diff --git a/azurerm/internal/clients/client.go b/azurerm/internal/clients/client.go
index 97e9f9678029..9ed0b26315dd 100644
--- a/azurerm/internal/clients/client.go
+++ b/azurerm/internal/clients/client.go
@@ -12,6 +12,7 @@ import (
 	appConfiguration "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/appconfiguration/client"
 	applicationInsights "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/applicationinsights/client"
 	appPlatform "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/appplatform/client"
+	attestation "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/attestation/client"
 	authorization "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/authorization/client"
 	automation "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/automation/client"
 	batch "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/batch/client"
@@ -97,6 +98,7 @@ type Client struct {
 	AppConfiguration      *appConfiguration.Client
 	AppInsights           *applicationInsights.Client
 	AppPlatform           *appPlatform.Client
+	Attestation           *attestation.Client
 	Authorization         *authorization.Client
 	Automation            *automation.Client
 	Batch                 *batch.Client
@@ -183,6 +185,7 @@ func (client *Client) Build(ctx context.Context, o *common.ClientOptions) error
 	client.AppConfiguration = appConfiguration.NewClient(o)
 	client.AppInsights = applicationInsights.NewClient(o)
 	client.AppPlatform = appPlatform.NewClient(o)
+	client.Attestation = attestation.NewClient(o)
 	client.Authorization = authorization.NewClient(o)
 	client.Automation = automation.NewClient(o)
 	client.Batch = batch.NewClient(o)
diff --git a/azurerm/internal/provider/services.go b/azurerm/internal/provider/services.go
index 49a3b4c9946f..fb13e315327b 100644
--- a/azurerm/internal/provider/services.go
+++ b/azurerm/internal/provider/services.go
@@ -7,6 +7,7 @@ import (
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/appconfiguration"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/applicationinsights"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/appplatform"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/attestation"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/authorization"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/automation"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/batch"
@@ -90,6 +91,7 @@ func SupportedServices() []common.ServiceRegistration {
 		appconfiguration.Registration{},
 		appplatform.Registration{},
 		applicationinsights.Registration{},
+		attestation.Registration{},
 		authorization.Registration{},
 		automation.Registration{},
 		batch.Registration{},
diff --git a/azurerm/internal/services/attestation/attestation_provider_data_source.go b/azurerm/internal/services/attestation/attestation_provider_data_source.go
new file mode 100644
index 000000000000..dfbbc4454bc4
--- /dev/null
+++ b/azurerm/internal/services/attestation/attestation_provider_data_source.go
@@ -0,0 +1,80 @@
+package attestation
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/location"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func dataSourceAttestationProvider() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceArmAttestationProviderRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(5 * time.Minute),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+
+			"resource_group_name": azure.SchemaResourceGroupNameForDataSource(),
+
+			"location": azure.SchemaLocationForDataSource(),
+
+			"attestation_uri": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"trust_model": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"tags": tags.SchemaDataSource(),
+		},
+	}
+}
+
+func dataSourceArmAttestationProviderRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Attestation.ProviderClient
+	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	name := d.Get("name").(string)
+	resourceGroup := d.Get("resource_group_name").(string)
+
+	resp, err := client.Get(ctx, resourceGroup, name)
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			return fmt.Errorf("Attestation Provider %q (Resource Group %q) was not found", name, resourceGroup)
+		}
+		return fmt.Errorf("retrieving Attestation %q (Resource Group %q): %+v", name, resourceGroup, err)
+	}
+
+	d.Set("name", name)
+	d.Set("resource_group_name", resourceGroup)
+	d.Set("location", location.NormalizeNilable(resp.Location))
+
+	if props := resp.StatusResult; props != nil {
+		d.Set("attestation_uri", props.AttestURI)
+		d.Set("trust_model", props.TrustModel)
+	}
+
+	if resp.ID == nil || *resp.ID == "" {
+		return fmt.Errorf("empty or nil ID returned for Attestation Provider %q (Resource Group %q)", name, resourceGroup)
+	}
+	d.SetId(*resp.ID)
+
+	return tags.FlattenAndSet(d, resp.Tags)
+}
diff --git a/azurerm/internal/services/attestation/attestation_provider_resource.go b/azurerm/internal/services/attestation/attestation_provider_resource.go
new file mode 100644
index 000000000000..87948c482983
--- /dev/null
+++ b/azurerm/internal/services/attestation/attestation_provider_resource.go
@@ -0,0 +1,227 @@
+package attestation
+
+import (
+	"encoding/base64"
+	"encoding/pem"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/location"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/attestation/parse"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/attestation/validate"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags"
+	azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func resourceArmAttestationProvider() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceArmAttestationProviderCreate,
+		Read:   resourceArmAttestationProviderRead,
+		Update: resourceArmAttestationProviderUpdate,
+		Delete: resourceArmAttestationProviderDelete,
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(30 * time.Minute),
+			Read:   schema.DefaultTimeout(5 * time.Minute),
+			Update: schema.DefaultTimeout(30 * time.Minute),
+			Delete: schema.DefaultTimeout(30 * time.Minute),
+		},
+
+		Importer: azSchema.ValidateResourceIDPriorToImport(func(id string) error {
+			_, err := parse.AttestationId(id)
+			return err
+		}),
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validate.AttestationName,
+			},
+
+			"resource_group_name": azure.SchemaResourceGroupName(),
+
+			"location": azure.SchemaLocation(),
+
+			"policy_signing_certificate_data": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				ValidateFunc: validate.IsCert,
+			},
+
+			"tags": tags.Schema(),
+
+			"attestation_uri": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"trust_model": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+func resourceArmAttestationProviderCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Attestation.ProviderClient
+	ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	name := d.Get("name").(string)
+	resourceGroup := d.Get("resource_group_name").(string)
+
+	existing, err := client.Get(ctx, resourceGroup, name)
+	if err != nil {
+		if !utils.ResponseWasNotFound(existing.Response) {
+			return fmt.Errorf("checking for presence of existing Attestation Provider %q (Resource Group %q): %+v", name, resourceGroup, err)
+		}
+	}
+	if existing.ID != nil && *existing.ID != "" {
+		return tf.ImportAsExistsError("azurerm_attestation_provider", *existing.ID)
+	}
+
+	props := attestation.ServiceCreationParams{
+		Location:   utils.String(location.Normalize(d.Get("location").(string))),
+		Properties: &attestation.ServiceCreationSpecificParams{
+			// AttestationPolicy was deprecated in October of 2019
+		},
+		Tags: tags.Expand(d.Get("tags").(map[string]interface{})),
+	}
+
+	// NOTE: This maybe an slice in a future release or even a slice of slices
+	//       The service team does not currently have any user data for this
+	//       resource.
