This guide offers best practices for using Contrast Security’s .NET Framework and .NET Core agents when using Terraform to deploy to Azure. We encourage you to take this guide, make it your own, and distribute it to teams who need to instrument applications this way.
Console access to a system where Terraform and the Azure CLI are installed
Login access to Azure Portal, including az login from the Azure CLI
Python installed on the system where these commands are run
Previously included the Contrast agent as a part of Azure App Service. For more on this, read this related guide: [link to App Service guide]
Known issues
Site extensions are the best way to deploy the Contrast agent to an Azure app service, but this can only be done via the Azure Portal, an ARM policy, or the Azure API. The Terraform method described here will use the latter two methods directly or indirectly.
For more on using ARM policies and templates, read this related guide: [.NET and Azure ARM]
Instructions
Begin by configuring the Contrast agent for your application.
1. Configure the agent
You will need to download a configuration file from Contrast. Begin by selecting Add Agent in Contrast and complete the steps indicated to get the values and download the .yaml configuration file. We recommend setting at least the following values to configure the agent. Add these key/value pairs to the configuration file for the .NET agent you are using (copy the keys and values precisely): .NET Framework agent
Because site extension deployment is only natively supported via the Azure portal, Azure ARM policies, and Azure API, Terraform is a convenient command line method to add or remove site extensions. It uses an ARM policy to set up the extension as shown in the examples here.
Use the .yaml configuration file you prepared in step 1. Make sure it is named contrast_security.yaml