So I’ve talked about the fact that the Azure Function resource in the AzureRM provider does not support the exporting of the Key necessary to integrate Azure Functions with Azure API Management. However, I have recently employed a work around, whereby you are able to export the Azure Function Key using the Resource Group Template Terraform Resource (i.e. azurerm_template_deployment).

To make it easier to provision a large number of these Azure Functions and configure them with Azure API Management, I setup a few modules. The first module is called “azure-function” which encapsulates the Azure Function Resource (i.e. azurerm_function_app) and the Resource Group Template that is exporting the Key. This alone is extremely useful in just eliminating the redundancy of provisioning both of these resources for every function in your solution.

However, things get even more wild when you start introducing Azure API Management. API Management requires a much larger quantity of resources to provision a fully working Azure Function Backed API. You need an API, an API Policy, a link to the desired API Product you want to associate your API with, an API Backend, and a Named Property that stores Credential secret information to be used by your Backend. That’s a lot! Imagine if you had 15 microservices! That’s 15 functions and 105 resources to provision a fully configured API with your Azure Function! As the great General McAuliffe said, “Nuts!”

I pipe in the following variables:

  1. Name Prefix: used to allow me to vary the naming of all the resources provisioned for the Microservice
  2. Location: Azure Region we’re deploying to
  3. Resource Group Name: Azure Resource Group we’re deploying to
  4. API Management Name: API Management Resource we’re adding the API to
  5. API Management Product ID: API Management Product we’re associating the API to
  6. App Service Plan: App Service Plan that will host the Azure Function (could be reserved or consumer plan)
  7. Storage Connection String: Storage Account that the App Service Plan uses for logging
  8. App Settings: Most of my Azure Functions use the same app settings so I create a local within the parent module and pass the same to all the microservices

Below is a diagram of the module hierarchy I’m using. Orange are the modules and blue are the AzureRM provider resources that are being provisioned.

Alt

Allows me to manage the API Management configuration with Infrastructure-as-Code using Terraform. Which means I can avoid the extremely manual “import” operations exposed in the Azure Portal.

Works great!