From 3765f2a816c164bcaae89390b069cd0aca1a1b58 Mon Sep 17 00:00:00 2001 From: "Michael S. Collier" Date: Thu, 22 Aug 2024 19:45:55 +0000 Subject: [PATCH 1/6] Add disclaimer for pending removal. --- .../private-webapp-with-app-gateway-and-apim/README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/README.md b/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/README.md index 41eaa1365df7..7931ca077444 100644 --- a/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/README.md +++ b/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/README.md @@ -26,6 +26,12 @@ languages: [![Visualize](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/visualizebutton.svg?sanitize=true)](http://armviz.io/#/?load=https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Fprivate-webapp-with-app-gateway-and-apim%2Fazuredeploy.json) + +------ +:stop_sign: **This template is no longer maintained and will be removed by the end of 2024. Please consult [Integrate API Management in an internal virtual network with Application Gateway](https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway) for additional information.** :stop_sign: + +------ + This template deploys an **Application Gateway with an internal (virtual network) API Management instance and Azure Web App**. ## Overview and deployed resources From ffcad6af1b401e9032f897183e14a2291347b637 Mon Sep 17 00:00:00 2001 From: "Michael S. Collier" Date: Thu, 22 Aug 2024 19:47:34 +0000 Subject: [PATCH 2/6] Remove front-matter. --- .../README.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/README.md b/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/README.md index 7931ca077444..88461877cd1c 100644 --- a/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/README.md +++ b/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/README.md @@ -1,14 +1,4 @@ ---- -description: Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. -page_type: sample -products: -- azure -- azure-resource-manager -urlFragment: private-webapp-with-app-gateway-and-apim -languages: -- json -- bicep ---- + # Application Gateway with internal API Management and Web App ![Azure Public Test Date](https://azurequickstartsservice.blob.core.windows.net/badges/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/PublicLastTestDate.svg) From 1349ab88dc0c848ca80c2deba84550828933e325 Mon Sep 17 00:00:00 2001 From: "Michael S. Collier" Date: Thu, 22 Aug 2024 19:53:12 +0000 Subject: [PATCH 3/6] Remove blank at top of file. --- .../private-webapp-with-app-gateway-and-apim/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/README.md b/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/README.md index 88461877cd1c..398a8b2b3bdf 100644 --- a/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/README.md +++ b/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/README.md @@ -1,4 +1,3 @@ - # Application Gateway with internal API Management and Web App ![Azure Public Test Date](https://azurequickstartsservice.blob.core.windows.net/badges/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/PublicLastTestDate.svg) From 0510d43bf3d223f6b63f6b449c7b800ee7fadbd5 Mon Sep 17 00:00:00 2001 From: "Michael S. Collier" Date: Fri, 23 Aug 2024 01:21:13 +0000 Subject: [PATCH 4/6] Update API versions. --- .../main.bicep | 148 ++++++++++++++---- 1 file changed, 115 insertions(+), 33 deletions(-) diff --git a/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep b/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep index 28dd57f55d3b..6ff02d4cf6e4 100644 --- a/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep +++ b/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep @@ -105,8 +105,16 @@ var nsgApiManagementName = 'nsg-${baseName}-apim' var apimSubnetId = resourceId('Microsoft.Network/virtualNetworks/subnets', vnetName, subnetApiManagementName) var appGatewaySubnetId = resourceId('Microsoft.Network/virtualNetworks/subnets', vnetName, subnetAppGatewayName) -var appServiceIntegrationSubnetId = resourceId('Microsoft.Network/virtualNetworks/subnets', vnetName, subnetAppServiceIntName) -var privateEndpointSubnetId = resourceId('Microsoft.Network/virtualNetworks/subnets', vnetName, subnetPrivateEndpointName) +var appServiceIntegrationSubnetId = resourceId( + 'Microsoft.Network/virtualNetworks/subnets', + vnetName, + subnetAppServiceIntName +) +var privateEndpointSubnetId = resourceId( + 'Microsoft.Network/virtualNetworks/subnets', + vnetName, + subnetPrivateEndpointName +) var webAppName = 'web-${baseName}' @@ -121,12 +129,16 @@ var applicationGatewayTrustedRootCertificates = [ var applicationGatewayTrustedRootCertificateReferences = [ { - id: resourceId('Microsoft.Network/applicationGateways/trustedRootCertificates', applicationGatewayName, 'trustedrootcert') + id: resourceId( + 'Microsoft.Network/applicationGateways/trustedRootCertificates', + applicationGatewayName, + 'trustedrootcert' + ) } ] // ---- Create Virtual Network with subnets ---- -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' = { +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-01-01' = { name: vnetName location: location properties: { @@ -180,7 +192,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' = { } // ---- Create Network Security Groups (NSGs) ---- -resource nsgAppGateway 'Microsoft.Network/networkSecurityGroups@2021-02-01' = { +resource nsgAppGateway 'Microsoft.Network/networkSecurityGroups@2024-01-01' = { name: nsgAppGatewayName location: location properties: { @@ -217,7 +229,7 @@ resource nsgAppGateway 'Microsoft.Network/networkSecurityGroups@2021-02-01' = { } } -resource nsgApiManagemnt 'Microsoft.Network/networkSecurityGroups@2021-02-01' = { +resource nsgApiManagemnt 'Microsoft.Network/networkSecurityGroups@2024-01-01' = { name: nsgApiManagementName location: location properties: { @@ -241,7 +253,7 @@ resource nsgApiManagemnt 'Microsoft.Network/networkSecurityGroups@2021-02-01' = } // ---- Public IP Address ---- -resource applicationGatewayPublicIpAddress 'Microsoft.Network/publicIPAddresses@2021-03-01' = { +resource applicationGatewayPublicIpAddress 'Microsoft.Network/publicIPAddresses@2024-01-01' = { name: appGatewayPublicIpAddressName location: location sku: { @@ -324,7 +336,7 @@ resource webAppPrivateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { } // ---- Private Endpoint ---- -resource webAppPrivateEndpoint 'Microsoft.Network/privateEndpoints@2021-02-01' = { +resource webAppPrivateEndpoint 'Microsoft.Network/privateEndpoints@2023-11-01' = { name: 'pe-${baseName}-sites' location: location properties: { @@ -359,7 +371,7 @@ resource webAppPrivateEndpoint 'Microsoft.Network/privateEndpoints@2021-02-01' = } } -resource keyVaultPrivateEndpoint 'Microsoft.Network/privateEndpoints@2021-02-01' = { +resource keyVaultPrivateEndpoint 'Microsoft.Network/privateEndpoints@2023-11-01' = { name: 'pe-${baseName}-kv' location: location properties: { @@ -423,7 +435,7 @@ resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = { } } -resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' = { +resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { name: 'log-${baseName}' location: location properties: { @@ -434,7 +446,7 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06 } // ---- Azure Web App ---- -resource webAppPlan 'Microsoft.Web/serverfarms@2021-01-01' = { +resource webAppPlan 'Microsoft.Web/serverfarms@2023-12-01' = { name: 'plan-${baseName}' location: location kind: 'app' @@ -479,7 +491,7 @@ resource webApp 'Microsoft.Web/sites@2020-12-01' = { } } -resource webAppSettings 'Microsoft.Web/sites/config@2021-01-15' = { +resource webAppSettings 'Microsoft.Web/sites/config@2023-12-01' = { name: '${webAppName}/appsettings' dependsOn: [ webApp @@ -490,7 +502,7 @@ resource webAppSettings 'Microsoft.Web/sites/config@2021-01-15' = { } // ---- Azure API Management and related API operations ---- -resource apiManagementInstance 'Microsoft.ApiManagement/service@2020-12-01' = { +resource apiManagementInstance 'Microsoft.ApiManagement/service@2023-09-01-preview' = { name: apiManagementServiceName dependsOn: [ virtualNetwork @@ -690,7 +702,9 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2020-11-01' = probe: { id: resourceId('Microsoft.Network/applicationGateways/probes', applicationGatewayName, 'apimgatewayprobe') } - trustedRootCertificates: useWellKnownCertificateAuthority ? null : applicationGatewayTrustedRootCertificateReferences + trustedRootCertificates: useWellKnownCertificateAuthority + ? null + : applicationGatewayTrustedRootCertificateReferences } } { @@ -704,7 +718,9 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2020-11-01' = probe: { id: resourceId('Microsoft.Network/applicationGateways/probes', applicationGatewayName, 'apimportalprobe') } - trustedRootCertificates: useWellKnownCertificateAuthority ? null : applicationGatewayTrustedRootCertificateReferences + trustedRootCertificates: useWellKnownCertificateAuthority + ? null + : applicationGatewayTrustedRootCertificateReferences } } { @@ -716,9 +732,15 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2020-11-01' = pickHostNameFromBackendAddress: true requestTimeout: 180 probe: { - id: resourceId('Microsoft.Network/applicationGateways/probes', applicationGatewayName, 'apimmanagementprobe') + id: resourceId( + 'Microsoft.Network/applicationGateways/probes', + applicationGatewayName, + 'apimmanagementprobe' + ) } - trustedRootCertificates: useWellKnownCertificateAuthority ? null : applicationGatewayTrustedRootCertificateReferences + trustedRootCertificates: useWellKnownCertificateAuthority + ? null + : applicationGatewayTrustedRootCertificateReferences } } ] @@ -727,14 +749,22 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2020-11-01' = name: 'gatewaylistener' properties: { frontendIPConfiguration: { - id: resourceId('Microsoft.Network/applicationGateways/frontendIPConfigurations', applicationGatewayName, 'frontend1') + id: resourceId( + 'Microsoft.Network/applicationGateways/frontendIPConfigurations', + applicationGatewayName, + 'frontend1' + ) } frontendPort: { id: resourceId('Microsoft.Network/applicationGateways/frontendPorts', applicationGatewayName, 'port01') } protocol: 'Https' sslCertificate: { - id: resourceId('Microsoft.Network/applicationGateways/sslCertificates', applicationGatewayName, 'gatewaycert') + id: resourceId( + 'Microsoft.Network/applicationGateways/sslCertificates', + applicationGatewayName, + 'gatewaycert' + ) } hostName: apiManagementProxyCustomHostname requireServerNameIndication: true @@ -744,14 +774,22 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2020-11-01' = name: 'portallistener' properties: { frontendIPConfiguration: { - id: resourceId('Microsoft.Network/applicationGateways/frontendIPConfigurations', applicationGatewayName, 'frontend1') + id: resourceId( + 'Microsoft.Network/applicationGateways/frontendIPConfigurations', + applicationGatewayName, + 'frontend1' + ) } frontendPort: { id: resourceId('Microsoft.Network/applicationGateways/frontendPorts', applicationGatewayName, 'port01') } protocol: 'Https' sslCertificate: { - id: resourceId('Microsoft.Network/applicationGateways/sslCertificates', applicationGatewayName, 'portalcert') + id: resourceId( + 'Microsoft.Network/applicationGateways/sslCertificates', + applicationGatewayName, + 'portalcert' + ) } hostName: apiManagementPortalCustomHostname requireServerNameIndication: true @@ -761,14 +799,22 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2020-11-01' = name: 'managementlistener' properties: { frontendIPConfiguration: { - id: resourceId('Microsoft.Network/applicationGateways/frontendIPConfigurations', applicationGatewayName, 'frontend1') + id: resourceId( + 'Microsoft.Network/applicationGateways/frontendIPConfigurations', + applicationGatewayName, + 'frontend1' + ) } frontendPort: { id: resourceId('Microsoft.Network/applicationGateways/frontendPorts', applicationGatewayName, 'port01') } protocol: 'Https' sslCertificate: { - id: resourceId('Microsoft.Network/applicationGateways/sslCertificates', applicationGatewayName, 'managementcert') + id: resourceId( + 'Microsoft.Network/applicationGateways/sslCertificates', + applicationGatewayName, + 'managementcert' + ) } hostName: apiManagementManagementCustomHostname requireServerNameIndication: true @@ -781,13 +827,25 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2020-11-01' = properties: { ruleType: 'Basic' httpListener: { - id: resourceId('Microsoft.Network/applicationGateways/httpListeners', applicationGatewayName, 'gatewaylistener') + id: resourceId( + 'Microsoft.Network/applicationGateways/httpListeners', + applicationGatewayName, + 'gatewaylistener' + ) } backendAddressPool: { - id: resourceId('Microsoft.Network/applicationGateways/backendAddressPools', applicationGatewayName, 'gatewaybackend') + id: resourceId( + 'Microsoft.Network/applicationGateways/backendAddressPools', + applicationGatewayName, + 'gatewaybackend' + ) } backendHttpSettings: { - id: resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', applicationGatewayName, 'apimPoolGatewaySetting') + id: resourceId( + 'Microsoft.Network/applicationGateways/backendHttpSettingsCollection', + applicationGatewayName, + 'apimPoolGatewaySetting' + ) } } } @@ -796,13 +854,25 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2020-11-01' = properties: { ruleType: 'Basic' httpListener: { - id: resourceId('Microsoft.Network/applicationGateways/httpListeners', applicationGatewayName, 'portallistener') + id: resourceId( + 'Microsoft.Network/applicationGateways/httpListeners', + applicationGatewayName, + 'portallistener' + ) } backendAddressPool: { - id: resourceId('Microsoft.Network/applicationGateways/backendAddressPools', applicationGatewayName, 'portalbackend') + id: resourceId( + 'Microsoft.Network/applicationGateways/backendAddressPools', + applicationGatewayName, + 'portalbackend' + ) } backendHttpSettings: { - id: resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', applicationGatewayName, 'apimPoolPortalSetting') + id: resourceId( + 'Microsoft.Network/applicationGateways/backendHttpSettingsCollection', + applicationGatewayName, + 'apimPoolPortalSetting' + ) } } } @@ -811,13 +881,25 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2020-11-01' = properties: { ruleType: 'Basic' httpListener: { - id: resourceId('Microsoft.Network/applicationGateways/httpListeners', applicationGatewayName, 'managementlistener') + id: resourceId( + 'Microsoft.Network/applicationGateways/httpListeners', + applicationGatewayName, + 'managementlistener' + ) } backendAddressPool: { - id: resourceId('Microsoft.Network/applicationGateways/backendAddressPools', applicationGatewayName, 'managementbackend') + id: resourceId( + 'Microsoft.Network/applicationGateways/backendAddressPools', + applicationGatewayName, + 'managementbackend' + ) } backendHttpSettings: { - id: resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', applicationGatewayName, 'apimPoolManagementSetting') + id: resourceId( + 'Microsoft.Network/applicationGateways/backendHttpSettingsCollection', + applicationGatewayName, + 'apimPoolManagementSetting' + ) } } } @@ -908,7 +990,7 @@ resource applicationGatewayDiagnosticSettings 'Microsoft.Insights/diagnosticSett } // ---- Azure Key Vault ---- -resource keyVault 'Microsoft.KeyVault/vaults@2021-04-01-preview' = { +resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' = { name: keyVaultName location: location properties: { From 708e6383eff29f0a53eeb5e89a7e80bf748915fd Mon Sep 17 00:00:00 2001 From: "Michael S. Collier" Date: Fri, 23 Aug 2024 01:29:16 +0000 Subject: [PATCH 5/6] Update API versions. --- .../private-webapp-with-app-gateway-and-apim/main.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep b/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep index 6ff02d4cf6e4..0ed24755c971 100644 --- a/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep +++ b/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep @@ -457,7 +457,7 @@ resource webAppPlan 'Microsoft.Web/serverfarms@2023-12-01' = { properties: {} } -resource webApp 'Microsoft.Web/sites@2020-12-01' = { +resource webApp 'Microsoft.Web/sites@2023-12-01' = { name: webAppName location: location kind: 'app' @@ -591,7 +591,7 @@ resource apiManagementDiagnosticSettings 'Microsoft.Insights/diagnosticSettings@ } // ---- Azure Application Gateway ---- -resource applicationGateway 'Microsoft.Network/applicationGateways@2020-11-01' = { +resource applicationGateway 'Microsoft.Network/applicationGateways@2024-01-01' = { name: applicationGatewayName location: location dependsOn: [ From 80d8826ead47c36224be862d725841a6bb41774d Mon Sep 17 00:00:00 2001 From: "Michael S. Collier" Date: Fri, 23 Aug 2024 01:45:36 +0000 Subject: [PATCH 6/6] Add required routing rules. --- .../private-webapp-with-app-gateway-and-apim/main.bicep | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep b/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep index 0ed24755c971..e73af07e6d80 100644 --- a/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep +++ b/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep @@ -826,6 +826,7 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2024-01-01' = name: 'gatewayrule' properties: { ruleType: 'Basic' + priority: 1 httpListener: { id: resourceId( 'Microsoft.Network/applicationGateways/httpListeners', @@ -853,6 +854,7 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2024-01-01' = name: 'portalrule' properties: { ruleType: 'Basic' + priority: 2 httpListener: { id: resourceId( 'Microsoft.Network/applicationGateways/httpListeners', @@ -880,6 +882,7 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2024-01-01' = name: 'managementrule' properties: { ruleType: 'Basic' + priority: 3 httpListener: { id: resourceId( 'Microsoft.Network/applicationGateways/httpListeners',