I'm trying to build a custom ARM template that deploys a new resource group (web,sql,redis,storage) that also creates a custom CNAME record in our dnsZone hosted in a different/existing resGroup. Finally, I'd like to add a certificate binding (wildcard) from our KeyVault also stored in the other resGroup.
It seems there is support for adding a zone in the new resGroup, but can't find example of leveraging existing zone and just adding a CNAME record that points to my new web app.
It also seems there are examples of creating Key Vaults, but not binding a site up to an existing cert in an existing vault in a different resGroup.
This is a very common multi-tenant kind of scenario, sure seems it should be possible in our template, without having to rely on PowerShell or Azure CLI.
Just wrap your dnsZone resource with a deployment resource and scope it to another group.
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": %%% resource group name goes here %%%,
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
%%%% dnsZone goes here %%%
]
},
"parameters": {}
}
}
For the KV, you can use the example from the quickstarts:
https://github.com/Azure/azure-quickstart-templates/blob/master/webapp-keyvault-ssl/azuredeploy.json