Get a free AWS Well-Architected Assessment ->

Microsoft Azure

Front Door

Azure Front Door is a global, scalable, and secure service that provides load balancing, traffic routing, and application acceleration for web applications. It acts as a reverse proxy and distributes incoming traffic to multiple backend servers to improve the performance, availability, and security of web applications. Azure Front Door can be used to route traffic to different backend servers based on various criteria such as geographic location, latency, or URL path. It also provides built-in security features such as SSL termination, Web Application Firewall (WAF), and DDoS protection. Azure Front Door is built on top of the Azure global network, which enables it to provide low-latency, high-bandwidth connectivity to backend servers across the world. It also integrates with other Azure services such as Azure Web Apps, Azure Kubernetes Service (AKS), and Azure API Management, making it a versatile solution for modern web applications.‍
aws cost
Direct Cost
Indirect Cost
No items found.
Terraform Name
Front Door

The following arguments are supported:

  • name - (Required) The name which should be used for this Front Door Custom Domain. Possible values must be between 2 and 260 characters in length, must begin with a letter or number, end with a letter or number and contain only letters, numbers and hyphens. Changing this forces a new Front Door Custom Domain to be created.
  • cdn_frontdoor_profile_id - (Required) The ID of the Front Door Profile. Changing this forces a new Front Door Profile to be created.
  • host_name - (Required) The host name of the domain. The host_name field must be the FQDN of your domain(e.g. Changing this forces a new Front Door Custom Domain to be created.
  • dns_zone_id - (Optional) The ID of the Azure DNS Zone which should be used for this Front Door Custom Domain. If you are using Azure to host your DNS domains, you must delegate the domain provider's domain name system (DNS) to an Azure DNS Zone. For more information, see Delegate a domain to Azure DNS. Otherwise, if you're using your own domain provider to handle your DNS, you must validate the Front Door Custom Domain by creating the DNS TXT records manually.
  • tls - (Required) A tls block as defined below.

A tls block supports the following:

  • certificate_type - (Optional) Defines the source of the SSL certificate. Possible values include CustomerCertificate and ManagedCertificate. Defaults to ManagedCertificate.


It may take up to 15 minutes for the Front Door Service to validate the state and Domain ownership of the Custom Domain.

  • minimum_tls_version - (Optional) TLS protocol version that will be used for Https. Possible values include TLS10 and TLS12. Defaults to TLS12.
  • cdn_frontdoor_secret_id - (Optional) Resource ID of the Front Door Secret.

Associating resources with a
Front Door
Resources do not "belong" to a
Front Door
Rather, one or more Security Groups are associated to a resource.
Front Door
via Terraform:
The following HCL manages a Front Door (standard/premium) Custom Domain

resource "azurerm_resource_group" "example" {
 name     = "example-cdn-frontdoor"
 location = "West Europe"

resource "azurerm_dns_zone" "example" {
 name                = ""
 resource_group_name =

resource "azurerm_cdn_frontdoor_profile" "example" {
 name                = "example-profile"
 resource_group_name =
 sku_name            = "Standard_AzureFrontDoor"

resource "azurerm_cdn_frontdoor_custom_domain" "example" {
 name                     = "example-customDomain"
 cdn_frontdoor_profile_id =
 dns_zone_id              =
 host_name                = ""

 tls {
   certificate_type    = "ManagedCertificate"
   minimum_tls_version = "TLS12"

Front Door
via CLI:

az network front-door create --backend-address
                            [--disabled {false, true}]
                            [--enforce-certificate-name-check {Disabled, Enabled}]
                            [--forwarding-protocol {HttpOnly, HttpsOnly, MatchRequest}]
                            [--probeMethod {GET, HEAD}]
                            [--protocol {Http, Https}]


az network front-door create --name MyFrontDoor --resource-group MyResourceGroup --frontend-endpoints MyFrontendEndpoint --backend-pools MyBackendPool --routing-rules MyRoutingRule

Best Practices for
Front Door

Categorized by Availability, Security & Compliance and Cost

No items found.
Explore all the rules our platform covers
Related blog posts