CODEWITHSUNDEEP
azureterraformazure-application-gateway
JleruOHeP
JleruOHeP

Reputation: 10376

Is it possible to provision backend address pool separately from application gateway

I want to provision my infrastructure with terraform and to have some shared infrastructure. For example, to have 1 shared application gateway and multiple application specific webapps sitting behind it.

Is it possible to provision this with separate terraform projects?

  1. terraform project that would be for a shared infrastructure - to create an empty/default app gateway.
  2. other projects that would create a webapp and some extra configuration for that shared app gw - backend_address_pool, probe, backend_http_settings, etc.

Could not find how can you do it in documentation. There is this - application_gateway example where everything is provided in 1 go and then this - network_interface_application_gateway_backend_address_pool_association where you can make a assotiation between app gw and a network interface, but not a webapp.

EDIT

To expand a bit on what I want to achieve - the application gateway will be one application gateway for the whole non-prod environment (hence "shared") and it is there to save the cost. Behind it I want to configure multiple applications for multiple environments, for example, "Accounts.DEV", "Accounts.UAT", "Calculator.Dev", etc. Hope this makes my intentions a bit clearer.

For now I am trying to create empty Application gateway in the shared project (with a default pool, front-end config and rules). And then, after each application deployment to run some extra az cli logic (documentation).

Upvotes: 1

Views: 3222

Answers (2)

bursson
bursson

Reputation: 556

Currently this is not possible with terraform due the fact that Azure API does not allow creating an App Gateway step by step. If this is an issue for you and would like it to change, please vote for this and this feature request.

Source: https://github.com/terraform-providers/terraform-provider-azurerm/issues/727

Upvotes: 1

Nancy Xiong
Nancy Xiong

Reputation: 28234

It is possible to provision the application gateway and web apps separately.

By default, this application_gateway example creates an empty backend pool without any targets with one default HTTP setting, one listener for 80 port, and a basic rule for this backend pool. When you want to associate your backend web apps behind this application gateway, you need to target default_site_hostname of your web app to the backend pool and modify some specific configurations to match your backend web apps.

For example,

In the azurerm_app_service project, you can add the value of default_site_hostname for an app service at the provision time or use the data source to access an existing app service.

output "default_site_hostname" {
  value = "${azurerm_app_service.test.default_site_hostname}"
}

In the azurerm_application_gateway project, you can add the value of default_site_hostname to the fqdns, then associate the backend pool with them.

# since these variables are re-used - a locals block makes this more maintainable
locals {
  backend_address_pool_name      = "${azurerm_virtual_network.test.name}-beap"
  frontend_port_name             = "${azurerm_virtual_network.test.name}-feport"
  frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip"
  http_setting_name              = "${azurerm_virtual_network.test.name}-be-htst"
  listener_name                  = "${azurerm_virtual_network.test.name}-httplstn"
  request_routing_rule_name      = "${azurerm_virtual_network.test.name}-rqrt"
  redirect_configuration_name    = "${azurerm_virtual_network.test.name}-rdrcfg"
  fqdns                          = ["${azurerm_app_service.test.default_site_hostname}","${data.azurerm_app_service.example.default_site_hostname}"]
...

 backend_address_pool {
    name = "${local.backend_address_pool_name}"
    fqdns = "${local.fqdns}"
  }

Upvotes: 1

Related Questions