Azure ARM SSL Binding using App service certificate - azure

I have a site with custom hostnames configured with hostnameBindings in the ARM template. This deploys fine.
I have also the SSL certificate created and verified from Azure, with the corresponding thumbprint.
In the Azure site I am also able to bind the certificate to the app service.
But when I use the ARM template to assign the SSL from the template in the hostnameBindings it gives an error that the certificate was not found...
I don't understand what goes wrong...
My guesses:
the certificate is in a different resource group so it cannot be
found, but in the template settings I cannot set the group.
in the Azure website before I can use the SSL I have to import, so maybe I am missing this step in the ARM template?
using wrong thumbprint?
In the hostnameBindings I am defining only the thumbprint and the sslState
Any idea which step I am missing?
thank you
UPDATE
My parameter json file:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.5.0.8",
"parameters": {
"baseResourceName": {
"value": "base-name"
},
"environments": {
"value": [
"preview"
]
},
"hostNames": {
"value": [
{
"name": "myhostname.example.com",
"sslState": "SniEnabled",
"thumbprint": "9897LKJL88KHKJH8888KLJLJLJLKJLJLKL4545"
},
{
"name": "myhostname2.example.com"
}
]
},
"ipSecurityRestrictions": {
"value": []
}
}
}
My template json file:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.5.0.8",
"parameters": {
"hostName": {
"defaultValue": [],
"type": "array",
"metadata": {
"description": "The custom hostnames of sites"
}
}
},
"variables": {
"standardPlanMaxAdditionalSlots": 4,
"appName": "[concat(parameters('baseResourceName'), '-private')]",
"appServicePlanName": "[concat(parameters('baseResourceName'), '-appServicePlan')]",
"appInsightName": "[concat(parameters('baseResourceName'), '-appInsight')]",
"ipSecurityRestrictions": "[parameters('ipSecurityRestrictions')]"
},
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"comments": "AppPlan for app.",
"sku": {
"name": "[if(lessOrEquals(length(parameters('environments')), variables('standardPlanMaxAdditionalSlots')), 'S1', 'P1')]"
},
"tags": {
"displayName": "AppServicePlan-Private"
},
"name": "[variables('appServicePlanName')]",
"kind": "app",
"apiVersion": "2016-09-01",
"location": "[resourceGroup().location]",
"properties": {},
"dependsOn": []
},
{
"type": "Microsoft.Web/sites",
"comments": "This is the private web app.",
"kind": "app",
"apiVersion": "2016-03-01",
"name": "[variables('appName')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "WebApp"
},
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"siteConfig": {
"appSettings": [],
"phpVersion": "",
"ipSecurityRestrictions": "[variables('ipSecurityRestrictions')]",
"http20Enabled": true,
"minTlsVersion": "1.2"
}
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"[resourceId('microsoft.insights/components/', variables('appInsightName'))]"
]
},
{
"type": "Microsoft.Web/sites/hostnameBindings",
"name": "[concat(variables('appName'), '/', parameters('hostName')[copyIndex()].Name)]",
"apiVersion": "2016-03-01",
"location": "[resourceGroup().location]",
"properties": "[parameters('hostName')[copyIndex()]]",
"condition": "[greater(length(parameters('hostName')), 0)]",
"copy": {
"name": "hostnameCopy",
"count": "[length(parameters('hostName'))]",
"mode": "Serial"
},
"dependsOn": [
"[concat('Microsoft.Web/sites/',variables('appName'))]"
]
}
]
}

completely unrelated, did you test your condition greater(..., 0) with zero length array? pretty sure it will blow up.
on the subject. i think you can maybe make it work if you link your certificate resource to the app service plan. so this is an operation that is performed on the certificate resource. this is totally possible if you use keyvault to store the certificate
{
"apiVersion": "2016-03-01",
"name": "[variables('certificateName')]",
"location": "[resourceGroup().location]",
"type": "Microsoft.Web/certificates",
"dependsOn": [
"[parameters('appServicePlan')]"
],
"properties": {
"keyVaultId": "kvResourceId",
"keyVaultSecretName": "secretName",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlan'))]"
}
}

Related

Deploy a web app and custom domain using bicep template

While deploying it to azure portal it's showing an error microsoft.web/serverforms
I have tried to deploy a web app and custom domain to azure portal using arm template. I want to deploy a web app with custom domain.
I have deploy a web app with custom domain using below Steps.
open Azure portal and search for custom deployment as use the below code.
Thanks #akhilthomsa011 for arm template.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
"webAppName": {
"type": "string",
"metadata": {
"description": "The name of the web app that you wish to create."
}
},
"customHostname": {
"type": "string",
"metadata": {
"description": "The custom hostname that you wish to add."
}
},
"existingKeyVaultId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Existing Key Vault resource Id for the SSL certificate, leave this blank if not enabling SSL"
}
},
"existingKeyVaultSecretName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Key Vault Secret that contains a PFX certificate, leave this blank if not enabling SSL"
}
}
},
"variables": {
"appServicePlanName": "[concat(parameters('webAppName'),'-asp-', uniquestring(resourceGroup().id))]",
"certificateName": "[concat(parameters('webAppName'),'-cert')]",
"enableSSL": "[not(empty(parameters('existingKeyVaultId')))]"
},
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2019-08-01",
"name": "[variables('appServicePlanName')]",
"location": "[parameters('location')]",
"properties": {
"name": "[variables('appServicePlanName')]"
},
"sku": {
"name": "P1",
"tier": "Premium",
"size": "1",
"family": "P",
"capacity": "1"
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2019-08-01",
"name": "[parameters('webAppName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverFarms', variables('appServicePlanName'))]"
],
"properties": {
"name": "[parameters('webAppName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverFarms', variables('appServicePlanName'))]"
}
},
{
"condition": "[variables('enableSSL')]",
"type": "Microsoft.Web/certificates",
"apiVersion": "2019-08-01",
"name": "[variables('certificateName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('webAppName'))]"
],
"properties": {
"keyVaultId": "[parameters('existingKeyVaultId')]",
"keyVaultSecretName": "[parameters('existingKeyVaultSecretName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverFarms', variables('appServicePlanName'))]"
}
},
{
"type": "Microsoft.Web/sites/hostnameBindings",
"name": "[concat(parameters('webAppName'), '/', parameters('customHostname'))]",
"apiVersion": "2019-08-01",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/certificates', variables('certificateName'))]"
],
"properties": {
"sslState": "[if(variables('enableSSL'), 'SniEnabled', json('null'))]",
"thumbprint": "[if(variables('enableSSL'), reference(resourceId('Microsoft.Web/certificates', variables('certificateName'))).Thumbprint, json('null'))]"
}
}
]
}
Fill the details as shown below and click on review + Create.
After deployed to azure portal the go to app service and -> custom domain as below.
Reference taken from Git-Hub.

Tags in ARM file not visible in Azure portal

I have multiple tags mentioned in my deployement yml file , but they are not visible inside Azure portal app service. None of the following tags visible to Azure portal. only cost-Center tag can be found.
"resources": [
{
"apiVersion": "2016-08-01",
"type": "Microsoft.Web/sites/slots",
"comments": "",
"location": "[resourceGroup().location]",
"dependsOn": [
"[variables('webAppDeployment')]"
],
"kind": "app",
"name": "[concat(parameters('siteName'),'/','staging')]",
"properties": {
"serverFarmId": "[parameters('appServicePlanResourceId')]"
},
"tags": {
"displayName": "TEST",
"Module": "MM",
"SubModule": "ABD"
}
]
To test this in our local environment, we have created a new ARM Template that will create an app service plan, web app & a staging slot to that web app with a list of tags that were shared above.
While testing the template, deployment got succeeded & we were able to see the tags of the webapp slot in the portal.
Here is the sample output for reference:
For reference , here is the sample ARM template that we have created to test this:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"web-appname": {
"type": "string"
},
"appservicename": {
"type": "string"
}
},
"functions": [],
"variables": {},
"resources": [
{
"name": "[parameters('appservicename')]",
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2020-12-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "S1"
},
"properties": {
"name": "[parameters('appservicename')]"
}
},
{
"name": "[parameters('web-appname')]",
"type": "Microsoft.Web/sites",
"apiVersion": "2020-12-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms',parameters('appservicename'))]"
],
"properties": {
"name": "[parameters('web-appname')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms',parameters('appservicename'))]"
}
},
{
"name":"[concat(parameters('web-appname'),'/','stagging')]",
"type": "Microsoft.Web/sites/slots",
"apiVersion": "2021-02-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('web-appname'))]"
],
"tags": {
"displayName": "TEST",
"Module": "MM",
"SubModule": "ABD",
"Createdfor": "repro",
"depart":"test"
},
"properties": {
"httpsOnly": true
}
}
],
"outputs": {}
}

Upload Key Vault Certificate and access it in App Service through ARM Template

We need to have a Function App created for accessing Office 365 instance. The access is using Certificate authentication. Hence we are uploading the certificate into Azure Key Vault and need to import the Certificate from Key Vault.
We are using ARM Templates for the Azure Resource Deployment. We are trying to create Azure Key Vault Certificate as mentioned in the link
https://erwinstaal.nl/posts/using-an-arm-template-to-deploy-your-ssl-certificate-stored-in-keyvault-on-an-web-app/
upload .pfx certificate through azure devops pipeline
As mentioned in the above pages, we are able to create new secrets in Key Vault. But, we do not see the imported certificate in the list of Certificates (when checked in the Azure Portal UI) and also, we are not able to Import the Certificates in the Function App. Is this not supported in the current ARM Template Key Vault commandlet? How can this be fixed?
As mentioned in the above pages, we are able to create new secrets in
Key Vault. But, we do not see the imported certificate in the list of
Certificates (when checked in the Azure Portal UI)
This is because ARM Template doesn't have a property to upload a certificate so instead it stores a base64 encoded value of the PFX certificate in the Secret in a application/x-pkcs12 like below :
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVault": {
"type": "string",
"defaultValue" :"funccertimporttestkv"
},
"TestCedential_1": {
"type": "secureString",
"defaultValue":"MIIKYAIBAzCCChwXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXhp4XPejOrOIgc9/6dkfBBSgxY73wtbf+G3N7KTYP1LKKHS0YwICB9A="
},
"TestCedentialName_1": {
"type": "string",
"defaultValue": "funcAppValidationCert"
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(parameters('keyVault'), '/', parameters('TestCedentialName_1'))]",
"apiVersion": "2015-06-01",
"properties": {
"contentType": "application/x-pkcs12",
"value": "[parameters('TestCedential_1')]"
}
}
],
"outputs": {}
}
we are not able to Import the Certificates in the Function App. Is
this not supported in the current ARM Template Key Vault commandlet?
How can this be fixed?
If you are using a template like below :
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"envName": {
"defaultValue": "qa",
"type": "String"
},
"certificateName": {
"type": "string",
"defaultValue": "funcAppValidationCert"
},
"domainName": {
"type": "string",
"defaultValue": "localhost"
},
"keyvaultName": {
"type": "string",
"defaultValue": "funccertimporttestkv"
},
"password": {
"type": "string",
"defaultValue": "Password#1234"
}
},
"variables":{
"functionStorageAccountName" :"[concat('storaccfn',parameters('envName'),resourceGroup().location)]",
"appServicePlanName" :"[concat('plan-myapp-',parameters('envName'),resourceGroup().location)]",
"sitesFunctionAppName" :"[concat('func-ans-',parameters('envName'),resourceGroup().location)]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-04-01",
"name": "[variables('functionStorageAccountName')]",
"location": "[resourceGroup().location]",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "Storage",
"properties": {
"supportsHttpsTrafficOnly": true
}
},
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2018-02-01",
"name": "[variables('appServicePlanName')]",
"location": "[resourceGroup().location]",
"sku": {
"name": "S1",
"tier": "Standard",
"size": "S1",
"family": "S",
"capacity": 1
},
"kind": "app",
"properties": {
"perSiteScaling": false,
"maximumElasticWorkerCount": 1,
"isSpot": false,
"reserved": false,
"isXenon": false,
"hyperV": false,
"targetWorkerCount": 0,
"targetWorkerSizeId": 0
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2018-11-01",
"name": "[variables('sitesFunctionAppName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('functionStorageAccountName'))]"
],
"kind": "functionapp",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"enabled": true,
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"httpsOnly": true,
"siteConfig": {
"appSettings":[
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('functionStorageAccountName'), ';AccountKey=', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('functionStorageAccountName')),'2017-06-01').keys[0].value)]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('functionStorageAccountName'), ';AccountKey=', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('functionStorageAccountName')),'2017-06-01').keys[0].value)]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower(variables('sitesFunctionAppName'))]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~3"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "dotnet"
},
{
"name": "WEBSITE_RUN_FROM_PACKAGE",
"value": "1"
},
{
"name": "WEBSITE_TIME_ZONE",
"value": "UTC"
}
]
}
}
},
{
"type": "Microsoft.Web/sites/hostNameBindings",
"apiVersion": "2016-08-01",
"name": "[concat(variables('sitesFunctionAppName'), '/', parameters('domainName'))]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/certificates', parameters('certificateName'))]",
"[resourceId('Microsoft.Web/sites', variables('sitesFunctionAppName'))]"
],
"properties": {
"siteName": "[variables('sitesFunctionAppName')]",
"hostNameType": "Verified",
"sslState": "SniEnabled",
"thumbprint": "[reference(resourceId('Microsoft.Web/certificates', parameters('certificateName'))).Thumbprint]"
}
},
{
"type": "Microsoft.Web/certificates",
"name": "[parameters('certificateName')]",
"apiVersion": "2016-03-01",
"location": "[resourceGroup().location]",
"properties": {
"keyVaultId": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyvaultName'))]",
"keyVaultSecretName": "[parameters('certificateName')]",
"password": "[parameters('password')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
},
"dependsOn":[
"[resourceId('Microsoft.Web/sites', variables('sitesFunctionAppName'))]"
]
}
]
}
And facing a Problem of Bad Request which says not able to access the keyvault like below:
Then Add Microsoft.Azure.CertificateRegistration (i.e. ObjectId : ed47c2a1-bd23-4341-b39c-f4fd69138dd3) , Microsoft Azure App Service (Internal) (i.e. ObjectId : 505e3754-d8a9-4f8b-97b6-c3e48ac7a543) & Microsoft Azure App Service (i.e. ObjectId : f8daea97-62e7-4026-becf-13c2ea98e8b4) in access policy for keyvault.
And If you get the below after solving the above then please check if you have converted the certificate value to a proper base64 encoded value.
Then you can refer this SO thread to properly provide a base64 value of the certificate.
Output:
After successful deployment you can see this TLS/SSL settings :

ARM template deployment of Microsoft.Web/sites/hostNameBindings keep giving me conflict error

I am trying to deploy app services but I keep getting deployment failure Microsoft.Web/sites/hostNameBindings
Message: Cannot modify this site because another operation is in progress. OperationName: RegisterTrafficManagerProfile, CreatedTime: 5/14/2021 12:03:05 AM, , EntityType: 1.
I get this error intermittently.
I read one of the stack overflow answers that it seems Traffic Manager causes a problem with the asynchronous hostNameBindings iteration operation.
Which can be resolved by specifying a synchronous copy using "mode": "serial" mode with "batchsize": 1,
I tried this solution but I still get this conflict error, not sure why? anyone ran into same issue where after synchronising the copy getting above error?
Recently we had changes to our template to deploy traffic manager endpoints as separate resource which caused the process to take longer, Does increase in process time can cause conflict? what can be other reasons for this failure?
Any insights into this will be helpful. I am quite new to working on app service arm template
EDIT My current arm template I am just showing hostname bindings and traffic manager profiles
{
"type": "Microsoft.Web/sites/hostNameBindings",
"apiVersion": "2016-03-01",
"copy": {
"name": "hostNameBindingLoop",
"mode": "serial",
"batchSize": 1,
"count": "[length(variables('appServicePlanLocations'))]"
},
"name": "[concat(variables('websiteName') [copyIndex()], '/', parameters('cName'))]",
"location": "[vaiables('appServicePlanLocations')[copyIndex()]]",
"properties": {
"sslState": "SniEnabled",
"thumbprint": "[reference(resourceId('Microsoft.Web/certificates', variables('xyzCertName')[copyIndex()])).Thumbprint]"
},
"dependsOn": [
"[concat('Microsoft.Web/certificates/',variables('xyzCertName'[copyIndex()])]",
],
},
{
"type": "Microsoft.Network/trafficManagerProfiles",
"apiVersion": "2018-08-01",
"name": "[parameters('trafficManagerName')]",
"location": "global",
"properties": {
"profileStatus": "Enabled",
"trafficRoutingMethod": "Performance",
"dnsConfig": {
"relativeName": "[parameters('uniqueDnsName')]",
"ttl": 300
},
"monitorConfig": {
"protocol": "HTTPS",
"port": 443,
"path": "/"
}
"endpoints": [],
"trafficViewEnrollmentStatus": "Disabled
}
},
{
"type": "Microsoft.Network/trafficManagerProfiles/azureEndpoints",
"apiVersion": "2018-08-01",
"name": "[concat(variables('trafficManager'),'/',variables('websiteName'), copyIndex(1))]",
"location": "global",
"dependsOn": [
"[concat('Microsoft.Network/trafficManagerProfiles/', variables('trafficManager'))]"
],
"properties": {
"targetResourceId": "[concat('Microsoft.Web/sites/',variables('websiteName')[copyIndex()])]",'
"endpointStatus": "Enabled",
"endpointLocation": "[vaiables('appServicePlanLocations')[copyIndex()]]"
},
"copy": {
"name": "trafficManagerEndPointLoop",
"mode": "serial",
"batchSize": 1,
"count": "[length(variables('appServicePlanLocations'))]"
}
}
I assume that you would like to create an Azure Traffic Manager profile with an App Service Behind It. Here is a template for your reference. This automatically provisions a custom domain xxxx.trafficmanager.net in the custom domains settings of your Azure app service.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"uniqueDnsName": {
"type": "string",
"metadata": {
"description": "Relative DNS name for the traffic manager profile, resulting FQDN will be <uniqueDnsName>.trafficmanager.net, must be globally unique."
}
},
"uniqueDnsNameForWebApp": {
"type": "string",
"metadata": {
"description": "Relative DNS name for the WebApps, must be globally unique. An index will be appended for each Web App."
}
},
"webServerName": {
"type": "string",
"metadata": {
"description": "Name of the App Service Plan that is being created"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]"
},
"trafficManagerName": {
"type": "string",
"metadata": {
"description": "Name of the trafficManager being created"
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2019-08-01",
"name": "[parameters('webServerName')]",
"location": "[parameters('location')]",
"sku": {
"name": "S1",
"tier": "Standard"
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2019-08-01",
"name": "[parameters('uniqueDnsNameForWebApp')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms/',parameters('webServerName'))]"
],
"properties": {
"serverFarmId": "[parameters('webServerName')]"
}
},
{
"type": "Microsoft.Network/trafficManagerProfiles",
"apiVersion": "2018-08-01",
"name": "[parameters('trafficManagerName')]",
"location": "global",
"properties": {
"profileStatus": "Enabled",
"trafficRoutingMethod": "Priority",
"dnsConfig": {
"relativeName": "[parameters('uniqueDnsName')]",
"ttl": 30
},
"monitorConfig": {
"protocol": "HTTPS",
"port": 443,
"path": "/"
}
}
},
{
"type": "Microsoft.Network/trafficManagerProfiles/azureEndpoints",
"apiVersion": "2018-08-01",
"name": "[concat(parameters('trafficManagerName'),'/',parameters('uniqueDnsNameForWebApp'))]",
"location": "global",
"dependsOn": [
"[resourceId('Microsoft.Network/trafficManagerProfiles/',parameters('trafficManagerName'))]",
"[resourceId('Microsoft.Web/sites/',parameters('uniqueDnsNameForWebApp'))]"
],
"properties": {
"targetResourceId": "[resourceId('Microsoft.Web/sites/', parameters('uniqueDnsNameForWebApp'))]",
"endpointStatus": "Enabled"
}
}
]
}

How do I automatically install New Relic extension using Azure ARM Template?

I am using a azure arm template to create a web app in azure. Now I need to install New Relic Extension in the webapps which will be created using this template. So I was unable to find specific json format. Please help me out!
Please have a try to add the json code snipped in the ARM template.
"resources": [
{
"apiVersion": "2015-08-01",
"name": "NewRelic.Azure.WebSites",
"type": "siteextensions",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]"
],
"properties": {
}
}
],
I created a demo for it. The following is my detail steps. About the name of the extension please refer to the NewRelic.Azure.WebSites.
1. Create an Azure Resource Group Project.
2. Select the Web App project template
3. Just demo for web site extension so I delete the unnecessary resource
4. Add the snipped code in the ARM template
5. Deploy the website via Visual Studio
6. Check the Website in the Azure portal
The demo ARM template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"hostingPlanName": {
"type": "string",
"minLength": 1
},
"skuName": {
"type": "string",
"defaultValue": "F1",
"allowedValues": [
"F1",
"D1",
"B1",
"B2",
"B3",
"S1",
"S2",
"S3",
"P1",
"P2",
"P3",
"P4"
],
"metadata": {
"description": "Describes plan's pricing tier and instance size. Check details at https://azure.microsoft.com/en-us/pricing/details/app-service/"
}
},
"skuCapacity": {
"type": "int",
"defaultValue": 1,
"minValue": 1,
"metadata": {
"description": "Describes plan's instance count"
}
}
},
"variables": {
"webSiteName": "[concat('webSite', uniqueString(resourceGroup().id))]"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[parameters('hostingPlanName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "HostingPlan"
},
"sku": {
"name": "[parameters('skuName')]",
"capacity": "[parameters('skuCapacity')]"
},
"properties": {
"name": "[parameters('hostingPlanName')]"
}
},
{
"apiVersion": "2015-08-01",
"name": "[variables('webSiteName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]": "Resource",
"displayName": "Website"
},
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]"
],
"resources": [
{
"apiVersion": "2015-08-01",
"name": "NewRelic.Azure.WebSites",
"type": "siteextensions",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]"
],
"properties": {
}
}
],
"properties": {
"name": "[variables('webSiteName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('hostingPlanName'))]"
}
}
]
}
"resources":[{
"apiVersion": "2018-11-01",
"name": "NewRelic.Azure.WebSites.Extension",
"type": "siteextensions",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('appServiceName'))]"
]
}]
The name is now NewRelic.Azure.Websites.Extension. You should give your App Service Name in the variable appServiceName in this case.

Resources