How to Create a Resource Group, App Service Plan, Web App, VNet, private endpoint subnet Private DNS Zone, and Private Endpoint in Azure for a WebApp.

Script to Create a Resource Group, App Service Plan, Web App, VNet, Private DNS Zone, and Private Endpoint in Azure.

 #Create a Resource group named myResourceGroup in location eastus

az group create --resource-group myResourceGroup --location eastus 

# Create an App Service Plan

az appservice plan create --name myAppServicePlan --resource-group myResourceGroup --sku B1 --is-linux

Before creating WebApp ensure which runtime you are trying to opt, below will return os-type --> windows

$ az webapp list-runtimes --os-type windows









  "java:1.8:Java SE:8",

  "java:11:Java SE:11",

  "java:17:Java SE:17",











# Create a Web App for the App Service Plan

az webapp create --name web-abhiWebApp-dv --resource-group myResourceGroup --plan myAppServicePlan --runtime "NODE:18-lts"

# Create a VNet with a private endpoint subnet for the private endpoint

az network vnet create --name myVNet --resource-group myResourceGroup --address-prefixes --subnet-name mypepSubnet --subnet-prefixes 

# Create a Private DNS Zone for the Azure Web App in the VNet

az network private-dns zone create --name --resource-group myResourceGroup 


# Create a Private Endpoint for the Azure Web App

az network private-endpoint create --name web-abhiwebAppsPrivateEndpoint --resource-group myResourceGroup --vnet-name myVNet --subnet mypepSubnet --private-connection-resource-id "/subscriptions/69b34dfc-XXXX-4259-93f3-037ed7eecXXX/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/web-abhiWebApp-dv" --group-id sites --connection-name myConnection --location eastus

# Get the IP address of the private endpoint

 az network private-endpoint show --name web-abhiwebAppsPrivateEndpoint --resource-group myResourceGroup --query 'customDnsConfigs[].ipAddresses[]' --output tsv

# Update the DNS zone created in  above step with the IP address of the private endpoint

az network private-dns record-set a add-record --record-set-name web-abhiWebApp-dv --zone-name --resource-group myResourceGroup --ipv4-address

Test ..

You can test the private endpoint by connecting to the web app through the private IP address of the private endpoint. This can be done using a virtual machine or another resource within the same virtual network as the private endpoint. You can also test the private endpoint by attempting to access the web app through the public IP address of the web app. This should fail since the private endpoint is now the only way to access the web app.

No comments:

Post a Comment