I’ve been working with the API Management over the past 2 weeks and found myself creating and recreating the resource numerous times while performing tweaks and tests, and thought it would be handy to automate the process with Terraform in case I need to go through process again in the future. The Terraform code can be found here in my repo: https://github.com/terenceluk/terraform-apim-appgateway
Here what the topology looks like:
A few notable mentions are:
- The deployment mirrors what the following Microsoft documentation provides with PowerShell: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway
- The WAF for the App Gateway is enabled with prevention mode and WAF Rule Set configured as version 3.2
- The deployment include one Key Vault for storing certificates, two addition Log Analytics Workspaces to log the APIM and App Gateway
- The code will use a PFX locally on the computer running the code for a KeyVault resource that will be created
- The code uses the Object ID of the user running the code interactively to assign it permissions to the Key Vault so the PFX can be imported
- Private DNS Zone with A records for the APIM internal URLs are created
- Don’t forget to either create A records for the external DNS to point to the public IP of the App Gateway or, which I prefer more, create a CNAME that points to the App Gateway’s public IP address
Hope this helps anyone who might be looking for a quick way to deploy an APIM published with an App Gateway for the Gateway, Developer Portal and Endpoint.
