Top / Microsoft Azure / Azure App Service (Web Apps) / Certificate Binding

Azure App Service (Web Apps) Certificate Binding

This page shows how to write Terraform for App Service (Web Apps) Certificate Binding and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_app_service_certificate_binding (Terraform)

The Certificate Binding in App Service (Web Apps) can be configured in Terraform with the resource name azurerm_app_service_certificate_binding. The following sections describe 8 examples of how to use the resource and its parameters.

Example Usage from GitHub

resources.tf#L13
resource "azurerm_app_service_certificate_binding" "panel" {
  hostname_binding_id = var.panel_binding_id
  certificate_id      = azurerm_app_service_managed_certificate.panel_certificate.id
  ssl_state           = "SniEnabled"
}
app_service_certificate_binding_test.tf#L18
resource "azurerm_app_service_certificate_binding" "example" {
  hostname_binding_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Web/sites/mywebappfake/hostNameBindings/example.example.com"
  certificate_id      = azurerm_app_service_certificate.example.id
  ssl_state           = "IpBasedEnabled"
}
resource "azurerm_app_service_certificate_binding" "withoutId" {
main.tf#L1
resource "azurerm_app_service_certificate_binding" "example" {
  hostname_binding_id = azurerm_app_service_custom_hostname_binding.example.id
  certificate_id      = azurerm_app_service_managed_certificate.example.id
  ssl_state           = var.ssl_state
app_service_certificate_binding_test.tf#L18
resource "azurerm_app_service_certificate_binding" "example" {
  hostname_binding_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Web/sites/mywebappfake/hostNameBindings/example.example.com"
  certificate_id      = azurerm_app_service_certificate.example.id
  ssl_state           = "IpBasedEnabled"
}
resource "azurerm_app_service_certificate_binding" "withoutId" {
custom_domain.tf#L11
resource "azurerm_app_service_certificate_binding" "function_custom_domain_certificate_binding" {
  hostname_binding_id = azurerm_app_service_custom_hostname_binding.function_custom_domain_binding.id
  certificate_id      = azurerm_app_service_managed_certificate.function_custom_domain_certificate.id
  ssl_state           = "SniEnabled"
}
main.tf#L56
resource "azurerm_app_service_certificate_binding" "main" {
  hostname_binding_id = azurerm_app_service_custom_hostname_binding.main.id
  certificate_id      = azurerm_app_service_managed_certificate.main.id
  ssl_state           = "SniEnabled"
}
tls.tf#L60
resource "azurerm_app_service_certificate_binding" "custom_hostname" {
  hostname_binding_id = azurerm_app_service_custom_hostname_binding.static_site.id
  certificate_id      = azurerm_app_service_certificate.custom_hostname.id
  ssl_state           = "SniEnabled"
}
apps.tf#L83
resource "azurerm_app_service_certificate_binding" "function_custom_certificat_bind" {
  hostname_binding_id = azurerm_app_service_custom_hostname_binding.function_custom_domain.id
  certificate_id      = azurerm_app_service_managed_certificate.function_managed_certificat.id
  ssl_state           = "SniEnabled"
}

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages an App Service Certificate Binding.

>> from Terraform Registry

Tips: Best Practices for The Other Azure App Service (Web Apps) Resources

In addition to the azurerm_app_service, Azure App Service (Web Apps) has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_app_service

Ensure your App Service is accessible via HTTPS only

It is better to configure the App Service to be accessible via HTTPS only. By default, both HTTP and HTTPS are available.

risk-label

azurerm_function_app

Ensure to enable authentication to prevent anonymous request being accepted

It is better to enable authentication to prevent anonymous requests and ensure all communications in the application are authenticated.

Review your Azure App Service (Web Apps) settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Azure Resource Manager Example

Azure Resource Manager code does not have the related resource.

The Other Related Azure App Service (Web Apps) Resources

Frequently asked questions

What is Azure App Service (Web Apps) Certificate Binding?

Azure App Service (Web Apps) Certificate Binding is a resource for App Service (Web Apps) of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure App Service (Web Apps) Certificate Binding?

For Terraform, the kashw2/Fleet-of-the-Faithful-Knights, gilyas/infracost and VentsislavDinev/en_sample source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents