How to integrate AppService with Subnet through ARM template

1
votes

I am setting up AppService integration with a specific subnet in VNet using arm template and terraform. It is throwing error and can someone help me pointing out what's wrong with the template?

I have already created Gateway, VNet with a dynamic IP address and 3 subnets with service endpoints enabled for Microsoft.Web through Terraform scripts. I cannot do App Service - VNet integration, so I am using "azurerm_template_deployment" to execute a specific arm template for this.

The ARM template I am executing

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "sites_uos_aue_web_web_name": {
      "defaultValue": "some-name-develop-web",
      "type": "string"
    },
    "serverfarms_externalid": {
      "defaultValue": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/SOME-Develop-ARG-App-WEB/providers/Microsoft.Web/serverfarms/some-name-develop-asp-web",
      "type": "string"
    },
    "virtual_network_name": {
      "type": "string",
      "defaultValue": "some-aue-develop-vnet-agw"
    },
    "subnet_resource_id": {
      "type": "string",
      "defaultValue": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/SOME-Develop-ARG-App-WEB/providers/Microsoft.Network/virtualNetworks/some-aue-develop-vnet-agw"
    }
  },
  "variables": {},
  "resources": [
    {
      "name": "[parameters('sites_uos_aue_web_web_name')]",
      "type": "Microsoft.Web/sites",
      "apiVersion": "2018-11-01",
      "kind": "app",
      "location": "Asia East",
      "properties": {
        "enabled": true,
        "hostNameSslStates": [
          {
            "name": "[concat(parameters('sites_uos_aue_web_web_name'), '.azurewebsites.net')]",
            "sslState": "Disabled",
            "hostType": "Standard"
          },
          {
            "name": "[concat(parameters('sites_uos_aue_web_web_name'), '.scm.azurewebsites.net')]",
            "sslState": "Disabled",
            "hostType": "Repository"
          }
        ],
        "serverFarmId": "[parameters('serverfarms_externalid')]",
        "reserved": false,
        "requestTracingEnabled": true,
        "httpLoggingEnabled": true,
        "detailedErrorLoggingEnabled": true,
        "vnetName": "[parameters('virtual_network_name')]"
      },    
      "resources": []
    },
    {
      "type": "Microsoft.Web/sites/config",
      "apiVersion": "2018-11-01",
      "name": "[concat(parameters('sites_uos_aue_web_stepupweb_name'), '/web')]",
      "location": "Australia East",
      "dependsOn": [
        "[resourceId('Microsoft.Web/sites', parameters('sites_uos_aue_web_web_name'))]"
      ],
      "properties": {
        "requestTracingEnabled": true,
        "requestTracingExpirationTime": "9999-12-31T23:59:00Z",
        "httpLoggingEnabled": true,
        "logsDirectorySizeLimit": 35,
        "detailedErrorLoggingEnabled": true,
        "scmType": "LocalGit",
        "vnetName": "[parameters('virtual_network_name')]",
        "ipSecurityRestrictions": [
          {
            "vnetSubnetResourceId": "[concat(parameters('subnet_resource_id'), '/subnets/frontend')]",
            "action": "Allow",
            "name": "FrontendSubnetAccess"
          }
        ]
      }
    }
  ]
}

While executing I am getting the following error

Error: Error waiting for deployment: Code="DeploymentFailed" Message="At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details." Details=[{"code":"NotFound","message":"{\r\n \"error\": {\r\n \"code\": \"BadRequest\",\r\n \"message\": \"\"\r\n }\r\n}"}]

Any pointers?

2
azureterraformarm-templateterraform-provider-azure

2 Answers

4
votes

If you want to integrate Azure Vnet with Azure app service, you can refer to the following ARM template :

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "environmentName": {
      "type": "string"
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Location for all resources."
      }
    }
  },
  "variables": {
    "entropy": "[uniqueString(resourceGroup().id, parameters('environmentName'))]",

    "vnetName": "[concat(parameters('environmentName'), 'vnet')]",
    "vnetPrefix": "10.0.0.0/8",

    "subnetName": "WebAppSubnet",
    "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vnetName'), variables('subnetName'))]",
    "subnetPrefix": "10.0.0.0/24",



    "appServicePlanName": "[concat(parameters('environmentName'), 'asp')]",
    "webAppName": "[concat(parameters('environmentName'), variables('entropy'))]"
  },
  "resources": [
    {
      "apiVersion": "2018-04-01",
      "type": "Microsoft.Network/virtualNetworks",
      "name": "[variables('vnetName')]",
      "location": "[parameters('location')]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[variables('vnetPrefix')]"
          ]
        },
        "subnets": [
          {
            "name": "[variables('subnetName')]",
            "properties": {
              "addressPrefix": "[variables('subnetPrefix')]",
              "serviceEndpoints": [
                {
                  "service": "Microsoft.Storage"
                }
              ],
              "delegations": [
                {
                  "name": "webapp",
                  "properties": {
                    "serviceName": "Microsoft.Web/serverFarms",
                    "actions": [
                      "Microsoft.Network/virtualNetworks/subnets/action"
                    ]
                  }
                }
              ]
            }
          }
        ]
      }
    },
      {
        "apiVersion": "2017-08-01",
        "type": "Microsoft.Web/serverfarms",
        "kind": "app",
        "name": "[variables('appServicePlanName')]",
        "location": "[parameters('location')]",
        "properties": {},
        "dependsOn": [],
        "sku": {
          "name": "S1"
        }
      },
      {
        "apiVersion": "2016-08-01",
        "type": "Microsoft.Web/sites",
        "kind": "app",
        "name": "[variables('webAppName')]",
        "location": "[parameters('location')]",
        "properties": {
          "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
        },
        "resources": [
            {
                "name": "virtualNetwork",
                "type": "config",
                "apiVersion": "2018-02-01",
                "location": "[parameters('location')]",
                "dependsOn": [
                  "[concat('Microsoft.Web/sites/', variables('WebAppName'))]",
                  "[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]"
                ],
                "properties":
                {
                    "subnetResourceId": "[variables('subnetRef')]",
                    "swiftSupported": true
                }
              }
        ],
        "dependsOn": [
          "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
        ]
      }
  ]
}

For more details, please refer to the issue on github

0
votes

Azure has two versions of VNet Integration features. One version enables integration with VNets in the same region, the other version enables integration with VNets in other regions or with Classic VNets but required Virtual Network Gateway. It seems that you use gateway required VNet Integration. You need to include Microsoft.Web/sites/virtualNetworkConnections resource to your JSON template.

As I can see, you have a mistake in this paragraph, 

 "type": "Microsoft.Web/sites/config",
      "apiVersion": "2018-11-01",
      "name": "[concat(parameters('sites_uos_aue_web_stepupweb_name'), '/web')]",

It should be "name": "[concat(parameters('sites_uos_aue_web_web_name'), '/web').

In your case, you could add the virtual network (which has a VNet gateway enable) parameter and reference from this:

 "virtualNetworks_test_externalid": {
            "defaultValue": "/subscriptions/xxx/resourceGroups/xx/providers/Microsoft.Network/virtualNetworks/test",
            "type": "string"
        }

And add resource Microsoft.Web/sites/virtualNetworkConnections

{
        "type": "Microsoft.Web/sites/virtualNetworkConnections",
        "apiVersion": "2016-08-01",
        "name": "[concat(parameters('sites_uos_aue_web_web_name'), '/test')]",
        "location": "Central US",
        "dependsOn": [
            "[resourceId('Microsoft.Web/sites', parameters('sites_uos_aue_web_web_name'))]"
        ],
        "properties": {
            "vnetResourceId": "[parameters('virtualNetworks_test_externalid')]",
            "resyncRequired": false,
            "isSwift": true

        }
    }