https://pulumi.com logo
Title
m

mysterious-piano-88140

11/02/2021, 2:34 PM
How can I import or query and use an existing App Service Certificate in my Pulumi script? I’ve spent the last few hours doing this, but unfortunately these attempts tend to produce errors rather than the desired result.
p

powerful-football-81694

11/02/2021, 6:36 PM
@mysterious-piano-88140 what are you looking to do with the certificate? How are you looking to use it? An App Service Certificate is stored in Key Vault by default, so if your plan is to use it for either a a web/function app or an APIM service, then you can reference it using a Key Vault reference. If this is what you are trying to do, I can show you an example (because I just finished setting this up).
m

mysterious-piano-88140

11/02/2021, 8:02 PM
So I already have a ready deployment that creates an Azure web app in Azure with a Docker container. Now I wanted to add the domain or DNS record to the existing deployment and also include the certificate in these processes. Unfortunately, I can’t find any examples for these two points, so it’s really difficult to get through them. I read about Azure KeyVault somewhere, but I didn’t understand it either. Therefore, I would be grateful if you could provide your example. And maybe you can also help me with the linking of my subdomain with the web app.
p

powerful-football-81694

11/03/2021, 12:46 AM
Are you using Azure DNS?
m

mysterious-piano-88140

11/03/2021, 7:36 AM
Yes
p

powerful-football-81694

11/04/2021, 4:16 PM
Sorry, I dropped the ball on this @mysterious-piano-88140
There are basically two simple managed options to secure your site with a cert: 1. Purchase an App Service Certificate, issued by GoDaddy - this gets stored in Key Vault 2. Provision a free Azure Managed Certificate - this is another type of resource more closely connected with an individual web app
Both require a CNAME to be added in your DNS before
I use an external DNS myself, so I do this step manually, but if you’re using Azure DNS you should certainly be able to do this with Pulumi
Which of the above 2 options do you use? I can give you a code sample for #2, but #1 shouldn’t be too difficult either
m

mysterious-piano-88140

11/04/2021, 4:22 PM
No problem. We bought the certificate from Azure and currently add it manually by hand in the Azure portal. I want to automate this with the code. However, I can’t find an example yet, which makes it more difficult to find out what I need.
I think option 1 but not GoDaddy but Azure
p

powerful-football-81694

11/04/2021, 4:32 PM
Hm, are you sure? If you look in the certificate itself in the issuer field, doesn’t it say GoDaddy? Similar to this?
m

mysterious-piano-88140

11/04/2021, 4:35 PM
You are right. It’s issued by GoDaddy
p

powerful-football-81694

11/04/2021, 4:38 PM
OK, then you should be able to do something like this in your Pulumi program
Right after creating your web app
At least I think so… I’ve only tested that with the other kind (#2) but guessing it should work the same
One thing that’s very helpful is, after you manually configure something in the portal, do “export template” for the web app and look at the resulting JSON
m

mysterious-piano-88140

11/04/2021, 4:42 PM
Thank you very much! I’ll try this tomorrow or in the next few days and let you know if it worked.
p

powerful-football-81694

11/04/2021, 4:42 PM
From that, it’s often very easy to figure out how something should be specified in Pulumi
m

mysterious-piano-88140

11/04/2021, 4:45 PM
One thing that’s very helpful is, after you manually configure something in the portal, do “export template” for the web app and look at the resulting JSON
This is exactly what I always do, but every now and then the exported template differs from Pulumi. And it’s also not always clear what you can use from Pulumi. For example, look in the Azure Native documentation for
GetCertificate
. You’ll get tens of results and then you have to figure out what is the right one 😅
p

powerful-football-81694

11/04/2021, 4:46 PM
Yeah I know, it’s not easy… takes a while to automate this stuff. But then when you’re done, and you run it several times per day to spin up new environments, it pays off… hehe