azure.azcollection.azure_rm_appgateway module – Manage Application Gateway instance
Note
This module is part of the azure.azcollection collection (version 2.7.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install azure.azcollection
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: azure.azcollection.azure_rm_appgateway
.
New in azure.azcollection 0.1.2
Synopsis
Create, update and delete instance of Application Gateway.
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.7
The host that executes this module must have the azure.azcollection collection installed via galaxy
All python packages listed in collection’s requirements.txt must be installed via pip on the host that executes modules from azure.azcollection
Full installation instructions may be found https://galaxy.ansible.com/azure/azcollection
Parameters
Parameter |
Comments |
---|---|
Active Directory username. Use when authenticating with an Active Directory user rather than service principal. |
|
Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority. |
|
Selects an API profile to use when communicating with Azure services. Default value of Default: |
|
Use to control if tags field is canonical or just appends to existing tags. When canonical, any tags not found in the tags parameter will be removed from the object’s metadata. Choices:
|
|
Controls the source of the credentials to use for authentication. Can also be set via the When set to When set to When set to When set to When set to The Choices:
|
|
Authentication certificates of the application gateway resource. |
|
Certificate public data - base64 encoded pfx. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
Autoscale configuration of the application gateway resource. |
|
Upper bound on number of Application Gateway capacity. |
|
Lower bound on number of Application Gateway capacity. |
|
List of backend address pool of the application gateway resource. |
|
List of backend addresses. |
|
Fully qualified domain name (FQDN). |
|
IP address. |
|
Resource that is unique within a resource group. This name can be used to access the resource. |
|
Backend http settings of the application gateway resource. |
|
Cookie name to use for the affinity cookie. |
|
List of references to application gateway authentication certificates. Applicable only when |
|
Resource ID. |
|
Connection draining of the backend http settings resource. |
|
The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. |
|
Whether connection draining is enabled or not. Choices:
|
|
Cookie based affinity. Choices:
|
|
Host header to be sent to the backend servers. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
Path which should be used as a prefix for all Null means no path will be prefixed. Default value is null. |
|
Whether host header should be picked from the host name of the backend server. Default value is false. Choices:
|
|
The destination port on the backend. |
|
Probe resource of an application gateway. |
|
The protocol used to communicate with the backend. Choices:
|
|
Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. |
|
Array of references to application gateway trusted root certificates. Can be the name of the trusted root certificate or full resource ID. |
|
Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing Choices:
|
|
Azure client ID. Use when authenticating with a Service Principal or Managed Identity (msi). Can also be set via the |
|
For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, Default: |
|
Determines whether or not instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority. By setting this to **True**, the validation of the authority is disabled. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy. Set via credential file profile or the Choices:
|
|
Whether HTTP2 is enabled on the application gateway resource. Choices:
|
|
Frontend IP addresses of the application gateway resource. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
PrivateIPAddress of the network interface IP Configuration. |
|
PrivateIP allocation method. Choices:
|
|
Reference of the PublicIP resource. |
|
Reference of the subnet resource. |
|
Full ID of the subnet resource. Required if name and virtual_network_name are not provided. |
|
Name of the subnet. Only used if virtual_network_name is also provided. |
|
Name of the virtual network. Only used if name is also provided. |
|
List of frontend ports of the application gateway resource. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
Frontend port. |
|
List of subnets used by the application gateway. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
Reference of the subnet resource. A subnet from where application gateway gets its private address. |
|
Full ID of the subnet resource. Required if name and virtual_network_name are not provided. |
|
Name of the subnet. Only used if virtual_network_name is also provided. |
|
Name of the virtual network. Only used if name is also provided. |
|
Start or Stop the application gateway. When specified, no updates will occur to the gateway. Choices:
|
|
List of HTTP listeners of the application gateway resource. |
|
Frontend IP configuration resource of an application gateway. |
|
Frontend port resource of an application gateway. |
|
Host name of |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
Protocol of the Choices:
|
|
Applicable only if protocol is Choices:
|
|
SSL certificate resource of an application gateway. |
|
Identity for the App Gateway |
|
Type of the managed identity Choices:
|
|
User Assigned Managed Identities and its options Default: |
|
If the list of identities has to be appended to current identities (true) or if it has to replace current identities (false) Choices:
|
|
List of the user assigned identities IDs associated to the App Gateway Default: |
|
Resource location. If not set, location from the resource group will be used as default. |
|
Parent argument. |
|
Parent argument. |
|
The name of the application gateway. |
|
Active Directory user password. Use when authenticating with an Active Directory user rather than service principal. |
|
Probes available to the application gateway resource. |
|
Host name to send the probe to. |
|
The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. |
|
Criterion for classifying a healthy probe response. |
|
Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. |
|
Name of the probe that is unique within an Application Gateway. |
|
Relative path of probe. Valid path starts from ‘/’. Probe is sent to <Protocol>://<host>:<port><path>. |
|
Whether host header should be picked from the host name of the backend HTTP settings. Default value is false. Choices:
|
|
Custom port which will be used for probing the backend servers. The valid value ranges from 1 to 65535. In case not set, port from http settings will be used. This property is valid for |
|
The protocol used for the probe. Choices:
|
|
The probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. |
|
The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. |
|
Security profile found in ~/.azure/credentials file. |
|
Redirect configurations of the application gateway resource. |
|
Include path in the redirected url. Choices:
|
|
Include query string in the redirected url. Choices:
|
|
Name of the resource that is unique within a resource group. |
|
List of URL path rules within a c(path_based_routing) rule to which the redirect is bound. |
|
Name of the URL rule. |
|
Name of URL path map. |
|
Redirection type. Choices:
|
|
List of c(basic) request routing rule names within the application gateway to which the redirect is bound. |
|
Reference to a listener to redirect the request to. |
|
List of URL path map names (c(path_based_routing) rules) within the application gateway to which the redirect is bound. |
|
List of request routing rules of the application gateway resource. |
|
Backend address pool resource of the application gateway. Not used if rule_type is |
|
Backend |
|
Http listener resource of the application gateway. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
Redirect configuration resource of the application gateway. |
|
Rewrite rule set for the path map. Can be the name of the rewrite rule set or full resource ID. |
|
Rule type. Choices:
|
|
URL path map resource of the application gateway. Required if rule_type is |
|
The name of the resource group. |
|
List of rewrite configurations for the application gateway resource. |
|
Name of the rewrite rule set. |
|
List of rewrite rules. |
|
Set of actions to be done as part of the rewrite rule. |
|
List of actions to be taken on request headers. Default: |
|
Name of the header. |
|
Value of the header. Leave the parameter unset to remove the header. Default: |
|
List of actions to be taken on response headers. Default: |
|
Name of the header. |
|
Value of the header. Leave the parameter unset to remove the header. Default: |
|
Action to be taken on the URL. |
|
Value to which the URL path will be rewriten. Leave parameter unset to keep the original URL path. |
|
Value to which the URL query string will be rewriten. Leave parameter unset to keep the original URL query string. |
|
If set to true, will re-evaluate the path map provided in path-based request routing rules using modified path. Choices:
|
|
Conditions based on which the action set execution will be evaluated. Default: |
|
Setting this value to true will force the pattern to do a case in-sensitive comparison. Choices:
|
|
Setting this value to true will force to check the negation of the condition given by the user. Choices:
|
|
The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. |
|
The parameter for the condition. |
|
Name of the rewrite rule. |
|
Sequence of the rule that determines the order of execution within the set. |
|
Azure client secret. Use when authenticating with a Service Principal. |
|
SKU of the application gateway resource. |
|
Capacity (instance count) of an application gateway. |
|
Name of an application gateway SKU. Choices:
|
|
Tier of an application gateway. Choices:
|
|
SSL certificates of the application gateway resource. |
|
Base-64 encoded pfx certificate. Only applicable in PUT Request. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
Password for the pfx file specified in data. Only applicable in PUT request. |
|
SSL policy of the application gateway resource. |
|
List of SSL cipher suites to be enabled in the specified order to application gateway. Choices:
|
|
List of SSL protocols to be disabled on application gateway. Choices:
|
|
Minimum version of SSL protocol to be supported on application gateway. Choices:
|
|
Name of Ssl Choices:
|
|
Type of SSL Policy. Choices:
|
|
Assert the state of the application gateway. Use Choices:
|
|
Your Azure subscription Id. |
|
Dictionary of string:string pairs to assign as metadata to the object. Metadata tags on the object will be updated with any provided values. To remove tags set append_tags option to false. Currently, Azure DNS zones and Traffic Manager services also don’t allow the use of spaces in the tag. Azure Front Door doesn’t support the use of Azure Automation and Azure CDN only support 15 tags on resources. |
|
Azure tenant ID. Use when authenticating with a Service Principal. |
|
The thumbprint of the private key specified in x509_certificate_path. Use when authenticating with a Service Principal. Required if x509_certificate_path is defined. |
|
Trusted Root certificates of the application gateway resource. |
|
Certificate public data. |
|
Secret Id of (base-64 encoded unencrypted pfx) ‘Secret’ or ‘Certificate’ object stored in KeyVault. Default: |
|
Name of the trusted root certificate that is unique within an Application Gateway. |
|
List of URL path maps of the application gateway resource. |
|
Backend address pool resource of the application gateway which will be used if no path matches occur. Mutually exclusive with default_redirect_configuration. |
|
Backend http settings resource of the application gateway; used with default_backend_address_pool. |
|
Name of redirect configuration resource of the application gateway which will be used if no path matches occur. Mutually exclusive with default_backend_address_pool. |
|
Default rewrite rule set for the path map. Can be the name of the rewrite rule set or full resource ID. |
|
Name of the resource that is unique within the application gateway. This name can be used to access the resource. |
|
List of URL path rules. |
|
Backend address pool resource of the application gateway which will be used if the path is matched. Mutually exclusive with redirect_configuration. |
|
Backend http settings resource of the application gateway; used for the path’s backend_address_pool. |
|
Name of the resource that is unique within the path map. |
|
List of paths. |
|
Name of redirect configuration resource of the application gateway which will be used if the path is matched. Mutually exclusive with backend_address_pool. |
|
Rewrite rule set for the path map. Can be the name of the rewrite rule set or full resource ID. |
|
Web application firewall configuration of the application gateway reosurce. |
|
The disabled rule groups. Default: |
|
The name of the rule group that will be disabled. |
|
The list of rules that will be disabled. If null, all rules of the rule group will be disabled. Default: |
|
Whether the web application firewall is enabled or not. Choices:
|
|
The exclusion list. Default: |
|
The variable to be excluded. |
|
When match_variable is a collection, operator used to specify which elements in the collection this exclusion applies to. |
|
When match_variable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. |
|
Maximum file upload size in Mb for WAF. |
|
Web application firewall mode. Choices:
|
|
Maximum request body size for WAF. |
|
Maximum request body size in Kb for WAF. |
|
Whether allow WAF to check request Body. Choices:
|
|
The type of the web application firewall rule set. Possible values are ‘OWASP’. Choices:
|
|
The version of the rule set type. |
|
Path to the X509 certificate used to create the service principal in PEM format. The certificate must be appended to the private key. Use when authenticating with a Service Principal. |
Notes
Note
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
az login
.Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
See Also
See also
- Sign in with Azure CLI
How to authenticate using the
az login
command.
Examples
- name: Create instance of Application Gateway
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
sku:
name: standard_small
tier: standard
capacity: 2
gateway_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: app_gateway_ip_config
frontend_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: sample_gateway_frontend_ip_config
frontend_ports:
- port: 90
name: ag_frontend_port
backend_address_pools:
- backend_addresses:
- ip_address: 10.0.0.4
name: test_backend_address_pool
backend_http_settings_collection:
- port: 80
protocol: http
cookie_based_affinity: enabled
connection_draining:
drain_timeout_in_sec: 60
enabled: true
name: sample_appgateway_http_settings
http_listeners:
- frontend_ip_configuration: sample_gateway_frontend_ip_config
frontend_port: ag_frontend_port
name: sample_http_listener
request_routing_rules:
- rule_type: basic
backend_address_pool: test_backend_address_pool
backend_http_settings: sample_appgateway_http_settings
http_listener: sample_http_listener
name: rule1
- name: Create instance of Application Gateway with custom trusted root certificate
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
sku:
name: standard_small
tier: standard
capacity: 2
gateway_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: app_gateway_ip_config
frontend_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: sample_gateway_frontend_ip_config
frontend_ports:
- port: 90
name: ag_frontend_port
trusted_root_certificates:
- name: "root_cert"
key_vault_secret_id: "https://kv/secret"
backend_address_pools:
- backend_addresses:
- ip_address: 10.0.0.4
name: test_backend_address_pool
backend_http_settings_collection:
- port: 80
protocol: http
cookie_based_affinity: enabled
connection_draining:
drain_timeout_in_sec: 60
enabled: true
name: sample_appgateway_http_settings
trusted_root_certificates:
- "root_cert"
http_listeners:
- frontend_ip_configuration: sample_gateway_frontend_ip_config
frontend_port: ag_frontend_port
name: sample_http_listener
request_routing_rules:
- rule_type: basic
backend_address_pool: test_backend_address_pool
backend_http_settings: sample_appgateway_http_settings
http_listener: sample_http_listener
name: rule1
- name: Create instance of Application Gateway by looking up virtual network and subnet
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
sku:
name: standard_small
tier: standard
capacity: 2
gateway_ip_configurations:
- subnet:
name: default
virtual_network_name: my-vnet
name: app_gateway_ip_config
frontend_ip_configurations:
- subnet:
name: default
virtual_network_name: my-vnet
name: sample_gateway_frontend_ip_config
frontend_ports:
- port: 90
name: ag_frontend_port
backend_address_pools:
- backend_addresses:
- ip_address: 10.0.0.4
name: test_backend_address_pool
backend_http_settings_collection:
- port: 80
protocol: http
cookie_based_affinity: enabled
name: sample_appgateway_http_settings
http_listeners:
- frontend_ip_configuration: sample_gateway_frontend_ip_config
frontend_port: ag_frontend_port
name: sample_http_listener
request_routing_rules:
- rule_type: basic
backend_address_pool: test_backend_address_pool
backend_http_settings: sample_appgateway_http_settings
http_listener: sample_http_listener
name: rule1
- name: Create instance of Application Gateway with path based rules
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
sku:
name: standard_small
tier: standard
capacity: 2
gateway_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: app_gateway_ip_config
frontend_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: sample_gateway_frontend_ip_config
frontend_ports:
- port: 90
name: ag_frontend_port
backend_address_pools:
- backend_addresses:
- ip_address: 10.0.0.4
name: test_backend_address_pool
backend_http_settings_collection:
- port: 80
protocol: http
cookie_based_affinity: enabled
name: sample_appgateway_http_settings
