Top / Microsoft Azure / Azure CDN / Endpoint

Azure CDN Endpoint

This page shows how to write Terraform and Azure Resource Manager for CDN Endpoint and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_cdn_endpoint (Terraform)

The Endpoint in CDN can be configured in Terraform with the resource name azurerm_cdn_endpoint. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

cdn_endpoint_test.tf#L39
resource "azurerm_cdn_endpoint" "std_verizon_with_opt" {
  name                = "example"
  profile_name        = azurerm_cdn_profile.std_verizon.name
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  optimization_type   = "DynamicSiteAcceleration"
main.tf#L13
resource "azurerm_cdn_endpoint" "cdn_endpoint_gophish" {
  name                = var.cdn_endpoint_name_gophish
  profile_name        = azurerm_cdn_profile.cdn_profile.name
  location            = azurerm_resource_group.azure_resource.location
  resource_group_name = azurerm_resource_group.azure_resource.name
  origin_host_header  = var.cdn_origin_host_gophish
main.tf#L13
resource "azurerm_cdn_endpoint" "cdn_endpoint_gophish" {
  name                = var.cdn_endpoint_name_gophish
  profile_name        = azurerm_cdn_profile.cdn_profile.name
  location            = azurerm_resource_group.azure_resource.location
  resource_group_name = azurerm_resource_group.azure_resource.name
  origin_host_header  = var.cdn_origin_host_gophish
main.tf#L38
resource "azurerm_cdn_endpoint" "cdn" {
  for_each                      = var.cdn_endpoint
  resource_group_name           = azurerm_cdn_profile.cdn.resource_group_name
  location                      = var.location
  name                          = lower(join("", [each.value["endpoint_name"], random_string.cdn.result]))
  profile_name                  = azurerm_cdn_profile.cdn.name
cdn_endpoint_test.tf#L39
resource "azurerm_cdn_endpoint" "std_verizon_with_opt" {
  name                = "example"
  profile_name        = azurerm_cdn_profile.std_verizon.name
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  optimization_type   = "DynamicSiteAcceleration"
end.tf#L1
resource "azurerm_cdn_endpoint" "CDN-DEV-ENDPOINT-BCP" {
  name                = "bcpdev"
  profile_name        = azurerm_cdn_profile.DEV-CDN-BCP.name
  location            = azurerm_resource_group.rgbcp.location
  resource_group_name = azurerm_resource_group.rgbcp.name
  origin_host_header  = "bcpdev.z13.web.core.windows.net"
cdn.tf#L9
resource "azurerm_cdn_endpoint" "cdn-endpoint" {
  name                          = "gameappcdn"
  profile_name                  = var.cdn_profile_name
  location                      = "westeurope"
  resource_group_name           = azurerm_resource_group.resource_group.name
cdn.tf#L8
resource "azurerm_cdn_endpoint" "example" {
  name                = "esgi-cdn-endpoint"
  profile_name        = azurerm_cdn_profile.esgi.name
  location            = azurerm_resource_group.RG1.location
  resource_group_name = azurerm_resource_group.RG1.name
main.tf#L2
resource "azurerm_cdn_endpoint" "CdnEndpoint" {

    # references: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_endpoint

  name                = var.cdn_endpoint_name
  profile_name        = var.cdn_profile_name
cdn.tf#L17
resource "azurerm_cdn_endpoint" "ockamio_website" {
  count               = length(azurerm_cdn_profile.ockam_verizon_premium)
  name                = var.cdn_cache_endpoint
  profile_name        = azurerm_cdn_profile.ockam_verizon_premium[count.index].name
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

A CDN Endpoint is the entity within a CDN Profile containing configuration information regarding caching behaviours and origins. The CDN Endpoint is exposed using the URL format <endpointname>.azureedge.net. !> Be Aware: Azure is rolling out a breaking change on Friday 9th April which may cause issues with the CDN/FrontDoor resources. More information is available in this Github issue - however unfortunately this may necessitate a breaking change to the CDN and FrontDoor resources, more information will be posted in the Github issue as the necessary changes are identified.

