Create an App Service app and deploy a private endpoint by using an Azure Resource Manager template
In this quickstart, you use an Azure Resource Manager (ARM) template to create a web app and expose it with a private endpoint.
An Azure Resource Manager template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax. You describe your intended deployment without writing the sequence of programming commands to create the deployment.
Prerequisite
You need an Azure account with an active subscription. Create an account for free.
Create a private endpoint
This template creates a private endpoint for an Azure web app.
Review the template
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"virtualNetwork_name": {
"type": "String",
"metadata":{
"description": "Name of the VNet"
}
},
"serverFarm_name": {
"type": "String",
"defaultValue": "ServerFarm1",
"metadata":{
"description": "Name of the Web Farm"
}
},
"site_name": {
"type": "String",
"metadata":{
"description": "Web App name must be unique DNS name worldwide"
}
},
"virtualNetwork_CIDR": {
"type": "String",
"defaultValue": "10.200.0.0/16",
"metadata":{
"description": "CIDR of your VNet"
}
},
"subnet1_name": {
"type": "String",
"metadata":{
"description": "Name of the Subnet"
}
},
"subnet1_CIDR": {
"type": "String",
"defaultValue": "10.200.1.0/24",
"metadata":{
"description": "CIDR of your subnet"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata":{
"description": "Location for all resources."
}
},
"SKU_name": {
"type": "String",
"defaultValue": "P1v2",
"metadata":{
"description": "SKU name, must be minimum P1v2"
}
},
"SKU_tier": {
"type": "String",
"defaultValue": "PremiumV2",
"metadata":{
"description": "SKU tier, must be Premium"
}
},
"SKU_size": {
"type": "String",
"defaultValue": "P1v2",
"metadata":{
"description": "SKU size, must be minimum P1v2"
}
},
"SKU_family": {
"type": "String",
"defaultValue": "P1v2",
"metadata":{
"description": "SKU family, must be minimum P1v2"
}
},
"privateEndpoint_name": {
"type": "string",
"metadata":{
"description": "Name of your Private Endpoint"
}
},
"privateLinkConnection_name": {
"type": "string",
"metadata":{
"description": "Link name between your Private Endpoint and your Web App"
}
},
"privateDNSZone_name": {
"type": "string",
"defaultValue": "privatelink.azurewebsites.net",
"metadata":{
"description": "Name must be privatelink.azurewebsites.net"
}
},
"webapp_dns_name": {
"type": "string",
"defaultValue": ".azurewebsites.net",
"metadata":{
"description": "Name must be privatelink.azurewebsites.net"
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2020-04-01",
"name": "[parameters('virtualNetwork_name')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('virtualNetwork_CIDR')]"
]
}
}
},
{
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2020-04-01",
"name": "[concat(parameters('virtualNetwork_name'),'/', parameters('subnet1_name'))]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetwork_name'))]"
],
"properties": {
"addressPrefix": "[parameters('subnet1_CIDR')]",
"privateEndpointNetworkPolicies": "Disabled"
}
},
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2019-08-01",
"name": "[parameters('serverFarm_name')]",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('SKU_name')]",
"tier": "[parameters('SKU_tier')]",
"size": "[parameters('SKU_size')]",
"family": "[parameters('SKU_family')]",
"capacity": 1
},
"kind": "app"
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2019-08-01",
"name": "[parameters('site_name')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', parameters('serverFarm_name'))]"
],
"kind": "app",
"properties": {
"enabled": true,
"hostNameSslStates": [
{
"name": "[concat(parameters('site_name'), parameters('webapp_dns_name'))]",
"sslState": "Disabled",
"hostType": "Standard"
},
{
"name": "[concat(parameters('site_name'), '.scm', parameters('webapp_dns_name'))]",
"sslState": "Disabled",
"hostType": "Repository"
}
],
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('serverFarm_name'))]"
}
},
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2019-08-01",
"name": "[concat(parameters('site_name'), '/web')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('site_name'))]"
],
"properties": {
"ftpsState": "AllAllowed"
}
},
{
"type": "Microsoft.Web/sites/hostNameBindings",
"apiVersion": "2019-08-01",
"name": "[concat(parameters('site_name'), '/', parameters('site_name'), parameters('webapp_dns_name'))]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('site_name'))]"
],
"properties": {
"siteName": "[parameters('site_name')]",
"hostNameType": "Verified"
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2019-04-01",
"name": "[parameters('privateEndpoint_name')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('site_name'))]",
"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetwork_name'), parameters('subnet1_name'))]"
],
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetwork_name'), parameters('subnet1_name'))]"
},
"privateLinkServiceConnections": [
{
"name": "[parameters('privateLinkConnection_name')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Web/sites', parameters('site_name'))]",
"groupIds": [
"sites"
]
}
}
]
}
},
{
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2018-09-01",
"name": "[parameters('privateDNSZone_name')]",
"location": "global",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetwork_name'))]"
]
},
{
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "2018-09-01",
"name": "[concat(parameters('privateDNSZone_name'), '/', parameters('privateDNSZone_name'), '-link')]",
"location": "global",
"dependsOn": [
"[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDNSZone_name'))]",
"[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetwork_name'))]"
],
"properties": {
"registrationEnabled": false,
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetwork_name'))]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-03-01",
"name": "[concat(parameters('privateEndpoint_name'),'/dnsgroupname')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDNSZone_name'))]",
"[resourceId('Microsoft.Network/privateEndpoints' , parameters('privateEndpoint_name'))]"
],
"properties": {
"privateDnsZoneConfigs": [
{
"name": "config1",
"properties": {
"privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDNSZone_name'))]"
}
}
]
}
}
]
}
Deploy the template
Here's how to deploy the Azure Resource Manager template to Azure:
- To sign in to Azure and open the template, select this link: Deploy to Azure. The template creates the virtual network, the web app, the private endpoint, and the private DNS zone.
- Select or create your resource group.
- Enter the name of your web app, Azure App Service plan, and private endpoint.
- Read the statement about terms and conditions. If you agree, select I agree to the terms and conditions stated above > Purchase. The deployment can take several minutes to finish.
Clean up resources
When you no longer need the resources that you created with the private endpoint, delete the resource group. This removes the private endpoint and all the related resources.
To delete the resource group, call the Remove-AzResourceGroup cmdlet:
Remove-AzResourceGroup -Name <your resource group name>
Next steps
- You can find more Azure Resource Manager templates for Azure App Service web apps in the ARM template samples.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for