This repository contains a proof of concept for a multi-region deployment of an .NET 7 Web Application using Azure Front Door, Azure Web Application Firewall and Azure App Services.
This is not a full production ready solution, but it can be used as a starting point for your own solution.
- DNS Zone is an external resource referenced in this solution.
- Front Door and the WAF Policy are Global services; their metadata is deployed to the primary regions resource group.
- Log Analytics Workspace is a regional service; to allow consolidation of logs both regions use it.
- Not shown; all the resources have diagnostic logging configured to the primary regions Log Analytics Workspace.
- Not shown; the deployed app services are configured against the app insights in their respective regions which are backed by the Log Analytics Workspace in the primary region.
- App Services have been restricted to only allow traffic from Front Door using service tag and header-check.
- The WAF is deployed in detection mode, so no traffic is blocked. This is to support the WAF Scenario.
Naturally, this is a limited architecture for the POC with many additional considerations required. Here are a few as a starting point:
-
Traffic is split evenly between the regions, no scaling or failover is configured. This is a simple POC, but in a production environment you would want to consider how to scale and failover traffic.
-
The GitHub Actions workflow contains no validation or testing steps.
- WAF Scenario - After deploying the solution this scenario will show how to configure the WAF to block traffic.