Web App


The Web App builder is used to create Azure App Service accounts. It abstracts the Service Plan into the same component, and will also create and configure a linked App Insights resource. If you wish to create a website that connects to an existing service plan, use the link_to_service_plan keyword and provide the resource name of the service plan to connect to.

  • Web Site (Microsoft.Web/sites)
  • Server Farms (Microsoft.Web/serverfarms)
  • Source Controls (Microsoft.Web/sites/sourcecontrols)
  • Application Insights (Microsoft.Insights/components)

Web App Builder Keywords

Applies ToKeywordPurpose
Web AppnameSets the name of the web app.
Web Applink_to_service_planInstructs Farmer to link this webapp to a Farmer service plan configuration defined elsewhere in your application, rather than creating a new one.
Web Applink_to_unmanaged_service_planInstructs Farmer to link this webapp to an existing service plan that is externally managed, rather than creating a new one.
Web Appapp_insights_auto_nameSets the name of the automatically-created app insights instance.
Web Appapp_insights_offRemoves any automatic app insights creation, configuration and settings for this webapp.
Web Applink_to_app_insightsInstructs Farmer to link this webapp to a Farmer App Insights configuration defined elsewhere in your application, rather than creating a new one.
Web Applink_to_unmanaged_app_insightsInstructs Farmer to link this webapp to an existing app insights instance that is externally managed, rather than creating a new one.
Web Apprun_from_packageSets the web app to use “run from package” deployment capabilities.
Web Appwebsite_node_default_versionSets the node version of the web app.
Web AppsettingSets an app setting of the web app in the form “key” “value”.
Web Appsecret_settingSets a “secret” app setting of the web app. You must supply the “key”, whilst the value will be supplied as a secure parameter.
Web AppsettingsSets a list of app setting of the web app as tuples in the form of (“key”, “value”).
Web Appconnection_stringCreates a connection string whose value is supplied as secret parameter, or as an ARM expression in the tupled form of (“key”, expr).
Web Appconnection_stringsCreates a set of connection strings of the web app whose values will be supplied as secret parameters.
Web Apphttps_onlyDisables http for this webapp so that only HTTPS is used.
Web Appenable_http2Configures the webapp to allow clients to connect over http2.0.
Web Appdisable_client_affinityStops the webapp from sending client affinity cookies.
Web Appenable_websocketsConfigures the webapp to allow clients to connect via websockets.
Web Appdepends_onSets dependencies for the web app.
Web Appdocker_imageSets the docker image to be pulled down from Docker Hub, and the command to execute as a second argument. Automatically sets the OS to Linux.
Web Appdocker_ciTurns on continuous integration of the web app from the Docker source repository using a webhook.
Web Appdocker_use_azure_registryUses the supplied Azure Container Registry name as the source of the Docker image, instead of Docker Hub. You do not need to specify the full url, but just the name of the registry itself.
Web Appadd_identityAdds a managed identity to the the Web App. Farmer will automatically set the AZURE_CLIENT_ID application setting to the Client Id of the supplied identity.
Web Appsystem_identityActivates the system identity of the Web App.
Web Appenable_corsEnables CORS support for the app. Either specify WebApp.AllOrigins or a list of valid URIs as strings.
Web Appenable_cors_credentialsAllows CORS requests with credentials.
Web Appsource_controlGiven a github repository URI and branch name, configures the web app to automatically deploy those files to the web app
Web Appdisable_source_control_ciDisables continuous integration from source control on push
Web Appenable_source_control_ciEnables continuous integration from source control on push
Web Appadd_extensionAdds the named extension to the Web App
Web Appautomatic_logging_extensionEnables or disables automatically adding the ASP .NET logging extension for netcore apps (defaults to on unless docker_image is set).
Web Appworker_processSpecifies whether to set the web app to 32 or 64 Bitness.
Web Appalways_onSets the “Always On” flag.
Service Planservice_plan_nameSets the name of the service plan. If not set, uses the name of the web app postfixed with “-plan”.
Service Planruntime_stackSets the runtime stack.
Service Planoperating_systemSets the operating system. If Linux, App Insights configuration settings will be omitted as they are not supported by Azure App Service.
Service PlanskuSets the sku of the service plan.
Service Planworker_sizeSets the size of the service plan worker.
Service Plannumber_of_workersSets the number of instances on the service plan.

Farmer also comes with a dedicated Service Plan builder that contains all of the above keywords that apply to a Service Plan.

Use this builder if you wish to have an explicit and clear separation between your web app and service plan. Otherwise, it is recommended to use the service plan keywords that exist directly in the web app builder, and let Farmer handle the connections between them.

Post-deployment Builder Keywords

The Web App builder contains special commands that are executed after the ARM deployment is completed.

zip_deploySupplying a folder or zip file will instruct Farmer to upload the contents directly to the App Service once the ARM deployment is complete.

Configuration Members

PublishingPasswordGets the ARM expression path to the publishing password of this web app.
ServicePlanGets the Resource Name of the service plan for this web app.
AppInsightsGets the Resource Name of the service plan for the AI resource linked to this web app.
SystemIdentityGets the system-created managed principal for the web app. It must have been enabled using the system_identity keyword.

Key Vault integration

The Web App builder comes with special integration into KeyVault. By activating KeyVault integration, the web app builder can automatically link to, or even create, a full KeyVault instance. All Secret or ARM Expression-based Settings (e.g. a setting that links to the Key of a Storage Account) will automatically be redirected to KeyVault. The value will be stored in KeyVault and the system identity will be activated and provided into the KeyVault with GET permissions. Lastly, Web App app settings will remain in place, using the Azure App Service built-in KeyVault redirection capabilities.

The following keywords exist on the web app:

use_keyvaultTells the web app to create a brand new KeyVault for this App Service’s secrets.
link_to_keyvaultTells the web app to use an existing Farmer-managed KeyVault which you have defined elsewhere. All secret settings will automatically be mapped into KeyVault.
link_to_unmanaged_keyvaultTells the web app to use an existing non-Farmer managed KeyVault which you have defined elsewhere. All secret settings will automatically be mapped into KeyVault.


A basic web application.

open Farmer
open Farmer.Builders
open Farmer.WebApp

let myWebApp = webApp {
    name "myWebApp"
    service_plan_name "myServicePlan"
    setting "myKey" "aValue"
    sku WebApp.Sku.B1
    worker_size Medium
    number_of_workers 3

Using a managed Key Vault instance with automatic secret mapping.

open Farmer
open Farmer.Builders

// Create a basic storage account
let data = storageAccount {
    name "mystorage"

// Create a web application with a sensitive setting of storage key and an explicit "secret" setting
// which will be passed through by ARM parameter.
let wa = webApp {
    name "isaac"
    setting "key" "value"
    setting "storagekey" data.Key
    link_to_keyvault (ResourceName "isaacvault")

// Create a key vault instance and explicitly grant the web application access to it.
let v = keyVault {
    name "isaacvault"
    add_access_policy (AccessPolicy.create (wa.SystemIdentity.PrincipalId, [ KeyVault.Secret.Get; KeyVault.Secret.List ]))