About Me

My photo
I am MCSE in Data Management and Analytics with specialization in MS SQL Server and MCP in Azure. I have over 13+ years of experience in IT industry with expertise in data management, Azure Cloud, Data-Canter Migration, Infrastructure Architecture planning and Virtualization and automation. Contact me if you are looking for any sort of guidance in getting your Infrastructure provisioning automated through Terraform. I sometime write for a place to store my own experiences for future search and read by own blog but can hopefully help others along the way. Thanks.

How to Create a Resource Group, App Service Plan, Web App, VNet, private endpoint subnet Private DNS Zone, and Private Endpoint in Azure for a WebApp.

Script to Create a Resource Group, App Service Plan, Web App, VNet, Private DNS Zone, and Private Endpoint in Azure.


 #Create a Resource group named myResourceGroup in location eastus

az group create --resource-group myResourceGroup --location eastus 


# Create an App Service Plan

az appservice plan create --name myAppServicePlan --resource-group myResourceGroup --sku B1 --is-linux

Before creating WebApp ensure which runtime you are trying to opt, below will return os-type --> windows

$ az webapp list-runtimes --os-type windows

[

  "dotnet:7",

  "dotnet:6",

  "ASPNET:V4.8",

  "ASPNET:V3.5",

  "NODE:18LTS",

  "NODE:16LTS",

  "NODE:14LTS",

  "java:1.8:Java SE:8",

  "java:11:Java SE:11",

  "java:17:Java SE:17",

  "java:1.8:TOMCAT:10.0",

  "java:11:TOMCAT:10.0",

  "java:17:TOMCAT:10.0",

  "java:1.8:TOMCAT:9.0",

  "java:11:TOMCAT:9.0",

  "java:17:TOMCAT:9.0",

  "java:1.8:TOMCAT:8.5",

  "java:11:TOMCAT:8.5",

  "java:17:TOMCAT:8.5"

]


# Create a Web App for the App Service Plan

az webapp create --name web-abhiWebApp-dv --resource-group myResourceGroup --plan myAppServicePlan --runtime "NODE:18-lts"


# Create a VNet with a private endpoint subnet for the private endpoint

az network vnet create --name myVNet --resource-group myResourceGroup --address-prefixes 10.0.0.0/16 --subnet-name mypepSubnet --subnet-prefixes 10.0.0.0/24 


# Create a Private DNS Zone for the Azure Web App in the VNet

az network private-dns zone create --name privatelink.azurewebsites.net --resource-group myResourceGroup 

 

# Create a Private Endpoint for the Azure Web App

az network private-endpoint create --name web-abhiwebAppsPrivateEndpoint --resource-group myResourceGroup --vnet-name myVNet --subnet mypepSubnet --private-connection-resource-id "/subscriptions/69b34dfc-XXXX-4259-93f3-037ed7eecXXX/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/web-abhiWebApp-dv" --group-id sites --connection-name myConnection --location eastus


# Get the IP address of the private endpoint

 az network private-endpoint show --name web-abhiwebAppsPrivateEndpoint --resource-group myResourceGroup --query 'customDnsConfigs[].ipAddresses[]' --output tsv


# Update the DNS zone created in  above step with the IP address of the private endpoint


az network private-dns record-set a add-record --record-set-name web-abhiWebApp-dv --zone-name privatelink.azurewebsites.net --resource-group myResourceGroup --ipv4-address 10.0.0.4


Test ..


You can test the private endpoint by connecting to the web app through the private IP address of the private endpoint. This can be done using a virtual machine or another resource within the same virtual network as the private endpoint. You can also test the private endpoint by attempting to access the web app through the public IP address of the web app. This should fail since the private endpoint is now the only way to access the web app.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)