Manage web traffic with Azure PowerShell
This script creates an application gateway that uses a virtual machine scale set for backend servers. The application gateway can then be configured to manage web traffic. After running the script, you can test the application gateway using its public IP address.
This sample requires Azure PowerShell. Run Get-Module -ListAvailable Az to find the version.
If you need to install or upgrade, see Install Azure PowerShell module.
Run the Connect-AzAccount cmdlet to connect to Azure.
If you don't have an Azure subscription, create an Azure free account before you begin.
Sample script
# Create a resource group
New-AzResourceGroup -Name myResourceGroupAG -Location eastus
# Create network resources
$backendSubnetConfig = New-AzVirtualNetworkSubnetConfig `
-Name myBackendSubnet `
-AddressPrefix 10.0.1.0/24
$agSubnetConfig = New-AzVirtualNetworkSubnetConfig `
-Name myAGSubnet `
-AddressPrefix 10.0.2.0/24
$vnet = New-AzVirtualNetwork `
-ResourceGroupName myResourceGroupAG `
-Location eastus `
-Name myVNet `
-AddressPrefix 10.0.0.0/16 `
-Subnet $backendSubnetConfig, $agSubnetConfig
$pip = New-AzPublicIpAddress `
-ResourceGroupName myResourceGroupAG `
-Location eastus `
-Name myAGPublicIPAddress `
-AllocationMethod Dynamic
# Create IP configurations and frontend port
$vnet = Get-AzVirtualNetwork `
-ResourceGroupName myResourceGroupAG `
-Name myVNet
$subnet=$vnet.Subnets[0]
$gipconfig = New-AzApplicationGatewayIPConfiguration `
-Name myAGIPConfig `
-Subnet $subnet
$fipconfig = New-AzApplicationGatewayFrontendIPConfig `
-Name myAGFrontendIPConfig `
-PublicIPAddress $pip
$frontendport = New-AzApplicationGatewayFrontendPort `
-Name myFrontendPort `
-Port 80
# Create the backend pool and settings
$defaultPool = New-AzApplicationGatewayBackendAddressPool `
-Name appGatewayBackendPool
$poolSettings = New-AzApplicationGatewayBackendHttpSettings `
-Name myPoolSettings `
-Port 80 `
-Protocol Http `
-CookieBasedAffinity Enabled `
-RequestTimeout 120
# Create the default listener and rule
$defaultlistener = New-AzApplicationGatewayHttpListener `
-Name mydefaultListener `
-Protocol Http `
-FrontendIPConfiguration $fipconfig `
-FrontendPort $frontendport
$frontendRule = New-AzApplicationGatewayRequestRoutingRule `
-Name rule1 `
-RuleType Basic `
-HttpListener $defaultlistener `
-BackendAddressPool $defaultPool `
-BackendHttpSettings $poolSettings
# Create the application gateway
$sku = New-AzApplicationGatewaySku `
-Name WAF_Medium `
-Tier WAF `
-Capacity 2
$appgw = New-AzApplicationGateway `
-Name myAppGateway `
-ResourceGroupName myResourceGroupAG `
-Location eastus `
-BackendAddressPools $defaultPool `
-BackendHttpSettingsCollection $poolSettings `
-FrontendIpConfigurations $fipconfig `
-GatewayIpConfigurations $gipconfig `
-FrontendPorts $frontendport `
-HttpListeners $defaultlistener `
-RequestRoutingRules $frontendRule `
-Sku $sku
# Create a virtual machine scale set
$vnet = Get-AzVirtualNetwork `
-ResourceGroupName myResourceGroupAG `
-Name myVNet
$appgw = Get-AzApplicationGateway `
-ResourceGroupName myResourceGroupAG `
-Name myAppGateway
$backendPool = Get-AzApplicationGatewayBackendAddressPool `
-Name appGatewayBackendPool `
-ApplicationGateway $appgw
$ipConfig = New-AzVmssIpConfig `
-Name myVmssIPConfig `
-SubnetId $vnet.Subnets[1].Id `
-ApplicationGatewayBackendAddressPoolsId $backendPool.Id
$vmssConfig = New-AzVmssConfig `
-Location eastus `
-SkuCapacity 2 `
-SkuName Standard_DS2 `
-UpgradePolicyMode Automatic
Set-AzVmssStorageProfile $vmssConfig `
-ImageReferencePublisher MicrosoftWindowsServer `
-ImageReferenceOffer WindowsServer `
-ImageReferenceSku 2016-Datacenter `
-ImageReferenceVersion latest
-OsDiskCreateOption FromImage
Set-AzVmssOsProfile $vmssConfig `
-AdminUsername azureuser `
-AdminPassword "Azure123456!" `
-ComputerNamePrefix myvmss
Add-AzVmssNetworkInterfaceConfiguration `
-VirtualMachineScaleSet $vmssConfig `
-Name myVmssNetConfig `
-Primary $true `
-IPConfiguration $ipConfig
New-AzVmss `
-ResourceGroupName myResourceGroupAG `
-Name myvmss `
-VirtualMachineScaleSet $vmssConfig
# Install IIS
$publicSettings = @{ "fileUris" = (,"https://raw.githubusercontent.com/davidmu1/samplescripts/master/appgatewayurl.ps1");
"commandToExecute" = "powershell -ExecutionPolicy Unrestricted -File appgatewayurl.ps1" }
$vmss = Get-AzVmss -ResourceGroupName myResourceGroupAG -VMScaleSetName myvmss
Add-AzVmssExtension -VirtualMachineScaleSet $vmss `
-Name "customScript" `
-Publisher "Microsoft.Compute" `
-Type "CustomScriptExtension" `
-TypeHandlerVersion 1.8 `
-Setting $publicSettings
Update-AzVmss `
-ResourceGroupName myResourceGroupAG `
-Name myvmss `
-VirtualMachineScaleSet $vmss
# Get the IP address
Get-AzPublicIPAddress -ResourceGroupName myResourceGroupAG -Name myAGPublicIPAddress
Clean up deployment
Run the following command to remove the resource group, application gateway, and all related resources.
Remove-AzResourceGroup -Name myResourceGroupAG
Script explanation
This script uses the following commands to create the deployment. Each item in the table links to command specific documentation.
| Command | Notes |
|---|---|
| New-AzResourceGroup | Creates a resource group in which all resources are stored. |
| New-AzVirtualNetworkSubnetConfig | Creates the subnet configuration. |
| New-AzVirtualNetwork | Creates the virtual network using with the subnet configurations. |
| New-AzPublicIpAddress | Creates the public IP address for the application gateway. |
| New-AzApplicationGatewayIPConfiguration | Creates the configuration that associates a subnet with the application gateway. |
| New-AzApplicationGatewayFrontendIPConfig | Creates the configuration that assigns a public IP address to the application gateway. |
| New-AzApplicationGatewayFrontendPort | Assigns a port to be used to access the application gateway. |
| New-AzApplicationGatewayBackendAddressPool | Creates a backend pool for an application gateway. |
| New-AzApplicationGatewayBackendHttpSettings | Configures settings for a backend pool. |
| New-AzApplicationGatewayHttpListener | Creates a listener. |
| New-AzApplicationGatewayRequestRoutingRule | Creates a routing rule. |
| New-AzApplicationGatewaySku | Specify the tier and capacity for an application gateway. |
| New-AzApplicationGateway | Create an application gateway. |
| Set-AzVmssStorageProfile | Create a storage profile for the scale set. |
| Set-AzVmssOsProfile | Define the operating system for the scale set. |
| Add-AzVmssNetworkInterfaceConfiguration | Define the network interface for the scale set. |
| New-AzVmss | Create a virtual machine scale set. |
| Get-AzPublicIPAddress | Gets the public IP address of an application gateway. |
| Remove-AzResourceGroup | Removes a resource group and all resources contained within. |
Next steps
For more information on the Azure PowerShell module, see Azure PowerShell documentation.
Additional application gateway PowerShell script samples can be found in the Azure Application Gateway documentation.