Develop Reference

ARM Template for to configure App Services with new VNet Integration feature?

I am working on ARM Templates, I have created the template file with two or more azure app services along with app service plan and then configured with VNET Integration of each app service.
This is sample JSON code:
{
"comments": "Web-App-01",
"name": "[variables('app_name_01')]",
"type": "Microsoft.Web/sites",
"location": "[variables('location')]",
"apiVersion": "2016-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('asp_name_01'))]"
],
"tags": {
"displayName": "[variables('app_name_01')]"
},
"properties": {
"name": "[variables('app_name_01')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('asp_name_01'))]",
"siteConfig": {
"alwaysOn": true
}
},
"resources": [
{
"type": "Microsoft.Web/sites/virtualNetworkConnections",
"name": "[concat(variables('app_name_01'), '/', variables('vnet_connection_name'),uniqueString('asdsdaxsdsd'))]",
"apiVersion": "2016-08-01",
"location": "[variables('location')]",
"properties": {
"vnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vm_vnet_name'), variables('web_subnet_name'))]"
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('app_name_01'))]",
"[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vm_vnet_name'), variables('web_subnet_name'))]"
]
}
]
},
{
"comments": "Web-App-02",
"name": "[variables('app_name_02')]",
"type": "Microsoft.Web/sites",
"location": "[variables('location')]",
"apiVersion": "2016-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('asp_name_02'))]"
],
"tags": {
"displayName": "[variables('app_name_02')]"
},
"properties": {
"name": "[variables('app_name_02')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('asp_name_01'))]",
"siteConfig": {
"alwaysOn": true
}
},
"resources": [
{
"type": "Microsoft.Web/sites/virtualNetworkConnections",
"name": "[concat(variables('app_name_02'), '/', variables('vnet_connection_name'),uniqueString('asdsdaxsdsd'))]",
"apiVersion": "2016-08-01",
"location": "[variables('location')]",
"properties": {
"vnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vm_vnet_name'), variables('web_subnet_name'))]"
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('app_name_02'))]",
"[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vm_vnet_name'), variables('web_subnet_name'))]"
]
}
]
}
The above code works fine for few azure app services, but for the rest of the app services I am getting internal server error or Conflict or Bad Request during VNET Integration of Azure App Service.
Note: When I deployed the above the JSON Code, the old VNET
integration is configured instead of New VNET (Preview) feature. So, I need to configure New VNET (Preview) feature for each app service.
So, can anyone suggest me how to resolve the above issue.

I've found a working example for this on an Azure Docs GitHub post:
How do we integrate the new vnet integrartion with ARM templates?
Seems to work a different way with the new VNet integration which uses a Microsoft.Web/sites/config sub-resource named virtualNetwork instead of the Microsoft.Web/sites/virtualNetworkConnections sub-resource
As well as a few requirements that need to be set on the target subnet / vnet (described in the link). The integration piece looks something like this:
{
"apiVersion": "2018-02-01",
"type": "Microsoft.Web/sites",
"name": "[parameters('appName')]",
"location": "[resourceGroup().location]",
...
"resources": [
{
"name": "virtualNetwork",
"type": "config",
"apiVersion": "2018-02-01",
"location": "[resourceGroup().location]",
"properties": {
"subnetResourceid": "[parameters('subnetResourceId')]",
"swiftSupported": true
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('appName'))]"
]
}
]
},
Apart from this I've not found much else documented, except for a reference to it in the azure-rest-api-specs which has the "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/networkConfig/virtualNetwork" endpoint defined:
azure-rest-api-specs / WebApps.json
It also seems (as the spec suggests) replacing "type": "config" with "type": "networkConfig" also works.

I've talked to a Prem Engineer of Microsoft.
The Key is to replace the Automation Template
{
"type": "Microsoft.Web/sites/virtualNetworkConnections",
"apiVersion": "2018-11-01",
"name": "[concat(parameters('sites_FelixOFA_name'), '/xxxxxxx_Functions')]",
"location": "West Europe",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('sites_FelixOFA_name'))]"
],
"properties": {
"vnetResourceId": "[concat(parameters('virtualNetworks_FelixODevPremNet_externalid'), '/subnets/Functions')]",
"isSwift": true
}
}
with
{
"type": "Microsoft.Web/sites/networkConfig",
"name": "[concat(parameters('webAppName'),'/VirtualNetwork')]",
"apiVersion": "2016-08-01",
"properties":
{
"subnetResourceId": "[parameters('subnetResourceId')]"
}
}
Where subnetResourceId is the resource id of their subnet – it should look like /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}

I tried to reach same functionality by Bicep file, finally using
virtualNetworkSubnetId:
worked for me.
For example:
resource webAppName_resource 'Microsoft.Web/sites#2020-12-01' = {
name: '${webAppName}'
location: location
properties: {
serverFarmId: appServicePlanPortalName.id
virtualNetworkSubnetId: '${vnetDeploy_module.outputs.vnetid}/subnets/${vnetDeploy_module.outputs.subnetname}'
siteConfig: {
linuxFxVersion: linuxFxVersion
minTlsVersion: minTlsVersion
http20Enabled: http20Enabled
}
httpsOnly: httpsOnly
}
}
See templates in https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/app-service-regional-vnet-integration.
Result in ARM is:
{
"type": "Microsoft.Web/sites",
"apiVersion": "2021-01-01",
"name": "[parameters('appName')]",
"location": "[parameters('location')]",
"kind": "app",
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"virtualNetworkSubnetId": "[reference(resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))).subnets[0].id]",
"httpsOnly": true,
"siteConfig": {
"vnetRouteAllEnabled": true,
"http20Enabled": true
}
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]"
]
}

To fix this, I simply changed the isSwift or swiftSupported option to false.

Azure RM Template. Deploy copy VM with unique secret from Key Vault

I would like to be able to create VMs amount of which I specify via parameters (achieved by copy) with different secret for each VM (ex. secret1 for VM1, secret2 for VM2, etc.) Here is a basic example of copy VM template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"numberOfVMs": {
"type": "int",
"defaultValue": 1,
"minvalue": 1
},
"vmAdminUserName": {
"type": "string",
"minLength": 1
},
"vmAdminPassword": {
"type": "securestring"
}
},
"variables": {
"storageAccountName": "[concat('stor567', uniqueString(resourceGroup().id))]",
"storageAccountType": "Standard_LRS",
"vmWindowsOSVersion": "2016-Datacenter",
"vnetPrefix": "10.0.0.0/16",
"vnetSubnet1Name": "Subnet-1",
"vnetSubnet1Prefix": "10.0.0.0/24",
"nicVnetID": "[resourceId('Microsoft.Network/virtualNetworks', 'vnet')]",
"nicSubnetRef": "[concat(variables('nicVnetID'), '/subnets/', variables('vnetSubnet1Name'))]",
"vmImagePublisher": "MicrosoftWindowsServer",
"vmImageOffer": "WindowsServer",
"vmVmSize": "Standard_DS1_v2",
"vmVnetID": "[resourceId('Microsoft.Network/virtualNetworks', 'vnet')]",
"vmSubnetRef": "[concat(variables('vmVnetID'), '/subnets/', variables('vnetSubnet1Name'))]",
"vmStorageAccountContainerName": "vhds"
},
"resources": [
{
"name": "[variables('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"location": "[resourceGroup().location]",
"apiVersion": "2015-06-15",
"dependsOn": [ ],
"properties": {
"accountType": "[variables('storageAccountType')]"
}
},
{
"name": "vnet",
"type": "Microsoft.Network/virtualNetworks",
"location": "[resourceGroup().location]",
"apiVersion": "2016-03-30",
"dependsOn": [ ],
"tags": {
"displayName": "vnet"
},
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('vnetPrefix')]"
]
},
"subnets": [
{
"name": "[variables('vnetSubnet1Name')]",
"properties": {
"addressPrefix": "[variables('vnetSubnet1Prefix')]"
}
}
]
}
},
{
"name": "[concat('NIC',copyindex())]",
"type": "Microsoft.Network/networkInterfaces",
"location": "[resourceGroup().location]",
"copy": {
"name": "nicLoop",
"count": "[parameters('numberOfVMs')]"
},
"apiVersion": "2016-03-30",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', 'vnet')]"
],
"tags": {
"displayName": "nic"
},
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('nicSubnetRef')]"
}
}
}
]
}
},
{
"name": "[concat('VM',copyindex())]",
"type": "Microsoft.Compute/virtualMachines",
"location": "[resourceGroup().location]",
"copy": {
"name": "virtualMachineLoop",
"count": "[parameters('numberOfVMs')]"
},
"apiVersion": "2015-06-15",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
"nicLoop"
],
"tags": {
"displayName": "vm"
},
"properties": {
"hardwareProfile": {
"vmSize": "[variables('vmVmSize')]"
},
"osProfile": {
"computerName": "[concat('VM',copyindex())]",
"adminUsername": "[parameters('vmAdminUsername')]",
"adminPassword": "[parameters('vmAdminPassword')]"
},
"storageProfile": {
"imageReference": {
"publisher": "[variables('vmImagePublisher')]",
"offer": "[variables('vmImageOffer')]",
"sku": "[variables('vmWindowsOSVersion')]",
"version": "latest"
},
"osDisk": {
"name": "vmOSDisk",
"vhd": {
"uri": "[concat(reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2016-01-01').primaryEndpoints.blob, variables('vmStorageAccountContainerName'), '/', 'VM',copyIndex(),'-','OSdisk.vhd')]"
},
"caching": "ReadWrite",
"createOption": "FromImage"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat('NIC',copyindex()))]"
}
]
}
}
}],
"outputs": {}
}
However, I'm struggling to integrate using of password as unique secrets from Key Vault in that template. If I use example from official documentation Reference a secret with static id VMs with secret1 for each VM will be created. And I can’t wrap Reference a secret with dynamic id into nested template because that would deploy my copied VMs again and again for the each number of VMs I would like to deploy. Please help me understand, how this challenge can be solved?

Links: Parent and Nested.
I'm not sure if that's what you meant (because i still think that i struggle to understand your problem).
These templates allow to deploy variable amount of vm's and use different keyvault keys as passwords for those. Example:
2 Windows VM's with one secret and 3 Ubuntu VM's with another
1 Windows VM with one secret and 4 Ubuntu VM's with another
You can easily extend that to other images, like centos.
As you can probably see after looking at the templates I'm using arrays and copyindex() to feed proper values where they belong.
Tell me if that's not what you are after. Be careful when using those, github raw links use some form of caching, so deploying from github might not work for you with errors, in that case just use the links I've provided (NOT RAW) to copy to local machine and upload to some service like pastebin, and deploy from there.

Create Azure blob/fileshare container through ARM template

I am looking a way to create a container in Azure blob & file-share storage through ARM template.
At present I have ARM template to provision the storage accounts, but I want to create containers also in ARM.
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"location": "[resourceGroup().location]",
"apiVersion": "[variables('storageApiVersion')]",
"sku": {
"name": "[variables('storageAccountType')]"
},
"dependsOn": [ ],
"tags": {
"Environment": "[parameters('Environment')]",
"Project": "[parameters('ProjectName')]",
"Contact": "[parameters('ContactName')]"
},
"kind": "Storage",
"properties": {
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {
"enabled": true
}
}
}
}
}

It is possible. Azure Management REST Api now has endpoints for Blob Containers: https://learn.microsoft.com/en-us/rest/api/storagerp/blobcontainers/create.
Since ARM Templates map to REST requests, we can create the following Template, containing a Blob Container as a nested resource below the Storage Account. Of course, you can also describe the Blob container in the toplevel resource array, following the usual rules.
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {
"accountName": "accountname",
"containerName": "containername"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('accountName')]",
"apiVersion": "2018-02-01",
"location": "westeurope",
"kind": "BlobStorage",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"tags": {},
"dependsOn": [],
"properties": {
"accessTier": "Cool"
},
"resources": [
{
"type": "blobServices/containers",
"apiVersion": "2018-03-01-preview",
"name": "[concat('default/', variables('containerName'))]",
"dependsOn": [
"[variables('accountName')]"
],
"properties": {
"publicAccess": "None"
}
}
]
}
]
}

No, you cant do that, consult this feedback item.
you can now create containers. https://stackoverflow.com/a/51608344/6067741

How do I automatically install New Relic extension using Azure ARM Template?

I am using a azure arm template to create a web app in azure. Now I need to install New Relic Extension in the webapps which will be created using this template. So I was unable to find specific json format. Please help me out!

Please have a try to add the json code snipped in the ARM template.
"resources": [
{
"apiVersion": "2015-08-01",
"name": "NewRelic.Azure.WebSites",
"type": "siteextensions",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]"
],
"properties": {
}
}
],
I created a demo for it. The following is my detail steps. About the name of the extension please refer to the NewRelic.Azure.WebSites.
1. Create an Azure Resource Group Project.
2. Select the Web App project template
3. Just demo for web site extension so I delete the unnecessary resource
4. Add the snipped code in the ARM template
5. Deploy the website via Visual Studio
6. Check the Website in the Azure portal
The demo ARM template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"hostingPlanName": {
"type": "string",
"minLength": 1
},
"skuName": {
"type": "string",
"defaultValue": "F1",
"allowedValues": [
"F1",
"D1",
"B1",
"B2",
"B3",
"S1",
"S2",
"S3",
"P1",
"P2",
"P3",
"P4"
],
"metadata": {
"description": "Describes plan's pricing tier and instance size. Check details at https://azure.microsoft.com/en-us/pricing/details/app-service/"
}
},
"skuCapacity": {
"type": "int",
"defaultValue": 1,
"minValue": 1,
"metadata": {
"description": "Describes plan's instance count"
}
}
},
"variables": {
"webSiteName": "[concat('webSite', uniqueString(resourceGroup().id))]"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[parameters('hostingPlanName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "HostingPlan"
},
"sku": {
"name": "[parameters('skuName')]",
"capacity": "[parameters('skuCapacity')]"
},
"properties": {
"name": "[parameters('hostingPlanName')]"
}
},
{
"apiVersion": "2015-08-01",
"name": "[variables('webSiteName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]": "Resource",
"displayName": "Website"
},
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]"
],
"resources": [
{
"apiVersion": "2015-08-01",
"name": "NewRelic.Azure.WebSites",
"type": "siteextensions",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]"
],
"properties": {
}
}
],
"properties": {
"name": "[variables('webSiteName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('hostingPlanName'))]"
}
}
]
}

"resources":[{
"apiVersion": "2018-11-01",
"name": "NewRelic.Azure.WebSites.Extension",
"type": "siteextensions",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('appServiceName'))]"
]
}]
The name is now NewRelic.Azure.Websites.Extension. You should give your App Service Name in the variable appServiceName in this case.

Configure deployment template for application insights premium teir

Here is my deployment template section for application insights. It works. But I want to deploy to a different pricing tier\quota. What is the right parameter for that?
{
"apiVersion": "2014-04-01",
"name": "[parameters('siteName')]",
"type": "Microsoft.Insights/components",
"location": "Central US",
"dependsOn": [
"[concat('Microsoft.Web/sites/', parameters('siteName'))]"
],
"tags": {
"[concat('hidden-link:', resourceGroup().id, '/providers/Microsoft.Web/sites/', parameters('siteName'))]": "Resource"
},
"properties": {
"ApplicationId": "[parameters('siteName')]",
"sku": "Premium"
}

You can now set the pricing tier and quota for app insights via an ARM template.
https://learn.microsoft.com/en-us/azure/application-insights/app-insights-powershell#create-an-azure-resource-manager-template

You can define a "sku" parameter in your deployment template and use it as your parameter to control the pricing tier for your AI resource.
The "sku" parameter will be used by your "serverFarm" resource type to determine App Service Hosting Plan tier for your resources under the hosting plan.
"parameters": {
"sku": {
"type": "string",
"allowedValues": [
"Free",
"Shared",
"Basic",
"Standard",
"Premium"
],
"defaultValue": "Premium"
}
}
{
"type": "Microsoft.Web/serverfarms",
"name": "[parameters('hostingPlanName')]",
"apiVersion": "2015-08-01",
"sku": {
"name": "P1",
"tier": "[parameters('sku')]"
},
"properties": {
"numberOfWorkers": "[parameters('numOfWorkers')]",
"workerSize": "[parameters('workerSize')]"
},
"location": "[resourceGroup().location]"
}
{
"apiVersion": "2014-04-01",
"name": "[parameters('siteName')]",
"type": "Microsoft.Insights/components",
"location": "Central US",
"dependsOn": [
"[concat('Microsoft.Web/sites/', parameters('siteName'))]"
],
"tags": {
"[concat('hidden-link:', resourceGroup().id, '/providers/Microsoft.Web/sites/', parameters('siteName'))]": "Resource"
},
"properties": {
"applicationId": "[parameters('siteName')]"
}
Update 1:
Based on the latest ARM template schema for Microsoft Application Insight, you could not define the tier property for it.
As I have highlighted before, the tier is only defined for the "serverFarm" or better known as App Service Hosting Plan resource.
Ref: azure-resource-manager-schemas/schemas/2014-04-01/Microsoft.Insights.json
"components": {
"type": "object",
"properties": {
"type": {
"enum": [
"Microsoft.Insights/components"
]
},
"apiVersion": {
"enum": [
"2014-04-01"
]
},
"properties": {
"type": "object",
"properties": {
"applicationId": {
"type": "string",
"minLength": 1,
"description": "Microsoft.Insights/components: applicationId"
}
}
}
},
"required": [
"type",
"apiVersion",
"properties",
"location"
],
"description": "Microsoft.Insights/components"
}