Azure CDN Endpoint
This page shows how to write Terraform and Azure Resource Manager for CDN Endpoint and write them securely.
azurerm_cdn_endpoint (Terraform)
The Endpoint in CDN can be configured in Terraform with the resource name azurerm_cdn_endpoint
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_cdn_endpoint" "std_verizon_with_opt" {
name = "example"
profile_name = azurerm_cdn_profile.std_verizon.name
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
optimization_type = "DynamicSiteAcceleration"
resource "azurerm_cdn_endpoint" "cdn_endpoint_gophish" {
name = var.cdn_endpoint_name_gophish
profile_name = azurerm_cdn_profile.cdn_profile.name
location = azurerm_resource_group.azure_resource.location
resource_group_name = azurerm_resource_group.azure_resource.name
origin_host_header = var.cdn_origin_host_gophish
resource "azurerm_cdn_endpoint" "cdn_endpoint_gophish" {
name = var.cdn_endpoint_name_gophish
profile_name = azurerm_cdn_profile.cdn_profile.name
location = azurerm_resource_group.azure_resource.location
resource_group_name = azurerm_resource_group.azure_resource.name
origin_host_header = var.cdn_origin_host_gophish
resource "azurerm_cdn_endpoint" "cdn" {
for_each = var.cdn_endpoint
resource_group_name = azurerm_cdn_profile.cdn.resource_group_name
location = var.location
name = lower(join("", [each.value["endpoint_name"], random_string.cdn.result]))
profile_name = azurerm_cdn_profile.cdn.name
resource "azurerm_cdn_endpoint" "std_verizon_with_opt" {
name = "example"
profile_name = azurerm_cdn_profile.std_verizon.name
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
optimization_type = "DynamicSiteAcceleration"
resource "azurerm_cdn_endpoint" "CDN-DEV-ENDPOINT-BCP" {
name = "bcpdev"
profile_name = azurerm_cdn_profile.DEV-CDN-BCP.name
location = azurerm_resource_group.rgbcp.location
resource_group_name = azurerm_resource_group.rgbcp.name
origin_host_header = "bcpdev.z13.web.core.windows.net"
resource "azurerm_cdn_endpoint" "cdn-endpoint" {
name = "gameappcdn"
profile_name = var.cdn_profile_name
location = "westeurope"
resource_group_name = azurerm_resource_group.resource_group.name
resource "azurerm_cdn_endpoint" "example" {
name = "esgi-cdn-endpoint"
profile_name = azurerm_cdn_profile.esgi.name
location = azurerm_resource_group.RG1.location
resource_group_name = azurerm_resource_group.RG1.name
resource "azurerm_cdn_endpoint" "CdnEndpoint" {
# references: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_endpoint
name = var.cdn_endpoint_name
profile_name = var.cdn_profile_name
resource "azurerm_cdn_endpoint" "ockamio_website" {
count = length(azurerm_cdn_profile.ockam_verizon_premium)
name = var.cdn_cache_endpoint
profile_name = azurerm_cdn_profile.ockam_verizon_premium[count.index].name
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
Parameters
-
content_types_to_compress
optional computed - set of string -
host_name
optional computed - string -
id
optional computed - string -
is_compression_enabled
optional - bool -
is_http_allowed
optional - bool -
is_https_allowed
optional - bool -
location
required - string -
name
required - string -
optimization_type
optional - string -
origin_host_header
optional - string -
origin_path
optional computed - string -
probe_path
optional computed - string -
profile_name
required - string -
querystring_caching_behaviour
optional - string -
resource_group_name
required - string -
tags
optional - map from string to string -
delivery_rule
list block-
name
required - string -
order
required - number -
cache_expiration_action
list block -
cache_key_query_string_action
list block-
behavior
required - string -
parameters
optional - string
-
-
cookies_condition
list block-
match_values
optional - set of string -
negate_condition
optional - bool -
operator
required - string -
selector
required - string -
transforms
optional - list of string
-
-
device_condition
list block-
match_values
required - set of string -
negate_condition
optional - bool -
operator
optional - string
-
-
http_version_condition
list block-
match_values
required - set of string -
negate_condition
optional - bool -
operator
optional - string
-
-
modify_request_header_action
list block -
modify_response_header_action
list block -
post_arg_condition
list block-
match_values
optional - set of string -
negate_condition
optional - bool -
operator
required - string -
selector
required - string -
transforms
optional - list of string
-
-
query_string_condition
list block-
match_values
optional - set of string -
negate_condition
optional - bool -
operator
required - string -
transforms
optional - list of string
-
-
remote_address_condition
list block-
match_values
optional - set of string -
negate_condition
optional - bool -
operator
required - string
-
-
request_body_condition
list block-
match_values
optional - set of string -
negate_condition
optional - bool -
operator
required - string -
transforms
optional - list of string
-
-
request_header_condition
list block-
match_values
optional - set of string -
