Terraform - Creating an Azure function app for a .Net core HTTP function

I wanted to experiment a bit with terraform and azure function apps. So I made the below to set up an Azure function app. I chose the windows version because I could not get the linux one to work with .Net core and HTTP.

Note: I have removed the backend from the below, but you will need a backend and to initialise your terraform.

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=3.2.0"
    }
  }
  #TODO Your backend goes here
}

provider "azurerm" {
  features {}
}

variable "location" {
    type    = string
    default = "West Europe"
}

variable "resourcegroup" {
    type    = string
    default = "Resourcegroup"
}

resource "random_string" "storage_name" {
    length = 24
    upper = false
    lower = true
    number = true
    special = false
}

resource "azurerm_storage_account" "my" {
  name                     = random_string.storage_name.result
  resource_group_name      = var.resourcegroup
  location                 = var.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_service_plan" "my" {
  name                     = "my-app-service-plan"
  resource_group_name      = var.resourcegroup
  location                 = var.location
  os_type                  = "Windows"
  sku_name                 = "Y1"
}

resource "azurerm_windows_function_app" "my" {
  name                = "my-win-function-app"
  resource_group_name = var.resourcegroup
  location            = var.location

  storage_account_name = azurerm_storage_account.my.name
  service_plan_id      = azurerm_service_plan.my.id
  storage_account_access_key = azurerm_storage_account.my.primary_access_key
    
  site_config {}
}

The above is quite straightforward. We first set up several variables. We then create the storage account that the azure function app will be using. Azure functions need storage accounts for operations like managing triggers and logging function executions. We also create a service plan as an azure function needs a service plan. Next up we set up the actual app, here we use the storage account and service plan.

This Azure function app has no azure function inside of it. I wanted to deploy this through pipelines in azure devops. But there is a resource for this as well called azure function app function.

After applying your plan you can find your Azure function in Azure:

terraform-azure-function-app

If I did not apply the storage_account_access_key to the azurerm_windows_function_app resource I would get an error like the following:

creating Windows Function App: (Site Name "my-win-function-app" / Resource Group "Resourcegroup"):
│ web.AppsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest"
│ Message="Creation of storage file share failed with: 'The remote server returned an error: (403) Forbidden.'. Please
│ check if the storage account is accessible." Details=[{"Message":"Creation of storage file share failed with: 'The
│ remote server returned an error: (403) Forbidden.'. Please check if the storage account is
│ accessible."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"99022","Message":"Creation of
│ storage file share failed with: 'The remote server returned an error: (403) Forbidden.'. Please check if the storage
│ account is accessible.","MessageTemplate":"Creation of storage file share failed with: '{0}'. Please check if the
│ storage account is accessible.","Parameters":["The remote server returned an error: (403) Forbidden."]}}]

I hope you found this helpful, please leave a comment down below :) Let me know if you want a post on how to setup the pipeline as well.