Microsoft.Cdn profiles/originGroups/origins
Bicep resource definition
The profiles/originGroups/origins resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Cdn/profiles/originGroups/origins resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Cdn/profiles/originGroups/origins@2023-07-01-preview' = {
name: 'string'
parent: resourceSymbolicName
properties: {
azureOrigin: {
id: 'string'
}
enabledState: 'string'
enforceCertificateNameCheck: bool
hostName: 'string'
httpPort: int
httpsPort: int
originHostHeader: 'string'
priority: int
sharedPrivateLinkResource: {
groupId: 'string'
privateLink: {
id: 'string'
}
privateLinkLocation: 'string'
requestMessage: 'string'
status: 'string'
}
weight: int
}
}
Property values
profiles/originGroups/origins
| Name | Description | Value |
|---|---|---|
| name | The resource name See how to set names and types for child resources in Bicep. |
string (required) Character limit: 1-50 Valid characters: Alphanumerics and hyphens. Start and end with alphanumeric. Resource name must be unique across Azure. |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: originGroups |
| properties | The JSON object that contains the properties of the origin. | AFDOriginProperties |
AFDOriginProperties
| Name | Description | Value |
|---|---|---|
| azureOrigin | Resource reference to the Azure origin resource. | ResourceReference |
| enabledState | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | 'Disabled' 'Enabled' |
| enforceCertificateNameCheck | Whether to enable certificate name check at origin level | bool |
| hostName | The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. | string |
| httpPort | The value of the HTTP port. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
| httpsPort | The value of the HTTPS port. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
| originHostHeader | The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint | string |
| priority | Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5 | int Constraints: Min value = 1 Max value = 5 |
| sharedPrivateLinkResource | The properties of the private link resource for private origin. | SharedPrivateLinkResourceProperties |
| weight | Weight of the origin in given origin group for load balancing. Must be between 1 and 1000 | int Constraints: Min value = 1 Max value = 1000 |
ResourceReference
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
SharedPrivateLinkResourceProperties
| Name | Description | Value |
|---|---|---|
| groupId | The group id from the provider of resource the shared private link resource is for. | string |
| privateLink | The resource id of the resource the shared private link resource is for. | ResourceReference |
| privateLinkLocation | The location of the shared private link resource | string |
| requestMessage | The request message for requesting approval of the shared private link resource. | string |
| status | Status of the shared private link resource. Can be Pending, Approved, Rejected, Disconnected, or Timeout. | 'Approved' 'Disconnected' 'Pending' 'Rejected' 'Timeout' |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
FrontDoor CDN with WAF, Domains and Logs to EventHub |
This template creates a new Azure FrontDoor cdn profile. Create WAF with custom and managed rules, cdn routes, origin and groups with their association with WAF and routes, configures custom domains, create event hub and diagnostic settings for sending CDN access logs using event hub. |
| Front Door Premium with App Service origin and Private Link |
This template creates a Front Door Premium and an App Service, and uses a private endpoint for Front Door to send traffic to the application. |
| Front Door Premium with blob origin and Private Link |
This template creates a Front Door Premium and an Azure Storage blob container, and uses a private endpoint for Front Door to send traffic to the storage account. |
| Front Door Premium with VM and Private Link service |
This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM. |
| Front Door Premium with WAF and Microsoft-managed rule sets |
This template creates a Front Door Premium including a web application firewall with the Microsoft-managed default and bot protection rule sets. |
| Front Door Standard/Premium |
This template creates a Front Door Standard/Premium. |
| Front Door Standard/Premium with API Management origin |
This template creates a Front Door Premium and an API Management instance, and uses an NSG and global API Management policy to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with App Service origin |
This template creates a Front Door Standard/Premium, an App Service, and configures the App Service to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with Application Gateway origin |
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin. |
| Front Door with Container Instances and Application Gateway |
This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
| Front Door Standard/Premium with Azure Container Instances |
This template creates a Front Door Standard/Premium with a container group. |
| Front Door Standard/Premium with custom domain |
This template creates a Front Door Standard/Premium including a custom domain and Microsoft-managed certificate. |
| Front Door Standard/Premium with Azure DNS and custom domain |
This template creates a Front Door Standard/Premium including a custom domain on Azure DNS and Microsoft-managed certificate. |
| Front Door Standard/Premium with domain and certificate |
This template creates a Front Door Standard/Premium including a custom domain and customer-managed certificate. |
| Front Door Standard/Premium with Azure Functions origin |
This template creates a Front Door Standard/Premium, an Azure Functions app, and configures the function app to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with geo-filtering |
This template creates a Front Door Standard/Premium including a web application firewall with a geo-filtering rule. |
| Front Door Standard/Premium with rate limit |
This template creates a Front Door Standard/Premium including a web application firewall with a rate limit rule. |
| Front Door Standard/Premium with rule set |
This template creates a Front Door Standard/Premium including a rule set. |
| Front Door Standard/Premium with static website origin |
This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website. |
| Front Door Standard/Premium with WAF and custom rule |
This template creates a Front Door Standard/Premium including a web application firewall with a custom rule. |
| Function App secured by Azure Frontdoor |
This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link. |
| Highly Available Multi-region Web App |
This template allows you to create a secure, highly available, multi-region end to end solution with two web apps in different regions behind Azure Front Door |
ARM template resource definition
The profiles/originGroups/origins resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Cdn/profiles/originGroups/origins resource, add the following JSON to your template.
{
"type": "Microsoft.Cdn/profiles/originGroups/origins",
"apiVersion": "2023-07-01-preview",
"name": "string",
"properties": {
"azureOrigin": {
"id": "string"
},
"enabledState": "string",
"enforceCertificateNameCheck": "bool",
"hostName": "string",
"httpPort": "int",
"httpsPort": "int",
"originHostHeader": "string",
"priority": "int",
"sharedPrivateLinkResource": {
"groupId": "string",
"privateLink": {
"id": "string"
},
"privateLinkLocation": "string",
"requestMessage": "string",
"status": "string"
},
"weight": "int"
}
}
Property values
profiles/originGroups/origins
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Cdn/profiles/originGroups/origins' |
| apiVersion | The resource api version | '2023-07-01-preview' |
| name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) Character limit: 1-50 Valid characters: Alphanumerics and hyphens. Start and end with alphanumeric. Resource name must be unique across Azure. |
| properties | The JSON object that contains the properties of the origin. | AFDOriginProperties |
AFDOriginProperties
| Name | Description | Value |
|---|---|---|
| azureOrigin | Resource reference to the Azure origin resource. | ResourceReference |
| enabledState | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | 'Disabled' 'Enabled' |
| enforceCertificateNameCheck | Whether to enable certificate name check at origin level | bool |
| hostName | The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. | string |
| httpPort | The value of the HTTP port. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
| httpsPort | The value of the HTTPS port. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
| originHostHeader | The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint | string |
| priority | Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5 | int Constraints: Min value = 1 Max value = 5 |
| sharedPrivateLinkResource | The properties of the private link resource for private origin. | SharedPrivateLinkResourceProperties |
| weight | Weight of the origin in given origin group for load balancing. Must be between 1 and 1000 | int Constraints: Min value = 1 Max value = 1000 |
ResourceReference
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
SharedPrivateLinkResourceProperties
| Name | Description | Value |
|---|---|---|
| groupId | The group id from the provider of resource the shared private link resource is for. | string |
| privateLink | The resource id of the resource the shared private link resource is for. | ResourceReference |
| privateLinkLocation | The location of the shared private link resource | string |
| requestMessage | The request message for requesting approval of the shared private link resource. | string |
| status | Status of the shared private link resource. Can be Pending, Approved, Rejected, Disconnected, or Timeout. | 'Approved' 'Disconnected' 'Pending' 'Rejected' 'Timeout' |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
| FrontDoor CDN with WAF, Domains and Logs to EventHub |
This template creates a new Azure FrontDoor cdn profile. Create WAF with custom and managed rules, cdn routes, origin and groups with their association with WAF and routes, configures custom domains, create event hub and diagnostic settings for sending CDN access logs using event hub. |
| Front Door Premium with App Service origin and Private Link |
This template creates a Front Door Premium and an App Service, and uses a private endpoint for Front Door to send traffic to the application. |
| Front Door Premium with blob origin and Private Link |
This template creates a Front Door Premium and an Azure Storage blob container, and uses a private endpoint for Front Door to send traffic to the storage account. |
| Front Door Premium with VM and Private Link service |
This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM. |
| Front Door Premium with WAF and Microsoft-managed rule sets |
This template creates a Front Door Premium including a web application firewall with the Microsoft-managed default and bot protection rule sets. |
| Front Door Standard/Premium |
This template creates a Front Door Standard/Premium. |
| Front Door Standard/Premium with API Management origin |
This template creates a Front Door Premium and an API Management instance, and uses an NSG and global API Management policy to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with App Service origin |
This template creates a Front Door Standard/Premium, an App Service, and configures the App Service to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with Application Gateway origin |
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin. |
| Front Door with Container Instances and Application Gateway |
This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
| Front Door Standard/Premium with Azure Container Instances |
This template creates a Front Door Standard/Premium with a container group. |
