hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.61k stars 4.65k forks source link

Support for application_gateway to be able to add a backend after the app gateway is created #27854

Open stan-spotts opened 3 weeks ago

stan-spotts commented 3 weeks ago

Is there an existing issue for this?

Community Note

Description

If a method already exists, then maybe this is a request for a documentation update :). But I can't find a way.

I have an app gateway created with three listeners, probes, backend address pools, http settings, and routing rules (for APIM) just fine. I have a need to add listeners, probes, backend address pools, http settings, and routing rules to the app gateway instance for Azure Static Web Apps when I create them in other scripts. This seems like such a normal use case that I'm hoping it's just a documentation issue, or me being blind and not finding how in my searches. Otherwise, just in case, I did add what a potential Terraform configuration might look like to support it.

New or Affected Resource(s)/Data Source(s)

azurerm_application_gateway

Potential Terraform Configuration

data "azurerm_application_gateway" "existing_appgw" {
  name                = var.appgw_service_name
  resource_group_name = var.resource_group_name
}

# Define a new backend address pool for the static web app, referencing the existing Application Gateway
resource "azurerm_application_gateway_backend_address_pool" "static_web_app_backend" {
  name                 = "${var.static_web_app_name}-backend-pool"
  application_gateway_id = data.azurerm_application_gateway.existing_appgw.id
  fqdns                = [azurerm_static_web_app.swa.default_host_name]
}

# Create a probe to monitor the health of the static web app
resource "azurerm_application_gateway_probe" "static_web_app_probe" {
  name                 = "${var.static_web_app_name}-probe"
  application_gateway_id = data.azurerm_application_gateway.existing_appgw.id
  protocol             = "Https"
  host                 = azurerm_static_web_app.swa.default_host_name
  path                 = "/"
  interval             = 30
  timeout              = 120
  unhealthy_threshold  = 8
}

# Add backend HTTP settings specific to the static web app
resource "azurerm_application_gateway_http_settings" "static_web_app_http_settings" {
  name                 = "${var.static_web_app_name}-http-settings"
  application_gateway_id = data.azurerm_application_gateway.existing_appgw.id
  cookie_based_affinity = "Disabled"
  port                 = 443
  protocol             = "Https"
  probe_id             = azurerm_application_gateway_probe.static_web_app_probe.id
  request_timeout      = 180
  pick_host_name_from_backend_address = true
}

# Define an HTTP listener to accept traffic for the static web app
resource "azurerm_application_gateway_http_listener" "static_web_app_listener" {
  name                           = "${var.static_web_app_name}-listener"
  application_gateway_id         = data.azurerm_application_gateway.existing_appgw.id
  frontend_ip_configuration_name = "frontend1"
  frontend_port_name             = "port01"
  protocol                       = "Https"
  ssl_certificate_name           = var.certificate_name
  host_name                      = azurerm_static_web_app.swa.default_host_name
  require_sni                    = true
}

# Finally, create a routing rule that connects the listener to the backend pool
resource "azurerm_application_gateway_request_routing_rule" "static_web_app_routing_rule" {
  name                       = "${var.static_web_app_name}-routing-rule"
  application_gateway_id     = data.azurerm_application_gateway.existing_appgw.id
  rule_type                  = "Basic"
  http_listener_id           = azurerm_application_gateway_http_listener.static_web_app_listener.id
  backend_address_pool_id    = azurerm_application_gateway_backend_address_pool.static_web_app_backend.id
  backend_http_settings_id   = azurerm_application_gateway_http_settings.static_web_app_http_settings.id
  priority                   = 40
}

References

No response

teowa commented 2 weeks ago

Hi @stan-spotts , by checking source code, we should be able to add more than one backend_address_pool, backend_http_settings block in existing azurerm_application_gateway resource. From the doc:

backend_address_pool - (Required) One or more backend_address_pool blocks as defined below.

backend_http_settings - (Required) One or more backend_http_settings blocks as defined below.

Would you try if this works?