Script to Create a Resource Group, App Service Plan, Web App, VNet, Private DNS Zone, and Private Endpoint in Azure.
#Create a Resource group named myResourceGroup in location eastus
az group create --resource-group myResourceGroup --location eastus
# Create an App Service Plan
az appservice plan create --name myAppServicePlan --resource-group myResourceGroup --sku B1 --is-linux
Before creating WebApp ensure which runtime you are trying to opt, below will return os-type --> windows
$ az webapp list-runtimes --os-type windows
[
"dotnet:7",
"dotnet:6",
"ASPNET:V4.8",
"ASPNET:V3.5",
"NODE:18LTS",
"NODE:16LTS",
"NODE:14LTS",
"java:1.8:Java SE:8",
"java:11:Java SE:11",
"java:17:Java SE:17",
"java:1.8:TOMCAT:10.0",
"java:11:TOMCAT:10.0",
"java:17:TOMCAT:10.0",
"java:1.8:TOMCAT:9.0",
"java:11:TOMCAT:9.0",
"java:17:TOMCAT:9.0",
"java:1.8:TOMCAT:8.5",
"java:11:TOMCAT:8.5",
"java:17:TOMCAT:8.5"
]
# Create a Web App for the App Service Plan
az webapp create --name web-abhiWebApp-dv --resource-group myResourceGroup --plan myAppServicePlan --runtime "NODE:18-lts"
# Create a VNet with a private endpoint subnet for the private endpoint
az network vnet create --name myVNet --resource-group myResourceGroup --address-prefixes 10.0.0.0/16 --subnet-name mypepSubnet --subnet-prefixes 10.0.0.0/24
# Create a Private DNS Zone for the Azure Web App in the VNet
az network private-dns zone create --name privatelink.azurewebsites.net --resource-group myResourceGroup
# Create a Private Endpoint for the Azure Web App
az network private-endpoint create --name web-abhiwebAppsPrivateEndpoint --resource-group myResourceGroup --vnet-name myVNet --subnet mypepSubnet --private-connection-resource-id "/subscriptions/69b34dfc-XXXX-4259-93f3-037ed7eecXXX/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/web-abhiWebApp-dv" --group-id sites --connection-name myConnection --location eastus
# Get the IP address of the private endpoint
az network private-endpoint show --name web-abhiwebAppsPrivateEndpoint --resource-group myResourceGroup --query 'customDnsConfigs[].ipAddresses[]' --output tsv
# Update the DNS zone created in above step with the IP address of the private endpoint
az network private-dns record-set a add-record --record-set-name web-abhiWebApp-dv --zone-name privatelink.azurewebsites.net --resource-group myResourceGroup --ipv4-address 10.0.0.4
Test ..
You can test the private endpoint by connecting to the web app through the private IP address of the private endpoint. This can be done using a virtual machine or another resource within the same virtual network as the private endpoint. You can also test the private endpoint by attempting to access the web app through the public IP address of the web app. This should fail since the private endpoint is now the only way to access the web app.
No comments:
Post a Comment