Azure App Service (Web Apps) Certificate
This page shows how to write Terraform and Azure Resource Manager for App Service (Web Apps) Certificate and write them securely.
azurerm_app_service_certificate (Terraform)
The Certificate in App Service (Web Apps) can be configured in Terraform with the resource name azurerm_app_service_certificate
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_app_service_certificate" "example" {
name = "example-cert"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
pfx_blob = filebase64("certificate.pfx")
password = "terraform"
resource "azurerm_app_service_certificate" "app-service-test" {
name = join("", [var.namespace, var.environment])
resource_group_name = azurerm_resource_group.demo-rg.name
location = azurerm_resource_group.demo-rg.location
key_vault_secret_id = var.certificate_secret_id
resource "azurerm_app_service_certificate" "app_cert" {
name = var.name
resource_group_name = var.resource_group_name
location = var.location
key_vault_secret_id = var.key_vault_secret_id
resource "azurerm_app_service_certificate" "app_service_certificate" {
name = local.app_service_certificate
resource_group_name = var.resource_group_name
location = var.region
key_vault_secret_id = data.azurerm_key_vault_secret.certificate_secret.id
}
resource "azurerm_app_service_certificate" "example" {
name = "example-cert"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
password = "terraform"
}
resource "azurerm_app_service_certificate" "SSLCert" {
for_each = local.azure_webApps_data
name = var.your_domain
location = each.value.location
resource_group_name = each.value.resource_group
resource "azurerm_app_service_certificate" "example" {
name = var.name
resource_group_name = module.resource_group.azurerm_resource_group.example.name
location = module.resource_group.azurerm_resource_group.example.location
pfx_blob = filebase64(var.pfx_blob)
password = var.password
resource "azurerm_app_service_certificate" "this" {
key_vault_secret_id = var.key_vault_secret_id
location = var.location
name = var.name
password = var.password
pfx_blob = var.pfx_blob
resource "azurerm_app_service_certificate" "this" {
key_vault_secret_id = var.key_vault_secret_id
location = var.location
name = var.name
password = var.password
pfx_blob = var.pfx_blob
resource "azurerm_app_service_certificate" "example2" {
name = "example-cert"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
pfx_blob = filebase64("certificate.pfx")
password = "terraform"
Parameters
-
expiration_date
optional computed - string -
friendly_name
optional computed - string -
host_names
optional computed - list of string -
hosting_environment_profile_id
optional - string -
id
optional computed - string -
issue_date
optional computed - string -
issuer
optional computed - string -
key_vault_secret_id
optional - string -
location
required - string -
name
required - string -
password
optional - string -
pfx_blob
optional - string -
resource_group_name
required - string -
subject_name
optional computed - string -
tags
optional - map from string to string -
thumbprint
optional computed - string -
timeouts
single block
Explanation in Terraform Registry
Manages an App Service certificate.
Tips: Best Practices for The Other Azure App Service (Web Apps) Resources
In addition to the azurerm_app_service, Azure App Service (Web Apps) has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_app_service
Ensure your App Service is accessible via HTTPS only
It is better to configure the App Service to be accessible via HTTPS only. By default, both HTTP and HTTPS are available.
azurerm_function_app
Ensure to enable authentication to prevent anonymous request being accepted
It is better to enable authentication to prevent anonymous requests and ensure all communications in the application are authenticated.
Microsoft.Web/certificates (Azure Resource Manager)
The certificates in Microsoft.Web can be configured in Azure Resource Manager with the resource name Microsoft.Web/certificates
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"location": "East US",
"properties": {
"friendlyName": "",
"subjectName": "ServerCert",
"hostNames": [
"type": "Microsoft.Web/certificates",
"location": "East US",
"properties": {
"friendlyName": "",
"subjectName": "ServerCert",
"hostNames": [
"type": "Microsoft.Web/certificates",
"location": "East US",
"properties": {
"friendlyName": "",
"subjectName": "ServerCert",
"hostNames": [
Parameters
apiVersion
required - stringkind
optional - stringKind of resource.
location
required - stringResource Location.
name
required - stringName of the certificate.
properties
requiredcanonicalName
optional - stringCNAME of the certificate to be issued via free certificate
domainValidationMethod
optional - stringMethod of domain validation for free cert
hostNames
optional - arrayHost names the certificate applies to.
keyVaultId
optional - stringKey Vault Csm resource Id.
keyVaultSecretName
optional - stringKey Vault secret name.
password
optional - stringCertificate password.
pfxBlob
optional - stringPfx blob.
serverFarmId
optional - stringResource ID of the associated App Service plan, formatted as: "/subscriptions/{subscriptionID}/resourceGroups/{groupName}/providers/Microsoft.Web/serverfarms/{appServicePlanName}".
tags
optional - stringResource tags.
type
required - string
Frequently asked questions
What is Azure App Service (Web Apps) Certificate?
Azure App Service (Web Apps) Certificate is a resource for App Service (Web Apps) of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure App Service (Web Apps) Certificate?
For Terraform, the dmaxim/wimc-net, dmaxim/terrademo and W2-Global-Data/azurerm_modules source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the assing/alerts-extension, assing/alerts-extension and assing/alerts-extension source code examples are useful. See the Azure Resource Manager Example section for further details.