http_listeners:
- frontend_ip_configuration: sample_gateway_frontend_ip_config
frontend_port: ag_frontend_port
name: sample_http_listener
request_routing_rules:
- rule_type: path_based_routing
http_listener: sample_http_listener
name: rule1
url_path_map: path_mappings
url_path_maps:
- name: path_mappings
default_backend_address_pool: test_backend_address_pool
default_backend_http_settings: sample_appgateway_http_settings
path_rules:
- name: path_rules
backend_address_pool: test_backend_address_pool
backend_http_settings: sample_appgateway_http_settings
paths:
- "/abc"
- "/123/*"
- name: Create instance of Application Gateway with complex routing and redirect rules
azure_rm_appgateway:
resource_group: myResourceGroup
name: myComplexAppGateway
sku:
name: standard_small
tier: standard
capacity: 2
ssl_policy:
policy_type: "predefined"
policy_name: "ssl_policy20170401_s"
ssl_certificates:
- name: ssl_cert
password: your-password
data: "{{ lookup('file', 'certfile') }}"
gateway_ip_configurations:
- subnet:
id: "{{ subnet_output.state.id }}"
name: app_gateway_ip_config
frontend_ip_configurations:
- subnet:
id: "{{ subnet_output.state.id }}"
name: sample_gateway_frontend_ip_config
frontend_ports:
- name: "inbound-http"
port: 80
- name: "inbound-https"
port: 443
backend_address_pools:
- name: test_backend_address_pool1
backend_addresses:
- ip_address: 10.0.0.1
- name: test_backend_address_pool2
backend_addresses:
- ip_address: 10.0.0.2
backend_http_settings_collection:
- name: "http-profile1"
port: 443
protocol: https
pick_host_name_from_backend_address: true
probe: "http-probe1"
cookie_based_affinity: "Disabled"
- name: "http-profile2"
port: 8080
protocol: http
pick_host_name_from_backend_address: true
probe: "http-probe2"
cookie_based_affinity: "Disabled"
http_listeners:
- name: "inbound-http"
protocol: "http"
frontend_ip_configuration: "sample_gateway_frontend_ip_config"
frontend_port: "inbound-http"
- name: "inbound-traffic1"
protocol: "https"
frontend_ip_configuration: "sample_gateway_frontend_ip_config"
frontend_port: "inbound-https"
host_name: "traffic1.example.com"
require_server_name_indication: true
ssl_certificate: "ssl_cert"
- name: "inbound-traffic2"
protocol: "https"
frontend_ip_configuration: "sample_gateway_frontend_ip_config"
frontend_port: "inbound-https"
host_name: "traffic2.example.com"
require_server_name_indication: true
ssl_certificate: "ssl_cert"
url_path_maps:
- name: "path_mappings"
default_redirect_configuration: "redirect-traffic1"
path_rules:
- name: "path_rules"
backend_address_pool: "test_backend_address_pool1"
backend_http_settings: "http-profile1"
paths:
- "/abc"
- "/123/*"
request_routing_rules:
- name: "app-routing1"
rule_type: "basic"
http_listener: "inbound-traffic1"
backend_address_pool: "test_backend_address_pool2"
backend_http_settings: "http-profile1"
- name: "app-routing2"
rule_type: "path_based_routing"
http_listener: "inbound-traffic2"
url_path_map: "path_mappings"
- name: "redirect-routing"
rule_type: "basic"
http_listener: "inbound-http"
redirect_configuration: "redirect-http"
probes:
- name: "http-probe1"
interval: 30
path: "/abc"
protocol: "https"
pick_host_name_from_backend_http_settings: true
timeout: 30
unhealthy_threshold: 2
- name: "http-probe2"
interval: 30
path: "/xyz"
protocol: "http"
pick_host_name_from_backend_http_settings: true
timeout: 30
unhealthy_threshold: 2
redirect_configurations:
- name: "redirect-http"
redirect_type: "permanent"
target_listener: "inbound-traffic1"
include_path: true
include_query_string: true
request_routing_rules:
- "redirect-routing"
- name: "redirect-traffic1"
redirect_type: "found"
target_listener: "inbound-traffic1"
include_path: true
include_query_string: true
url_path_maps:
- "path_mappings"
- name: Create v2 instance of Application Gateway with rewrite rules
azure_rm_appgateway:
resource_group: myResourceGroup
name: myV2AppGateway
sku:
name: standard_v2
tier: standard_v2
capacity: 2
ssl_policy:
policy_type: predefined
policy_name: ssl_policy20170401_s
ssl_certificates:
- name: ssl_cert
password: your-password
data: "{{ lookup('file', ssl_cert) }}"
gateway_ip_configurations:
- subnet:
id: "{{ subnet_output.state.id }}"
name: app_gateway_ip_config
frontend_ip_configurations:
- name: "public-inbound-ip"
public_ip_address: my-appgw-pip
frontend_ports:
- name: "inbound-http"
port: 80
- name: "inbound-https"
port: 443
backend_address_pools:
- name: test_backend_address_pool1
backend_addresses:
- ip_address: 10.0.0.1
- name: test_backend_address_pool2
backend_addresses:
- ip_address: 10.0.0.2
backend_http_settings_collection:
- name: "http-profile1"
port: 443
protocol: https
pick_host_name_from_backend_address: true
probe: "http-probe1"
cookie_based_affinity: "Disabled"
- name: "http-profile2"
port: 8080
protocol: http
pick_host_name_from_backend_address: true
probe: "http-probe2"
cookie_based_affinity: "Disabled"
http_listeners:
- name: "inbound-http"
protocol: "http"
frontend_ip_configuration: "public-inbound-ip"
frontend_port: "inbound-http"
- name: "inbound-traffic1"
protocol: "https"
frontend_ip_configuration: "public-inbound-ip"
frontend_port: "inbound-https"
host_name: "traffic1.example.com"
require_server_name_indication: true
ssl_certificate: "ssl_cert"
- name: "inbound-traffic2"
protocol: "https"
frontend_ip_configuration: "public-inbound-ip"
frontend_port: "inbound-https"
host_name: "traffic2.example.com"
require_server_name_indication: true
ssl_certificate: "ssl_cert"
url_path_maps:
- name: "path_mappings"
default_redirect_configuration: "redirect-traffic1"
default_rewrite_rule_set: "configure-headers"
path_rules:
- name: "path_rules"
backend_address_pool: "test_backend_address_pool1"
backend_http_settings: "http-profile1"
paths:
- "/abc"
- "/123/*"
request_routing_rules:
- name: "app-routing1"
rule_type: "basic"
http_listener: "inbound-traffic1"
backend_address_pool: "test_backend_address_pool2"
backend_http_settings: "http-profile1"
rewrite_rule_set: "configure-headers"
- name: "app-routing2"
rule_type: "path_based_routing"
http_listener: "inbound-traffic2"
url_path_map: "path_mappings"
- name: "redirect-routing"
rule_type: "basic"
http_listener: "inbound-http"
redirect_configuration: "redirect-http"
rewrite_rule_sets:
- name: "configure-headers"
rewrite_rules:
- name: "add-security-response-header"
rule_sequence: 1
action_set:
response_header_configurations:
- header_name: "Strict-Transport-Security"
header_value: "max-age=31536000"
- name: "remove-backend-response-headers"
rule_sequence: 2
action_set:
response_header_configurations:
- header_name: "Server"
- header_name: "X-Powered-By"
- name: "set-custom-header-condition"
rule_sequence: 3
conditions:
- variable: "var_client_ip"
pattern: "1.1.1.1"
- variable: "http_req_Authorization"
pattern: "12345"
ignore_case: false
action_set:
request_header_configurations:
- header_name: "Foo"
header_value: "Bar"
probes:
- name: "http-probe1"
interval: 30
path: "/abc"
protocol: "https"
pick_host_name_from_backend_http_settings: true
timeout: 30
unhealthy_threshold: 2
- name: "http-probe2"
interval: 30
path: "/xyz"
protocol: "http"
pick_host_name_from_backend_http_settings: true
timeout: 30
unhealthy_threshold: 2
redirect_configurations:
- name: "redirect-http"
redirect_type: "permanent"
target_listener: "inbound-traffic1"
include_path: true
include_query_string: true
request_routing_rules:
- "redirect-routing"
- name: "redirect-traffic1"
redirect_type: "found"
target_listener: "inbound-traffic1"
include_path: true
include_query_string: true
url_path_maps:
- "path_mappings"
- name: Create instance of Application Gateway with autoscale configuration
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
sku:
name: standard_small
tier: standard
autoscale_configuration:
max_capacity: 2
min_capacity: 1
gateway_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: app_gateway_ip_config
frontend_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: sample_gateway_frontend_ip_config
frontend_ports:
- port: 90
name: ag_frontend_port
backend_address_pools:
- backend_addresses:
- ip_address: 10.0.0.4
name: test_backend_address_pool
backend_http_settings_collection:
- port: 80
protocol: http
cookie_based_affinity: enabled
name: sample_appgateway_http_settings
http_listeners:
- frontend_ip_configuration: sample_gateway_frontend_ip_config
frontend_port: ag_frontend_port
name: sample_http_listener
request_routing_rules:
- rule_type: basic
backend_address_pool: test_backend_address_pool
backend_http_settings: sample_appgateway_http_settings
http_listener: sample_http_listener
name: rule1
- name: Create instance of Application Gateway waf_v2 with waf configuration
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
sku:
name: waf_v2
tier: waf_v2
capacity: 2
gateway_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: app_gateway_ip_config
frontend_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: sample_gateway_frontend_ip_config
frontend_ports:
- port: 90
name: ag_frontend_port
backend_address_pools:
- backend_addresses:
- ip_address: 10.0.0.4
name: test_backend_address_pool
backend_http_settings_collection:
- port: 80
protocol: http
cookie_based_affinity: enabled
name: sample_appgateway_http_settings
http_listeners:
- frontend_ip_configuration: sample_gateway_frontend_ip_config
frontend_port: ag_frontend_port
name: sample_http_listener
request_routing_rules:
- rule_type: basic
backend_address_pool: test_backend_address_pool
backend_http_settings: sample_appgateway_http_settings
http_listener: sample_http_listener
name: rule1
web_application_firewall_configuration:
- enabled: true
firewall_mode: Detection
rule_set_type: OWASP
rule_set_version: 3.0
request_body_check: true
max_request_body_size_in_kb: 128
file_upload_limit_in_mb: 100
- name: Create application gateway with multi parameters
azure_rm_appgateway:
resource_group: myResourceGroup
name: myappgateway
sku:
name: standard_v2
tier: standard_v2
capacity: 2
gateway_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: app_gateway_ip_config
frontend_ip_configurations:
- name: sample_gateway_frontend_ip_config
public_ip_address: "pip{{ rpfx }}"
frontend_ports:
- port: 80
name: http_frontend_port
backend_address_pools:
- name: test_backend_address_pool # empty pool which will receive attachment to NIC.
backend_http_settings_collection:
- port: 80
protocol: http
cookie_based_affinity: enabled
name: sample_appgateway_http_settings
http_listeners:
- frontend_ip_configuration: sample_gateway_frontend_ip_config
frontend_port: http_frontend_port
protocol: http
name: http_listener
probes:
- name: testprobes01
protocol: http
path: '/'
timeout: 30
host: testazure
interval: 90
port: 80
match:
status_codes:
- 200
request_routing_rules:
- rule_type: basic
backend_address_pool: test_backend_address_pool
backend_http_settings: sample_appgateway_http_settings
http_listener: http_listener
name: rule1
- name: Stop an Application Gateway instance
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
gateway_state: stopped
- name: Start an Application Gateway instance
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
gateway_state: started
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Application gateway resource ID. Returned: always Sample: |
|
Location of application gateway. Returned: always Sample: |
|
Name of application gateway. Returned: always Sample: |
|
Operating state of application gateway. Returned: always Sample: |
|
Provisioning state of application gateway. Returned: always Sample: |
|
Name of resource group. Returned: always Sample: |