{"id":19129457,"url":"https://github.com/launchbynttdata/tf-azurerm-module_reference-application_gateway","last_synced_at":"2026-04-03T00:22:54.805Z","repository":{"id":242580514,"uuid":"807814996","full_name":"launchbynttdata/tf-azurerm-module_reference-application_gateway","owner":"launchbynttdata","description":null,"archived":false,"fork":false,"pushed_at":"2024-12-20T17:20:15.000Z","size":79,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-01-03T10:46:08.087Z","etag":null,"topics":["azure","reference-architecture","terraform"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/launchbynttdata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-29T20:32:05.000Z","updated_at":"2024-10-10T14:33:53.000Z","dependencies_parsed_at":"2024-12-20T12:30:02.579Z","dependency_job_id":"9f232c1a-05d4-4e3b-9c7d-c9f8b8893a5a","html_url":"https://github.com/launchbynttdata/tf-azurerm-module_reference-application_gateway","commit_stats":null,"previous_names":["launchbynttdata/tf-azurerm-module_reference-application_gateway"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-azurerm-module_reference-application_gateway","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-azurerm-module_reference-application_gateway/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-azurerm-module_reference-application_gateway/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-azurerm-module_reference-application_gateway/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/launchbynttdata","download_url":"https://codeload.github.com/launchbynttdata/tf-azurerm-module_reference-application_gateway/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240206970,"owners_count":19765036,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","reference-architecture","terraform"],"created_at":"2024-11-09T06:07:33.486Z","updated_at":"2026-04-03T00:22:54.789Z","avatar_url":"https://github.com/launchbynttdata.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tf-azurerm-module_reference-application_gateway\n\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![License: CC BY-NC-ND 4.0](https://img.shields.io/badge/License-CC_BY--NC--ND_4.0-lightgrey.svg)](https://creativecommons.org/licenses/by-nc-nd/4.0/)\n\n## Overview\n\nThis terraform module provisions an Azure Application Gateway with all its dependencies. It supports the SKUs `Standard_V2` and\n`WAF_V2`. At the time of creating this module, its possible to provision either Public only or both Private and public\nApplication Gateway instance. The Private only is currently in Preview and is not supported by this module. The only input to this module is the\nsubnet in which the Application Gateway should be deployed.\n\nThis reference module is built as a wrapper around the primitive module [tf-azurerm-module_primitive-application_gateway](https://github.com/launchbynttdata/tf-azurerm-module_primitive-application_gateway)\n\nIt provisions the following resources:\n- Resource Group\n- Application Gateway\n- WAF (optional)\n- Public IP\n- Custom Domain Name\n- TLS Certificates for listeners\n- User Assigned Managed Identity (MSI)\n- Role Assignment for MSI to access services like KeyVault\n\n## Pre-Commit hooks\n\n[.pre-commit-config.yaml](.pre-commit-config.yaml) file defines certain `pre-commit` hooks that are relevant to terraform, golang and common linting tasks. There are no custom hooks added.\n\n`commitlint` hook enforces commit message in certain format. The commit contains the following structural elements, to communicate intent to the consumers of your commit messages:\n\n- **fix**: a commit of the type `fix` patches a bug in your codebase (this correlates with PATCH in Semantic Versioning).\n- **feat**: a commit of the type `feat` introduces a new feature to the codebase (this correlates with MINOR in Semantic Versioning).\n- **BREAKING CHANGE**: a commit that has a footer `BREAKING CHANGE:`, or appends a `!` after the type/scope, introduces a breaking API change (correlating with MAJOR in Semantic Versioning). A BREAKING CHANGE can be part of commits of any type.\nfooters other than BREAKING CHANGE: \u003cdescription\u003e may be provided and follow a convention similar to git trailer format.\n- **build**: a commit of the type `build` adds changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)\n- **chore**: a commit of the type `chore` adds changes that don't modify src or test files\n- **ci**: a commit of the type `ci` adds changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)\n- **docs**: a commit of the type `docs` adds documentation only changes\n- **perf**: a commit of the type `perf` adds code change that improves performance\n- **refactor**: a commit of the type `refactor` adds code change that neither fixes a bug nor adds a feature\n- **revert**: a commit of the type `revert` reverts a previous commit\n- **style**: a commit of the type `style` adds code changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)\n- **test**: a commit of the type `test` adds missing tests or correcting existing tests\n\nBase configuration used for this project is [commitlint-config-conventional (based on the Angular convention)](https://github.com/conventional-changelog/commitlint/tree/master/@commitlint/config-conventional#type-enum)\n\nIf you are a developer using vscode, [this](https://marketplace.visualstudio.com/items?itemName=joshbolduc.commitlint) plugin may be helpful.\n\n`detect-secrets-hook` prevents new secrets from being introduced into the baseline. TODO: INSERT DOC LINK ABOUT HOOKS\n\nIn order for `pre-commit` hooks to work properly\n\n- You need to have the pre-commit package manager installed. [Here](https://pre-commit.com/#install) are the installation instructions.\n- `pre-commit` would install all the hooks when commit message is added by default except for `commitlint` hook. `commitlint` hook would need to be installed manually using the command below\n\n```\npre-commit install --hook-type commit-msg\n```\n\n## To test the resource group module locally\n\n1. For development/enhancements to this module locally, you'll need to install all of its components. This is controlled by the `configure` target in the project's [`Makefile`](./Makefile). Before you can run `configure`, familiarize yourself with the variables in the `Makefile` and ensure they're pointing to the right places.\n\n```\nmake configure\n```\n\nThis adds in several files and directories that are ignored by `git`. They expose many new Make targets.\n\n2. _THIS STEP APPLIES ONLY TO MICROSOFT AZURE. IF YOU ARE USING A DIFFERENT PLATFORM PLEASE SKIP THIS STEP._ The first target you care about is `env`. This is the common interface for setting up environment variables. The values of the environment variables will be used to authenticate with cloud provider from local development workstation.\n\n`make configure` command will bring down `azure_env.sh` file on local workstation. Devloper would need to modify this file, replace the environment variable values with relevant values.\n\nThese environment variables are used by `terratest` integration suit.\n\nService principle used for authentication(value of ARM_CLIENT_ID) should have below privileges on resource group within the subscription.\n\n```\n\"Microsoft.Resources/subscriptions/resourceGroups/write\"\n\"Microsoft.Resources/subscriptions/resourceGroups/read\"\n\"Microsoft.Resources/subscriptions/resourceGroups/delete\"\n```\n\nThen run this make target to set the environment variables on developer workstation.\n\n```\nmake env\n```\n\n3. The first target you care about is `check`.\n\n**Pre-requisites**\nBefore running this target it is important to ensure that, developer has created files mentioned below on local workstation under root directory of git repository that contains code for primitives/segments. Note that these files are `azure` specific. If primitive/segment under development uses any other cloud provider than azure, this section may not be relevant.\n\n- A file named `provider.tf` with contents below\n\n```\nprovider \"azurerm\" {\n  features {}\n}\n```\n\n- A file named `terraform.tfvars` which contains key value pair of variables used.\n\nNote that since these files are added in `gitignore` they would not be checked in into primitive/segment's git repo.\n\nAfter creating these files, for running tests associated with the primitive/segment, run\n\n```\nmake check\n```\n\nIf `make check` target is successful, developer is good to commit the code to primitive/segment's git repo.\n\n`make check` target\n\n- runs `terraform commands` to `lint`,`validate` and `plan` terraform code.\n- runs `conftests`. `conftests` make sure `policy` checks are successful.\n- runs `terratest`. This is integration test suit.\n- runs `opa` tests\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | ~\u003e 1.0 |\n| \u003ca name=\"requirement_azurerm\"\u003e\u003c/a\u003e [azurerm](#requirement\\_azurerm) | ~\u003e 3.117.1 |\n\n## Providers\n\nNo providers.\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_resource_names\"\u003e\u003c/a\u003e [resource\\_names](#module\\_resource\\_names) | terraform.registry.launch.nttdata.com/module_library/resource_name/launch | ~\u003e 1.0 |\n| \u003ca name=\"module_resource_names_v2\"\u003e\u003c/a\u003e [resource\\_names\\_v2](#module\\_resource\\_names\\_v2) | terraform.registry.launch.nttdata.com/module_library/resource_name/launch | ~\u003e 2.0 |\n| \u003ca name=\"module_resource_group\"\u003e\u003c/a\u003e [resource\\_group](#module\\_resource\\_group) | terraform.registry.launch.nttdata.com/module_primitive/resource_group/azurerm | ~\u003e 1.0 |\n| \u003ca name=\"module_public_ip\"\u003e\u003c/a\u003e [public\\_ip](#module\\_public\\_ip) | terraform.registry.launch.nttdata.com/module_primitive/public_ip/azurerm | ~\u003e 1.0 |\n| \u003ca name=\"module_managed_identity\"\u003e\u003c/a\u003e [managed\\_identity](#module\\_managed\\_identity) | terraform.registry.launch.nttdata.com/module_primitive/user_managed_identity/azurerm | ~\u003e 1.0 |\n| \u003ca name=\"module_identity_roles\"\u003e\u003c/a\u003e [identity\\_roles](#module\\_identity\\_roles) | terraform.registry.launch.nttdata.com/module_primitive/role_assignment/azurerm | ~\u003e 1.0 |\n| \u003ca name=\"module_private_dns_record\"\u003e\u003c/a\u003e [private\\_dns\\_record](#module\\_private\\_dns\\_record) | terraform.registry.launch.nttdata.com/module_primitive/private_dns_records/azurerm | ~\u003e 1.0 |\n| \u003ca name=\"module_waf_policy\"\u003e\u003c/a\u003e [waf\\_policy](#module\\_waf\\_policy) | terraform.registry.launch.nttdata.com/module_primitive/web_application_firewall_policy/azurerm | ~\u003e 1.0 |\n| \u003ca name=\"module_application_gateway\"\u003e\u003c/a\u003e [application\\_gateway](#module\\_application\\_gateway) | terraform.registry.launch.nttdata.com/module_primitive/application_gateway/azurerm | ~\u003e 1.0 |\n| \u003ca name=\"module_log_analytics_workspace\"\u003e\u003c/a\u003e [log\\_analytics\\_workspace](#module\\_log\\_analytics\\_workspace) | terraform.registry.launch.nttdata.com/module_primitive/log_analytics_workspace/azurerm | ~\u003e 1.0 |\n| \u003ca name=\"module_diagnostic_setting\"\u003e\u003c/a\u003e [diagnostic\\_setting](#module\\_diagnostic\\_setting) | terraform.registry.launch.nttdata.com/module_primitive/monitor_diagnostic_setting/azurerm | ~\u003e 3.0 |\n\n## Resources\n\nNo resources.