Configure Azure API management operation backend url and client certificate via Terraform

Question

I am using Terraform to provision Azure API management. I have succesfully proviosioned following resources

• azurerm_api_management
• azurerm_api_management_api
• azurerm_api_management_product
• azurerm_api_management_product_api
• azurerm_api_management_api_operation
• azurerm_api_management_named_value
• azurerm_api_management_api_operation_policy
• azurerm_api_management_backend

Idea is to use mutual client certificate authentication between APIM and AKS (which will use Nginx ingress controller auth-tls-verify-client ).

As you can see from the figure, currently I have to manually via Azure Portal, set service URL and select client certificate for the operation to use. How could I configure service URL and client certificate association for the operation via Terraform?

Answer 1

@Timo Holm azurerm_api_management_backend does have the url and credentials parameters that you can use to set the backend service URL and the Client certificate.

Answer 2

@Timo Holm if you don't want to use a dedicated backend resource and add a backend basic auth or certificate, the way the Azure portal does it from the UI is by using one of the 2 simple authentication policy entries:

<authentication-basic username="" password="" />  
<authentication-certificate thumbprint="" />  

It seems to add it under the inbound processing section for some reason:

<policies>  
	<inbound>  
		<base />  
		<authentication-basic username="asdf" password="asdf" />  
	</inbound>  
	<backend>  
		<base />  
	</backend>  
	<outbound>  
		<base />  
	</outbound>  
	<on-error>  
		<base />  
	</on-error>  
</policies>