Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The frontDoors resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/frontDoors resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/frontDoors@2021-06-01' = {
location: 'string'
name: 'string'
properties: {
backendPools: [
{
id: 'string'
name: 'string'
properties: {
backends: [
{
address: 'string'
backendHostHeader: 'string'
enabledState: 'string'
httpPort: int
httpsPort: int
priority: int
privateLinkAlias: 'string'
privateLinkApprovalMessage: 'string'
privateLinkLocation: 'string'
privateLinkResourceId: 'string'
weight: int
}
]
healthProbeSettings: {
id: 'string'
}
loadBalancingSettings: {
id: 'string'
}
}
}
]
backendPoolsSettings: {
enforceCertificateNameCheck: 'string'
sendRecvTimeoutSeconds: int
}
enabledState: 'string'
friendlyName: 'string'
frontendEndpoints: [
{
id: 'string'
name: 'string'
properties: {
hostName: 'string'
sessionAffinityEnabledState: 'string'
sessionAffinityTtlSeconds: int
webApplicationFirewallPolicyLink: {
id: 'string'
}
}
}
]
healthProbeSettings: [
{
id: 'string'
name: 'string'
properties: {
enabledState: 'string'
healthProbeMethod: 'string'
intervalInSeconds: int
path: 'string'
protocol: 'string'
}
}
]
loadBalancingSettings: [
{
id: 'string'
name: 'string'
properties: {
additionalLatencyMilliseconds: int
sampleSize: int
successfulSamplesRequired: int
}
}
]
routingRules: [
{
id: 'string'
name: 'string'
properties: {
acceptedProtocols: [
'string'
]
enabledState: 'string'
frontendEndpoints: [
{
id: 'string'
}
]
patternsToMatch: [
'string'
]
routeConfiguration: {
@odata.type: 'string'
// For remaining properties, see RouteConfiguration objects
}
rulesEngine: {
id: 'string'
}
webApplicationFirewallPolicyLink: {
id: 'string'
}
}
}
]
}
tags: {
{customized property}: 'string'
}
}
RouteConfiguration objects
Set the @odata.type property to specify the type of object.
For #Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration, use:
{
@odata.type: '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration'
backendPool: {
id: 'string'
}
cacheConfiguration: {
cacheDuration: 'string'
dynamicCompression: 'string'
queryParameters: 'string'
queryParameterStripDirective: 'string'
}
customForwardingPath: 'string'
forwardingProtocol: 'string'
}
For #Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration, use:
{
@odata.type: '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration'
customFragment: 'string'
customHost: 'string'
customPath: 'string'
customQueryString: 'string'
redirectProtocol: 'string'
redirectType: 'string'
}
Property Values
Backend
| Name | Description | Value |
|---|---|---|
| address | Location of the backend (IP address or FQDN) | string |
| backendHostHeader | The value to use as the host header sent to the backend. If blank or unspecified, this defaults to the incoming host. | string |
| enabledState | Whether to enable use of this backend. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
| httpPort | The HTTP TCP port number. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
| httpsPort | The HTTPS TCP port number. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
| priority | Priority to use for load balancing. Higher priorities will not be used for load balancing if any lower priority backend is healthy. | int Constraints: Min value = 1 Max value = 5 |
| privateLinkAlias | The Alias of the Private Link resource. Populating this optional field indicates that this backend is 'Private' | string |
| privateLinkApprovalMessage | A custom message to be included in the approval request to connect to the Private Link | string |
| privateLinkLocation | The location of the Private Link resource. Required only if 'privateLinkResourceId' is populated | string |
| privateLinkResourceId | The Resource Id of the Private Link resource. Populating this optional field indicates that this backend is 'Private' | string |
| weight | Weight of this endpoint for load balancing purposes. | int Constraints: Min value = 1 Max value = 1000 |
BackendPool
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the Front Door Backend Pool | BackendPoolProperties |
BackendPoolProperties
| Name | Description | Value |
|---|---|---|
| backends | The set of backends for this pool | Backend[] |
| healthProbeSettings | L7 health probe settings for a backend pool | SubResource |
| loadBalancingSettings | Load balancing settings for a backend pool | SubResource |
BackendPoolsSettings
| Name | Description | Value |
|---|---|---|
| enforceCertificateNameCheck | Whether to enforce certificate name check on HTTPS requests to all backend pools. No effect on non-HTTPS requests. | 'Disabled' 'Enabled' |
| sendRecvTimeoutSeconds | Send and receive timeout on forwarding request to the backend. When timeout is reached, the request fails and returns. | int Constraints: Min value = 16 |
CacheConfiguration
| Name | Description | Value |
|---|---|---|
| cacheDuration | The duration for which the content needs to be cached. Allowed format is in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations). HTTP requires the value to be no more than a year | string |
| dynamicCompression | Whether to use dynamic compression for cached content | 'Disabled' 'Enabled' |
| queryParameters | query parameters to include or exclude (comma separated). | string |
| queryParameterStripDirective | Treatment of URL query terms when forming the cache key. | 'StripAll' 'StripAllExcept' 'StripNone' 'StripOnly' |
ForwardingConfiguration
| Name | Description | Value |
|---|---|---|
| @odata.type | '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' (required) | |
| backendPool | A reference to the BackendPool which this rule routes to. | SubResource |
| cacheConfiguration | The caching configuration associated with this rule. | CacheConfiguration |
| customForwardingPath | A custom path used to rewrite resource paths matched by this rule. Leave empty to use incoming path. | string |
| forwardingProtocol | Protocol this rule will use when forwarding traffic to backends. | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
FrontDoorProperties
| Name | Description | Value |
|---|---|---|
| backendPools | Backend pools available to routing rules. | BackendPool[] |
| backendPoolsSettings | Settings for all backendPools | BackendPoolsSettings |
| enabledState | Operational status of the Front Door load balancer. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
| friendlyName | A friendly name for the frontDoor | string |
| frontendEndpoints | Frontend endpoints available to routing rules. | FrontendEndpoint[] |
| healthProbeSettings | Health probe settings associated with this Front Door instance. | HealthProbeSettingsModel[] |
| loadBalancingSettings | Load balancing settings associated with this Front Door instance. | LoadBalancingSettingsModel[] |
| routingRules | Routing rules associated with this Front Door. | RoutingRule[] |
FrontendEndpoint
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the Frontend endpoint | FrontendEndpointProperties |
FrontendEndpointProperties
| Name | Description | Value |
|---|---|---|
| hostName | The host name of the frontendEndpoint. Must be a domain name. | string |
| sessionAffinityEnabledState | Whether to allow session affinity on this host. Valid options are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
| sessionAffinityTtlSeconds | UNUSED. This field will be ignored. The TTL to use in seconds for session affinity, if applicable. | int |
| webApplicationFirewallPolicyLink | Defines the Web Application Firewall policy for each host (if applicable) | FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink |
FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
HealthProbeSettingsModel
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the health probe settings | HealthProbeSettingsProperties |
HealthProbeSettingsProperties
| Name | Description | Value |
|---|---|---|
| enabledState | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | 'Disabled' 'Enabled' |
| healthProbeMethod | Configures which HTTP method to use to probe the backends defined under backendPools. | 'GET' 'HEAD' |
| intervalInSeconds | The number of seconds between health probes. | int |
| path | The path to use for the health probe. Default is / | string |
| protocol | Protocol scheme to use for this probe | 'Http' 'Https' |
LoadBalancingSettingsModel
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the load balancing settings | LoadBalancingSettingsProperties |
LoadBalancingSettingsProperties
| Name | Description | Value |
|---|---|---|
| additionalLatencyMilliseconds | The additional latency in milliseconds for probes to fall into the lowest latency bucket | int |
| sampleSize | The number of samples to consider for load balancing decisions | int |
| successfulSamplesRequired | The number of samples within the sample period that must succeed | int |
Microsoft.Network/frontDoors
| Name | Description | Value |
|---|---|---|
| location | Resource location. | string |
| name | The resource name | string Constraints: Min length = 5 Max length = 64 Pattern = ^[a-zA-Z0-9]+([-a-zA-Z0-9]?[a-zA-Z0-9])*$ (required) |
| properties | Properties of the Front Door Load Balancer | FrontDoorProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
RedirectConfiguration
| Name | Description | Value |
|---|---|---|
| @odata.type | '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required) | |
| customFragment | Fragment to add to the redirect URL. Fragment is the part of the URL that comes after #. Do not include the #. | string |
| customHost | Host to redirect. Leave empty to use the incoming host as the destination host. | string |
| customPath | The full path to redirect. Path cannot be empty and must start with /. Leave empty to use the incoming path as destination path. | string |
