2

Hope you can help me with a crazy situation. See below screenshot and i would like to have setting 'Client application requirement' with value 'allow requests only from this application itself' and not 'Allow requests from any application (Not recommended)'

enter image description here

Below my terraform file:

resource "azurerm_windows_web_app" "terra_webapp" {
 resource_group_name = var.web_app_resource_group_name
 name                = var.web_app_name
 location            = var.web_app_location
 service_plan_id     = var.service_plan_id
 tags                = var.tags

 https_only = true
 app_settings = {
   WEBSITE_AUTH_AAD_ALLOWED_TENANTS = "<TenantID>"
 }

 site_config {
   minimum_tls_version = "1.2"
 }

 auth_settings_v2 {
   auth_enabled           = true
   require_authentication = true
   require_https          = true
   runtime_version        = "~1"
   default_provider       = "azureactivedirectory"
   unauthenticated_action = "RedirectToLoginPage"

login {
  token_store_enabled            = true
  token_refresh_extension_time   = 6
  allowed_external_redirect_urls = []
}

   active_directory_v2 {
     client_id            = "<appClientID>"
     tenant_auth_endpoint = "https://sts.windows.net/<TenantID>/v2.0"

   }
 }

}

Official documentation from terraform here and i try all settings without luck (especially the one with allowed_xxx)

I struggle to find a solution. Any idea or suggestions ? regards

Improve this question
5
  • you created the resource via terraform apply, then if you manually change it on azure and next run a terraform Plan, it should show the difference Commented Apr 9, 2024 at 14:50
  • After exploring on your requirement, I found that it is not possible to set up additional checks of identity provider as of now. It can be done with CLI or portal. @Paul Commented Apr 10, 2024 at 5:55
  • @HelderSepulveda: yes i apply your suggestion but unfortunately it does not give me settings which has been modified. Commented Apr 10, 2024 at 15:10
  • @Jahnavi: thanks for your help. This is what i understand also. It's pity that we cannot change it for now. Do you have any idea and when we could this with terraform ? Commented Apr 10, 2024 at 15:11
  • 1
    if it can be done via the CLI it can be done in the terraform provider, report it: github.com/hashicorp/terraform-provider-azurerm/issues/… Commented Apr 10, 2024 at 16:46
Related questions
14
How to specify .net core version with Terraform azurerm_app_service
0
Azure application Gateway terraform
10
Add azure SQL user with terraform
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.