Skip to content

Utesgui/terraform-azurerm-scepman

 
 

Repository files navigation

SCEPman - Certificates Simplified

SCEPman Docs

SCEPman is a slim and resource-friendly solution to issue and validate certificates using SCEP. It is an Azure Web App providing the SCEP protocol and works directly with the Microsoft Graph and Intune API. SCEPman uses an Azure Key Vault based Root CA and certificate creation. No other component is involved, neither a database nor any other stateful storage except the Azure Key Vault itself. That said, SCEPman will not need any backup procedures or other operation level tasks. Only an Azure subscription is necessary to deploy it.

Prerequisites

  • Access to an Azure subscription (or Resource Group) with Owner RBAC Role assigned to Principal used for deployment
  • Terraform environemnt - local, GitHub Codespaces or Dev Containers

Local Environment:

GitHub Codespaces

  • Repository contains GitHub Codespaces dev container definitions

Open in GitHub Codespaces

Dev Containers

Visit containers.dev for more information

Terraform State

Examples

Advanced

For more informations how to deploy the following example, see the Advanced Example Documentation.

# Version requirements

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "3.28.0"
    }
  }
  backend "local" {}

  required_version = ">= 1.3"
}

# Provider configuration

provider "azurerm" {
  features {}
  partner_id = "a262352f-52a9-4ed9-a9ba-6a2b2478d19b"
}

# Resources

resource "azurerm_resource_group" "rg" {
  name     = var.resource_group_name
  location = var.location

  tags = var.tags
}

module "scepman" {
  # Option 1: Local module, use from local development
  # source = "../.." # This is the local path to the module

  # Option 2: Use the terraform registry version
  source = "glueckkanja-gab/scepman/azurerm"
  # version = "0.1.0"


  resource_group_name = azurerm_resource_group.rg.name
  location            = var.location

  storage_account_name = var.storage_account_name
  key_vault_name       = var.key_vault_name
  law_name             = var.law_name

  service_plan_name                   = var.service_plan_name
  app_service_name_primary            = var.app_service_name_primary
  app_service_name_certificate_master = var.app_service_name_certificate_master

  app_settings_primary            = var.app_settings_primary
  app_settings_certificate_master = var.app_settings_certificate_master

  tags = var.tags
}

Inputs

Name Description Type Default Required
app_service_name_certificate_master Name of the certificate master app service string n/a yes
app_service_name_primary Name of the primary app service string n/a yes
app_settings_certificate_master A mapping of app settings to assign to the certificate master app service map(string) {} no
app_settings_primary A mapping of app settings to assign to the primary app service map(string) {} no
artifacts_url_primary URL to the artifacts of the primary SCEPman Service string "https://raw.githubusercontent.com/scepman/install/master/dist/Artifacts.zip" no
artifacts_url_certificate_master URL to the artifacts of the SCEPman certificate master string "https://raw.githubusercontent.com/scepman/install/master/dist-certmaster/CertMaster-Artifacts.zip" no
law_name Name of the Log Analytics Workspace string n/a yes
law_resource_group Resource Group of existing Log Analytics Workspace string null no
key_vault_name Name of the key vault string n/a yes
location Azure Region where the resources should be created string n/a yes
resource_group_name Name of the resource group string n/a yes
service_plan_name Name of the service plan string n/a yes
service_plan_sku SKU of the service plan string S1 no
service_plan_resource_id Resource ID of the service plan string null no
storage_account_name Name of the storage account string n/a yes
organization_name Your organization name presented in the O= field of the root certificate string my-org no
tags A mapping of tags to assign to the resource map(string) {} no

Optional App Service Logging settings

Name Description Type Default Required
enable_application_insights Create and connect Application Insights for the App services. NOTE: This will prevent Terraform from beeing able to destroy the ressource group! bool false no
app_service_retention_in_days Retention of http_logs in days number 180 no
app_service_retention_in_mb Retention of http_logs in mb number 35 no
app_service_logs_detailed_error_messages Detailed Error messages of the app service bool true no
app_service_logs_failed_request_tracing Trace failed requests bool false no
app_service_application_logs_file_system_level Application Log level for file_system string "Error" no

Outputs

Name Description
scepman_certificate_master_url SCEPman Certificate Master Url
scepman_url SCEPman Url

Releases

No releases published

Packages

No packages published

Languages

  • HCL 85.2%
  • Bicep 10.2%
  • Dockerfile 4.6%