Microsoft.Cdn profiles/originGroups/origins 2020-09-01

Bicep resource definition

The profiles/originGroups/origins resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Cdn/profiles/originGroups/origins resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Cdn/profiles/originGroups/origins@2020-09-01' = {
  name: 'string'
  parent: resourceSymbolicName
  properties: {
    azureOrigin: {
      id: 'string'
    }
    enabledState: 'string'
    hostName: 'string'
    httpPort: int
    httpsPort: int
    originHostHeader: 'string'
    priority: int
    sharedPrivateLinkResource: {
      groupId: 'string'
      privateLink: {
        id: 'string'
      }
      privateLinkLocation: 'string'
      requestMessage: 'string'
      status: 'string'
    }
    weight: int
  }
}

Property values

profiles/originGroups/origins

Name Description Value
name The resource name

See how to set names and types for child resources in Bicep.
string (required)

Character limit: 1-50

Valid characters:
Alphanumerics and hyphens.

Start and end with alphanumeric.

Resource name must be unique across Azure.
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: originGroups
properties The JSON object that contains the properties of the origin. AFDOriginProperties

AFDOriginProperties

Name Description Value
azureOrigin Resource reference to the Azure origin resource. ResourceReference
enabledState Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. 'Disabled'
'Enabled'
hostName The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. string
httpPort The value of the HTTP port. Must be between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65535
httpsPort The value of the HTTPS port. Must be between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65535
originHostHeader The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure CDN origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint string
priority Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5 int

Constraints:
Min value = 1
Max value = 5
sharedPrivateLinkResource The properties of the private link resource for private origin. SharedPrivateLinkResourceProperties
weight Weight of the origin in given origin group for load balancing. Must be between 1 and 1000 int

Constraints:
Min value = 1
Max value = 1000

ResourceReference

Name Description Value
id Resource ID. string

SharedPrivateLinkResourceProperties

Name Description Value
groupId The group id from the provider of resource the shared private link resource is for. string
privateLink The resource id of the resource the shared private link resource is for. ResourceReference
privateLinkLocation The location of the shared private link resource string
requestMessage The request message for requesting approval of the shared private link resource. string
status Status of the shared private link resource. Can be Pending, Approved, Rejected, Disconnected, or Timeout. 'Approved'
'Disconnected'
'Pending'
'Rejected'
'Timeout'

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
FrontDoor CDN with WAF, Domains and Logs to EventHub

Deploy to Azure
This template creates a new Azure FrontDoor cdn profile. Create WAF with custom and managed rules, cdn routes, origin and groups with their association with WAF and routes, configures custom domains, create event hub and diagnostic settings for sending CDN access logs using event hub.
Front Door Premium with App Service origin and Private Link

Deploy to Azure
This template creates a Front Door Premium and an App Service, and uses a private endpoint for Front Door to send traffic to the application.
Front Door Premium with blob origin and Private Link

Deploy to Azure
This template creates a Front Door Premium and an Azure Storage blob container, and uses a private endpoint for Front Door to send traffic to the storage account.
Front Door Premium with VM and Private Link service

Deploy to Azure
This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM.
Front Door Premium with WAF and Microsoft-managed rule sets

Deploy to Azure
This template creates a Front Door Premium including a web application firewall with the Microsoft-managed default and bot protection rule sets.
Front Door Standard/Premium

Deploy to Azure
This template creates a Front Door Standard/Premium.
Front Door Standard/Premium with API Management origin

Deploy to Azure
This template creates a Front Door Premium and an API Management instance, and uses an NSG and global API Management policy to validate that traffic has come through the Front Door origin.
Front Door Standard/Premium with App Service origin

Deploy to Azure
This template creates a Front Door Standard/Premium, an App Service, and configures the App Service to validate that traffic has come through the Front Door origin.
Front Door Standard/Premium with Application Gateway origin

Deploy to Azure
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin.
Front Door with Container Instances and Application Gateway

Deploy to Azure
This template creates a Front Door Standard/Premium with a container group and Application Gateway.
Front Door Standard/Premium with Azure Container Instances

Deploy to Azure
This template creates a Front Door Standard/Premium with a container group.
Front Door Standard/Premium with custom domain

Deploy to Azure
This template creates a Front Door Standard/Premium including a custom domain and Microsoft-managed certificate.
Front Door Standard/Premium with Azure DNS and custom domain

Deploy to Azure
This template creates a Front Door Standard/Premium including a custom domain on Azure DNS and Microsoft-managed certificate.
Front Door Standard/Premium with domain and certificate

Deploy to Azure
This template creates a Front Door Standard/Premium including a custom domain and customer-managed certificate.
Front Door Standard/Premium with Azure Functions origin