| customQueryString | The set of query strings to be placed in the redirect URL. Setting this value would replace any existing query string; leave empty to preserve the incoming query string. Query string must be in <key>=<value> format. The first ? and & will be added automatically so do not include them in the front, but do separate multiple query strings with &. | string |
| redirectProtocol | The protocol of the destination to where the traffic is redirected | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
| redirectType | The redirect type the rule will use when redirecting traffic. | 'Found' 'Moved' 'PermanentRedirect' 'TemporaryRedirect' |
ResourceTags
| Name | Description | Value |
|---|
RouteConfiguration
| Name | Description | Value |
|---|---|---|
| @odata.type | Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' for type ForwardingConfiguration. Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' for type RedirectConfiguration. | '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required) |
RoutingRule
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the Front Door Routing Rule | RoutingRuleProperties |
RoutingRuleProperties
| Name | Description | Value |
|---|---|---|
| acceptedProtocols | Protocol schemes to match for this rule | String array containing any of: 'Http' 'Https' |
| enabledState | Whether to enable use of this rule. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
| frontendEndpoints | Frontend endpoints associated with this rule | SubResource[] |
| patternsToMatch | The route patterns of the rule. | string[] |
| routeConfiguration | A reference to the routing configuration. | RouteConfiguration |
| rulesEngine | A reference to a specific Rules Engine Configuration to apply to this route. | SubResource |
| webApplicationFirewallPolicyLink | Defines the Web Application Firewall policy for each routing rule (if applicable) | RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink |
RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description |
|---|---|
| Azure Front Door | AVM Resource Module for Azure Front Door |
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description |
|---|---|
| Add custom domain and custom certificate with Front Door | This template onboards and secures a custom domain with Front Door with a customer-managed certificate |
| Add custom domain and managed certificate with Front Door | This template onboards and secures a custom domain with Front Door |
| Control Health Probes for your backends on Front Door | This template updates your Front Door to change the health probe settings by setting the probe path and also the intervals in which the probes will be sent. |
| Create a basic Front Door | This template creates a basic Front Door configuration with a single backend. |
| Create a Front Door with HTTP to HTTPS redirection | This template creates a Front Door configuration for HTTP to HTTPS redirection. |
ARM template resource definition
The frontDoors resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/frontDoors resource, add the following JSON to your template.
{
"type": "Microsoft.Network/frontDoors",
"apiVersion": "2021-06-01",
"name": "string",
"location": "string",
"properties": {
"backendPools": [
{
"id": "string",
"name": "string",
"properties": {
"backends": [
{
"address": "string",
"backendHostHeader": "string",
"enabledState": "string",
"httpPort": "int",
"httpsPort": "int",
"priority": "int",
"privateLinkAlias": "string",
"privateLinkApprovalMessage": "string",
"privateLinkLocation": "string",
"privateLinkResourceId": "string",
"weight": "int"
}
],
"healthProbeSettings": {
"id": "string"
},
"loadBalancingSettings": {
"id": "string"
}
}
}
],
"backendPoolsSettings": {
"enforceCertificateNameCheck": "string",
"sendRecvTimeoutSeconds": "int"
},
"enabledState": "string",
"friendlyName": "string",
"frontendEndpoints": [
{
"id": "string",
"name": "string",
"properties": {
"hostName": "string",
"sessionAffinityEnabledState": "string",
"sessionAffinityTtlSeconds": "int",
"webApplicationFirewallPolicyLink": {
"id": "string"
}
}
}
],
"healthProbeSettings": [
{
"id": "string",
"name": "string",
"properties": {
"enabledState": "string",
"healthProbeMethod": "string",
"intervalInSeconds": "int",
"path": "string",
"protocol": "string"
}
}
],
"loadBalancingSettings": [
{
"id": "string",
"name": "string",
"properties": {
"additionalLatencyMilliseconds": "int",
"sampleSize": "int",
"successfulSamplesRequired": "int"
}
}
],
"routingRules": [
{
"id": "string",
"name": "string",
"properties": {
"acceptedProtocols": [ "string" ],
"enabledState": "string",
"frontendEndpoints": [
{
"id": "string"
}
],
"patternsToMatch": [ "string" ],
"routeConfiguration": {
"@odata.type": "string"
// For remaining properties, see RouteConfiguration objects
},
"rulesEngine": {
"id": "string"
},
"webApplicationFirewallPolicyLink": {
"id": "string"
}
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
RouteConfiguration objects
Set the @odata.type property to specify the type of object.
For #Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration, use:
{
"@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration",
"backendPool": {
"id": "string"
},
"cacheConfiguration": {
"cacheDuration": "string",
"dynamicCompression": "string",
"queryParameters": "string",
"queryParameterStripDirective": "string"
},
"customForwardingPath": "string",
"forwardingProtocol": "string"
}
For #Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration, use:
{
"@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration",
"customFragment": "string",
"customHost": "string",
"customPath": "string",
"customQueryString": "string",
"redirectProtocol": "string",
"redirectType": "string"
}
Property Values
Backend
| Name | Description | Value |
|---|---|---|
| address | Location of the backend (IP address or FQDN) | string |
| backendHostHeader | The value to use as the host header sent to the backend. If blank or unspecified, this defaults to the incoming host. | string |
| enabledState | Whether to enable use of this backend. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
| httpPort | The HTTP TCP port number. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
| httpsPort | The HTTPS TCP port number. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
| priority | Priority to use for load balancing. Higher priorities will not be used for load balancing if any lower priority backend is healthy. | int Constraints: Min value = 1 Max value = 5 |
| privateLinkAlias | The Alias of the Private Link resource. Populating this optional field indicates that this backend is 'Private' | string |
| privateLinkApprovalMessage | A custom message to be included in the approval request to connect to the Private Link | string |
| privateLinkLocation | The location of the Private Link resource. Required only if 'privateLinkResourceId' is populated | string |
| privateLinkResourceId | The Resource Id of the Private Link resource. Populating this optional field indicates that this backend is 'Private' | string |
| weight | Weight of this endpoint for load balancing purposes. | int Constraints: Min value = 1 Max value = 1000 |
BackendPool
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the Front Door Backend Pool | BackendPoolProperties |
BackendPoolProperties
| Name | Description | Value |
|---|---|---|
| backends | The set of backends for this pool | Backend[] |
| healthProbeSettings | L7 health probe settings for a backend pool | SubResource |
| loadBalancingSettings | Load balancing settings for a backend pool | SubResource |
BackendPoolsSettings
| Name | Description | Value |
|---|---|---|
| enforceCertificateNameCheck | Whether to enforce certificate name check on HTTPS requests to all backend pools. No effect on non-HTTPS requests. | 'Disabled' 'Enabled' |
| sendRecvTimeoutSeconds | Send and receive timeout on forwarding request to the backend. When timeout is reached, the request fails and returns. | int Constraints: Min value = 16 |
CacheConfiguration
| Name | Description | Value |
|---|---|---|
| cacheDuration | The duration for which the content needs to be cached. Allowed format is in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations). HTTP requires the value to be no more than a year | string |
| dynamicCompression | Whether to use dynamic compression for cached content | 'Disabled' 'Enabled' |
| queryParameters | query parameters to include or exclude (comma separated). | string |
| queryParameterStripDirective | Treatment of URL query terms when forming the cache key. | 'StripAll' 'StripAllExcept' 'StripNone' 'StripOnly' |
ForwardingConfiguration
| Name | Description | Value |
|---|---|---|
| @odata.type | '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' (required) | |
| backendPool | A reference to the BackendPool which this rule routes to. | SubResource |
| cacheConfiguration | The caching configuration associated with this rule. | CacheConfiguration |
| customForwardingPath | A custom path used to rewrite resource paths matched by this rule. Leave empty to use incoming path. | string |
| forwardingProtocol | Protocol this rule will use when forwarding traffic to backends. | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
FrontDoorProperties
| Name | Description | Value |
|---|---|---|
| backendPools | Backend pools available to routing rules. | BackendPool[] |
| backendPoolsSettings | Settings for all backendPools | BackendPoolsSettings |
| enabledState | Operational status of the Front Door load balancer. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
| friendlyName | A friendly name for the frontDoor | string |
| frontendEndpoints | Frontend endpoints available to routing rules. | FrontendEndpoint[] |
| healthProbeSettings | Health probe settings associated with this Front Door instance. | HealthProbeSettingsModel[] |
| loadBalancingSettings | Load balancing settings associated with this Front Door instance. | LoadBalancingSettingsModel[] |
| routingRules | Routing rules associated with this Front Door. | RoutingRule[] |
FrontendEndpoint
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the Frontend endpoint | FrontendEndpointProperties |
FrontendEndpointProperties
| Name | Description | Value |
|---|---|---|
| hostName | The host name of the frontendEndpoint. Must be a domain name. | string |
| sessionAffinityEnabledState | Whether to allow session affinity on this host. Valid options are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
| sessionAffinityTtlSeconds | UNUSED. This field will be ignored. The TTL to use in seconds for session affinity, if applicable. | int |
| webApplicationFirewallPolicyLink | Defines the Web Application Firewall policy for each host (if applicable) | FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink |
FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
HealthProbeSettingsModel
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the health probe settings | HealthProbeSettingsProperties |
HealthProbeSettingsProperties
| Name | Description | Value |
|---|---|---|
| enabledState | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | 'Disabled' 'Enabled' |
| healthProbeMethod | Configures which HTTP method to use to probe the backends defined under backendPools. | 'GET' 'HEAD' |
| intervalInSeconds | The number of seconds between health probes. | int |
| path | The path to use for the health probe. Default is / | string |
| protocol | Protocol scheme to use for this probe | 'Http' 'Https' |
LoadBalancingSettingsModel
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the load balancing settings | LoadBalancingSettingsProperties |
LoadBalancingSettingsProperties
| Name | Description | Value |
|---|---|---|
| additionalLatencyMilliseconds | The additional latency in milliseconds for probes to fall into the lowest latency bucket | int |
| sampleSize | The number of samples to consider for load balancing decisions | int |
| successfulSamplesRequired | The number of samples within the sample period that must succeed | int |
Microsoft.Network/frontDoors
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2021-06-01' |
| location | Resource location. | string |
| name | The resource name | string Constraints: Min length = 5 Max length = 64 Pattern = ^[a-zA-Z0-9]+([-a-zA-Z0-9]?[a-zA-Z0-9])*$ (required) |
| properties | Properties of the Front Door Load Balancer | FrontDoorProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.Network/frontDoors' |
RedirectConfiguration
| Name | Description | Value |
|---|---|---|
| @odata.type | '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required) | |
| customFragment | Fragment to add to the redirect URL. Fragment is the part of the URL that comes after #. Do not include the #. | string |
| customHost | Host to redirect. Leave empty to use the incoming host as the destination host. | string |
| customPath | The full path to redirect. Path cannot be empty and must start with /. Leave empty to use the incoming path as destination path. | string |
| customQueryString | The set of query strings to be placed in the redirect URL. Setting this value would replace any existing query string; leave empty to preserve the incoming query string. Query string must be in <key>=<value> format. The first ? and & will be added automatically so do not include them in the front, but do separate multiple query strings with &. | string |
| redirectProtocol | The protocol of the destination to where the traffic is redirected | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
| redirectType | The redirect type the rule will use when redirecting traffic. | 'Found' 'Moved' 'PermanentRedirect' 'TemporaryRedirect' |
ResourceTags
| Name | Description | Value |
|---|
RouteConfiguration
| Name | Description | Value |
|---|---|---|
| @odata.type | Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' for type ForwardingConfiguration. Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' for type RedirectConfiguration. | '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required) |
RoutingRule
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the Front Door Routing Rule | RoutingRuleProperties |
RoutingRuleProperties
| Name | Description | Value |
|---|---|---|
| acceptedProtocols | Protocol schemes to match for this rule | String array containing any of: 'Http' 'Https' |
| enabledState | Whether to enable use of this rule. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
| frontendEndpoints | Frontend endpoints associated with this rule | SubResource[] |
| patternsToMatch | The route patterns of the rule. | string[] |
| routeConfiguration | A reference to the routing configuration. | RouteConfiguration |
| rulesEngine | A reference to a specific Rules Engine Configuration to apply to this route. | SubResource |
| webApplicationFirewallPolicyLink | Defines the Web Application Firewall policy for each routing rule (if applicable) | RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink |
RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Add custom domain and custom certificate with Front Door |
This template onboards and secures a custom domain with Front Door with a customer-managed certificate |
| Add custom domain and managed certificate with Front Door |
This template onboards and secures a custom domain with Front Door |
| Configure Session Affinity for your Front Door host names |
This template updates a Front Door to enable session affinity for your frontend host, thereby, sending subsequent traffic from the same user session to the same backend. |
| Control Health Probes for your backends on Front Door |
This template updates your Front Door to change the health probe settings by setting the probe path and also the intervals in which the probes will be sent. |
| Create a basic Front Door |
This template creates a basic Front Door configuration with a single backend. |
| Create a Front Door with HTTP to HTTPS redirection |
This template creates a Front Door configuration for HTTP to HTTPS redirection. |
| Create a Front Door with multiple backends and backend pools |
This template creates a Front Door with load balancing configured for multiple backends in a backend pool and also across backend pools based on URL path. |
| Create Azure Front Door in front of Azure API Management |
This sample demonstrates how to use Azure Front Door as a global load balancer in front of Azure API Management. |
| Create Front Door with Active-Standby config |
This template creates a Front Door that demonstrates priority-based routing for Active-Standby application topology. |
| Create Front Door with caching enabled for certain routes |
This template creates a Front Door with caching enabled for the defined routing configuration thus caching any static assets for your workload. |
Terraform (AzAPI provider) resource definition
The frontDoors resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/frontDoors resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/frontDoors@2021-06-01"
name = "string"
parent_id = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
backendPools = [
{
id = "string"
name = "string"
properties = {
backends = [
{
address = "string"
backendHostHeader = "string"
enabledState = "string"
httpPort = int
httpsPort = int
priority = int
privateLinkAlias = "string"
privateLinkApprovalMessage = "string"
privateLinkLocation = "string"
privateLinkResourceId = "string"
weight = int
}
]
healthProbeSettings = {
id = "string"
}
loadBalancingSettings = {
id = "string"
}
}
}
]
backendPoolsSettings = {
enforceCertificateNameCheck = "string"
sendRecvTimeoutSeconds = int
}
enabledState = "string"
friendlyName = "string"
frontendEndpoints = [
{
id = "string"
name = "string"
properties = {
hostName = "string"
sessionAffinityEnabledState = "string"
sessionAffinityTtlSeconds = int
webApplicationFirewallPolicyLink = {
id = "string"
}
}
}
]
healthProbeSettings = [
{
id = "string"
name = "string"
properties = {
enabledState = "string"
healthProbeMethod = "string"
intervalInSeconds = int
path = "string"
protocol = "string"
}
}
]
loadBalancingSettings = [
{
id = "string"
name = "string"
properties = {
additionalLatencyMilliseconds = int
sampleSize = int
successfulSamplesRequired = int
}
}
]
routingRules = [
{
id = "string"
name = "string"
properties = {
acceptedProtocols = [
"string"
]
enabledState = "string"
frontendEndpoints = [
{
id = "string"
}
]
patternsToMatch = [
"string"
]
routeConfiguration = {
@odata.type = "string"
// For remaining properties, see RouteConfiguration objects
}
rulesEngine = {
id = "string"
}
webApplicationFirewallPolicyLink = {
id = "string"
}
}
}
]
}
}
}
RouteConfiguration objects
Set the @odata.type property to specify the type of object.
For #Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration, use:
{
@odata.type = "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration"
backendPool = {
id = "string"
}
cacheConfiguration = {
cacheDuration = "string"
dynamicCompression = "string"
queryParameters = "string"
queryParameterStripDirective = "string"
}
customForwardingPath = "string"
forwardingProtocol = "string"
}
For #Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration, use:
{
@odata.type = "#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration"
customFragment = "string"
customHost = "string"
customPath = "string"
customQueryString = "string"
redirectProtocol = "string"
redirectType = "string"
}
Property Values
Backend
| Name | Description | Value |
|---|---|---|
| address | Location of the backend (IP address or FQDN) | string |
| backendHostHeader | The value to use as the host header sent to the backend. If blank or unspecified, this defaults to the incoming host. | string |
| enabledState | Whether to enable use of this backend. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
| httpPort | The HTTP TCP port number. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
| httpsPort | The HTTPS TCP port number. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
| priority | Priority to use for load balancing. Higher priorities will not be used for load balancing if any lower priority backend is healthy. | int Constraints: Min value = 1 Max value = 5 |
| privateLinkAlias | The Alias of the Private Link resource. Populating this optional field indicates that this backend is 'Private' | string |
| privateLinkApprovalMessage | A custom message to be included in the approval request to connect to the Private Link | string |
| privateLinkLocation | The location of the Private Link resource. Required only if 'privateLinkResourceId' is populated | string |
| privateLinkResourceId | The Resource Id of the Private Link resource. Populating this optional field indicates that this backend is 'Private' | string |
| weight | Weight of this endpoint for load balancing purposes. | int Constraints: Min value = 1 Max value = 1000 |
BackendPool
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the Front Door Backend Pool | BackendPoolProperties |
BackendPoolProperties
| Name | Description | Value |
|---|---|---|
| backends | The set of backends for this pool | Backend[] |
| healthProbeSettings | L7 health probe settings for a backend pool | SubResource |
| loadBalancingSettings | Load balancing settings for a backend pool | SubResource |
BackendPoolsSettings
| Name | Description | Value |
|---|---|---|
| enforceCertificateNameCheck | Whether to enforce certificate name check on HTTPS requests to all backend pools. No effect on non-HTTPS requests. | 'Disabled' 'Enabled' |
| sendRecvTimeoutSeconds | Send and receive timeout on forwarding request to the backend. When timeout is reached, the request fails and returns. | int Constraints: Min value = 16 |
CacheConfiguration
| Name | Description | Value |
|---|---|---|
| cacheDuration | The duration for which the content needs to be cached. Allowed format is in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations). HTTP requires the value to be no more than a year | string |
| dynamicCompression | Whether to use dynamic compression for cached content | 'Disabled' 'Enabled' |
| queryParameters | query parameters to include or exclude (comma separated). | string |
| queryParameterStripDirective | Treatment of URL query terms when forming the cache key. | 'StripAll' 'StripAllExcept' 'StripNone' 'StripOnly' |
ForwardingConfiguration
| Name | Description | Value |
|---|---|---|
| @odata.type | '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' (required) | |
| backendPool | A reference to the BackendPool which this rule routes to. | SubResource |
| cacheConfiguration | The caching configuration associated with this rule. | CacheConfiguration |
| customForwardingPath | A custom path used to rewrite resource paths matched by this rule. Leave empty to use incoming path. | string |
| forwardingProtocol | Protocol this rule will use when forwarding traffic to backends. | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
FrontDoorProperties
| Name | Description | Value |
|---|---|---|
| backendPools | Backend pools available to routing rules. | BackendPool[] |
| backendPoolsSettings | Settings for all backendPools | BackendPoolsSettings |
| enabledState | Operational status of the Front Door load balancer. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
| friendlyName | A friendly name for the frontDoor | string |
| frontendEndpoints | Frontend endpoints available to routing rules. | FrontendEndpoint[] |
| healthProbeSettings | Health probe settings associated with this Front Door instance. | HealthProbeSettingsModel[] |
| loadBalancingSettings | Load balancing settings associated with this Front Door instance. | LoadBalancingSettingsModel[] |
| routingRules | Routing rules associated with this Front Door. | RoutingRule[] |
