This is a continuation of previous articles on IaC shortcomings and resolutions. One of the primary concerns with cloud-based deployment is cost and there are several built-in features at all levels of resource hierarchy and management portal to become more efficient. Some of the mitigations translate back into the IaC where, for example, existing app services in Azure public cloud that were behind several regional Application Gateways may need to be directly associated with a consolidated global FrontDoor. Such transitions must be carefully planned as there is a chance this will affect ongoing traffic. Both source and destination might have their own DNS aliases and callers may need to eventually move to the global FrontDoor.
The steps can be easily articulated in the form of azure cli commands as requiring the creation of a new origin group within the FrontDoor backend and adding the app services as origin within the group, then creating the ruleset and route to associate with the origin group which are listed in the addendum below.
However, care must be taken to ensure that the resources with private links are not mixed with the resources without private links. So, the organization of app services might differ from the source. Another difference might be the creation of appropriate ruleset where the rules articulate a more fine-grained redirect than was possible earlier. That said, Front Door offers fewer rewriting capabilities than the source, so some selection might be involved.
Finally, it is important to prepare for the contingency of region failures so the FrontDoor can divert traffic between regions. Configuration that prevents this will likely not help with Business Continuity and Disaster Recovery initiatives. Also, probes, logging, private network access, and continuous monitoring for usage and costs will be incurred.
Addendum: steps for automation
# assuming a FrontDoor already exists that can be displayed with:
# az afd profile show --name my-fd-01 --resource-group rg-afd-01
az afd origin-group create \
--resource-group rg-afd-01 \
--origin-group-name my-fd-01-og-02 \
--profile-name my-fd-01 \
--probe-request-type GET \
--probe-protocol Https \
--probe-interval-in-seconds 120 \
--probe-path / \
--sample-size 4 \
--successful-samples-required 3 \
--additional-latency-in-milliseconds 50
az afd origin create \
--resource-group rg-afd-01 \
--host-name web-app-01.azurewebsites.net \
--profile-name my-fd-01 \
--origin-group-name my-fd-01-og-02 \
--origin-name web-app-01 \
--origin-host-header web-app-01.azurewebsites.net \
--priority 2 \
--weight 1000 \
--enabled-state Enabled \
--http-port 80 \
--https-port 443
az afd origin create \
--resource-group rg-afd-01 \
--host-name web-app-02.azurewebsites.net \
--profile-name my-fd-01 \
--origin-group-name my-fd-01-og-02 \
--origin-name web-app-02 \
--origin-host-header web-app-02.azurewebsites.net \
--priority 2 \
--weight 1000 \
--enabled-state Enabled \
--http-port 80 \
--https-port 443
az afd route create \
--resource-group rg-afd-01 \
--endpoint-name my-fd-01-ep \
--profile-name my-fd-01 \
--route-name my-fd-01-route-02 \
--https-redirect Enabled \
--origin-group my-fd-01-og-02 \
--supported-protocols Https Http \
--link-to-default-domain Enabled \
--forwarding-protocol MatchRequest \
--patterns-to-match /* \
--custom-domains my-fd-01-cd
az afd rule-set create \
--profile-name my-fd-01 \
--resource-group rg-afd-01 \
--rule-set-name ruleset02
az afd rule create \
--resource-group rg-afd-01 \
--rule-set-name ruleset02 \
--profile-name my-fd-01 \
--order 1 \
--match-variable UrlPath \
--operator Contains \
--match-values web-app-01 \
--rule-name rule01 \
--action-name UrlRedirect \
--redirect-protocol Https \
--redirect-type Moved \
--custom-hostname web-app-01.azurewebsites.net
az afd rule create \
--resource-group rg-afd-01 \
--rule-set-name ruleset02 \
--profile-name my-fd-01 \
--order 2 \
--match-variable UrlPath \
--operator Contains \
--match-values web-app-02 \
--rule-name rule02 \
--action-name UrlRedirect \
--redirect-protocol Https \
--redirect-type Moved \
--custom-hostname web-app-02.azurewebsites.net