Coder Perfect

How do I use Bicep to deploy App Service, Certificate, and Hostbinding all at the same time?

/

Category: Azure Bicep

Tag:

Problem

With this code, I’m having difficulties deploying a hostNameBinding and a certificate at the same time:

param appserviceplanId string
param location string
param appservicename string
param domain string

resource appservice 'Microsoft.Web/sites@2020-12-01' = {
  name: appservicename
  location: location
  properties: {
    serverFarmId: appserviceplanId
    enabled: true
    httpsOnly: true
    siteConfig: {
      use32BitWorkerProcess: false
      webSocketsEnabled: true
      alwaysOn: true
      http20Enabled: true
      autoHealEnabled: true
      netFrameworkVersion: 'v5.0'
    }
    clientAffinityEnabled: false
  }
}

resource certificate 'Microsoft.Web/certificates@2021-01-01' = {
  name: '${domain}-certificate'
  location: location
  properties: {
    canonicalName: domain
    serverFarmId: appserviceplanId
    domainValidationMethod: 'http-token'
  }
}

resource hostbinding 'Microsoft.Web/sites/hostNameBindings@2021-01-01' = {
  parent: appservice
  name: domain
  properties: {
    siteName: appservicename
    customHostNameDnsRecordType: 'CName'
    hostNameType: 'Verified'
    sslState: 'SniEnabled'
    thumbprint: certificate.properties.thumbprint
  }
}

Only if I deploy it in stages, commenting out the certificate, does it work:

param appserviceplanId string
param location string
param appservicename string
param domain string

resource appservice 'Microsoft.Web/sites@2020-12-01' = {
  name: appservicename
  location: location
  properties: {
    serverFarmId: appserviceplanId
    customDomainVerificationId: 'DNS Record verification'
    enabled: true
    httpsOnly: true
    siteConfig: {
      use32BitWorkerProcess: false
      webSocketsEnabled: true
      alwaysOn: true
      http20Enabled: true
      autoHealEnabled: true
      netFrameworkVersion: 'v5.0'
    }
    clientAffinityEnabled: false
  }
}

// resource certificate 'Microsoft.Web/certificates@2021-01-01' = {
//   name: '${domain}-certificate'
//   location: location
//   properties: {
//     canonicalName: domain
//     serverFarmId: appserviceplanId
//     domainValidationMethod: 'http-token'
//   }
// }

resource hostbinding 'Microsoft.Web/sites/hostNameBindings@2021-01-01' = {
  parent: appservice
  name: domain
  properties: {
    siteName: appservicename
    customHostNameDnsRecordType: 'CName'
    hostNameType: 'Verified'
    // sslState: 'SniEnabled'
    // thumbprint: certificate.properties.thumbprint
  }
}

Because the Hostbinding exists, I can then run the entire thing.

How do I make it all happen at once?

So, a hostbinding cannot be created without a certificate, and a certificate cannot be created without a hostbinding.

If i specify the HostBinding before the certificate resource and then again after the certificate with the properties, i get ‘HostName is specified more then once’.

Asked by Marcel

Solution #1

You must make use of the module.

https://github.com/Azure/bicep/tree/main/docs/examples/301/function-app-with-custom-domain-managed-certificate

Answered by Miq

Post is based on https://stackoverflow.com/questions/67938529/how-to-deploy-app-service-certificate-hostbinding-at-the-same-time-with-bice