All these features can be helpful in the following scenarios:<\/p>\n\n\n\n
- \n
- Delivering images, CSS files, and JavaScript files for a web application.<\/li>\n\n\n\n
- Serving files and documents, such as PDF files or JSON files.<\/li>\n\n\n\n
- Delivering non-streaming video.<\/li>\n<\/ul>\n\n\n\n
<\/p>\n\n\n\n
This method will result in the architecture shown below:<\/p>\n\n\n\n
![\"Azure](\"https:\/\/azureway.cloud\/wp-content\/uploads\/2023\/09\/fd_storage_account.drawio-2.png\")
<\/figure>\n\n\n\nThe following concern is how to set it. Naturally, Terraform is my preferred IaC. Create a storage account first.<\/p>\n\n\n\n
![\"\"](\"https:\/\/azureway.cloud\/wp-content\/uploads\/2023\/09\/fd_sa_1-1024x862.png\")
<\/figure>\n\n\n\nAs the Storage Account is defined, Azure Front Door is next in the queue, we need below Terraform resources:<\/p>\n\n\n\n
- \n
- azurerm_cdn_frontdoor_profile<\/li>\n\n\n\n
- azurerm_cdn_frontdoor_endpoint<\/li>\n\n\n\n
- azurerm_cdn_frontdoor_origin_group<\/li>\n\n\n\n
- azurerm_cdn_frontdoor_route<\/li>\n\n\n\n
- azurerm_cdn_frontdoor_custom_domain<\/li>\n\n\n\n
- azurerm_cdn_frontdoor_firewall_policy<\/li>\n\n\n\n
- azurerm_cdn_frontdoor_security_policy<\/li>\n<\/ul>\n\n\n\n
As creating Azure Front Door is really easy, I will jump into Azure Storage Account & Front Door configuration.<\/p>\n\n\n\n
First, join the Front Door group to our storage account. For instructions, see below.<\/p>\n\n\n\n
![\"\"](\"https:\/\/azureway.cloud\/wp-content\/uploads\/2023\/09\/fd_sa_2-1024x513.png\")
<\/figure>\n\n\n\nYou should take note that there is no Private DNS zone or Private IP selection here, nor do you build a Private Endpoint. This is basically a request to create a Private Endpoint. You will be shown how to approve this request in the Storage Account later on. The creation of the route comes next:<\/p>\n\n\n\n
![\"\"](\"https:\/\/azureway.cloud\/wp-content\/uploads\/2023\/09\/fd_sa_3-1-1024x604.png\")
<\/figure>\n\n\n\nNotice, that only one container is exposed here. Other paths of the Storage Account, remain private.<\/p>\n\n\n\n
The Terraform sources have all parameters with default values, so you only need to, authorize in Azure and run apply Terraform scripts:<\/p>\n\n\n\n
If you run this terraform locally then remember to set credentials. I use Service Principal, script for creation:<\/p>\n\n\n\n
az ad sp create-for-rbac --name api:\/\/terraformspn --role Contributor --scopes \/subscriptions\/##SUBSCRIPTION_ID##<\/code><\/pre>\n\n\n\nThen set environment variables in your console, I use zsh so for me it will be:<\/p>\n\n\n\n
export ARM_CLIENT_ID=\"##appId##\"\nexport ARM_CLIENT_SECRET=\"##password##\"\nexport ARM_TENANT_ID=\"##tenant##\"\nexport ARM_SUBSCRIPTION_ID=\"##subscription##\"<\/code><\/pre>\n\n\n\nAfter setting environment variables, run commands (separately).<\/p>\n\n\n\n
terraform init\nterraform apply -auto-approve<\/code><\/pre>\n\n\n\nYou ought to have all the resources produced once execution is complete. The final step is to accept Private Endpoint. Go to the newly established resource group -> Storage Account -> Networking -> Private endpoint connections to accomplish this. Click Approve after selecting the Private endpoint.<\/p>\n\n\n\n
![\"\"](\"https:\/\/azureway.cloud\/wp-content\/uploads\/2023\/09\/fd_sa_5-1024x236.png\")
<\/figure>\n\n\n\nYou ought to be able to use Azure Front Door to access the Storage Account after Private endpoint acceptance. Select URL after navigating to the Front Door instance. Following that, enter the file name and exposed container name (the default is mycontainer). There, you may pick your Front Door URL:<\/p>\n\n\n\n
![\"\"](\"https:\/\/azureway.cloud\/wp-content\/uploads\/2023\/09\/fd_sa_6-1-1024x827.png\")
<\/figure>\n\n\n\nHope you got something out of this demo.<\/p>\n","protected":false},"excerpt":{"rendered":"
This service is a global load balancer for HTTP\/HTTPS traffic. You don\u2019t need to manage resiliency, as this service is resilient by default. See what feature you can enable, using this approach: All these features can be helpful in the following scenarios: This method will result in the architecture shown below: The following concern is […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69,35],"tags":[],"class_list":["post-3504","post","type-post","status-publish","format-standard","hentry","category-azure","category-cloud-computing"],"_links":{"self":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/3504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3504"}],"version-history":[{"count":2,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/3504\/revisions"}],"predecessor-version":[{"id":3506,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/3504\/revisions\/3506"}],"wp:attachment":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}