Cannot set a minimum TLS version for FrontDoor in terraform
I am using terraform 1.44. When I try to run this:
resource "azurerm_frontdoor" "frontdoor" {
name = "my-fd"
location = "${azurerm_resource_group.default.location}"
resource_group_name = "${azurerm_resource_group.default.name}"
enforce_backend_pools_certificate_name_check = false
routing_rule {
.....
}
backend_pool_load_balancing {
......
}
backend_pool_health_probe {
.....
}
backend_pool {
.......
}
frontend_endpoint {
name = "myFrontendEndpoint"
host_name = "my-custom.hostname.com"
custom_https_provisioning_enabled = true
custom_https_configuration {
certificate_source = "FrontDoor"
minimum_tls_version = "1.2"
}
}
}
It is failing with
Error: "frontend_endpoint.custom_https_configuration.minimum_tls_version": this field cannot be set
According to this GitHub issue it should be resolved already, but documentation link is broken... And in current documentation there is no mention of this field...
How can I create this frontend? Without setting the minimum_tls_version it errors with
Error enabling Custom Domain HTTPS for Frontend Endpoint: frontdoor.FrontendEndpointsClient#EnableHTTPS: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="\"minimumTlsVersion\" is a mandatory parameter."
From Azure front door SSL configuration,
All Front Door profiles created after September 2019 use TLS 1.2 as the default minimum.
Front Door supports TLS versions 1.0, 1.1 and 1.2. TLS 1.3 is not yet supported.
From the terraform document, the attribute minimum_tls_version only could be exported from custom_https_configuration block. It can not be set like an Argument Reference.
For example,
....
frontend_endpoint {
name = "exampleFrontendEndpoint1"
host_name = "example-FrontDoor.azurefd.net"
custom_https_provisioning_enabled = true
custom_https_configuration {
certificate_source = "FrontDoor"
}
}
}
output "minimum_tls_version" {
value = "${azurerm_frontdoor.example.frontend_endpoint[0].custom_https_configuration[0].minimum_tls_version}"
}
