Terraform

Azure App Service with Terraform - Deploy Web Apps

Deploy Azure App Service web apps with Terraform. Linux and Windows apps, deployment slots, custom domains, SSL certificates, and autoscaling.

LLuca BertonMay 1, 20261 min read

Quick Answer

resource "azurerm_service_plan" "main" {
  name                = "my-plan"
  resource_group_name = azurerm_resource_group.main.name
  location            = azurerm_resource_group.main.location
  os_type             = "Linux"
  sku_name            = "B1"
}
 
resource "azurerm_linux_web_app" "main" {
  name                = "my-web-app"
  resource_group_name = azurerm_resource_group.main.name
  location            = azurerm_resource_group.main.location
  service_plan_id     = azurerm_service_plan.main.id
 
  site_config {
    application_stack {
      node_version = "20-lts"
    }
  }
}

Production Web App

resource "azurerm_resource_group" "main" {
  name     = "${var.project}-${var.environment}-rg"
  location = var.location
}
 
resource "azurerm_service_plan" "main" {
  name                = "${var.project}-${var.environment}-plan"
  resource_group_name = azurerm_resource_group.main.name
  location            = azurerm_resource_group.main.location
  os_type             = "Linux"
  sku_name            = "P1v3"
 
  tags = { Environment = var.environment }
}
 
resource "azurerm_linux_web_app" "api" {
  name                = "${var.project}-${var.environment}-api"
  resource_group_name = azurerm_resource_group.main.name
  location            = azurerm_resource_group.main.location
  service_plan_id     = azurerm_service_plan.main.id
  https_only          = true
 
  site_config {
    always_on        = true
    minimum_tls_version = "1.2"
    ftps_state       = "Disabled"
    health_check_path = "/health"
 
    application_stack {
      docker_image_name   = "${var.project}/api:${var.image_tag}"
      docker_registry_url = "https://${azurerm_container_registry.main.login_server}"
    }
  }
 
  app_settings = {
    ENVIRONMENT                    = var.environment
    WEBSITES_ENABLE_APP_SERVICE_STORAGE = "false"
    DOCKER_REGISTRY_SERVER_URL     = "https://${azurerm_container_registry.main.login_server}"
    DOCKER_REGISTRY_SERVER_USERNAME = azurerm_container_registry.main.admin_username
    DOCKER_REGISTRY_SERVER_PASSWORD = azurerm_container_registry.main.admin_password
  }
 
  identity {
    type = "SystemAssigned"
  }
 
  logs {
    http_logs {
      file_system {
        retention_in_days = 7
        retention_in_mb   = 35
      }
    }
    application_logs {
      file_system_level = "Warning"
    }
  }
 
  tags = { Environment = var.environment }
}

Deployment Slots (Blue-Green)

resource "azurerm_linux_web_app_slot" "staging" {
  name           = "staging"
  app_service_id = azurerm_linux_web_app.api.id
 
  site_config {
    application_stack {
      docker_image_name   = "${var.project}/api:${var.staging_tag}"
      docker_registry_url = "https://${azurerm_container_registry.main.login_server}"
    }
  }
 
  app_settings = azurerm_linux_web_app.api.app_settings
}
 
# Swap slots for zero-downtime deployment
# az webapp deployment slot swap -g rg -n app --slot staging

Custom Domain and SSL

resource "azurerm_app_service_custom_hostname_binding" "main" {
  hostname            = "api.${var.domain_name}"
  app_service_name    = azurerm_linux_web_app.api.name
  resource_group_name = azurerm_resource_group.main.name
}
 
resource "azurerm_app_service_managed_certificate" "main" {
  custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.main.id
}
 
resource "azurerm_app_service_certificate_binding" "main" {
  hostname_binding_id = azurerm_app_service_custom_hostname_binding.main.id
  certificate_id      = azurerm_app_service_managed_certificate.main.id
  ssl_state           = "SniEnabled"
}

SKU Comparison

SKU	vCPU	RAM	Features	Cost/month
F1	Shared	1 GB	Free tier, no custom domain	Free
B1	1	1.75 GB	Custom domains, SSL	~$13
S1	1	1.75 GB	+ Slots, autoscale	~$70
P1v3	2	8 GB	+ VNet, more slots	~$115

Conclusion

Use Linux App Service with Docker containers for production, deployment slots for zero-downtime deploys, managed certificates for free SSL, and system-assigned managed identity for secure access to other Azure services. Always set https_only = true and ftps_state = "Disabled".

#Terraform#Azure#App Service#Infrastructure as Code

Share this article

Terraform

Azure Cosmos DB with Terraform - Global NoSQL Database

Deploy Azure Cosmos DB with Terraform. SQL API, MongoDB API, global distribution, autoscale throughput, private endpoints, and backup configuration.

May 1, 20263 min read

Terraform

Azure Service Bus with Terraform - Queues and Topics

Deploy Azure Service Bus with Terraform. Queues, topics, subscriptions, dead-letter queues, private endpoints, and message filtering rules.

May 1, 20262 min read

Terraform

Terraform Azure Backend - Store State in Azure Storage

Configure Terraform azurerm backend to store state in Azure Blob Storage. Storage account setup, encryption, state locking, workspaces, and RBAC authentication.

May 1, 20262 min read

Terraform

Terraform on Azure: A Complete Beginner's Guide

A beginner-friendly Terraform Azure guide with provider setup, resource groups, VNets, VMs, and remote state. Step-by-step with code examples.

Feb 4, 20262 min read

Quick Answer

Production Web App

Deployment Slots (Blue-Green)

Custom Domain and SSL

SKU Comparison

Related Articles

Conclusion

Related articles

Azure Cosmos DB with Terraform - Global NoSQL Database

Azure Service Bus with Terraform - Queues and Topics

Terraform Azure Backend - Store State in Azure Storage

Terraform on Azure: A Complete Beginner's Guide