Created
January 20, 2025 17:19
-
-
Save jwlin/6a2b4e45ec2745e5d389146fa9816620 to your computer and use it in GitHub Desktop.
Minimum working Terraform example to create Azure Function app with a secure storage
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "azurerm" { | |
| features {} | |
| subscription_id = "<your-subscription-id>" | |
| } | |
| data "azurerm_resource_group" "your_resource_group" { | |
| name = "<your-resource-group-name>" | |
| } | |
| data "azurerm_virtual_network" "your_vnet" { | |
| name = "<your-vnet-name>" | |
| resource_group_name = data.azurerm_resource_group.your_resource_group.name | |
| } | |
| data "azurerm_subnet" "your_subnet" { | |
| name = "<your-subnet-name>" | |
| virtual_network_name = data.azurerm_virtual_network.your_vnet.name | |
| resource_group_name = data.azurerm_resource_group.your_resource_group.name | |
| } | |
| resource "azurerm_storage_account" "your_storage" { | |
| name = "<your-storage-name>" | |
| resource_group_name = data.azurerm_resource_group.your_resource_group.name | |
| location = data.azurerm_resource_group.your_resource_group.location | |
| account_tier = "Standard" | |
| account_replication_type = "LRS" | |
| public_network_access_enabled = true | |
| min_tls_version = "TLS1_2" | |
| network_rules { | |
| default_action = "Deny" | |
| virtual_network_subnet_ids = [ | |
| data.azurerm_subnet.your_subnet.id | |
| ] | |
| # ip_rules = ["<ip1-to-whitelist>", "<ip2-to-whitelist>", ...] | |
| bypass = ["AzureServices"] | |
| } | |
| allow_nested_items_to_be_public = false | |
| } | |
| resource "azurerm_storage_share" "your_share" { | |
| name = "<your-share-name>" | |
| storage_account_id = azurerm_storage_account.your_storage.id | |
| quota = 50 | |
| } | |
| resource "azurerm_service_plan" "your_asp" { | |
| name = "<your-asp-name>" | |
| resource_group_name = data.azurerm_resource_group.your_resource_group.name | |
| location = data.azurerm_resource_group.your_resource_group.location | |
| os_type = "Linux" | |
| sku_name = "EP1" # Premium plan for VNet integration | |
| } | |
| resource "azurerm_linux_function_app" "your_function_app" { | |
| name = "<your-function-app-name>" | |
| resource_group_name = data.azurerm_resource_group.your_resource_group.name | |
| location = data.azurerm_resource_group.your_resource_group.location | |
| service_plan_id = azurerm_service_plan.your_asp.id | |
| storage_account_name = azurerm_storage_account.your_storage.name | |
| storage_account_access_key = azurerm_storage_account.your_storage.primary_access_key | |
| virtual_network_subnet_id = data.azurerm_subnet.your_subnet.id | |
| site_config { | |
| application_stack { | |
| node_version = "20" | |
| } | |
| } | |
| identity { | |
| type = "SystemAssigned" | |
| } | |
| app_settings = { | |
| WEBSITE_RUN_FROM_PACKAGE = "1" | |
| "WEBSITE_CONTENTSHARE" = azurerm_storage_share.your_share.name | |
| "WEBSITE_CONTENTOVERVNET" = "1" | |
| } | |
| lifecycle { | |
| ignore_changes = [ | |
| app_settings, | |
| site_config[0].application_stack, | |
| zip_deploy_file # Ignore deployment package changes | |
| ] | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Deploy Azure Functions with a Secured Storage
The Terraform code is a minimal working example that takes an existing resource group, VNet and Subnet as data, and creates: