This example deploys a Tier 3 environment to support an Application Service Environment, App Service, and Application Gateway Integration.
Read on to understand what this example does, and when you're ready, collect all of the pre-requisites, then deploy the example.
- An exisiting Mission Landing Zone (MLZ) hub and spoke deployment
- You must have Owner RBAC permissions to the subscription(s) you deploy the Tier 3 Spoke with Mission Landing Zone into.
- A certificate to be used with the web app as a PFX uploaded to the storage account in the MLZ hub
- When testing in a dev environment a self-signed certificate generated from a Key Vault with CN=*.appserviceenvironment.us will be sufficient
Permissions: Ensure the principal deploying the solution has "Owner" and "Key Vault Administrator" roles assigned on the target Azure subscription. This solution contains many role assignments at different scopes so the principal deploying this solution will need to be an Owner at the subscription scope for a successful deployment. It also deploys a key and secrets in a key vault to enhance security. A custom role may be used to reduce the scope of permisions required.
Az.Accounts 2.13.0 PowerShell Module
Az.Automation 1.9.0 PowerShell Module
Az.Keyvault 4.11.0 PowerShell Module
Az.Network 6.2.0 PowerShell Module
Az.Resources 6.6.0 PowerShell Module
Az.Compute 5.7.0 PowerShell Module
Use the PowerSHell example below to create a template spec.
Create and deploy template spec
[CmdletBinding(SupportsShouldProcess)]
param (
[Parameter(Mandatory)]
[string]$TemplateSpecName,
[Parameter(Mandatory)]
[string]$Location,
[Parameter(Mandatory)]
[string]$ResourceGroupName
)
New-AzTemplateSpec `
-Name $TemplateSpecName `
-ResourceGroupName $ResourceGroupName `
-Version '1.0' `
-Location $Location `
-DisplayName "Application Gateway Spoke Environment" `
-TemplateFile '.\main.json' `
-UIFormDefinitionFile '.\uiDefinition.json' `
-Force
Upload, download, and list blobs with the Azure portal
Create certificates to allow the backend with Azure Application Gateway
Generate an Azure Application Gateway self-signed certificate with a custom root CA