Azure Messaging Network ACL
This page shows how to write Terraform and Azure Resource Manager for Messaging Network ACL and write them securely.
azurerm_signalr_service_network_acl (Terraform)
The Network ACL in Messaging can be configured in Terraform with the resource name azurerm_signalr_service_network_acl
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
signalr_service_id
- (Required) The ID of the SignalR service. Changing this forces a new resource to be created.default_action
- (Required) The default action to control the network access when no other rule matches. Possible values areAllow
andDeny
.public_network
- (Required) Apublic_network
block as defined below.private_endpoint
- (Optional) Aprivate_endpoint
block as defined below.
A public_network
block supports the following:
allowed_request_types
- (Optional) The allowed request types for the public network. Possible values areClientConnection
,ServerConnection
,RESTAPI
andTrace
.
Note: When default_action
is Allow
, allowed_request_types
cannot be set.
denied_request_types
- (Optional) The denied request types for the public network. Possible values areClientConnection
,ServerConnection
,RESTAPI
andTrace
.
Note: When default_action
is Deny
, denied_request_types
cannot be set.
Note: allowed_request_types
and denied_request_types
cannot be set together.
A private_endpoint
block supports the following:
id
- (Required) The ID of the Private Endpoint which is based on the SignalR service.allowed_request_types
- (Optional) The allowed request types for the Private Endpoint Connection. Possible values areClientConnection
,ServerConnection
,RESTAPI
andTrace
.
Note: When default_action
is Allow
, allowed_request_types
cannot be set.
denied_request_types
- (Optional) The denied request types for the Private Endpoint Connection. Possible values areClientConnection
,ServerConnection
,RESTAPI
andTrace
.
Note: When default_action
is Deny
, denied_request_types
cannot be set.
Note: allowed_request_types
and denied_request_types
cannot be set together.
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the SignalR service.
Explanation in Terraform Registry
Manages the Network ACL for a SignalR service.
Microsoft.SignalRService/signalR (Azure Resource Manager)
The signalR in Microsoft.SignalRService can be configured in Azure Resource Manager with the resource name Microsoft.SignalRService/signalR
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
apiVersion
required - stringidentity
optionaltype
optional - stringuserAssignedIdentities
optional - undefinedGet or set the user assigned identities
kind
optional - stringlocation
optional - stringThe GEO location of the resource. e.g. West US | East US | North Central US | South Central US.
name
required - stringThe name of the resource.
properties
requiredcors
optionalallowedOrigins
optional - arrayGets or sets the list of origins that should be allowed to make cross-origin calls (for example: http://example.com:12345). Use "*" to allow all. If omitted, allow all by default.
disableAadAuth
optional - booleanDisableLocalAuth Enable or disable aad auth When set as true, connection with AuthType=aad won't work.
disableLocalAuth
optional - booleanDisableLocalAuth Enable or disable local auth with AccessKey When set as true, connection with AccessKey=xxx won't work.
features
optional arrayflag
required - stringproperties
optional - stringOptional properties related to this feature.
value
required - stringValue of the feature flag. See Azure SignalR service document https://docs.microsoft.com/azure/azure-signalr/ for allowed values.
networkACLs
optionaldefaultAction
optional - stringprivateEndpoints
optional arrayallow
optional - arrayAllowed request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI.
deny
optional - arrayDenied request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI.
name
required - stringName of the private endpoint connection
publicNetwork
optionalallow
optional - arrayAllowed request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI.
deny
optional - arrayDenied request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI.
publicNetworkAccess
optional - stringEnable or disable public network access. Default to "Enabled". When it's Enabled, network ACLs still apply. When it's Disabled, public network access is always disabled no matter what you set in network ACLs.
resourceLogConfiguration
optionalcategories
optional arrayenabled
optional - stringIndicates whether or the resource log category is enabled. Available values: true, false. Case insensitive.
name
optional - stringGets or sets the resource log category's name. Available values: ConnectivityLogs, MessagingLogs. Case insensitive.
tls
optionalclientCertEnabled
optional - booleanRequest client certificate during TLS handshake if enabled
upstream
optionaltemplates
optional arrayauth
optionalmanagedIdentity
optionalresource
optional - stringThe Resource indicating the App ID URI of the target resource. It also appears in the aud (audience) claim of the issued token.
type
optional - string
categoryPattern
optional - stringGets or sets the matching pattern for category names. If not set, it matches any category. There are 3 kind of patterns supported: 1. "*", it to matches any category name 2. Combine multiple categories with ",", for example "connections,messages", it matches category "connections" and "messages" 3. The single category name, for example, "connections", it matches the category "connections"
eventPattern
optional - stringGets or sets the matching pattern for event names. If not set, it matches any event. There are 3 kind of patterns supported: 1. "*", it to matches any event name 2. Combine multiple events with ",", for example "connect,disconnect", it matches event "connect" and "disconnect" 3. The single event name, for example, "connect", it matches "connect"
hubPattern
optional - stringGets or sets the matching pattern for hub names. If not set, it matches any hub. There are 3 kind of patterns supported: 1. "*", it to matches any hub name 2. Combine multiple hubs with ",", for example "hub1,hub2", it matches "hub1" and "hub2" 3. The single hub name, for example, "hub1", it matches "hub1"
urlTemplate
required - stringGets or sets the Upstream URL template. You can use 3 predefined parameters {hub}, {category} {event} inside the template, the value of the Upstream URL is dynamically calculated when the client request comes in. For example, if the urlTemplate is
http://example.com/{hub}/api/{event}
, with a client request from hubchat
connects, it will first POST to this URL:http://example.com/chat/api/connect
.
sku
optionalcapacity
optional - integerOptional, integer. The unit count of the resource. 1 by default.
If present, following values are allowed: Free: 1 Standard: 1,2,5,10,20,50,100
name
required - stringThe name of the SKU. Required.
Allowed values: Standard_S1, Free_F1
tier
optional - string
tags
optional - stringTags of the service which is a list of key value pairs that describe the resource.
type
required - string