Azure Front Door Standard/Premium Preview - Tips, Tricks, and Lessons Learned | josh-ops

[utterances-bot]

Azure Front Door Standard/Premium Preview - Tips, Tricks, and Lessons Learned | josh-ops

I share my experience, lessons-learned, and tips and tricks for working with the new Azure Front Door Standard/Premium (Preview) SKUs

https://josh-ops.com/posts/azure-frontdoor-preview-experience/

[micketallberg]

Really nice summary, I guess it's been a while since you first published it, but the official documentation is still somewhat lacking so this is useful information.

Just one thing: It's possible to approve the private endpoint using a REST API call, so it can be done programatically. :)

https://docs.microsoft.com/en-us/rest/api/apimanagement/current-ga/private-endpoint-connection/create-or-update

[joshjohanning]

ahh, great tip @micketallberg!

Now they just need a Terraform module for Azure Front Door Standard/Premium that builds the auto-approval of private endpoints in :)

[IAMDEH]

Very useful summary for troubleshooting, especially since the official docs are not optimal to say the least. Important side note, you can programmatically approve the private endpoint connection using Azure PowerShell Approve-AzPrivateEndpointConnection.

Thank you!

[joshjohanning]

Important side note, you can programmatically approve the private endpoint connection using Azure PowerShell Approve-AzPrivateEndpointConnection.

Nice! That's super helpful. @IAMDEH do you use Azure PowerShell to otherwise deploy/manage your Front Door too?

[IAMDEH]

Nice! That's super helpful. @IAMDEH do you use Azure PowerShell to otherwise deploy/manage your Front Door too?

We're currently using a Bicep template (such as this one) to deploy our AFD resource. We mostly use Azure PowerShell for validating stuff, such as Private Endpoint Connection approval and AFD Custom Domain TXT and CNAME DNS Records creation.

Lately we've run into a problem creating an Apex Domain programmatically though, and it looks like the only available option is to do it manually...

[namnam0610]

Hi Josh,

We are currently using Front Door Classic with default managed rules in WAF. Front Door Standard does not support managed rules in WAF so is Premium the only choice if we update? The cost of Premium tier is far expensive than the Standard tier so if we use Standard tier, is there any ways that we can manually create custom rules as a replacement for default managed rules?

[joshjohanning]

Hey @namnam0610!

You should be able to create your own WAF and own policy for both standard and premium.

Just Azure-managed rules are only available for classic and Premium:

Managed rules are only supported in the Azure Front Door Premium tier and Azure Front Door Classic tier policies.

For others: as a tip to save on costs, when we were working heavily with Front Door, we created one Front Door in the "Hub" resource group and used for several applications in the same environment (as opposed to a Front Door per app).