Microsoft.Network applicationGateways 2018-07-01
- Latest
- 2024-03-01
- 2024-01-01
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-01-01
- 2021-08-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-11-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-04-01
- 2020-03-01
- 2019-12-01
- 2019-11-01
- 2019-09-01
- 2019-08-01
- 2019-07-01
- 2019-06-01
- 2019-04-01
- 2019-02-01
- 2018-12-01
- 2018-11-01
- 2018-10-01
- 2018-08-01
- 2018-07-01
- 2018-06-01
- 2018-04-01
- 2018-02-01
- 2018-01-01
- 2017-11-01
- 2017-10-01
- 2017-09-01
- 2017-08-01
- 2017-06-01
- 2017-03-30
- 2017-03-01
- 2016-12-01
- 2016-09-01
- 2016-06-01
- 2016-03-30
- 2015-06-15
- 2015-05-01-preview
Bicep resource definition
The applicationGateways resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/applicationGateways resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/applicationGateways@2018-07-01' = {
etag: 'string'
location: 'string'
name: 'string'
properties: {
authenticationCertificates: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
data: 'string'
provisioningState: 'string'
}
type: 'string'
}
]
autoscaleConfiguration: {
bounds: {
max: int
min: int
}
}
backendAddressPools: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
backendAddresses: [
{
fqdn: 'string'
ipAddress: 'string'
}
]
backendIPConfigurations: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
applicationGatewayBackendAddressPools: [
...
]
applicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
loadBalancerBackendAddressPools: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
provisioningState: 'string'
}
}
]
loadBalancerInboundNatRules: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
backendPort: int
enableFloatingIP: bool
enableTcpReset: bool
frontendIPConfiguration: {
id: 'string'
}
frontendPort: int
idleTimeoutInMinutes: int
protocol: 'string'
provisioningState: 'string'
}
}
]
primary: bool
privateIPAddress: 'string'
privateIPAddressVersion: 'string'
privateIPAllocationMethod: 'string'
provisioningState: 'string'
publicIPAddress: {
etag: 'string'
id: 'string'
location: 'string'
properties: {
dnsSettings: {
domainNameLabel: 'string'
fqdn: 'string'
reverseFqdn: 'string'
}
idleTimeoutInMinutes: int
ipAddress: 'string'
ipTags: [
{
ipTagType: 'string'
tag: 'string'
}
]
provisioningState: 'string'
publicIPAddressVersion: 'string'
publicIPAllocationMethod: 'string'
publicIPPrefix: {
id: 'string'
}
resourceGuid: 'string'
}
sku: {
name: 'string'
}
tags: {
{customized property}: 'string'
}
zones: [
'string'
]
}
subnet: {
etag: 'string'
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
networkSecurityGroup: {
etag: 'string'
id: 'string'
location: 'string'
properties: {
defaultSecurityRules: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationAddressPrefixes: [
'string'
]
destinationApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
destinationPortRange: 'string'
destinationPortRanges: [
'string'
]
direction: 'string'
priority: int
protocol: 'string'
provisioningState: 'string'
sourceAddressPrefix: 'string'
sourceAddressPrefixes: [
'string'
]
sourceApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
sourcePortRange: 'string'
sourcePortRanges: [
'string'
]
}
}
]
provisioningState: 'string'
resourceGuid: 'string'
securityRules: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationAddressPrefixes: [
'string'
]
destinationApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
destinationPortRange: 'string'
destinationPortRanges: [
'string'
]
direction: 'string'
priority: int
protocol: 'string'
provisioningState: 'string'
sourceAddressPrefix: 'string'
sourceAddressPrefixes: [
'string'
]
sourceApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
sourcePortRange: 'string'
sourcePortRanges: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
provisioningState: 'string'
resourceNavigationLinks: [
{
id: 'string'
name: 'string'
properties: {
link: 'string'
linkedResourceType: 'string'
}
}
]
routeTable: {
etag: 'string'
id: 'string'
location: 'string'
properties: {
disableBgpRoutePropagation: bool
provisioningState: 'string'
routes: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
nextHopIpAddress: 'string'
nextHopType: 'string'
provisioningState: 'string'
}
}
]
}
tags: {
{customized property}: 'string'
}
}
serviceEndpointPolicies: [
{
etag: 'string'
id: 'string'
location: 'string'
properties: {
provisioningState: 'string'
resourceGuid: 'string'
serviceEndpointPolicyDefinitions: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
description: 'string'
provisioningState: 'string'
service: 'string'
serviceResources: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
]
serviceEndpoints: [
{
locations: [
'string'
]
provisioningState: 'string'
service: 'string'
}
]
}
}
}
}
]
provisioningState: 'string'
}
type: 'string'
}
]
backendHttpSettingsCollection: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
affinityCookieName: 'string'
authenticationCertificates: [
{
id: 'string'
}
]
connectionDraining: {
drainTimeoutInSec: int
enabled: bool
}
cookieBasedAffinity: 'string'
hostName: 'string'
path: 'string'
pickHostNameFromBackendAddress: bool
port: int
probe: {
id: 'string'
}
probeEnabled: bool
protocol: 'string'
provisioningState: 'string'
requestTimeout: int
}
type: 'string'
}
]
enableFips: bool
enableHttp2: bool
frontendIPConfigurations: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
privateIPAddress: 'string'
privateIPAllocationMethod: 'string'
provisioningState: 'string'
publicIPAddress: {
id: 'string'
}
subnet: {
id: 'string'
}
}
type: 'string'
}
]
frontendPorts: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
port: int
provisioningState: 'string'
}
type: 'string'
}
]
gatewayIPConfigurations: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
provisioningState: 'string'
subnet: {
id: 'string'
}
}
type: 'string'
}
]
httpListeners: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
frontendIPConfiguration: {
id: 'string'
}
frontendPort: {
id: 'string'
}
hostName: 'string'
protocol: 'string'
provisioningState: 'string'
requireServerNameIndication: bool
sslCertificate: {
id: 'string'
}
}
type: 'string'
}
]
probes: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
host: 'string'
interval: int
match: {
body: 'string'
statusCodes: [
'string'
]
}
minServers: int
path: 'string'
pickHostNameFromBackendHttpSettings: bool
protocol: 'string'
provisioningState: 'string'
timeout: int
unhealthyThreshold: int
}
type: 'string'
}
]
provisioningState: 'string'
redirectConfigurations: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
includePath: bool
includeQueryString: bool
pathRules: [
{
id: 'string'
}
]
redirectType: 'string'
requestRoutingRules: [
{
id: 'string'
}
]
targetListener: {
id: 'string'
}
targetUrl: 'string'
urlPathMaps: [
{
id: 'string'
}
]
}
type: 'string'
}
]
requestRoutingRules: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
backendAddressPool: {
id: 'string'
}
backendHttpSettings: {
id: 'string'
}
httpListener: {
id: 'string'
}
provisioningState: 'string'
redirectConfiguration: {
id: 'string'
}
ruleType: 'string'
urlPathMap: {
id: 'string'
}
}
type: 'string'
}
]
resourceGuid: 'string'
sku: {
capacity: int
name: 'string'
tier: 'string'
}
sslCertificates: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
data: 'string'
password: 'string'
provisioningState: 'string'
publicCertData: 'string'
}
type: 'string'
}
]
sslPolicy: {
cipherSuites: [
'string'
]
disabledSslProtocols: [
'string'
]
minProtocolVersion: 'string'
policyName: 'string'
policyType: 'string'
}
urlPathMaps: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
defaultBackendAddressPool: {
id: 'string'
}
defaultBackendHttpSettings: {
id: 'string'
}
defaultRedirectConfiguration: {
id: 'string'
}
pathRules: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
backendAddressPool: {
id: 'string'
}
backendHttpSettings: {
id: 'string'
}
paths: [
'string'
]
provisioningState: 'string'
redirectConfiguration: {
id: 'string'
}
}
type: 'string'
}
]
provisioningState: 'string'
}
type: 'string'
}
]
webApplicationFirewallConfiguration: {
disabledRuleGroups: [
{
ruleGroupName: 'string'
rules: [
int
]
}
]
enabled: bool
firewallMode: 'string'
maxRequestBodySize: int
requestBodyCheck: bool
ruleSetType: 'string'
ruleSetVersion: 'string'
}
}
tags: {
{customized property}: 'string'
}
zones: [
'string'
]
}
Property values
ApplicationGatewayAuthenticationCertificate
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the authentication certificate that is unique within an Application Gateway. | string |
properties | Authentication certificates properties of an application gateway. | ApplicationGatewayAuthenticationCertificatePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayAuthenticationCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
data | Certificate public data. | string |
provisioningState | Provisioning state of the authentication certificate resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
ApplicationGatewayAutoscaleBounds
Name | Description | Value |
---|---|---|
max | Upper bound on number of Application Gateway instances. | int (required) |
min | Lower bound on number of Application Gateway instances. | int (required) |
ApplicationGatewayAutoscaleConfiguration
Name | Description | Value |
---|---|---|
bounds | Autoscale bounds | ApplicationGatewayAutoscaleBounds (required) |
ApplicationGatewayBackendAddress
Name | Description | Value |
---|---|---|
fqdn | Fully qualified domain name (FQDN). | string |
ipAddress | IP address | string |
ApplicationGatewayBackendAddressPool
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the backend address pool that is unique within an Application Gateway. | string |
properties | Properties of Backend Address Pool of an application gateway. | ApplicationGatewayBackendAddressPoolPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayBackendAddressPoolPropertiesFormat
Name | Description | Value |
---|---|---|
backendAddresses | Backend addresses | ApplicationGatewayBackendAddress[] |
backendIPConfigurations | Collection of references to IPs defined in network interfaces. | NetworkInterfaceIPConfiguration[] |
provisioningState | Provisioning state of the backend address pool resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
ApplicationGatewayBackendHttpSettings
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the backend http settings that is unique within an Application Gateway. | string |
properties | Properties of Backend address pool settings of an application gateway. | ApplicationGatewayBackendHttpSettingsPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayBackendHttpSettingsPropertiesFormat
Name | Description | Value |
---|---|---|
affinityCookieName | Cookie name to use for the affinity cookie. | string |
authenticationCertificates | Array of references to application gateway authentication certificates. | SubResource[] |
connectionDraining | Connection draining of the backend http settings resource. | ApplicationGatewayConnectionDraining |
cookieBasedAffinity | Cookie based affinity. | 'Disabled' 'Enabled' |
hostName | Host header to be sent to the backend servers. | string |
path | Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. Default value is null. | string |
pickHostNameFromBackendAddress | Whether to pick host header should be picked from the host name of the backend server. Default value is false. | bool |
port | The destination port on the backend. | int |
probe | Probe resource of an application gateway. | SubResource |
probeEnabled | Whether the probe is enabled. Default value is false. | bool |
protocol | The protocol used to communicate with the backend. Possible values are 'Http' and 'Https'. | 'Http' 'Https' |
provisioningState | Provisioning state of the backend http settings resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
requestTimeout | Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. | int |
ApplicationGatewayConnectionDraining
Name | Description | Value |
---|---|---|
drainTimeoutInSec | The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. | int Constraints: Min value = 1 Max value = 3600 (required) |
enabled | Whether connection draining is enabled or not. | bool (required) |
ApplicationGatewayFirewallDisabledRuleGroup
Name | Description | Value |
---|---|---|
ruleGroupName | The name of the rule group that will be disabled. | string (required) |
rules | The list of rules that will be disabled. If null, all rules of the rule group will be disabled. | int[] |
ApplicationGatewayFrontendIPConfiguration
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the frontend IP configuration that is unique within an Application Gateway. | string |
properties | Properties of Frontend IP configuration of an application gateway. | ApplicationGatewayFrontendIPConfigurationPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayFrontendIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
privateIPAddress | PrivateIPAddress of the network interface IP Configuration. | string |
privateIPAllocationMethod | PrivateIP allocation method. | 'Dynamic' 'Static' |
provisioningState | Provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
publicIPAddress | Reference of the PublicIP resource. | SubResource |
subnet | Reference of the subnet resource. | SubResource |
ApplicationGatewayFrontendPort
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the frontend port that is unique within an Application Gateway | string |
properties | Properties of Frontend port of an application gateway. | ApplicationGatewayFrontendPortPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayFrontendPortPropertiesFormat
Name | Description | Value |
---|---|---|
port | Frontend port | int |
provisioningState | Provisioning state of the frontend port resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
ApplicationGatewayHttpListener
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the HTTP listener that is unique within an Application Gateway. | string |
properties | Properties of HTTP listener of an application gateway. | ApplicationGatewayHttpListenerPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayHttpListenerPropertiesFormat
Name | Description | Value |
---|---|---|
frontendIPConfiguration | Frontend IP configuration resource of an application gateway. | SubResource |
frontendPort | Frontend port resource of an application gateway. | SubResource |
hostName | Host name of HTTP listener. | string |
protocol | Protocol of the HTTP listener. Possible values are 'Http' and 'Https'. | 'Http' 'Https' |
provisioningState | Provisioning state of the HTTP listener resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
requireServerNameIndication | Applicable only if protocol is https. Enables SNI for multi-hosting. | bool |
sslCertificate | SSL certificate resource of an application gateway. | SubResource |
ApplicationGatewayIPConfiguration
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the IP configuration that is unique within an Application Gateway. | string |
properties | Properties of IP configuration of an application gateway. | ApplicationGatewayIPConfigurationPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
provisioningState | Provisioning state of the application gateway subnet resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
subnet | Reference of the subnet resource. A subnet from where application gateway gets its private address. | SubResource |
ApplicationGatewayPathRule
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the path rule that is unique within an Application Gateway. | string |
properties | Properties of path rule of an application gateway. | ApplicationGatewayPathRulePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayPathRulePropertiesFormat
Name | Description | Value |
---|---|---|
backendAddressPool | Backend address pool resource of URL path map path rule. | SubResource |
backendHttpSettings | Backend http settings resource of URL path map path rule. | SubResource |
paths | Path rules of URL path map. | string[] |
provisioningState | Path rule of URL path map resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
redirectConfiguration | Redirect configuration resource of URL path map path rule. | SubResource |
ApplicationGatewayProbe
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the probe that is unique within an Application Gateway. | string |
properties | Properties of probe of an application gateway. | ApplicationGatewayProbePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayProbeHealthResponseMatch
Name | Description | Value |
---|---|---|
body | Body that must be contained in the health response. Default value is empty. | string |
statusCodes | Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. | string[] |
ApplicationGatewayProbePropertiesFormat
Name | Description | Value |
---|---|---|
host | Host name to send the probe to. | string |
interval | The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. | int |
match | Criterion for classifying a healthy probe response. | ApplicationGatewayProbeHealthResponseMatch |
minServers | Minimum number of servers that are always marked healthy. Default value is 0. | int |
path | Relative path of probe. Valid path starts from '/'. Probe is sent to <Protocol>://<host>:<port><path> | string |
pickHostNameFromBackendHttpSettings | Whether the host header should be picked from the backend http settings. Default value is false. | bool |
protocol | The protocol used for the probe. Possible values are 'Http' and 'Https'. | 'Http' 'Https' |
provisioningState | Provisioning state of the backend http settings resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
timeout | the probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. | int |
unhealthyThreshold | The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. | int |
ApplicationGatewayPropertiesFormat
Name | Description | Value |
---|---|---|
authenticationCertificates | Authentication certificates of the application gateway resource. | ApplicationGatewayAuthenticationCertificate[] |
autoscaleConfiguration | Autoscale Configuration. | ApplicationGatewayAutoscaleConfiguration |
backendAddressPools | Backend address pool of the application gateway resource. | ApplicationGatewayBackendAddressPool[] |
backendHttpSettingsCollection | Backend http settings of the application gateway resource. | ApplicationGatewayBackendHttpSettings[] |
enableFips | Whether FIPS is enabled on the application gateway resource. | bool |
enableHttp2 | Whether HTTP2 is enabled on the application gateway resource. | bool |
frontendIPConfigurations | Frontend IP addresses of the application gateway resource. | ApplicationGatewayFrontendIPConfiguration[] |
frontendPorts | Frontend ports of the application gateway resource. | ApplicationGatewayFrontendPort[] |
gatewayIPConfigurations | Subnets of application the gateway resource. | ApplicationGatewayIPConfiguration[] |
httpListeners | Http listeners of the application gateway resource. | ApplicationGatewayHttpListener[] |
probes | Probes of the application gateway resource. | ApplicationGatewayProbe[] |
provisioningState | Provisioning state of the application gateway resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
redirectConfigurations | Redirect configurations of the application gateway resource. | ApplicationGatewayRedirectConfiguration[] |
requestRoutingRules | Request routing rules of the application gateway resource. | ApplicationGatewayRequestRoutingRule[] |
resourceGuid | Resource GUID property of the application gateway resource. | string |
sku | SKU of the application gateway resource. | ApplicationGatewaySku |
sslCertificates | SSL certificates of the application gateway resource. | ApplicationGatewaySslCertificate[] |
sslPolicy | SSL policy of the application gateway resource. | ApplicationGatewaySslPolicy |
urlPathMaps | URL path map of the application gateway resource. | ApplicationGatewayUrlPathMap[] |
webApplicationFirewallConfiguration | Web application firewall configuration. | ApplicationGatewayWebApplicationFirewallConfiguration |
ApplicationGatewayRedirectConfiguration
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the redirect configuration that is unique within an Application Gateway. | string |
properties | Properties of redirect configuration of the application gateway. | ApplicationGatewayRedirectConfigurationPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayRedirectConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
includePath | Include path in the redirected url. | bool |
includeQueryString | Include query string in the redirected url. | bool |
pathRules | Path rules specifying redirect configuration. | SubResource[] |
redirectType | Supported http redirection types - Permanent, Temporary, Found, SeeOther. | 'Found' 'Permanent' 'SeeOther' 'Temporary' |
requestRoutingRules | Request routing specifying redirect configuration. | SubResource[] |
targetListener | Reference to a listener to redirect the request to. | SubResource |
targetUrl | Url to redirect the request to. | string |
urlPathMaps | Url path maps specifying default redirect configuration. | SubResource[] |
ApplicationGatewayRequestRoutingRule
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the request routing rule that is unique within an Application Gateway. | string |
properties | Properties of request routing rule of the application gateway. | ApplicationGatewayRequestRoutingRulePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayRequestRoutingRulePropertiesFormat
Name | Description | Value |
---|---|---|
backendAddressPool | Backend address pool resource of the application gateway. | SubResource |
backendHttpSettings | Backend http settings resource of the application gateway. | SubResource |
httpListener | Http listener resource of the application gateway. | SubResource |
provisioningState | Provisioning state of the request routing rule resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
redirectConfiguration | Redirect configuration resource of the application gateway. | SubResource |
ruleType | Rule type. | 'Basic' 'PathBasedRouting' |
urlPathMap | URL path map resource of the application gateway. | SubResource |
ApplicationGatewaySku
Name | Description | Value |
---|---|---|
capacity | Capacity (instance count) of an application gateway. | int |
name | Name of an application gateway SKU. | 'Standard_Large' 'Standard_Medium' 'Standard_Small' 'Standard_v2' 'WAF_Large' 'WAF_Medium' 'WAF_v2' |
tier | Tier of an application gateway. | 'Standard' 'Standard_v2' 'WAF' 'WAF_v2' |
ApplicationGatewaySslCertificate
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the SSL certificate that is unique within an Application Gateway. | string |
properties | Properties of SSL certificates of an application gateway. | ApplicationGatewaySslCertificatePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewaySslCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
data | Base-64 encoded pfx certificate. Only applicable in PUT Request. | string |
password | Password for the pfx file specified in data. Only applicable in PUT request. | string |
provisioningState | Provisioning state of the SSL certificate resource Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
publicCertData | Base-64 encoded Public cert data corresponding to pfx specified in data. Only applicable in GET request. | string |
ApplicationGatewaySslPolicy
Name | Description | Value |
---|---|---|
cipherSuites | Ssl cipher suites to be enabled in the specified order to application gateway. | String array containing any of: 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA' 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA' 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256' 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA' 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256' 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA' 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256' 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA' 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384' 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA' 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256' 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256' 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA' 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384' 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256' 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA' 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384' 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' 'TLS_RSA_WITH_3DES_EDE_CBC_SHA' 'TLS_RSA_WITH_AES_128_CBC_SHA' 'TLS_RSA_WITH_AES_128_CBC_SHA256' 'TLS_RSA_WITH_AES_128_GCM_SHA256' 'TLS_RSA_WITH_AES_256_CBC_SHA' 'TLS_RSA_WITH_AES_256_CBC_SHA256' 'TLS_RSA_WITH_AES_256_GCM_SHA384' |
disabledSslProtocols | Ssl protocols to be disabled on application gateway. | String array containing any of: 'TLSv1_0' 'TLSv1_1' 'TLSv1_2' |
minProtocolVersion | Minimum version of Ssl protocol to be supported on application gateway. | 'TLSv1_0' 'TLSv1_1' 'TLSv1_2' |
policyName | Name of Ssl predefined policy | 'AppGwSslPolicy20150501' 'AppGwSslPolicy20170401' 'AppGwSslPolicy20170401S' |
policyType | Type of Ssl Policy | 'Custom' 'Predefined' |
ApplicationGatewayUrlPathMap
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the URL path map that is unique within an Application Gateway. | string |
properties | Properties of UrlPathMap of the application gateway. | ApplicationGatewayUrlPathMapPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayUrlPathMapPropertiesFormat
Name | Description | Value |
---|---|---|
defaultBackendAddressPool | Default backend address pool resource of URL path map. | SubResource |
defaultBackendHttpSettings | Default backend http settings resource of URL path map. | SubResource |
defaultRedirectConfiguration | Default redirect configuration resource of URL path map. | SubResource |
pathRules | Path rule of URL path map resource. | ApplicationGatewayPathRule[] |
provisioningState | Provisioning state of the backend http settings resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
ApplicationGatewayWebApplicationFirewallConfiguration
Name | Description | Value |
---|---|---|
disabledRuleGroups | The disabled rule groups. | ApplicationGatewayFirewallDisabledRuleGroup[] |
enabled | Whether the web application firewall is enabled or not. | bool (required) |
firewallMode | Web application firewall mode. | 'Detection' 'Prevention' (required) |
maxRequestBodySize | Maximum request body size for WAF. | int Constraints: Min value = 8 Max value = 128 |
requestBodyCheck | Whether allow WAF to check request Body. | bool |
ruleSetType | The type of the web application firewall rule set. Possible values are: 'OWASP'. | string (required) |
ruleSetVersion | The version of the rule set type. | string (required) |
ApplicationSecurityGroup
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the application security group. | ApplicationSecurityGroupPropertiesFormat |
tags | Resource tags. | ResourceTags |
ApplicationSecurityGroupPropertiesFormat
Name | Description | Value |
---|
BackendAddressPool
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of load balancer backend address pool. | BackendAddressPoolPropertiesFormat |
BackendAddressPoolPropertiesFormat
Name | Description | Value |
---|---|---|
provisioningState | Get provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
InboundNatRule
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of load balancer inbound nat rule. | InboundNatRulePropertiesFormat |
InboundNatRulePropertiesFormat
Name | Description | Value |
---|---|---|
backendPort | The port used for the internal endpoint. Acceptable values range from 1 to 65535. | int |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | bool |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfiguration | A reference to frontend IP addresses. | SubResource |
frontendPort | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. | int |
idleTimeoutInMinutes | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | int |
protocol | The transport protocol for the endpoint. Possible values are 'Udp' or 'Tcp' or 'All'. | 'All' 'Tcp' 'Udp' |
provisioningState | Gets the provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
IpTag
Name | Description | Value |
---|---|---|
ipTagType | Gets or sets the ipTag type: Example FirstPartyUsage. | string |
tag | Gets or sets value of the IpTag associated with the public IP. Example SQL, Storage etc | string |
Microsoft.Network/applicationGateways
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of the application gateway. | ApplicationGatewayPropertiesFormat |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
zones | A list of availability zones denoting where the resource needs to come from. | string[] |
NetworkInterfaceIPConfiguration
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Network interface IP configuration properties. | NetworkInterfaceIPConfigurationPropertiesFormat |
NetworkInterfaceIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
applicationGatewayBackendAddressPools | The reference of ApplicationGatewayBackendAddressPool resource. | ApplicationGatewayBackendAddressPool[] |
applicationSecurityGroups | Application security groups in which the IP configuration is included. | ApplicationSecurityGroup[] |
loadBalancerBackendAddressPools | The reference of LoadBalancerBackendAddressPool resource. | BackendAddressPool[] |
loadBalancerInboundNatRules | A list of references of LoadBalancerInboundNatRules. | InboundNatRule[] |
primary | Gets whether this is a primary customer address on the network interface. | bool |
privateIPAddress | Private IP address of the IP configuration. | string |
privateIPAddressVersion | Available from Api-Version 2016-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
privateIPAllocationMethod | Defines how a private IP address is assigned. Possible values are: 'Static' and 'Dynamic'. | 'Dynamic' 'Static' |
provisioningState | The provisioning state of the network interface IP configuration. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
publicIPAddress | Public IP address bound to the IP configuration. | PublicIPAddress |
subnet | Subnet bound to the IP configuration. | Subnet |
NetworkSecurityGroup
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the network security group | NetworkSecurityGroupPropertiesFormat |
tags | Resource tags. | ResourceTags |
NetworkSecurityGroupPropertiesFormat
Name | Description | Value |
---|---|---|
defaultSecurityRules | The default security rules of network security group. | SecurityRule[] |
provisioningState | The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
resourceGuid | The resource GUID property of the network security group resource. | string |
securityRules | A collection of security rules of the network security group. | SecurityRule[] |
PublicIPAddress
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
location | Resource location. | string |
properties | Public IP address properties. | PublicIPAddressPropertiesFormat |
sku | The public IP address SKU. | PublicIPAddressSku |
tags | Resource tags. | ResourceTags |
zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
PublicIPAddressDnsSettings
Name | Description | Value |
---|---|---|
domainNameLabel | Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
fqdn | Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
reverseFqdn | Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
PublicIPAddressPropertiesFormat
Name | Description | Value |
---|---|---|
dnsSettings | The FQDN of the DNS record associated with the public IP address. | PublicIPAddressDnsSettings |
idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
ipAddress | The IP address associated with the public IP address resource. | string |
ipTags | The list of tags associated with the public IP address. | IpTag[] |
provisioningState | The provisioning state of the PublicIP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
publicIPAddressVersion | The public IP address version. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
publicIPAllocationMethod | The public IP allocation method. Possible values are: 'Static' and 'Dynamic'. | 'Dynamic' 'Static' |
publicIPPrefix | The Public IP Prefix this Public IP Address should be allocated from. | SubResource |
resourceGuid | The resource GUID property of the public IP resource. | string |
PublicIPAddressSku
Name | Description | Value |
---|---|---|
name | Name of a public IP address SKU. | 'Basic' 'Standard' |
ResourceNavigationLink
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Resource navigation link properties format. | ResourceNavigationLinkFormat |
ResourceNavigationLinkFormat
Name | Description | Value |
---|---|---|
link | Link to the external resource | string |
linkedResourceType | Resource type of the linked resource. | string |
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
Route
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the route. | RoutePropertiesFormat |
RoutePropertiesFormat
Name | Description | Value |
---|---|---|
addressPrefix | The destination CIDR to which the route applies. | string |
nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
nextHopType | The type of Azure hop the packet should be sent to. Possible values are: 'VirtualNetworkGateway', 'VnetLocal', 'Internet', 'VirtualAppliance', and 'None' | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
provisioningState | The provisioning state of the resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
RouteTable
Name | Description | Value |
---|---|---|
etag | Gets a unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the route table. | RouteTablePropertiesFormat |
tags | Resource tags. | ResourceTags |
RouteTablePropertiesFormat
Name | Description | Value |
---|---|---|
disableBgpRoutePropagation | Gets or sets whether to disable the routes learned by BGP on that route table. True means disable. | bool |
provisioningState | The provisioning state of the resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
routes | Collection of routes contained within a route table. | Route[] |
SecurityRule
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the security rule | SecurityRulePropertiesFormat |
SecurityRulePropertiesFormat
Name | Description | Value |
---|---|---|
access | The network traffic is allowed or denied. Possible values are: 'Allow' and 'Deny'. | 'Allow' 'Deny' (required) |
description | A description for this rule. Restricted to 140 chars. | string |
destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
destinationApplicationSecurityGroups | The application security group specified as destination. | ApplicationSecurityGroup[] |
destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
destinationPortRanges | The destination port ranges. | string[] |
direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are: 'Inbound' and 'Outbound'. | 'Inbound' 'Outbound' (required) |
priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int |
protocol | Network protocol this rule applies to. Possible values are 'Tcp', 'Udp', and '*'. | '*' 'Tcp' 'Udp' (required) |
provisioningState | The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
sourceApplicationSecurityGroups | The application security group specified as source. | ApplicationSecurityGroup[] |
sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
sourcePortRanges | The source port ranges. | string[] |
ServiceEndpointPolicy
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the service end point policy | ServiceEndpointPolicyPropertiesFormat |
tags | Resource tags. | ResourceTags |
ServiceEndpointPolicyDefinition
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the service endpoint policy definition | ServiceEndpointPolicyDefinitionPropertiesFormat |
ServiceEndpointPolicyDefinitionPropertiesFormat
Name | Description | Value |
---|---|---|
description | A description for this rule. Restricted to 140 chars. | string |
provisioningState | The provisioning state of the service end point policy definition. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
service | service endpoint name. | string |
serviceResources | A list of service resources. | string[] |
ServiceEndpointPolicyPropertiesFormat
Name | Description | Value |
---|---|---|
provisioningState | The provisioning state of the service endpoint policy. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
resourceGuid | The resource GUID property of the service endpoint policy resource. | string |
serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | ServiceEndpointPolicyDefinition[] |
ServiceEndpointPropertiesFormat
Name | Description | Value |
---|---|---|
locations | A list of locations. | string[] |
provisioningState | The provisioning state of the resource. | string |
service | The type of the endpoint service. | string |
Subnet
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the subnet. | SubnetPropertiesFormat |
SubnetPropertiesFormat
Name | Description | Value |
---|---|---|
addressPrefix | The address prefix for the subnet. | string |
networkSecurityGroup | The reference of the NetworkSecurityGroup resource. | NetworkSecurityGroup |
provisioningState | The provisioning state of the resource. | string |
resourceNavigationLinks | Gets an array of references to the external resources using subnet. | ResourceNavigationLink[] |
routeTable | The reference of the RouteTable resource. | RouteTable |
serviceEndpointPolicies | An array of service endpoint policies. | ServiceEndpointPolicy[] |
serviceEndpoints | An array of service endpoints. | ServiceEndpointPropertiesFormat[] |
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
AKS Cluster with a NAT Gateway and an Application Gateway | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
AKS cluster with the Application Gateway Ingress Controller | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
Application Gateway with internal API Management and Web App | Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. |
Application Gateway with WAF and firewall policy | This template creates an Application Gateway with WAF configured along with a firewall policy |
Create a Web App, PE and Application Gateway v2 | This template creates an Azure Web App with Private endpoint in Azure Virtual Network Subnet , an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet). The Web App restricts access to traffic from the subnet using private endpoint |
Create an Application Gateway v2 | This template creates an application gateway v2 in a virtual network and sets up auto scaling properties and an HTTP load-balancing rule with public frontend |
Create an Azure Application Gateway v2 | This template creates an Azure Application Gateway with two Windows Server 2016 servers in the backend pool |
Create an Azure WAF v2 on Azure Application Gateway | This template creates an Azure Web Application Firewall v2 on Azure Application Gateway with two Windows Server 2016 servers in the backend pool |
Create API Management in Internal VNet with App Gateway | This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway. |
Create Application Gateway with Certificates | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
Deploy a Windows VM scale set with Azure Application Gateway | This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs |
Front Door Standard/Premium with Application Gateway origin | This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin. |
Front Door with Container Instances and Application Gateway | This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
ARM template resource definition
The applicationGateways resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/applicationGateways resource, add the following JSON to your template.
{
"type": "Microsoft.Network/applicationGateways",
"apiVersion": "2018-07-01",
"name": "string",
"etag": "string",
"location": "string",
"properties": {
"authenticationCertificates": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"data": "string",
"provisioningState": "string"
},
"type": "string"
}
],
"autoscaleConfiguration": {
"bounds": {
"max": "int",
"min": "int"
}
},
"backendAddressPools": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"backendAddresses": [
{
"fqdn": "string",
"ipAddress": "string"
}
],
"backendIPConfigurations": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"applicationGatewayBackendAddressPools": [
...
],
"applicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"loadBalancerBackendAddressPools": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"provisioningState": "string"
}
}
],
"loadBalancerInboundNatRules": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"backendPort": "int",
"enableFloatingIP": "bool",
"enableTcpReset": "bool",
"frontendIPConfiguration": {
"id": "string"
},
"frontendPort": "int",
"idleTimeoutInMinutes": "int",
"protocol": "string",
"provisioningState": "string"
}
}
],
"primary": "bool",
"privateIPAddress": "string",
"privateIPAddressVersion": "string",
"privateIPAllocationMethod": "string",
"provisioningState": "string",
"publicIPAddress": {
"etag": "string",
"id": "string",
"location": "string",
"properties": {
"dnsSettings": {
"domainNameLabel": "string",
"fqdn": "string",
"reverseFqdn": "string"
},
"idleTimeoutInMinutes": "int",
"ipAddress": "string",
"ipTags": [
{
"ipTagType": "string",
"tag": "string"
}
],
"provisioningState": "string",
"publicIPAddressVersion": "string",
"publicIPAllocationMethod": "string",
"publicIPPrefix": {
"id": "string"
},
"resourceGuid": "string"
},
"sku": {
"name": "string"
},
"tags": {
"{customized property}": "string"
},
"zones": [ "string" ]
},
"subnet": {
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"networkSecurityGroup": {
"etag": "string",
"id": "string",
"location": "string",
"properties": {
"defaultSecurityRules": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"access": "string",
"description": "string",
"destinationAddressPrefix": "string",
"destinationAddressPrefixes": [ "string" ],
"destinationApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"destinationPortRange": "string",
"destinationPortRanges": [ "string" ],
"direction": "string",
"priority": "int",
"protocol": "string",
"provisioningState": "string",
"sourceAddressPrefix": "string",
"sourceAddressPrefixes": [ "string" ],
"sourceApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"sourcePortRange": "string",
"sourcePortRanges": [ "string" ]
}
}
],
"provisioningState": "string",
"resourceGuid": "string",
"securityRules": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"access": "string",
"description": "string",
"destinationAddressPrefix": "string",
"destinationAddressPrefixes": [ "string" ],
"destinationApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"destinationPortRange": "string",
"destinationPortRanges": [ "string" ],
"direction": "string",
"priority": "int",
"protocol": "string",
"provisioningState": "string",
"sourceAddressPrefix": "string",
"sourceAddressPrefixes": [ "string" ],
"sourceApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"sourcePortRange": "string",
"sourcePortRanges": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"provisioningState": "string",
"resourceNavigationLinks": [
{
"id": "string",
"name": "string",
"properties": {
"link": "string",
"linkedResourceType": "string"
}
}
],
"routeTable": {
"etag": "string",
"id": "string",
"location": "string",
"properties": {
"disableBgpRoutePropagation": "bool",
"provisioningState": "string",
"routes": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"nextHopIpAddress": "string",
"nextHopType": "string",
"provisioningState": "string"
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"serviceEndpointPolicies": [
{
"etag": "string",
"id": "string",
"location": "string",
"properties": {
"provisioningState": "string",
"resourceGuid": "string",
"serviceEndpointPolicyDefinitions": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"description": "string",
"provisioningState": "string",
"service": "string",
"serviceResources": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
],
"serviceEndpoints": [
{
"locations": [ "string" ],
"provisioningState": "string",
"service": "string"
}
]
}
}
}
}
],
"provisioningState": "string"
},
"type": "string"
}
],
"backendHttpSettingsCollection": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"affinityCookieName": "string",
"authenticationCertificates": [
{
"id": "string"
}
],
"connectionDraining": {
"drainTimeoutInSec": "int",
"enabled": "bool"
},
"cookieBasedAffinity": "string",
"hostName": "string",
"path": "string",
"pickHostNameFromBackendAddress": "bool",
"port": "int",
"probe": {
"id": "string"
},
"probeEnabled": "bool",
"protocol": "string",
"provisioningState": "string",
"requestTimeout": "int"
},
"type": "string"
}
],
"enableFips": "bool",
"enableHttp2": "bool",
"frontendIPConfigurations": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"privateIPAddress": "string",
"privateIPAllocationMethod": "string",
"provisioningState": "string",
"publicIPAddress": {
"id": "string"
},
"subnet": {
"id": "string"
}
},
"type": "string"
}
],
"frontendPorts": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"port": "int",
"provisioningState": "string"
},
"type": "string"
}
],
"gatewayIPConfigurations": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"provisioningState": "string",
"subnet": {
"id": "string"
}
},
"type": "string"
}
],
"httpListeners": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"frontendIPConfiguration": {
"id": "string"
},
"frontendPort": {
"id": "string"
},
"hostName": "string",
"protocol": "string",
"provisioningState": "string",
"requireServerNameIndication": "bool",
"sslCertificate": {
"id": "string"
}
},
"type": "string"
}
],
"probes": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"host": "string",
"interval": "int",
"match": {
"body": "string",
"statusCodes": [ "string" ]
},
"minServers": "int",
"path": "string",
"pickHostNameFromBackendHttpSettings": "bool",
"protocol": "string",
"provisioningState": "string",
"timeout": "int",
"unhealthyThreshold": "int"
},
"type": "string"
}
],
"provisioningState": "string",
"redirectConfigurations": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"includePath": "bool",
"includeQueryString": "bool",
"pathRules": [
{
"id": "string"
}
],
"redirectType": "string",
"requestRoutingRules": [
{
"id": "string"
}
],
"targetListener": {
"id": "string"
},
"targetUrl": "string",
"urlPathMaps": [
{
"id": "string"
}
]
},
"type": "string"
}
],
"requestRoutingRules": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"backendAddressPool": {
"id": "string"
},
"backendHttpSettings": {
"id": "string"
},
"httpListener": {
"id": "string"
},
"provisioningState": "string",
"redirectConfiguration": {
"id": "string"
},
"ruleType": "string",
"urlPathMap": {
"id": "string"
}
},
"type": "string"
}
],
"resourceGuid": "string",
"sku": {
"capacity": "int",
"name": "string",
"tier": "string"
},
"sslCertificates": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"data": "string",
"password": "string",
"provisioningState": "string",
"publicCertData": "string"
},
"type": "string"
}
],
"sslPolicy": {
"cipherSuites": [ "string" ],
"disabledSslProtocols": [ "string" ],
"minProtocolVersion": "string",
"policyName": "string",
"policyType": "string"
},
"urlPathMaps": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"defaultBackendAddressPool": {
"id": "string"
},
"defaultBackendHttpSettings": {
"id": "string"
},
"defaultRedirectConfiguration": {
"id": "string"
},
"pathRules": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"backendAddressPool": {
"id": "string"
},
"backendHttpSettings": {
"id": "string"
},
"paths": [ "string" ],
"provisioningState": "string",
"redirectConfiguration": {
"id": "string"
}
},
"type": "string"
}
],
"provisioningState": "string"
},
"type": "string"
}
],
"webApplicationFirewallConfiguration": {
"disabledRuleGroups": [
{
"ruleGroupName": "string",
"rules": [ "int" ]
}
],
"enabled": "bool",
"firewallMode": "string",
"maxRequestBodySize": "int",
"requestBodyCheck": "bool",
"ruleSetType": "string",
"ruleSetVersion": "string"
}
},
"tags": {
"{customized property}": "string"
},
"zones": [ "string" ]
}
Property values
ApplicationGatewayAuthenticationCertificate
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the authentication certificate that is unique within an Application Gateway. | string |
properties | Authentication certificates properties of an application gateway. | ApplicationGatewayAuthenticationCertificatePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayAuthenticationCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
data | Certificate public data. | string |
provisioningState | Provisioning state of the authentication certificate resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
ApplicationGatewayAutoscaleBounds
Name | Description | Value |
---|---|---|
max | Upper bound on number of Application Gateway instances. | int (required) |
min | Lower bound on number of Application Gateway instances. | int (required) |
ApplicationGatewayAutoscaleConfiguration
Name | Description | Value |
---|---|---|
bounds | Autoscale bounds | ApplicationGatewayAutoscaleBounds (required) |
ApplicationGatewayBackendAddress
Name | Description | Value |
---|---|---|
fqdn | Fully qualified domain name (FQDN). | string |
ipAddress | IP address | string |
ApplicationGatewayBackendAddressPool
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the backend address pool that is unique within an Application Gateway. | string |
properties | Properties of Backend Address Pool of an application gateway. | ApplicationGatewayBackendAddressPoolPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayBackendAddressPoolPropertiesFormat
Name | Description | Value |
---|---|---|
backendAddresses | Backend addresses | ApplicationGatewayBackendAddress[] |
backendIPConfigurations | Collection of references to IPs defined in network interfaces. | NetworkInterfaceIPConfiguration[] |
provisioningState | Provisioning state of the backend address pool resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
ApplicationGatewayBackendHttpSettings
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the backend http settings that is unique within an Application Gateway. | string |
properties | Properties of Backend address pool settings of an application gateway. | ApplicationGatewayBackendHttpSettingsPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayBackendHttpSettingsPropertiesFormat
Name | Description | Value |
---|---|---|
affinityCookieName | Cookie name to use for the affinity cookie. | string |
authenticationCertificates | Array of references to application gateway authentication certificates. | SubResource[] |
connectionDraining | Connection draining of the backend http settings resource. | ApplicationGatewayConnectionDraining |
cookieBasedAffinity | Cookie based affinity. | 'Disabled' 'Enabled' |
hostName | Host header to be sent to the backend servers. | string |
path | Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. Default value is null. | string |
pickHostNameFromBackendAddress | Whether to pick host header should be picked from the host name of the backend server. Default value is false. | bool |
port | The destination port on the backend. | int |
probe | Probe resource of an application gateway. | SubResource |
probeEnabled | Whether the probe is enabled. Default value is false. | bool |
protocol | The protocol used to communicate with the backend. Possible values are 'Http' and 'Https'. | 'Http' 'Https' |
provisioningState | Provisioning state of the backend http settings resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
requestTimeout | Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. | int |
ApplicationGatewayConnectionDraining
Name | Description | Value |
---|---|---|
drainTimeoutInSec | The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. | int Constraints: Min value = 1 Max value = 3600 (required) |
enabled | Whether connection draining is enabled or not. | bool (required) |
ApplicationGatewayFirewallDisabledRuleGroup
Name | Description | Value |
---|---|---|
ruleGroupName | The name of the rule group that will be disabled. | string (required) |
rules | The list of rules that will be disabled. If null, all rules of the rule group will be disabled. | int[] |
ApplicationGatewayFrontendIPConfiguration
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the frontend IP configuration that is unique within an Application Gateway. | string |
properties | Properties of Frontend IP configuration of an application gateway. | ApplicationGatewayFrontendIPConfigurationPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayFrontendIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
privateIPAddress | PrivateIPAddress of the network interface IP Configuration. | string |
privateIPAllocationMethod | PrivateIP allocation method. | 'Dynamic' 'Static' |
provisioningState | Provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
publicIPAddress | Reference of the PublicIP resource. | SubResource |
subnet | Reference of the subnet resource. | SubResource |
ApplicationGatewayFrontendPort
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the frontend port that is unique within an Application Gateway | string |
properties | Properties of Frontend port of an application gateway. | ApplicationGatewayFrontendPortPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayFrontendPortPropertiesFormat
Name | Description | Value |
---|---|---|
port | Frontend port | int |
provisioningState | Provisioning state of the frontend port resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
ApplicationGatewayHttpListener
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the HTTP listener that is unique within an Application Gateway. | string |
properties | Properties of HTTP listener of an application gateway. | ApplicationGatewayHttpListenerPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayHttpListenerPropertiesFormat
Name | Description | Value |
---|---|---|
frontendIPConfiguration | Frontend IP configuration resource of an application gateway. | SubResource |
frontendPort | Frontend port resource of an application gateway. | SubResource |
hostName | Host name of HTTP listener. | string |
protocol | Protocol of the HTTP listener. Possible values are 'Http' and 'Https'. | 'Http' 'Https' |
provisioningState | Provisioning state of the HTTP listener resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
requireServerNameIndication | Applicable only if protocol is https. Enables SNI for multi-hosting. | bool |
sslCertificate | SSL certificate resource of an application gateway. | SubResource |
ApplicationGatewayIPConfiguration
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the IP configuration that is unique within an Application Gateway. | string |
properties | Properties of IP configuration of an application gateway. | ApplicationGatewayIPConfigurationPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
provisioningState | Provisioning state of the application gateway subnet resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
subnet | Reference of the subnet resource. A subnet from where application gateway gets its private address. | SubResource |
ApplicationGatewayPathRule
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the path rule that is unique within an Application Gateway. | string |
properties | Properties of path rule of an application gateway. | ApplicationGatewayPathRulePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayPathRulePropertiesFormat
Name | Description | Value |
---|---|---|
backendAddressPool | Backend address pool resource of URL path map path rule. | SubResource |
backendHttpSettings | Backend http settings resource of URL path map path rule. | SubResource |
paths | Path rules of URL path map. | string[] |
provisioningState | Path rule of URL path map resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
redirectConfiguration | Redirect configuration resource of URL path map path rule. | SubResource |
ApplicationGatewayProbe
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the probe that is unique within an Application Gateway. | string |
properties | Properties of probe of an application gateway. | ApplicationGatewayProbePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayProbeHealthResponseMatch
Name | Description | Value |
---|---|---|
body | Body that must be contained in the health response. Default value is empty. | string |
statusCodes | Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. | string[] |
ApplicationGatewayProbePropertiesFormat
Name | Description | Value |
---|---|---|
host | Host name to send the probe to. | string |
interval | The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. | int |
match | Criterion for classifying a healthy probe response. | ApplicationGatewayProbeHealthResponseMatch |
minServers | Minimum number of servers that are always marked healthy. Default value is 0. | int |
path | Relative path of probe. Valid path starts from '/'. Probe is sent to <Protocol>://<host>:<port><path> | string |
pickHostNameFromBackendHttpSettings | Whether the host header should be picked from the backend http settings. Default value is false. | bool |
protocol | The protocol used for the probe. Possible values are 'Http' and 'Https'. | 'Http' 'Https' |
provisioningState | Provisioning state of the backend http settings resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
timeout | the probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. | int |
unhealthyThreshold | The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. | int |
ApplicationGatewayPropertiesFormat
Name | Description | Value |
---|---|---|
authenticationCertificates | Authentication certificates of the application gateway resource. | ApplicationGatewayAuthenticationCertificate[] |
autoscaleConfiguration | Autoscale Configuration. | ApplicationGatewayAutoscaleConfiguration |
backendAddressPools | Backend address pool of the application gateway resource. | ApplicationGatewayBackendAddressPool[] |
backendHttpSettingsCollection | Backend http settings of the application gateway resource. | ApplicationGatewayBackendHttpSettings[] |
enableFips | Whether FIPS is enabled on the application gateway resource. | bool |
enableHttp2 | Whether HTTP2 is enabled on the application gateway resource. | bool |
frontendIPConfigurations | Frontend IP addresses of the application gateway resource. | ApplicationGatewayFrontendIPConfiguration[] |
frontendPorts | Frontend ports of the application gateway resource. | ApplicationGatewayFrontendPort[] |
gatewayIPConfigurations | Subnets of application the gateway resource. | ApplicationGatewayIPConfiguration[] |
httpListeners | Http listeners of the application gateway resource. | ApplicationGatewayHttpListener[] |
probes | Probes of the application gateway resource. | ApplicationGatewayProbe[] |
provisioningState | Provisioning state of the application gateway resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
redirectConfigurations | Redirect configurations of the application gateway resource. | ApplicationGatewayRedirectConfiguration[] |
requestRoutingRules | Request routing rules of the application gateway resource. | ApplicationGatewayRequestRoutingRule[] |
resourceGuid | Resource GUID property of the application gateway resource. | string |
sku | SKU of the application gateway resource. | ApplicationGatewaySku |
sslCertificates | SSL certificates of the application gateway resource. | ApplicationGatewaySslCertificate[] |
sslPolicy | SSL policy of the application gateway resource. | ApplicationGatewaySslPolicy |
urlPathMaps | URL path map of the application gateway resource. | ApplicationGatewayUrlPathMap[] |
webApplicationFirewallConfiguration | Web application firewall configuration. | ApplicationGatewayWebApplicationFirewallConfiguration |
ApplicationGatewayRedirectConfiguration
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the redirect configuration that is unique within an Application Gateway. | string |
properties | Properties of redirect configuration of the application gateway. | ApplicationGatewayRedirectConfigurationPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayRedirectConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
includePath | Include path in the redirected url. | bool |
includeQueryString | Include query string in the redirected url. | bool |
pathRules | Path rules specifying redirect configuration. | SubResource[] |
redirectType | Supported http redirection types - Permanent, Temporary, Found, SeeOther. | 'Found' 'Permanent' 'SeeOther' 'Temporary' |
requestRoutingRules | Request routing specifying redirect configuration. | SubResource[] |
targetListener | Reference to a listener to redirect the request to. | SubResource |
targetUrl | Url to redirect the request to. | string |
urlPathMaps | Url path maps specifying default redirect configuration. | SubResource[] |
ApplicationGatewayRequestRoutingRule
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the request routing rule that is unique within an Application Gateway. | string |
properties | Properties of request routing rule of the application gateway. | ApplicationGatewayRequestRoutingRulePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayRequestRoutingRulePropertiesFormat
Name | Description | Value |
---|---|---|
backendAddressPool | Backend address pool resource of the application gateway. | SubResource |
backendHttpSettings | Backend http settings resource of the application gateway. | SubResource |
httpListener | Http listener resource of the application gateway. | SubResource |
provisioningState | Provisioning state of the request routing rule resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
redirectConfiguration | Redirect configuration resource of the application gateway. | SubResource |
ruleType | Rule type. | 'Basic' 'PathBasedRouting' |
urlPathMap | URL path map resource of the application gateway. | SubResource |
ApplicationGatewaySku
Name | Description | Value |
---|---|---|
capacity | Capacity (instance count) of an application gateway. | int |
name | Name of an application gateway SKU. | 'Standard_Large' 'Standard_Medium' 'Standard_Small' 'Standard_v2' 'WAF_Large' 'WAF_Medium' 'WAF_v2' |
tier | Tier of an application gateway. | 'Standard' 'Standard_v2' 'WAF' 'WAF_v2' |
ApplicationGatewaySslCertificate
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the SSL certificate that is unique within an Application Gateway. | string |
properties | Properties of SSL certificates of an application gateway. | ApplicationGatewaySslCertificatePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewaySslCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
data | Base-64 encoded pfx certificate. Only applicable in PUT Request. | string |
password | Password for the pfx file specified in data. Only applicable in PUT request. | string |
provisioningState | Provisioning state of the SSL certificate resource Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
publicCertData | Base-64 encoded Public cert data corresponding to pfx specified in data. Only applicable in GET request. | string |
ApplicationGatewaySslPolicy
Name | Description | Value |
---|---|---|
cipherSuites | Ssl cipher suites to be enabled in the specified order to application gateway. | String array containing any of: 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA' 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA' 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256' 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA' 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256' 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA' 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256' 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA' 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384' 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA' 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256' 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256' 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA' 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384' 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256' 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA' 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384' 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' 'TLS_RSA_WITH_3DES_EDE_CBC_SHA' 'TLS_RSA_WITH_AES_128_CBC_SHA' 'TLS_RSA_WITH_AES_128_CBC_SHA256' 'TLS_RSA_WITH_AES_128_GCM_SHA256' 'TLS_RSA_WITH_AES_256_CBC_SHA' 'TLS_RSA_WITH_AES_256_CBC_SHA256' 'TLS_RSA_WITH_AES_256_GCM_SHA384' |
disabledSslProtocols | Ssl protocols to be disabled on application gateway. | String array containing any of: 'TLSv1_0' 'TLSv1_1' 'TLSv1_2' |
minProtocolVersion | Minimum version of Ssl protocol to be supported on application gateway. | 'TLSv1_0' 'TLSv1_1' 'TLSv1_2' |
policyName | Name of Ssl predefined policy | 'AppGwSslPolicy20150501' 'AppGwSslPolicy20170401' 'AppGwSslPolicy20170401S' |
policyType | Type of Ssl Policy | 'Custom' 'Predefined' |
ApplicationGatewayUrlPathMap
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the URL path map that is unique within an Application Gateway. | string |
properties | Properties of UrlPathMap of the application gateway. | ApplicationGatewayUrlPathMapPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayUrlPathMapPropertiesFormat
Name | Description | Value |
---|---|---|
defaultBackendAddressPool | Default backend address pool resource of URL path map. | SubResource |
defaultBackendHttpSettings | Default backend http settings resource of URL path map. | SubResource |
defaultRedirectConfiguration | Default redirect configuration resource of URL path map. | SubResource |
pathRules | Path rule of URL path map resource. | ApplicationGatewayPathRule[] |
provisioningState | Provisioning state of the backend http settings resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
ApplicationGatewayWebApplicationFirewallConfiguration
Name | Description | Value |
---|---|---|
disabledRuleGroups | The disabled rule groups. | ApplicationGatewayFirewallDisabledRuleGroup[] |
enabled | Whether the web application firewall is enabled or not. | bool (required) |
firewallMode | Web application firewall mode. | 'Detection' 'Prevention' (required) |
maxRequestBodySize | Maximum request body size for WAF. | int Constraints: Min value = 8 Max value = 128 |
requestBodyCheck | Whether allow WAF to check request Body. | bool |
ruleSetType | The type of the web application firewall rule set. Possible values are: 'OWASP'. | string (required) |
ruleSetVersion | The version of the rule set type. | string (required) |
ApplicationSecurityGroup
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the application security group. | ApplicationSecurityGroupPropertiesFormat |
tags | Resource tags. | ResourceTags |
ApplicationSecurityGroupPropertiesFormat
Name | Description | Value |
---|
BackendAddressPool
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of load balancer backend address pool. | BackendAddressPoolPropertiesFormat |
BackendAddressPoolPropertiesFormat
Name | Description | Value |
---|---|---|
provisioningState | Get provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
InboundNatRule
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of load balancer inbound nat rule. | InboundNatRulePropertiesFormat |
InboundNatRulePropertiesFormat
Name | Description | Value |
---|---|---|
backendPort | The port used for the internal endpoint. Acceptable values range from 1 to 65535. | int |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | bool |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfiguration | A reference to frontend IP addresses. | SubResource |
frontendPort | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. | int |
idleTimeoutInMinutes | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | int |
protocol | The transport protocol for the endpoint. Possible values are 'Udp' or 'Tcp' or 'All'. | 'All' 'Tcp' 'Udp' |
provisioningState | Gets the provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
IpTag
Name | Description | Value |
---|---|---|
ipTagType | Gets or sets the ipTag type: Example FirstPartyUsage. | string |
tag | Gets or sets value of the IpTag associated with the public IP. Example SQL, Storage etc | string |
Microsoft.Network/applicationGateways
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2018-07-01' |
etag | A unique read-only string that changes whenever the resource is updated. | string |
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of the application gateway. | ApplicationGatewayPropertiesFormat |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Network/applicationGateways' |
zones | A list of availability zones denoting where the resource needs to come from. | string[] |
NetworkInterfaceIPConfiguration
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Network interface IP configuration properties. | NetworkInterfaceIPConfigurationPropertiesFormat |
NetworkInterfaceIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
applicationGatewayBackendAddressPools | The reference of ApplicationGatewayBackendAddressPool resource. | ApplicationGatewayBackendAddressPool[] |
applicationSecurityGroups | Application security groups in which the IP configuration is included. | ApplicationSecurityGroup[] |
loadBalancerBackendAddressPools | The reference of LoadBalancerBackendAddressPool resource. | BackendAddressPool[] |
loadBalancerInboundNatRules | A list of references of LoadBalancerInboundNatRules. | InboundNatRule[] |
primary | Gets whether this is a primary customer address on the network interface. | bool |
privateIPAddress | Private IP address of the IP configuration. | string |
privateIPAddressVersion | Available from Api-Version 2016-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
privateIPAllocationMethod | Defines how a private IP address is assigned. Possible values are: 'Static' and 'Dynamic'. | 'Dynamic' 'Static' |
provisioningState | The provisioning state of the network interface IP configuration. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
publicIPAddress | Public IP address bound to the IP configuration. | PublicIPAddress |
subnet | Subnet bound to the IP configuration. | Subnet |
NetworkSecurityGroup
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the network security group | NetworkSecurityGroupPropertiesFormat |
tags | Resource tags. | ResourceTags |
NetworkSecurityGroupPropertiesFormat
Name | Description | Value |
---|---|---|
defaultSecurityRules | The default security rules of network security group. | SecurityRule[] |
provisioningState | The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
resourceGuid | The resource GUID property of the network security group resource. | string |
securityRules | A collection of security rules of the network security group. | SecurityRule[] |
PublicIPAddress
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
location | Resource location. | string |
properties | Public IP address properties. | PublicIPAddressPropertiesFormat |
sku | The public IP address SKU. | PublicIPAddressSku |
tags | Resource tags. | ResourceTags |
zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
PublicIPAddressDnsSettings
Name | Description | Value |
---|---|---|
domainNameLabel | Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
fqdn | Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
reverseFqdn | Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
PublicIPAddressPropertiesFormat
Name | Description | Value |
---|---|---|
dnsSettings | The FQDN of the DNS record associated with the public IP address. | PublicIPAddressDnsSettings |
idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
ipAddress | The IP address associated with the public IP address resource. | string |
ipTags | The list of tags associated with the public IP address. | IpTag[] |
provisioningState | The provisioning state of the PublicIP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
publicIPAddressVersion | The public IP address version. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
publicIPAllocationMethod | The public IP allocation method. Possible values are: 'Static' and 'Dynamic'. | 'Dynamic' 'Static' |
publicIPPrefix | The Public IP Prefix this Public IP Address should be allocated from. | SubResource |
resourceGuid | The resource GUID property of the public IP resource. | string |
PublicIPAddressSku
Name | Description | Value |
---|---|---|
name | Name of a public IP address SKU. | 'Basic' 'Standard' |
ResourceNavigationLink
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Resource navigation link properties format. | ResourceNavigationLinkFormat |
ResourceNavigationLinkFormat
Name | Description | Value |
---|---|---|
link | Link to the external resource | string |
linkedResourceType | Resource type of the linked resource. | string |
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
Route
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the route. | RoutePropertiesFormat |
RoutePropertiesFormat
Name | Description | Value |
---|---|---|
addressPrefix | The destination CIDR to which the route applies. | string |
nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
nextHopType | The type of Azure hop the packet should be sent to. Possible values are: 'VirtualNetworkGateway', 'VnetLocal', 'Internet', 'VirtualAppliance', and 'None' | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
provisioningState | The provisioning state of the resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
RouteTable
Name | Description | Value |
---|---|---|
etag | Gets a unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the route table. | RouteTablePropertiesFormat |
tags | Resource tags. | ResourceTags |
RouteTablePropertiesFormat
Name | Description | Value |
---|---|---|
disableBgpRoutePropagation | Gets or sets whether to disable the routes learned by BGP on that route table. True means disable. | bool |
provisioningState | The provisioning state of the resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
routes | Collection of routes contained within a route table. | Route[] |
SecurityRule
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the security rule | SecurityRulePropertiesFormat |
SecurityRulePropertiesFormat
Name | Description | Value |
---|---|---|
access | The network traffic is allowed or denied. Possible values are: 'Allow' and 'Deny'. | 'Allow' 'Deny' (required) |
description | A description for this rule. Restricted to 140 chars. | string |
destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
destinationApplicationSecurityGroups | The application security group specified as destination. | ApplicationSecurityGroup[] |
destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
destinationPortRanges | The destination port ranges. | string[] |
direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are: 'Inbound' and 'Outbound'. | 'Inbound' 'Outbound' (required) |
priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int |
protocol | Network protocol this rule applies to. Possible values are 'Tcp', 'Udp', and '*'. | '*' 'Tcp' 'Udp' (required) |
provisioningState | The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
sourceApplicationSecurityGroups | The application security group specified as source. | ApplicationSecurityGroup[] |
sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
sourcePortRanges | The source port ranges. | string[] |
ServiceEndpointPolicy
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the service end point policy | ServiceEndpointPolicyPropertiesFormat |
tags | Resource tags. | ResourceTags |
ServiceEndpointPolicyDefinition
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the service endpoint policy definition | ServiceEndpointPolicyDefinitionPropertiesFormat |
ServiceEndpointPolicyDefinitionPropertiesFormat
Name | Description | Value |
---|---|---|
description | A description for this rule. Restricted to 140 chars. | string |
provisioningState | The provisioning state of the service end point policy definition. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
service | service endpoint name. | string |
serviceResources | A list of service resources. | string[] |
ServiceEndpointPolicyPropertiesFormat
Name | Description | Value |
---|---|---|
provisioningState | The provisioning state of the service endpoint policy. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
resourceGuid | The resource GUID property of the service endpoint policy resource. | string |
serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | ServiceEndpointPolicyDefinition[] |
ServiceEndpointPropertiesFormat
Name | Description | Value |
---|---|---|
locations | A list of locations. | string[] |
provisioningState | The provisioning state of the resource. | string |
service | The type of the endpoint service. | string |
Subnet
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the subnet. | SubnetPropertiesFormat |
SubnetPropertiesFormat
Name | Description | Value |
---|---|---|
addressPrefix | The address prefix for the subnet. | string |
networkSecurityGroup | The reference of the NetworkSecurityGroup resource. | NetworkSecurityGroup |
provisioningState | The provisioning state of the resource. | string |
resourceNavigationLinks | Gets an array of references to the external resources using subnet. | ResourceNavigationLink[] |
routeTable | The reference of the RouteTable resource. | RouteTable |
serviceEndpointPolicies | An array of service endpoint policies. | ServiceEndpointPolicy[] |
serviceEndpoints | An array of service endpoints. | ServiceEndpointPropertiesFormat[] |
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
AKS Cluster with a NAT Gateway and an Application Gateway |
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
AKS cluster with the Application Gateway Ingress Controller |
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
App Gateway with WAF, SSL, IIS and HTTPS redirection |
This template deploys an Application Gateway with WAF, end to end SSL and HTTP to HTTPS redirect on the IIS servers. |
Application Gateway for a Web App with IP Restriction |
This template creates an application gateway in front of an Azure Web App with IP restriction enabled on the Web App. |
Application Gateway for Multi Hosting |
This template creates an Application Gateway and configures it for Multi Hosting on port 443. |
Application Gateway for Url Path Based Routing |
This template creates an Application Gateway and configures it for URL Path Based Routing. |
Application Gateway with internal API Management and Web App |
Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. |
Application Gateway with WAF and firewall policy |
This template creates an Application Gateway with WAF configured along with a firewall policy |
Autoscale LANSA Windows VM ScaleSet with Azure SQL Database |
The template deploys a Windows VMSS with a desired count of VMs in the scale set and a LANSA MSI to install into each VM. Once the VM Scale Set is deployed a custom script extension is used to install the LANSA MSI) |
Azure Application Gateway Demo Setup |
This template allows you to quickly deploy Azure Application Gateway demo to test load-balancing with or without cookie-based affinity. |
Create a Web App protected by Application Gateway v2 |
This template creates an Azure Web App with Access Restriction for an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet) which has a 'Microsoft.Web' Service Endpoint enabled. The Web App restricts access to traffic from the subnet. |
Create a Web App, PE and Application Gateway v2 |
This template creates an Azure Web App with Private endpoint in Azure Virtual Network Subnet , an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet). The Web App restricts access to traffic from the subnet using private endpoint |
Create a WordPress site in a virtual network |
This template creates a WordPress site on Container Instance in a virtual network. And output a public site FQDN which could access WordPress site. |
Create an Application Gateway |
This template creates an application gateway in a virtual network and sets up load balancing rules for any number of virtual machines |
Create an Application Gateway (Custom SSL) |
This template deploys an Application Gateway configured with a custom ssl policy. |
Create an Application Gateway (SSL Policy) |
This template deploys an Application Gateway configured with a predefined ssl policy. |
Create an Application Gateway (WAF) |
This template creates an application gateway with Web Application Firewall functionality in a virtual network and sets up load balancing rules for any number of virtual machines |
Create an Application Gateway for WebApps |
This template creates an application gateway in front of two Azure Web Apps with a custom probe enabled. |
Create an Application Gateway v2 |
This template creates an application gateway v2 in a virtual network and sets up auto scaling properties and an HTTP load-balancing rule with public frontend |
Create an Application Gateway V2 with Key Vault |
This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway. |
Create an Application Gateway with Path Override |
This template deploys an Application Gateway and shows usage of the path override feature for a backend address pool. |
Create an Application Gateway with Probe |
This template deploys an Application Gateway with enhanced probe functionality. |
Create an Application Gateway with Public IP |
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Http Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers. |
Create an Application Gateway with Public IP (Offload) |
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Ssl Offload and Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers. |
Create an Application Gateway with Redirect |
This template creates an application gateway with Redirect functionalities in a virtual network and sets up load balancing and redirect rules (basic and pathbased) |
Create an Application Gateway with Rewrite |
This template creates an application gateway with Rewrite functionalities in a virtual network and sets up load balancing, rewrite rules |
Create an Azure Application Gateway v2 |
This template creates an Azure Application Gateway with two Windows Server 2016 servers in the backend pool |
Create an Azure WAF v2 on Azure Application Gateway |
This template creates an Azure Web Application Firewall v2 on Azure Application Gateway with two Windows Server 2016 servers in the backend pool |
Create an IPv6 Application Gateway |
This template creates an application gateway with an IPv6 frontend in a dual-stack virtual network. |
Create API Management in Internal VNet with App Gateway |
This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway. |
Create Application Gateway with Certificates |
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
Deploy a Windows VM scale set with Azure Application Gateway |
This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs |
Deploy an Ubuntu VM scale set with Azure Application Gateway |
This template allows you to deploy a simple Ubuntu VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs |
eShop Website with ILB ASE |
An App Service Environment is a Premium service plan option of Azure App Service that provides a fully isolated and dedicated environment for securely running Azure App Service apps at high scale, including Web Apps, Mobile Apps, and API Apps. |
Front Door Standard/Premium with Application Gateway origin |
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin. |
Front Door with Container Instances and Application Gateway |
This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
Multi tier App with NSG, ILB, AppGateway |
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing |
Multi tier traffic manager, L4 ILB, L7 AppGateway |
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing |
Terraform (AzAPI provider) resource definition
The applicationGateways resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/applicationGateways resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/applicationGateways@2018-07-01"
name = "string"
etag = "string"
location = "string"
body = jsonencode({
properties = {
authenticationCertificates = [
{
etag = "string"
id = "string"
name = "string"
properties = {
data = "string"
provisioningState = "string"
}
type = "string"
}
]
autoscaleConfiguration = {
bounds = {
max = int
min = int
}
}
backendAddressPools = [
{
etag = "string"
id = "string"
name = "string"
properties = {
backendAddresses = [
{
fqdn = "string"
ipAddress = "string"
}
]
backendIPConfigurations = [
{
etag = "string"
id = "string"
name = "string"
properties = {
applicationGatewayBackendAddressPools = [
...
]
applicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
loadBalancerBackendAddressPools = [
{
etag = "string"
id = "string"
name = "string"
properties = {
provisioningState = "string"
}
}
]
loadBalancerInboundNatRules = [
{
etag = "string"
id = "string"
name = "string"
properties = {
backendPort = int
enableFloatingIP = bool
enableTcpReset = bool
frontendIPConfiguration = {
id = "string"
}
frontendPort = int
idleTimeoutInMinutes = int
protocol = "string"
provisioningState = "string"
}
}
]
primary = bool
privateIPAddress = "string"
privateIPAddressVersion = "string"
privateIPAllocationMethod = "string"
provisioningState = "string"
publicIPAddress = {
etag = "string"
id = "string"
location = "string"
properties = {
dnsSettings = {
domainNameLabel = "string"
fqdn = "string"
reverseFqdn = "string"
}
idleTimeoutInMinutes = int
ipAddress = "string"
ipTags = [
{
ipTagType = "string"
tag = "string"
}
]
provisioningState = "string"
publicIPAddressVersion = "string"
publicIPAllocationMethod = "string"
publicIPPrefix = {
id = "string"
}
resourceGuid = "string"
}
sku = {
name = "string"
}
tags = {
{customized property} = "string"
}
zones = [
"string"
]
}
subnet = {
etag = "string"
id = "string"
name = "string"
properties = {
addressPrefix = "string"
networkSecurityGroup = {
etag = "string"
id = "string"
location = "string"
properties = {
defaultSecurityRules = [
{
etag = "string"
id = "string"
name = "string"
properties = {
access = "string"
description = "string"
destinationAddressPrefix = "string"
destinationAddressPrefixes = [
"string"
]
destinationApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
destinationPortRange = "string"
destinationPortRanges = [
"string"
]
direction = "string"
priority = int
protocol = "string"
provisioningState = "string"
sourceAddressPrefix = "string"
sourceAddressPrefixes = [
"string"
]
sourceApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
sourcePortRange = "string"
sourcePortRanges = [
"string"
]
}
}
]
provisioningState = "string"
resourceGuid = "string"
securityRules = [
{
etag = "string"
id = "string"
name = "string"
properties = {
access = "string"
description = "string"
destinationAddressPrefix = "string"
destinationAddressPrefixes = [
"string"
]
destinationApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
destinationPortRange = "string"
destinationPortRanges = [
"string"
]
direction = "string"
priority = int
protocol = "string"
provisioningState = "string"
sourceAddressPrefix = "string"
sourceAddressPrefixes = [
"string"
]
sourceApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
sourcePortRange = "string"
sourcePortRanges = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
provisioningState = "string"
resourceNavigationLinks = [
{
id = "string"
name = "string"
properties = {
link = "string"
linkedResourceType = "string"
}
}
]
routeTable = {
etag = "string"
id = "string"
location = "string"
properties = {
disableBgpRoutePropagation = bool
provisioningState = "string"
routes = [
{
etag = "string"
id = "string"
name = "string"
properties = {
addressPrefix = "string"
nextHopIpAddress = "string"
nextHopType = "string"
provisioningState = "string"
}
}
]
}
tags = {
{customized property} = "string"
}
}
serviceEndpointPolicies = [
{
etag = "string"
id = "string"
location = "string"
properties = {
provisioningState = "string"
resourceGuid = "string"
serviceEndpointPolicyDefinitions = [
{
etag = "string"
id = "string"
name = "string"
properties = {
description = "string"
provisioningState = "string"
service = "string"
serviceResources = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
]
serviceEndpoints = [
{
locations = [
"string"
]
provisioningState = "string"
service = "string"
}
]
}
}
}
}
]
provisioningState = "string"
}
type = "string"
}
]
backendHttpSettingsCollection = [
{
etag = "string"
id = "string"
name = "string"
properties = {
affinityCookieName = "string"
authenticationCertificates = [
{
id = "string"
}
]
connectionDraining = {
drainTimeoutInSec = int
enabled = bool
}
cookieBasedAffinity = "string"
hostName = "string"
path = "string"
pickHostNameFromBackendAddress = bool
port = int
probe = {
id = "string"
}
probeEnabled = bool
protocol = "string"
provisioningState = "string"
requestTimeout = int
}
type = "string"
}
]
enableFips = bool
enableHttp2 = bool
frontendIPConfigurations = [
{
etag = "string"
id = "string"
name = "string"
properties = {
privateIPAddress = "string"
privateIPAllocationMethod = "string"
provisioningState = "string"
publicIPAddress = {
id = "string"
}
subnet = {
id = "string"
}
}
type = "string"
}
]
frontendPorts = [
{
etag = "string"
id = "string"
name = "string"
properties = {
port = int
provisioningState = "string"
}
type = "string"
}
]
gatewayIPConfigurations = [
{
etag = "string"
id = "string"
name = "string"
properties = {
provisioningState = "string"
subnet = {
id = "string"
}
}
type = "string"
}
]
httpListeners = [
{
etag = "string"
id = "string"
name = "string"
properties = {
frontendIPConfiguration = {
id = "string"
}
frontendPort = {
id = "string"
}
hostName = "string"
protocol = "string"
provisioningState = "string"
requireServerNameIndication = bool
sslCertificate = {
id = "string"
}
}
type = "string"
}
]
probes = [
{
etag = "string"
id = "string"
name = "string"
properties = {
host = "string"
interval = int
match = {
body = "string"
statusCodes = [
"string"
]
}
minServers = int
path = "string"
pickHostNameFromBackendHttpSettings = bool
protocol = "string"
provisioningState = "string"
timeout = int
unhealthyThreshold = int
}
type = "string"
}
]
provisioningState = "string"
redirectConfigurations = [
{
etag = "string"
id = "string"
name = "string"
properties = {
includePath = bool
includeQueryString = bool
pathRules = [
{
id = "string"
}
]
redirectType = "string"
requestRoutingRules = [
{
id = "string"
}
]
targetListener = {
id = "string"
}
targetUrl = "string"
urlPathMaps = [
{
id = "string"
}
]
}
type = "string"
}
]
requestRoutingRules = [
{
etag = "string"
id = "string"
name = "string"
properties = {
backendAddressPool = {
id = "string"
}
backendHttpSettings = {
id = "string"
}
httpListener = {
id = "string"
}
provisioningState = "string"
redirectConfiguration = {
id = "string"
}
ruleType = "string"
urlPathMap = {
id = "string"
}
}
type = "string"
}
]
resourceGuid = "string"
sku = {
capacity = int
name = "string"
tier = "string"
}
sslCertificates = [
{
etag = "string"
id = "string"
name = "string"
properties = {
data = "string"
password = "string"
provisioningState = "string"
publicCertData = "string"
}
type = "string"
}
]
sslPolicy = {
cipherSuites = [
"string"
]
disabledSslProtocols = [
"string"
]
minProtocolVersion = "string"
policyName = "string"
