Start-AzFrontDoorCdnProfilePrepareMigration
Migrate the classic AFD instance to Azure Front Door(Standard/Premium) profile. MigrationWebApplicationFirewallMapping should be associated if the front door has WAF policy. Managed Identity should be associated if the frontdoor has Customer Certificates. The change need to be committed after this.
Syntax
Start-AzFrontDoorCdnProfilePrepareMigration
-ResourceGroupName <String>
[-SubscriptionId <String>]
-ClassicResourceReferenceId <String>
-ProfileName <String>
-SkuName <SkuName>
[-MigrationWebApplicationFirewallMapping <IMigrationWebApplicationFirewallMapping[]>]
[-IdentityType <ManagedServiceIdentityType>]
[-IdentityUserAssignedIdentity <Hashtable>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Migrate the classic AFD instance to Azure Front Door(Standard/Premium) profile. The change need to be committed after this.
Examples
Example 1: When a classic AFD instance associated without WAF policy and has no customer certificates.
Start-AzFrontDoorCdnProfilePrepareMigration -ResourceGroupName rgName -ClassicResourceReferenceId /subscriptions/testSubId/resourcegroups/rgName/providers/Microsoft.Network/Frontdoors/name -ProfileName name-migrated -SkuName Standard_AzureFrontDoor
MigratedProfileResourceId
-------------------------
/subscriptions/testSubId/resourceGroups/rgName/providers/Microsoft.Cdn/profiles/name-migratedWhen a classic AFD instance associated without WAF policy and has no customer certificates. Migrate the classic AFD to Azure Front Door(Standard/Premium) profile.. The change need to be committed after this.
Example 2: When a classic AFD instance associated with WAF and copy to a new WAF policy.
$wafMapping = New-AzFrontDoorCdnMigrationWebApplicationFirewallMappingObject -MigratedFromId /subscriptions/testSubId/resourcegroups/rgName01/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/waf01 -MigratedToId /subscriptions/testSubId/resourcegroups/rgName/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/newWAFName
Start-AzFrontDoorCdnProfilePrepareMigration -ResourceGroupName rgName -ClassicResourceReferenceId /subscriptions/testSubId/resourcegroups/rgName/providers/Microsoft.Network/Frontdoors/name -ProfileName name-migrated -SkuName Standard_AzureFrontDoor -MigrationWebApplicationFirewallMapping $wafMapping
MigratedProfileResourceId
-------------------------
/subscriptions/testSubId/resourceGroups/rgName/providers/Microsoft.Cdn/profiles/name-migratedWhen a classic AFD instance associated with WAF and copy to a new WAF policy. The new WAF policy should be created in the same subscription and resource group with the classic AFD instance's. Migrate classic AFD to Azure Front Door(Standard/Premium) profile.. The change need to be committed after this.
Example 3: When a classic AFD instance associated with WAF and select an existing WAF policy.
$wafMapping = New-AzFrontDoorCdnMigrationWebApplicationFirewallMappingObject -MigratedFromId /subscriptions/testSubId/resourcegroups/rgName01/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/waf01 -MigratedToId /subscriptions/testSubId/resourcegroups/rgName02/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/existingWAFName
Start-AzFrontDoorCdnProfilePrepareMigration -ResourceGroupName rgName -ClassicResourceReferenceId /subscriptions/testSubId/resourcegroups/rgName/providers/Microsoft.Network/Frontdoors/name -ProfileName name-migrated -SkuName Standard_AzureFrontDoor -MigrationWebApplicationFirewallMapping $wafMapping
MigratedProfileResourceId
-------------------------
/subscriptions/testSubId/resourceGroups/rgName/providers/Microsoft.Cdn/profiles/name-migratedWhen a classic AFD instance associated with WAF and select an existing WAF policy. You could only select the WAF policy located in the same subscription with the classic AFD instance's. Migrate the classic AFD to Azure Front Door(Standard/Premium) profile.. The change need to be committed after this.
Example 4: When a classic AFD instance associated with more than one WAF policy and has no customer certificates.
$wafMapping1 = New-AzFrontDoorCdnMigrationWebApplicationFirewallMappingObject -MigratedFromId /subscriptions/testSubId/resourcegroups/rgName01/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/waf01 -MigratedToId /subscriptions/testSubId/resourcegroups/rgName01/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/waf01test
$wafMapping2 = New-AzFrontDoorCdnMigrationWebApplicationFirewallMappingObject -MigratedFromId /subscriptions/testSubId/resourcegroups/rgName02/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/waf02 -MigratedToId /subscriptions/testSubId/resourcegroups/rgName02/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/waf02test
# enable Managed Identity via SystemAssigned and UserAssigned
$identityType = "SystemAssigned, UserAssigned"
# UserIdentity information
$userInfo = @{
"/subscriptions/testSubId/resourceGroups/rgName01/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity01" = @{}
"/subscriptions/testSubId/resourceGroups/rgName02/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity02" = @{}
}
Start-AzFrontDoorCdnProfilePrepareMigration -ResourceGroupName rgName -ClassicResourceReferenceId /subscriptions/testSubId/resourcegroups/rgName/providers/Microsoft.Network/Frontdoors/name -ProfileName name-migrated -SkuName Premium_AzureFrontDoor -MigrationWebApplicationFirewallMapping @($wafMapping1, $wafMapping2) -IdentityType $identityType -IdentityUserAssignedIdentity $userInfo
MigratedProfileResourceId
-------------------------
/subscriptions/testSubId/resourceGroups/rgName/providers/Microsoft.Cdn/profiles/name-migratedWhen a classic AFD instance associated with more than one WAF policy and has no customer certificates. Migrate the classic AFD to Azure Front Door(Standard/Premium) profile.. The change need to be committed after this.
Example 5: When a classic AFD instance not associated with WAF and has no customer certificate, and the subscription of the classic AFD instance is different from the local subscrition.
Start-AzFrontDoorCdnProfilePrepareMigration -ResourceGroupName rgName -ClassicResourceReferenceId /subscriptions/testSubId01/resourcegroups/rgName/providers/Microsoft.Network/Frontdoors/name -ProfileName name-migrated -SkuName Standard_AzureFrontDoor -SubscriptionId testSubId01
MigratedProfileResourceId
-------------------------
/subscriptions/testSubId/resourceGroups/rgName/providers/Microsoft.Cdn/profiles/name-migratedWhen a classic AFD instance not associated with WAF and has no customer certificate, and the subscription of the classic AFD instance is different from the local subscrition. Migrate the classic AFD to Azure Front Door(Standard/Premium) profile.. The change need to be committed after this.
Parameters
-AsJob
Run the command as a job
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ClassicResourceReferenceId
Resource ID of the classic front door instance.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | PSObject |
| Aliases: | AzureRMContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IdentityType
Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed).
| Type: | ManagedServiceIdentityType |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IdentityUserAssignedIdentity
The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests.
| Type: | Hashtable |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-MigrationWebApplicationFirewallMapping
Waf mapping for the migrated profile To construct, see NOTES section for MIGRATIONWEBAPPLICATIONFIREWALLMAPPING properties and create a hash table.
| Type: | IMigrationWebApplicationFirewallMapping[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-NoWait
Run the command asynchronously
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProfileName
Name of the new AFD Standard/Premium profile that need to be created.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceGroupName
Name of the Resource group within the Azure subscription.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SkuName
Name of the pricing tier.
| Type: | SkuName |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SubscriptionId
Azure Subscription ID.
| Type: | String |
| Position: | Named |
| Default value: | (Get-AzContext).Subscription.Id |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Outputs
Azure PowerShell