Skip to content

azurermAppServiceConnection

Manages a service connector for app service.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermServicePlanExample = new azurerm.servicePlan.ServicePlan(
  this,
  "example_1",
  {
    location: azurermResourceGroupExample.location,
    name: "example-serviceplan",
    os_type: "Linux",
    resource_group_name: azurermResourceGroupExample.name,
    sku_name: "P1v2",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermServicePlanExample.overrideLogicalId("example");
const azurermCosmosdbAccountExample =
  new azurerm.cosmosdbAccount.CosmosdbAccount(this, "example_2", {
    consistency_policy: [
      {
        consistency_level: "BoundedStaleness",
        max_interval_in_seconds: 10,
        max_staleness_prefix: 200,
      },
    ],
    geo_location: [
      {
        failover_priority: 0,
        location: azurermResourceGroupExample.location,
      },
    ],
    kind: "GlobalDocumentDB",
    location: azurermResourceGroupExample.location,
    name: "example-cosmosdb-account",
    offer_type: "Standard",
    resource_group_name: azurermResourceGroupExample.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCosmosdbAccountExample.overrideLogicalId("example");
const azurermCosmosdbSqlDatabaseExample =
  new azurerm.cosmosdbSqlDatabase.CosmosdbSqlDatabase(this, "example_3", {
    account_name: azurermCosmosdbAccountExample.name,
    name: "cosmos-sql-db",
    resource_group_name: azurermCosmosdbAccountExample.resourceGroupName,
    throughput: 400,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCosmosdbSqlDatabaseExample.overrideLogicalId("example");
const azurermLinuxWebAppExample = new azurerm.linuxWebApp.LinuxWebApp(
  this,
  "example_4",
  {
    location: azurermResourceGroupExample.location,
    name: "example-linuxwebapp",
    resource_group_name: azurermResourceGroupExample.name,
    service_plan_id: azurermServicePlanExample.id,
    site_config: [{}],
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLinuxWebAppExample.overrideLogicalId("example");
const azurermAppServiceConnectionExample =
  new azurerm.appServiceConnection.AppServiceConnection(this, "example_5", {
    app_service_id: azurermLinuxWebAppExample.id,
    authentication: [
      {
        type: "systemAssignedIdentity",
      },
    ],
    name: "example-serviceconnector",
    target_resource_id: azurermCosmosdbSqlDatabaseExample.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermAppServiceConnectionExample.overrideLogicalId("example");
const azurermCosmosdbSqlContainerExample =
  new azurerm.cosmosdbSqlContainer.CosmosdbSqlContainer(this, "example_6", {
    account_name: azurermCosmosdbAccountExample.name,
    database_name: azurermCosmosdbSqlDatabaseExample.name,
    name: "example-container",
    partition_key_path: "/definition",
    resource_group_name: azurermCosmosdbAccountExample.resourceGroupName,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCosmosdbSqlContainerExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • name - (Required) The name of the service connection. Changing this forces a new resource to be created.

  • appServiceId - (Required) The ID of the data source web app. Changing this forces a new resource to be created.

  • targetResourceId - (Required) The ID of the target resource. Changing this forces a new resource to be created. Possible values are postgres, postgresFlexible, mysql, sql, redis, redisEnterprise, cosmosCassandra, cosmosGremlin, cosmosMongo, cosmosSql, cosmosTable, storageBlob, storageQueue, storageFile, storageTable, appConfig, eventHub, serviceBus, signalR, webPubSub, confluentKafka.

  • authentication - (Required) The authentication info. An authentication block as defined below.

An authentication block supports the following:

  • type - (Required) The authentication type. Possible values are systemAssignedIdentity, userAssignedIdentity, servicePrincipalSecret, servicePrincipalCertificate, secret. Changing this forces a new resource to be created.

  • name - (Optional) Username or account name for secret auth. name and secret should be either both specified or both not specified when type is set to secret.

  • secret - (Optional) Password or account key for secret auth. secret and name should be either both specified or both not specified when type is set to secret.

  • clientId - (Optional) Client ID for userAssignedIdentity or servicePrincipal auth. Should be specified when type is set to servicePrincipalSecret or servicePrincipalCertificate. When type is set to userAssignedIdentity, clientId and subscriptionId should be either both specified or both not specified.

  • subscriptionId - (Optional) Subscription ID for userAssignedIdentity. subscriptionId and clientId should be either both specified or both not specified.

  • principalId - (Optional) Principal ID for servicePrincipal auth. Should be specified when type is set to servicePrincipalSecret or servicePrincipalCertificate.

  • certificate - (Optional) Service principal certificate for servicePrincipal auth. Should be specified when type is set to servicePrincipalCertificate.

  • clientType - (Optional) The application client type. Possible values are none, dotnet, java, python, go, php, ruby, django, nodejs and springBoot.

  • vnetSolution - (Optional) The type of the VNet solution. Possible values are serviceEndpoint, privateLink.

  • secretStore - (Optional) An option to store secret value in secure place. An secretStore block as defined below.

An secretStore block supports the following:

  • keyVaultId - (required) The key vault id to store secret.

Attribute Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the service connector.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Service Connector for app service.
  • read - (Defaults to 5 minutes) Used when retrieving the Service Connector for app service.
  • update - (Defaults to 30 minutes) Used when updating the Service Connector for app service.
  • delete - (Defaults to 30 minutes) Used when deleting the Service Connector for app service.

Import

Service Connector for app service can be imported using the resourceId, e.g.

terraform import azurerm_app_service_connection.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Web/sites/webapp/providers/Microsoft.ServiceLinker/linkers/serviceconnector1