Microsoft.Cdn profiles
Bicep resource definition
The profiles resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Cdn/profiles resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Cdn/profiles@2024-09-01' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
location: 'string'
name: 'string'
properties: {
logScrubbing: {
scrubbingRules: [
{
matchVariable: 'string'
selector: 'string'
selectorMatchOperator: 'string'
state: 'string'
}
]
state: 'string'
}
originResponseTimeoutSeconds: int
}
sku: {
name: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property values
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
Microsoft.Cdn/profiles
| Name | Description | Value |
|---|---|---|
| identity | Managed service identity (system assigned and/or user assigned identities). | ManagedServiceIdentity |
| location | Resource location. | string (required) |
| name | The resource name | string (required) |
| properties | The JSON object that contains the properties required to create a profile. | ProfileProperties |
| sku | The pricing tier (defines Azure Front Door Standard or Premium or a CDN provider, feature list and rate) of the profile. | Sku (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
ProfileLogScrubbing
| Name | Description | Value |
|---|---|---|
| scrubbingRules | List of log scrubbing rules applied to the Azure Front Door profile logs. | ProfileScrubbingRules[] |
| state | State of the log scrubbing config. Default value is Enabled. | 'Disabled' 'Enabled' |
ProfileProperties
| Name | Description | Value |
|---|---|---|
| logScrubbing | Defines rules that scrub sensitive fields in the Azure Front Door profile logs. | ProfileLogScrubbing |
| originResponseTimeoutSeconds | Send and receive timeout on forwarding request to the origin. When timeout is reached, the request fails and returns. | int Constraints: Min value = 16 |
ProfileScrubbingRules
| Name | Description | Value |
|---|---|---|
| matchVariable | The variable to be scrubbed from the logs. | 'QueryStringArgNames' 'RequestIPAddress' 'RequestUri' (required) |
| selector | When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to. | string |
| selectorMatchOperator | When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to. | 'EqualsAny' (required) |
| state | Defines the state of a log scrubbing rule. Default value is enabled. | 'Disabled' 'Enabled' |
Sku
| Name | Description | Value |
|---|---|---|
| name | Name of the pricing tier. | 'Custom_Verizon' 'Premium_AzureFrontDoor' 'Premium_Verizon' 'StandardPlus_955BandWidth_ChinaCdn' 'StandardPlus_AvgBandWidth_ChinaCdn' 'StandardPlus_ChinaCdn' 'Standard_955BandWidth_ChinaCdn' 'Standard_Akamai' 'Standard_AvgBandWidth_ChinaCdn' 'Standard_AzureFrontDoor' 'Standard_ChinaCdn' 'Standard_Microsoft' 'Standard_Verizon' |
TrackedResourceTags
| Name | Description | Value |
|---|
UserAssignedIdentities
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
Quickstart samples
The following quickstart samples deploy this resource type.
| Bicep File | Description |
|---|---|
| Create a CDN Endpoint with cache override through Rules | This template creates a CDN Profile and a CDN Endpoint with a user specified origin and all of our most commonly used settings on CDN. This template also configures rules engine with a path based rule and overrides cache expiration. |
| Create a CDN Endpoint with response header addition | This template creates a CDN Profile and a CDN Endpoint with a user specified origin and all of our most commonly used settings on CDN. This template also configures rules engine with Remote address based match and adds corresponding response headers. |
| Create a CDN Endpoint with rewrite and redirect rules | This template creates a CDN Profile and a CDN Endpoint with a user specified origin and all of our most commonly used settings on CDN. This template also configures rules engine device based path rewrite and request scheme based redirect. |
| Create a CDN Endpoint with UrlSigning action | This template creates a CDN Profile and a CDN Endpoint with a user specified origin and all of our most commonly used settings on CDN. This template also configures rules engine UrlSigning action for default and override parameters. |
| Create a CDN Profile and a CDN Endpoint with custom origin | This template creates a CDN Profile and a CDN Endpoint with a user specified origin and all of our most commonly used settings on CDN. |
| Create a CDN Profile and a CDN Endpoint with parameters | This template creates a CDN Profile and a CDN Endpoint with parameterized configuration settings |
| Create a CDN Profile, a CDN Endpoint and a Web App | This template creates a CDN Profile and a CDN Endpoint with a Web App as the origin |
| Create a CDN Profile, Endpoint and a Storage Account | This template creates a CDN Profile and a CDN Endpoint with origin as a Storage Account. Note that user needs to create a public container in the Storage Account in order for CDN Endpoint to serve content from the Storage Account. |
| Front Door Premium with App Service origin and Private Link | This template creates a Front Door Premium and an App Service, and uses a private endpoint for Front Door to send traffic to the application. |
| Front Door Premium with blob origin and Private Link | This template creates a Front Door Premium and an Azure Storage blob container, and uses a private endpoint for Front Door to send traffic to the storage account. |
| Front Door Premium with VM and Private Link service | This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM. |
| Front Door Premium with WAF and Microsoft-managed rule sets | This template creates a Front Door Premium including a web application firewall with the Microsoft-managed default and bot protection rule sets. |
| Front Door Standard/Premium | This template creates a Front Door Standard/Premium. |
| Front Door Standard/Premium with API Management origin | This template creates a Front Door Premium and an API Management instance, and uses an NSG and global API Management policy to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with App Service origin | This template creates a Front Door Standard/Premium, an App Service, and configures the App Service to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with Application Gateway origin | This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with Azure Container Instances | This template creates a Front Door Standard/Premium with a container group. |
| Front Door Standard/Premium with Azure DNS and custom domain | This template creates a Front Door Standard/Premium including a custom domain on Azure DNS and Microsoft-managed certificate. |
| Front Door Standard/Premium with Azure Functions origin | This template creates a Front Door Standard/Premium, an Azure Functions app, and configures the function app to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with custom domain | This template creates a Front Door Standard/Premium including a custom domain and Microsoft-managed certificate. |
| Front Door Standard/Premium with domain and certificate | This template creates a Front Door Standard/Premium including a custom domain and customer-managed certificate. |
| Front Door Standard/Premium with geo-filtering | This template creates a Front Door Standard/Premium including a web application firewall with a geo-filtering rule. |
| Front Door Standard/Premium with rate limit | This template creates a Front Door Standard/Premium including a web application firewall with a rate limit rule. |
| Front Door Standard/Premium with rule set | This template creates a Front Door Standard/Premium including a rule set. |
| Front Door Standard/Premium with static website origin | This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website. |
| Front Door Standard/Premium with WAF and custom rule | This template creates a Front Door Standard/Premium including a web application firewall with a custom rule. |
| Front Door with blob origins for blobs upload | This template creates a Front Door with origins, routes and ruleSets, and an Azure Storage accounts with blob containers. Front Door sends traffic to the storage accounts when uploading files. |
| Front Door with Container Instances and Application Gateway | This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
| FrontDoor CDN with WAF, Domains and Logs to EventHub | This template creates a new Azure FrontDoor cdn profile. Create WAF with custom and managed rules, cdn routes, origin and groups with their association with WAF and routes, configures custom domains, create event hub and diagnostic settings for sending CDN access logs using event hub. |
| Function App secured by Azure Frontdoor | This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link. |
| Highly Available Multi-region Web App | This template allows you to create a secure, highly available, multi-region end to end solution with two web apps in different regions behind Azure Front Door |
ARM template resource definition
The profiles resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Cdn/profiles resource, add the following JSON to your template.
{
"type": "Microsoft.Cdn/profiles",
"apiVersion": "2024-09-01",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"location": "string",
"properties": {
"logScrubbing": {
"scrubbingRules": [
{
"matchVariable": "string",
"selector": "string",
"selectorMatchOperator": "string",
"state": "string"
}
],
"state": "string"
},
"originResponseTimeoutSeconds": "int"
},
"sku": {
"name": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property values
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
Microsoft.Cdn/profiles
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2024-09-01' |
| identity | Managed service identity (system assigned and/or user assigned identities). | ManagedServiceIdentity |
| location | Resource location. | string (required) |
| name | The resource name | string (required) |
| properties | The JSON object that contains the properties required to create a profile. | ProfileProperties |
| sku | The pricing tier (defines Azure Front Door Standard or Premium or a CDN provider, feature list and rate) of the profile. | Sku (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.Cdn/profiles' |
ProfileLogScrubbing
| Name | Description | Value |
|---|---|---|
| scrubbingRules | List of log scrubbing rules applied to the Azure Front Door profile logs. | ProfileScrubbingRules[] |
| state | State of the log scrubbing config. Default value is Enabled. | 'Disabled' 'Enabled' |
ProfileProperties
| Name | Description | Value |
|---|---|---|
| logScrubbing | Defines rules that scrub sensitive fields in the Azure Front Door profile logs. | ProfileLogScrubbing |
| originResponseTimeoutSeconds | Send and receive timeout on forwarding request to the origin. When timeout is reached, the request fails and returns. | int Constraints: Min value = 16 |
ProfileScrubbingRules
| Name | Description | Value |
|---|---|---|
| matchVariable | The variable to be scrubbed from the logs. | 'QueryStringArgNames' 'RequestIPAddress' 'RequestUri' (required) |
| selector | When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to. | string |
| selectorMatchOperator | When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to. | 'EqualsAny' (required) |
| state | Defines the state of a log scrubbing rule. Default value is enabled. | 'Disabled' 'Enabled' |
Sku
| Name | Description | Value |
|---|---|---|
| name | Name of the pricing tier. | 'Custom_Verizon' 'Premium_AzureFrontDoor' 'Premium_Verizon' 'StandardPlus_955BandWidth_ChinaCdn' 'StandardPlus_AvgBandWidth_ChinaCdn' 'StandardPlus_ChinaCdn' 'Standard_955BandWidth_ChinaCdn' 'Standard_Akamai' 'Standard_AvgBandWidth_ChinaCdn' 'Standard_AzureFrontDoor' 'Standard_ChinaCdn' 'Standard_Microsoft' 'Standard_Verizon' |
TrackedResourceTags
| Name | Description | Value |
|---|
UserAssignedIdentities
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Apply a WAF Policy for the OWASP top 10 to a CDN Endpoint |
This template creates a CDN Profile and a CDN Endpoint with a user specified origin and all of our most commonly used settings on CDN. This template also links a CDN WAF Policy to the Endpoint which applies the managed rule set DefaultRuleSet_1.0. |
| Apply a WAF Policy with custom rules to a CDN Endpoint |
This template creates a CDN Profile and a CDN Endpoint with a user specified origin and all of our most commonly used settings on CDN. This template also links a CDN WAF Policy to the Endpoint which applies example custom rules for blocking and redirecting requests based on geo-location, ip address, and SESSIONID header. |
| Apply a WAF Policy with rate limit rules to a CDN Endpoint |
This template creates a CDN Profile and a CDN Endpoint with a user specified origin and all of our most commonly used settings on CDN. This template also links a CDN WAF Policy to the Endpoint which applies example rate limit rules for blocking and redirecting rate-limited requests. |
| Create a CDN Endpoint with cache override through Rules |
This template creates a CDN Profile and a CDN Endpoint with a user specified origin and all of our most commonly used settings on CDN. This template also configures rules engine with a path based rule and overrides cache expiration. |
| Create a CDN Endpoint with response header addition |
This template creates a CDN Profile and a CDN Endpoint with a user specified origin and all of our most commonly used settings on CDN. This template also configures rules engine with Remote address based match and adds corresponding response headers. |
| Create a CDN Endpoint with rewrite and redirect rules |
This template creates a CDN Profile and a CDN Endpoint with a user specified origin and all of our most commonly used settings on CDN. This template also configures rules engine device based path rewrite and request scheme based redirect. |
| Create a CDN Endpoint with UrlSigning action |
This template creates a CDN Profile and a CDN Endpoint with a user specified origin and all of our most commonly used settings on CDN. This template also configures rules engine UrlSigning action for default and override parameters. |
| Create a CDN Profile and a CDN Endpoint with custom origin |
This template creates a CDN Profile and a CDN Endpoint with a user specified origin and all of our most commonly used settings on CDN. |
| Create a CDN Profile and a CDN Endpoint with parameters |
This template creates a CDN Profile and a CDN Endpoint with parameterized configuration settings |
| Create a CDN Profile, a CDN Endpoint and a Web App |
This template creates a CDN Profile and a CDN Endpoint with a Web App as the origin |
| Create a CDN Profile, Endpoint and a Storage Account |
This template creates a CDN Profile and a CDN Endpoint with origin as a Storage Account. Note that user needs to create a public container in the Storage Account in order for CDN Endpoint to serve content from the Storage Account. |
| eShop Website with ILB ASE |
An App Service Environment is a Premium service plan option of Azure App Service that provides a fully isolated and dedicated environment for securely running Azure App Service apps at high scale, including Web Apps, Mobile Apps, and API Apps. |
| Front Door Premium with App Service origin and Private Link |
This template creates a Front Door Premium and an App Service, and uses a private endpoint for Front Door to send traffic to the application. |
| Front Door Premium with blob origin and Private Link |
This template creates a Front Door Premium and an Azure Storage blob container, and uses a private endpoint for Front Door to send traffic to the storage account. |
| Front Door Premium with VM and Private Link service |
This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM. |
| Front Door Premium with WAF and Microsoft-managed rule sets |
This template creates a Front Door Premium including a web application firewall with the Microsoft-managed default and bot protection rule sets. |
| Front Door Standard/Premium |
This template creates a Front Door Standard/Premium. |
| Front Door Standard/Premium with API Management origin |
This template creates a Front Door Premium and an API Management instance, and uses an NSG and global API Management policy to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with App Service origin |
This template creates a Front Door Standard/Premium, an App Service, and configures the App Service to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with Application Gateway origin |
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with Azure Container Instances |
This template creates a Front Door Standard/Premium with a container group. |
| Front Door Standard/Premium with Azure DNS and custom domain |
This template creates a Front Door Standard/Premium including a custom domain on Azure DNS and Microsoft-managed certificate. |
| Front Door Standard/Premium with Azure Functions origin |
This template creates a Front Door Standard/Premium, an Azure Functions app, and configures the function app to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with custom domain |
This template creates a Front Door Standard/Premium including a custom domain and Microsoft-managed certificate. |
| Front Door Standard/Premium with domain and certificate |
This template creates a Front Door Standard/Premium including a custom domain and customer-managed certificate. |
| Front Door Standard/Premium with geo-filtering |
This template creates a Front Door Standard/Premium including a web application firewall with a geo-filtering rule. |
| Front Door Standard/Premium with rate limit |
This template creates a Front Door Standard/Premium including a web application firewall with a rate limit rule. |
| Front Door Standard/Premium with rule set |
This template creates a Front Door Standard/Premium including a rule set. |
| Front Door Standard/Premium with static website origin |
This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website. |
| Front Door Standard/Premium with WAF and custom rule |
This template creates a Front Door Standard/Premium including a web application firewall with a custom rule. |
| Front Door with blob origins for blobs upload |
This template creates a Front Door with origins, routes and ruleSets, and an Azure Storage accounts with blob containers. Front Door sends traffic to the storage accounts when uploading files. |
| Front Door with Container Instances and Application Gateway |
This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
| FrontDoor CDN with WAF, Domains and Logs to EventHub |
This template creates a new Azure FrontDoor cdn profile. Create WAF with custom and managed rules, cdn routes, origin and groups with their association with WAF and routes, configures custom domains, create event hub and diagnostic settings for sending CDN access logs using event hub. |
| Function App secured by Azure Frontdoor |
This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link. |
| Highly Available Multi-region Web App |
This template allows you to create a secure, highly available, multi-region end to end solution with two web apps in different regions behind Azure Front Door |
Terraform (AzAPI provider) resource definition
The profiles resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Cdn/profiles resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Cdn/profiles@2024-09-01"
name = "string"
identity = {
type = "string"
userAssignedIdentities = {
{customized property} = {
}
}
}
location = "string"
sku = {
name = "string"
}
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
logScrubbing = {
scrubbingRules = [
{
matchVariable = "string"
selector = "string"
selectorMatchOperator = "string"
state = "string"
}
]
state = "string"
}
originResponseTimeoutSeconds = int
}
})
}
Property values
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
Microsoft.Cdn/profiles
| Name | Description | Value |
|---|---|---|
| identity | Managed service identity (system assigned and/or user assigned identities). | ManagedServiceIdentity |
| location | Resource location. | string (required) |
| name | The resource name | string (required) |
| properties | The JSON object that contains the properties required to create a profile. | ProfileProperties |
| sku | The pricing tier (defines Azure Front Door Standard or Premium or a CDN provider, feature list and rate) of the profile. | Sku (required) |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.Cdn/profiles@2024-09-01" |
ProfileLogScrubbing
| Name | Description | Value |
|---|---|---|
| scrubbingRules | List of log scrubbing rules applied to the Azure Front Door profile logs. | ProfileScrubbingRules[] |
| state | State of the log scrubbing config. Default value is Enabled. | 'Disabled' 'Enabled' |
ProfileProperties
| Name | Description | Value |
|---|---|---|
| logScrubbing | Defines rules that scrub sensitive fields in the Azure Front Door profile logs. | ProfileLogScrubbing |
| originResponseTimeoutSeconds | Send and receive timeout on forwarding request to the origin. When timeout is reached, the request fails and returns. | int Constraints: Min value = 16 |
ProfileScrubbingRules
| Name | Description | Value |
|---|---|---|
| matchVariable | The variable to be scrubbed from the logs. | 'QueryStringArgNames' 'RequestIPAddress' 'RequestUri' (required) |
| selector | When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to. | string |
| selectorMatchOperator | When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to. | 'EqualsAny' (required) |
| state | Defines the state of a log scrubbing rule. Default value is enabled. | 'Disabled' 'Enabled' |
Sku
| Name | Description | Value |
|---|---|---|
| name | Name of the pricing tier. | 'Custom_Verizon' 'Premium_AzureFrontDoor' 'Premium_Verizon' 'StandardPlus_955BandWidth_ChinaCdn' 'StandardPlus_AvgBandWidth_ChinaCdn' 'StandardPlus_ChinaCdn' 'Standard_955BandWidth_ChinaCdn' 'Standard_Akamai' 'Standard_AvgBandWidth_ChinaCdn' 'Standard_AzureFrontDoor' 'Standard_ChinaCdn' 'Standard_Microsoft' 'Standard_Verizon' |
TrackedResourceTags
| Name | Description | Value |
|---|
UserAssignedIdentities
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|