+	policySigningCertificate := d.Get("policy_signing_certificate_data").(string)
+
+	if policySigningCertificate != "" {
+		block, _ := pem.Decode([]byte(policySigningCertificate))
+		if block == nil {
+			return fmt.Errorf("invalid X.509 certificate, unable to decode")
+		}
+
+		v := base64.StdEncoding.EncodeToString(block.Bytes)
+		props.Properties.PolicySigningCertificates = expandArmAttestationProviderJSONWebKeySet(v)
+	}
+
+	if _, err := client.Create(ctx, resourceGroup, name, props); err != nil {
+		return fmt.Errorf("creating Attestation Provider %q (Resource Group %q): %+v", name, resourceGroup, err)
+	}
+
+	resp, err := client.Get(ctx, resourceGroup, name)
+	if err != nil {
+		return fmt.Errorf("retrieving Attestation Provider %q (Resource Group %q): %+v", name, resourceGroup, err)
+	}
+
+	if resp.ID == nil || *resp.ID == "" {
+		return fmt.Errorf("empty or nil ID returned for Attestation Provider %q (Resource Group %q)", name, resourceGroup)
+	}
+
+	d.SetId(*resp.ID)
+	return resourceArmAttestationProviderRead(d, meta)
+}
+
+func resourceArmAttestationProviderRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Attestation.ProviderClient
+	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	id, err := parse.AttestationId(d.Id())
+	if err != nil {
+		return err
+	}
+
+	resp, err := client.Get(ctx, id.ResourceGroup, id.Name)
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			log.Printf("[INFO] attestation %q does not exist - removing from state", d.Id())
+			d.SetId("")
+			return nil
+		}
+		return fmt.Errorf("retrieving Attestation Provider %q (Resource Group %q): %+v", id.Name, id.ResourceGroup, err)
+	}
+
+	d.Set("name", id.Name)
+	d.Set("resource_group_name", id.ResourceGroup)
+	d.Set("location", location.NormalizeNilable(resp.Location))
+
+	if props := resp.StatusResult; props != nil {
+		d.Set("attestation_uri", props.AttestURI)
+		d.Set("trust_model", props.TrustModel)
+	}
+
+	return tags.FlattenAndSet(d, resp.Tags)
+}
+
+func resourceArmAttestationProviderUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Attestation.ProviderClient
+	ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	id, err := parse.AttestationId(d.Id())
+	if err != nil {
+		return err
+	}
+
+	updateParams := attestation.ServicePatchParams{}
+	if d.HasChange("tags") {
+		updateParams.Tags = tags.Expand(d.Get("tags").(map[string]interface{}))
+	}
+
+	if _, err := client.Update(ctx, id.ResourceGroup, id.Name, updateParams); err != nil {
+		return fmt.Errorf("updating Attestation Provider %q (Resource Group %q): %+v", id.Name, id.ResourceGroup, err)
+	}
+	return resourceArmAttestationProviderRead(d, meta)
+}
+
+func resourceArmAttestationProviderDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Attestation.ProviderClient
+	ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	id, err := parse.AttestationId(d.Id())
+	if err != nil {
+		return err
+	}
+
+	if _, err := client.Delete(ctx, id.ResourceGroup, id.Name); err != nil {
+		return fmt.Errorf("deleting Attestation Provider %q (Resource Group %q): %+v", id.Name, id.ResourceGroup, err)
+	}
+	return nil
+}
+
+func expandArmAttestationProviderJSONWebKeySet(pem string) *attestation.JSONWebKeySet {
+	if len(pem) == 0 {
+		return nil
+	}
+
+	result := attestation.JSONWebKeySet{
+		Keys: expandArmAttestationProviderJSONWebKeyArray(pem),
+	}
+
+	return &result
+}
+
+func expandArmAttestationProviderJSONWebKeyArray(pem string) *[]attestation.JSONWebKey {
+	results := make([]attestation.JSONWebKey, 0)
+	certs := []string{pem}
+
+	result := attestation.JSONWebKey{
+		Kty: utils.String("RSA"),
+		X5c: &certs,
+	}
+
+	results = append(results, result)
+
+	return &results
+}
diff --git a/azurerm/internal/services/attestation/client/client.go b/azurerm/internal/services/attestation/client/client.go
new file mode 100644
index 000000000000..a54f53e5e1c5
--- /dev/null
+++ b/azurerm/internal/services/attestation/client/client.go
@@ -0,0 +1,19 @@
+package client
+
+import (
+	"github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/common"
+)
+
+type Client struct {
+	ProviderClient *attestation.ProvidersClient
+}
+
+func NewClient(o *common.ClientOptions) *Client {
+	providerClient := attestation.NewProvidersClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&providerClient.Client, o.ResourceManagerAuthorizer)
+
+	return &Client{
+		ProviderClient: &providerClient,
+	}
+}
diff --git a/azurerm/internal/services/attestation/parse/attestation.go b/azurerm/internal/services/attestation/parse/attestation.go
new file mode 100644
index 000000000000..534d5ca82da1
--- /dev/null
+++ b/azurerm/internal/services/attestation/parse/attestation.go
@@ -0,0 +1,31 @@
+package parse
+
+import (
+	"fmt"
+
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+)
+
+type AttestationProviderId struct {
+	ResourceGroup string
+	Name          string
+}
+
+func AttestationId(input string) (*AttestationProviderId, error) {
+	id, err := azure.ParseAzureResourceID(input)
+	if err != nil {
+		return nil, fmt.Errorf("parsing attestation ID %q: %+v", input, err)
+	}
+
+	attestationProvider := AttestationProviderId{
+		ResourceGroup: id.ResourceGroup,
+	}
+	if attestationProvider.Name, err = id.PopSegment("attestationProviders"); err != nil {
+		return nil, err
+	}
+	if err := id.ValidateNoEmptySegments(input); err != nil {
+		return nil, err
+	}
+
+	return &attestationProvider, nil
+}
diff --git a/azurerm/internal/services/attestation/parse/attestation_test.go b/azurerm/internal/services/attestation/parse/attestation_test.go
new file mode 100644
index 000000000000..69c5756ea4d9
--- /dev/null
+++ b/azurerm/internal/services/attestation/parse/attestation_test.go
@@ -0,0 +1,72 @@
+package parse
+
+import (
+	"testing"
+)
+
+func TestAttestationProviderID(t *testing.T) {
+	testData := []struct {
+		Name     string
+		Input    string
+		Expected *AttestationProviderId
+	}{
+		{
+			Name:     "Empty",
+			Input:    "",
+			Expected: nil,
+		},
+		{
+			Name:     "No Resource Groups Segment",
+			Input:    "/subscriptions/00000000-0000-0000-0000-000000000000",
+			Expected: nil,
+		},
+		{
+			Name:     "No Resource Groups Value",
+			Input:    "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/",
+			Expected: nil,
+		},
+		{
+			Name:     "Resource Group ID",
+			Input:    "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/foo/",
+			Expected: nil,
+		},
+		{
+			Name:     "Missing AttestationProvider Value",
+			Input:    "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Attestation/attestationProviders",
+			Expected: nil,
+		},
+		{
+			Name:  "attestation Provider ID",
+			Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Attestation/attestationProviders/provider1",
+			Expected: &AttestationProviderId{
+				ResourceGroup: "resourceGroup1",
+				Name:          "provider1",
+			},
+		},
+		{
+			Name:     "Wrong Casing",
+			Input:    "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Attestation/AttestationProviders/provider1",
+			Expected: nil,
+		},
+	}
+
+	for _, v := range testData {
+		t.Logf("[DEBUG] Testing %q..", v.Name)
+
+		actual, err := AttestationId(v.Input)
+		if err != nil {
+			if v.Expected == nil {
+				continue
+			}
+			t.Fatalf("Expected a value but got an error: %s", err)
+		}
+
+		if actual.ResourceGroup != v.Expected.ResourceGroup {
+			t.Fatalf("Expected %q but got %q for ResourceGroup", v.Expected.ResourceGroup, actual.ResourceGroup)
+		}
+
+		if actual.Name != v.Expected.Name {
+			t.Fatalf("Expected %q but got %q for Name", v.Expected.Name, actual.Name)
+		}
+	}
+}
diff --git a/azurerm/internal/services/attestation/registration.go b/azurerm/internal/services/attestation/registration.go
new file mode 100644
index 000000000000..02ec076ea35a
--- /dev/null
+++ b/azurerm/internal/services/attestation/registration.go
@@ -0,0 +1,31 @@
+package attestation
+
+import "github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+
+type Registration struct{}
+
+// Name is the name of this Service
+func (r Registration) Name() string {
+	return "Attestation"
+}
+
+// WebsiteCategories returns a list of categories which can be used for the sidebar
+func (r Registration) WebsiteCategories() []string {
+	return []string{
+		"Attestation",
+	}
+}
+
+// SupportedDataSources returns the supported Data Sources supported by this Service
+func (r Registration) SupportedDataSources() map[string]*schema.Resource {
+	return map[string]*schema.Resource{
+		"azurerm_attestation_provider": dataSourceAttestationProvider(),
+	}
+}
+
+// SupportedResources returns the supported Resources supported by this Service
+func (r Registration) SupportedResources() map[string]*schema.Resource {
+	return map[string]*schema.Resource{
+		"azurerm_attestation_provider": resourceArmAttestationProvider(),
+	}
+}
diff --git a/azurerm/internal/services/attestation/tests/attestation_data_source_test.go b/azurerm/internal/services/attestation/tests/attestation_data_source_test.go
new file mode 100644
index 000000000000..1a96f88cc3e3
--- /dev/null
+++ b/azurerm/internal/services/attestation/tests/attestation_data_source_test.go
@@ -0,0 +1,42 @@
+package tests
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance"
+)
+
+func TestAccDataSourceAzureRMAttestationProvider_basic(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_attestation_provider", "test")
+	randStr := strings.ToLower(acctest.RandString(10))
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMAttestationProviderDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAttestationProvider_basic(data, randStr),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMAttestationProviderExists(data.ResourceName),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAttestationProvider_basic(data acceptance.TestData, randStr string) string {
+	config := testAccAzureRMAttestationProvider_basic(data, randStr)
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_attestation_provider" "test" {
+  name                = azurerm_attestation_provider.test.name
+  resource_group_name = azurerm_attestation_provider.test.resource_group_name
+}
+`, config)
+}
diff --git a/azurerm/internal/services/attestation/tests/attestation_resource_test.go b/azurerm/internal/services/attestation/tests/attestation_resource_test.go
new file mode 100644
index 000000000000..371a62806e1d
--- /dev/null
+++ b/azurerm/internal/services/attestation/tests/attestation_resource_test.go
@@ -0,0 +1,320 @@
+package tests
+
+import (
+	"bytes"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"fmt"
+	"math/big"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/attestation/parse"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func TestAccAzureRMAttestationProvider_basic(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_attestation_provider", "test")
+	randStr := strings.ToLower(acctest.RandString(10))
