https://pulumi.com logo
Title
l

limited-eve-38521

05/20/2021, 3:01 PM
Good morning, I was looking to do the pulumi equivalent of the az cdn command with min tls 1.2 and a managed cert (https://docs.microsoft.com/en-us/cli/azure/cdn/custom-domain?view=azure-cli-latest) AFDCustomDomain has exactly what i was expecting https://www.pulumi.com/docs/reference/pkg/azure-native/cdn/afdcustomdomain/
tlsSettings: {
        certificateType: "ManagedCertificate",
        minimumTlsVersion: "TLS12",
    },
But I dont see that with CustomDomain if i want to avoid FrontDoor? https://www.pulumi.com/docs/reference/pkg/azure-native/cdn/customdomain/ I was thinking of combining CustomDomain with ManagedCertificate https://www.pulumi.com/docs/reference/pkg/azure/appservice/managedcertificate/ but don't know how to get the min tls set as well?
This page and none of it's links mention this UI being a front door feature from what i can tell
t

tall-librarian-49374

05/20/2021, 3:09 PM
If you have it configured in the portal, could you export this resource as ARM template and see what’s there?
👀 1
r

rich-farmer-40546

05/20/2021, 3:17 PM
Either that, or you can also just perform that az command with --debug, that way you can see the actual JSON payload, and it’s basically the exact same property you would configure with azure-native.
Using
az
with
--debug
is a great way to also migrate your scripts to pulumi management with azure-native, without the extra overhead that an ARM templates provides, specially with arm template functions that don’t have an equal in pulumi.
👍 1
l

limited-eve-38521

05/20/2021, 3:23 PM
"resources": [
        {
            "type": "Microsoft.Cdn/profiles/endpoints/customdomains",
            "apiVersion": "2020-09-01",
            "name": "[concat(parameters('profiles_test_profile_name'), '/test-endpoint/cdn-my-domain-com')]",
            "dependsOn": [
                "[resourceId('Microsoft.Cdn/profiles/endpoints', parameters('profiles_test_profile_name'), 'test-endpoint')]"
            ],
            "properties": {
                "hostName": "<http://cdn.my-domain.com|cdn.my-domain.com>"
            }
        },
nothing about mintls or managed cert, same from json view in the UI
it's like the bottom half of the UI is being offloaded to front door or something and it's not documented at all
front doors is empty, but front doors standard/premium lists the profile/endpoint/custom domain, so there's maybe some weird overlap going on here?
We're going to just roll with Standard_AzureFrontDoor profile for now and use the AFDCustomDomain