About Me

My photo
I am an MCSE in Data Management and Analytics, specializing in MS SQL Server, and an MCP in Azure. With over 19+ years of experience in the IT industry, I bring expertise in data management, Azure Cloud, Data Center Migration, Infrastructure Architecture planning, as well as Virtualization and automation. I have a deep passion for driving innovation through infrastructure automation, particularly using Terraform for efficient provisioning. If you're looking for guidance on automating your infrastructure or have questions about Azure, SQL Server, or cloud migration, feel free to reach out. I often write to capture my own experiences and insights for future reference, but I hope that sharing these experiences through my blog will help others on their journey as well. Thank you for reading!

How to Create a Resource Group, App Service Plan, Web App, VNet, private endpoint subnet Private DNS Zone, and Private Endpoint in Azure for a WebApp.

Script to Create a Resource Group, App Service Plan, Web App, VNet, Private DNS Zone, and Private Endpoint in Azure.


 #Create a Resource group named myResourceGroup in location eastus

az group create --resource-group myResourceGroup --location eastus 


# Create an App Service Plan

az appservice plan create --name myAppServicePlan --resource-group myResourceGroup --sku B1 --is-linux

Before creating WebApp ensure which runtime you are trying to opt, below will return os-type --> windows

$ az webapp list-runtimes --os-type windows

[

  "dotnet:7",

  "dotnet:6",

  "ASPNET:V4.8",

  "ASPNET:V3.5",

  "NODE:18LTS",

  "NODE:16LTS",

  "NODE:14LTS",

  "java:1.8:Java SE:8",

  "java:11:Java SE:11",

  "java:17:Java SE:17",

  "java:1.8:TOMCAT:10.0",

  "java:11:TOMCAT:10.0",

  "java:17:TOMCAT:10.0",

  "java:1.8:TOMCAT:9.0",

  "java:11:TOMCAT:9.0",

  "java:17:TOMCAT:9.0",

  "java:1.8:TOMCAT:8.5",

  "java:11:TOMCAT:8.5",

  "java:17:TOMCAT:8.5"

]


# Create a Web App for the App Service Plan

az webapp create --name web-abhiWebApp-dv --resource-group myResourceGroup --plan myAppServicePlan --runtime "NODE:18-lts"


# Create a VNet with a private endpoint subnet for the private endpoint

az network vnet create --name myVNet --resource-group myResourceGroup --address-prefixes 10.0.0.0/16 --subnet-name mypepSubnet --subnet-prefixes 10.0.0.0/24 


# Create a Private DNS Zone for the Azure Web App in the VNet

az network private-dns zone create --name privatelink.azurewebsites.net --resource-group myResourceGroup 

 

# Create a Private Endpoint for the Azure Web App

az network private-endpoint create --name web-abhiwebAppsPrivateEndpoint --resource-group myResourceGroup --vnet-name myVNet --subnet mypepSubnet --private-connection-resource-id "/subscriptions/69b34dfc-XXXX-4259-93f3-037ed7eecXXX/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/web-abhiWebApp-dv" --group-id sites --connection-name myConnection --location eastus


# Get the IP address of the private endpoint

 az network private-endpoint show --name web-abhiwebAppsPrivateEndpoint --resource-group myResourceGroup --query 'customDnsConfigs[].ipAddresses[]' --output tsv


# Update the DNS zone created in  above step with the IP address of the private endpoint


az network private-dns record-set a add-record --record-set-name web-abhiWebApp-dv --zone-name privatelink.azurewebsites.net --resource-group myResourceGroup --ipv4-address 10.0.0.4


Test ..


You can test the private endpoint by connecting to the web app through the private IP address of the private endpoint. This can be done using a virtual machine or another resource within the same virtual network as the private endpoint. You can also test the private endpoint by attempting to access the web app through the public IP address of the web app. This should fail since the private endpoint is now the only way to access the web app.

No comments: