AzureRM provider 3.0 以降で App Service マネージド証明書を使う

AzureRM provider 3.0 以降では、Azure App Service の Web Apps(Windows) を作成するときのリソースが azurem_windows_web_app に変わったけど、マネージド証明書を使う方法はさほど変わっていなかった。

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "rg-example"
  location = "japaneast"
}

resource "azurerm_service_plan" "example" {
  name                = "plan-example"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  sku_name            = "S1"
  os_type             = "Windows"
}

resource "azurerm_windows_web_app" "example" {
  name                = "app-example"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_service_plan.example.location
  service_plan_id     = azurerm_service_plan.example.id

  site_config {}
}

resource "azurerm_app_service_custom_hostname_binding" "example" {
  # カスタムドメインは Azure DNS ゾーンに登録されている前提
  hostname            = "your-custom-domain.example.com"

  # azurerm_windows_web_app の name でも作成できる
  app_service_name    = azurerm_windows_web_app.example.name
  resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_app_service_managed_certificate" "example" {
  custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.example.id
}

resource "azurerm_app_service_certificate_binding" "example" {
  hostname_binding_id = azurerm_app_service_custom_hostname_binding.example.id
  certificate_id      = azurerm_app_service_managed_certificate.example.id
  ssl_state           = "SniEnabled"
}