Azure App Service (Web Apps) Managed Certificate
This page shows how to write Terraform and Azure Resource Manager for App Service (Web Apps) Managed Certificate and write them securely.
azurerm_app_service_managed_certificate (Terraform)
The Managed Certificate in App Service (Web Apps) can be configured in Terraform with the resource name azurerm_app_service_managed_certificate
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_app_service_managed_certificate" "panel_certificate" {
custom_hostname_binding_id = var.panel_binding_id
}
resource "azurerm_app_service_managed_certificate" "api_certificate" {
custom_hostname_binding_id = var.api_binding_id
resource "azurerm_app_service_managed_certificate" "example" {
custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.example.id
resource "azurerm_app_service_managed_certificate" "function_custom_domain_certificate" {
custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.function_custom_domain_binding.id
}
resource "azurerm_app_service_certificate_binding" "function_custom_domain_certificate_binding" {
hostname_binding_id = azurerm_app_service_custom_hostname_binding.function_custom_domain_binding.id
resource "azurerm_app_service_managed_certificate" "main" {
custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.main.id
}
resource "azurerm_app_service_certificate_binding" "main" {
hostname_binding_id = azurerm_app_service_custom_hostname_binding.main.id
resource "azurerm_app_service_managed_certificate" "function_managed_certificat" {
custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.function_custom_domain.id
}
resource "azurerm_app_service_certificate_binding" "function_custom_certificat_bind" {
hostname_binding_id = azurerm_app_service_custom_hostname_binding.function_custom_domain.id
Parameters
-
canonical_name
optional computed - string -
custom_hostname_binding_id
required - string -
expiration_date
optional computed - string -
friendly_name
optional computed - string -
host_names
optional computed - list of string -
id
optional computed - string -
issue_date
optional computed - string -
issuer
optional computed - string -
subject_name
optional computed - string -
tags
optional - map from string to string -
thumbprint
optional computed - string -
timeouts
single block
Explanation in Terraform Registry
This certificate can be used to secure custom domains on App Services (Windows and Linux) hosted on an App Service Plan of Basic and above (free and shared tiers are not supported).
NOTE: A certificate is valid for six months, and about a month before the certificate’s expiration date, App Services renews/rotates the certificate. This is managed by Azure and doesn't requre this resource to be changed or reprovisioned. It will change the
thumbprint
computed attribute the next time the resource is refreshed after rotation occurs, so keep that in mind if you have any dependencies on this attribute directly.
Tips: Best Practices for The Other Azure App Service (Web Apps) Resources
In addition to the azurerm_app_service, Azure App Service (Web Apps) has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_app_service
Ensure your App Service is accessible via HTTPS only
It is better to configure the App Service to be accessible via HTTPS only. By default, both HTTP and HTTPS are available.
azurerm_function_app
Ensure to enable authentication to prevent anonymous request being accepted
It is better to enable authentication to prevent anonymous requests and ensure all communications in the application are authenticated.
Microsoft.Web/certificates (Azure Resource Manager)
The certificates in Microsoft.Web can be configured in Azure Resource Manager with the resource name Microsoft.Web/certificates
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"properties": {
"password": "SWsSsd__233$Sdsds#%Sd!"
}
}
},
"type": "Microsoft.Web/certificates",
"location": "East US",
"properties": {
"friendlyName": "",
"subjectName": "ServerCert",
"hostNames": [
"type": "Microsoft.Web/certificates",
"location": "East US",
"properties": {
"friendlyName": "",
"subjectName": "ServerCert",
"hostNames": [
"type": "Microsoft.Web/certificates",
"location": "East US",
"properties": {
"friendlyName": "",
"subjectName": "ServerCert",
"hostNames": [
Parameters
apiVersion
required - stringkind
optional - stringKind of resource.
location
required - stringResource Location.
name
required - stringName of the certificate.
properties
requiredcanonicalName
optional - stringCNAME of the certificate to be issued via free certificate
domainValidationMethod
optional - stringMethod of domain validation for free cert
hostNames
optional - arrayHost names the certificate applies to.
keyVaultId
optional - stringKey Vault Csm resource Id.
keyVaultSecretName
optional - stringKey Vault secret name.
password
optional - stringCertificate password.
pfxBlob
optional - stringPfx blob.
serverFarmId
optional - stringResource ID of the associated App Service plan, formatted as: "/subscriptions/{subscriptionID}/resourceGroups/{groupName}/providers/Microsoft.Web/serverfarms/{appServicePlanName}".
tags
optional - stringResource tags.
type
required - string
Frequently asked questions
What is Azure App Service (Web Apps) Managed Certificate?
Azure App Service (Web Apps) Managed Certificate is a resource for App Service (Web Apps) of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure App Service (Web Apps) Managed Certificate?
For Terraform, the kashw2/Fleet-of-the-Faithful-Knights, VentsislavDinev/en_sample and zoni/terraform-azfunc source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the assing/alerts-extension, assing/alerts-extension and assing/alerts-extension source code examples are useful. See the Azure Resource Manager Example section for further details.