policyType = "string"
}
urlPathMaps = [
{
etag = "string"
id = "string"
name = "string"
properties = {
defaultBackendAddressPool = {
id = "string"
}
defaultBackendHttpSettings = {
id = "string"
}
defaultRedirectConfiguration = {
id = "string"
}
pathRules = [
{
etag = "string"
id = "string"
name = "string"
properties = {
backendAddressPool = {
id = "string"
}
backendHttpSettings = {
id = "string"
}
paths = [
"string"
]
provisioningState = "string"
redirectConfiguration = {
id = "string"
}
}
type = "string"
}
]
provisioningState = "string"
}
type = "string"
}
]
webApplicationFirewallConfiguration = {
disabledRuleGroups = [
{
ruleGroupName = "string"
rules = [
int
]
}
]
enabled = bool
firewallMode = "string"
maxRequestBodySize = int
requestBodyCheck = bool
ruleSetType = "string"
ruleSetVersion = "string"
}
}
})
tags = {
{customized property} = "string"
}
zones = [
"string"
]
}
Property values
ApplicationGatewayAuthenticationCertificate
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the authentication certificate that is unique within an Application Gateway. | string |
properties | Authentication certificates properties of an application gateway. | ApplicationGatewayAuthenticationCertificatePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayAuthenticationCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
data | Certificate public data. | string |
provisioningState | Provisioning state of the authentication certificate resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
ApplicationGatewayAutoscaleBounds
Name | Description | Value |
---|---|---|
max | Upper bound on number of Application Gateway instances. | int (required) |
min | Lower bound on number of Application Gateway instances. | int (required) |
ApplicationGatewayAutoscaleConfiguration
Name | Description | Value |
---|---|---|
bounds | Autoscale bounds | ApplicationGatewayAutoscaleBounds (required) |
ApplicationGatewayBackendAddress
Name | Description | Value |
---|---|---|
fqdn | Fully qualified domain name (FQDN). | string |
ipAddress | IP address | string |
ApplicationGatewayBackendAddressPool
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the backend address pool that is unique within an Application Gateway. | string |
properties | Properties of Backend Address Pool of an application gateway. | ApplicationGatewayBackendAddressPoolPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayBackendAddressPoolPropertiesFormat
Name | Description | Value |
---|---|---|
backendAddresses | Backend addresses | ApplicationGatewayBackendAddress[] |
backendIPConfigurations | Collection of references to IPs defined in network interfaces. | NetworkInterfaceIPConfiguration[] |
provisioningState | Provisioning state of the backend address pool resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
ApplicationGatewayBackendHttpSettings
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the backend http settings that is unique within an Application Gateway. | string |
properties | Properties of Backend address pool settings of an application gateway. | ApplicationGatewayBackendHttpSettingsPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayBackendHttpSettingsPropertiesFormat
Name | Description | Value |
---|---|---|
affinityCookieName | Cookie name to use for the affinity cookie. | string |
authenticationCertificates | Array of references to application gateway authentication certificates. | SubResource[] |
connectionDraining | Connection draining of the backend http settings resource. | ApplicationGatewayConnectionDraining |
cookieBasedAffinity | Cookie based affinity. | 'Disabled' 'Enabled' |
hostName | Host header to be sent to the backend servers. | string |
path | Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. Default value is null. | string |
pickHostNameFromBackendAddress | Whether to pick host header should be picked from the host name of the backend server. Default value is false. | bool |
port | The destination port on the backend. | int |
probe | Probe resource of an application gateway. | SubResource |
probeEnabled | Whether the probe is enabled. Default value is false. | bool |
protocol | The protocol used to communicate with the backend. Possible values are 'Http' and 'Https'. | 'Http' 'Https' |
provisioningState | Provisioning state of the backend http settings resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
requestTimeout | Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. | int |
ApplicationGatewayConnectionDraining
Name | Description | Value |
---|---|---|
drainTimeoutInSec | The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. | int Constraints: Min value = 1 Max value = 3600 (required) |
enabled | Whether connection draining is enabled or not. | bool (required) |
ApplicationGatewayFirewallDisabledRuleGroup
Name | Description | Value |
---|---|---|
ruleGroupName | The name of the rule group that will be disabled. | string (required) |
rules | The list of rules that will be disabled. If null, all rules of the rule group will be disabled. | int[] |
ApplicationGatewayFrontendIPConfiguration
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the frontend IP configuration that is unique within an Application Gateway. | string |
properties | Properties of Frontend IP configuration of an application gateway. | ApplicationGatewayFrontendIPConfigurationPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayFrontendIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
privateIPAddress | PrivateIPAddress of the network interface IP Configuration. | string |
privateIPAllocationMethod | PrivateIP allocation method. | 'Dynamic' 'Static' |
provisioningState | Provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
publicIPAddress | Reference of the PublicIP resource. | SubResource |
subnet | Reference of the subnet resource. | SubResource |
ApplicationGatewayFrontendPort
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the frontend port that is unique within an Application Gateway | string |
properties | Properties of Frontend port of an application gateway. | ApplicationGatewayFrontendPortPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayFrontendPortPropertiesFormat
Name | Description | Value |
---|---|---|
port | Frontend port | int |
provisioningState | Provisioning state of the frontend port resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
ApplicationGatewayHttpListener
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the HTTP listener that is unique within an Application Gateway. | string |
properties | Properties of HTTP listener of an application gateway. | ApplicationGatewayHttpListenerPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayHttpListenerPropertiesFormat
Name | Description | Value |
---|---|---|
frontendIPConfiguration | Frontend IP configuration resource of an application gateway. | SubResource |
frontendPort | Frontend port resource of an application gateway. | SubResource |
hostName | Host name of HTTP listener. | string |
protocol | Protocol of the HTTP listener. Possible values are 'Http' and 'Https'. | 'Http' 'Https' |
provisioningState | Provisioning state of the HTTP listener resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
requireServerNameIndication | Applicable only if protocol is https. Enables SNI for multi-hosting. | bool |
sslCertificate | SSL certificate resource of an application gateway. | SubResource |
ApplicationGatewayIPConfiguration
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the IP configuration that is unique within an Application Gateway. | string |
properties | Properties of IP configuration of an application gateway. | ApplicationGatewayIPConfigurationPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
provisioningState | Provisioning state of the application gateway subnet resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
subnet | Reference of the subnet resource. A subnet from where application gateway gets its private address. | SubResource |
ApplicationGatewayPathRule
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the path rule that is unique within an Application Gateway. | string |
properties | Properties of path rule of an application gateway. | ApplicationGatewayPathRulePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayPathRulePropertiesFormat
Name | Description | Value |
---|---|---|
backendAddressPool | Backend address pool resource of URL path map path rule. | SubResource |
backendHttpSettings | Backend http settings resource of URL path map path rule. | SubResource |
paths | Path rules of URL path map. | string[] |
provisioningState | Path rule of URL path map resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
redirectConfiguration | Redirect configuration resource of URL path map path rule. | SubResource |
ApplicationGatewayProbe
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the probe that is unique within an Application Gateway. | string |
properties | Properties of probe of an application gateway. | ApplicationGatewayProbePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayProbeHealthResponseMatch
Name | Description | Value |
---|---|---|
body | Body that must be contained in the health response. Default value is empty. | string |
statusCodes | Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. | string[] |
ApplicationGatewayProbePropertiesFormat
Name | Description | Value |
---|---|---|
host | Host name to send the probe to. | string |
interval | The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. | int |
match | Criterion for classifying a healthy probe response. | ApplicationGatewayProbeHealthResponseMatch |
minServers | Minimum number of servers that are always marked healthy. Default value is 0. | int |
path | Relative path of probe. Valid path starts from '/'. Probe is sent to <Protocol>://<host>:<port><path> | string |
pickHostNameFromBackendHttpSettings | Whether the host header should be picked from the backend http settings. Default value is false. | bool |
protocol | The protocol used for the probe. Possible values are 'Http' and 'Https'. | 'Http' 'Https' |
provisioningState | Provisioning state of the backend http settings resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
timeout | the probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. | int |
unhealthyThreshold | The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. | int |
ApplicationGatewayPropertiesFormat
Name | Description | Value |
---|---|---|
authenticationCertificates | Authentication certificates of the application gateway resource. | ApplicationGatewayAuthenticationCertificate[] |
autoscaleConfiguration | Autoscale Configuration. | ApplicationGatewayAutoscaleConfiguration |
backendAddressPools | Backend address pool of the application gateway resource. | ApplicationGatewayBackendAddressPool[] |
backendHttpSettingsCollection | Backend http settings of the application gateway resource. | ApplicationGatewayBackendHttpSettings[] |
enableFips | Whether FIPS is enabled on the application gateway resource. | bool |
enableHttp2 | Whether HTTP2 is enabled on the application gateway resource. | bool |
frontendIPConfigurations | Frontend IP addresses of the application gateway resource. | ApplicationGatewayFrontendIPConfiguration[] |
frontendPorts | Frontend ports of the application gateway resource. | ApplicationGatewayFrontendPort[] |
gatewayIPConfigurations | Subnets of application the gateway resource. | ApplicationGatewayIPConfiguration[] |
httpListeners | Http listeners of the application gateway resource. | ApplicationGatewayHttpListener[] |
probes | Probes of the application gateway resource. | ApplicationGatewayProbe[] |
provisioningState | Provisioning state of the application gateway resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
redirectConfigurations | Redirect configurations of the application gateway resource. | ApplicationGatewayRedirectConfiguration[] |
requestRoutingRules | Request routing rules of the application gateway resource. | ApplicationGatewayRequestRoutingRule[] |
resourceGuid | Resource GUID property of the application gateway resource. | string |
sku | SKU of the application gateway resource. | ApplicationGatewaySku |
sslCertificates | SSL certificates of the application gateway resource. | ApplicationGatewaySslCertificate[] |
sslPolicy | SSL policy of the application gateway resource. | ApplicationGatewaySslPolicy |
urlPathMaps | URL path map of the application gateway resource. | ApplicationGatewayUrlPathMap[] |
webApplicationFirewallConfiguration | Web application firewall configuration. | ApplicationGatewayWebApplicationFirewallConfiguration |
ApplicationGatewayRedirectConfiguration
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the redirect configuration that is unique within an Application Gateway. | string |
properties | Properties of redirect configuration of the application gateway. | ApplicationGatewayRedirectConfigurationPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayRedirectConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
includePath | Include path in the redirected url. | bool |
includeQueryString | Include query string in the redirected url. | bool |
pathRules | Path rules specifying redirect configuration. | SubResource[] |
redirectType | Supported http redirection types - Permanent, Temporary, Found, SeeOther. | 'Found' 'Permanent' 'SeeOther' 'Temporary' |
requestRoutingRules | Request routing specifying redirect configuration. | SubResource[] |
targetListener | Reference to a listener to redirect the request to. | SubResource |
targetUrl | Url to redirect the request to. | string |
urlPathMaps | Url path maps specifying default redirect configuration. | SubResource[] |
ApplicationGatewayRequestRoutingRule
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the request routing rule that is unique within an Application Gateway. | string |
properties | Properties of request routing rule of the application gateway. | ApplicationGatewayRequestRoutingRulePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayRequestRoutingRulePropertiesFormat
Name | Description | Value |
---|---|---|
backendAddressPool | Backend address pool resource of the application gateway. | SubResource |
backendHttpSettings | Backend http settings resource of the application gateway. | SubResource |
httpListener | Http listener resource of the application gateway. | SubResource |
provisioningState | Provisioning state of the request routing rule resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
redirectConfiguration | Redirect configuration resource of the application gateway. | SubResource |
ruleType | Rule type. | 'Basic' 'PathBasedRouting' |
urlPathMap | URL path map resource of the application gateway. | SubResource |
ApplicationGatewaySku
Name | Description | Value |
---|---|---|
capacity | Capacity (instance count) of an application gateway. | int |
name | Name of an application gateway SKU. | 'Standard_Large' 'Standard_Medium' 'Standard_Small' 'Standard_v2' 'WAF_Large' 'WAF_Medium' 'WAF_v2' |
tier | Tier of an application gateway. | 'Standard' 'Standard_v2' 'WAF' 'WAF_v2' |
ApplicationGatewaySslCertificate
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the SSL certificate that is unique within an Application Gateway. | string |
properties | Properties of SSL certificates of an application gateway. | ApplicationGatewaySslCertificatePropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewaySslCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
data | Base-64 encoded pfx certificate. Only applicable in PUT Request. | string |
password | Password for the pfx file specified in data. Only applicable in PUT request. | string |
provisioningState | Provisioning state of the SSL certificate resource Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
publicCertData | Base-64 encoded Public cert data corresponding to pfx specified in data. Only applicable in GET request. | string |
ApplicationGatewaySslPolicy
Name | Description | Value |
---|---|---|
cipherSuites | Ssl cipher suites to be enabled in the specified order to application gateway. | String array containing any of: 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA' 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA' 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256' 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA' 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256' 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA' 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256' 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA' 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384' 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA' 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256' 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256' 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA' 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384' 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256' 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA' 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384' 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' 'TLS_RSA_WITH_3DES_EDE_CBC_SHA' 'TLS_RSA_WITH_AES_128_CBC_SHA' 'TLS_RSA_WITH_AES_128_CBC_SHA256' 'TLS_RSA_WITH_AES_128_GCM_SHA256' 'TLS_RSA_WITH_AES_256_CBC_SHA' 'TLS_RSA_WITH_AES_256_CBC_SHA256' 'TLS_RSA_WITH_AES_256_GCM_SHA384' |
disabledSslProtocols | Ssl protocols to be disabled on application gateway. | String array containing any of: 'TLSv1_0' 'TLSv1_1' 'TLSv1_2' |
minProtocolVersion | Minimum version of Ssl protocol to be supported on application gateway. | 'TLSv1_0' 'TLSv1_1' 'TLSv1_2' |
policyName | Name of Ssl predefined policy | 'AppGwSslPolicy20150501' 'AppGwSslPolicy20170401' 'AppGwSslPolicy20170401S' |
policyType | Type of Ssl Policy | 'Custom' 'Predefined' |
ApplicationGatewayUrlPathMap
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Name of the URL path map that is unique within an Application Gateway. | string |
properties | Properties of UrlPathMap of the application gateway. | ApplicationGatewayUrlPathMapPropertiesFormat |
type | Type of the resource. | string |
ApplicationGatewayUrlPathMapPropertiesFormat
Name | Description | Value |
---|---|---|
defaultBackendAddressPool | Default backend address pool resource of URL path map. | SubResource |
defaultBackendHttpSettings | Default backend http settings resource of URL path map. | SubResource |
defaultRedirectConfiguration | Default redirect configuration resource of URL path map. | SubResource |
pathRules | Path rule of URL path map resource. | ApplicationGatewayPathRule[] |
provisioningState | Provisioning state of the backend http settings resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
ApplicationGatewayWebApplicationFirewallConfiguration
Name | Description | Value |
---|---|---|
disabledRuleGroups | The disabled rule groups. | ApplicationGatewayFirewallDisabledRuleGroup[] |
enabled | Whether the web application firewall is enabled or not. | bool (required) |
firewallMode | Web application firewall mode. | 'Detection' 'Prevention' (required) |
maxRequestBodySize | Maximum request body size for WAF. | int Constraints: Min value = 8 Max value = 128 |
requestBodyCheck | Whether allow WAF to check request Body. | bool |
ruleSetType | The type of the web application firewall rule set. Possible values are: 'OWASP'. | string (required) |
ruleSetVersion | The version of the rule set type. | string (required) |
ApplicationSecurityGroup
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the application security group. | ApplicationSecurityGroupPropertiesFormat |
tags | Resource tags. | ResourceTags |
ApplicationSecurityGroupPropertiesFormat
Name | Description | Value |
---|
BackendAddressPool
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of load balancer backend address pool. | BackendAddressPoolPropertiesFormat |
BackendAddressPoolPropertiesFormat
Name | Description | Value |
---|---|---|
provisioningState | Get provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
InboundNatRule
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of load balancer inbound nat rule. | InboundNatRulePropertiesFormat |
InboundNatRulePropertiesFormat
Name | Description | Value |
---|---|---|
backendPort | The port used for the internal endpoint. Acceptable values range from 1 to 65535. | int |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | bool |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfiguration | A reference to frontend IP addresses. | SubResource |
frontendPort | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. | int |
idleTimeoutInMinutes | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | int |
protocol | The transport protocol for the endpoint. Possible values are 'Udp' or 'Tcp' or 'All'. | 'All' 'Tcp' 'Udp' |
provisioningState | Gets the provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
IpTag
Name | Description | Value |
---|---|---|
ipTagType | Gets or sets the ipTag type: Example FirstPartyUsage. | string |
tag | Gets or sets value of the IpTag associated with the public IP. Example SQL, Storage etc | string |
Microsoft.Network/applicationGateways
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of the application gateway. | ApplicationGatewayPropertiesFormat |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Network/applicationGateways@2018-07-01" |
zones | A list of availability zones denoting where the resource needs to come from. | string[] |
NetworkInterfaceIPConfiguration
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Network interface IP configuration properties. | NetworkInterfaceIPConfigurationPropertiesFormat |
NetworkInterfaceIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
applicationGatewayBackendAddressPools | The reference of ApplicationGatewayBackendAddressPool resource. | ApplicationGatewayBackendAddressPool[] |
applicationSecurityGroups | Application security groups in which the IP configuration is included. | ApplicationSecurityGroup[] |
loadBalancerBackendAddressPools | The reference of LoadBalancerBackendAddressPool resource. | BackendAddressPool[] |
loadBalancerInboundNatRules | A list of references of LoadBalancerInboundNatRules. | InboundNatRule[] |
primary | Gets whether this is a primary customer address on the network interface. | bool |
privateIPAddress | Private IP address of the IP configuration. | string |
privateIPAddressVersion | Available from Api-Version 2016-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
privateIPAllocationMethod | Defines how a private IP address is assigned. Possible values are: 'Static' and 'Dynamic'. | 'Dynamic' 'Static' |
provisioningState | The provisioning state of the network interface IP configuration. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
publicIPAddress | Public IP address bound to the IP configuration. | PublicIPAddress |
subnet | Subnet bound to the IP configuration. | Subnet |
NetworkSecurityGroup
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the network security group | NetworkSecurityGroupPropertiesFormat |
tags | Resource tags. | ResourceTags |
NetworkSecurityGroupPropertiesFormat
Name | Description | Value |
---|---|---|
defaultSecurityRules | The default security rules of network security group. | SecurityRule[] |
provisioningState | The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
resourceGuid | The resource GUID property of the network security group resource. | string |
securityRules | A collection of security rules of the network security group. | SecurityRule[] |
PublicIPAddress
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
location | Resource location. | string |
properties | Public IP address properties. | PublicIPAddressPropertiesFormat |
sku | The public IP address SKU. | PublicIPAddressSku |
tags | Resource tags. | ResourceTags |
zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
PublicIPAddressDnsSettings
Name | Description | Value |
---|---|---|
domainNameLabel | Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
fqdn | Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
reverseFqdn | Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
PublicIPAddressPropertiesFormat
Name | Description | Value |
---|---|---|
dnsSettings | The FQDN of the DNS record associated with the public IP address. | PublicIPAddressDnsSettings |
idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
ipAddress | The IP address associated with the public IP address resource. | string |
ipTags | The list of tags associated with the public IP address. | IpTag[] |
provisioningState | The provisioning state of the PublicIP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
publicIPAddressVersion | The public IP address version. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
publicIPAllocationMethod | The public IP allocation method. Possible values are: 'Static' and 'Dynamic'. | 'Dynamic' 'Static' |
publicIPPrefix | The Public IP Prefix this Public IP Address should be allocated from. | SubResource |
resourceGuid | The resource GUID property of the public IP resource. | string |
PublicIPAddressSku
Name | Description | Value |
---|---|---|
name | Name of a public IP address SKU. | 'Basic' 'Standard' |
ResourceNavigationLink
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Resource navigation link properties format. | ResourceNavigationLinkFormat |
ResourceNavigationLinkFormat
Name | Description | Value |
---|---|---|
link | Link to the external resource | string |
linkedResourceType | Resource type of the linked resource. | string |
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
Route
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the route. | RoutePropertiesFormat |
RoutePropertiesFormat
Name | Description | Value |
---|---|---|
addressPrefix | The destination CIDR to which the route applies. | string |
nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
nextHopType | The type of Azure hop the packet should be sent to. Possible values are: 'VirtualNetworkGateway', 'VnetLocal', 'Internet', 'VirtualAppliance', and 'None' | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
provisioningState | The provisioning state of the resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
RouteTable
Name | Description | Value |
---|---|---|
etag | Gets a unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the route table. | RouteTablePropertiesFormat |
tags | Resource tags. | ResourceTags |
RouteTablePropertiesFormat
Name | Description | Value |
---|---|---|
disableBgpRoutePropagation | Gets or sets whether to disable the routes learned by BGP on that route table. True means disable. | bool |
provisioningState | The provisioning state of the resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
routes | Collection of routes contained within a route table. | Route[] |
SecurityRule
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the security rule | SecurityRulePropertiesFormat |
SecurityRulePropertiesFormat
Name | Description | Value |
---|---|---|
access | The network traffic is allowed or denied. Possible values are: 'Allow' and 'Deny'. | 'Allow' 'Deny' (required) |
description | A description for this rule. Restricted to 140 chars. | string |
destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
destinationApplicationSecurityGroups | The application security group specified as destination. | ApplicationSecurityGroup[] |
destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
destinationPortRanges | The destination port ranges. | string[] |
direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are: 'Inbound' and 'Outbound'. | 'Inbound' 'Outbound' (required) |
priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int |
protocol | Network protocol this rule applies to. Possible values are 'Tcp', 'Udp', and '*'. | '*' 'Tcp' 'Udp' (required) |
provisioningState | The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
sourceApplicationSecurityGroups | The application security group specified as source. | ApplicationSecurityGroup[] |
sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
sourcePortRanges | The source port ranges. | string[] |
ServiceEndpointPolicy
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the service end point policy | ServiceEndpointPolicyPropertiesFormat |
tags | Resource tags. | ResourceTags |
ServiceEndpointPolicyDefinition
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the service endpoint policy definition | ServiceEndpointPolicyDefinitionPropertiesFormat |
ServiceEndpointPolicyDefinitionPropertiesFormat
Name | Description | Value |
---|---|---|
description | A description for this rule. Restricted to 140 chars. | string |
provisioningState | The provisioning state of the service end point policy definition. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
service | service endpoint name. | string |
serviceResources | A list of service resources. | string[] |
ServiceEndpointPolicyPropertiesFormat
Name | Description | Value |
---|---|---|
provisioningState | The provisioning state of the service endpoint policy. Possible values are: 'Updating', 'Deleting', and 'Failed'. | string |
resourceGuid | The resource GUID property of the service endpoint policy resource. | string |
serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | ServiceEndpointPolicyDefinition[] |
ServiceEndpointPropertiesFormat
Name | Description | Value |
---|---|---|
locations | A list of locations. | string[] |
provisioningState | The provisioning state of the resource. | string |
service | The type of the endpoint service. | string |
Subnet
Name | Description | Value |
---|---|---|
etag | A unique read-only string that changes whenever the resource is updated. | string |
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the subnet. | SubnetPropertiesFormat |
SubnetPropertiesFormat
Name | Description | Value |
---|---|---|
addressPrefix | The address prefix for the subnet. | string |
networkSecurityGroup | The reference of the NetworkSecurityGroup resource. | NetworkSecurityGroup |
provisioningState | The provisioning state of the resource. | string |
resourceNavigationLinks | Gets an array of references to the external resources using subnet. | ResourceNavigationLink[] |
routeTable | The reference of the RouteTable resource. | RouteTable |
serviceEndpointPolicies | An array of service endpoint policies. | ServiceEndpointPolicy[] |
serviceEndpoints | An array of service endpoints. | ServiceEndpointPropertiesFormat[] |
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |