CI Deployment with Restricted Access to AppService

Krzysztof Świdrak 166 Reputation points
2023-02-08T18:03:28.3566667+00:00

Hello,
Is there a way for CI/CD deployment from GitHub actions to AppService with enabled Access Restrictions?

As example having site on appservice with appgateway in front and by default restrict public access except the one from appgateway.

As I have seen the actions on GH work with default *.azurewebsites.net domain instead of being able to provide any custom one.

Any hints?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,039 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. brtrach-MSFT 16,686 Reputation points Microsoft Employee
    2023-02-09T01:07:45.89+00:00

    Yes, you can deploy your code to Azure App Service from a CI/CD pipeline with GitHub Actions while also enabling access restrictions. One way to do this is by using a service principal or Open ID Connect for authentication. You can also use a publish profile, but this method requires more steps.

    You can also use service endpoints to restrict access to selected Azure virtual network subnets. You can specify the Subscription, Virtual Network, and Subnet in the Azure portal, and match it with what you want to restrict access to.

    Another way to restrict access is by using a service tag-based rule. In the Type drop-down list, select Service Tag. All available service tags are supported in access restriction rules. Each service tag represents a list of IP ranges from Azure services.

    A more premium offering is using an App Service Environment to enable publishing to an App Service Environment by installing the GitHub Actions for Azure App Service extension. This extension allows you to deploy to an App Service Environment and configure custom domains.

    Please let us know if you have further questions or concerns.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.