Deploy to Azure
This template creates a Front Door Standard/Premium, an Azure Functions app, and configures the function app to validate that traffic has come through the Front Door origin.
Front Door Standard/Premium with geo-filtering

Deploy to Azure
This template creates a Front Door Standard/Premium including a web application firewall with a geo-filtering rule.
Front Door Standard/Premium with rate limit

Deploy to Azure
This template creates a Front Door Standard/Premium including a web application firewall with a rate limit rule.
Front Door Standard/Premium with rule set

Deploy to Azure
This template creates a Front Door Standard/Premium including a rule set.
Front Door Standard/Premium with static website origin

Deploy to Azure
This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website.
Front Door Standard/Premium with WAF and custom rule

Deploy to Azure
This template creates a Front Door Standard/Premium including a web application firewall with a custom rule.
Function App secured by Azure Frontdoor

Deploy to Azure
This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link.
Highly Available Multi-region Web App

Deploy to Azure
This template allows you to create a secure, highly available, multi-region end to end solution with two web apps in different regions behind Azure Front Door

ARM template resource definition

The profiles/originGroups/origins resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Cdn/profiles/originGroups/origins resource, add the following JSON to your template.

{
  "type": "Microsoft.Cdn/profiles/originGroups/origins",
  "apiVersion": "2020-09-01",
  "name": "string",
  "properties": {
    "azureOrigin": {
      "id": "string"
    },
    "enabledState": "string",
    "hostName": "string",
    "httpPort": "int",
    "httpsPort": "int",
    "originHostHeader": "string",
    "priority": "int",
    "sharedPrivateLinkResource": {
      "groupId": "string",
      "privateLink": {
        "id": "string"
      },
      "privateLinkLocation": "string",
      "requestMessage": "string",
      "status": "string"
    },
    "weight": "int"
  }
}

Property values

profiles/originGroups/origins

Name Description Value
type The resource type 'Microsoft.Cdn/profiles/originGroups/origins'
apiVersion The resource api version '2020-09-01'
name The resource name

See how to set names and types for child resources in JSON ARM templates.
string (required)

Character limit: 1-50

Valid characters:
Alphanumerics and hyphens.

Start and end with alphanumeric.

Resource name must be unique across Azure.
properties The JSON object that contains the properties of the origin. AFDOriginProperties

AFDOriginProperties

Name Description Value
azureOrigin Resource reference to the Azure origin resource. ResourceReference
enabledState Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. 'Disabled'
'Enabled'
hostName The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. string
httpPort The value of the HTTP port. Must be between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65535
httpsPort The value of the HTTPS port. Must be between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65535
originHostHeader The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure CDN origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint string
priority Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5 int

Constraints:
Min value = 1
Max value = 5
sharedPrivateLinkResource The properties of the private link resource for private origin. SharedPrivateLinkResourceProperties
weight Weight of the origin in given origin group for load balancing. Must be between 1 and 1000 int

Constraints:
Min value = 1
Max value = 1000

ResourceReference

Name Description Value
id Resource ID. string

SharedPrivateLinkResourceProperties

Name Description Value
groupId The group id from the provider of resource the shared private link resource is for. string
privateLink The resource id of the resource the shared private link resource is for. ResourceReference
privateLinkLocation The location of the shared private link resource string
requestMessage The request message for requesting approval of the shared private link resource. string
status Status of the shared private link resource. Can be Pending, Approved, Rejected, Disconnected, or Timeout. 'Approved'
'Disconnected'
'Pending'
'Rejected'
'Timeout'

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
FrontDoor CDN with WAF, Domains and Logs to EventHub

Deploy to Azure
This template creates a new Azure FrontDoor cdn profile. Create WAF with custom and managed rules, cdn routes, origin and groups with their association with WAF and routes, configures custom domains, create event hub and diagnostic settings for sending CDN access logs using event hub.
Front Door Premium with App Service origin and Private Link

Deploy to Azure
This template creates a Front Door Premium and an App Service, and uses a private endpoint for Front Door to send traffic to the application.
Front Door Premium with blob origin and Private Link

Deploy to Azure
This template creates a Front Door Premium and an Azure Storage blob container, and uses a private endpoint for Front Door to send traffic to the storage account.
Front Door Premium with VM and Private Link service

Deploy to Azure
This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM.
Front Door Premium with WAF and Microsoft-managed rule sets

Deploy to Azure
This template creates a Front Door Premium including a web application firewall with the Microsoft-managed default and bot protection rule sets.
Front Door Standard/Premium

Deploy to Azure
This template creates a Front Door Standard/Premium.
Front Door Standard/Premium with API Management origin

Deploy to Azure
This template creates a Front Door Premium and an API Management instance, and uses an NSG and global API Management policy to validate that traffic has come through the Front Door origin.
Front Door Standard/Premium with App Service origin

Deploy to Azure
This template creates a Front Door Standard/Premium, an App Service, and configures the App Service to validate that traffic has come through the Front Door origin.
Front Door Standard/Premium with Application Gateway origin

Deploy to Azure
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin.
Front Door with Container Instances and Application Gateway

Deploy to Azure
This template creates a Front Door Standard/Premium with a container group and Application Gateway.
Front Door Standard/Premium with Azure Container Instances

Deploy to Azure
This template creates a Front Door Standard/Premium with a container group.
Front Door Standard/Premium with custom domain

Deploy to Azure
This template creates a Front Door Standard/Premium including a custom domain and Microsoft-managed certificate.
Front Door Standard/Premium with Azure DNS and custom domain

Deploy to Azure
This template creates a Front Door Standard/Premium including a custom domain on Azure DNS and Microsoft-managed certificate.
Front Door Standard/Premium with domain and certificate

Deploy to Azure
This template creates a Front Door Standard/Premium including a custom domain and customer-managed certificate.
Front Door Standard/Premium with Azure Functions origin

Deploy to Azure
This template creates a Front Door Standard/Premium, an Azure Functions app, and configures the function app to validate that traffic has come through the Front Door origin.
Front Door Standard/Premium with geo-filtering

Deploy to Azure
This template creates a Front Door Standard/Premium including a web application firewall with a geo-filtering rule.
Front Door Standard/Premium with rate limit

Deploy to Azure
This template creates a Front Door Standard/Premium including a web application firewall with a rate limit rule.
Front Door Standard/Premium with rule set

Deploy to Azure
This template creates a Front Door Standard/Premium including a rule set.
Front Door Standard/Premium with static website origin

Deploy to Azure
This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website.
Front Door Standard/Premium with WAF and custom rule

Deploy to Azure
This template creates a Front Door Standard/Premium including a web application firewall with a custom rule.
Function App secured by Azure Frontdoor

Deploy to Azure
This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link.
Highly Available Multi-region Web App

Deploy to Azure
This template allows you to create a secure, highly available, multi-region end to end solution with two web apps in different regions behind Azure Front Door

Terraform (AzAPI provider) resource definition

The profiles/originGroups/origins resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Cdn/profiles/originGroups/origins resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Cdn/profiles/originGroups/origins@2020-09-01"
  name = "string"
  parent_id = "string"
  body = jsonencode({
    properties = {
      azureOrigin = {
        id = "string"
      }
      enabledState = "string"
      hostName = "string"
      httpPort = int
      httpsPort = int
      originHostHeader = "string"
      priority = int
      sharedPrivateLinkResource = {
        groupId = "string"
        privateLink = {
          id = "string"
        }
        privateLinkLocation = "string"
        requestMessage = "string"
        status = "string"
      }
      weight = int
    }
  })
}

Property values

profiles/originGroups/origins

Name Description Value
type The resource type "Microsoft.Cdn/profiles/originGroups/origins@2020-09-01"
name The resource name string (required)

Character limit: 1-50

Valid characters:
Alphanumerics and hyphens.

Start and end with alphanumeric.

Resource name must be unique across Azure.
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: originGroups
properties The JSON object that contains the properties of the origin. AFDOriginProperties

AFDOriginProperties

Name Description Value
azureOrigin Resource reference to the Azure origin resource. ResourceReference
enabledState Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. "Disabled"
"Enabled"
hostName The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. string
httpPort The value of the HTTP port. Must be between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65535
httpsPort The value of the HTTPS port. Must be between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65535
originHostHeader The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure CDN origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint string
priority Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5 int

Constraints:
Min value = 1
Max value = 5
sharedPrivateLinkResource The properties of the private link resource for private origin. SharedPrivateLinkResourceProperties
weight Weight of the origin in given origin group for load balancing. Must be between 1 and 1000 int

Constraints:
Min value = 1
Max value = 1000

ResourceReference

Name Description Value
id Resource ID. string

SharedPrivateLinkResourceProperties

Name Description Value
groupId The group id from the provider of resource the shared private link resource is for. string
privateLink The resource id of the resource the shared private link resource is for. ResourceReference
privateLinkLocation The location of the shared private link resource string
requestMessage The request message for requesting approval of the shared private link resource. string
status Status of the shared private link resource. Can be Pending, Approved, Rejected, Disconnected, or Timeout. "Approved"
"Disconnected"
"Pending"
"Rejected"
"Timeout"