\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_product_family\"\u003e\u003c/a\u003e [product\\_family](#input\\_product\\_family) | (Required) Name of the product family for which the resource is created.\u003cbr\u003e    Example: org\\_name, department\\_name. | `string` | `\"dso\"` | no |\n| \u003ca name=\"input_product_service\"\u003e\u003c/a\u003e [product\\_service](#input\\_product\\_service) | (Required) Name of the product service for which the resource is created.\u003cbr\u003e    For example, backend, frontend, middleware etc. | `string` | `\"app\"` | no |\n| \u003ca name=\"input_environment\"\u003e\u003c/a\u003e [environment](#input\\_environment) | Environment in which the resource should be provisioned like dev, qa, prod etc. | `string` | `\"dev\"` | no |\n| \u003ca name=\"input_environment_number\"\u003e\u003c/a\u003e [environment\\_number](#input\\_environment\\_number) | The environment count for the respective environment. Defaults to 000. Increments in value of 1 | `string` | `\"000\"` | no |\n| \u003ca name=\"input_resource_number\"\u003e\u003c/a\u003e [resource\\_number](#input\\_resource\\_number) | The resource count for the respective resource. Defaults to 000. Increments in value of 1 | `string` | `\"000\"` | no |\n| \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region) | AWS Region in which the infra needs to be provisioned | `string` | `\"eastus\"` | no |\n| \u003ca name=\"input_resource_names_map\"\u003e\u003c/a\u003e [resource\\_names\\_map](#input\\_resource\\_names\\_map) | A map of key to resource\\_name that will be used by tf-launch-module\\_library-resource\\_name to generate resource names | \u003cpre\u003emap(object(\u003cbr\u003e    {\u003cbr\u003e      name       = string\u003cbr\u003e      max_length = optional(number, 60)\u003cbr\u003e    }\u003cbr\u003e  ))\u003c/pre\u003e | \u003cpre\u003e{\u003cbr\u003e  \"app_gateway\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"appgw\"\u003cbr\u003e  },\u003cbr\u003e  \"log_analytics_workspace\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"law\"\u003cbr\u003e  },\u003cbr\u003e  \"msi\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"msi\"\u003cbr\u003e  },\u003cbr\u003e  \"nsg\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"nsg\"\u003cbr\u003e  },\u003cbr\u003e  \"public_ip\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"pip\"\u003cbr\u003e  },\u003cbr\u003e  \"resource_group\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"rg\"\u003cbr\u003e  },\u003cbr\u003e  \"waf_policy\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"waf\"\u003cbr\u003e  }\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_resource_names_version\"\u003e\u003c/a\u003e [resource\\_names\\_version](#input\\_resource\\_names\\_version) | Major version of the resource names module to use | `string` | `\"1\"` | no |\n| \u003ca name=\"input_frontend_ip_configuration_name\"\u003e\u003c/a\u003e [frontend\\_ip\\_configuration\\_name](#input\\_frontend\\_ip\\_configuration\\_name) | Name of the frontend IP configuration. | `string` | `\"standard-public-ip\"` | no |\n| \u003ca name=\"input_frontend_private_ip_configuration_name\"\u003e\u003c/a\u003e [frontend\\_private\\_ip\\_configuration\\_name](#input\\_frontend\\_private\\_ip\\_configuration\\_name) | Name of the frontend private IP configuration. Mandatory when appgw\\_private is set to true. | `string` | `\"standard-private-ip\"` | no |\n| \u003ca name=\"input_gateway_ip_configuration_name\"\u003e\u003c/a\u003e [gateway\\_ip\\_configuration\\_name](#input\\_gateway\\_ip\\_configuration\\_name) | Name of the gateway IP configuration. | `string` | `\"app-gateway-ip\"` | no |\n| \u003ca name=\"input_sku_capacity\"\u003e\u003c/a\u003e [sku\\_capacity](#input\\_sku\\_capacity) | The Capacity of the SKU to use for this Application Gateway - which must be between 1 and 10, optional if autoscale\\_configuration is set | `number` | `2` | no |\n| \u003ca name=\"input_sku\"\u003e\u003c/a\u003e [sku](#input\\_sku) | The Name of the SKU to use for this Application Gateway. Possible values are Standard\\_v2 and WAF\\_v2. | `string` | `\"Standard_v2\"` | no |\n| \u003ca name=\"input_zones\"\u003e\u003c/a\u003e [zones](#input\\_zones) | A collection of availability zones to spread the Application Gateway over. This option is only supported for v2 SKUs | `list(number)` | \u003cpre\u003e[\u003cbr\u003e  1,\u003cbr\u003e  2,\u003cbr\u003e  3\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_frontend_port_settings\"\u003e\u003c/a\u003e [frontend\\_port\\_settings](#input\\_frontend\\_port\\_settings) | Frontend port settings. Each port setting contains the name and the port for the frontend port. | \u003cpre\u003elist(object({\u003cbr\u003e    name = string\u003cbr\u003e    port = number\u003cbr\u003e  }))\u003c/pre\u003e | n/a | yes |\n| \u003ca name=\"input_ssl_policy\"\u003e\u003c/a\u003e [ssl\\_policy](#input\\_ssl\\_policy) | Application Gateway SSL configuration. The list of available policies can be found here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway#disabled_protocols | \u003cpre\u003eobject({\u003cbr\u003e    disabled_protocols   = optional(list(string), [])\u003cbr\u003e    policy_type          = optional(string, \"Predefined\")\u003cbr\u003e    policy_name          = optional(string, \"AppGwSslPolicy20170401S\")\u003cbr\u003e    cipher_suites        = optional(list(string), [])\u003cbr\u003e    min_protocol_version = optional(string, \"TLSv1_2\")\u003cbr\u003e  })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_ssl_profile\"\u003e\u003c/a\u003e [ssl\\_profile](#input\\_ssl\\_profile) | Application Gateway SSL profile. Default profile is used when this variable is set to null. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway#name | \u003cpre\u003elist(object({\u003cbr\u003e    name                             = string\u003cbr\u003e    trusted_client_certificate_names = optional(list(string), [])\u003cbr\u003e    verify_client_cert_issuer_dn     = optional(bool, false)\u003cbr\u003e    ssl_policy = optional(object({\u003cbr\u003e      disabled_protocols   = optional(list(string), [])\u003cbr\u003e      policy_type          = optional(string, \"Predefined\")\u003cbr\u003e      policy_name          = optional(string, \"AppGwSslPolicy20170401S\")\u003cbr\u003e      cipher_suites        = optional(list(string), [])\u003cbr\u003e      min_protocol_version = optional(string, \"TLSv1_2\")\u003cbr\u003e    }))\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_firewall_policy_id\"\u003e\u003c/a\u003e [firewall\\_policy\\_id](#input\\_firewall\\_policy\\_id) | ID of a Web Application Firewall Policy | `string` | `null` | no |\n| \u003ca name=\"input_trusted_root_certificate_configs\"\u003e\u003c/a\u003e [trusted\\_root\\_certificate\\_configs](#input\\_trusted\\_root\\_certificate\\_configs) | List of trusted root certificates. `file_path` is checked first, using `data` (base64 cert content) if null. This parameter is required if you are not using a trusted certificate authority (eg. selfsigned certificate). | \u003cpre\u003elist(object({\u003cbr\u003e    name                = string\u003cbr\u003e    data                = optional(string)\u003cbr\u003e    file_path           = optional(string)\u003cbr\u003e    key_vault_secret_id = optional(string)\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_appgw_backend_pools\"\u003e\u003c/a\u003e [appgw\\_backend\\_pools](#input\\_appgw\\_backend\\_pools) | List of objects with backend pool configurations. | \u003cpre\u003elist(object({\u003cbr\u003e    name         = string\u003cbr\u003e    fqdns        = optional(list(string))\u003cbr\u003e    ip_addresses = optional(list(string))\u003cbr\u003e  }))\u003c/pre\u003e | n/a | yes |\n| \u003ca name=\"input_appgw_http_listeners\"\u003e\u003c/a\u003e [appgw\\_http\\_listeners](#input\\_appgw\\_http\\_listeners) | List of objects with HTTP listeners configurations and custom error configurations.\u003cbr\u003e    The field `frontend_ip_configuration_name` may not be set. By default, the listener attaches to the public IP of the App Gateway.\u003cbr\u003e    If appgw\\_private is set to true, the listener will attach to the private IP of the App Gateway.\u003cbr\u003e    If user needs to override this behavior, they can set the `frontend_ip_configuration_name` to the name of the frontend IP configuration. | \u003cpre\u003elist(object({\u003cbr\u003e    name = string\u003cbr\u003e\u003cbr\u003e    frontend_ip_configuration_name = optional(string)\u003cbr\u003e    frontend_port_name             = optional(string)\u003cbr\u003e    host_name                      = optional(string)\u003cbr\u003e    host_names                     = optional(list(string))\u003cbr\u003e    protocol                       = optional(string, \"Https\")\u003cbr\u003e    require_sni                    = optional(bool, false)\u003cbr\u003e    ssl_certificate_name           = optional(string)\u003cbr\u003e    ssl_profile_name               = optional(string)\u003cbr\u003e    firewall_policy_id             = optional(string)\u003cbr\u003e\u003cbr\u003e    custom_error_configuration = optional(list(object({\u003cbr\u003e      status_code           = string\u003cbr\u003e      custom_error_page_url = string\u003cbr\u003e    })), [])\u003cbr\u003e  }))\u003c/pre\u003e | n/a | yes |\n| \u003ca name=\"input_custom_error_configuration\"\u003e\u003c/a\u003e [custom\\_error\\_configuration](#input\\_custom\\_error\\_configuration) | List of objects with global level custom error configurations. | \u003cpre\u003elist(object({\u003cbr\u003e    status_code           = string\u003cbr\u003e    custom_error_page_url = string\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_ssl_certificates_configs\"\u003e\u003c/a\u003e [ssl\\_certificates\\_configs](#input\\_ssl\\_certificates\\_configs) | List of objects with SSL certificates configurations.\u003cbr\u003eThe path to a base-64 encoded certificate is expected in the 'data' attribute:\u003cpre\u003edata = filebase64(\"./file_path\")\u003c/pre\u003e | \u003cpre\u003elist(object({\u003cbr\u003e    name                = string\u003cbr\u003e    data                = optional(string)\u003cbr\u003e    password            = optional(string)\u003cbr\u003e    key_vault_secret_id = optional(string)\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_authentication_certificates_configs\"\u003e\u003c/a\u003e [authentication\\_certificates\\_configs](#input\\_authentication\\_certificates\\_configs) | List of objects with authentication certificates configurations.