Skip to content

azurermAppServiceCertificateBinding

Manages an App Service Certificate Binding.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "webapp",
  }
);
const dataAzurermDnsZoneExample =
  new azurerm.dataAzurermDnsZone.DataAzurermDnsZone(this, "example_1", {
    name: "example.com",
    resource_group_name: azurermResourceGroupExample.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzurermDnsZoneExample.overrideLogicalId("example");
const azurermAppServicePlanExample = new azurerm.appServicePlan.AppServicePlan(
  this,
  "example_2",
  {
    location: azurermResourceGroupExample.location,
    name: "appserviceplan",
    resource_group_name: azurermResourceGroupExample.name,
    sku: [
      {
        size: "P1",
        tier: "Premium",
      },
    ],
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermAppServicePlanExample.overrideLogicalId("example");
const azurermAppServiceExample = new azurerm.appService.AppService(
  this,
  "example_3",
  {
    app_service_plan_id: azurermAppServicePlanExample.id,
    location: azurermResourceGroupExample.location,
    name: "mywebapp",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermAppServiceExample.overrideLogicalId("example");
const azurermDnsCnameRecordExample = new azurerm.dnsCnameRecord.DnsCnameRecord(
  this,
  "example_4",
  {
    name: "www",
    record: azurermAppServiceExample.defaultSiteHostname,
    resource_group_name: dataAzurermDnsZoneExample.resourceGroupName,
    ttl: 300,
    zone_name: dataAzurermDnsZoneExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermDnsCnameRecordExample.overrideLogicalId("example");
const azurermDnsTxtRecordExample = new azurerm.dnsTxtRecord.DnsTxtRecord(
  this,
  "example_5",
  {
    name: `asuid.\${${azurermDnsCnameRecordExample.name}}`,
    record: [
      {
        value: azurermAppServiceExample.customDomainVerificationId,
      },
    ],
    resource_group_name: dataAzurermDnsZoneExample.resourceGroupName,
    ttl: 300,
    zone_name: dataAzurermDnsZoneExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermDnsTxtRecordExample.overrideLogicalId("example");
const azurermAppServiceCustomHostnameBindingExample =
  new azurerm.appServiceCustomHostnameBinding.AppServiceCustomHostnameBinding(
    this,
    "example_6",
    {
      app_service_name: azurermAppServiceExample.name,
      depends_on: [`\${${azurermDnsTxtRecordExample.fqn}}`],
      hostname: `\${trim(${azurermDnsCnameRecordExample.fqdn}, ".")}`,
      resource_group_name: azurermResourceGroupExample.name,
    }
  );
azurermAppServiceCustomHostnameBindingExample.addOverride("lifecycle", [
  {
    ignore_changes: ["${ssl_state}", "${thumbprint}"],
  },
]);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermAppServiceCustomHostnameBindingExample.overrideLogicalId("example");
const azurermAppServiceManagedCertificateExample =
  new azurerm.appServiceManagedCertificate.AppServiceManagedCertificate(
    this,
    "example_7",
    {
      custom_hostname_binding_id:
        azurermAppServiceCustomHostnameBindingExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermAppServiceManagedCertificateExample.overrideLogicalId("example");
const azurermAppServiceCertificateBindingExample =
  new azurerm.appServiceCertificateBinding.AppServiceCertificateBinding(
    this,
    "example_8",
    {
      certificate_id: azurermAppServiceManagedCertificateExample.id,
      hostname_binding_id: azurermAppServiceCustomHostnameBindingExample.id,
      ssl_state: "SniEnabled",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermAppServiceCertificateBindingExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • certificateId - (Required) The ID of the certificate to bind to the custom domain. Changing this forces a new App Service Certificate Binding to be created.

  • hostnameBindingId - (Required) The ID of the Custom Domain/Hostname Binding. Changing this forces a new App Service Certificate Binding to be created.

  • sslState - (Required) The type of certificate binding. Allowed values are ipBasedEnabled or sniEnabled. Changing this forces a new App Service Certificate Binding to be created.

Attributes Reference

In addition to the arguments listed above - the following attributes are exported:

  • id - The ID of the App Service Certificate Binding.

  • appServiceName - The name of the App Service to which the certificate was bound.

  • hostname - The hostname of the bound certificate.

  • thumbprint - The certificate thumbprint.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • read - (Defaults to 5 minutes) Used when retrieving the App Service Certificate Binding.
  • create - (Defaults to 30 minutes) Used when creating the App Service Certificate Binding.
  • delete - (Defaults to 30 minutes) Used when deleting the App Service Certificate Binding.

Import

App Service Certificate Bindings can be imported using the hostnameBindingId and the appServiceCertificateId , e.g.

terraform import azurerm_app_service_certificate_binding.example "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Web/sites/instance1/hostNameBindings/mywebsite.com|/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Web/certificates/mywebsite.com"