New Resource: App Service Slot Custom Hostname Binding

[chenlonghu]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version 1.33.1

Affected Resource(s)

• azurerm_app_service_custom_hostname_binding

Terraform Configuration Files

resource "azurerm_app_service_custom_hostname_binding" "api_xxx_slot_binding" {
  count               = "${length(var.locations)}"
  hostname            = "${lower(format("api-xxx-xxx-%s.xxx.com", element(keys(var.locations), count.index)))}"
  app_service_name    = "${element(azurerm_app_service.api-xxx.*.name, count.index)}/slots/test"
  resource_group_name = "${element(azurerm_resource_group.rg-xxx.*.name, count.index)}"
}

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Debug Output

Panic Output

Expected Behavior

The hostname should be added successfully to the slot, and tfstate file should have it taken into account, but after the hostname binding (running terraform apply), the message saying new hostname binding to be added shows up every time when you run terraform plan

Steps to Reproduce

1. terraform apply
2. terraform plan

Important Factoids

References

• 0000

[tombuildsstuff]

hi @chenlonghu

Thanks for opening this issue.

Slots within an App Service require that Custom Hostname Bindings are defined separately using this API (targetted to the Slots) rather than for the App Service itself: https://docs.microsoft.com/en-us/rest/api/appservice/webapps/createorupdatehostnamebindingslot - as such I'm going to update this title to target a new resource which can add support for this.

Thanks!

[andydkelly-ig]

Anyone used a workaround inside of TF for this at present? One of my only missing pieces.

[kendaleiv]

Workaround via ARM template authored by @Sobieck:

app-service-slot-custom-hostname.json

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "app_service_name": {
          "type": "String"
        },
        "name_of_slot": {
          "type": "String"
        },
        "hostname": {
            "type": "String"
        },
        "location": {
            "type": "String"
        },
        "thumbprint": {
            "type": "String"
        }
    },
    "resources": [
        {
            "type": "Microsoft.Web/sites/slots/hostNameBindings",
            "name": "[concat(parameters('app_service_name'), '/', parameters('name_of_slot'), '/', parameters('hostname'))]",
            "apiVersion": "2016-08-01",
            "location": "[parameters('location')]",
            "scale": null,
            "properties": {
                "siteName": "[concat(parameters('app_service_name'),'(', parameters('name_of_slot'),')')]",
                "domainId": null,
                "hostNameType": "Verified",
                "sslState": "SniEnabled",
                "thumbprint": "[parameters('thumbprint')]"
            }
        }
    ]
  }

slot_custom_hostname.tf

resource "azurerm_template_deployment" "azurerm_app_service_slot_custom_hostname" {
  name = "TODO"
  resource_group_name = "TODO"

  template_body = file("./path/to/app-service-slot-custom-hostname.json")

  parameters = {
    "hostname"         = "TODO"
    "app_service_name" = "TODO"
    "name_of_slot"     = "TODO"
    "location"         = "TODO"
    "thumbprint"       = "TODO"
  }

  deployment_mode = "Incremental"
}

[kendaleiv]

Similar issue: https://github.com/terraform-providers/terraform-provider-azurerm/issues/2431

[andydkelly-ig]

Thanks a lot @kendaleiv - greatly appreciated

[nexxai]

Hey @tombuildsstuff

Any chance this could be integrated into the provider?

[cdonges]

Do you know if there is a way to tell it not to mess with the thumbprint? Out thumbprint gets set by a different process but tf wants to set it back to null even if I remove the parameter from the json provided above.

[searledan]

I am having this issue. Need to apply custom hostnames to app service slots natively in Terraform.

[JoseFMP]

I am also having this issue. Any chance to get this fixed?

[palmerandy]

Any update on this? It would be excellent to be able to do this without a workaround.

[kdjamilov]

Any news? Can you please share if this resource will be developed?

[jarhorn]

Any update on this?

[dmunch]

This resource seems to be there now, according to the provider docs.

[jonathaneckman]

The hostname binding resource exists, but you cannot create a managed certificate with it. For example, this code:

resource "azurerm_app_service_managed_certificate" "preview_certificate" {
   custom_hostname_binding_id = azurerm_app_service_slot_custom_hostname_binding.preview_hostname_binding.id
}

throws this error:

Error: can not parse "custom_hostname_binding_id" as App Service Custom Hostname ID: ID contained more segments than required: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/API-RG-01/providers/Microsoft.Web/sites/API-APPS-01/slots/PREVIEW/hostNameBindings/preview.api.int.contoso.com", map[slots:PREVIEW]

[joshmartinlumi]

Any update on this?

[miaoz2001]

I got the same issue as @jonathaneckman , I cannot do with the managed certificate.

resource "azurerm_app_service_managed_certificate" "staging" {
  custom_hostname_binding_id = azurerm_app_service_slot_custom_hostname_binding.staging.id
  depends_on                 = [azurerm_app_service_slot.staging, azurerm_app_service_slot_custom_hostname_binding.staging]
}

throw the same error:

Error: can not parse "custom_hostname_binding_id" as App Service Custom Hostname ID: ID contained more segments than required: "/subscriptions/xxxx/resourceGroups/Intelletek_Sandbox/providers/Microsoft.Web/sites/xxxx-prod/slots/staging/hostNameBindings/xxxx-xxxx", map[slots:staging]

any ideas?

[mkohn]

I'm getting the same error. Seems like this is not supported yet.

[xiaxyi]

@mkohn The app service slot hostname binding is supported by terraform via the resource azurerm_app_service_slot_custom_hostname_binding

Did you get any chance to check it?

[adam230594]

Also getting the same error as @jonathaneckman and @miaoz2001. Custom domain is being created but no use without the managed certificate.