arsenvlad/terraform_function_app_network_restrictions_example.tf

## terraform_function_app_network_restrictions_example.tf
variable "prefix" {
    type = "string"
}

variable "location" {
    type = "string"
    default = "eastus2"
}

resource "azurerm_resource_group" "example" {
  name     = "${var.prefix}-rg"
  location = "${var.location}"
}

resource "azurerm_storage_account" "example" {
  name                     = "${var.prefix}sa1"
  resource_group_name      = "${azurerm_resource_group.example.name}"
  location                 = "${azurerm_resource_group.example.location}"
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_app_service_plan" "example" {
  name                = "${var.prefix}-app-service-plan"
  location            = "${azurerm_resource_group.example.location}"
  resource_group_name = "${azurerm_resource_group.example.name}"

  sku {
    tier = "Dynamic"
    size = "Y1"
  }

  kind = "functionapp"
}

resource "azurerm_function_app" "example" {
  name                      = "${var.prefix}-function-app"
  location                  = "${azurerm_resource_group.example.location}"
  resource_group_name       = "${azurerm_resource_group.example.name}"
  app_service_plan_id       = "${azurerm_app_service_plan.example.id}"
  storage_connection_string = "${azurerm_storage_account.example.primary_connection_string}"
}

resource "azurerm_template_deployment" "example" {
  name                = "${azurerm_function_app.example.name}-network-restrictions"
  resource_group_name = "${azurerm_resource_group.example.name}"
  template_body       = <<JSON
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "variables": {
     "_force_terraform_to_always_redeploy": "${timestamp()}"
  },
  "resources": [{
     "type": "Microsoft.Web/sites/config",
         "apiVersion": "2018-11-01",
         "name": "${azurerm_function_app.example.name}/web",
         "location": "${azurerm_function_app.example.name}",
         "properties": {
            "ftpsState": "Disabled",
            "ipSecurityRestrictions": [
               {
                  "ipAddress": "8.8.8.8/32",
                  "action": "Deny",
                  "tag": "Default",
                  "priority": 100,
                  "name": "DenyRule1",
                  "description": ""
               },
               {
                  "ipAddress": "8.8.8.9/32",
                  "action": "Deny",
                  "tag": "Default",
                  "priority": 150,
                  "name": "DenyRule2",
                  "description": ""
               },
               {
                  "ipAddress": "0.0.0.0/0",
                  "action": "Allow",
                  "tag": "Default",
                  "priority": 200,
                  "name": "AllowRule1",
                  "description": ""
               }
            ]
         }
    }
  ]
}
JSON
  deployment_mode     = "Incremental"
}
	variable "prefix" {
	type = "string"
	}

	variable "location" {
	type = "string"
	default = "eastus2"
	}

	resource "azurerm_resource_group" "example" {
	name = "${var.prefix}-rg"
	location = "${var.location}"
	}

	resource "azurerm_storage_account" "example" {
	name = "${var.prefix}sa1"
	resource_group_name = "${azurerm_resource_group.example.name}"
	location = "${azurerm_resource_group.example.location}"
	account_tier = "Standard"
	account_replication_type = "LRS"
	}

	resource "azurerm_app_service_plan" "example" {
	name = "${var.prefix}-app-service-plan"
	location = "${azurerm_resource_group.example.location}"
	resource_group_name = "${azurerm_resource_group.example.name}"

	sku {
	tier = "Dynamic"
	size = "Y1"
	}

	kind = "functionapp"
	}

	resource "azurerm_function_app" "example" {
	name = "${var.prefix}-function-app"
	location = "${azurerm_resource_group.example.location}"
	resource_group_name = "${azurerm_resource_group.example.name}"
	app_service_plan_id = "${azurerm_app_service_plan.example.id}"
	storage_connection_string = "${azurerm_storage_account.example.primary_connection_string}"
	}

	resource "azurerm_template_deployment" "example" {
	name = "${azurerm_function_app.example.name}-network-restrictions"
	resource_group_name = "${azurerm_resource_group.example.name}"
	template_body = <<JSON
	{
	"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
	"contentVersion": "1.0.0.0",
	"variables": {
	"_force_terraform_to_always_redeploy": "${timestamp()}"
	},
	"resources": [{
	"type": "Microsoft.Web/sites/config",
	"apiVersion": "2018-11-01",
	"name": "${azurerm_function_app.example.name}/web",
	"location": "${azurerm_function_app.example.name}",
	"properties": {
	"ftpsState": "Disabled",
	"ipSecurityRestrictions": [
	{
	"ipAddress": "8.8.8.8/32",
	"action": "Deny",
	"tag": "Default",
	"priority": 100,
	"name": "DenyRule1",
	"description": ""
	},
	{
	"ipAddress": "8.8.8.9/32",
	"action": "Deny",
	"tag": "Default",
	"priority": 150,
	"name": "DenyRule2",
	"description": ""
	},
	{
	"ipAddress": "0.0.0.0/0",
	"action": "Allow",
	"tag": "Default",
	"priority": 200,
	"name": "AllowRule1",
	"description": ""
	}
	]
	}
	}
	]
	}
	JSON
	deployment_mode = "Incremental"
	}