| Front Door Standard/Premium with custom domain |
This template creates a Front Door Standard/Premium including a custom domain and Microsoft-managed certificate. |
| Front Door Standard/Premium with Azure DNS and custom domain |
This template creates a Front Door Standard/Premium including a custom domain on Azure DNS and Microsoft-managed certificate. |
| Front Door Standard/Premium with domain and certificate |
This template creates a Front Door Standard/Premium including a custom domain and customer-managed certificate. |
| Front Door Standard/Premium with Azure Functions origin |
This template creates a Front Door Standard/Premium, an Azure Functions app, and configures the function app to validate that traffic has come through the Front Door origin. |
| Front Door Standard/Premium with geo-filtering |
This template creates a Front Door Standard/Premium including a web application firewall with a geo-filtering rule. |
| Front Door Standard/Premium with rate limit |
This template creates a Front Door Standard/Premium including a web application firewall with a rate limit rule. |
| Front Door Standard/Premium with rule set |
This template creates a Front Door Standard/Premium including a rule set. |
| Front Door Standard/Premium with static website origin |
This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website. |
| Front Door Standard/Premium with WAF and custom rule |
This template creates a Front Door Standard/Premium including a web application firewall with a custom rule. |
| Function App secured by Azure Frontdoor |
This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link. |
| Highly Available Multi-region Web App |
This template allows you to create a secure, highly available, multi-region end to end solution with two web apps in different regions behind Azure Front Door |
Terraform (AzAPI provider) resource definition
The profiles/originGroups/origins resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Cdn/profiles/originGroups/origins resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Cdn/profiles/originGroups/origins@2023-07-01-preview"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
azureOrigin = {
id = "string"
}
enabledState = "string"
enforceCertificateNameCheck = bool
hostName = "string"
httpPort = int
httpsPort = int
originHostHeader = "string"
priority = int
sharedPrivateLinkResource = {
groupId = "string"
privateLink = {
id = "string"
}
privateLinkLocation = "string"
requestMessage = "string"
status = "string"
}
weight = int
}
})
}
Property values
profiles/originGroups/origins
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Cdn/profiles/originGroups/origins@2023-07-01-preview" |
| name | The resource name | string (required) Character limit: 1-50 Valid characters: Alphanumerics and hyphens. Start and end with alphanumeric. Resource name must be unique across Azure. |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: originGroups |
| properties | The JSON object that contains the properties of the origin. | AFDOriginProperties |
AFDOriginProperties
| Name | Description | Value |
|---|---|---|
| azureOrigin | Resource reference to the Azure origin resource. | ResourceReference |
| enabledState | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | "Disabled" "Enabled" |
| enforceCertificateNameCheck | Whether to enable certificate name check at origin level | bool |
| hostName | The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. | string |
| httpPort | The value of the HTTP port. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
| httpsPort | The value of the HTTPS port. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
| originHostHeader | The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint | string |
| priority | Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5 | int Constraints: Min value = 1 Max value = 5 |
| sharedPrivateLinkResource | The properties of the private link resource for private origin. | SharedPrivateLinkResourceProperties |
| weight | Weight of the origin in given origin group for load balancing. Must be between 1 and 1000 | int Constraints: Min value = 1 Max value = 1000 |
ResourceReference
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
SharedPrivateLinkResourceProperties
| Name | Description | Value |
|---|---|---|
| groupId | The group id from the provider of resource the shared private link resource is for. | string |
| privateLink | The resource id of the resource the shared private link resource is for. | ResourceReference |
| privateLinkLocation | The location of the shared private link resource | string |
| requestMessage | The request message for requesting approval of the shared private link resource. | string |
| status | Status of the shared private link resource. Can be Pending, Approved, Rejected, Disconnected, or Timeout. | "Approved" "Disconnected" "Pending" "Rejected" "Timeout" |