Azure ARM template project to deploy a Grafana container on Azure AppServices, a MySQL Database, and secured using Firewall rules, Frontdoor and Web Application Firewall.
Contribution are greatly welcomed :)
-
Implement template with Grafana container and MySQL
-
Secure MySQL connection with SSL and Firewall rules
-
Deploy Frontdoor with WAF prevention policies tailored for Grafana
-
Secure AppService to accept traffic only from Frontdoor
-
Add Azure AD Authentication
-
Secure AppService to accept traffic only from Frontdoor specific instance
-
Add Diagnostic logs to Frontdoor, AppServices and MySQL
Prerequisites
- Create the AppRegistration for AAD authentication
//replace the variables with your current values
$FrontdoorRootUrl = "https://my-grafana-frontdoor.azurefd.net"
$MyAppRegistrationSecret = "1234567890@Grafana!"
$OAuthReplyUrl = "$FrontdoorRootUrl/login/generic_oauth"
az ad app create --display-name $FrontdoorRootUrl --identifier-uris $FrontdoorRootUrl --required-resource-accesses ./manifest.json --reply-urls $OAuthReplyUrl --password $MyAppRegistrationSecret- Edit the parameter file
Deploy the solution
New-AzResourceGroupDeployment -ResourceGroupName "Grafana" -TemplateFile "azuredeploy.json" -TemplateParameterFile "azuredeploy.parameters.json"This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.