https://pulumi.com logo
Join Slack
Powered by
How can I import or query and use an existing App ...
# azure
m
How can I import or query and use an existing App Service Certificate in my Pulumi script? I’ve spent the last few hours doing this, but unfortunately these attempts tend to produce errors rather than the desired result.
p
@mysterious-piano-88140 what are you looking to do with the certificate? How are you looking to use it? An App Service Certificate is stored in Key Vault by default, so if your plan is to use it for either a a web/function app or an APIM service, then you can reference it using a Key Vault reference. If this is what you are trying to do, I can show you an example (because I just finished setting this up).
m
So I already have a ready deployment that creates an Azure web app in Azure with a Docker container. Now I wanted to add the domain or DNS record to the existing deployment and also include the certificate in these processes. Unfortunately, I can’t find any examples for these two points, so it’s really difficult to get through them. I read about Azure KeyVault somewhere, but I didn’t understand it either. Therefore, I would be grateful if you could provide your example. And maybe you can also help me with the linking of my subdomain with the web app.
p
Are you using Azure DNS?
m
Yes
p
Sorry, I dropped the ball on this @mysterious-piano-88140
There are basically two simple managed options to secure your site with a cert: 1. Purchase an App Service Certificate, issued by GoDaddy - this gets stored in Key Vault 2. Provision a free Azure Managed Certificate - this is another type of resource more closely connected with an individual web app
Both require a CNAME to be added in your DNS before
I use an external DNS myself, so I do this step manually, but if you’re using Azure DNS you should certainly be able to do this with Pulumi
Which of the above 2 options do you use? I can give you a code sample for #2, but #1 shouldn’t be too difficult either
m
No problem. We bought the certificate from Azure and currently add it manually by hand in the Azure portal. I want to automate this with the code. However, I can’t find an example yet, which makes it more difficult to find out what I need.
I think option 1 but not GoDaddy but Azure
p
Hm, are you sure? If you look in the certificate itself in the issuer field, doesn’t it say GoDaddy? Similar to this?
m
You are right. It’s issued by GoDaddy
p
OK, then you should be able to do something like this in your Pulumi program
Right after creating your web app
At least I think so… I’ve only tested that with the other kind (#2) but guessing it should work the same
One thing that’s very helpful is, after you manually configure something in the portal, do “export template” for the web app and look at the resulting JSON
m
Thank you very much! I’ll try this tomorrow or in the next few days and let you know if it worked.
p
From that, it’s often very easy to figure out how something should be specified in Pulumi
m
One thing that’s very helpful is, after you manually configure something in the portal, do “export template” for the web app and look at the resulting JSON
This is exactly what I always do, but every now and then the exported template differs from Pulumi. And it’s also not always clear what you can use from Pulumi. For example, look in the Azure Native documentation for 
GetCertificate
. You’ll get tens of results and then you have to figure out what is the right one 😅
p
Yeah I know, it’s not easy… takes a while to automate this stuff. But then when you’re done, and you run it several times per day to spin up new environments, it pays off… hehe
3 Views
Open in Slack
PreviousNext
Powered by