FrontendEndpoint
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the Frontend endpoint | FrontendEndpointProperties |
FrontendEndpointProperties
| Name | Description | Value |
|---|---|---|
| hostName | The host name of the frontendEndpoint. Must be a domain name. | string |
| sessionAffinityEnabledState | Whether to allow session affinity on this host. Valid options are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
| sessionAffinityTtlSeconds | UNUSED. This field will be ignored. The TTL to use in seconds for session affinity, if applicable. | int |
| webApplicationFirewallPolicyLink | Defines the Web Application Firewall policy for each host (if applicable) | FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink |
FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
HealthProbeSettingsModel
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the health probe settings | HealthProbeSettingsProperties |
HealthProbeSettingsProperties
| Name | Description | Value |
|---|---|---|
| enabledState | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | 'Disabled' 'Enabled' |
| healthProbeMethod | Configures which HTTP method to use to probe the backends defined under backendPools. | 'GET' 'HEAD' |
| intervalInSeconds | The number of seconds between health probes. | int |
| path | The path to use for the health probe. Default is / | string |
| protocol | Protocol scheme to use for this probe | 'Http' 'Https' |
LoadBalancingSettingsModel
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the load balancing settings | LoadBalancingSettingsProperties |
LoadBalancingSettingsProperties
| Name | Description | Value |
|---|---|---|
| additionalLatencyMilliseconds | The additional latency in milliseconds for probes to fall into the lowest latency bucket | int |
| sampleSize | The number of samples to consider for load balancing decisions | int |
| successfulSamplesRequired | The number of samples within the sample period that must succeed | int |
Microsoft.Network/frontDoors
| Name | Description | Value |
|---|---|---|
| location | Resource location. | string |
| name | The resource name | string Constraints: Min length = 5 Max length = 64 Pattern = ^[a-zA-Z0-9]+([-a-zA-Z0-9]?[a-zA-Z0-9])*$ (required) |
| properties | Properties of the Front Door Load Balancer | FrontDoorProperties |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.Network/frontDoors@2021-06-01" |
RedirectConfiguration
| Name | Description | Value |
|---|---|---|
| @odata.type | '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required) | |
| customFragment | Fragment to add to the redirect URL. Fragment is the part of the URL that comes after #. Do not include the #. | string |
| customHost | Host to redirect. Leave empty to use the incoming host as the destination host. | string |
| customPath | The full path to redirect. Path cannot be empty and must start with /. Leave empty to use the incoming path as destination path. | string |
| customQueryString | The set of query strings to be placed in the redirect URL. Setting this value would replace any existing query string; leave empty to preserve the incoming query string. Query string must be in <key>=<value> format. The first ? and & will be added automatically so do not include them in the front, but do separate multiple query strings with &. | string |
| redirectProtocol | The protocol of the destination to where the traffic is redirected | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
| redirectType | The redirect type the rule will use when redirecting traffic. | 'Found' 'Moved' 'PermanentRedirect' 'TemporaryRedirect' |
ResourceTags
| Name | Description | Value |
|---|
RouteConfiguration
| Name | Description | Value |
|---|---|---|
| @odata.type | Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' for type ForwardingConfiguration. Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' for type RedirectConfiguration. | '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required) |
RoutingRule
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Resource name. | string |
| properties | Properties of the Front Door Routing Rule | RoutingRuleProperties |
RoutingRuleProperties
| Name | Description | Value |
|---|---|---|
| acceptedProtocols | Protocol schemes to match for this rule | String array containing any of: 'Http' 'Https' |
| enabledState | Whether to enable use of this rule. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
| frontendEndpoints | Frontend endpoints associated with this rule | SubResource[] |
| patternsToMatch | The route patterns of the rule. | string[] |
| routeConfiguration | A reference to the routing configuration. | RouteConfiguration |
| rulesEngine | A reference to a specific Rules Engine Configuration to apply to this route. | SubResource |
| webApplicationFirewallPolicyLink | Defines the Web Application Firewall policy for each routing rule (if applicable) | RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink |
RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |