Create an App Service app and deploy Private Endpoint using PowerShell
This sample script creates an app in App Service with its related resources, and then deploys a Private Endpoint.
Sample script
# Parameters
$sitename="mywebapp-$(Get-Random)"
$appserviceplanname="ASP-"+$sitename
$resourcegroupname="RG-"+$sitename
$VNetname="VNet-$(Get-Random)"
$location="chinaeast2"
$privateendpointsubnetname = "privateEndpointSubnet"
# Create a resource group.
New-AzResourceGroup -Name $resourcegroupname -Location $location
# Create an App Service plan in PremiumV2 tier.
$asp = New-AzAppServicePlan -Name $appserviceplanname `
-Location $location `
-ResourceGroupName $resourcegroupname `
-Tier PremiumV2 `
-NumberofWorkers 1 `
-WorkerSize Small
# Create a web app.
$webApp = New-AzWebApp -Name $sitename `
-Location $location `
-AppServicePlan $appserviceplanname `
-ResourceGroupName $resourcegroupname
# Create a Virtual Network with two subnets
$integrationsubnet = New-AzVirtualNetworkSubnetConfig -Name "integrationSubnet" `
-AddressPrefix "10.8.1.0/24"
$privateendpointsubnet = New-AzVirtualNetworkSubnetConfig -Name $privateendpointsubnetname `
-AddressPrefix "10.8.2.0/24" `
-PrivateEndpointNetworkPoliciesFlag Disabled
$virtualNetwork = New-AzVirtualNetwork -Name $VNetname `
-ResourceGroupName $resourcegroupname `
-Location $location -AddressPrefix "10.8.0.0/16" `
-Subnet $integrationsubnet,$privateendpointsubnet
# Configure the Private Endpoint
$privateEndPointConnection = New-AzPrivateLinkServiceConnection -Name "myPrivateEndpointconnection" `
-PrivateLinkServiceID $webApp.Id `
-GroupId sites
$subnet = $virtualNetwork | select -ExpandProperty subnets | Where-Object {$_.Name -eq $privateendpointsubnetname}
$privateEndpoint = New-AzPrivateEndpoint -Name "myPrivateEndpoint" `
-ResourceGroupName $resourcegroupname `
-Location $location `
-Subnet $subnet `
-PrivateLinkServiceConnection $privateEndPointConnection
# Configure the Private DNS zone
$dnsZone = New-AzPrivateDnsZone -Name "privatelink.chinacloudsites.cn" `
-ResourceGroupName $resourcegroupname
$dnsLink = New-AzPrivateDnsVirtualNetworkLink -Name "myDNSLink" `
-ResourceGroupName $resourcegroupname `
-ZoneName "privatelink.chinacloudsites.cn" `
-VirtualNetworkId $virtualNetwork.Id
$dnsConfig = New-AzPrivateDnsZoneConfig -Name "privatelink.chinacloudsites.cn" `
-PrivateDnsZoneId $dnsZone.ResourceId
$dnsZoneGroup = New-AzPrivateDnsZoneGroup -Name "myZoneGroup" `
-ResourceGroupName $resourcegroupname `
-PrivateEndpointName $privateEndpoint.Name `
-PrivateDnsZoneConfig $dnsConfig
Clean up deployment
After the script sample has been run, the following command can be used to remove the resource group, web app, and all related resources.
Remove-AzResourceGroup -Name myResourceGroup -Force
Script explanation
This script uses the following commands. Each command in the table links to command specific documentation.
| Command | Notes |
|---|---|
| New-AzResourceGroup | Creates a resource group in which all resources are stored. |
| New-AzAppServicePlan | Creates an App Service plan. |
| New-AzWebApp | Creates a web app. |
| New-AzVirtualNetworkSubnetConfig | Creates a virtual network subnet configuration. |
| New-AzVirtualNetwork | Creates a virtual network. |
| New-AzPrivateLinkServiceConnection | Creates a private link service connection configuration. |
| New-AzPrivateEndpoint | Creates a private endpoint. |
| New-AzPrivateDnsZone | Creates a new private DNS zone. |
| New-AzPrivateDnsVirtualNetworkLink | Creates a new private DNS virtual network link. |
| New-AzPrivateDnsZoneConfig | Creates DNS zone configuration of the private dns zone group. |
| New-AzPrivateDnsZoneGroup | Creates a private DNS zone group in the specified private endpoint. |
Next steps
- For more information on the Azure PowerShell module, see Azure PowerShell documentation.
- Additional Azure PowerShell samples for Azure App Service Web Apps can be found in the Azure PowerShell samples.