azurermAppServiceCertificate
Manages an App Service certificate.
Example Usage
This example provisions an App Service Certificate from a Local File. Additional examples of how to use the azurermAppServiceCertificate
resource can be found in the /examples/appServiceCertificate
directory within the GitHub Repository.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermAppServiceCertificateExample =
new azurerm.appServiceCertificate.AppServiceCertificate(this, "example_1", {
location: azurermResourceGroupExample.location,
name: "example-cert",
password: "terraform",
pfx_blob: '${filebase64("certificate.pfx")}',
resource_group_name: azurermResourceGroupExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermAppServiceCertificateExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
-
name
- (Required) Specifies the name of the certificate. Changing this forces a new resource to be created. -
resourceGroupName
- (Required) The name of the resource group in which to create the certificate. Changing this forces a new resource to be created. -
location
- (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. -
pfxBlob
- (Optional) The base64-encoded contents of the certificate. Changing this forces a new resource to be created.
-> NOTE: Either pfxBlob
or keyVaultSecretId
must be set - but not both.
-
password
- (Optional) The password to access the certificate's private key. Changing this forces a new resource to be created. -
appServicePlanId
- (Optional) The ID of the associated App Service plan. Must be specified when the certificate is used inside an App Service Environment hosted App Service. Changing this forces a new resource to be created. -
keyVaultSecretId
- (Optional) The ID of the Key Vault secret. Changing this forces a new resource to be created.
-> NOTE: If using keyVaultSecretId
, the WebApp Service Resource Principal ID abfa0A7CA6B6473683105855508787Cd
must have 'Secret -> get' and 'Certificate -> get' permissions on the Key Vault containing the certificate. (Source: App Service Blog) If you use Terraform to create the access policy you have to specify the Object ID of this Principal. This Object ID can be retrieved via following data reference, since it is different in every AAD Tenant:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azuread from "./.gen/providers/azuread";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azuread.
For a more precise conversion please use the --provider flag in convert.*/
new azuread.dataAzureadServicePrincipal.DataAzureadServicePrincipal(
this,
"MicrosoftWebApp",
{
application_id: "abfa0a7c-a6b6-4736-8310-5855508787cd",
}
);
tags
- (Optional) A mapping of tags to assign to the resource.
Attributes Reference
The following attributes are exported:
-
id
- The App Service certificate ID. -
friendlyName
- The friendly name of the certificate. -
subjectName
- The subject name of the certificate. -
hostNames
- List of host names the certificate applies to. -
issuer
- The name of the certificate issuer. -
issueDate
- The issue date for the certificate. -
expirationDate
- The expiration date for the certificate. -
thumbprint
- The thumbprint for the certificate. -
hostingEnvironmentProfileId
- The ID of the App Service Environment where the certificate is in use.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the App Service Certificate.update
- (Defaults to 30 minutes) Used when updating the App Service Certificate.read
- (Defaults to 5 minutes) Used when retrieving the App Service Certificate.delete
- (Defaults to 30 minutes) Used when deleting the App Service Certificate.
Import
App Service Certificates can be imported using the resourceId
, e.g.