azure::application-gateway¶

Creates an Application Gateway.

Azure Application Gateways are managed using a combination of resource configuration and commands.

Create an Azure Application Gateway using the azure::application-gateway resource. After the Application Gateway is created use the gyro azure application-gateway command to manage certificates within the application gateway. See documentation below on how to create, add, or remove a certificate from an application gateway.

Example¶

azure::application-gateway application-gateway-example
    name: "application-gateway-example"
    resource-group: $(azure::resource-group resource-group-example-AG)
    network: $(azure::network network-example-AG)
    subnet: "subnet1"
    public-ip-address: $(azure::public-ip-address public-ip-address-example-AG)
    sku-tier: "STANDARD"
    sku-size: "STANDARD_SMALL"
    instance-count: 1
    enable-http2: true
    tags: {
        Name: "application-gateway-example"
    }

    request-routing-rule
        name: "request-routing-rule-example"
        listener: "listener-example"
        backend: "backend-example"
        backend-http-configuration: "backend-http-configuration-example"
    end

    request-routing-rule
        name: "request-routing-rule-2-example"
        listener: "listener-example-2"
        redirect-configuration: "redirect-configuration-example"
    end

    redirect-configuration
        name: "redirect-configuration-example"
        type: "Temporary"
        target-listener: "listener-example-3"
        include-query-string: true
        include-path: true
    end

    listener
        name: "listener-example"
        port: 81
    end

    listener
        name: "listener-example-2"
        port: 82
    end

    listener
        name: "listener-example-3"
        port: 83
    end

    backend
        name: "backend-example"
        ip-addresses: [
            "10.0.0.2",
            "10.0.0.3"
        ]
    end

    backend-http-configuration
        name: "backend-http-configuration-example"
        port: 8080
        cookie-name: "something"
        enable-affinity-cookie: false
        probe: "probe-example"
        connection-draining-timeout: 30
        host-header: "something"
        host-header-from-backend: false
        backend-path: "something"
    end

    probe
        name: "probe-example"
        host-name: "www.google.com"
        path: "/path"
        interval: 40
        timeout: 40
        unhealthy-threshold: 4
        https-protocol: false
        http-response-codes: [
            "200-210"
        ]
        http-response-body-match: "body"
    end

end

Certificate Commands¶

The following set of commands allow you to manage certificates in an application gateway. Before using these commands you must have already created an azure::application-gateway. The application gateway must be managed by Gyro. Ensure a proper access policy is added to the key vault for the service principal you are using.

Add Certificate

Adds a certificate to an application gateway using your certificate file (.pfx).

gyro azure application-gateway add-certificate <application-gateway-name> <cert-name> <path> --password <password>

application-gateway-name - The name of the application gateway resource defined in your config where you want to create your certificate.
cert-name - The name of the certificate that you want to create when you import the certificate file.
cert-path - The path pointing to the certificate file to be uploaded. Only .pfx files are supported.
password - An optional password if the certificate file was encrypted with one.

Import Certificate

Imports a certificate to an application gateway from your vault. For the import to work make sure the vault is in the soft delete phase and give appropriate access policy to a managed identity to the vault that you have also added to the application gateway.

gyro azure application-gateway import-certificate <application-gateway-name> <cert-name> <path> --password <password>

application-gateway-name - The name of the application gateway resource defined in your config where you want to import your certificate.
cert-name - The name of the certificate that you want to create when you import the certificate.
vault-name - The name of the key-vault resource defined in your config from which you want to import the certificate from.
vault-cert-name - The name of the certificate in the vault that you want to import.

Remove Certificate

Remove a certificate from the application gateway.

gyro azure application-gateway remove-certificate <application-gateway-name> <cert-name>

application-gateway-name - The name of the application gateway resource defined in your config from which to remove the certificate.
cert-name - The name of the certificate that you want to remove.

List Certificate

List certificates of an application gateway.

gyro azure vault list-certificate <application-gateway-name>

application-gateway-name - The name of the vault resource defined in your config that you want to list certificates from.

Attributes¶

Attribute	Description
resource-group	The resource group under which the Application Gateway would reside. (Required)
network	The Network which would be associated with the Application Gateway. (Required)
public-ip-address	The Public IP Address associated with the Application Gateway. (Required)
subnet	One of the subnet name from the assigned virtual network for the Application Gateway. (Required)
name	Name of the Application Gateway. (Required)
request-routing-rule set subresource	Request routing rule for the Application Gateway. (Required) name Name of the rule. (Required) listener Name of the listener to associated with the rule. (Required) backend Name of the backend to be associated with the rule. Required if redirection not present. backend-http-configuration Name of the backend http configuration to be associated with the rule. Required if redirection not present. redirect-configuration Name of the redirect configuration to be associated with the rule. Required if backend not present.
listener set subresource	Listener for the Application Gateway. (Required) name Name of the listener. (Required) port Port for the Listener to listen to. (Required) private-frontend Enable private frontend for the Listener. Defaults to `false`. ssl-certificate subresource Ssl configuration for the listener. certificate-secret-id The secret id of a certificate in key vault to attach to the listener. If this has been to attached to any other listener of this application gateway before, only use the certificate-name field. certificate-name The name of the certificate to attach to the listener. (Required)
backend set subresource	Backend for the Application Gateway. Required if no redirect configuration present. name Name of the backend. (Required) ip-addresses set List of ip addresses. Required if no fqdns are present. fqdns set List of fqdns. Required if no ip addresses are present.
backend-http-configuration set subresource	Backend http configuration for the Application Gateway. Required if no redirect configuration present. name Name of the Backend Http Configuration. (Required) port Port for the Backend Http Configuration. (Required) cookie-name Cookie name for the Backend Http Configuration. enable-affinity-cookie Enable cookie based affinity for the Backend Http Configuration. Defaults to `false`. connection-draining-timeout Connection draining timeout for the Backend Http Configuration. defaults to `0`. probe Name of a probe to be associated with the Backend Http Configuration. host-header Override hostname for the Backend Http Configuration. host-header-from-backend Get host header from the backend for the Backend Http Configuration. Defaults to `false`. backend-path Override backend path for the Backend Http Configuration.
redirect-configuration set subresource	Redirect configuration for the Application Gateway. Required if no backend present. name Name of the redirect configuration. (Required) type Type of the redirect configuration. Valid values are `Permanent` or `Found` or `SeeOther` or `Temporary` Valid values are `Permanent`, `Found`, `SeeOther` or `Temporary`. (Required) target-listener Name of the target listener to be associated with this redirect configuration. Required if target url not present. target-url Target url to be associated with this redirect configuration. Required if target listener not present. include-query-string Include query string or not. Defaults to `false`. include-path Include path or not. Defaults to `false`.
probe set subresource	Probe for the Application Gateway. name Name of the Probe. (Required) host-name Host name associated with this Probe. (Required) path Path associated with this Probe. (Required) interval Interval for the Probe. Defaults to `30` sec. timeout Timeout for the Probe. Defaults to `30` sec. unhealthy-threshold Threshold for unhealthy instances before it triggers the Probe. Defaults to `3`. https-protocol Enable https protocol for the Probe. Defaults to `false`. http-response-codes set List of https response codes for the Probe. http-response-body-match String to match with the request body for the Probe.
sku-size	The SKU for the Application Gateway. Valid values are `STANDARD_SMALL`, `STANDARD_MEDIUM`, `STANDARD_LARGE`, `WAF_MEDIUM`, `WAF_LARGE`, `STANDARD_V2` or `WAF_V2`. (Required)
sku-tier	The SKU for the Application Gateway. Valid values are `STANDARD`, `STANDARD_V2`, `WAF` or `WAF_V2`. (Required)
instance-count	Number of instances to scale for the Application Gateway. (Required)
tags map	Tags for the Application Gateway.
enable-http2	Enable http2 for the Application Gateway. Defaults to false.
private-front-end	Private front end for the Application Gateway. Defaults to false.
availability-zones set	Availability Zones this Application Gateway should be deployed to redundancy. Valid values are `1`, `2` and `3`.
managed-service-identity subresource	The managed service identity configuration for the application gateway. user-assigned-identity list The identity to be associated with the application gateway. Maximum allowed items are `1`. (Required)

Outputs¶

Attribute	Description
id	The ID of the application gateway.