Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/frasermolyneux-archive/poc-multiregion-app-terraform

This repository contains a proof of concept for a multi-region deployment of an .NET 7 Web Application using Azure Front Door, Azure Web Application Firewall and Azure App Services.
https://github.com/frasermolyneux-archive/poc-multiregion-app-terraform

app-services azure dotnet-7 frontdoor github-actions multi-region terraform waf

Last synced: 5 days ago
JSON representation

This repository contains a proof of concept for a multi-region deployment of an .NET 7 Web Application using Azure Front Door, Azure Web Application Firewall and Azure App Services.

Host: GitHub
URL: https://github.com/frasermolyneux-archive/poc-multiregion-app-terraform
Owner: frasermolyneux-archive
License: gpl-3.0
Created: 2023-02-28T13:09:01.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2023-05-28T06:42:20.000Z (over 1 year ago)
Last Synced: 2024-04-29T04:25:02.564Z (8 months ago)
Topics: app-services, azure, dotnet-7, frontdoor, github-actions, multi-region, terraform, waf
Language: HCL
Homepage:
Size: 1.12 MB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# POC - Azure Front Door + WAF + App Services + Multi-region

This repository contains a proof of concept for a multi-region deployment of an .NET 7 Web Application using Azure Front Door, Azure Web Application Firewall and Azure App Services.

This is not a full production ready solution, but it can be used as a starting point for your own solution.

---

## Architecture

![architecture](./docs/images/architecture.png)

* DNS Zone is an external resource referenced in this solution.
* Front Door and the WAF Policy are Global services; their metadata is deployed to the primary regions resource group.
* Log Analytics Workspace is a regional service; to allow consolidation of logs both regions use it.
* Not shown; all the resources have diagnostic logging configured to the primary regions Log Analytics Workspace.
* Not shown; the deployed app services are configured against the app insights in their respective regions which are backed by the Log Analytics Workspace in the primary region.
* App Services have been restricted to only allow traffic from Front Door using service tag and header-check.
* The WAF is deployed in detection mode, so no traffic is blocked. This is to support the [WAF Scenario](/docs/scenario-waf.md).

---

## Further Considerations

Naturally, this is a limited architecture for the POC with many additional considerations required. Here are a few as a starting point:

* Traffic is split evenly between the regions, no scaling or failover is configured. This is a simple POC, but in a production environment you would want to consider how to scale and failover traffic.

* The GitHub Actions workflow contains no validation or testing steps.

---

## POC Scenarios

* [WAF Scenario](/docs/scenario-waf.md) - After deploying the solution this scenario will show how to configure the WAF to block traffic.