\u003cbr\u003eThe path to a base-64 encoded certificate is expected in the 'data' attribute:\u003cpre\u003edata = filebase64(\"./file_path\")\u003c/pre\u003e | \u003cpre\u003elist(object({\u003cbr\u003e    name = string\u003cbr\u003e    data = string\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_trusted_client_certificates_configs\"\u003e\u003c/a\u003e [trusted\\_client\\_certificates\\_configs](#input\\_trusted\\_client\\_certificates\\_configs) | List of objects with trusted client certificates configurations.\u003cbr\u003eThe path to a base-64 encoded certificate is expected in the 'data' attribute:\u003cpre\u003edata = filebase64(\"./file_path\")\u003c/pre\u003e | \u003cpre\u003elist(object({\u003cbr\u003e    name = string\u003cbr\u003e    data = string\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_appgw_routings\"\u003e\u003c/a\u003e [appgw\\_routings](#input\\_appgw\\_routings) | List of objects with request routing rules configurations. With AzureRM v3+ provider, `priority` attribute becomes mandatory.\u003cbr\u003e    Each Routing rule is associated with a particular listener and determines how traffic are routed to the backend pool.\u003cbr\u003e    Multiple routing rules cannot be associated with the same listener.\u003cbr\u003e\u003cbr\u003e    rule\\_type=\"PathBasedRouting\" can be used to route traffic to multiple backends based on the URL path, else rule\\_type=\"Basic\" is used.\u003cbr\u003e\u003cbr\u003e    `url_path_map_name` is required when rule\\_type=\"PathBasedRouting\" and is used to define the URL path map configuration. | \u003cpre\u003elist(object({\u003cbr\u003e    name                        = string\u003cbr\u003e    rule_type                   = optional(string, \"Basic\")\u003cbr\u003e    http_listener_name          = optional(string)\u003cbr\u003e    backend_address_pool_name   = optional(string)\u003cbr\u003e    backend_http_settings_name  = optional(string)\u003cbr\u003e    url_path_map_name           = optional(string)\u003cbr\u003e    redirect_configuration_name = optional(string)\u003cbr\u003e    rewrite_rule_set_name       = optional(string)\u003cbr\u003e    priority                    = optional(number)\u003cbr\u003e  }))\u003c/pre\u003e | n/a | yes |\n| \u003ca name=\"input_appgw_probes\"\u003e\u003c/a\u003e [appgw\\_probes](#input\\_appgw\\_probes) | List of objects with probes configurations.\u003cbr\u003e    Probes are used to determine the health of the backend servers.\u003cbr\u003e    User needs to define custom probes only when the default probe is not sufficient, for example when the backend server\u003cbr\u003e    uses a different port or path or protocol.\u003cbr\u003e\u003cbr\u003e    Additional checks can be added to the default probe by setting the `match` attribute to compare the return status code\u003cbr\u003e    or the response body | \u003cpre\u003elist(object({\u003cbr\u003e    name     = string\u003cbr\u003e    host     = optional(string)\u003cbr\u003e    port     = optional(number, null)\u003cbr\u003e    interval = optional(number, 30)\u003cbr\u003e    path     = optional(string, \"/\")\u003cbr\u003e    protocol = optional(string, \"Https\")\u003cbr\u003e    timeout  = optional(number, 30)\u003cbr\u003e\u003cbr\u003e    unhealthy_threshold                       = optional(number, 3)\u003cbr\u003e    pick_host_name_from_backend_http_settings = optional(bool, false)\u003cbr\u003e    minimum_servers                           = optional(number, 0)\u003cbr\u003e\u003cbr\u003e    match = optional(object({\u003cbr\u003e      body        = optional(string, \"\")\u003cbr\u003e      status_code = optional(list(string), [\"200-399\"])\u003cbr\u003e    }), {})\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_appgw_backend_http_settings\"\u003e\u003c/a\u003e [appgw\\_backend\\_http\\_settings](#input\\_appgw\\_backend\\_http\\_settings) | List of objects including backend http settings configurations.\u003cbr\u003e    Each backend pool must be associated with a backend http settings configuration. | \u003cpre\u003elist(object({\u003cbr\u003e    name     = string\u003cbr\u003e    port     = optional(number, 443)\u003cbr\u003e    protocol = optional(string, \"Https\")\u003cbr\u003e\u003cbr\u003e    path       = optional(string)\u003cbr\u003e    probe_name = optional(string)\u003cbr\u003e\u003cbr\u003e    cookie_based_affinity               = optional(string, \"Disabled\")\u003cbr\u003e    affinity_cookie_name                = optional(string, \"ApplicationGatewayAffinity\")\u003cbr\u003e    request_timeout                     = optional(number, 20)\u003cbr\u003e    host_name                           = optional(string)\u003cbr\u003e    pick_host_name_from_backend_address = optional(bool, true)\u003cbr\u003e    trusted_root_certificate_names      = optional(list(string), [])\u003cbr\u003e    authentication_certificate          = optional(string)\u003cbr\u003e\u003cbr\u003e    connection_draining_timeout_sec = optional(number)\u003cbr\u003e  }))\u003c/pre\u003e | n/a | yes |\n| \u003ca name=\"input_appgw_url_path_map\"\u003e\u003c/a\u003e [appgw\\_url\\_path\\_map](#input\\_appgw\\_url\\_path\\_map) | List of objects with URL path map configurations.\u003cbr\u003e    This is mandatory when the routing rule\\_type is set to \"PathBasedRouting\". Path mapping must be specified to\u003cbr\u003e    route traffic to multiple backends based on the URL path. | \u003cpre\u003elist(object({\u003cbr\u003e    name = string\u003cbr\u003e\u003cbr\u003e    default_backend_address_pool_name   = optional(string)\u003cbr\u003e    default_redirect_configuration_name = optional(string)\u003cbr\u003e    default_backend_http_settings_name  = optional(string)\u003cbr\u003e    default_rewrite_rule_set_name       = optional(string)\u003cbr\u003e\u003cbr\u003e    path_rules = list(object({\u003cbr\u003e      name = string\u003cbr\u003e\u003cbr\u003e      backend_address_pool_name   = optional(string)\u003cbr\u003e      backend_http_settings_name  = optional(string)\u003cbr\u003e      rewrite_rule_set_name       = optional(string)\u003cbr\u003e      redirect_configuration_name = optional(string)\u003cbr\u003e\u003cbr\u003e      paths = optional(list(string), [])\u003cbr\u003e    }))\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_appgw_redirect_configuration\"\u003e\u003c/a\u003e [appgw\\_redirect\\_configuration](#input\\_appgw\\_redirect\\_configuration) | List of objects with redirect configurations. | \u003cpre\u003elist(object({\u003cbr\u003e    name = string\u003cbr\u003e\u003cbr\u003e    redirect_type        = optional(string, \"Permanent\")\u003cbr\u003e    target_listener_name = optional(string)\u003cbr\u003e    target_url           = optional(string)\u003cbr\u003e\u003cbr\u003e    include_path         = optional(bool, true)\u003cbr\u003e    include_query_string = optional(bool, true)\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_appgw_rewrite_rule_set\"\u003e\u003c/a\u003e [appgw\\_rewrite\\_rule\\_set](#input\\_appgw\\_rewrite\\_rule\\_set) | List of rewrite rule set objects with rewrite rules. | \u003cpre\u003elist(object({\u003cbr\u003e    name = string\u003cbr\u003e    rewrite_rules = list(object({\u003cbr\u003e      name          = string\u003cbr\u003e      rule_sequence = string\u003cbr\u003e\u003cbr\u003e      conditions = optional(list(object({\u003cbr\u003e        variable    = string\u003cbr\u003e        pattern     = string\u003cbr\u003e        ignore_case = optional(bool, false)\u003cbr\u003e        negate      = optional(bool, false)\u003cbr\u003e      })), [])\u003cbr\u003e\u003cbr\u003e      response_header_configurations = optional(list(object({\u003cbr\u003e        header_name  = string\u003cbr\u003e        header_value = string\u003cbr\u003e      })), [])\u003cbr\u003e\u003cbr\u003e      request_header_configurations = optional(list(object({\u003cbr\u003e        header_name  = string\u003cbr\u003e        header_value = string\u003cbr\u003e      })), [])\u003cbr\u003e\u003cbr\u003e      url_reroute = optional(object({\u003cbr\u003e        path         = optional(string)\u003cbr\u003e        query_string = optional(string)\u003cbr\u003e        components   = optional(string)\u003cbr\u003e        reroute      = optional(bool)\u003cbr\u003e      }))\u003cbr\u003e    }))\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_force_firewall_policy_association\"\u003e\u003c/a\u003e [force\\_firewall\\_policy\\_association](#input\\_force\\_firewall\\_policy\\_association) | Enable if the Firewall Policy is associated with the Application Gateway. | `bool` | `false` | no |\n| \u003ca name=\"input_waf_configuration\"\u003e\u003c/a\u003e [waf\\_configuration](#input\\_waf\\_configuration) | WAF configuration object (only available with WAF\\_v2 SKU) with following attributes:\u003cpre\u003e- enabled:                  Boolean to enable WAF.\u003cbr\u003e    - file_upload_limit_mb:     The File Upload Limit in MB. Accepted values are in the range 1MB to 500MB.\u003cbr\u003e    - firewall_mode:            The Web Application Firewall Mode. Possible values are Detection and Prevention.\u003cbr\u003e    - max_request_body_size_kb: The Maximum Request Body Size in KB. Accepted values are in the range 1KB to 128KB.\u003cbr\u003e    - request_body_check:       Is Request Body Inspection enabled ?\u003cbr\u003e    - rule_set_type:            The Type of the Rule Set used for this Web Application Firewall.\u003cbr\u003e    - rule_set_version:         The Version of the Rule Set used for this Web Application Firewall. Possible values are 2.2.9, 3.0, and 3.1.\u003cbr\u003e    - disabled_rule_group:      The rule group where specific rules should be disabled. Accepted values can be found here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway#rule_group_name\u003cbr\u003e    - exclusion:                WAF exclusion rules to exclude header, cookie or GET argument. More informations on: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway#match_variable\u003c/pre\u003e | \u003cpre\u003eobject({\u003cbr\u003e    enabled                  = optional(bool, true)\u003cbr\u003e    file_upload_limit_mb     = optional(number, 100)\u003cbr\u003e    firewall_mode            = optional(string, \"Prevention\")\u003cbr\u003e    max_request_body_size_kb = optional(number, 128)\u003cbr\u003e    request_body_check       = optional(bool, true)\u003cbr\u003e    rule_set_type            = optional(string, \"OWASP\")\u003cbr\u003e    rule_set_version         = optional(string, 3.1)\u003cbr\u003e    disabled_rule_group = optional(list(object({\u003cbr\u003e      rule_group_name = string\u003cbr\u003e      rules           = optional(list(string))\u003cbr\u003e    })), [])\u003cbr\u003e    exclusion = optional(list(object({\u003cbr\u003e      match_variable          = string\u003cbr\u003e      selector                = optional(string)\u003cbr\u003e      selector_match_operator = optional(string)\u003cbr\u003e    })), [])\u003cbr\u003e  })\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_disable_waf_rules_for_dev_portal\"\u003e\u003c/a\u003e [disable\\_waf\\_rules\\_for\\_dev\\_portal](#input\\_disable\\_waf\\_rules\\_for\\_dev\\_portal) | Whether to disable some WAF rules if the APIM developer portal is hosted behind this Application Gateway. See locals.tf for the documentation link. | `bool` | `false` | no |\n| \u003ca name=\"input_create_waf_policy\"\u003e\u003c/a\u003e [create\\_waf\\_policy](#input\\_create\\_waf\\_policy) | Create a Web Application Firewall Policy and associate it with the Application Gateway? | `bool` | `false` | no |\n| \u003ca name=\"input_waf_policy_custom_rules\"\u003e\u003c/a\u003e [waf\\_policy\\_custom\\_rules](#input\\_waf\\_policy\\_custom\\_rules) | Custom rules of the firewall policy. | \u003cpre\u003elist(object({\u003cbr\u003e    name      = string\u003cbr\u003e    priority  = number\u003cbr\u003e    rule_type = string\u003cbr\u003e    action    = string\u003cbr\u003e\u003cbr\u003e    rate_limit_duration  = optional(string)\u003cbr\u003e    rate_limit_threshold = optional(number)\u003cbr\u003e    group_rate_limit_by  = optional(string)\u003cbr\u003e\u003cbr\u003e    match_conditions = list(object({\u003cbr\u003e      match_variables = list(object({\u003cbr\u003e        variable_name = string\u003cbr\u003e        selector      = optional(string)\u003cbr\u003e      }))\u003cbr\u003e      operator           = string\u003cbr\u003e      negation_condition = optional(bool)\u003cbr\u003e      match_values       = optional(list(string))\u003cbr\u003e      transforms         = optional(list(string))\u003cbr\u003e    }))\u003cbr\u003e  }))\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_waf_policy_settings\"\u003e\u003c/a\u003e [waf\\_policy\\_settings](#input\\_waf\\_policy\\_settings) | Policy settings of the firewall policy. | \u003cpre\u003eobject({\u003cbr\u003e    enabled                                   = optional(bool)\u003cbr\u003e    mode                                      = optional(string)\u003cbr\u003e    request_body_check                        = optional(bool)\u003cbr\u003e    file_upload_limit_in_mb                   = optional(number)\u003cbr\u003e    max_request_body_size_in_kb               = optional(number)\u003cbr\u003e    request_body_inspect_limit_in_kb          = optional(number)\u003cbr\u003e    js_challenge_cookie_expiration_in_minutes = optional(number)\u003cbr\u003e  })\u003c/pre\u003e | \u003cpre\u003e{\u003cbr\u003e  \"enabled\": null,\u003cbr\u003e  \"file_upload_limit_in_mb\": null,\u003cbr\u003e  \"js_challenge_cookie_expiration_in_minutes\": null,\u003cbr\u003e  \"max_request_body_size_in_kb\": null,\u003cbr\u003e  \"mode\": null,\u003cbr\u003e  \"request_body_check\": null,\u003cbr\u003e  \"request_body_inspect_limit_in_kb\": null\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_waf_policy_managed_rules\"\u003e\u003c/a\u003e [waf\\_policy\\_managed\\_rules](#input\\_waf\\_policy\\_managed\\_rules) | Managed rules of the firewall policy. | \u003cpre\u003eobject({\u003cbr\u003e    exclusions = optional(list(object({\u003cbr\u003e      match_variable          = string\u003cbr\u003e      selector                = string\u003cbr\u003e      selector_match_operator = string\u003cbr\u003e      excluded_rule_sets = list(object({\u003cbr\u003e        type    = string\u003cbr\u003e        version = string\u003cbr\u003e        rule_groups = list(object({\u003cbr\u003e          rule_group_name = string\u003cbr\u003e          excluded_rules  = list(string)\u003cbr\u003e        }))\u003cbr\u003e      }))\u003cbr\u003e    }))),\u003cbr\u003e    managed_rule_sets = list(object({\u003cbr\u003e      type    = string\u003cbr\u003e      version = string\u003cbr\u003e      rule_group_overrides = optional(list(object({\u003cbr\u003e        rule_group_name = string\u003cbr\u003e        rules = optional(list(object({\u003cbr\u003e          id      = number\u003cbr\u003e          enabled = optional(bool)\u003cbr\u003e          action  = optional(string)\u003cbr\u003e        })))\u003cbr\u003e      })))\u003cbr\u003e    }))\u003cbr\u003e  })\u003c/pre\u003e | \u003cpre\u003e{\u003cbr\u003e  \"managed_rule_sets\": [\u003cbr\u003e    {\u003cbr\u003e      \"type\": \"OWASP\",\u003cbr\u003e      \"version\": \"3.2\"\u003cbr\u003e    }\u003cbr\u003e  ]\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_subnet_id\"\u003e\u003c/a\u003e [subnet\\_id](#input\\_subnet\\_id) | Subnet ID for attaching the Application Gateway. This is mandatory for v2 SKUs | `string` | n/a | yes |\n| \u003ca name=\"input_private_ip_address\"\u003e\u003c/a\u003e [private\\_ip\\_address](#input\\_private\\_ip\\_address) | The private IP address of the Application Gateway. Must be within the range of the subnet. Required only when appgw\\_private is set to true. | `string` | `\"\"` | no |\n| \u003ca name=\"input_user_assigned_identity_id\"\u003e\u003c/a\u003e [user\\_assigned\\_identity\\_id](#input\\_user\\_assigned\\_identity\\_id) | User assigned identity id assigned to this resource. User can choose to pass in an existing identity or create a new one with create\\_user\\_managed\\_identity. | `string` | `null` | no |\n| \u003ca name=\"input_create_user_managed_identity\"\u003e\u003c/a\u003e [create\\_user\\_managed\\_identity](#input\\_create\\_user\\_managed\\_identity) | Creates an user assigned managed Identity and assigns it to the Application Gateway. If this is true, user\\_assigned\\_identity\\_id will be ignored. | `bool` | `true` | no |\n| \u003ca name=\"input_appgw_private\"\u003e\u003c/a\u003e [appgw\\_private](#input\\_appgw\\_private) | Boolean variable to create a private Application Gateway. When `true`, the default http listener will listen on private IP instead of the public IP. | `bool` | `false` | no |\n| \u003ca name=\"input_enable_http2\"\u003e\u003c/a\u003e [enable\\_http2](#input\\_enable\\_http2) | Whether to enable http2 or not | `bool` | `true` | no |\n| \u003ca name=\"input_autoscaling_parameters\"\u003e\u003c/a\u003e [autoscaling\\_parameters](#input\\_autoscaling\\_parameters) | Map containing autoscaling parameters. Must contain at least min\\_capacity | \u003cpre\u003eobject({\u003cbr\u003e    min_capacity = number\u003cbr\u003e    max_capacity = optional(number, 5)\u003cbr\u003e  })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_role_assignments\"\u003e\u003c/a\u003e [role\\_assignments](#input\\_role\\_assignments) | A map of role assignments to be associated with the user assigned managed identity of the Application Gateway\u003cbr\u003e    Should be of the format\u003cbr\u003e    {\u003cbr\u003e      private-dns = [\"Private DNS Zone Contributor\", \"\u003cprivate-dns-zone-id\u003e\"]\u003cbr\u003e      key-vault = [\"Key Vault Administrator\", \"\u003ckey-vault-id\u003e\"]\u003cbr\u003e    } | `map(list(string))` | `{}` | no |\n| \u003ca name=\"input_custom_private_dns_record\"\u003e\u003c/a\u003e [custom\\_private\\_dns\\_record](#input\\_custom\\_private\\_dns\\_record) | Custom private DNS record for the Application Gateway. An A-record would be created for the private IP address.\u003cbr\u003e    Valid `private_dns_zone_name` and `private_dns_zone_rg` must be provided. `name` must be only the sub-domain without the zone name. | \u003cpre\u003eobject({\u003cbr\u003e    name                  = string\u003cbr\u003e    ttl                   = optional(number, 300)\u003cbr\u003e    private_dns_zone_name = string\u003cbr\u003e    private_dns_zone_rg   = string\u003cbr\u003e  })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | A mapping of tags to assign to the resource. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_diagnostic_settings\"\u003e\u003c/a\u003e [diagnostic\\_settings](#input\\_diagnostic\\_settings) | n/a | \u003cpre\u003emap(object({\u003cbr\u003e    enabled_log = optional(list(object({\u003cbr\u003e      category_group = optional(string, \"allLogs\")\u003cbr\u003e      category       = optional(string, null)\u003cbr\u003e    })))\u003cbr\u003e    metrics = optional(list(object({\u003cbr\u003e      category = string\u003cbr\u003e      enabled  = optional(bool)\u003cbr\u003e    })))\u003cbr\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_log_analytics_workspace\"\u003e\u003c/a\u003e [log\\_analytics\\_workspace](#input\\_log\\_analytics\\_workspace) | n/a | \u003cpre\u003eobject({\u003cbr\u003e    sku               = string\u003cbr\u003e    retention_in_days = number\u003cbr\u003e    daily_quota_gb    = number\u003cbr\u003e    identity = optional(object({\u003cbr\u003e      type         = string\u003cbr\u003e      identity_ids = optional(list(string))\u003cbr\u003e    }))\u003cbr\u003e    local_authentication_disabled = optional(bool)\u003cbr\u003e  })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_log_analytics_workspace_id\"\u003e\u003c/a\u003e [log\\_analytics\\_workspace\\_id](#input\\_log\\_analytics\\_workspace\\_id) | (Optional) The ID of the Log Analytics Workspace. | `string` | `null` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_id\"\u003e\u003c/a\u003e [id](#output\\_id) | The ID of the Application Gateway. |\n| \u003ca name=\"output_name\"\u003e\u003c/a\u003e [name](#output\\_name) | The name of the Application Gateway. |\n| \u003ca name=\"output_resource_group_name\"\u003e\u003c/a\u003e [resource\\_group\\_name](#output\\_resource\\_group\\_name) | The name of the resource group |\n| \u003ca name=\"output_frontend_ip_configuration\"\u003e\u003c/a\u003e [frontend\\_ip\\_configuration](#output\\_frontend\\_ip\\_configuration) | The frontend IP configuration of the Application Gateway. |\n| \u003ca name=\"output_frontend_port\"\u003e\u003c/a\u003e [frontend\\_port](#output\\_frontend\\_port) | The frontend port of the Application Gateway. |\n| \u003ca name=\"output_backend_address_pool\"\u003e\u003c/a\u003e [backend\\_address\\_pool](#output\\_backend\\_address\\_pool) | The backend address pool of the Application Gateway. |\n| \u003ca name=\"output_waf_policy_id\"\u003e\u003c/a\u003e [waf\\_policy\\_id](#output\\_waf\\_policy\\_id) | The ID of the WAF policy |\n| \u003ca name=\"output_waf_policy_name\"\u003e\u003c/a\u003e [waf\\_policy\\_name](#output\\_waf\\_policy\\_name) | The name of the WAF policy |\n\u003c!-- END_TF_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchbynttdata%2Ftf-azurerm-module_reference-application_gateway","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaunchbynttdata%2Ftf-azurerm-module_reference-application_gateway","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchbynttdata%2Ftf-azurerm-module_reference-application_gateway/lists"}