>> from Terraform Registry

Microsoft.Cdn/profiles/endpoints (Azure Resource Manager)

The profiles/endpoints in Microsoft.Cdn can be configured in Azure Resource Manager with the resource name Microsoft.Cdn/profiles/endpoints. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

cdn-template.json#L27
        "type": "Microsoft.Cdn/profiles/endpoints",
        "apiVersion": "2019-12-31",
        "name": "[concat(parameters('cdnName'), '/', parameters('name'))]",
        "location": "Global",
        "dependsOn": [
            "[resourceId('Microsoft.Cdn/profiles', parameters('cdnName'))]"
ccusfrontend_cdn.json#L55
            "type": "Microsoft.Cdn/profiles/endpoints",
            "apiVersion": "2020-04-15",
            "name": "[concat(parameters('profiles_ccusfrontendcdn_name'), '/ccusfrontend')]",
            "location": "Global",
            "dependsOn": [
                "[resourceId('Microsoft.Cdn/profiles', parameters('profiles_ccusfrontendcdn_name'))]"

Parameters

  • apiVersion required - string
  • location required - string

    Resource location.

  • name required - string

    Name of the endpoint under the profile which is unique globally.

  • properties required
      • contentTypesToCompress optional - array

        List of content types on which compression applies. The value should be a valid MIME type.

      • defaultOriginGroup optional
          • id optional - string

            Resource ID.

      • deliveryPolicy optional
          • description optional - string

            User-friendly description of the policy.

          • rules required array
              • actions required array
                • conditions optional array
                  • name optional - string

                    Name of the rule

                  • order required - integer

                    The order in which the rules are applied for the endpoint. Possible values {0,1,2,3,………}. A rule with a lesser order will be applied before a rule with a greater order. Rule with order 0 is a special rule. It does not require any condition and actions listed in it will always be applied.

          • geoFilters optional array
              • action required - string

                Action of the geo filter, i.e. allow or block access.

              • countryCodes required - array

                Two letter country or region codes defining user country or region access in a geo filter, e.g. AU, MX, US.

              • relativePath required - string

                Relative path applicable to geo filter. (e.g. '/mypictures', '/mypicture/kitty.jpg', and etc.)

          • isCompressionEnabled optional - boolean

            Indicates whether content compression is enabled on CDN. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content won't be compressed on CDN when requested content is smaller than 1 byte or larger than 1 MB.

          • isHttpAllowed optional - boolean

            Indicates whether HTTP traffic is allowed on the endpoint. Default value is true. At least one protocol (HTTP or HTTPS) must be allowed.

          • isHttpsAllowed optional - boolean

            Indicates whether HTTPS traffic is allowed on the endpoint. Default value is true. At least one protocol (HTTP or HTTPS) must be allowed.

          • optimizationType optional - string

            Specifies what scenario the customer wants this CDN endpoint to optimize for, e.g. Download, Media services. With this information, CDN can apply scenario driven optimization.

          • originGroups optional array
              • name required - string

                Origin group name which must be unique within the endpoint.

              • properties optional
                  • healthProbeSettings optional
                      • probeIntervalInSeconds optional - integer

                        The number of seconds between health probes.Default is 240sec.

                      • probePath optional - string

                        The path relative to the origin that is used to determine the health of the origin.

                      • probeProtocol optional - string

                        Protocol to use for health probe.

                      • probeRequestType optional - string

                        The type of health probe request that is made.

                  • origins required array
                      • id optional - string

                        Resource ID.

                  • responseBasedOriginErrorDetectionSettings optional
                      • httpErrorRanges optional array
                          • begin optional - integer

                            The inclusive start of the http status code range.

                          • end optional - integer

                            The inclusive end of the http status code range.

                      • responseBasedDetectedErrorTypes optional - string

                        Type of response errors for real user requests for which origin will be deemed unhealthy.

                      • responseBasedFailoverThresholdPercentage optional - integer

                        The percentage of failed requests in the sample where failover should trigger.

                  • trafficRestorationTimeToHealedOrNewEndpointsInMinutes optional - integer

                    Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. This property is currently not supported.

          • originHostHeader optional - string

            The host header value sent to the origin with each request. This property at Endpoint is only allowed when endpoint uses single origin and can be overridden by the same property specified at origin.If you leave this blank, the request hostname determines this value. Azure CDN origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default.

          • originPath optional - string

            A directory path on the origin that CDN can use to retrieve content from, e.g. contoso.cloudapp.net/originpath.

          • origins required array
              • name required - string

                Origin name which must be unique within the endpoint.

              • properties optional
                  • enabled optional - boolean

                    Origin is enabled for load balancing or not. By default, origin is always enabled.

                  • hostName required - string

                    The address of the origin. It can be a domain name, IPv4 address, or IPv6 address. This should be unique across all origins in an endpoint.

                  • httpPort optional - integer

                    The value of the HTTP port. Must be between 1 and 65535.

                  • httpsPort optional - integer

                    The value of the HTTPS port. Must be between 1 and 65535.

                  • originHostHeader optional - string

                    The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure CDN origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default.

                  • priority optional - integer

                    Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5.

                  • privateLinkAlias optional - string

                    The Alias of the Private Link resource. Populating this optional field indicates that this origin is 'Private'

                  • privateLinkApprovalMessage optional - string

                    A custom message to be included in the approval request to connect to the Private Link.

                  • privateLinkLocation optional - string

                    The location of the Private Link resource. Required only if 'privateLinkResourceId' is populated

                  • privateLinkResourceId optional - string

                    The Resource Id of the Private Link resource. Populating this optional field indicates that this backend is 'Private'

                  • weight optional - integer

                    Weight of the origin in given origin group for load balancing. Must be between 1 and 1000

          • probePath optional - string

            Path to a file hosted on the origin which helps accelerate delivery of the dynamic content and calculate the most optimal routes for the CDN. This is relative to the origin path. This property is only relevant when using a single origin.

          • queryStringCachingBehavior optional - string

            Defines how CDN caches requests that include query strings. You can ignore any query strings when caching, bypass caching to prevent requests that contain query strings from being cached, or cache every request with a unique URL.

          • urlSigningKeys optional array
              • keyId required - string

                Defines the customer defined key Id. This id will exist in the incoming request to indicate the key used to form the hash.

              • keySourceParameters required
                  • resourceGroupName required - string

                    Resource group of the user's Key Vault containing the secret

                  • secretName required - string

                    The name of secret in Key Vault.

                  • secretVersion required - string

                    The version(GUID) of secret in Key Vault.

                  • subscriptionId required - string

                    Subscription Id of the user's Key Vault containing the secret

                  • typeName required - string
                  • vaultName required - string

                    The name of the user's Key Vault containing the secret

          • webApplicationFirewallPolicyLink optional
              • id optional - string

                Resource ID.

      • tags optional - string

        Resource tags.

      • type required - string

      >> from Azure Resource Manager Documentation

      The Other Related Azure CDN Resources

      Frequently asked questions

      What is Azure CDN Endpoint?

      Azure CDN Endpoint is a resource for CDN of Microsoft Azure. Settings can be wrote in Terraform.

      Where can I find the example code for the Azure CDN Endpoint?

      For Terraform, the gilyas/infracost, macmento/build_a_phish and ralphte/build_a_phish source code examples are useful. See the Terraform Example section for further details.

      For Azure Resource Manager, the chrissheldon90/scratch and Access-America/Citizen-Center source code examples are useful. See the Azure Resource Manager Example section for further details.

      security-icon

      Automate config file reviews on your commits

      Fix issues in your infrastructure as code with auto-generated patches.

      Table of Contents