Azure App Service (Web Apps) Slot
This page shows how to write Terraform and Azure Resource Manager for App Service (Web Apps) Slot and write them securely.
azurerm_function_app_slot (Terraform)
The Slot in App Service (Web Apps) can be configured in Terraform with the resource name azurerm_function_app_slot
. The following sections describe 6 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_function_app_slot" "example" {
name = var.name
location = module.resource_group.azurerm_resource_group.example.location
resource_group_name = module.resource_group.azurerm_resource_group.example.name
app_service_plan_id = module.service_plan.azurerm_app_service_plan.example.id
function_app_name = module.function_app.azurerm_function_app.example.name
resource "azurerm_function_app_slot" "example" {
name = "test-azure-functions_slot"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
function_app_name = azurerm_function_app.example.name
resource "azurerm_function_app_slot" "fxnslot" {
name = "source-slot"
location = var.location
resource_group_name = var.resource_group_name
app_service_plan_id = azurerm_app_service_plan.fxnapp.id
function_app_name = azurerm_function_app.fxn.name
resource "azurerm_function_app_slot" "example" {
name = "staging"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
function_app_name = azurerm_function_app.example.name
resource "azurerm_function_app_slot" "current" {
count = length(var.slots)
function_app_name = azurerm_function_app.current.name
name = var.slots[count.index]
resource "azurerm_function_app_slot" "function_app" {
name = "staging" # var.service_settings.name
function_app_name = azurerm_function_app.function_app.name
location = var.context.location
resource_group_name = var.context.resource_group_name
app_service_plan_id = var.service_settings.plan_id
Parameters
-
app_service_plan_id
required - string -
app_settings
optional computed - map from string to string -
client_affinity_enabled
optional computed - bool -
daily_memory_time_quota
optional - number -
default_hostname
optional computed - string -
enable_builtin_logging
optional - bool -
enabled
optional - bool -
function_app_name
required - string -
https_only
optional - bool -
id
optional computed - string -
kind
optional computed - string -
location
required - string -
name
required - string -
os_type
optional - string -
outbound_ip_addresses
optional computed - string -
possible_outbound_ip_addresses
optional computed - string -
resource_group_name
required - string -
site_credential
optional computed - list of object -
storage_account_access_key
required - string -
storage_account_name
required - string -
tags
optional - map from string to string -
version
optional - string -
auth_settings
list block-
additional_login_params
optional - map from string to string -
allowed_external_redirect_urls
optional - list of string -
default_provider
optional - string -
enabled
required - bool -
issuer
optional - string -
runtime_version
optional - string -
token_refresh_extension_hours
optional - number -
token_store_enabled
optional - bool -
unauthenticated_client_action
optional - string -
active_directory
list block-
allowed_audiences
optional - list of string -
client_id
required - string -
client_secret
optional - string
-
-
facebook
list block-
app_id
required - string -
app_secret
required - string -
oauth_scopes
optional - list of string
-
-
google
list block-
client_id
required - string -
client_secret
required - string -
oauth_scopes
optional - list of string
-
-
microsoft
list block-
client_id
required - string -
client_secret
required - string -
oauth_scopes
optional - list of string
-
-
twitter
list block-
consumer_key
required - string -
consumer_secret
required - string
-
-
-
connection_string
set block -
identity
list block-
identity_ids
optional - list of string -
principal_id
optional computed - string -
tenant_id
optional computed - string -
type
required - string
-
-
site_config
list block-
always_on
optional - bool -
auto_swap_slot_name
optional - string -
ftps_state
optional computed - string -
health_check_path
optional - string -
http2_enabled
optional - bool -
ip_restriction
optional computed - list of object-
action
- string -
ip_address
- string -
name
- string -
priority
- number -
service_tag
- string -
virtual_network_subnet_id
- string
-
-
linux_fx_version
optional computed - string -
min_tls_version
optional computed - string -
pre_warmed_instance_count
optional computed - number -
scm_ip_restriction
optional computed - list of object-
action
- string -
ip_address
- string -
name
- string -
priority
- number -
service_tag
- string -
virtual_network_subnet_id
- string
-
-
scm_type
optional computed - string -
scm_use_main_ip_restriction
optional - bool -
use_32_bit_worker_process
optional - bool -
websockets_enabled
optional - bool -
cors
list block-
allowed_origins
required - set of string -
support_credentials
optional - bool
-
-
-
timeouts
single block
Explanation in Terraform Registry
Manages a Function App deployment Slot.
Tips: Best Practices for The Other Azure App Service (Web Apps) Resources
In addition to the azurerm_app_service, Azure App Service (Web Apps) has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_app_service
Ensure your App Service is accessible via HTTPS only
It is better to configure the App Service to be accessible via HTTPS only. By default, both HTTP and HTTPS are available.
azurerm_function_app
Ensure to enable authentication to prevent anonymous request being accepted
It is better to enable authentication to prevent anonymous requests and ensure all communications in the application are authenticated.
Microsoft.Web/sites/slots (Azure Resource Manager)
The sites/slots in Microsoft.Web can be configured in Azure Resource Manager with the resource name Microsoft.Web/sites/slots
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Web/sites/slots",
"properties": {
"enabled": true,
"reserved": false,
"siteConfig": {
"phpVersion": "v5.6",
"type": "Microsoft.Web/sites/slots",
"apiVersion": "2018-11-01",
"name": "[concat(parameters('sites_azureupward_name'), '/dev')]",
"location": "Brazil South",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('sites_azureupward_name'))]"
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"webAppName": {
"type": "Microsoft.Web/sites/slots",
"apiVersion": "2018-11-01",
"name": "[concat('az-office-', parameters('altazion-customer-name'), '/', 'az-office-', parameters('altazion-customer-name'), '-prerelease')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', concat('az-office-', parameters('altazion-customer-name')))]"
"type": "Microsoft.Web/sites/slots",
"apiVersion": "2018-11-01",
"name": "app-simplement-e/prerelease",
"location": "West Europe",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', 'app-simplement-e')]"
"type": "Microsoft.Web/sites/slots",
"apiVersion": "2018-11-01",
"name": "[concat(parameters('sites_music_albums_app_name'), '/dev')]",
"location": "Central US",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('sites_music_albums_app_name'))]"
"type": "Microsoft.Web/sites/slots",
"apiVersion": "2018-11-01",
"name": "[concat(parameters('app_service_name'), '/', parameters('new_deployment_slot_name'))]",
"location": "East US",
"kind": "app",
"identity": {
"type": "Microsoft.Web/sites/slots",
"name": "[concat(parameters('site_name'), '/staging')]",
"apiVersion": "2016-08-01",
"location": "West Europe",
"properties": {
"enabled": true,
"type": "Microsoft.Web/sites/slots",
"apiVersion": "2018-11-01",
"name": "[concat(parameters('webAppName'), '/test')]",
"location": "[resourceGroup().location]",
"kind": "app,linux",
"dependsOn": [
"equals": "Microsoft.Web/sites/slots"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"name": "ftp",
Parameters
apiVersion
required - stringextendedLocation
optionalname
optional - stringName of extended location.
identity
optionaltype
optional - stringType of managed service identity.
userAssignedIdentities
optional - undefinedThe list of user assigned identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}
kind
optional - stringKind of resource.
location
required - stringResource Location.
name
required - stringName of the deployment slot to create or update. By default, this API attempts to create or modify the production slot.
properties
requiredclientAffinityEnabled
optional - boolean<code>true</code> to enable client affinity; <code>false</code> to stop sending session affinity cookies, which route client requests in the same session to the same instance. Default is <code>true</code>.
clientCertEnabled
optional - boolean<code>true</code> to enable client certificate authentication (TLS mutual authentication); otherwise, <code>false</code>. Default is <code>false</code>.
clientCertExclusionPaths
optional - stringclient certificate authentication comma-separated exclusion paths
clientCertMode
optional - stringThis composes with ClientCertEnabled setting.
- ClientCertEnabled: false means ClientCert is ignored.
- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.
- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted.
cloningInfo
optionalappSettingsOverrides
optional - stringApplication setting overrides for cloned app. If specified, these settings override the settings cloned from source app. Otherwise, application settings from source app are retained.
cloneCustomHostNames
optional - boolean<code>true</code> to clone custom hostnames from source app; otherwise, <code>false</code>.
cloneSourceControl
optional - boolean<code>true</code> to clone source control from source app; otherwise, <code>false</code>.
configureLoadBalancing
optional - boolean<code>true</code> to configure load balancing for source and destination app.
correlationId
optional - stringCorrelation ID of cloning operation. This ID ties multiple cloning operations together to use the same snapshot.
hostingEnvironment
optional - stringApp Service Environment.
overwrite
optional - boolean<code>true</code> to overwrite destination app; otherwise, <code>false</code>.
sourceWebAppId
required - stringARM resource ID of the source app. App resource ID is of the form /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{siteName} for production slots and /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{siteName}/slots/{slotName} for other slots.
sourceWebAppLocation
optional - stringLocation of source app ex: West US or North Europe
trafficManagerProfileId
optional - stringARM resource ID of the Traffic Manager profile to use, if it exists. Traffic Manager resource ID is of the form /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/trafficManagerProfiles/{profileName}.
trafficManagerProfileName
optional - stringName of Traffic Manager profile to create. This is only needed if Traffic Manager profile does not already exist.
containerSize
optional - integerSize of the function container.
customDomainVerificationId
optional - stringUnique identifier that verifies the custom domains assigned to the app. Customer will add this id to a txt record for verification.
dailyMemoryTimeQuota
optional - integerMaximum allowed daily memory-time quota (applicable on dynamic apps only).
enabled
optional - boolean<code>true</code> if the app is enabled; otherwise, <code>false</code>. Setting this value to false disables the app (takes the app offline).
hostingEnvironmentProfile
optionalid
optional - stringResource ID of the App Service Environment.
hostNamesDisabled
optional - boolean<code>true</code> to disable the public hostnames of the app; otherwise, <code>false</code>. If <code>true</code>, the app is only accessible via API management process.
hostNameSslStates
optional arrayhostType
optional - stringIndicates whether the hostname is a standard or repository hostname.
name
optional - stringHostname.
sslState
optional - stringSSL type.
thumbprint
optional - stringSSL certificate thumbprint.
toUpdate
optional - booleanSet to <code>true</code> to update existing hostname.
virtualIP
optional - stringVirtual IP address assigned to the hostname if IP based SSL is enabled.
httpsOnly
optional - booleanHttpsOnly: configures a web site to accept only https requests. Issues redirect for http requests
hyperV
optional - booleanHyper-V sandbox.
isXenon
optional - booleanObsolete: Hyper-V sandbox.
keyVaultReferenceIdentity
optional - stringIdentity to use for Key Vault Reference authentication.
redundancyMode
optional - stringSite redundancy mode.
reserved
optional - boolean<code>true</code> if reserved; otherwise, <code>false</code>.
scmSiteAlsoStopped
optional - boolean<code>true</code> to stop SCM (KUDU) site when the app is stopped; otherwise, <code>false</code>. The default is <code>false</code>.
serverFarmId
optional - stringResource ID of the associated App Service plan, formatted as: "/subscriptions/{subscriptionID}/resourceGroups/{groupName}/providers/Microsoft.Web/serverfarms/{appServicePlanName}".
siteConfig
optionalacrUseManagedIdentityCreds
optional - booleanFlag to use Managed Identity Creds for ACR pull
acrUserManagedIdentityID
optional - stringIf using user managed identity, the user managed identity ClientId
alwaysOn
optional - boolean<code>true</code> if Always On is enabled; otherwise, <code>false</code>.
apiDefinition
optionalurl
optional - stringThe URL of the API definition.
apiManagementConfig
optionalid
optional - stringAPIM-Api Identifier.
appCommandLine
optional - stringApp command line to launch.
appSettings
optional arrayname
optional - stringPair name.
value
optional - stringPair value.
autoHealEnabled
optional - boolean<code>true</code> if Auto Heal is enabled; otherwise, <code>false</code>.
autoHealRules
optionalactions
optionalactionType
optional - stringPredefined action to be taken.
customAction
optionalexe
optional - stringExecutable to be run.
parameters
optional - stringParameters for the executable.
minProcessExecutionTime
optional - stringMinimum time the process must execute before taking the action
triggers
optionalprivateBytesInKB
optional - integerA rule based on private bytes.
requests
optionalcount
optional - integerRequest Count.
timeInterval
optional - stringTime interval.
slowRequests
optionalcount
optional - integerRequest Count.
path
optional - stringRequest Path.
timeInterval
optional - stringTime interval.
timeTaken
optional - stringTime taken.
slowRequestsWithPath
optional arraycount
optional - integerRequest Count.
path
optional - stringRequest Path.
timeInterval
optional - stringTime interval.
timeTaken
optional - stringTime taken.
statusCodes
optional arraycount
optional - integerRequest Count.
path
optional - stringRequest Path
status
optional - integerHTTP status code.
subStatus
optional - integerRequest Sub Status.
timeInterval
optional - stringTime interval.
win32Status
optional - integerWin32 error code.
statusCodesRange
optional arraycount
optional - integerRequest Count.
path
optional - stringstatusCodes
optional - stringHTTP status code.
timeInterval
optional - stringTime interval.
autoSwapSlotName
optional - stringAuto-swap slot name.
azureStorageAccounts
optional - undefinedList of Azure Storage Accounts.
connectionStrings
optional arrayconnectionString
optional - stringConnection string value.
name
optional - stringName of connection string.
type
optional - stringType of database.
cors
optionalallowedOrigins
optional - arrayGets or sets the list of origins that should be allowed to make cross-origin calls (for example: http://example.com:12345). Use "*" to allow all.
supportCredentials
optional - booleanGets or sets whether CORS requests with credentials are allowed. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Requests_with_credentials for more details.
defaultDocuments
optional - arrayDefault documents.
detailedErrorLoggingEnabled
optional - boolean<code>true</code> if detailed error logging is enabled; otherwise, <code>false</code>.
documentRoot
optional - stringDocument root.
experiments
optionalrampUpRules
optional arrayactionHostName
optional - stringHostname of a slot to which the traffic will be redirected if decided to. E.g. myapp-stage.azurewebsites.net.
changeDecisionCallbackUrl
optional - stringCustom decision algorithm can be provided in TiPCallback site extension which URL can be specified. See TiPCallback site extension for the scaffold and contracts. https://www.siteextensions.net/packages/TiPCallback/
changeIntervalInMinutes
optional - integerSpecifies interval in minutes to reevaluate ReroutePercentage.
changeStep
optional - numberIn auto ramp up scenario this is the step to add/remove from <code>ReroutePercentage</code> until it reaches \n<code>MinReroutePercentage</code> or <code>MaxReroutePercentage</code>. Site metrics are checked every N minutes specified in <code>ChangeIntervalInMinutes</code>.\nCustom decision algorithm can be provided in TiPCallback site extension which URL can be specified in <code>ChangeDecisionCallbackUrl</code>.
maxReroutePercentage
optional - numberSpecifies upper boundary below which ReroutePercentage will stay.
minReroutePercentage
optional - numberSpecifies lower boundary above which ReroutePercentage will stay.
name
optional - stringName of the routing rule. The recommended name would be to point to the slot which will receive the traffic in the experiment.
reroutePercentage
optional - numberPercentage of the traffic which will be redirected to <code>ActionHostName</code>.
ftpsState
optional - stringState of FTP / FTPS service.
functionAppScaleLimit
optional - integerMaximum number of workers that a site can scale out to. This setting only applies to the Consumption and Elastic Premium Plans
functionsRuntimeScaleMonitoringEnabled
optional - booleanGets or sets a value indicating whether functions runtime scale monitoring is enabled. When enabled, the ScaleController will not monitor event sources directly, but will instead call to the runtime to get scale status.
handlerMappings
optional arrayarguments
optional - stringCommand-line arguments to be passed to the script processor.
extension
optional - stringRequests with this extension will be handled using the specified FastCGI application.
scriptProcessor
optional - stringThe absolute path to the FastCGI application.
healthCheckPath
optional - stringHealth check path
http20Enabled
optional - booleanHttp20Enabled: configures a web site to allow clients to connect over http2.0
httpLoggingEnabled
optional - boolean<code>true</code> if HTTP logging is enabled; otherwise, <code>false</code>.
ipSecurityRestrictions
optional arrayaction
optional - stringAllow or Deny access for this IP range.
description
optional - stringIP restriction rule description.
headers
optional - arrayIP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is ..
- If the property is null or empty (default), all hosts(or lack of) are allowed.
- A value is compared using ordinal-ignore-case (excluding port number).
- Subdomain wildcards are permitted but don't match the root domain. For example, *.contoso.com matches the subdomain foo.contoso.com but not the root domain contoso.com or multi-level foo.bar.contoso.com
- Unicode host names are allowed but are converted to Punycode for matching. X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is ..
- If the property is null or empty (default), any forwarded-for chains (or lack of) are allowed.
- If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property. X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match.
ipAddress
optional - stringIP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified.
name
optional - stringIP restriction rule name.
priority
optional - integerPriority of IP restriction rule.
subnetMask
optional - stringSubnet mask for the range of IP addresses the restriction is valid for.
subnetTrafficTag
optional - integer(internal) Subnet traffic tag
tag
optional - stringDefines what this IP filter will be used for. This is to support IP filtering on proxies.
vnetSubnetResourceId
optional - stringVirtual network resource id
vnetTrafficTag
optional - integer(internal) Vnet traffic tag
javaContainer
optional - stringJava container.
javaContainerVersion
optional - stringJava container version.
javaVersion
optional - stringJava version.
keyVaultReferenceIdentity
optional - stringIdentity to use for Key Vault Reference authentication.
limits
optionalmaxDiskSizeInMb
optional - integerMaximum allowed disk size usage in MB.
maxMemoryInMb
optional - integerMaximum allowed memory usage in MB.
maxPercentageCpu
optional - numberMaximum allowed CPU usage percentage.
linuxFxVersion
optional - stringLinux App Framework and version
loadBalancing
optional - stringSite load balancing.
localMySqlEnabled
optional - boolean<code>true</code> to enable local MySQL; otherwise, <code>false</code>.
logsDirectorySizeLimit
optional - integerHTTP logs directory size limit.
managedPipelineMode
optional - stringManaged pipeline mode.
managedServiceIdentityId
optional - integerManaged Service Identity Id
minimumElasticInstanceCount
optional - integerNumber of minimum instance count for a site This setting only applies to the Elastic Plans
minTlsVersion
optional - stringMinTlsVersion: configures the minimum version of TLS required for SSL requests.
netFrameworkVersion
optional - string.NET Framework version.
nodeVersion
optional - stringVersion of Node.js.
numberOfWorkers
optional - integerNumber of workers.
phpVersion
optional - stringVersion of PHP.
powerShellVersion
optional - stringVersion of PowerShell.
preWarmedInstanceCount
optional - integerNumber of preWarmed instances. This setting only applies to the Consumption and Elastic Plans
publicNetworkAccess
optional - stringProperty to allow or block all public traffic.
publishingUsername
optional - stringPublishing user name.
push
optionalkind
optional - stringKind of resource.
properties
optionaldynamicTagsJson
optional - stringGets or sets a JSON string containing a list of dynamic tags that will be evaluated from user claims in the push registration endpoint.
isPushEnabled
required - booleanGets or sets a flag indicating whether the Push endpoint is enabled.
tagsRequiringAuth
optional - stringGets or sets a JSON string containing a list of tags that require user authentication to be used in the push registration endpoint. Tags can consist of alphanumeric characters and the following: '_', '@', '#', '.', ':', '-'. Validation should be performed at the PushRequestHandler.
tagWhitelistJson
optional - stringGets or sets a JSON string containing a list of tags that are whitelisted for use by the push registration endpoint.
pythonVersion
optional - stringVersion of Python.
remoteDebuggingEnabled
optional - boolean<code>true</code> if remote debugging is enabled; otherwise, <code>false</code>.
remoteDebuggingVersion
optional - stringRemote debugging version.
requestTracingEnabled
optional - boolean<code>true</code> if request tracing is enabled; otherwise, <code>false</code>.
requestTracingExpirationTime
optional - stringRequest tracing expiration time.
scmIpSecurityRestrictions
optional arrayaction
optional - stringAllow or Deny access for this IP range.
description
optional - stringIP restriction rule description.
headers
optional - arrayIP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is ..
- If the property is null or empty (default), all hosts(or lack of) are allowed.
- A value is compared using ordinal-ignore-case (excluding port number).
- Subdomain wildcards are permitted but don't match the root domain. For example, *.contoso.com matches the subdomain foo.contoso.com but not the root domain contoso.com or multi-level foo.bar.contoso.com
- Unicode host names are allowed but are converted to Punycode for matching. X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is ..
- If the property is null or empty (default), any forwarded-for chains (or lack of) are allowed.
- If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property. X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match.
ipAddress
optional - stringIP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified.
name
optional - stringIP restriction rule name.
priority
optional - integerPriority of IP restriction rule.
subnetMask
optional - stringSubnet mask for the range of IP addresses the restriction is valid for.
subnetTrafficTag
optional - integer(internal) Subnet traffic tag
tag
optional - stringDefines what this IP filter will be used for. This is to support IP filtering on proxies.
vnetSubnetResourceId
optional - stringVirtual network resource id
vnetTrafficTag
optional - integer(internal) Vnet traffic tag
scmIpSecurityRestrictionsUseMain
optional - booleanIP security restrictions for scm to use main.
scmMinTlsVersion
optional - stringScmMinTlsVersion: configures the minimum version of TLS required for SSL requests for SCM site.
scmType
optional - stringSCM type.
tracingOptions
optional - stringTracing options.
use32BitWorkerProcess
optional - boolean<code>true</code> to use 32-bit worker process; otherwise, <code>false</code>.
virtualApplications
optional arrayphysicalPath
optional - stringPhysical path.
preloadEnabled
optional - boolean<code>true</code> if preloading is enabled; otherwise, <code>false</code>.
virtualDirectories
optional arrayphysicalPath
optional - stringPhysical path.
virtualPath
optional - stringPath to virtual application.
virtualPath
optional - stringVirtual path.
vnetName
optional - stringVirtual Network name.
vnetPrivatePortsCount
optional - integerThe number of private ports assigned to this app. These will be assigned dynamically on runtime.
vnetRouteAllEnabled
optional - booleanVirtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied.
websiteTimeZone
optional - stringSets the time zone a site uses for generating timestamps. Compatible with Linux and Windows App Service. Setting the WEBSITE_TIME_ZONE app setting takes precedence over this config. For Linux, expects tz database values https://www.iana.org/time-zones (for a quick reference see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). For Windows, expects one of the time zones listed under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
webSocketsEnabled
optional - boolean<code>true</code> if WebSocket is enabled; otherwise, <code>false</code>.
windowsFxVersion
optional - stringXenon App Framework and version
xManagedServiceIdentityId
optional - integerExplicit Managed Service Identity Id
storageAccountRequired
optional - booleanChecks if Customer provided storage account is required
virtualNetworkSubnetId
optional - stringAzure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}
tags
optional - stringResource tags.
type
required - string
Frequently asked questions
What is Azure App Service (Web Apps) Slot?
Azure App Service (Web Apps) Slot is a resource for App Service (Web Apps) of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure App Service (Web Apps) Slot?
For Terraform, the VentsislavDinev/en_sample, baolaniyan1/ADT-623 and mspnp/gridwich source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the chironconsulting/ARM-Schema-Templates, julioarruda/azureupward2020 and mathieu-benoit/asp-dot-net-core-on-azure-web-app source code examples are useful. See the Azure Resource Manager Example section for further details.