negate_condition
optional - bool -
operator
required - string -
selector
required - string -
transforms
optional - list of string
-
-
request_method_condition
list block-
match_values
required - set of string -
negate_condition
optional - bool -
operator
optional - string
-
-
request_scheme_condition
list block-
match_values
required - set of string -
negate_condition
optional - bool -
operator
optional - string
-
-
request_uri_condition
list block-
match_values
optional - set of string -
negate_condition
optional - bool -
operator
required - string -
transforms
optional - list of string
-
-
url_file_extension_condition
list block-
match_values
optional - set of string -
negate_condition
optional - bool -
operator
required - string -
transforms
optional - list of string
-
-
url_file_name_condition
list block-
match_values
optional - set of string -
negate_condition
optional - bool -
operator
required - string -
transforms
optional - list of string
-
-
url_path_condition
list block-
match_values
optional - set of string -
negate_condition
optional - bool -
operator
required - string -
transforms
optional - list of string
-
-
url_redirect_action
list block-
fragment
optional - string -
hostname
optional - string -
path
optional - string -
protocol
optional - string -
query_string
optional - string -
redirect_type
required - string
-
-
url_rewrite_action
list block-
destination
required - string -
preserve_unmatched_path
optional - bool -
source_pattern
required - string
-
-
-
geo_filter
list block-
action
required - string -
country_codes
required - list of string -
relative_path
required - string
-
-
global_delivery_rule
list block-
cache_expiration_action
list block -
cache_key_query_string_action
list block-
behavior
required - string -
parameters
optional - string
-
-
modify_request_header_action
list block -
modify_response_header_action
list block -
url_redirect_action
list block-
fragment
optional - string -
hostname
optional - string -
path
optional - string -
protocol
optional - string -
query_string
optional - string -
redirect_type
required - string
-
-
url_rewrite_action
list block-
destination
required - string -
preserve_unmatched_path
optional - bool -
source_pattern
required - string
-
-
-
origin
set block-
host_name
required - string -
http_port
optional - number -
https_port
optional - number -
name
required - string
-
-
timeouts
single block
Explanation in Terraform Registry
A CDN Endpoint is the entity within a CDN Profile containing configuration information regarding caching behaviours and origins. The CDN Endpoint is exposed using the URL format <endpointname>.azureedge.net. !> Be Aware: Azure is rolling out a breaking change on Friday 9th April which may cause issues with the CDN/FrontDoor resources. More information is available in this Github issue - however unfortunately this may necessitate a breaking change to the CDN and FrontDoor resources, more information will be posted in the Github issue as the necessary changes are identified.
Microsoft.Cdn/profiles/endpoints (Azure Resource Manager)
The profiles/endpoints in Microsoft.Cdn can be configured in Azure Resource Manager with the resource name Microsoft.Cdn/profiles/endpoints
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Cdn/profiles/endpoints",
"apiVersion": "2019-12-31",
"name": "[concat(parameters('cdnName'), '/', parameters('name'))]",
"location": "Global",
"dependsOn": [
"[resourceId('Microsoft.Cdn/profiles', parameters('cdnName'))]"
"type": "Microsoft.Cdn/profiles/endpoints",
"apiVersion": "2020-04-15",
"name": "[concat(parameters('profiles_ccusfrontendcdn_name'), '/ccusfrontend')]",
"location": "Global",
"dependsOn": [
"[resourceId('Microsoft.Cdn/profiles', parameters('profiles_ccusfrontendcdn_name'))]"
Parameters
apiVersion
required - stringlocation
required - stringResource location.
name
required - stringName of the endpoint under the profile which is unique globally.
properties
requiredcontentTypesToCompress
optional - arrayList of content types on which compression applies. The value should be a valid MIME type.
defaultOriginGroup
optionalid
optional - stringResource ID.
deliveryPolicy
optionaldescription
optional - stringUser-friendly description of the policy.
rules
required arrayactions
required arrayconditions
optional arrayname
optional - stringName of the rule
order
required - integerThe order in which the rules are applied for the endpoint. Possible values {0,1,2,3,………}. A rule with a lesser order will be applied before a rule with a greater order. Rule with order 0 is a special rule. It does not require any condition and actions listed in it will always be applied.
geoFilters
optional arrayaction
required - stringAction of the geo filter, i.e. allow or block access.
countryCodes
required - arrayTwo letter country or region codes defining user country or region access in a geo filter, e.g. AU, MX, US.
relativePath
required - stringRelative path applicable to geo filter. (e.g. '/mypictures', '/mypicture/kitty.jpg', and etc.)
