CODEWITHSUNDEEP
azureterraformtls1.2azure-front-door
JleruOHeP
JleruOHeP

Reputation: 10376

Cannot set a minimum TLS version for FrontDoor in terraform

I am using terraform 1.44. When I try to run this:

resource "azurerm_frontdoor" "frontdoor" {
  name                                         = "my-fd"
  location                                     = "${azurerm_resource_group.default.location}"
  resource_group_name                          = "${azurerm_resource_group.default.name}"
  enforce_backend_pools_certificate_name_check = false

  routing_rule {
    .....
  }

  backend_pool_load_balancing {
    ......
  }

  backend_pool_health_probe {
    .....
  }

  backend_pool {
    .......
  }

  frontend_endpoint {
    name                                    = "myFrontendEndpoint"
    host_name                               = "my-custom.hostname.com"
    custom_https_provisioning_enabled       = true
    custom_https_configuration {
      certificate_source = "FrontDoor"
      minimum_tls_version = "1.2"
    }
  }
}

It is failing with

Error: "frontend_endpoint.custom_https_configuration.minimum_tls_version": this field cannot be set

According to this GitHub issue it should be resolved already, but documentation link is broken... And in current documentation there is no mention of this field...

How can I create this frontend? Without setting the minimum_tls_version it errors with

Error enabling Custom Domain HTTPS for Frontend Endpoint: frontdoor.FrontendEndpointsClient#EnableHTTPS: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="\"minimumTlsVersion\" is a mandatory parameter."

Upvotes: 0

Views: 1157

Answers (1)

Nancy Xiong
Nancy Xiong

Reputation: 28244

From Azure front door SSL configuration,

All Front Door profiles created after September 2019 use TLS 1.2 as the default minimum.

Front Door supports TLS versions 1.0, 1.1 and 1.2. TLS 1.3 is not yet supported.

From the terraform document, the attribute minimum_tls_version only could be exported from custom_https_configuration block. It can not be set like an Argument Reference.

For example,

....
      frontend_endpoint {
        name                              = "exampleFrontendEndpoint1"
        host_name                         = "example-FrontDoor.azurefd.net"

        custom_https_provisioning_enabled       = true
        custom_https_configuration {
          certificate_source = "FrontDoor"

      }
      }
    }

    output "minimum_tls_version" {
      value = "${azurerm_frontdoor.example.frontend_endpoint[0].custom_https_configuration[0].minimum_tls_version}"
    }

enter image description here

Upvotes: 1

Related Questions