This certificate can be used to secure custom domains on App Services (Windows and Linux) hosted on an App Service Plan of Basic and above (free and shared tiers are not supported).
data "azurerm_dns_zone" "example" {
name = "mydomain.com"
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_app_service_plan" "example" {
name = "example-plan"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
kind = "Linux"
reserved = true
sku {
tier = "Basic"
size = "B1"
}
}
resource "azurerm_app_service" "example" {
name = "example-app"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
}
resource "azurerm_dns_txt_record" "example" {
name = "asuid.mycustomhost.contoso.com"
zone_name = data.azurerm_dns_zone.example.name
resource_group_name = data.azurerm_dns_zone.example.resource_group_name
ttl = 300
record {
value = azurerm_app_service.example.custom_domain_verification_id
}
}
resource "azurerm_dns_cname_record" "example" {
name = "example-adcr"
zone_name = data.azurerm_dns_zone.example.name
resource_group_name = data.azurerm_dns_zone.example.resource_group_name
ttl = 300
record = azurerm_app_service.example.default_site_hostname
}
resource "azurerm_app_service_custom_hostname_binding" "example" {
hostname = join(".", [azurerm_dns_cname_record.example.name, azurerm_dns_cname_record.example.zone_name])
app_service_name = azurerm_app_service.example.name
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_app_service_managed_certificate" "example" {
custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.example.id
}
resource "azurerm_app_service_certificate_binding" "example" {
hostname_binding_id = azurerm_app_service_custom_hostname_binding.example.id
certificate_id = azurerm_app_service_managed_certificate.example.id
ssl_state = "SniEnabled"
}
The following arguments are supported:
custom_hostname_binding_id
- (Required) The ID of the App Service Custom Hostname Binding for the Certificate. Changing this forces a new App Service Managed Certificate to be created.tags
- (Optional) A mapping of tags which should be assigned to the App Service Managed Certificate.In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the App Service Managed Certificate.
canonical_name
- The Canonical Name of the Certificate.
expiration_date
- The expiration date of the Certificate.
friendly_name
- The friendly name of the Certificate.
host_names
- The list of Host Names for the Certificate.
issue_date
- The Start date for the Certificate.
issuer
- The issuer of the Certificate.
subject_name
- The Subject Name for the Certificate.
thumbprint
- The Certificate Thumbprint.
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the App Service Managed Certificate.
read
- (Defaults to 5 minutes) Used when retrieving the App Service Managed Certificate.
update
- (Defaults to 30 minutes) Used when creating the App Service Managed Certificate.
delete
- (Defaults to 30 minutes) Used when deleting the App Service Managed Certificate.
App Service Managed Certificates can be imported using the resource id
, e.g.
terraform import azurerm_app_service_managed_certificate.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.Web/certificates/customhost.contoso.com