Integrate App Service with Application Gateway using CLI

• 12/09/2019
• 3 minutes to read
• • m
  • M
  • j
  • D
  • m

This sample script creates an Azure App Service web app, an Azure Virtual Network and an Application Gateway. It then restricts the traffic for the web app to only originate from the Application Gateway subnet.

If you don't have an Azure subscription, create a free account before you begin.

Prerequisites

• Use the Bash environment in Azure Cloud Shell.

  

• If you prefer, install the Azure CLI to run CLI reference commands.

  • If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For additional sign-in options, see Sign in with the Azure CLI.

  • When you're prompted, install Azure CLI extensions on first use. For more information about extensions, see Use extensions with the Azure CLI.

  • Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.

• This tutorial requires version 2.0.74 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.

Sample script

#/bin/bash

# This script requires minimum Azure CLI version 2.0.74

# Variables
resourceGroupName="yourResourceGroup"
appName="webappwithgateway$RANDOM"
location="WestEurope"

# Create a Resource Group 
az group create --name $resourceGroupName --location $location

# Create network resources
az network vnet create \
    --resource-group $resourceGroupName \
    --name myVNet \
    --location $location \
    --address-prefix 10.0.0.0/16 \
    --subnet-name myAGSubnet \
    --subnet-prefix 10.0.1.0/24

az network public-ip create \
    --resource-group $resourceGroupName --location $location \
    --name myAGPublicIPAddress --dns-name $appName --sku Standard

# Create an App Service Plan
az appservice plan create --resource-group $resourceGroupName \
    --name myAppServicePlan --location $location --sku S1

# Create a Web App
az webapp create --resource-group $resourceGroupName \
    --name $appName --plan myAppServicePlan

appFqdn=$(az webapp show --name $appName --resource-group $resourceGroupName --query defaultHostName -o tsv)

# Create an Application Gateway
az network application-gateway create \
    --resource-group $resourceGroupName \
    --name myAppGateway \
    --location $location \
    --vnet-name myVNet \
    --subnet myAGsubnet \
    --min-capacity 2 \
    --sku Standard_v2 \
    --http-settings-cookie-based-affinity Disabled \
    --frontend-port 80 \
    --http-settings-port 80 \
    --http-settings-protocol Http \
    --public-ip-address myAGPublicIPAddress \
    --servers $appFqdn

az network application-gateway http-settings update \
    --resource-group $resourceGroupName --gateway-name myAppGateway \
    --name appGatewayBackendHttpSettings \
    --host-name-from-backend-pool

# Apply Access Restriction to Web App
az webapp config access-restriction add \
    --resource-group $resourceGroupName --name $appName \
    --priority 200 --rule-name gateway-access \
    --subnet myAGSubnet --vnet-name myVNet

# Get the App Gateway Fqdn
az network public-ip show \
    --resource-group $resourceGroupName \
    --name myAGPublicIPAddress \
    --query {AppGatewayFqdn:dnsSettings.fqdn} \
    --output table

Clean up deployment

After the sample script has been run, the following command can be used to remove the resource group and all resources associated with it.

az group delete --name myResourceGroup

Script explanation

This script uses the following commands to create a resource group, App Service app, Cosmos DB, and all related resources. Each command in the table links to command specific documentation.

Next steps

For more information on the Azure CLI, see Azure CLI documentation.

Additional App Service CLI script samples can be found in the Azure App Service documentation.