Top / Microsoft Azure / Azure Messaging / Network ACL

Azure Messaging Network ACL

This page shows how to write Terraform and Azure Resource Manager for Messaging Network ACL and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_signalr_service_network_acl (Terraform)

The Network ACL in Messaging can be configured in Terraform with the resource name azurerm_signalr_service_network_acl. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • signalr_service_id - (Required) The ID of the SignalR service. Changing this forces a new resource to be created.

  • default_action - (Required) The default action to control the network access when no other rule matches. Possible values are Allow and Deny.

  • public_network - (Required) A public_network block as defined below.

  • private_endpoint - (Optional) A private_endpoint block as defined below.

A public_network block supports the following:

  • allowed_request_types - (Optional) The allowed request types for the public network. Possible values are ClientConnection, ServerConnection, RESTAPI and Trace.

Note: When default_action is Allow, allowed_request_typescannot be set.

  • denied_request_types - (Optional) The denied request types for the public network. Possible values are ClientConnection, ServerConnection, RESTAPI and Trace.

Note: When default_action is Deny, denied_request_typescannot be set.

Note: allowed_request_types and denied_request_types cannot be set together.

A private_endpoint block supports the following:

  • id - (Required) The ID of the Private Endpoint which is based on the SignalR service.

  • allowed_request_types - (Optional) The allowed request types for the Private Endpoint Connection. Possible values are ClientConnection, ServerConnection, RESTAPI and Trace.

Note: When default_action is Allow, allowed_request_typescannot be set.

  • denied_request_types - (Optional) The denied request types for the Private Endpoint Connection. Possible values are ClientConnection, ServerConnection, RESTAPI and Trace.

Note: When default_action is Deny, denied_request_typescannot be set.

Note: allowed_request_types and denied_request_types cannot be set together.

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the SignalR service.

>> from Terraform Registry

Explanation in Terraform Registry

Manages the Network ACL for a SignalR service.

>> from Terraform Registry

Microsoft.SignalRService/signalR (Azure Resource Manager)

The signalR in Microsoft.SignalRService can be configured in Azure Resource Manager with the resource name Microsoft.SignalRService/signalR. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

  • apiVersion required - string
  • identity optional
      • type optional - string
      • userAssignedIdentities optional - undefined

        Get or set the user assigned identities

  • kind optional - string
  • location optional - string

    The GEO location of the resource. e.g. West US | East US | North Central US | South Central US.

  • name required - string

    The name of the resource.

  • properties required
      • cors optional
          • allowedOrigins optional - array

            Gets or sets the list of origins that should be allowed to make cross-origin calls (for example: http://example.com:12345). Use "*" to allow all. If omitted, allow all by default.

      • disableAadAuth optional - boolean

        DisableLocalAuth Enable or disable aad auth When set as true, connection with AuthType=aad won't work.

      • disableLocalAuth optional - boolean

        DisableLocalAuth Enable or disable local auth with AccessKey When set as true, connection with AccessKey=xxx won't work.

      • features optional array
          • flag required - string
          • properties optional - string

            Optional properties related to this feature.

          • value required - string

            Value of the feature flag. See Azure SignalR service document https://docs.microsoft.com/azure/azure-signalr/ for allowed values.

      • networkACLs optional
          • defaultAction optional - string
          • privateEndpoints optional array
              • allow optional - array

                Allowed request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI.

              • deny optional - array

                Denied request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI.

              • name required - string

                Name of the private endpoint connection

          • publicNetwork optional
              • allow optional - array

                Allowed request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI.

              • deny optional - array

                Denied request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI.

      • publicNetworkAccess optional - string

        Enable or disable public network access. Default to "Enabled". When it's Enabled, network ACLs still apply. When it's Disabled, public network access is always disabled no matter what you set in network ACLs.

      • resourceLogConfiguration optional
          • categories optional array
              • enabled optional - string

                Indicates whether or the resource log category is enabled. Available values: true, false. Case insensitive.

              • name optional - string

                Gets or sets the resource log category's name. Available values: ConnectivityLogs, MessagingLogs. Case insensitive.

      • tls optional
          • clientCertEnabled optional - boolean

            Request client certificate during TLS handshake if enabled

      • upstream optional
          • templates optional array
              • auth optional
                  • managedIdentity optional
                      • resource optional - string

                        The Resource indicating the App ID URI of the target resource. It also appears in the aud (audience) claim of the issued token.

                  • type optional - string
              • categoryPattern optional - string

                Gets or sets the matching pattern for category names. If not set, it matches any category. There are 3 kind of patterns supported: 1. "*", it to matches any category name 2. Combine multiple categories with ",", for example "connections,messages", it matches category "connections" and "messages" 3. The single category name, for example, "connections", it matches the category "connections"

              • eventPattern optional - string

                Gets or sets the matching pattern for event names. If not set, it matches any event. There are 3 kind of patterns supported: 1. "*", it to matches any event name 2. Combine multiple events with ",", for example "connect,disconnect", it matches event "connect" and "disconnect" 3. The single event name, for example, "connect", it matches "connect"

              • hubPattern optional - string

                Gets or sets the matching pattern for hub names. If not set, it matches any hub. There are 3 kind of patterns supported: 1. "*", it to matches any hub name 2. Combine multiple hubs with ",", for example "hub1,hub2", it matches "hub1" and "hub2" 3. The single hub name, for example, "hub1", it matches "hub1"

              • urlTemplate required - string

                Gets or sets the Upstream URL template. You can use 3 predefined parameters {hub}, {category} {event} inside the template, the value of the Upstream URL is dynamically calculated when the client request comes in. For example, if the urlTemplate is http://example.com/{hub}/api/{event}, with a client request from hub chat connects, it will first POST to this URL: http://example.com/chat/api/connect.

  • sku optional
      • capacity optional - integer

        Optional, integer. The unit count of the resource. 1 by default.

        If present, following values are allowed: Free: 1 Standard: 1,2,5,10,20,50,100

      • name required - string

        The name of the SKU. Required.

        Allowed values: Standard_S1, Free_F1

      • tier optional - string
  • tags optional - string

    Tags of the service which is a list of key value pairs that describe the resource.

  • type required - string

>> from Azure Resource Manager Documentation

The Other Related Azure Messaging Resources

Frequently asked questions

What is Azure Messaging Network ACL?

Azure Messaging Network ACL is a resource for Messaging of Microsoft Azure. Settings can be wrote in Terraform.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents