Skip to content

claranet/terraform-azurerm-api-management

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

361 Commits
.config
.config
 
 
.github
.github
 
 
.gitlab/merge_request_templates
.gitlab/merge_request_templates
 
 
examples
examples
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.releaserc
.releaserc
 
 
.tool-versions
.tool-versions
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
committed.toml
committed.toml
 
 
d-naming.tf
d-naming.tf
 
 
locals-naming.tf
locals-naming.tf
 
 
locals-tags.tf
locals-tags.tf
 
 
locals.tf
locals.tf
 
 
m-logs.tf
m-logs.tf
 
 
outputs-prod-groups.tf
outputs-prod-groups.tf
 
 
outputs.tf
outputs.tf
 
 
providers.tf
providers.tf
 
 
r-api-management.tf
r-api-management.tf
 
 
r-backend.tf
r-backend.tf
 
 
r-named-values.tf
r-named-values.tf
 
 
r-network.tf
r-network.tf
 
 
r-policy.tf
r-policy.tf
 
 
r-products-groups.tf
r-products-groups.tf
 
 
renovate.json
renovate.json
 
 
terraform.tfvars.ci
terraform.tfvars.ci
 
 
variables-logs.tf
variables-logs.tf
 
 
variables-naming.tf
variables-naming.tf
 
 
variables-tags.tf
variables-tags.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 
versions.tofu
versions.tofu
 
 

Repository files navigation

Azure API Management

Changelog Notice Apache V2 License OpenTofu Registry

This Terraform module creates an Azure API Management.

Global versioning rule for Claranet Azure modules

Module version Terraform version OpenTofu version AzureRM version
>= 8.x.x Unverified 1.8.x >= 4.0
>= 7.x.x 1.3.x >= 3.0
>= 6.x.x 1.x >= 3.0
>= 5.x.x 0.15.x >= 2.0
>= 4.x.x 0.13.x / 0.14.x >= 2.0
>= 3.x.x 0.12.x >= 2.0
>= 2.x.x 0.12.x < 2.0
< 2.x.x 0.11.x < 2.0

Contributing

If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.

More details are available in the CONTRIBUTING.md file.

Usage

This module is optimized to work with the Claranet terraform-wrapper tool which set some terraform variables in the environment needed by this module. More details about variables set by the terraform-wrapper available in the documentation.

⚠️ Since modules version v8.0.0, we do not maintain/check anymore the compatibility with Hashicorp Terraform. Instead, we recommend to use OpenTofu.

module "apim" {
  source  = "claranet/api-management/azurerm"
  version = "x.x.x"

  location       = module.azure_region.location
  location_short = module.azure_region.location_short
  client_name    = var.client_name
  environment    = var.environment
  stack          = var.stack

  resource_group_name = module.rg.name

  sku_tier     = "Standard"
  sku_capacity = 1

  publisher_name  = "Contoso ApiManager"
  publisher_email = "[email protected]"

  named_values = [
    {
      name   = "my_named_value"
      value  = "my_secret_value"
      secret = true
    },
    {
      display_name = "My second value explained"
      name         = "my_second_value"
      value        = "my_not_secret_value"
    }
  ]

  additional_locations = [{
    location  = "eastus2"
    subnet_id = var.subnet_id
  }]

  logs_destinations_ids = [
    module.logs.storage_account_id,
    module.logs.id
  ]
}

Providers

Name Version
azurecaf >= 1.2.28
azurerm ~> 4.31

Modules

Name Source Version
diagnostics claranet/diagnostic-settings/azurerm ~> 8.2.0

Resources

Name Type
azurerm_api_management.main resource
azurerm_api_management_backend.main resource
azurerm_api_management_group.main resource
azurerm_api_management_named_value.main resource
azurerm_api_management_policy.main resource
azurerm_api_management_product.main resource
azurerm_api_management_product_group.main resource
azurerm_api_management_product_policy.main resource
azurerm_network_security_rule.main resource
azurecaf_name.apim data source
azurecaf_name.apim_nsg_rule data source

Inputs

Name Description Type Default Required
additional_locations List of Azure Regions in which the API Management service should be expanded to. 
list(object({
    location             = string
    capacity             = optional(number)
    zones                = optional(list(number), [1, 2, 3])
    public_ip_address_id = optional(string)
    subnet_id            = optional(string)
  }))
 [] no
backends List of backend configurations for the API Management service. 
list(object({
    name        = string
    protocol    = string
    url         = string
    description = optional(string)
    resource_id = optional(string)
    title       = optional(string)

    credentials = optional(object({
      authorization = optional(object({
        parameter = string
        scheme    = string
      }))
      certificate = optional(list(string))
      header      = optional(map(string))
      query       = optional(map(string))
    }))

    proxy = optional(object({
      url      = string
      username = string
      password = string
    }))

    tls = optional(object({
      validate_certificate_chain = optional(bool)
      validate_certificate_name  = optional(bool)
    }))
  }))
 [] no
certificate_configurations List of certificate configurations. 
list(object({
    encoded_certificate  = string
    certificate_password = optional(string)
    store_name           = string
  }))
 [] no
client_certificate_enabled (Optional) Enforce a client certificate to be presented on each request to the gateway? This is only supported when SKU type is Consumption. bool false no
client_name Client name/account used in naming. string n/a yes
create_management_rule Whether to create the NSG rule for the management port of the APIM. If true, nsg_name variable must be set. bool false no
custom_name Custom API Management name, generated if not set. string "" no
default_tags_enabled Option to enable or disable default tags. bool true no
developer_portal_hostname_configurations Developer Portal hostname configurations. 
list(object({
    host_name                    = string
    key_vault_id                 = optional(string)
    certificate                  = optional(string)
    certificate_password         = optional(string)
    negotiate_client_certificate = optional(bool, false)
  }))
 [] no
diagnostic_settings_custom_name Custom name of the diagnostics settings, name will be default if not set. string "default" no
environment Project environment. string n/a yes
extra_tags Extra tags to add. map(string) {} no
gateway_enabled Whether enable or disable the gateway in main region? Can be disabled only when additional_locations is set. bool true no
groups List of Groups to create with options. 
list(object({
    name         = optional(string)
    display_name = string
    description  = optional(string)
    type         = optional(string)
    external_id  = optional(string)
  }))
 [] no
http2_enabled Should HTTP/2 be supported by the API Management Service? bool false no
identity_ids A list of IDs for User Assigned Managed Identity resources to be assigned. This is required when type is set to UserAssigned or SystemAssigned, UserAssigned. list(string) null no
identity_type Type of Managed Service Identity that should be configured on this API Management Service. string "SystemAssigned" no
location Azure location. string n/a yes
location_short Short string for Azure location. string n/a yes
logs_categories Log categories to send to destinations. list(string) null no
logs_destinations_ids List of destination resources IDs for logs diagnostic destination.
Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set.
If you want to use Azure EventHub as a destination, you must provide a formatted string containing both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the | character.		 list(string) n/a yes
logs_metrics_categories Metrics categories to send to destinations. list(string) null no
management_hostname_configurations List of management hostname configurations. 
list(object({
    host_name                    = string
    key_vault_id                 = optional(string)
    certificate                  = optional(string)
    certificate_password         = optional(string)
    negotiate_client_certificate = optional(bool, false)
  }))
 [] no
management_nsg_rule_priority Priority of the NSG rule created for the management port of the APIM. number 101 no
management_rule_custom_name Custom NSG rule name for APIM Management. string "" no
min_api_version (Optional) The version which the control plane API calls to API Management service are limited with version equal to or newer than. string null no
name_prefix Optional prefix for the generated name. string "" no
name_suffix Optional suffix for the generated name. string "" no
named_values Named values configurations. 
list(object({
    name         = string
    display_name = optional(string)
    value        = string
    secret       = optional(bool, false)
  }))
 [] no
notification_sender_email Email address from which the notification will be sent. string null no
nsg_name NSG name of the subnet hosting the APIM to add the rule to allow management if the APIM is private. string null no
nsg_rg_name Name of the RG hosting the NSG if it's different from the one hosting the APIM. string null no
policy_configurations Policies configurations. 
list(object({
    name        = optional(string, "default")
    xml_content = optional(string)
    xml_link    = optional(string)
  }))
 [] no
portal_hostname_configurations Legacy Portal hostname configurations. 
list(object({
    host_name                    = string
    key_vault_id                 = optional(string)
    certificate                  = optional(string)
    certificate_password         = optional(string)
    negotiate_client_certificate = optional(bool, false)
  }))
 [] no
products List of Products to create with options and Groups to associate to. 
list(object({
    product_id            = optional(string)
    display_name          = string
    description           = optional(string)
    terms                 = optional(string)
    subscription_required = optional(bool, true)
    approval_required     = optional(bool, false)
    published             = optional(bool, true)
    subscriptions_limit   = optional(number, 1)
    groups_names          = optional(list(string), [])
    policy                = optional(string)
  }))
 [] no
proxy_hostname_configurations List of proxy hostname configurations. 
list(object({
    host_name                    = string
    key_vault_id                 = optional(string)
    certificate                  = optional(string)
    certificate_password         = optional(string)
    default_ssl_binding          = optional(bool, false)
    negotiate_client_certificate = optional(bool, false)
  }))
 [] no
publisher_email The email of publisher/company. string n/a yes
publisher_name The name of publisher/company. string n/a yes
resource_group_name Resource group name. string n/a yes
scm_hostname_configurations List of SCM hostname configurations. 
list(object({
    host_name                    = string
    key_vault_id                 = optional(string)
    certificate                  = optional(string)
    certificate_password         = optional(string)
    negotiate_client_certificate = optional(bool, false)
  }))
 [] no
security_configuration Security configuration block. 
object({
    backend_ssl30_enabled  = optional(bool, false)
    backend_tls10_enabled  = optional(bool, false)
    backend_tls11_enabled  = optional(bool, false)
    frontend_ssl30_enabled = optional(bool, false)
    frontend_tls10_enabled = optional(bool, false)
    frontend_tls11_enabled = optional(bool, false)

    tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled = optional(bool, false)
    tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled = optional(bool, false)
    tls_ecdhe_rsa_with_aes128_cbc_sha_ciphers_enabled   = optional(bool, false)
    tls_ecdhe_rsa_with_aes256_cbc_sha_ciphers_enabled   = optional(bool, false)
    tls_rsa_with_aes128_cbc_sha256_ciphers_enabled      = optional(bool, false)
    tls_rsa_with_aes128_cbc_sha_ciphers_enabled         = optional(bool, false)
    tls_rsa_with_aes128_gcm_sha256_ciphers_enabled      = optional(bool, false)
    tls_rsa_with_aes256_cbc_sha256_ciphers_enabled      = optional(bool, false)
    tls_rsa_with_aes256_cbc_sha_ciphers_enabled         = optional(bool, false)

    triple_des_ciphers_enabled = optional(bool, false)
  })
 null no
sign_in_enabled Should anonymous users be redirected to the sign in page? bool false no
sign_up_enabled Can users sign up on the development portal? bool false no
sku_capacity APIM SKU capacity. number 1 no
sku_tier APIM SKU. Valid values include: Developer, Basic, Standard, StandardV2 and Premium. string "Premium" no
stack Project stack name. string n/a yes
subnet_id ID of the Subnet that will be used for the API Management in current location. Required when var.virtual_network_type is External or Internal. string null no
terms_of_service_configuration Terms of service configuration. 
object({
    consent_required = optional(bool, false)
    enabled          = optional(bool, false)
    text             = optional(string, "")
  })
 {} no
virtual_network_type The type of Virtual Network you want to use, valid values include: None, External and Internal. Defaults to None. string "None" no
zones Specifies a list of Availability Zones in which this API Management service should be located. Changing this forces a new API Management service to be created. Supported in Premium Tier. list(number) 
[
  1,
  2,
  3
]
 no

Outputs

Name Description
additional_locations Map listing gateway_regional_url and public_ip_addresses associated.
gateway_regional_url The gateway's regional URL of the API Management Service.
gateway_url The gateway's URL of the API Management Service.
id The ID of the API Management Service.
identity_principal_id API Management system identity principal ID.
management_api_url The management's API URL of the API Management service.
module_diagnostics Diagnostics settings module outputs.
name The name of the API Management Service.
portal_url The publisher portal's URL of the API Management service.
private_ip_addresses The Private IP addresses of the API Management Service.
public_ip_addresses The Public IP addresses of the API Management Service.
resource The API Management Service resource object.
resource_groups List of groups created in the API Management instance.
resource_products List of products created in the API Management instance.
resource_products_groups List of products and groups associations created in the API Management instance.
resource_products_policies List of policies associated with products in the API Management instance.
scm_url The SCM Endpoint's URL of the API Management service.

Related documentation

Microsoft Azure documentation: https://docs.microsoft.com/en-us/azure/api-management/

About

Terraform module for Azure API Management

Topics

module azure terraform claranet

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

17 stars

Watchers

7 watching

Forks

22 forks
Report repository

Releases

20 tags

Packages

No packages published

Contributors 13

Languages