Azure App Service で Managed Certificate を使う Terraform サンプル

カスタムドメインは Azure DNS ゾーンに登録してある前提。

resource "azurerm_resource_group" "example" {
  name     = "rg-example"
  location = "japaneast"
}

resource "azurerm_app_service_plan" "example" {
  name                = "plan-example"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  sku {
    tier = "Standard"
    size = "S1"
  }
}

resource "azurerm_app_service" "example" {
  name                = "app-example"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id
}

# App Service でカスタムドメインを使う
resource "azurerm_app_service_custom_hostname_binding" "example" {
  hostname            = "your-custom-domain.example.com"
  app_service_name    = azurerm_app_service.example.name
  resource_group_name = azurerm_resource_group.example.name

  # Managed Cetificate により自動更新されるので変更を無視
  lifecycle {
    ignore_changes = [ssl_state, thumbprint]
  }
}

# App Service で Managed Cetificate を使う
resource "azurerm_app_service_managed_certificate" "example" {
  custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.example.id
}

# Managed Cetificate をカスタムドメインにバインドする
resource "azurerm_app_service_certificate_binding" "example" {
  hostname_binding_id = azurerm_app_service_custom_hostname_binding.example.id
  certificate_id      = azurerm_app_service_managed_certificate.example.id
  ssl_state           = "SniEnabled"
}