Support for creating internal Application Service Environments

[janegilring]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

The current App Service Environment provider does not support creating an internal ASE:
https://www.terraform.io/docs/providers/azurerm/r/app_service_environment.html

New or Affected Resource(s)

• azurerm_app_service_environment

Potential Terraform Configuration

resource "azurerm_resource_group" "example" {
  name     = "exampleRG1"
  location = "westeurope"
}

resource "azurerm_virtual_network" "example" {
  name                = "example-vnet1"
  location            = "${azurerm_resource_group.example.location}"
  resource_group_name = "${azurerm_resource_group.example.name}"
  address_space       = ["10.0.0.0/16"]
}

resource "azurerm_subnet" "ase" {
  name                 = "asesubnet"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefix       = "10.0.1.0/24"
}

resource "azurerm_subnet" "gateway" {
  name                 = "gatewaysubnet"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefix       = "10.0.2.0/24"
}

resource "azurerm_app_service_environment" "example" {
  name                   = "example-ase"
  subnet_id              = azurerm_subnet.ase.id
  pricing_tier           = "I2"
  front_end_scale_factor = 10
}

azurerm_app_service_environment should have a property called "Type" where it can be specified whether the ASE should be Internal or External.

[shawnferry]

In my very limited testing...

If you set internal_load_balancing_mode = "Web" it creates an internal environment.
Possibly also using the I? tier as those are isolated skus; I haven't tested without setting internal_load_balancing_mode and "Web, Publishing" (the default reported by importing the resource is rejected by validation.

https://azure.microsoft.com/en-us/resources/templates/201-web-app-asev2-ilb-create/

internalLoadBalancingMode: 
0 = public VIP only, 1 = only ports 80/443 are mapped to ILB VIP, 2 = only FTP ports are mapped to ILB VIP, 3 = both ports 80/443 and FTP ports are mapped to an ILB VIP.

Of note, it also looks like you will need to manually implement the routes, ngs(s), and possibly other parts which are automatically created if you manually provision the environment via the portal.

[janegilring]

Thanks for the info.
It seems like you refer to the internalLoadBalancingMode property in ARM, in order to provide info regarding how this can be implemented in the Terraform provider?

[mark-the-butler]

It would also be nice to have a reference attribute that retrieves the IP of the ASE after it is created.

[ctooley21]

this would be great to have. my team is currently using an ARM template to deploy an ASE, and was hoping to switch to this resource, but looks like we can't since we use an ASE w/ ILB.
Also @shawnferry would need to add the ability to set the internal SSL cert, and output the ILB IP.

[gpduck]

We have an internal ASE that was deployed through the portal. When I query the configuration using the az cli, it reports the internalLoadBalancingMode as "Web, Publishing". This blog post references the enum in a way that implies that it is actually a flag field, which aligns with what the API is displaying.

0 = None
1 = Web
2 = Publishing
3 = Web, Publishing

So it looks like what we need to be able to do is either specify the integer values, or the combination of the values as a string.

[jackofallops]

I believe this is now supported via the internal_load_balancing_mode property, and that #7346 will complete the feature when merged, so I'm going to mark this issue as fixed by that PR to close when it's merged.

[ghost]

This has been released in version 2.16.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.16.0"
}
# ... other configuration ...

[tobske]

Thanks for adding this feature. Is there a plan to add the IP of the ILB as an attribute?
This is necessary to create the ASE with an ILB and then e.g. add an Application Gateway in one step?

[jackofallops]

Hi @tobske
I don't think there's anything open for that currently, but it certainly seems to make sense. If you would like to open an issue requesting it?

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!