Quickstart: Create an Azure Front Door using an ARM template

This quickstart describes how to use an Azure Resource Manager template (ARM Template) to create an Azure Front Door with an Azure Web App as origin.

An Azure Resource Manager template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax. You describe your intended deployment without writing the sequence of programming commands to create the deployment.

If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. The template will open in the Azure portal.

Button to deploy the Resource Manager template to Azure.

Prerequisites

  • If you don't have an Azure subscription, create a free account before you begin.
  • IP or FQDN of a website or web application.

Review the template

The template used in this quickstart is from Azure Quickstart Templates.

In this quickstart, you'll create a Front Door Standard/Premium, an App Service, and configure the App Service to validate that traffic has come through the Front Door origin.

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.5.6.12127",
      "templateHash": "1359495056007144414"
    }
  },
  "parameters": {
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "The location into which regionally scoped resources should be deployed. Note that Front Door is a global resource."
      }
    },
    "appName": {
      "type": "string",
      "defaultValue": "[format('myapp-{0}', uniqueString(resourceGroup().id))]",
      "metadata": {
        "description": "The name of the App Service application to create. This must be globally unique."
      }
    },
    "appServicePlanSkuName": {
      "type": "string",
      "defaultValue": "S1",
      "metadata": {
        "description": "The name of the SKU to use when creating the App Service plan."
      }
    },
    "appServicePlanCapacity": {
      "type": "int",
      "defaultValue": 1,
      "metadata": {
        "description": "The number of worker instances of your App Service plan that should be provisioned."
      }
    },
    "frontDoorEndpointName": {
      "type": "string",
      "defaultValue": "[format('afd-{0}', uniqueString(resourceGroup().id))]",
      "metadata": {
        "description": "The name of the Front Door endpoint to create. This must be globally unique."
      }
    },
    "frontDoorSkuName": {
      "type": "string",
      "defaultValue": "Standard_AzureFrontDoor",
      "allowedValues": [
        "Standard_AzureFrontDoor",
        "Premium_AzureFrontDoor"
      ],
      "metadata": {
        "description": "The name of the SKU to use when creating the Front Door profile."
      }
    }
  },
  "variables": {
    "appServicePlanName": "AppServicePlan",
    "frontDoorProfileName": "MyFrontDoor",
    "frontDoorOriginGroupName": "MyOriginGroup",
    "frontDoorOriginName": "MyAppServiceOrigin",
    "frontDoorRouteName": "MyRoute"
  },
  "resources": [
    {
      "type": "Microsoft.Cdn/profiles",
      "apiVersion": "2021-06-01",
      "name": "[variables('frontDoorProfileName')]",
      "location": "global",
      "sku": {
        "name": "[parameters('frontDoorSkuName')]"
      }
    },
    {
      "type": "Microsoft.Web/serverfarms",
      "apiVersion": "2020-06-01",
      "name": "[variables('appServicePlanName')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "[parameters('appServicePlanSkuName')]",
        "capacity": "[parameters('appServicePlanCapacity')]"
      },
      "kind": "app"
    },
    {
      "type": "Microsoft.Web/sites",
      "apiVersion": "2020-06-01",
      "name": "[parameters('appName')]",
      "location": "[parameters('location')]",
      "kind": "app",
      "identity": {
        "type": "SystemAssigned"
      },
      "properties": {
        "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
        "httpsOnly": true,
        "siteConfig": {
          "detailedErrorLoggingEnabled": true,
          "httpLoggingEnabled": true,
          "requestTracingEnabled": true,
          "ftpsState": "Disabled",
          "minTlsVersion": "1.2",
          "ipSecurityRestrictions": [
            {
              "tag": "ServiceTag",
              "ipAddress": "AzureFrontDoor.Backend",
              "action": "Allow",
              "priority": 100,
              "headers": {
                "x-azure-fdid": [
                  "[reference(resourceId('Microsoft.Cdn/profiles', variables('frontDoorProfileName'))).frontDoorId]"
                ]
              },
              "name": "Allow traffic from Front Door"
            }
          ]
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
        "[resourceId('Microsoft.Cdn/profiles', variables('frontDoorProfileName'))]"
      ]
    },
    {
      "type": "Microsoft.Cdn/profiles/afdEndpoints",
      "apiVersion": "2021-06-01",
      "name": "[format('{0}/{1}', variables('frontDoorProfileName'), parameters('frontDoorEndpointName'))]",
      "location": "global",
      "properties": {
        "enabledState": "Enabled"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Cdn/profiles', variables('frontDoorProfileName'))]"
      ]
    },
    {
      "type": "Microsoft.Cdn/profiles/originGroups",
      "apiVersion": "2021-06-01",
      "name": "[format('{0}/{1}', variables('frontDoorProfileName'), variables('frontDoorOriginGroupName'))]",
      "properties": {
        "loadBalancingSettings": {
          "sampleSize": 4,
          "successfulSamplesRequired": 3
        },
        "healthProbeSettings": {
          "probePath": "/",
          "probeRequestType": "HEAD",
          "probeProtocol": "Http",
          "probeIntervalInSeconds": 100
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Cdn/profiles', variables('frontDoorProfileName'))]"
      ]
    },
    {
      "type": "Microsoft.Cdn/profiles/originGroups/origins",
      "apiVersion": "2021-06-01",
      "name": "[format('{0}/{1}/{2}', variables('frontDoorProfileName'), variables('frontDoorOriginGroupName'), variables('frontDoorOriginName'))]",
      "properties": {
        "hostName": "[reference(resourceId('Microsoft.Web/sites', parameters('appName'))).defaultHostName]",
        "httpPort": 80,
        "httpsPort": 443,
        "originHostHeader": "[reference(resourceId('Microsoft.Web/sites', parameters('appName'))).defaultHostName]",
        "priority": 1,
        "weight": 1000
      },
      "dependsOn": [
        "[resourceId('Microsoft.Web/sites', parameters('appName'))]",
        "[resourceId('Microsoft.Cdn/profiles/originGroups', variables('frontDoorProfileName'), variables('frontDoorOriginGroupName'))]"
      ]
    },
    {
      "type": "Microsoft.Cdn/profiles/afdEndpoints/routes",
      "apiVersion": "2021-06-01",
      "name": "[format('{0}/{1}/{2}', variables('frontDoorProfileName'), parameters('frontDoorEndpointName'), variables('frontDoorRouteName'))]",
      "properties": {
        "originGroup": {
          "id": "[resourceId('Microsoft.Cdn/profiles/originGroups', variables('frontDoorProfileName'), variables('frontDoorOriginGroupName'))]"
        },
        "supportedProtocols": [
          "Http",
          "Https"
        ],
        "patternsToMatch": [
          "/*"
        ],
        "forwardingProtocol": "HttpsOnly",
        "linkToDefaultDomain": "Enabled",
        "httpsRedirect": "Enabled"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Cdn/profiles/afdEndpoints', variables('frontDoorProfileName'), parameters('frontDoorEndpointName'))]",
        "[resourceId('Microsoft.Cdn/profiles/originGroups/origins', variables('frontDoorProfileName'), variables('frontDoorOriginGroupName'), variables('frontDoorOriginName'))]",
        "[resourceId('Microsoft.Cdn/profiles/originGroups', variables('frontDoorProfileName'), variables('frontDoorOriginGroupName'))]"
      ]
    }
  ],
  "outputs": {
    "appServiceHostName": {
      "type": "string",
      "value": "[reference(resourceId('Microsoft.Web/sites', parameters('appName'))).defaultHostName]"
    },
    "frontDoorEndpointHostName": {
      "type": "string",
      "value": "[reference(resourceId('Microsoft.Cdn/profiles/afdEndpoints', variables('frontDoorProfileName'), parameters('frontDoorEndpointName'))).hostName]"
    }
  }
}

Multiple Azure resources are defined in the template:

Deploy the template

  1. Select Try it from the following code block to open Azure Cloud Shell, and then follow the instructions to sign in to Azure.

    Note

    If you want to deploy Azure Front Door Premium instead of Standard substitute the value of the sku parameter with Premium_AzureFrontDoor. For detailed comparison, view Azure Front Door tier comparison.

    $projectName = Read-Host -Prompt "Enter a project name that is used for generating resource names"
    $location = Read-Host -Prompt "Enter the location (i.e. centralus)"
    $templateUri = "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.cdn/front-door-standard-premium-app-service-public/azuredeploy.json"
    
    $resourceGroupName = "${projectName}rg"
    
    New-AzResourceGroup -Name $resourceGroupName -Location "$location"
    New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateUri $templateUri -frontDoorSkuName Standard_AzureFrontDoor
    
    Read-Host -Prompt "Press [ENTER] to continue ..."
    

    Wait until you see the prompt from the console.

  2. Select Copy from the previous code block to copy the PowerShell script.

  3. Right-click the shell console pane and then select Paste.

  4. Enter the values.

    The template deployment creates a Front Door with a web app as origin

    The resource group name is the project name with rg appended.

    Note

    frontDoorName needs to be a globally unique name in order for the template to deploy successfully. If deployment fails, start over with Step 1.

    It takes a few minutes to deploy the template. When completed, the output is similar to:

    Front Door Resource Manager template PowerShell deployment output

Azure PowerShell is used to deploy the template. In addition to Azure PowerShell, you can also use the Azure portal, Azure CLI, and REST API. To learn other deployment methods, see Deploy templates.

Validate the deployment

  1. Sign in to the Azure portal.

  2. Select Resource groups from the left pane.

  3. Select the resource group that you created in the previous section. The default resource group name is the project name with rg appended.

  4. Select the Front Door you created previously and you'll be able to see the endpoint hostname. Copy the hostname and paste it on to the address bar of a browser. Press enter and your request will automatically get routed to the web app.

    Screenshot of the message: Your web app is running and waiting for your content.

Clean up resources

When you no longer need the Front Door service, delete the resource group. This will remove the Front Door and all the related resources.

To delete the resource group, call the Remove-AzResourceGroup cmdlet:

Remove-AzResourceGroup -Name <your resource group name>

Next steps

In this quickstart, you created a:

  • Front Door
  • App Service plan
  • Web App

To learn how to add a custom domain to your Front Door, continue to the Front Door tutorials.