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMAttestationProviderDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMAttestationProvider_basic(data, randStr),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMAttestationProviderExists(data.ResourceName),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
+func TestAccAzureRMAttestationProvider_requiresImport(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_attestation_provider", "test")
+	randStr := strings.ToLower(acctest.RandString(10))
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMAttestationProviderDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMAttestationProvider_basic(data, randStr),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMAttestationProviderExists(data.ResourceName),
+				),
+			},
+			data.RequiresImportErrorStep(testAccAzureRMAttestationProvider_requiresImport),
+		},
+	})
+}
+
+func TestAccAzureRMAttestationProvider_completeString(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_attestation_provider", "test")
+	randStr := strings.ToLower(acctest.RandString(10))
+	testCertificate, err := testAzureRMGenerateTestCertificate("ENCOM")
+	if err != nil {
+		t.Fatalf("Test case failed: '%+v'", err)
+	}
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMAttestationProviderDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMAttestationProvider_completeString(data, randStr, testCertificate),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMAttestationProviderExists(data.ResourceName),
+				),
+			},
+			// must ignore policy_signing_certificate since the API does not return these values
+			data.ImportStep("policy_signing_certificate"),
+		},
+	})
+}
+
+func TestAccAzureRMAttestationProvider_completeFile(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_attestation_provider", "test")
+	randStr := strings.ToLower(acctest.RandString(10))
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMAttestationProviderDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMAttestationProvider_completeFile(data, randStr),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMAttestationProviderExists(data.ResourceName),
+				),
+			},
+			// must ignore policy_signing_certificate since the API does not return these values
+			data.ImportStep("policy_signing_certificate"),
+		},
+	})
+}
+
+func TestAccAzureRMAttestationProvider_update(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_attestation_provider", "test")
+	randStr := strings.ToLower(acctest.RandString(10))
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMAttestationProviderDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMAttestationProvider_basic(data, randStr),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMAttestationProviderExists(data.ResourceName),
+				),
+			},
+			data.ImportStep(),
+			{
+				Config: testAccAzureRMAttestationProvider_update(data, randStr),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMAttestationProviderExists(data.ResourceName),
+				),
+			},
+			data.ImportStep(),
+			{
+				Config: testAccAzureRMAttestationProvider_basic(data, randStr),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMAttestationProviderExists(data.ResourceName),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
+func testCheckAzureRMAttestationProviderExists(resourceName string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		client := acceptance.AzureProvider.Meta().(*clients.Client).Attestation.ProviderClient
+		ctx := acceptance.AzureProvider.Meta().(*clients.Client).StopContext
+		rs, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("attestation AttestationProvider not found: %s", resourceName)
+		}
+		id, err := parse.AttestationId(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+		if resp, err := client.Get(ctx, id.ResourceGroup, id.Name); err != nil {
+			if !utils.ResponseWasNotFound(resp.Response) {
+				return fmt.Errorf("bad: Attestation Provider %q does not exist", id.Name)
+			}
+			return fmt.Errorf("bad: Get on Attestation.ProviderClient: %+v", err)
+		}
+		return nil
+	}
+}
+
+func testAzureRMGenerateTestCertificate(organization string) (string, error) {
+	privateKey, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
+	if err != nil {
+		return "", err
+	}
+
+	rawCert := x509.Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject: pkix.Name{
+			Organization: []string{organization},
+		},
+		NotBefore: time.Now(),
+		NotAfter:  time.Now().Add(time.Hour * 24 * 180),
+
+		KeyUsage:              x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+	}
+
+	certBytes, err := x509.CreateCertificate(rand.Reader, &rawCert, &rawCert, &privateKey.PublicKey, privateKey)
+	if err != nil {
+		return "", fmt.Errorf("unable to create test certificate: %+v", err)
+	}
+
+	encoded := &bytes.Buffer{}
+	if err := pem.Encode(encoded, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes}); err != nil {
+		return "", fmt.Errorf("unable to pem encode test certificate: %+v", err)
+	}
+
+	return encoded.String(), nil
+}
+
+func testCheckAzureRMAttestationProviderDestroy(s *terraform.State) error {
+	client := acceptance.AzureProvider.Meta().(*clients.Client).Attestation.ProviderClient
+	ctx := acceptance.AzureProvider.Meta().(*clients.Client).StopContext
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "azurerm_attestation_provider" {
+			continue
+		}
+		id, err := parse.AttestationId(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+		if resp, err := client.Get(ctx, id.ResourceGroup, id.Name); err != nil {
+			if !utils.ResponseWasNotFound(resp.Response) {
+				return fmt.Errorf("bad: Get on Attestation.ProviderClient: %+v", err)
+			}
+		}
+		return nil
+	}
+	return nil
+}
+
+// currently only supported in "East US 2", "West Central US" & "UK South"
+func testAccAzureRMAttestationProvider_template(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+// TODO: switch to using regular regions when this is supported
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-attestation-%d"
+  location = "%s"
+}
+`, data.RandomInteger, "uksouth")
+}
+
+func testAccAzureRMAttestationProvider_basic(data acceptance.TestData, randStr string) string {
+	template := testAccAzureRMAttestationProvider_template(data)
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_attestation_provider" "test" {
+  name                = "acctestap%s"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+}
+`, template, randStr)
+}
+
+func testAccAzureRMAttestationProvider_update(data acceptance.TestData, randStr string) string {
+	template := testAccAzureRMAttestationProvider_template(data)
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_attestation_provider" "test" {
+  name                = "acctestap%s"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+
+  tags = {
+    ENV = "Test"
+  }
+}
+`, template, randStr)
+}
+
+func testAccAzureRMAttestationProvider_requiresImport(data acceptance.TestData) string {
+	randStr := strings.ToLower(acctest.RandString(10))
+	config := testAccAzureRMAttestationProvider_basic(data, randStr)
+
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_attestation_provider" "import" {
+  name                = azurerm_attestation_provider.test.name
+  resource_group_name = azurerm_attestation_provider.test.resource_group_name
+  location            = azurerm_attestation_provider.test.location
+}
+`, config)
+}
+
+func testAccAzureRMAttestationProvider_completeString(data acceptance.TestData, randStr string, testCertificate string) string {
+	template := testAccAzureRMAttestationProvider_template(data)
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_attestation_provider" "test" {
+  name                = "acctestap%s"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+
+  policy_signing_certificate_data = <<EOT
+%s
+EOT
+
+  tags = {
+    ENV = "Test"
+  }
+}
+`, template, randStr, testCertificate)
+}
+
+func testAccAzureRMAttestationProvider_completeFile(data acceptance.TestData, randStr string) string {
+	template := testAccAzureRMAttestationProvider_template(data)
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_attestation_provider" "test" {
+  name                = "acctestap%s"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+
+  policy_signing_certificate_data = file("testdata/cert.pem")
+
+  tags = {
+    ENV = "Test"
+  }
+}
+`, template, randStr)
+}
diff --git a/azurerm/internal/services/attestation/tests/testdata/cert.pem b/azurerm/internal/services/attestation/tests/testdata/cert.pem
new file mode 100644
index 000000000000..4304f4b3a7f8
--- /dev/null
+++ b/azurerm/internal/services/attestation/tests/testdata/cert.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBzDCCAS2gAwIBAgIBATAKBggqhkjOPQQDBDAQMQ4wDAYDVQQKEwVFTkNPTTAe
+Fw0wOTExMTAyMzAwMDBaFw0xMDA1MDkyMzAwMDBaMBAxDjAMBgNVBAoTBUVOQ09N
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBAqCuRox5N3MTU8wTuIeIBXF7iMnh
+ntqmGVKQ0hfQFDQGv+Lyduo7JPqFp/Y2jlXSdNrAdz5WxbrY+kDxIpkBQtIAkIDD
+ZVmTueq3ZDAfcGdENnzNJVCaPlHXJLvEEINcoJkUO++cVyywdreVJc67vhNx1TdX
+V3pp7f+RbOmNKbnVRByjNTAzMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggr
+BgEFBQcDATAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMEA4GMADCBiAJCAbbb7svI
+5tuhCyA3jQTSgA8zpvk0YWNXkZ07xzdV8jdMMumCaW9ycEIqJ5KSquuPhUw9oekz
+B51daybV1VQXVVdVAkIA+kMMSJzwtzHqNAUTmiZPcg7H8v1ASl4tR6lpKTpUPY2X
+lXOCt2Yf4dsFsijuvzbJBdx75d4Ef5TRHPcg+PHNZgg=
+-----END CERTIFICATE-----
diff --git a/azurerm/internal/services/attestation/validate/attestation.go b/azurerm/internal/services/attestation/validate/attestation.go
new file mode 100644
index 000000000000..106d6adbdb26
--- /dev/null
+++ b/azurerm/internal/services/attestation/validate/attestation.go
@@ -0,0 +1,34 @@
+package validate
+
+import (
+	"encoding/pem"
+	"fmt"
+	"regexp"
+)
+
+func AttestationName(i interface{}, k string) (warning []string, errors []error) {
+	v, ok := i.(string)
+	if !ok {
+		return nil, append(errors, fmt.Errorf("expected type of %s to be string", k))
+	}
+
+	if !regexp.MustCompile(`^[a-z\d]{3,24}\z`).MatchString(v) {
+		errors = append(errors, fmt.Errorf("%s must be between 3 and 24 characters in length and use numbers and lower-case letters only.", k))
+	}
+
+	return
+}
+
+func IsCert(i interface{}, k string) (warning []string, errors []error) {
+	v, ok := i.(string)
+	if !ok {
+		return nil, append(errors, fmt.Errorf("expected type of %s to be string", k))
+	}
+
+	block, _ := pem.Decode([]byte(v))
+	if block == nil {
+		errors = append(errors, fmt.Errorf("%s is an invalid X.509 certificate", k))
+	}
+
+	return
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/client.go b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/client.go
new file mode 100644
index 000000000000..8a645a846a69
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/client.go
@@ -0,0 +1,53 @@
+// Package attestation implements the Azure ARM Attestation service API version 2018-09-01-preview.
+//
+// Various APIs for managing resources in attestation service. This primarily encompasses per-tenant instance
+// management.
+package attestation
+
+// Copyright (c) Microsoft and contributors.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+import (
+	"github.com/Azure/go-autorest/autorest"
+)
+
+const (
+	// DefaultBaseURI is the default URI used for the service Attestation
+	DefaultBaseURI = "https://management.azure.com"
+)
+
+// BaseClient is the base client for Attestation.
+type BaseClient struct {
+	autorest.Client
+	BaseURI        string
+	SubscriptionID string
+}
+
+// New creates an instance of the BaseClient client.
+func New(subscriptionID string) BaseClient {
+	return NewWithBaseURI(DefaultBaseURI, subscriptionID)
+}
+
+// NewWithBaseURI creates an instance of the BaseClient client using a custom endpoint.  Use this when interacting with
+// an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
+func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient {
+	return BaseClient{
+		Client:         autorest.NewClientWithUserAgent(UserAgent()),
+		BaseURI:        baseURI,
+		SubscriptionID: subscriptionID,
+	}
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/models.go b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/models.go
new file mode 100644
index 000000000000..45035577fea1
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/models.go
@@ -0,0 +1,382 @@
+package attestation
+
+// Copyright (c) Microsoft and contributors.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+import (
+	"encoding/json"
+	"github.com/Azure/go-autorest/autorest"
+)
+
+// The package's fully qualified name.
+const fqdn = "github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation"
+
+// ServiceStatus enumerates the values for service status.
+type ServiceStatus string
+
+const (
+	// Error ...
+	Error ServiceStatus = "Error"
+	// NotReady ...
+	NotReady ServiceStatus = "NotReady"
+	// Ready ...
+	Ready ServiceStatus = "Ready"
+)
+
+// PossibleServiceStatusValues returns an array of possible values for the ServiceStatus const type.
+func PossibleServiceStatusValues() []ServiceStatus {
+	return []ServiceStatus{Error, NotReady, Ready}
+}
+
+// AzureEntityResource the resource model definition for a Azure Resource Manager resource with an etag.
+type AzureEntityResource struct {
+	// Etag - READ-ONLY; Resource Etag.
+	Etag *string `json:"etag,omitempty"`
+	// ID - READ-ONLY; Fully qualified resource Id for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
+	ID *string `json:"id,omitempty"`
+	// Name - READ-ONLY; The name of the resource
+	Name *string `json:"name,omitempty"`
+	// Type - READ-ONLY; The type of the resource. Ex- Microsoft.Compute/virtualMachines or Microsoft.Storage/storageAccounts.
+	Type *string `json:"type,omitempty"`
+}
+
+// CloudError an error response from Attestation.
+type CloudError struct {
+	Error *CloudErrorBody `json:"error,omitempty"`
+}
+
+// CloudErrorBody an error response from Attestation.
+type CloudErrorBody struct {
+	// Code - An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
+	Code *string `json:"code,omitempty"`
+	// Message - A message describing the error, intended to be suitable for displaying in a user interface.
+	Message *string `json:"message,omitempty"`
+}
+
+// JSONWebKey ...
+type JSONWebKey struct {
+	// Alg - The "alg" (algorithm) parameter identifies the algorithm intended for
+	// use with the key.  The values used should either be registered in the
+	// IANA "JSON Web Signature and Encryption Algorithms" registry
+	// established by [JWA] or be a value that contains a Collision-
+	// Resistant Name.
+	Alg *string `json:"alg,omitempty"`
+	// Crv - The "crv" (curve) parameter identifies the curve type
+	Crv *string `json:"crv,omitempty"`
+	// D - RSA private exponent or ECC private key
+	D *string `json:"d,omitempty"`
+	// Dp - RSA Private Key Parameter
+	Dp *string `json:"dp,omitempty"`
+	// Dq - RSA Private Key Parameter
+	Dq *string `json:"dq,omitempty"`
+	// E - RSA public exponent, in Base64
+	E *string `json:"e,omitempty"`
+	// K - Symmetric key
+	K *string `json:"k,omitempty"`
+	// Kid - The "kid" (key ID) parameter is used to match a specific key.  This
+	// is used, for instance, to choose among a set of keys within a JWK Set
+	// during key rollover.  The structure of the "kid" value is
+	// unspecified.  When "kid" values are used within a JWK Set, different
+	// keys within the JWK Set SHOULD use distinct "kid" values.  (One
+	// example in which different keys might use the same "kid" value is if
+	// they have different "kty" (key type) values but are considered to be
+	// equivalent alternatives by the application using them.)  The "kid"
+	// value is a case-sensitive string.
+	Kid *string `json:"kid,omitempty"`
+	// Kty - The "kty" (key type) parameter identifies the cryptographic algorithm
+	// family used with the key, such as "RSA" or "EC". "kty" values should
+	// either be registered in the IANA "JSON Web Key Types" registry
+	// established by [JWA] or be a value that contains a Collision-
+	// Resistant Name.  The "kty" value is a case-sensitive string.
+	Kty *string `json:"kty,omitempty"`
+	// N - RSA modulus, in Base64
+	N *string `json:"n,omitempty"`
+	// P - RSA secret prime
+	P *string `json:"p,omitempty"`
+	// Q - RSA secret prime, with p < q
+	Q *string `json:"q,omitempty"`
+	// Qi - RSA Private Key Parameter
+	Qi *string `json:"qi,omitempty"`
+	// Use - Use ("public key use") identifies the intended use of
+	// the public key. The "use" parameter is employed to indicate whether
+	// a public key is used for encrypting data or verifying the signature
+	// on data. Values are commonly "sig" (signature) or "enc" (encryption).
+	Use *string `json:"use,omitempty"`
+	// X - X coordinate for the Elliptic Curve point
+	X *string `json:"x,omitempty"`
+	// X5c - The "x5c" (X.509 certificate chain) parameter contains a chain of one
+	// or more PKIX certificates [RFC5280].  The certificate chain is
+	// represented as a JSON array of certificate value strings.  Each
+	// string in the array is a base64-encoded (Section 4 of [RFC4648] --
+	// not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
+	// The PKIX certificate containing the key value MUST be the first
+	// certificate.
+	X5c *[]string `json:"x5c,omitempty"`
+	// Y - Y coordinate for the Elliptic Curve point
+	Y *string `json:"y,omitempty"`
+}
+
+// JSONWebKeySet ...
+type JSONWebKeySet struct {
+	// Keys - The value of the "keys" parameter is an array of JWK values.  By
+	// default, the order of the JWK values within the array does not imply
+	// an order of preference among them, although applications of JWK Sets
+	// can choose to assign a meaning to the order for their purposes, if
+	// desired.
+	Keys *[]JSONWebKey `json:"keys,omitempty"`
+}
+
+// OperationList list of supported operations.
+type OperationList struct {
+	autorest.Response `json:"-"`
+	// Value - List of supported operations.
+	Value *[]OperationsDefinition `json:"value,omitempty"`
+}
+
+// OperationsDefinition definition object with the name and properties of an operation.
+type OperationsDefinition struct {
+	// Name - Name of the operation.
+	Name *string `json:"name,omitempty"`
+	// Display - Display object with properties of the operation.
+	Display *OperationsDisplayDefinition `json:"display,omitempty"`
+}
+
+// OperationsDisplayDefinition display object with properties of the operation.
+type OperationsDisplayDefinition struct {
+	// Provider - Resource provider of the operation.
+	Provider *string `json:"provider,omitempty"`
+	// Resource - Resource for the operation.
+	Resource *string `json:"resource,omitempty"`
+	// Operation - Short description of the operation.
+	Operation *string `json:"operation,omitempty"`
+	// Description - Description of the operation.
+	Description *string `json:"description,omitempty"`
+}
+
+// Provider attestation service response message.
+type Provider struct {
+	autorest.Response `json:"-"`
+	// StatusResult - Describes Attestation service status.
+	*StatusResult `json:"properties,omitempty"`
+	// Tags - Resource tags.
+	Tags map[string]*string `json:"tags"`
+	// Location - The geo-location where the resource lives
+	Location *string `json:"location,omitempty"`
+	// ID - READ-ONLY; Fully qualified resource Id for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
+	ID *string `json:"id,omitempty"`
+	// Name - READ-ONLY; The name of the resource
+	Name *string `json:"name,omitempty"`
+	// Type - READ-ONLY; The type of the resource. Ex- Microsoft.Compute/virtualMachines or Microsoft.Storage/storageAccounts.
+	Type *string `json:"type,omitempty"`
+}
+
+// MarshalJSON is the custom marshaler for Provider.
+func (p Provider) MarshalJSON() ([]byte, error) {
+	objectMap := make(map[string]interface{})
+	if p.StatusResult != nil {
+		objectMap["properties"] = p.StatusResult
+	}
+	if p.Tags != nil {
+		objectMap["tags"] = p.Tags
+	}
+	if p.Location != nil {
+		objectMap["location"] = p.Location
+	}
+	return json.Marshal(objectMap)
+}
+
+// UnmarshalJSON is the custom unmarshaler for Provider struct.
+func (p *Provider) UnmarshalJSON(body []byte) error {
+	var m map[string]*json.RawMessage
+	err := json.Unmarshal(body, &m)
+	if err != nil {
+		return err
+	}
+	for k, v := range m {
+		switch k {
+		case "properties":
+			if v != nil {
+				var statusResult StatusResult
+				err = json.Unmarshal(*v, &statusResult)
+				if err != nil {
+					return err
+				}
+				p.StatusResult = &statusResult
+			}
+		case "tags":
+			if v != nil {
+				var tags map[string]*string
+				err = json.Unmarshal(*v, &tags)
+				if err != nil {
+					return err
+				}
+				p.Tags = tags
+			}
+		case "location":
+			if v != nil {
+				var location string
+				err = json.Unmarshal(*v, &location)
+				if err != nil {
+					return err
+				}
+				p.Location = &location
+			}
+		case "id":
+			if v != nil {
+				var ID string
+				err = json.Unmarshal(*v, &ID)
+				if err != nil {
+					return err
+				}
+				p.ID = &ID
+			}
+		case "name":
+			if v != nil {
+				var name string
+				err = json.Unmarshal(*v, &name)
+				if err != nil {
+					return err
+				}
+				p.Name = &name
+			}
+		case "type":
+			if v != nil {
+				var typeVar string
+				err = json.Unmarshal(*v, &typeVar)
+				if err != nil {
+					return err
+				}
+				p.Type = &typeVar
+			}
+		}
+	}
+
+	return nil
+}
+
+// ProviderListResult attestation Providers List.
+type ProviderListResult struct {
+	autorest.Response `json:"-"`
+	// Value - Attestation Provider array.
+	Value *[]Provider `json:"value,omitempty"`
+}
+
+// ProxyResource the resource model definition for a ARM proxy resource. It will have everything other than
+// required location and tags
+type ProxyResource struct {
+	// ID - READ-ONLY; Fully qualified resource Id for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
+	ID *string `json:"id,omitempty"`
+	// Name - READ-ONLY; The name of the resource
+	Name *string `json:"name,omitempty"`
+	// Type - READ-ONLY; The type of the resource. Ex- Microsoft.Compute/virtualMachines or Microsoft.Storage/storageAccounts.
+	Type *string `json:"type,omitempty"`
+}
+
+// Resource ...
+type Resource struct {
+	// ID - READ-ONLY; Fully qualified resource Id for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
+	ID *string `json:"id,omitempty"`
+	// Name - READ-ONLY; The name of the resource
+	Name *string `json:"name,omitempty"`
+	// Type - READ-ONLY; The type of the resource. Ex- Microsoft.Compute/virtualMachines or Microsoft.Storage/storageAccounts.
+	Type *string `json:"type,omitempty"`
+}
+
+// ServiceCreationParams parameters for creating an attestation service instance
+type ServiceCreationParams struct {
+	// Location - The supported Azure location where the attestation service instance should be created.
+	Location *string `json:"location,omitempty"`
+	// Tags - The tags that will be assigned to the attestation service instance.
+	Tags map[string]*string `json:"tags"`
+	// Properties - Properties of the attestation service instance
+	Properties *ServiceCreationSpecificParams `json:"properties,omitempty"`
+}
+
+// MarshalJSON is the custom marshaler for ServiceCreationParams.
+func (scp ServiceCreationParams) MarshalJSON() ([]byte, error) {
+	objectMap := make(map[string]interface{})
+	if scp.Location != nil {
+		objectMap["location"] = scp.Location
+	}
+	if scp.Tags != nil {
+		objectMap["tags"] = scp.Tags
+	}
+	if scp.Properties != nil {
+		objectMap["properties"] = scp.Properties
+	}
+	return json.Marshal(objectMap)
+}
+
+// ServiceCreationSpecificParams client supplied parameters used to create a new attestation service
+// instance.
+type ServiceCreationSpecificParams struct {
+	// AttestationPolicy - Name of attestation policy.
+	AttestationPolicy *string `json:"attestationPolicy,omitempty"`
+	// PolicySigningCertificates - JSON Web Key Set defining a set of X.509 Certificates that will represent the parent certificate for the signing certificate used for policy operations
+	PolicySigningCertificates *JSONWebKeySet `json:"policySigningCertificates,omitempty"`
+}
+
+// ServicePatchParams parameters for patching an attestation service instance
+type ServicePatchParams struct {
+	// Tags - The tags that will be assigned to the attestation service instance.
+	Tags map[string]*string `json:"tags"`
+}
+
+// MarshalJSON is the custom marshaler for ServicePatchParams.
+func (spp ServicePatchParams) MarshalJSON() ([]byte, error) {
+	objectMap := make(map[string]interface{})
+	if spp.Tags != nil {
+		objectMap["tags"] = spp.Tags
+	}
+	return json.Marshal(objectMap)
+}
+
+// StatusResult status of attestation service.
+type StatusResult struct {
+	// TrustModel - Trust model for the attestation service instance.
+	TrustModel *string `json:"trustModel,omitempty"`
+	// Status - Status of attestation service. Possible values include: 'Ready', 'NotReady', 'Error'
+	Status ServiceStatus `json:"status,omitempty"`
+	// AttestURI - Gets the uri of attestation service
+	AttestURI *string `json:"attestUri,omitempty"`
+}
+
+// TrackedResource the resource model definition for a ARM tracked top level resource
+type TrackedResource struct {
+	// Tags - Resource tags.
+	Tags map[string]*string `json:"tags"`
+	// Location - The geo-location where the resource lives
+	Location *string `json:"location,omitempty"`
+	// ID - READ-ONLY; Fully qualified resource Id for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
+	ID *string `json:"id,omitempty"`
+	// Name - READ-ONLY; The name of the resource
+	Name *string `json:"name,omitempty"`
+	// Type - READ-ONLY; The type of the resource. Ex- Microsoft.Compute/virtualMachines or Microsoft.Storage/storageAccounts.
+	Type *string `json:"type,omitempty"`
+}
+
+// MarshalJSON is the custom marshaler for TrackedResource.
+func (tr TrackedResource) MarshalJSON() ([]byte, error) {
+	objectMap := make(map[string]interface{})
+	if tr.Tags != nil {
+		objectMap["tags"] = tr.Tags
+	}
+	if tr.Location != nil {
+		objectMap["location"] = tr.Location
+	}
+	return json.Marshal(objectMap)
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/operations.go b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/operations.go
new file mode 100644
index 000000000000..cb5fa926d9a3
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/operations.go
@@ -0,0 +1,109 @@
+package attestation
+
+// Copyright (c) Microsoft and contributors.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+import (
+	"context"
+	"github.com/Azure/go-autorest/autorest"
+	"github.com/Azure/go-autorest/autorest/azure"
+	"github.com/Azure/go-autorest/tracing"
+	"net/http"
+)
+
+// OperationsClient is the various APIs for managing resources in attestation service. This primarily encompasses
+// per-tenant instance management.
+type OperationsClient struct {
+	BaseClient
+}
+
+// NewOperationsClient creates an instance of the OperationsClient client.
+func NewOperationsClient(subscriptionID string) OperationsClient {
+	return NewOperationsClientWithBaseURI(DefaultBaseURI, subscriptionID)
+}
+
+// NewOperationsClientWithBaseURI creates an instance of the OperationsClient client using a custom endpoint.  Use this
+// when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
+func NewOperationsClientWithBaseURI(baseURI string, subscriptionID string) OperationsClient {
+	return OperationsClient{NewWithBaseURI(baseURI, subscriptionID)}
+}
+
+// List lists all of the available Azure attestation operations.
+func (client OperationsClient) List(ctx context.Context) (result OperationList, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/OperationsClient.List")
+		defer func() {
+			sc := -1
+			if result.Response.Response != nil {
+				sc = result.Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	req, err := client.ListPreparer(ctx)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.OperationsClient", "List", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.ListSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "attestation.OperationsClient", "List", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.ListResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.OperationsClient", "List", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// ListPreparer prepares the List request.
+func (client OperationsClient) ListPreparer(ctx context.Context) (*http.Request, error) {
+	const APIVersion = "2018-09-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPath("/providers/Microsoft.Attestation/operations"),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// ListSender sends the List request. The method will close the
+// http.Response Body if it receives an error.
+func (client OperationsClient) ListSender(req *http.Request) (*http.Response, error) {
+	return client.Send(req, autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...))
+}
+
+// ListResponder handles the response to the List request. The method always
+// closes the http.Response Body.
+func (client OperationsClient) ListResponder(resp *http.Response) (result OperationList, err error) {
+	err = autorest.Respond(
+		resp,
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/providers.go b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/providers.go
new file mode 100644
index 000000000000..d5165a91dbe4
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/providers.go
@@ -0,0 +1,708 @@
+package attestation
+
+// Copyright (c) Microsoft and contributors.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+import (
+	"context"
+	"github.com/Azure/go-autorest/autorest"
+	"github.com/Azure/go-autorest/autorest/azure"
+	"github.com/Azure/go-autorest/autorest/validation"
+	"github.com/Azure/go-autorest/tracing"
+	"net/http"
+)
+
+// ProvidersClient is the various APIs for managing resources in attestation service. This primarily encompasses
+// per-tenant instance management.
+type ProvidersClient struct {
+	BaseClient
+}
+
+// NewProvidersClient creates an instance of the ProvidersClient client.
+func NewProvidersClient(subscriptionID string) ProvidersClient {
+	return NewProvidersClientWithBaseURI(DefaultBaseURI, subscriptionID)
+}
+
+// NewProvidersClientWithBaseURI creates an instance of the ProvidersClient client using a custom endpoint.  Use this
+// when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
+func NewProvidersClientWithBaseURI(baseURI string, subscriptionID string) ProvidersClient {
+	return ProvidersClient{NewWithBaseURI(baseURI, subscriptionID)}
+}
+
+// Create creates or updates the Attestation Provider.
+// Parameters:
+// resourceGroupName - the name of the resource group. The name is case insensitive.
+// providerName - name of the attestation service
+// creationParams - client supplied parameters.
+func (client ProvidersClient) Create(ctx context.Context, resourceGroupName string, providerName string, creationParams ServiceCreationParams) (result Provider, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/ProvidersClient.Create")
+		defer func() {
+			sc := -1
+			if result.Response.Response != nil {
+				sc = result.Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	if err := validation.Validate([]validation.Validation{
+		{TargetValue: client.SubscriptionID,
+			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.MinLength, Rule: 1, Chain: nil}}},
+		{TargetValue: resourceGroupName,
+			Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}},
+		{TargetValue: creationParams,
+			Constraints: []validation.Constraint{{Target: "creationParams.Location", Name: validation.Null, Rule: true, Chain: nil},
+				{Target: "creationParams.Properties", Name: validation.Null, Rule: true, Chain: nil}}}}); err != nil {
+		return result, validation.NewError("attestation.ProvidersClient", "Create", err.Error())
+	}
+
+	req, err := client.CreatePreparer(ctx, resourceGroupName, providerName, creationParams)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "Create", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.CreateSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "Create", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.CreateResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "Create", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// CreatePreparer prepares the Create request.
+func (client ProvidersClient) CreatePreparer(ctx context.Context, resourceGroupName string, providerName string, creationParams ServiceCreationParams) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"providerName":      autorest.Encode("path", providerName),
+		"resourceGroupName": autorest.Encode("path", resourceGroupName),
+		"subscriptionId":    autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2018-09-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsContentType("application/json; charset=utf-8"),
+		autorest.AsPut(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Attestation/attestationProviders/{providerName}", pathParameters),
+		autorest.WithJSON(creationParams),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// CreateSender sends the Create request. The method will close the
+// http.Response Body if it receives an error.
+func (client ProvidersClient) CreateSender(req *http.Request) (*http.Response, error) {
+	return client.Send(req, azure.DoRetryWithRegistration(client.Client))
+}
+
+// CreateResponder handles the response to the Create request. The method always
+// closes the http.Response Body.
+func (client ProvidersClient) CreateResponder(resp *http.Response) (result Provider, err error) {
+	err = autorest.Respond(
+		resp,
+		azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// Delete delete Attestation Service.
+// Parameters:
+// resourceGroupName - the name of the resource group. The name is case insensitive.
+// providerName - name of the attestation service
+func (client ProvidersClient) Delete(ctx context.Context, resourceGroupName string, providerName string) (result autorest.Response, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/ProvidersClient.Delete")
+		defer func() {
+			sc := -1
+			if result.Response != nil {
+				sc = result.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	if err := validation.Validate([]validation.Validation{
+		{TargetValue: client.SubscriptionID,
+			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.MinLength, Rule: 1, Chain: nil}}},
+		{TargetValue: resourceGroupName,
+			Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}}); err != nil {
+		return result, validation.NewError("attestation.ProvidersClient", "Delete", err.Error())
+	}
+
+	req, err := client.DeletePreparer(ctx, resourceGroupName, providerName)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "Delete", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.DeleteSender(req)
+	if err != nil {
+		result.Response = resp
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "Delete", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.DeleteResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "Delete", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// DeletePreparer prepares the Delete request.
+func (client ProvidersClient) DeletePreparer(ctx context.Context, resourceGroupName string, providerName string) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"providerName":      autorest.Encode("path", providerName),
+		"resourceGroupName": autorest.Encode("path", resourceGroupName),
+		"subscriptionId":    autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2018-09-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsDelete(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Attestation/attestationProviders/{providerName}", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// DeleteSender sends the Delete request. The method will close the
+// http.Response Body if it receives an error.
+func (client ProvidersClient) DeleteSender(req *http.Request) (*http.Response, error) {
+	return client.Send(req, azure.DoRetryWithRegistration(client.Client))
+}
+
+// DeleteResponder handles the response to the Delete request. The method always
+// closes the http.Response Body.
+func (client ProvidersClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) {
+	err = autorest.Respond(
+		resp,
+		azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusAccepted, http.StatusNoContent),
+		autorest.ByClosing())
+	result.Response = resp
+	return
+}
+
+// Get get the status of Attestation Provider.
+// Parameters:
+// resourceGroupName - the name of the resource group. The name is case insensitive.
+// providerName - name of the attestation service instance
+func (client ProvidersClient) Get(ctx context.Context, resourceGroupName string, providerName string) (result Provider, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/ProvidersClient.Get")
+		defer func() {
+			sc := -1
+			if result.Response.Response != nil {
+				sc = result.Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	if err := validation.Validate([]validation.Validation{
+		{TargetValue: client.SubscriptionID,
+			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.MinLength, Rule: 1, Chain: nil}}},
+		{TargetValue: resourceGroupName,
+			Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}}); err != nil {
+		return result, validation.NewError("attestation.ProvidersClient", "Get", err.Error())
+	}
+
+	req, err := client.GetPreparer(ctx, resourceGroupName, providerName)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "Get", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.GetSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "Get", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.GetResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "Get", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// GetPreparer prepares the Get request.
+func (client ProvidersClient) GetPreparer(ctx context.Context, resourceGroupName string, providerName string) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"providerName":      autorest.Encode("path", providerName),
+		"resourceGroupName": autorest.Encode("path", resourceGroupName),
+		"subscriptionId":    autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2018-09-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Attestation/attestationProviders/{providerName}", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// GetSender sends the Get request. The method will close the
+// http.Response Body if it receives an error.
+func (client ProvidersClient) GetSender(req *http.Request) (*http.Response, error) {
+	return client.Send(req, azure.DoRetryWithRegistration(client.Client))
+}
+
+// GetResponder handles the response to the Get request. The method always
+// closes the http.Response Body.
+func (client ProvidersClient) GetResponder(resp *http.Response) (result Provider, err error) {
+	err = autorest.Respond(
+		resp,
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// GetDefaultByLocation get the default provider by location.
+// Parameters:
+// location - the location of the default provider.
+func (client ProvidersClient) GetDefaultByLocation(ctx context.Context, location string) (result Provider, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/ProvidersClient.GetDefaultByLocation")
+		defer func() {
+			sc := -1
+			if result.Response.Response != nil {
+				sc = result.Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	if err := validation.Validate([]validation.Validation{
+		{TargetValue: location,
+			Constraints: []validation.Constraint{{Target: "location", Name: validation.MinLength, Rule: 1, Chain: nil}}},
+		{TargetValue: client.SubscriptionID,
+			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil {
+		return result, validation.NewError("attestation.ProvidersClient", "GetDefaultByLocation", err.Error())
+	}
+
+	req, err := client.GetDefaultByLocationPreparer(ctx, location)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "GetDefaultByLocation", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.GetDefaultByLocationSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "GetDefaultByLocation", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.GetDefaultByLocationResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "GetDefaultByLocation", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// GetDefaultByLocationPreparer prepares the GetDefaultByLocation request.
+func (client ProvidersClient) GetDefaultByLocationPreparer(ctx context.Context, location string) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"location":       autorest.Encode("path", location),
+		"subscriptionId": autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2018-09-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/providers/Microsoft.Attestation/locations/{location}/defaultProvider", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// GetDefaultByLocationSender sends the GetDefaultByLocation request. The method will close the
+// http.Response Body if it receives an error.
+func (client ProvidersClient) GetDefaultByLocationSender(req *http.Request) (*http.Response, error) {
+	return client.Send(req, azure.DoRetryWithRegistration(client.Client))
+}
+
+// GetDefaultByLocationResponder handles the response to the GetDefaultByLocation request. The method always
+// closes the http.Response Body.
+func (client ProvidersClient) GetDefaultByLocationResponder(resp *http.Response) (result Provider, err error) {
+	err = autorest.Respond(
+		resp,
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// List returns a list of attestation providers in a subscription.
+func (client ProvidersClient) List(ctx context.Context) (result ProviderListResult, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/ProvidersClient.List")
+		defer func() {
+			sc := -1
+			if result.Response.Response != nil {
+				sc = result.Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	if err := validation.Validate([]validation.Validation{
+		{TargetValue: client.SubscriptionID,
+			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil {
+		return result, validation.NewError("attestation.ProvidersClient", "List", err.Error())
+	}
+
+	req, err := client.ListPreparer(ctx)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "List", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.ListSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "List", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.ListResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "List", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// ListPreparer prepares the List request.
+func (client ProvidersClient) ListPreparer(ctx context.Context) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"subscriptionId": autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2018-09-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/providers/Microsoft.Attestation/attestationProviders", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// ListSender sends the List request. The method will close the
+// http.Response Body if it receives an error.
+func (client ProvidersClient) ListSender(req *http.Request) (*http.Response, error) {
+	return client.Send(req, azure.DoRetryWithRegistration(client.Client))
+}
+
+// ListResponder handles the response to the List request. The method always
+// closes the http.Response Body.
+func (client ProvidersClient) ListResponder(resp *http.Response) (result ProviderListResult, err error) {
+	err = autorest.Respond(
+		resp,
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// ListByResourceGroup returns attestation providers list in a resource group.
+// Parameters:
+// resourceGroupName - the name of the resource group. The name is case insensitive.
+func (client ProvidersClient) ListByResourceGroup(ctx context.Context, resourceGroupName string) (result ProviderListResult, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/ProvidersClient.ListByResourceGroup")
+		defer func() {
+			sc := -1
+			if result.Response.Response != nil {
+				sc = result.Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	if err := validation.Validate([]validation.Validation{
+		{TargetValue: resourceGroupName,
+			Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}},
+		{TargetValue: client.SubscriptionID,
+			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil {
+		return result, validation.NewError("attestation.ProvidersClient", "ListByResourceGroup", err.Error())
+	}
+
+	req, err := client.ListByResourceGroupPreparer(ctx, resourceGroupName)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "ListByResourceGroup", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.ListByResourceGroupSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "ListByResourceGroup", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.ListByResourceGroupResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "ListByResourceGroup", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// ListByResourceGroupPreparer prepares the ListByResourceGroup request.
+func (client ProvidersClient) ListByResourceGroupPreparer(ctx context.Context, resourceGroupName string) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"resourceGroupName": autorest.Encode("path", resourceGroupName),
+		"subscriptionId":    autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2018-09-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Attestation/attestationProviders", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// ListByResourceGroupSender sends the ListByResourceGroup request. The method will close the
+// http.Response Body if it receives an error.
+func (client ProvidersClient) ListByResourceGroupSender(req *http.Request) (*http.Response, error) {
+	return client.Send(req, azure.DoRetryWithRegistration(client.Client))
+}
+
+// ListByResourceGroupResponder handles the response to the ListByResourceGroup request. The method always
+// closes the http.Response Body.
+func (client ProvidersClient) ListByResourceGroupResponder(resp *http.Response) (result ProviderListResult, err error) {
+	err = autorest.Respond(
+		resp,
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// ListDefault get the default provider
+func (client ProvidersClient) ListDefault(ctx context.Context) (result ProviderListResult, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/ProvidersClient.ListDefault")
+		defer func() {
+			sc := -1
+			if result.Response.Response != nil {
+				sc = result.Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	if err := validation.Validate([]validation.Validation{
+		{TargetValue: client.SubscriptionID,
+			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil {
+		return result, validation.NewError("attestation.ProvidersClient", "ListDefault", err.Error())
+	}
+
+	req, err := client.ListDefaultPreparer(ctx)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "ListDefault", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.ListDefaultSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "ListDefault", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.ListDefaultResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "ListDefault", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// ListDefaultPreparer prepares the ListDefault request.
+func (client ProvidersClient) ListDefaultPreparer(ctx context.Context) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"subscriptionId": autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2018-09-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/providers/Microsoft.Attestation/defaultProviders", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// ListDefaultSender sends the ListDefault request. The method will close the
+// http.Response Body if it receives an error.
+func (client ProvidersClient) ListDefaultSender(req *http.Request) (*http.Response, error) {
+	return client.Send(req, azure.DoRetryWithRegistration(client.Client))
+}
+
+// ListDefaultResponder handles the response to the ListDefault request. The method always
+// closes the http.Response Body.
+func (client ProvidersClient) ListDefaultResponder(resp *http.Response) (result ProviderListResult, err error) {
+	err = autorest.Respond(
+		resp,
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// Update updates the Attestation Provider.
+// Parameters:
+// resourceGroupName - the name of the resource group. The name is case insensitive.
+// providerName - name of the attestation service
+// updateParams - client supplied parameters.
+func (client ProvidersClient) Update(ctx context.Context, resourceGroupName string, providerName string, updateParams ServicePatchParams) (result Provider, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/ProvidersClient.Update")
+		defer func() {
+			sc := -1
+			if result.Response.Response != nil {
+				sc = result.Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	if err := validation.Validate([]validation.Validation{
+		{TargetValue: client.SubscriptionID,
+			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.MinLength, Rule: 1, Chain: nil}}},
+		{TargetValue: resourceGroupName,
+			Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}}); err != nil {
+		return result, validation.NewError("attestation.ProvidersClient", "Update", err.Error())
+	}
+
+	req, err := client.UpdatePreparer(ctx, resourceGroupName, providerName, updateParams)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "Update", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.UpdateSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "Update", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.UpdateResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "attestation.ProvidersClient", "Update", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// UpdatePreparer prepares the Update request.
+func (client ProvidersClient) UpdatePreparer(ctx context.Context, resourceGroupName string, providerName string, updateParams ServicePatchParams) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"providerName":      autorest.Encode("path", providerName),
+		"resourceGroupName": autorest.Encode("path", resourceGroupName),
+		"subscriptionId":    autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2018-09-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsContentType("application/json; charset=utf-8"),
+		autorest.AsPatch(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Attestation/attestationProviders/{providerName}", pathParameters),
+		autorest.WithJSON(updateParams),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// UpdateSender sends the Update request. The method will close the
+// http.Response Body if it receives an error.
+func (client ProvidersClient) UpdateSender(req *http.Request) (*http.Response, error) {
+	return client.Send(req, azure.DoRetryWithRegistration(client.Client))
+}
+
+// UpdateResponder handles the response to the Update request. The method always
+// closes the http.Response Body.
+func (client ProvidersClient) UpdateResponder(resp *http.Response) (result Provider, err error) {
+	err = autorest.Respond(
+		resp,
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/version.go b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/version.go
new file mode 100644
index 000000000000..0370f916b9f4
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation/version.go
@@ -0,0 +1,30 @@
+package attestation
+
+import "github.com/Azure/azure-sdk-for-go/version"
+
+// Copyright (c) Microsoft and contributors.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+// UserAgent returns the UserAgent string to use when sending http.Requests.
+func UserAgent() string {
+	return "Azure-SDK-For-Go/" + Version() + " attestation/2018-09-01-preview"
+}
+
+// Version returns the semantic version (see http://semver.org) of the client.
+func Version() string {
+	return version.Number
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index f989585c44d7..ad6a3887cfa1 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -56,6 +56,7 @@ github.com/Azure/azure-sdk-for-go/services/postgresql/mgmt/2020-01-01/postgresql
 github.com/Azure/azure-sdk-for-go/services/powerbidedicated/mgmt/2017-10-01/powerbidedicated
 github.com/Azure/azure-sdk-for-go/services/preview/alertsmanagement/mgmt/2019-05-05/alertsmanagement
 github.com/Azure/azure-sdk-for-go/services/preview/appplatform/mgmt/2019-05-01-preview/appplatform
+github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation
 github.com/Azure/azure-sdk-for-go/services/preview/authorization/mgmt/2018-09-01-preview/authorization
 github.com/Azure/azure-sdk-for-go/services/preview/blueprint/mgmt/2018-11-01-preview/blueprint
 github.com/Azure/azure-sdk-for-go/services/preview/botservice/mgmt/2018-07-12/botservice
diff --git a/website/allowed-subcategories b/website/allowed-subcategories
index f0a9bf2a674e..f1da75ebb476 100644
--- a/website/allowed-subcategories
+++ b/website/allowed-subcategories
@@ -4,6 +4,7 @@ Analysis Services
 App Configuration
 App Service (Web Apps)
 Application Insights
+Attestation
 Authorization
 Automation
 Base
diff --git a/website/azurerm.erb b/website/azurerm.erb
index f654c3b84771..21a4de5964c9 100644
--- a/website/azurerm.erb
+++ b/website/azurerm.erb
@@ -133,6 +133,10 @@
                     <a href="/docs/providers/azurerm/d/automation_variable_string.html">azurerm_automation_variable_string</a>
                 </li>
 
+                <li>
+                    <a href="/docs/providers/azurerm/d/attestation.html">azurerm_attestation</a>
+                </li>
+
                 <li>
                     <a href="/docs/providers/azurerm/d/availability_set.html">azurerm_availability_set</a>
                 </li>
@@ -1760,6 +1764,15 @@
               </ul>
             </li>
 
+            <li>
+              <a href="#">Attestation Resources</a>
+              <ul class="nav">
+                <li>
+                  <a href="/docs/providers/azurerm/r/attestation.html">azurerm_attestation</a>
+                </li>
+              </ul>
+            </li>
+
             <li>
                <a href="#">IoTCentral Application Resources</a>
                <ul class="nav">
diff --git a/website/docs/d/attestation.html.markdown b/website/docs/d/attestation.html.markdown
new file mode 100644
index 000000000000..19e91d338439
--- /dev/null
+++ b/website/docs/d/attestation.html.markdown
@@ -0,0 +1,52 @@
+---
+subcategory: "Attestation"
+layout: "azurerm"
+page_title: "Azure Resource Manager: Data Source: azurerm_attestation"
+description: |-
+  Gets information about an existing Attestation Provider.
+---
+
+# Data Source: azurerm_attestation
+
+Use this data source to access information about an existing Attestation Provider.
+
+## Example Usage
+
+```hcl
+data "azurerm_attestation" "example" {
+  name                = "example-attestationprovider"
+  resource_group_name = "example-resource-group"
+}
+
+output "id" {
+  value = data.azurerm_attestation.example.id
+}
+```
+
+## Arguments Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of this Attestation Provider.
+
+* `resource_group_name` - (Required) The name of the Resource Group where the Attestation Provider exists.
+
+## Attributes Reference
+
+In addition to the Arguments listed above - the following Attributes are exported: 
+
+* `id` - The ID of the Attestation Provider.
+
+* `location` - The Azure Region where the Attestation Provider exists.
+
+* `attestation_uri` - The (Endpoint|URI) of the Attestation Service.
+
+* `trust_model` - Trust model used for the Attestation Service.
+
+* `tags` - A mapping of tags assigned to the Attestation Provider.
+
+## Timeouts
+
+The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions:
+
+* `read` - (Defaults to 5 minutes) Used when retrieving the Attestation Provider.
diff --git a/website/docs/r/attestation.html.markdown b/website/docs/r/attestation.html.markdown
new file mode 100644
index 000000000000..b502efc3e9ec
--- /dev/null
+++ b/website/docs/r/attestation.html.markdown
@@ -0,0 +1,73 @@
+---
+subcategory: "Attestation"
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_attestation"
+description: |-
+  Manages a Attestation Provider.
+---
+
+# azurerm_attestation
+
+Manages a Attestation Provider.
+
+## Example Usage
+
+```hcl
+resource "azurerm_resource_group" "example" {
+  name     = "example-resources"
+  location = "UK South"
+}
+
+resource "azurerm_attestation_provider" "example" {
+  name                = "example-attestationprovider"
+  resource_group_name = azurerm_resource_group.example.name
+  location            = azurerm_resource_group.example.location
+
+  policy_signing_certificate_data = file("./example/cert.pem")
+}
+```
+
+## Arguments Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name which should be used for this Attestation Provider. Changing this forces a new resource to be created.
+
+* `resource_group_name` - (Required) The name of the Resource Group where the attestation provider should exist. Changing this forces a new resource to be created.
+
+* `location` - (Required) The Azure Region where the Attestation Provider should exist. Changing this forces a new resource to be created.
+
+-> **NOTE:** Currently only supported in the `East US 2`, `West Central US`, and `UK South` regions.
+
+* `policy_signing_certificate_data` - (Optional) A valid X.509 certificate (Section 4 of [RFC4648](https://tools.ietf.org/html/rfc4648)). Changing this forces a new resource to be created.
+
+-> **NOTE:** If the `policy_signing_certificate_data` argument contains more than one valid X.509 certificate only the first certificate will be used.
+
+* `tags` - (Optional) A mapping of tags which should be assigned to the Attestation Provider.
+
+## Attributes Reference
+
+The following Attributes are exported: 
+
+* `id` - The ID of the Attestation Provider.
+
+* `attestation_uri` - The URI of the Attestation Service.
+
+* `trust_model` - Trust model used for the Attestation Service.
+
+## Timeouts
+
+The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions:
+
+* `create` - (Defaults to 30 minutes) Used when creating the Attestation Provider.
+* `read` - (Defaults to 5 minutes) Used when retrieving the Attestation Provider.
+* `update` - (Defaults to 30 minutes) Used when updating the Attestation Provider.
+* `delete` - (Defaults to 30 minutes) Used when deleting the Attestation Provider.
+
+## Import
+
+Attestation Providers can be imported using the `resource id`, e.g.
+
+```shell
+terraform import azurerm_attestation_provider.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Attestation/attestationProviders/provider1
+```