» azurerm_api_management
Manages an API Management Service.
» Example Usage
resource "azurerm_resource_group" "test" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_api_management" "test" {
name = "example-apim"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
publisher_name = "My Company"
publisher_email = "company@terraform.io"
sku {
name = "Developer"
capacity = 1
}
}
» Argument Reference
The following arguments are supported:
-
name
- (Required) The name of the API Management Service. Changing this forces a new resource to be created. -
location
- (Required) The Azure location where the API Management Service exists. Changing this forces a new resource to be created. -
resource_group_name
- (Required) The name of the Resource Group in which the API Management Service should be exist. Changing this forces a new resource to be created. -
publisher_name
- (Required) The name of publisher/company. -
publisher_email
- (Required) The email of publisher/company. -
sku
- (Required) Asku
block as documented below.
-
additional_location
- (Optional) One or moreadditional_location
blocks as defined below. -
certificate
- (Optional) One or more (up to 10)certificate
blocks as defined below. -
identity
- (Optional) Anidentity
block is documented below. -
hostname_configuration
- (Optional) Ahostname_configuration
block as defined below. -
notification_sender_email
- (Optional) Email address from which the notification will be sent. -
policy
- (Optional) Apolicy
block as defined below. -
security
- (Optional) Asecurity
block as defined below. -
sign_in
- (Optional) Asign_in
block as defined below. -
sign_up
- (Optional) Asign_up
block as defined below. -
tags
- (Optional) A mapping of tags assigned to the resource.
A additional_location
block supports the following:
-
location
- (Required) The name of the Azure Region in which the API Management Service should be expanded to.
A certificate
block supports the following:
-
encoded_certificate
- (Required) The Base64 Encoded PFX Certificate. -
certificate_password
- (Required) The password for the certificate. -
store_name
- (Required) The name of the Certificate Store where this certificate should be stored. Possible values areCertificateAuthority
andRoot
.
A hostname_configuration
block supports the following:
-
management
- (Optional) One or moremanagement
blocks as documented below. -
portal
- (Optional) One or moreportal
blocks as documented below. -
proxy
- (Optional) One or moreproxy
blocks as documented below. -
scm
- (Optional) One or morescm
blocks as documented below.
A identity
block supports the following:
-
type
- (Required) Specifies the type of Managed Service Identity that should be configured on this API Management Service. At this time the only supported value isSystemAssigned
.
A management
, portal
and scm
block supports the following:
-
host_name
- (Required) The Hostname to use for the Management API. -
key_vault_id
- (Optional) The ID of the Key Vault Secret containing the SSL Certificate, which must be should be of the typeapplication/x-pkcs12
.
NOTE: Setting this field requires the identity
block to be specified, since this identity is used for to retrieve the Key Vault Certificate. Auto-updating the Certificate from the Key Vault requires the Secret version isn't specified.
-
certificate
- (Optional) The Base64 Encoded Certificate. -
certificate_password
- (Optional) The password associated with the certificate provided above.
NOTE: Either key_vault_id
or certificate
and certificate_password
must be specified.
-
negotiate_client_certificate
- (Optional) Should Client Certificate Negotiation be enabled for this Hostname? Defaults tofalse
.
A policy
block supports the following:
-
xml_content
- (Optional) The XML Content for this Policy. -
xml_link
- (Optional) A link to an API Management Policy XML Document, which must be publicly available.
A proxy
block supports the following:
-
default_ssl_binding
- (Optional) Is the certificate associated with this Hostname the Default SSL Certificate? This is used when an SNI header isn't specified by a client. Defaults tofalse
. -
host_name
- (Required) The Hostname to use for the Management API. -
key_vault_id
- (Optional) The ID of the Key Vault Secret containing the SSL Certificate, which must be should be of the typeapplication/x-pkcs12
.
NOTE: Setting this field requires the identity
block to be specified, since this identity is used for to retrieve the Key Vault Certificate. Auto-updating the Certificate from the Key Vault requires the Secret version isn't specified.
-
certificate
- (Optional) The Base64 Encoded Certificate. -
certificate_password
- (Optional) The password associated with the certificate provided above.
NOTE: Either key_vault_id
or certificate
and certificate_password
must be specified.
-
negotiate_client_certificate
- (Optional) Should Client Certificate Negotiation be enabled for this Hostname? Defaults tofalse
.
A security
block supports the following:
-
disable_backend_ssl30
- (Optional) Should SSL 3.0 be disabled on the backend of the gateway? Defaults tofalse
.
info: This maps to the Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30
field
-
disable_backend_tls10
- (Optional) Should TLS 1.0 be disabled on the backend of the gateway? Defaults tofalse
.
info: This maps to the Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10
field
-
disable_backend_tls11
- (Optional) Should TLS 1.1 be disabled on the backend of the gateway? Defaults tofalse
.
info: This maps to the Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11
field
-
disable_frontend_ssl30
- (Optional) Should SSL 3.0 be disabled on the frontend of the gateway? Defaults tofalse
.
info: This maps to the Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30
field
-
disable_frontend_tls10
- (Optional) Should TLS 1.0 be disabled on the frontend of the gateway? Defaults tofalse
.
info: This maps to the Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10
field
-
disable_frontend_tls11
- (Optional) Should TLS 1.1 be disabled on the frontend of the gateway? Defaults tofalse
.
info: This maps to the Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11
field
-
disable_triple_des_chipers
- (Optional) Should theTLS_RSA_WITH_3DES_EDE_CBC_SHA
cipher be disabled for alL TLS versions (1.0, 1.1 and 1.2)? Defaults tofalse
.
info: This maps to the Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168
field
A sku
block supports the following:
-
name
- (Required) Specifies the Pricing Tier for the API Management Service. Possible values include:Developer
,Basic
,Standard
andPremium
. -
capacity
- (Required) Specifies the Pricing Capacity for the API Management Service.
A sign_in
block supports the following:
-
enabled
- (Required) Should anonymous users be redirected to the sign in page?
A sign_up
block supports the following:
-
enabled
- (Required) Can users sign up on the development portal? -
terms_of_service
- (Optional) Aterms_of_service
block as defined below.
A terms_of_service
block supports the following:
-
consent_required
- (Required) Should the user be asked for consent during sign up? -
enabled
- (Required) Should Terms of Service be displayed during sign up?. -
text
- (Required) The Terms of Service which users are required to agree to in order to sign up.
» Attributes Reference
In addition to all arguments above, the following attributes are exported:
-
id
- The ID of the API Management Service. -
additional_location
- One or moreadditional_location
blocks as documented below. -
gateway_url
- The URL of the Gateway for the API Management Service. -
gateway_regional_url
- The Region URL for the Gateway of the API Management Service. -
identity
- Anidentity
block as defined below. -
management_api_url
- The URL for the Management API associated with this API Management service. -
portal_url
- The URL for the Publisher Portal associated with this API Management service. -
public_ip_addresses
- The Public IP addresses of the API Management Service. -
scm_url
- The URL for the SCM (Source Code Management) Endpoint associated with this API Management service.
An additional_location
block exports the following:
-
gateway_regional_url
- The URL of the Regional Gateway for the API Management Service in the specified region. -
public_ip_addresses
- Public Static Load Balanced IP addresses of the API Management service in the additional location. Available only for Basic, Standard and Premium SKU.
An identity
block exports the following:
-
principal_id
- The Principal ID associated with this Managed Service Identity. -
tenant_id
- The Tenant ID associated with this Managed Service Identity.
» Import
API Management Services can be imported using the resource id
, e.g.
terraform import azurerm_api_management.test /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.ApiManagement/service/instance1