| alarm_cpu_threshold_percentage |
Specify a number (%) which should be set as a threshold for a CPU usage monitoring alarm |
number |
80 |
no |
| alarm_for_delete_events |
Should Alert Rules be created for Administrative 'Delete' actions? |
bool |
true |
no |
| alarm_latency_threshold_ms |
Specify a number in milliseconds which should be set as a threshold for a request latency monitoring alarm |
number |
1000 |
no |
| alarm_log_ingestion_gb_per_day |
Define an alarm threshold for Log Analytics ingestion rate in GB (per day) (Defaults to no limit) |
number |
0 |
no |
| alarm_memory_threshold_percentage |
Specify a number (%) which should be set as a threshold for a memory usage monitoring alarm |
number |
80 |
no |
| app_configuration_assign_role |
Assign the 'App Configuration Data Reader' Role to the Container App User-Assigned Managed Identity. Note: If you do not have 'Microsoft.Authorization/roleAssignments/write' permission, you will need to manually assign the 'App Configuration Data Reader' Role to the identity |
bool |
false |
no |
| app_configuration_sku |
The SKU name of the App Configuration. Possible values are free and standard. Defaults to free. |
string |
"free" |
no |
| app_insights_retention_days |
Number of days to retain App Insights data for (Default: 2 years) |
number |
730 |
no |
| app_insights_smart_detection_enabled |
Enable or Disable Smart Detection with App Insights |
bool |
true |
no |
| azure_location |
Azure location in which to launch resources. |
string |
n/a |
yes |
| cdn_frontdoor_custom_domains |
Azure CDN Front Door custom domains |
list(string) |
[] |
no |
| cdn_frontdoor_custom_domains_create_dns_records |
Should the TXT records and ALIAS/CNAME records be automatically created if the custom domains exist within the DNS Zone? |
bool |
true |
no |
| cdn_frontdoor_enable_access_logs |
Toggle the Diagnostic Setting to log Access requests |
bool |
false |
no |
| cdn_frontdoor_enable_health_probe_logs |
Toggle the Diagnostic Setting to log Health Probe requests |
bool |
false |
no |
| cdn_frontdoor_enable_rate_limiting |
Enable CDN Front Door Rate Limiting. This will create a WAF policy, and CDN security policy. For pricing reasons, there will only be one WAF policy created. |
bool |
false |
no |
| cdn_frontdoor_enable_waf_logs |
Toggle the Diagnostic Setting to log Web Application Firewall requests |
bool |
true |
no |
| cdn_frontdoor_forwarding_protocol |
Azure CDN Front Door forwarding protocol |
string |
"HttpsOnly" |
no |
| cdn_frontdoor_health_probe_interval |
Specifies the number of seconds between health probes. |
number |
120 |
no |
| cdn_frontdoor_health_probe_path |
Specifies the path relative to the origin that is used to determine the health of the origin. |
string |
"/" |
no |
| cdn_frontdoor_health_probe_protocol |
Use Http or Https |
string |
"Https" |
no |
| cdn_frontdoor_health_probe_request_type |
Specifies the type of health probe request that is made. |
string |
"GET" |
no |
| cdn_frontdoor_host_add_response_headers |
List of response headers to add at the CDN Front Door [{ "Name" = "Strict-Transport-Security", "value" = "max-age=31536000" }] |
list(map(string)) |
[] |
no |
| cdn_frontdoor_host_redirects |
CDN FrontDoor host redirects [{ "from" = "example.com", "to" = "www.example.com" }] |
list(map(string)) |
[] |
no |
| cdn_frontdoor_origin_fqdn_override |
Manually specify the hostname that the CDN Front Door should target. Defaults to the Container App FQDN |
string |
"" |
no |
| cdn_frontdoor_origin_host_header_override |
Manually specify the host header that the CDN sends to the target. Defaults to the recieved host header. Set to null to set it to the host_name (cdn_frontdoor_origin_fqdn_override) |
string |
"" |
no |
| cdn_frontdoor_origin_http_port |
The value of the HTTP port used for the CDN Origin. Must be between 1 and 65535. Defaults to 80 |
number |
80 |
no |
| cdn_frontdoor_origin_https_port |
The value of the HTTPS port used for the CDN Origin. Must be between 1 and 65535. Defaults to 443 |
number |
443 |
no |
| cdn_frontdoor_rate_limiting_bypass_ip_list |
List if IP CIDRs to bypass CDN Front Door rate limiting |
list(string) |
[] |
no |
| cdn_frontdoor_rate_limiting_duration_in_minutes |
CDN Front Door rate limiting duration in minutes |
number |
1 |
no |
| cdn_frontdoor_rate_limiting_threshold |
Maximum number of concurrent requests before Rate Limiting policy is applied |
number |
300 |
no |
| cdn_frontdoor_remove_response_headers |
List of response headers to remove at the CDN Front Door |
list(string) |
[] |
no |
| cdn_frontdoor_response_timeout |
Azure CDN Front Door response timeout in seconds |
number |
120 |
no |
| cdn_frontdoor_sku |
Azure CDN Front Door SKU |
string |
"Standard_AzureFrontDoor" |
no |
| cdn_frontdoor_vdp_destination_hostname |
Requires 'enable_cdn_frontdoor_vdp_redirects' to be set to 'true'. Hostname to redirect security.txt and thanks.txt to |
string |
"" |
no |
| cdn_frontdoor_waf_custom_rules |
Map of all Custom rules you want to apply to the CDN WAF |
map(object({
priority : number,
action : string
match_conditions : map(object({
match_variable : string,
match_values : optional(list(string), []),
operator : optional(string, "Any"),
selector : optional(string, null),
negation_condition : optional(bool, false),
}))
})) |
{} |
no |
| cdn_frontdoor_waf_managed_rulesets |
Map of all Managed rules you want to apply to the CDN WAF, including any overrides, or exclusions |
map(object({
version : string,
action : optional(string, "Block"),
exclusions : optional(map(object({
match_variable : string,
operator : string,
selector : string
})), {})
overrides : optional(map(map(object({
action : string,
enabled : optional(bool, true),
exclusions : optional(map(object({
match_variable : string,
operator : string,
selector : string
})), {})
}))), {})
})) |
{} |
no |
| cdn_frontdoor_waf_mode |
CDN Front Door waf mode |
string |
"Prevention" |
no |
| container_app_blob_storage_public_access_enabled |
Enable anonymous public read access to blobs in Azure Storage? |
bool |
false |
no |
| container_app_environment_internal_load_balancer_enabled |
Should the Container Environment operate in Internal Load Balancing Mode? |
bool |
false |
no |
| container_app_file_share_mount_path |
A path inside your container where the File Share will be mounted to |
string |
"/srv/app/storage" |
no |
| container_app_file_share_security_profile |
Choose whether the SMB protocol should be configured for maximum security, or maximum compatibility |
string |
"security" |
no |
| container_app_identities |
Additional User Assigned Managed Identity Resource IDs to attach to the Container App |
list(string) |
[] |
no |
| container_app_name_override |
A custom name for the Container App |
string |
"" |
no |
| container_app_storage_account_shared_access_key_enabled |
Should the storage account for the container app permit requests to be authorized with the account access key via Shared Key? |
bool |
true |
no |
| container_app_storage_cross_tenant_replication_enabled |
Should cross Tenant replication be enabled? |
bool |
false |
no |
| container_app_use_managed_identity |
Deploy a User Assigned Managed Identity and attach it to the Container App |
bool |
true |
no |
| container_apps_allow_ips_inbound |
Restricts access to the Container Apps by creating a network security group rule that only allow inbound traffic from the provided list of IPs |
list(string) |
[] |
no |
| container_apps_infra_subnet_service_endpoints |
Endpoints to assign to infra subnet |
list(string) |
[] |
no |
| container_command |
Container command |
list(any) |
[] |
no |
| container_cpu |
Number of container CPU cores |
number |
1 |
no |
| container_environment_variables |
Container environment variables |
map(string) |
{} |
no |
| container_health_probe_interval |
How often in seconds to poll the Container to determine liveness |
number |
30 |
no |
| container_health_probe_path |
Specifies the path that is used to determine the liveness of the Container |
string |
"/" |
no |
| container_health_probe_protocol |
Use HTTPS or a TCP connection for the Container liveness probe |
string |
"http" |
no |
| container_max_replicas |
Container max replicas |
number |
2 |
no |
| container_memory |
Container memory in GB |
number |
2 |
no |
| container_min_replicas |
Container min replicas |
number |
1 |
no |
| container_port |
Container port |
number |
80 |
no |
| container_scale_http_concurrency |
When the number of concurrent HTTP requests exceeds this value, then another replica is added. Replicas continue to add to the pool up to the max-replicas amount. |
number |
10 |
no |
| container_scale_out_at_defined_time |
Should the Container App scale out to the max-replicas during a specified time window? |
bool |
false |
no |
| container_scale_out_rule_end |
Specify a time using Linux cron format that represents the end of the scale-out window. Defaults to 18:00 |
string |
"0 18 * * *" |
no |
| container_scale_out_rule_start |
Specify a time using Linux cron format that represents the start of the scale-out window. Defaults to 08:00 |
string |
"0 8 * * *" |
no |
| container_secret_environment_variables |
Container environment variables, which are defined as secrets within the container app configuration. This is to help reduce the risk of accidentally exposing secrets. |
map(string) |
{} |
no |
| create_container_app_blob_storage_sas |
Generate a SAS connection string that is exposed to your App as an environment variable so that it can connect to the Storage Account |
bool |
true |
no |
| custom_container_apps |
Custom container apps, by default deployed within the container app environment managed by this module. |
map(object({
container_app_environment_id = optional(string, "")
resource_group_name = optional(string, "")
revision_mode = optional(string, "Single")
container_port = optional(number, 0)
ingress = optional(object({
external_enabled = optional(bool, true)
target_port = optional(number, null)
traffic_weight = object({
percentage = optional(number, 100)
})
cdn_frontdoor_custom_domain = optional(string, "")
cdn_frontdoor_origin_fqdn_override = optional(string, "")
cdn_frontdoor_origin_host_header_override = optional(string, "")
enable_cdn_frontdoor_health_probe = optional(bool, false)
cdn_frontdoor_health_probe_protocol = optional(string, "")
cdn_frontdoor_health_probe_interval = optional(number, 120)
cdn_frontdoor_health_probe_request_type = optional(string, "")
cdn_frontdoor_health_probe_path = optional(string, "")
cdn_frontdoor_forwarding_protocol_override = optional(string, "")
}), null)
identity = optional(list(object({
type = string
identity_ids = list(string)
})), [])
secrets = optional(list(object({
name = string
value = string
})), [])
registry = optional(object({
server = optional(string, "")
username = optional(string, "")
password_secret_name = optional(string, "")
identity = optional(string, "")
}), null),
image = string
cpu = number
memory = number
command = list(string)
liveness_probes = optional(list(object({
interval_seconds = number
transport = string
port = number
path = optional(string, null)
})), [])
env = optional(list(object({
name = string
value = optional(string, null)
secretRef = optional(string, null)
})), [])
min_replicas = number
max_replicas = number
})) |
{} |
no |
| dns_a_records |
DNS A records to add to the DNS Zone |
map(
object({
ttl : optional(number, 300),
records : list(string)
})
) |
{} |
no |
| dns_aaaa_records |
DNS AAAA records to add to the DNS Zone |
map(
object({
ttl : optional(number, 300),
records : list(string)
})
) |
{} |
no |
| dns_alias_records |
DNS ALIAS records to add to the DNS Zone |
map(
object({
ttl : optional(number, 300),
target_resource_id : string
})
) |
{} |
no |
| dns_caa_records |
DNS CAA records to add to the DNS Zone |
map(
object({
ttl : optional(number, 300),
records : list(
object({
flags : number,
tag : string,
value : string
})
)
})
) |
{} |
no |
| dns_cname_records |
DNS CNAME records to add to the DNS Zone |
map(
object({
ttl : optional(number, 300),
record : string
})
) |
{} |
no |
| dns_mx_records |
DNS MX records to add to the DNS Zone |
map(
object({
ttl : optional(number, 300),
records : list(
object({
preference : number,
exchange : string
})
)
})
) |
{} |
no |
| dns_ns_records |
DNS NS records to add to the DNS Zone |
map(
object({
ttl : optional(number, 300),
records : list(string)
})
) |
{} |
no |
| dns_ptr_records |
DNS PTR records to add to the DNS Zone |
map(
object({
ttl : optional(number, 300),
records : list(string)
})
) |
{} |
no |
| dns_srv_records |
DNS SRV records to add to the DNS Zone |
map(
object({
ttl : optional(number, 300),
records : list(
object({
priority : number,
weight : number,
port : number,
target : string
})
)
})
) |
{} |
no |
| dns_txt_records |
DNS TXT records to add to the DNS Zone |
map(
object({
ttl : optional(number, 300),
records : list(string)
})
) |
{} |
no |
| dns_zone_domain_name |
DNS zone domain name. If created, records will automatically be created to point to the CDN. |
string |
"" |
no |
| dns_zone_soa_record |
DNS zone SOA record block (https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_zone#soa_record) |
map(string) |
{} |
no |
| enable_app_configuration |
Deploy an Azure App Configuration resource |
bool |
false |
no |
| enable_app_insights_integration |
Deploy an App Insights instance and connect your Container Apps to it |
bool |
true |
no |
| enable_cdn_frontdoor |
Enable Azure CDN Front Door. This will use the Container Apps endpoint as the origin. |
bool |
false |
no |
| enable_cdn_frontdoor_health_probe |
Enable CDN Front Door health probe |
bool |
true |
no |
| enable_cdn_frontdoor_vdp_redirects |
Deploy redirects for security.txt and thanks.txt to an external Vulnerability Disclosure Program service |
bool |
false |
no |
| enable_container_app_blob_storage |
Create an Azure Storage Account and Storage Container to be used for this app |
bool |
false |
no |
| enable_container_app_file_share |
Create an Azure Storage Account and File Share to be mounted to the Container Apps |
bool |
false |
no |
| enable_container_health_probe |
Enable liveness probes for the Container |
bool |
true |
no |
| enable_container_registry |
Set to true to create a container registry |
bool |
n/a |
yes |
| enable_dns_zone |
Conditionally create a DNS zone |
bool |
false |
no |
| enable_event_hub |
Send Azure Container App logs to an Event Hub sink |
bool |
false |
no |
| enable_health_insights_api |
Deploys a Function App that exposes the last 3 HTTP Web Tests via an API endpoint. 'enable_app_insights_integration' and 'enable_monitoring' must be set to 'true'. |
bool |
false |
no |
| enable_init_container |
Deploy an Init Container. Init containers run before the primary app container and are used to perform initialization tasks such as downloading data or preparing the environment |
bool |
false |
no |
| enable_logstash_consumer |
Create an Event Hub consumer group for Logstash |
bool |
false |
no |
| enable_monitoring |
Create an App Insights instance and notification group for the Container App |
bool |
false |
no |
| enable_mssql_database |
Set to true to create an Azure SQL server/database, with a private endpoint within the virtual network |
bool |
false |
no |
| enable_mssql_vulnerability_assessment |
Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities |
bool |
true |
no |
| enable_network_watcher |
Enable network watcher. Note: only 1 network watcher per subscription can be created. |
bool |
false |
no |
| enable_network_watcher_traffic_analytics |
Enable network watcher traffic analytics (Requires enable_network_watcher to be true) |
bool |
true |
no |
| enable_postgresql_database |
Set to true to create an Azure Postgres server/database, with a private endpoint within the virtual network |
bool |
false |
no |
| enable_redis_cache |
Set to true to create an Azure Redis Cache, with a private endpoint within the virtual network |
bool |
false |
no |
| enable_registry_retention_policy |
Boolean value that indicates whether the policy is enabled |
bool |
false |
no |
| enable_resource_group_lock |
Enabling this will add a Resource Lock to the Resource Group preventing any resources from being deleted. |
bool |
false |
no |
| enable_worker_container |
Conditionally launch a worker container. This container uses the same image and environment variables as the default container app, but allows a different container command to be run. The worker container does not expose any ports. |
bool |
false |
no |
| environment |
Environment name. Will be used along with project_name as a prefix for all resources. |
string |
n/a |
yes |
| escrow_container_app_secrets_in_key_vault |
Set sensitive Container App secrets in Key Vault |
bool |
false |
no |
| eventhub_export_log_analytics_table_names |
List of Log Analytics table names that you want to export to Event Hub. See https://learn.microsoft.com/en-gb/azure/azure-monitor/logs/logs-data-export?tabs=portal#supported-tables for a list of supported tables |
list(string) |
[] |
no |
| existing_key_vault |
An existing Key Vault that you want to store Container App secrets in |
string |
"" |
no |
| existing_logic_app_workflow |
Name, Resource Group and HTTP Trigger URL of an existing Logic App Workflow to route Alerts to |
object({
name : string
resource_group_name : string
}) |
{
"name": "",
"resource_group_name": ""
} |
no |
| existing_network_watcher_name |
Use an existing network watcher to add flow logs. |
string |
"" |
no |
| existing_network_watcher_resource_group_name |
Existing network watcher resource group. |
string |
"" |
no |
| existing_resource_group |
Conditionally launch resources into an existing resource group. Specifying this will NOT create a resource group. |
string |
"" |
no |
| existing_virtual_network |
Conditionally use an existing virtual network. The virtual_network_address_space must match an existing address space in the VNet. This also requires the resource group name. |
string |
"" |
no |
| health_insights_api_cors_origins |
List of hostnames that are permitted to contact the Health insights API |
list(string) |
[
"*"
] |
no |
| health_insights_api_ipv4_allow_list |
List of IPv4 addresses that are permitted to contact the Health insights API |
list(string) |
[] |
no |
| image_name |
Image name |
string |
n/a |
yes |
| image_tag |
Image tag |
string |
"latest" |
no |
| init_container_command |
Container command for the Init Container |
list(any) |
[] |
no |
| init_container_image |
Image name for the Init Container. Leave blank to use the same Container image from the primary app |
string |
"" |
no |
| key_vault_access_ipv4 |
List of IPv4 Addresses that are permitted to access the Key Vault |
list(string) |
[] |
no |
| key_vault_managed_identity_assign_role |
Assign the Key Vault Secret User role to the Container App managed identity |
bool |
false |
no |
| launch_in_vnet |
Conditionally launch into a VNet |
bool |
true |
no |
| linux_function_apps |
A list of Linux Function Apps with their corresponding app settings |
map(object({
runtime = string
runtime_version = string
app_settings = optional(map(string), {})
allowed_origins = optional(list(string), ["*"])
ftp_publish_basic_authentication_enabled = optional(bool, false)
webdeploy_publish_basic_authentication_enabled = optional(bool, false)
ipv4_access = optional(list(string), [])
minimum_tls_version = optional(string, "1.3")
})) |
{} |
no |
| monitor_email_receivers |
A list of email addresses that should be notified by monitoring alerts |
list(string) |
[] |
no |
| monitor_endpoint_healthcheck |
Specify a route that should be monitored for a 200 OK status |
string |
"/" |
no |
| mssql_azuread_admin_object_id |
Object ID of a User within Azure AD that you want to assign as the SQL Server Administrator |
string |
"" |
no |
| mssql_azuread_admin_username |
Username of a User within Azure AD that you want to assign as the SQL Server Administrator |
string |
"" |
no |
| mssql_azuread_auth_only |
Set to true to only permit SQL logins from Azure AD users |
bool |
false |
no |
| mssql_database_name |
The name of the MSSQL database to create. Must be set if enable_mssql_database is true |
string |
"" |
no |
| mssql_firewall_ipv4_allow_list |
A list of IPv4 Addresses that require remote access to the MSSQL Server |
map(object({
start_ip_range : string,
end_ip_range : optional(string, "")
})) |
{} |
no |
| mssql_managed_identity_assign_role |
Assign the 'Storage Blob Data Contributor' Role to the SQL Server User-Assigned Managed Identity. Note: If you do not have 'Microsoft.Authorization/roleAssignments/write' permission, you will need to manually assign the 'Storage Blob Data Contributor' Role to the identity |
bool |
true |
no |
| mssql_max_size_gb |
The max size of the database in gigabytes |
number |
2 |
no |
| mssql_security_storage_access_key_rotation_reminder_days |
Number of days to set for access key rotation reminder on the SQL Security Storage Account. If not set will default to 'storage_account_access_key_rotation_reminder_days' |
number |
0 |
no |
| mssql_security_storage_cross_tenant_replication_enabled |
Should cross Tenant replication be enabled? |
bool |
false |
no |
| mssql_security_storage_firewall_ipv4_allow_list |
Additional IP addresses to add to the Storage Account that holds the Vulnerability Assessments |
list(string) |
[] |
no |
| mssql_server_admin_password |
The local administrator password for the MSSQL server |
string |
"" |
no |
| mssql_server_public_access_enabled |
Enable public internet access to your MSSQL instance. Be sure to specify 'mssql_firewall_ipv4_allow_list' to restrict inbound connections |
bool |
false |
no |
| mssql_sku_name |
Specifies the name of the SKU used by the database |
string |
"Basic" |
no |
| mssql_storage_account_shared_access_key_enabled |
Should the storage account for mssql security permit requests to be authorized with the account access key via Shared Key? |
bool |
true |
no |
| mssql_version |
Specify the version of Microsoft SQL Server you want to run |
string |
"12.0" |
no |
| network_watcher_flow_log_retention |
Number of days to retain flow logs. Set to 0 to keep all logs. |
number |
90 |
no |
| network_watcher_nsg_storage_access_key_rotation_reminder_days |
Number of days to set for access key rotation reminder on the Network Watcher NSG Flow Log Storage Account. If not set will default to 'storage_account_access_key_rotation_reminder_days' |
number |
0 |
no |
| network_watcher_traffic_analytics_interval |
Interval in minutes for Traffic Analytics. |
number |
60 |
no |
| postgresql_administrator_login |
Specify a login that will be assigned to the administrator when creating the Postgres server |
string |
"" |
no |
| postgresql_administrator_password |
Specify a password that will be assigned to the administrator when creating the Postgres server |
string |
"" |
no |
| postgresql_availability_zone |
Specify the availibility zone in which the Postgres server should be located |
string |
"1" |
no |
| postgresql_charset |
Specify the charset to be used for the Postgres database |
string |
"utf8" |
no |
| postgresql_collation |
Specify the collation to be used for the Postgres database |
string |
"en_US.utf8" |
no |
| postgresql_enabled_extensions |
Specify a comma seperated list of Postgres extensions to enable. See https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-extensions#postgres-14-extensions |
string |
"" |
no |
| postgresql_firewall_ipv4_allow |
Map of IP address ranges to add into the postgres firewall. Note: only applicable if postgresql_network_connectivity_method is set to public. |
map(object({
start_ip_address = string
end_ip_address = string
})) |
{} |
no |
| postgresql_max_storage_mb |
Specify the max amount of storage allowed for the Postgres server |
number |
32768 |
no |
| postgresql_network_connectivity_method |
Specify postgresql networking method, public or private. See https://learn.microsoft.com/en-gb/azure/postgresql/flexible-server/concepts-networking |
string |
"private" |
no |
| postgresql_server_version |
Specify the version of postgres server to run (either 11,12,13 or 14) |
string |
"" |
no |
| postgresql_sku_name |
Specify the SKU to be used for the Postgres server |
string |
"B_Standard_B1ms" |
no |
| project_name |
Project name. Will be used along with environment as a prefix for all resources. |
string |
n/a |
yes |
| redis_cache_capacity |
Redis Cache Capacity |
number |
0 |
no |
| redis_cache_family |
Redis Cache family |
string |
"C" |
no |
| redis_cache_firewall_ipv4_allow_list |
A list of IPv4 address that require remote access to the Redis server |
list(string) |
[] |
no |
| redis_cache_patch_schedule_day |
Redis Cache patch schedule day |
string |
"Sunday" |
no |
| redis_cache_patch_schedule_hour |
Redis Cache patch schedule hour |
number |
18 |
no |
| redis_cache_sku |
Redis Cache SKU |
string |
"Basic" |
no |
| redis_cache_version |
Redis Cache version |
number |
6 |
no |
| redis_config |
Overrides for Redis Cache Configuration options |
object({
maxmemory_reserved : optional(number),
maxmemory_delta : optional(number),
maxfragmentationmemory_reserved : optional(number),
maxmemory_policy : optional(string),
}) |
{} |
no |
| registry_admin_enabled |
Do you want to enable access key based authentication for your Container Registry? |
bool |
true |
no |
| registry_ipv4_allow_list |
List of IPv4 CIDR blocks that require access to the Container Registry |
list(string) |
[] |
no |
| registry_managed_identity_assign_role |
Assign the 'AcrPull' Role to the Container App User-Assigned Managed Identity. Note: If you do not have 'Microsoft.Authorization/roleAssignments/write' permission, you will need to manually assign the 'AcrPull' Role to the identity |
bool |
true |
no |
| registry_password |
Container registry password (required if enable_container_registry is false) |
string |
"" |
no |
| registry_public_access_enabled |
Should your Container Registry be publicly accessible? |
bool |
true |
no |
| registry_retention_days |
The number of days to retain an untagged manifest after which it gets purged |
number |
7 |
no |
| registry_server |
Container registry server (required if enable_container_registry is false) |
string |
"" |
no |
| registry_sku |
The SKU name of the container registry. Possible values are 'Basic', 'Standard' and 'Premium'. |
string |
"Standard" |
no |
| registry_use_managed_identity |
Create a User-Assigned Managed Identity for the Container App. Note: If you do not have 'Microsoft.Authorization/roleAssignments/write' permission, you will need to manually assign the 'AcrPull' Role to the identity |
bool |
false |
no |
| registry_username |
Container registry username (required if enable_container_registry is false) |
string |
"" |
no |
| restrict_container_apps_to_cdn_inbound_only |
Restricts access to the Container Apps by creating a network security group rule that only allows 'AzureFrontDoor.Backend' inbound, and attaches it to the subnet of the container app environment. |
bool |
true |
no |
| storage_account_access_key_rotation_reminder_days |
Number of days to set for access key rotation reminder on Storage Accounts |
number |
90 |
no |
| storage_account_file_share_quota_gb |
The maximum size of the share, in gigabytes. |
number |
2 |
no |
| storage_account_ipv4_allow_list |
A list of public IPv4 address to grant access to the Storage Account |
list(string) |
[] |
no |
| storage_account_public_access_enabled |
Should the Azure Storage Account have Public visibility? |
bool |
false |
no |
| storage_account_sas_expiration_period |
The SAS expiration period in format of DD.HH:MM:SS |
string |
"02.00:00:00" |
no |
| tags |
Tags to be applied to all resources |
map(string) |
{} |
no |
| virtual_network_address_space |
Virtual Network address space CIDR |
string |
"172.16.0.0/12" |
no |
| worker_container_command |
Container command for the Worker container. enable_worker_container must be set to true for this to have any effect. |
list(string) |
[] |
no |
| worker_container_max_replicas |
Worker ontainer max replicas |
number |
2 |
no |
| worker_container_min_replicas |
Worker container min replicas |
number |
1 |
no |
