I am trying to configure Function App Private Key binding to a Key Vault connection using PowerShell
I can successfully do it with Portal as shown below
I have tried various iterations of the following command against the Function App and the App Service Plan but it seems this is not supported.
Import-AzWebAppKeyVaultCertificate -ResourceGroupName $ResourceGroupName -KeyVaultName $vaultName -CertName $CertName -WebAppName "Don't think this CMDLet Supports Azure Functions"
Can anyone suggest a workaround or the correct CMDLet for this?
When I configure it manually I can see it when I run
Get-AzWebAppCertificate
Managed to get it working with this:
$appServicePlan = Get-AzAppServicePlan -Name $AppServicePlanName -ResourceGroupName $ResourceGroupName;
$PropertiesObject = #{
keyVaultId = $keyVault.ResourceId
keyVaultSecretName = $ADServicePrincipalCertificateName
serverFarmId = $appServicePlan.Id
}
New-AzResource -Name $ADServicePrincipalCertificateName -Location $kv.Location -PropertyObject $PropertiesObject -ResourceGroupName $ResourceGroupName -ResourceType Microsoft.Web/certificates -ApiVersion 2015-08-01 -Force;
Related
I am trying to create a new Azure VM from PowerShell.
I am currently using the below script to create VM:
$location = "EastUS"
$rgName = "TestRG"
$credential = Get-Credential
New-AzResourceGroup -Name $rgName -Location $location
New-AzVm `
-ResourceGroupName $rgName `
-Name "TestVM" `
-Location $location `
-VirtualNetworkName "TestVnet" `
-SubnetName "TestSubnet" `
-SecurityGroupName "TestNsg" `
-PublicIpAddressName "TestPip" `
-OpenPorts 80,3389 `
-Credential $credential
Can anyone achieve installing applications from PowerShell into Azure VM while creating it? If it's possible, how to do that? Can anyone assist??
Thanks in Advance.
You can not install apllication or add extension to the VM while creating the VM . Once VM will be provisioned then only can only install the application or the add the extension.
You can refer this Micorosoft Document to install the Custom Script Extension Using Set-AzVMExtension.
I know it can be done using Azure CLI like this:
az webapp vnet-integration add -g $resourceGroupName -n $applicationName --vnet $vnetName --subnet $subnetName
Is there an equivalent command using PowerShell Az?
If you reference the docs at https://learn.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet, at the bottom is a link to the Script Center gallery where this is a full PS1 script at https://gallery.technet.microsoft.com/scriptcenter/Connect-an-app-in-Azure-ab7527e3 which shows how to integrate web app with vnet.
The final lines of interest (it uses AzureRM, but should be easy to convert to Az):
$PropertiesObject = #{
"vnetName" = $VirtualNetworkName; "vpnPackageUri" = $packageUri
}
New-AzureRmResource -Location $location -Properties $PropertiesObject -ResourceName "$($webAppName)/$($vnetName)/primary" -ResourceType "Microsoft.Web/sites/virtualNetworkConnections/gateways" -ApiVersion 2015-08-01 -ResourceGroupName $webAppResourceGroup -Force
Anyone aware of cmdlet for creating API App in powershell? I tried searching for it, but couldn't find anything. I think New-AzureRmWebApp is way to go by passing some type, has anyone idea about it?
As mentioned by evilSnobu in this link it worked with slight modification. So I am posting the answer if someone needs it.
# CREATE "just-an-api" API App
$ResourceLocation = "West US"
$ResourceName = "just-an-api"
$ResourceGroupName = "demo"
# If we want to create under a specific app plan, we need to pass the server farmid in format
$serverFarmId = "/subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/Microsoft.Web/serverfarms/<app_service_plan_name>;
#If nothing is passed inside $PropertiesObject, it create s default app service plan.
$PropertiesObject = #{"serverFarmId"=$serverFarmId}
New-AzureRmResource -Location $ResourceLocation `
-PropertyObject $PropertiesObject `
-ResourceGroupName $ResourceGroupName `
-ResourceType Microsoft.Web/sites `
-ResourceName "just-an-api" ` #removing $ResourceName, as either one is required.
-Kind 'api' `
-ApiVersion 2016-08-01 -Force
Previously Powershell module AzureRm.EventHub had Get-AzureRmEventHubNamespaceKey and it was easy to get the keys. now it is removed since powershell v5 . Now how can i get the EventHubNameSpace SAS Key. here's the list of powershell Get cmdlets i found in my machine.
Get-AzureRmEventHub
Get-AzureRmEventHubAuthorizationRule
Get-AzureRmEventHubConsumerGroup
Get-AzureRmEventHubGeoDRConfiguration
Get-AzureRmEventHubKey
Get-AzureRmEventHubNamespace
Get-AzureRmIotHubEventHubConsumerGroup
Thanks
You can use Invoke-AzureRmResourceAction to do that:
Invoke-AzureRmResourceAction -ResourceGroupName rgName -ResourceType Microsoft.EventHub/namespaces/AuthorizationRules -ResourceName eventhubName/RootManageSharedAccessKey -Action listKeys -ApiVersion 2015-08-01 -Force
Lightly related to How to add an SSL certificate to an azure website using powershell?
I am trying to add a certificate to an Azure RM website via Powershell.
I don't think there is a direct Azure Powershell command, and it will need to be done via New-AzureRmResource
In the latest release of Azure PowerShell v 1.1.0, there is a number of new commands to handle SSL certificates in Azure Web Apps
You can upload the certificate and bind it to hostname using
New-AzureRmWebAppSSLBinding -ResourceGroupName myresourcegroup -WebAppName mytestapp -CertificateFilePath PathToPfxFile -CertificatePassword PlainTextPwd -Name www.contoso.com
And then remove the binding but without removing the certificate, the app should be able to use it after you add a app setting referencing that cert (this should be done using the portal - the PowerShell command to do so will come soon - No ETA for now)
Remove-AzureRmWebAppSSLBinding -ResourceGroupName myresourcegroup -WebAppName mytestapp -Name www.contoso.com -DeleteCertificate $false
Looking through the ARM Template the "Microsoft.Web/certificates" template takes a pfxblob and a password.
It seems the easiest way of obtaining a pfxblob is via New-AzureRmApplicationGatewaySslCertificate (thanks to #vigneshaj for the pointer) reading the source, it seems that this is simply a local conversation cmdlet. So it doesn't matter that it is for an application gateway, all we need is the data it passes back.
$pfx = New-AzureRmApplicationGatewaySslCertificate -Name example `
-CertificateFile E:\PS\example.pfx `
-Password "bananas"
Once we have that data, we can simply plug it into New-AzureRmResource and it will create our certificate on Azure.
The small problem with this, is that if you're a cheapskate (like me) and you've obtained a free cert from that Chinese CA that gives sha256 certs, this process will strip off the certificate that signs pages with sha256, and so it falls back to TLS 1.2, which gives errors (on Chrome at least)
$ResourceLocation = "West Europe"
$ResourceName = "Newcertificate"
$PropertiesObject = #{
pfxBlob = $pfx.Data
password = $pfx.Password
}
New-AzureRmResource -Name $ResourceName -Location $ResourceLocation `
-PropertyObject $PropertiesObject `
-ResourceGroupName examplecomRG `
-ResourceType Microsoft.Web/certificates `
-ApiVersion 2015-08-01 -Force
The next job from there is configuring your Web App to use that cert. Because these properties are child objects of the hostNameSslStates array I created an inner hash table, and then attached that. I'm sure there's a more elegant way, but this worked!
$ResourceName = "ConfuseioWebapp"
$InnerPropertiesObject = #{
name = "www.example.com"
sslState = 1
thumbprint = "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
}
$PropertiesObject = #{
"hostNameSslStates" = [Object[]]$InnerPropertiesObject
}
New-AzureRmResource -Name $ResourceName `
-Location $ResourceLocation `
-PropertyObject $PropertiesObject `
-ResourceGroupName examplecomRG `
-ResourceType Microsoft.Web/sites `
-ApiVersion 2015-08-01 -Force
And that is pretty much it.
I came across the below article, which configures SSL through powershell, by creating Azure Application Gateway
https://azure.microsoft.com/en-us/documentation/articles/application-gateway-ssl/