I need to add a security policy to a front door endpoint. I am using the following bicep.
resource security_policies 'Microsoft.Cdn/profiles/securitypolicies@2022-11-01-preview' = {
parent: fdprofile
name: securityPolicyName
properties: {
parameters: {
wafPolicy: {
id: waf.id
}
associations: [
{
domains: [
{
id: fdEndpoint.id
}
]
patternsToMatch: [
'/*'
]
}
]
type: 'WebApplicationFirewall'
}
}
}
This works the first time I use it. It creates the security policy, links it to the waf policy, and associates it with the domain.
The problem is when I run this a second domain. I want to use the same security policy, and this time it associates it with the second domain. It appears this is replacing the associations, which has the effect of removing the policy from the first domain.
- When deploying, I am using incremental mode.
- Using the UI, I can add multiple domains to the same security policy. I need to do this with a IaC approach.
- This executes when assigning a new app service to front door. This deployment does not have knowledge of the other app services.
How can I use the bicep to add another domain, without losing the domains that are already there?