Configure Azure API management operation backend url and client certificate via Terraform

Timo Holm 71 Reputation points
2022-02-08T14:19:21.627+00:00

I am using Terraform to provision Azure API management. I have succesfully proviosioned following resources

  • azurerm_api_management
  • azurerm_api_management_api
  • azurerm_api_management_product
  • azurerm_api_management_product_api
  • azurerm_api_management_api_operation
  • azurerm_api_management_named_value
  • azurerm_api_management_api_operation_policy
  • azurerm_api_management_backend

Idea is to use mutual client certificate authentication between APIM and AKS (which will use Nginx ingress controller auth-tls-verify-client ).

As you can see from the figure, currently I have to manually via Azure Portal, set service URL and select client certificate for the operation to use. How could I configure service URL and client certificate association for the operation via Terraform?

172250-apim-backend.png

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,745 questions
0 comments No comments
{count} votes

1 additional answer

Sort by: Most helpful
  1. Anonymous
    2022-10-12T14:58:24.127+00:00

    @Timo Holm if you don't want to use a dedicated backend resource and add a backend basic auth or certificate, the way the Azure portal does it from the UI is by using one of the 2 simple authentication policy entries:

    <authentication-basic username="" password="" />  
    <authentication-certificate thumbprint="" />  
    

    It seems to add it under the inbound processing section for some reason:

    <policies>  
    	<inbound>  
    		<base />  
    		<authentication-basic username="asdf" password="asdf" />  
    	</inbound>  
    	<backend>  
    		<base />  
    	</backend>  
    	<outbound>  
    		<base />  
    	</outbound>  
    	<on-error>  
    		<base />  
    	</on-error>  
    </policies>  
    

    249813-image.png

    0 comments No comments