Deploy Azure CDN with Terraform for Static Websites

Deploying Azure CDN with Terraform for static websites is a straightforward process that requires a few key steps. You'll need to create a resource group in Azure and then create an Azure CDN profile.

To create an Azure CDN profile, you'll need to specify the name of the profile, the resource group it belongs to, and the location where the profile will be created. This can be done using the Terraform resource `azurerm_cdn_profile`.

Once the profile is created, you'll need to create a CDN endpoint, which is essentially the entry point for your static website. This can be done using the Terraform resource `azurerm_cdn_endpoint`.

To get started with Azure CDN Terraform, you'll need a few things. You'll need an Azure account, which is a given for working with Azure services.

An Azure DevOps organization and project are also required, as they will be used to manage your Terraform files. You'll also need Terraform installed on your computer, along with some basic knowledge of how to use it.

In addition to Terraform, you'll need a storage account in Azure to store your Terraform files. This will help keep your files organized and easily accessible.

Here are the specific prerequisites you'll need to get started:

Microsoft Visual Studio Code (VS Code) is recommended as a text editor, but it's not strictly necessary.

To deploy resources using Terraform, you'll need to create a main.tf file that defines the principal components, including locals, resource groups, storage accounts, storage blobs, CDN profiles, and CDN endpoints.

The main.tf file should contain the azurerm_resource_group block to create the resource group where your static website and associated resources will be deployed. This block should specify the name and location of the resource group.

You can then create a directory for testing and running the Terraform code, and create the necessary files, including main.tf, outputs.tf, providers.tf, and variables.tf. The main.tf file should contain the resource blocks for creating the Azure resources, such as the static website, storage account, and CDN profile.

Here's a breakdown of the required files and their contents:

To deploy resources with Terraform, you need to understand the basic components of a Terraform configuration file. The main.tf file, for example, comprises several principal components, including locals, which define a mapping for static websites and their configurations.

The azurerm_resource_group block creates the resource groups where your static websites and their associated resources will be deployed. This block is crucial in organizing your resources and making them easily manageable.

The azurerm_storage_account block sets up Azure Storage Accounts, which will host your static website's files. Within this resource, you specify the static_website block to enable the static website feature on Azure Storage.

Terraform's deployment process involves several steps. First, you need to initialize the Terraform deployment by running the terraform init command. This command downloads the Azure provider required to manage your Azure resources.

You can also use the -upgrade parameter with the terraform init command to upgrade the necessary provider plugins to the newest version that complies with the configuration's version constraints.

To implement the Terraform code, you need to create several files, including main.tf, outputs.tf, providers.tf, and variables.tf. The main.tf file contains the resource blocks that define your infrastructure, while the outputs.tf file defines the output values that Terraform will provide after deployment.

Here are the key components of a Terraform configuration file:

When you deploy a static website with Terraform, you'll get a range of outputs that are essential for accessing and managing your website.

The static website's CDN endpoint URL is output as `static_website_cdn_endpoint_hostname`, which you can use to link your website to a content delivery network.

You'll also get the name of the CDN profile, `static_website_cdn_profile_name`, which is used to configure the CDN settings for your website.

Your static website's URL from the storage account is output as `static_website_url`, making it easy to access your website.

The storage account's ID is output as `storage_account_id`, while the name is output as `storage_account_name`.

You'll also get the primary access key, `storage_primary_access_key`, and the primary connection string, `storage_primary_connection_string`, for the storage account.

Here's a summary of the outputs you can expect:

To enable Azure CDN configuration, you'll want to set the argument `enable_cdn_profile` to `true`. This will create a CDN profile and endpoint for your static website.

You can choose from several pricing options for your CDN profile, including 'Standard_Akamai', 'Standard_ChinaCdn', 'Standard_Microsoft', 'Standard_Verizon', or 'Premium_Verizon'.

If you want to customize the CDN profile, you can specify the `cdn_profile_name` argument. The name can be up to 24 characters long and must be unique within the resource group.

Here are the possible values for the `cdn_sku_profile` argument:

To add content delivery network acceleration to your static website, you'll need to set the argument enable_cdn_profile = true. This will enable the CDN endpoint for your static website.

You'll also need to provide appropriate values to the cdn_profile_name and cdn_sku_profile arguments. This will help Azure CDN configure the necessary settings for your static website.

Azure CDN verifies the CNAME record you create with your domain provider, which points to your CDN endpoint. This allows traffic addressed to your custom domain to be routed to the specified destination CDN endpoint hostname.

Here are the valid options for the account kind argument, which determines the type of storage account created:

Note that a static website can only be created when the account kind is set to StorageV2.

The inputs for Azure CDN configuration are quite extensive, but don't worry, I've got you covered. The access tier of the storage account is set to "Hot" by default, but you can change it if needed.

You can choose from various storage account kinds, with "StorageV2" being the default. This might seem like a minor detail, but it's essential to get it right.

A list of allowed headers is also configurable, with the default being ["*"]. This means that all headers are allowed to be part of the cross-origin request by default.

Allowed methods for CORS are also set to ["GET", "HEAD"] by default, but you can add or remove methods as needed.

The exposed headers are also set to ["*"] by default, which means all response headers are exposed to CORS clients.

Here's a table summarizing the default values for some of the inputs:

These are just a few of the inputs you can configure for Azure CDN. Make sure to go through each option carefully to ensure you're setting up your CDN correctly.

Azure Static Website is a powerful feature that allows you to host a website directly from an Azure Storage account. You can create a static website by using the Azure Static website with CDN Endpoint Terraform Module.

This module creates an Azure storage account and enables the static website, and it also creates an optional CDN service for the static website. You can change the storage account kind by setting the argument account_kind to the appropriate value.

The valid options for account kind are: BlobStorage, BlockBlobStorage, FileStorage, Storage, and StorageV2. Note that Static Website can only be created when the account_kind is set to StorageV2.

To add content delivery network acceleration to the static website, you need to set the argument enable_cdn_profile to true and provide appropriate values to the cdn_profile_name and cdn_sku_profile arguments.

Here are the types of resources supported by the kumarvna/terraform-azurerm-static-website-cdn module:

The azurerm backend supports three methods of authenticating to the storage account: Access Key, Azure Active Directory, and SAS Token.

You can use the Access Key method directly by specifying the access key, or in combination with an Azure AD principal. If you don't specify an access key or client ID, Terraform will attempt to use Azure CLI.

The Azure Active Directory method can only be used in combination with an Azure AD principal, and requires setting the use_azuread_auth variable to true in your backend configuration.

Here's a summary of the authentication scenarios supported by the azurerm backend:

Authentication is a crucial aspect of storing and managing sensitive data. There are three primary methods for authenticating to an Azure storage account: Access Key, Azure Active Directory, and SAS Token.

The Access Key method is the default and can be used directly by specifying the access key, or in combination with an Azure AD principal. You must generate an access key for your state file blob and specify it in the backend configuration.

Azure Active Directory can only be used in combination with an Azure AD principal, and you must set the use_azuread_auth variable to true in your backend configuration.

SAS Token can only be used directly, and you must generate a SAS Token for your state file blob and pass it to the backend config.

Here are the supported authentication scenarios for the azurerm backend:

Data Source Configurations play a crucial role in ensuring secure authentication.

To configure a data source, you'll need to specify the connection details, such as the server name, database name, and credentials.

A well-configured data source will allow you to authenticate users against a specific database.

The data source configuration can be done using a variety of methods, including using a connection string or a data access API.

For example, in the article section on "Database Authentication", we saw how to configure a data source using a connection string.