Azure App Service (Web Apps) Managed Certificate
This page shows how to write Terraform and Azure Resource Manager for App Service (Web Apps) Managed Certificate and write them securely.
azurerm_app_service_managed_certificate (Terraform)
The Managed Certificate in App Service (Web Apps) can be configured in Terraform with the resource name azurerm_app_service_managed_certificate. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_app_service_managed_certificate" "panel_certificate" {
custom_hostname_binding_id = var.panel_binding_id
}
resource "azurerm_app_service_managed_certificate" "api_certificate" {
custom_hostname_binding_id = var.api_binding_id
resource "azurerm_app_service_managed_certificate" "example" {
custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.example.id
resource "azurerm_app_service_managed_certificate" "function_custom_domain_certificate" {
custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.function_custom_domain_binding.id
}
resource "azurerm_app_service_certificate_binding" "function_custom_domain_certificate_binding" {
hostname_binding_id = azurerm_app_service_custom_hostname_binding.function_custom_domain_binding.id
resource "azurerm_app_service_managed_certificate" "main" {
custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.main.id
}
resource "azurerm_app_service_certificate_binding" "main" {
hostname_binding_id = azurerm_app_service_custom_hostname_binding.main.id
resource "azurerm_app_service_managed_certificate" "function_managed_certificat" {
custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.function_custom_domain.id
}
resource "azurerm_app_service_certificate_binding" "function_custom_certificat_bind" {
hostname_binding_id = azurerm_app_service_custom_hostname_binding.function_custom_domain.id
Parameters
-
canonical_nameoptional computed - string -
custom_hostname_binding_idrequired - string -
expiration_dateoptional computed - string -
friendly_nameoptional computed - string -
host_namesoptional computed - list of string -
idoptional computed - string -
issue_dateoptional computed - string -
issueroptional computed - string -
subject_nameoptional computed - string -
tagsoptional - map from string to string -
thumbprintoptional computed - string -
timeoutssingle block
Explanation in Terraform Registry
This certificate can be used to secure custom domains on App Services (Windows and Linux) hosted on an App Service Plan of Basic and above (free and shared tiers are not supported).
NOTE: A certificate is valid for six months, and about a month before the certificate’s expiration date, App Services renews/rotates the certificate. This is managed by Azure and doesn't requre this resource to be changed or reprovisioned. It will change the
thumbprintcomputed attribute the next time the resource is refreshed after rotation occurs, so keep that in mind if you have any dependencies on this attribute directly.
Tips: Best Practices for The Other Azure App Service (Web Apps) Resources
In addition to the azurerm_app_service, Azure App Service (Web Apps) has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_app_service
Ensure your App Service is accessible via HTTPS only
It is better to configure the App Service to be accessible via HTTPS only. By default, both HTTP and HTTPS are available.
azurerm_function_app
Ensure to enable authentication to prevent anonymous request being accepted
It is better to enable authentication to prevent anonymous requests and ensure all communications in the application are authenticated.
Microsoft.Web/certificates (Azure Resource Manager)
The certificates in Microsoft.Web can be configured in Azure Resource Manager with the resource name Microsoft.Web/certificates. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"location": "East US",
"properties": {
"friendlyName": "",
"subjectName": "ServerCert",
"hostNames": [
"type": "Microsoft.Web/certificates",
"location": "East US",
"properties": {
"friendlyName": "",
"subjectName": "ServerCert",
"hostNames": [
"type": "Microsoft.Web/certificates",
"location": "East US",
"properties": {
"friendlyName": "",
"subjectName": "ServerCert",
"hostNames": [
Parameters
apiVersionrequired - stringkindoptional - stringKind of resource.
locationrequired - stringResource Location.
namerequired - stringName of the certificate.
propertiesrequiredcanonicalNameoptional - stringCNAME of the certificate to be issued via free certificate
domainValidationMethodoptional - stringMethod of domain validation for free cert
hostNamesoptional - arrayHost names the certificate applies to.
keyVaultIdoptional - stringKey Vault Csm resource Id.
keyVaultSecretNameoptional - stringKey Vault secret name.
passwordoptional - stringCertificate password.
pfxBloboptional - stringPfx blob.
serverFarmIdoptional - stringResource ID of the associated App Service plan, formatted as: "/subscriptions/{subscriptionID}/resourceGroups/{groupName}/providers/Microsoft.Web/serverfarms/{appServicePlanName}".
tagsoptional - stringResource tags.
typerequired - string
Frequently asked questions
What is Azure App Service (Web Apps) Managed Certificate?
Azure App Service (Web Apps) Managed Certificate is a resource for App Service (Web Apps) of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure App Service (Web Apps) Managed Certificate?
For Terraform, the kashw2/Fleet-of-the-Faithful-Knights, VentsislavDinev/en_sample and zoni/terraform-azfunc source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the assing/alerts-extension, assing/alerts-extension and assing/alerts-extension source code examples are useful. See the Azure Resource Manager Example section for further details.
