Integrate App Service with Application Gateway using CLI

This sample script creates an Azure App Service web app, an Azure Virtual Network and an Application Gateway. It then restricts the traffic for the web app to only originate from the Application Gateway subnet.

If you don't have an Azure subscription, create a free account before you begin.

Prerequisites

  • Use the Bash environment in Azure Cloud Shell.

    Launch Cloud Shell in a new window

  • If you prefer, install the Azure CLI to run CLI reference commands.

    • If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For additional sign-in options, see Sign in with the Azure CLI.

    • When you're prompted, install Azure CLI extensions on first use. For more information about extensions, see Use extensions with the Azure CLI.

    • Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.

  • This tutorial requires version 2.0.74 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.

Sample script

#/bin/bash

# This script requires minimum Azure CLI version 2.0.74

# Variables
resourceGroupName="yourResourceGroup"
appName="webappwithgateway$RANDOM"
location="WestEurope"

# Create a Resource Group 
az group create --name $resourceGroupName --location $location

# Create network resources
az network vnet create \
    --resource-group $resourceGroupName \
    --name myVNet \
    --location $location \
    --address-prefix 10.0.0.0/16 \
    --subnet-name myAGSubnet \
    --subnet-prefix 10.0.1.0/24

az network public-ip create \
    --resource-group $resourceGroupName --location $location \
    --name myAGPublicIPAddress --dns-name $appName --sku Standard

# Create an App Service Plan
az appservice plan create --resource-group $resourceGroupName \
    --name myAppServicePlan --location $location --sku S1

# Create a Web App
az webapp create --resource-group $resourceGroupName \
    --name $appName --plan myAppServicePlan

appFqdn=$(az webapp show --name $appName --resource-group $resourceGroupName --query defaultHostName -o tsv)

# Create an Application Gateway
az network application-gateway create \
    --resource-group $resourceGroupName \
    --name myAppGateway \
    --location $location \
    --vnet-name myVNet \
    --subnet myAGsubnet \
    --min-capacity 2 \
    --sku Standard_v2 \
    --http-settings-cookie-based-affinity Disabled \
    --frontend-port 80 \
    --http-settings-port 80 \
    --http-settings-protocol Http \
    --public-ip-address myAGPublicIPAddress \
    --servers $appFqdn

az network application-gateway http-settings update \
    --resource-group $resourceGroupName --gateway-name myAppGateway \
    --name appGatewayBackendHttpSettings \
    --host-name-from-backend-pool

# Apply Access Restriction to Web App
az webapp config access-restriction add \
    --resource-group $resourceGroupName --name $appName \
    --priority 200 --rule-name gateway-access \
    --subnet myAGSubnet --vnet-name myVNet

# Get the App Gateway Fqdn
az network public-ip show \
    --resource-group $resourceGroupName \
    --name myAGPublicIPAddress \
    --query {AppGatewayFqdn:dnsSettings.fqdn} \
    --output table

Clean up deployment

After the sample script has been run, the following command can be used to remove the resource group and all resources associated with it.

az group delete --name myResourceGroup

Script explanation

This script uses the following commands to create a resource group, App Service app, Cosmos DB, and all related resources. Each command in the table links to command specific documentation.

Command Notes
az group create Creates a resource group in which all resources are stored.
az network vnet create Creates a virtual network.
az network public-ip create Creates a public IP address.
az network public-ip show Show details of a public IP address.
az appservice plan create Creates an App Service plan.
az webapp create Creates an App Service web app.
az webapp show Show details of an App Service web app.
az webapp config access-restriction add Adds an access restriction to the App Service web app.
az network application-gateway create Creates an Application Gateway.
az network application-gateway http-settings update Updates Application Gateway HTTP settings.

Next steps

For more information on the Azure CLI, see Azure CLI documentation.

Additional App Service CLI script samples can be found in the Azure App Service documentation.