsProperties

Name Description Value
enabledState Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. 'Disabled'
'Enabled'
healthProbeMethod Configures which HTTP method to use to probe the backends defined under backendPools. 'GET'
'HEAD'
intervalInSeconds The number of seconds between health probes. int
path The path to use for the health probe. Default is / string
protocol Protocol scheme to use for this probe 'Http'
'Https'

LoadBalancingSettingsModel

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the load balancing settings LoadBalancingSettingsProperties

LoadBalancingSettingsProperties

Name Description Value
additionalLatencyMilliseconds The additional latency in milliseconds for probes to fall into the lowest latency bucket int
sampleSize The number of samples to consider for load balancing decisions int
successfulSamplesRequired The number of samples within the sample period that must succeed int

Microsoft.Network/frontDoors

Name Description Value
apiVersion The api version '2021-06-01'
location Resource location. string
name The resource name string

Constraints:
Min length = 5
Max length = 5
Pattern = ^[a-zA-Z0-9]+([-a-zA-Z0-9]?[a-zA-Z0-9])*$ (required)
properties Properties of the Front Door Load Balancer FrontDoorProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Network/frontDoors'

RedirectConfiguration

Name Description Value
@odata.type '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required)
customFragment Fragment to add to the redirect URL. Fragment is the part of the URL that comes after #. Do not include the #. string
customHost Host to redirect. Leave empty to use the incoming host as the destination host. string
customPath The full path to redirect. Path cannot be empty and must start with /. Leave empty to use the incoming path as destination path. string
customQueryString The set of query strings to be placed in the redirect URL. Setting this value would replace any existing query string; leave empty to preserve the incoming query string. Query string must be in <key>=<value> format. The first ? and & will be added automatically so do not include them in the front, but do separate multiple query strings with &. string
redirectProtocol The protocol of the destination to where the traffic is redirected 'HttpOnly'
'HttpsOnly'
'MatchRequest'
redirectType The redirect type the rule will use when redirecting traffic. 'Found'
'Moved'
'PermanentRedirect'
'TemporaryRedirect'

ResourceTags

Name Description Value

RouteConfiguration

Name Description Value
@odata.type Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' for type ForwardingConfiguration. Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' for type RedirectConfiguration. '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration'
'#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required)

RoutingRule

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the Front Door Routing Rule RoutingRuleProperties

RoutingRuleProperties

Name Description Value
acceptedProtocols Protocol schemes to match for this rule String array containing any of:
'Http'
'Https'
enabledState Whether to enable use of this rule. Permitted values are 'Enabled' or 'Disabled' 'Disabled'
'Enabled'
frontendEndpoints Frontend endpoints associated with this rule SubResource[]
patternsToMatch The route patterns of the rule. string[]
routeConfiguration A reference to the routing configuration. RouteConfiguration
rulesEngine A reference to a specific Rules Engine Configuration to apply to this route. SubResource
webApplicationFirewallPolicyLink Defines the Web Application Firewall policy for each routing rule (if applicable) RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink
Name Description Value
id Resource ID. string

SubResource

Name Description Value
id Resource ID. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Add custom domain and custom certificate with Front Door

Deploy to Azure
This template onboards and secures a custom domain with Front Door with a customer-managed certificate
Add custom domain and managed certificate with Front Door

Deploy to Azure
This template onboards and secures a custom domain with Front Door
Configure Session Affinity for your Front Door host names

Deploy to Azure
This template updates a Front Door to enable session affinity for your frontend host, thereby, sending subsequent traffic from the same user session to the same backend.
Control Health Probes for your backends on Front Door

Deploy to Azure
This template updates your Front Door to change the health probe settings by setting the probe path and also the intervals in which the probes will be sent.
Create a basic Front Door

Deploy to Azure
This template creates a basic Front Door configuration with a single backend.
Create a Front Door with HTTP to HTTPS redirection

Deploy to Azure
This template creates a Front Door configuration for HTTP to HTTPS redirection.
Create a Front Door with multiple backends and backend pools

Deploy to Azure
This template creates a Front Door with load balancing configured for multiple backends in a backend pool and also across backend pools based on URL path.
Create Azure Front Door in front of Azure API Management

Deploy to Azure
This sample demonstrates how to use Azure Front Door as a global load balancer in front of Azure API Management.
Create Front Door with Active-Standby config

Deploy to Azure
This template creates a Front Door that demonstrates priority-based routing for Active-Standby application topology.
Create Front Door with caching enabled for certain routes

Deploy to Azure
This template creates a Front Door with caching enabled for the defined routing configuration thus caching any static assets for your workload.

Terraform (AzAPI provider) resource definition

The frontDoors resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/frontDoors resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/frontDoors@2021-06-01"
  name = "string"
  location = "string"
  body = jsonencode({
    properties = {
      backendPools = [
        {
          id = "string"
          name = "string"
          properties = {
            backends = [
              {
                address = "string"
                backendHostHeader = "string"
                enabledState = "string"
                httpPort = int
                httpsPort = int
                priority = int
                privateLinkAlias = "string"
                privateLinkApprovalMessage = "string"
                privateLinkLocation = "string"
                privateLinkResourceId = "string"
                weight = int
              }
            ]
            healthProbeSettings = {
              id = "string"
            }
            loadBalancingSettings = {
              id = "string"
            }
          }
        }
      ]
      backendPoolsSettings = {
        enforceCertificateNameCheck = "string"
        sendRecvTimeoutSeconds = int
      }
      enabledState = "string"
      friendlyName = "string"
      frontendEndpoints = [
        {
          id = "string"
          name = "string"
          properties = {
            hostName = "string"
            sessionAffinityEnabledState = "string"
            sessionAffinityTtlSeconds = int
            webApplicationFirewallPolicyLink = {
              id = "string"
            }
          }
        }
      ]
      healthProbeSettings = [
        {
          id = "string"
          name = "string"
          properties = {
            enabledState = "string"
            healthProbeMethod = "string"
            intervalInSeconds = int
            path = "string"
            protocol = "string"
          }
        }
      ]
      loadBalancingSettings = [
        {
          id = "string"
          name = "string"
          properties = {
            additionalLatencyMilliseconds = int
            sampleSize = int
            successfulSamplesRequired = int
          }
        }
      ]
      routingRules = [
        {
          id = "string"
          name = "string"
          properties = {
            acceptedProtocols = [
              "string"
            ]
            enabledState = "string"
            frontendEndpoints = [
              {
                id = "string"
              }
            ]
            patternsToMatch = [
              "string"
            ]
            routeConfiguration = {
              @odata.type = "string"
              // For remaining properties, see RouteConfiguration objects
            }
            rulesEngine = {
              id = "string"
            }
            webApplicationFirewallPolicyLink = {
              id = "string"
            }
          }
        }
      ]
    }
  })
  tags = {
    {customized property} = "string"
  }
}

RouteConfiguration objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration, use:

{
  @odata.type = "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration"
  backendPool = {
    id = "string"
  }
  cacheConfiguration = {
    cacheDuration = "string"
    dynamicCompression = "string"
    queryParameters = "string"
    queryParameterStripDirective = "string"
  }
  customForwardingPath = "string"
  forwardingProtocol = "string"
}

For #Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration, use:

{
  @odata.type = "#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration"
  customFragment = "string"
  customHost = "string"
  customPath = "string"
  customQueryString = "string"
  redirectProtocol = "string"
  redirectType = "string"
}

Property values

Backend

Name Description Value
address Location of the backend (IP address or FQDN) string
backendHostHeader The value to use as the host header sent to the backend. If blank or unspecified, this defaults to the incoming host. string
enabledState Whether to enable use of this backend. Permitted values are 'Enabled' or 'Disabled' 'Disabled'
'Enabled'
httpPort The HTTP TCP port number. Must be between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65535
httpsPort The HTTPS TCP port number. Must be between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65535
priority Priority to use for load balancing. Higher priorities will not be used for load balancing if any lower priority backend is healthy. int

Constraints:
Min value = 1
Max value = 5
privateLinkAlias The Alias of the Private Link resource. Populating this optional field indicates that this backend is 'Private' string
privateLinkApprovalMessage A custom message to be included in the approval request to connect to the Private Link string
privateLinkLocation The location of the Private Link resource. Required only if 'privateLinkResourceId' is populated string
privateLinkResourceId The Resource Id of the Private Link resource. Populating this optional field indicates that this backend is 'Private' string
weight Weight of this endpoint for load balancing purposes. int

Constraints:
Min value = 1
Max value = 1000

BackendPool

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the Front Door Backend Pool BackendPoolProperties

BackendPoolProperties

Name Description Value
backends The set of backends for this pool Backend[]
healthProbeSettings L7 health probe settings for a backend pool SubResource
loadBalancingSettings Load balancing settings for a backend pool SubResource

BackendPoolsSettings

Name Description Value
enforceCertificateNameCheck Whether to enforce certificate name check on HTTPS requests to all backend pools. No effect on non-HTTPS requests. 'Disabled'
'Enabled'
sendRecvTimeoutSeconds Send and receive timeout on forwarding request to the backend. When timeout is reached, the request fails and returns. int

Constraints:
Min value = 16

CacheConfiguration

Name Description Value
cacheDuration The duration for which the content needs to be cached. Allowed format is in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations). HTTP requires the value to be no more than a year string
dynamicCompression Whether to use dynamic compression for cached content 'Disabled'
'Enabled'
queryParameters query parameters to include or exclude (comma separated). string
queryParameterStripDirective Treatment of URL query terms when forming the cache key. 'StripAll'
'StripAllExcept'
'StripNone'
'StripOnly'

ForwardingConfiguration

Name Description Value
@odata.type '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' (required)
backendPool A reference to the BackendPool which this rule routes to. SubResource
cacheConfiguration The caching configuration associated with this rule. CacheConfiguration
customForwardingPath A custom path used to rewrite resource paths matched by this rule. Leave empty to use incoming path. string
forwardingProtocol Protocol this rule will use when forwarding traffic to backends. 'HttpOnly'
'HttpsOnly'
'MatchRequest'

FrontDoorProperties

Name Description Value
backendPools Backend pools available to routing rules. BackendPool[]
backendPoolsSettings Settings for all backendPools BackendPoolsSettings
enabledState Operational status of the Front Door load balancer. Permitted values are 'Enabled' or 'Disabled' 'Disabled'
'Enabled'
friendlyName A friendly name for the frontDoor string
frontendEndpoints Frontend endpoints available to routing rules. FrontendEndpoint[]
healthProbeSettings Health probe settings associated with this Front Door instance. HealthProbeSettingsModel[]
loadBalancingSettings Load balancing settings associated with this Front Door instance. LoadBalancingSettingsModel[]
routingRules Routing rules associated with this Front Door. RoutingRule[]

FrontendEndpoint

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the Frontend endpoint FrontendEndpointProperties

FrontendEndpointProperties

Name Description Value
hostName The host name of the frontendEndpoint. Must be a domain name. string
sessionAffinityEnabledState Whether to allow session affinity on this host. Valid options are 'Enabled' or 'Disabled' 'Disabled'
'Enabled'
sessionAffinityTtlSeconds UNUSED. This field will be ignored. The TTL to use in seconds for session affinity, if applicable. int
webApplicationFirewallPolicyLink Defines the Web Application Firewall policy for each host (if applicable) FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink
Name Description Value
id Resource ID. string

HealthProbeSettingsModel

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the health probe settings HealthProbeSettingsProperties

HealthProbeSettingsProperties

Name Description Value
enabledState Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. 'Disabled'
'Enabled'
healthProbeMethod Configures which HTTP method to use to probe the backends defined under backendPools. 'GET'
'HEAD'
intervalInSeconds The number of seconds between health probes. int
path The path to use for the health probe. Default is / string
protocol Protocol scheme to use for this probe 'Http'
'Https'

LoadBalancingSettingsModel

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the load balancing settings LoadBalancingSettingsProperties

LoadBalancingSettingsProperties

Name Description Value
additionalLatencyMilliseconds The additional latency in milliseconds for probes to fall into the lowest latency bucket int
sampleSize The number of samples to consider for load balancing decisions int
successfulSamplesRequired The number of samples within the sample period that must succeed int

Microsoft.Network/frontDoors

Name Description Value
location Resource location. string
name The resource name string

Constraints:
Min length = 5
Max length = 5
Pattern = ^[a-zA-Z0-9]+([-a-zA-Z0-9]?[a-zA-Z0-9])*$ (required)
properties Properties of the Front Door Load Balancer FrontDoorProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Network/frontDoors@2021-06-01"

RedirectConfiguration

Name Description Value
@odata.type '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required)
customFragment Fragment to add to the redirect URL. Fragment is the part of the URL that comes after #. Do not include the #. string
customHost Host to redirect. Leave empty to use the incoming host as the destination host. string
customPath The full path to redirect. Path cannot be empty and must start with /. Leave empty to use the incoming path as destination path. string
customQueryString The set of query strings to be placed in the redirect URL. Setting this value would replace any existing query string; leave empty to preserve the incoming query string. Query string must be in <key>=<value> format. The first ? and & will be added automatically so do not include them in the front, but do separate multiple query strings with &. string
redirectProtocol The protocol of the destination to where the traffic is redirected 'HttpOnly'
'HttpsOnly'
'MatchRequest'
redirectType The redirect type the rule will use when redirecting traffic. 'Found'
'Moved'
'PermanentRedirect'
'TemporaryRedirect'

ResourceTags

Name Description Value

RouteConfiguration

Name Description Value
@odata.type Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' for type ForwardingConfiguration. Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' for type RedirectConfiguration. '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration'
'#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required)

RoutingRule

Name Description Value
id Resource ID. string
name Resource name. string
properties Properties of the Front Door Routing Rule RoutingRuleProperties

RoutingRuleProperties

Name Description Value
acceptedProtocols Protocol schemes to match for this rule String array containing any of:
'Http'
'Https'
enabledState Whether to enable use of this rule. Permitted values are 'Enabled' or 'Disabled' 'Disabled'
'Enabled'
frontendEndpoints Frontend endpoints associated with this rule SubResource[]
patternsToMatch The route patterns of the rule. string[]
routeConfiguration A reference to the routing configuration. RouteConfiguration
rulesEngine A reference to a specific Rules Engine Configuration to apply to this route. SubResource
webApplicationFirewallPolicyLink Defines the Web Application Firewall policy for each routing rule (if applicable) RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink
Name Description Value
id Resource ID. string

SubResource

Name Description Value
id Resource ID. string