Integrate App Service with Application Gateway using CLI
This sample script creates an Azure App Service web app, an Azure Virtual Network and an Application Gateway. It then restricts the traffic for the web app to only originate from the Application Gateway subnet.
If you don't have an Azure subscription, create an Azure free account before you begin.
Prerequisites
Use the Bash environment in Azure Cloud Shell. For more information, see Azure Cloud Shell Quickstart - Bash.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you are running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For additional sign-in options, see Sign in with the Azure CLI.
When you're prompted, install Azure CLI extensions on first use. For more information about extensions, see Use extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
Sample script
Launch Azure Cloud Shell
The Azure Cloud Shell is a free interactive shell that you can use to run the steps in this article. It has common Azure tools preinstalled and configured to use with your account.
To open the Cloud Shell, just select Try it from the upper right corner of a code block. You can also launch Cloud Shell in a separate browser tab by going to https://shell.azure.com.
When Cloud Shell opens, verify that Bash is selected for your environment. Subsequent sessions will use Azure CLI in a Bash environment, Select Copy to copy the blocks of code, paste it into the Cloud Shell, and press Enter to run it.
Sign in to Azure
Cloud Shell is automatically authenticated under the initial account signed-in with. Use the following script to sign in using a different subscription, replacing <Subscription ID> with your Azure Subscription ID. If you don't have an Azure subscription, create an Azure free account before you begin.
subscription="<subscriptionId>" # add subscription here
az account set -s $subscription # ...or use 'az login'
For more information, see set active subscription or log in interactively
Run the script
# Integrate App Service with Application Gateway
# set -e # exit if error
# Variable block
let "randomIdentifier=$RANDOM*$RANDOM"
location="East US"
resourceGroup="msdocs-app-service-rg-$randomIdentifier"
tag="integrate-with-app-gateway.sh"
vNet="msdocs-app-service-vnet-$randomIdentifier"
subnet="msdocs-app-service-subnet-$randomIdentifier"
appServicePlan="msdocs-app-service-plan-$randomIdentifier"
webapp="msdocs-web-app-$randomIdentifier"
appGateway="msdocs-app-gateway-$randomIdentifier"
publicIpAddress="msdocs-public-ip-$randomIdentifier"
# Create a resource group.
echo "Creating $resourceGroup in "$location"..."
az group create --name $resourceGroup --location "$location" --tag $tag
# Create network resources
az network vnet create --resource-group $resourceGroup --name $vNet --location "$location" --address-prefix 10.0.0.0/16 --subnet-name $subnet --subnet-prefix 10.0.1.0/24
az network public-ip create --resource-group $resourceGroup --location "$location" --name $publicIpAddress --dns-name $webapp --sku Standard --zone 1
# Create an App Service plan in `S1` tier
echo "Creating $appServicePlan"
az appservice plan create --name $appServicePlan --resource-group $resourceGroup --sku S1
# Create a web app.
echo "Creating $webapp"
az webapp create --name $webapp --resource-group $resourceGroup --plan $appServicePlan
appFqdn=$(az webapp show --name $webapp --resource-group $resourceGroup --query defaultHostName -o tsv)
# Create an Application Gateway
az network application-gateway create --resource-group $resourceGroup --name $appGateway --location "$location" --vnet-name $vNet --subnet $subnet --min-capacity 2 --sku Standard_v2 --http-settings-cookie-based-affinity Disabled --frontend-port 80 --http-settings-port 80 --http-settings-protocol Http --public-ip-address $publicIpAddress --servers $appFqdn
az network application-gateway http-settings update --resource-group $resourceGroup --gateway-name $appGateway --name appGatewayBackendHttpSettings --host-name-from-backend-pool
# Apply Access Restriction to Web App
az webapp config access-restriction add --resource-group $resourceGroup --name $webapp --priority 200 --rule-name gateway-access --subnet $subnet --vnet-name $vNet
# Get the App Gateway Fqdn
az network public-ip show --resource-group $resourceGroup --name $publicIpAddress --query {AppGatewayFqdn:dnsSettings.fqdn} --output table
Clean up resources
Use the following command to remove the resource group and all resources associated with it using the az group delete command - unless you have an ongoing need for these resources. Some of these resources may take a while to create, as well as to delete.
az group delete --name $resourceGroup
Sample reference
This script uses the following commands to create a resource group, App Service app, Cosmos DB, and all related resources. Each command in the table links to command specific documentation.
| Command | Notes |
|---|---|
az group create |
Creates a resource group in which all resources are stored. |
az network vnet create |
Creates a virtual network. |
az network public-ip create |
Creates a public IP address. |
az network public-ip show |
Show details of a public IP address. |
az appservice plan create |
Creates an App Service plan. |
az webapp create |
Creates an App Service web app. |
az webapp show |
Show details of an App Service web app. |
az webapp config access-restriction add |
Adds an access restriction to the App Service web app. |
az network application-gateway create |
Creates an Application Gateway. |
az network application-gateway http-settings update |
Updates Application Gateway HTTP settings. |
Next steps
For more information on the Azure CLI, see Azure CLI documentation.
Additional App Service CLI script samples can be found in the Azure App Service documentation.
Feedback
Submit and view feedback for