isCompressionEnabled
optional - booleanIndicates whether content compression is enabled on CDN. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content won't be compressed on CDN when requested content is smaller than 1 byte or larger than 1 MB.
isHttpAllowed
optional - booleanIndicates whether HTTP traffic is allowed on the endpoint. Default value is true. At least one protocol (HTTP or HTTPS) must be allowed.
isHttpsAllowed
optional - booleanIndicates whether HTTPS traffic is allowed on the endpoint. Default value is true. At least one protocol (HTTP or HTTPS) must be allowed.
optimizationType
optional - stringSpecifies what scenario the customer wants this CDN endpoint to optimize for, e.g. Download, Media services. With this information, CDN can apply scenario driven optimization.
originGroups
optional arrayname
required - stringOrigin group name which must be unique within the endpoint.
properties
optionalhealthProbeSettings
optionalprobeIntervalInSeconds
optional - integerThe number of seconds between health probes.Default is 240sec.
probePath
optional - stringThe path relative to the origin that is used to determine the health of the origin.
probeProtocol
optional - stringProtocol to use for health probe.
probeRequestType
optional - stringThe type of health probe request that is made.
origins
required arrayid
optional - stringResource ID.
responseBasedOriginErrorDetectionSettings
optionalhttpErrorRanges
optional arraybegin
optional - integerThe inclusive start of the http status code range.
end
optional - integerThe inclusive end of the http status code range.
responseBasedDetectedErrorTypes
optional - stringType of response errors for real user requests for which origin will be deemed unhealthy.
responseBasedFailoverThresholdPercentage
optional - integerThe percentage of failed requests in the sample where failover should trigger.
trafficRestorationTimeToHealedOrNewEndpointsInMinutes
optional - integerTime in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. This property is currently not supported.
originHostHeader
optional - stringThe host header value sent to the origin with each request. This property at Endpoint is only allowed when endpoint uses single origin and can be overridden by the same property specified at origin.If you leave this blank, the request hostname determines this value. Azure CDN origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default.
originPath
optional - stringA directory path on the origin that CDN can use to retrieve content from, e.g. contoso.cloudapp.net/originpath.
origins
required arrayname
required - stringOrigin name which must be unique within the endpoint.
properties
optionalenabled
optional - booleanOrigin is enabled for load balancing or not. By default, origin is always enabled.
hostName
required - stringThe address of the origin. It can be a domain name, IPv4 address, or IPv6 address. This should be unique across all origins in an endpoint.
httpPort
optional - integerThe value of the HTTP port. Must be between 1 and 65535.
httpsPort
optional - integerThe value of the HTTPS port. Must be between 1 and 65535.
originHostHeader
optional - stringThe host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure CDN origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default.
priority
optional - integerPriority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5.
privateLinkAlias
optional - stringThe Alias of the Private Link resource. Populating this optional field indicates that this origin is 'Private'
privateLinkApprovalMessage
optional - stringA custom message to be included in the approval request to connect to the Private Link.
privateLinkLocation
optional - stringThe location of the Private Link resource. Required only if 'privateLinkResourceId' is populated
privateLinkResourceId
optional - stringThe Resource Id of the Private Link resource. Populating this optional field indicates that this backend is 'Private'
weight
optional - integerWeight of the origin in given origin group for load balancing. Must be between 1 and 1000
probePath
optional - stringPath to a file hosted on the origin which helps accelerate delivery of the dynamic content and calculate the most optimal routes for the CDN. This is relative to the origin path. This property is only relevant when using a single origin.
queryStringCachingBehavior
optional - stringDefines how CDN caches requests that include query strings. You can ignore any query strings when caching, bypass caching to prevent requests that contain query strings from being cached, or cache every request with a unique URL.
urlSigningKeys
optional arraykeyId
required - stringDefines the customer defined key Id. This id will exist in the incoming request to indicate the key used to form the hash.
keySourceParameters
requiredresourceGroupName
required - stringResource group of the user's Key Vault containing the secret
secretName
required - stringThe name of secret in Key Vault.
secretVersion
required - stringThe version(GUID) of secret in Key Vault.
subscriptionId
required - stringSubscription Id of the user's Key Vault containing the secret
typeName
required - stringvaultName
required - stringThe name of the user's Key Vault containing the secret
webApplicationFirewallPolicyLink
optionalid
optional - stringResource ID.
tags
optional - stringResource tags.
type
required - string
Frequently asked questions
What is Azure CDN Endpoint?
Azure CDN Endpoint is a resource for CDN of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure CDN Endpoint?
For Terraform, the gilyas/infracost, macmento/build_a_phish and ralphte/build_a_phish source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the chrissheldon90/scratch and Access-America/Citizen-Center source code examples are useful. See the Azure Resource Manager Example section for further details.