Securing Azure SignalR +Azure App Service - Part 4

resource "azurerm_resource_group" "resourcegroup" {
  name     = "SecureSignalRRG"
  location = "Central US"
}

resource "azurerm_signalr_service" "securesignalr" {
  name                = "securesignalrservice1"
  location            = azurerm_resource_group.resourcegroup.location
  resource_group_name = azurerm_resource_group.resourcegroup.name

  sku {
    name     = "Standard_S1"
    capacity = 1
  }
}

resource "azurerm_virtual_network" "vnet" {
  name                = "vnet-cus"
  resource_group_name = azurerm_resource_group.resourcegroup.name
  location            = azurerm_resource_group.resourcegroup.location
  address_space       = ["10.2.0.0/16"]
}

resource "azurerm_subnet" "privateendpointsubnet" {
  name                 = "private-endpoint-subnet"
  resource_group_name  = azurerm_resource_group.resourcegroup.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = ["10.2.1.0/27"]

  enforce_private_link_endpoint_network_policies = true
}

resource "azurerm_private_endpoint" "signalrprivateendpt" {
  name                = "signalrprivateEndpoint"
  resource_group_name = azurerm_resource_group.resourcegroup.name
  location            = azurerm_resource_group.resourcegroup.location
  subnet_id           = azurerm_subnet.privateendpointsubnet.id

  private_service_connection {
    name                           = "psc-signalr"
    is_manual_connection           = false
    private_connection_resource_id = azurerm_signalr_service.securesignalr.id
    subresource_names              = ["signalr"]
  }
}

resource "azurerm_signalr_service_network_acl" "securesignalrnac" {
  signalr_service_id = azurerm_signalr_service.securesignalr.id
  default_action     = "Deny"

  public_network {
    allowed_request_types = ["ClientConnection"]
  }

  private_endpoint {
    id                    = azurerm_private_endpoint.signalrprivateendpt.id
    allowed_request_types = ["ServerConnection","RESTAPI"]
  }
}