Reputation: 8382
How to configure an App Service Managed Certificate for an Azure Function in an Azure Resource Manager Template?
I have an ARM template in which I am configuring a Function App.
Here is a sample of my ARM template that deals with the Function App:
{
"apiVersion": "2015-08-01",
"type": "Microsoft.Web/sites",
"name": "MyAzureFunctionName",
"location": "[resourceGroup().location]",
"kind": "functionapp",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('nameWithDashes'))]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))]"
],
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'MyAzureFunctionName')]",
"httpsOnly": true,
"siteConfig": {
"appSettings": [
{
...
}]
}
}
}
I have successfully configured a custom domain 'mydomain.ca' in my Function App using the following configuration:
{
"apiVersion": "2020-06-01",
"type": "Microsoft.Web/sites/hostNameBindings",
"name": "[concat('MyFunctionApp', '/', 'mydomain.ca')]",
"location": "[resourceGroup().location]",
"scale": null,
"properties": {
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('nameWithDashes'))]"
]
}
The next step in securing my Function App is to bind the custom domain to an SSL certificate. I am trying to find a way to use the App Service Managed Certificate so that Azure will create and manage the certificate itself (See the option Create App Service Managed Certificate below).
Question
How can I configure an App Service Managed Certificate for the custom domain of my Function App in an Azure Resource Manager Template?
Upvotes: 0
Views: 1416
Answers (1)
Reputation: 8382
The comment Alex made helped a lot ; it had all the important pieces. However I was not able to make it work using the linked template.
Instead of using a linked template, I fell back to using a nested template and it worked immediately.
{
"apiVersion": "2020-06-01",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('siteName'))]",
"[resourceId('Microsoft.Web/certificates', variables('certificateName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [{
"apiVersion": "2019-08-01",
"type": "Microsoft.Web/sites/hostnameBindings",
"name": "[variables('hostNameBindingsName')]",
"location": "[resourceGroup().location)]",
"properties": {
"sslState": "SniEnabled",
"thumbprint": "[reference(resourceId('Microsoft.Web/certificates', variables('certificateName'))).Thumbprint]"
}
}]
}
}
}
Upvotes: 2
Related Questions
- How to Create Identity Provider using ARM template for azure function app?
- Azure ARM Template - Is it possible to define SSL binding for App Service with .pfx KeyVault Certificate?
- Azure Function Key Vault reference for certificates?
- how to create an azure function key in ARM template?
- Specify Function App Configuration with Key Vault Reference in Azure ARM Template
- Azure Functions using App Service Plan: The remote certificate is invalid according to the validation procedure
- How to manage signed certificates with Azure Function V2
- SSL Certificate unexpectedley available in new Azure Function App
- How to get the cloud service certificate with Azure REST ARM API
- How do I define a certificate resource in my ARM template when it is hosted in the Key Vault?