ARM Template containing config settings for web app - azure

I am encountering strange behavior when deploying an ARM template.
I have the following template: (Note that sasUrl value 'xxx' has a real, working value in my file)
{
"name": "[variables('webAppServiceName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"apiVersion": "2016-08-01",
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
],
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', variables('appServicePlanName'))]": "Resource",
"displayName": "[variables('webAppServiceName')]"
},
"properties": {
"name": "[variables('webAppServiceName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
},
"resources": [
{
"apiVersion": "2014-11-01",
"name": "appsettings",
"type": "config",
"dependsOn": [
"[concat('Microsoft.Web/sites/', variables('webAppServiceName'))]",
"[concat('Microsoft.Web/certificates/', variables('certificateName'))]"
],
"tags": {
"displayName": "WebAppSettings"
},
"properties": {
"WEBSITE_LOAD_CERTIFICATES": "[reference(resourceId('Microsoft.Web/certificates', variables('certificateName')), providers('Microsoft.Web', 'certificates').apiVersions[0]).thumbprint]"
}
},
{
"apiVersion": "2016-08-01",
"name": "Microsoft.ApplicationInsights.Profiler.AzureWebApps",
"type": "siteextensions",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webAppServiceName'))]"
],
"properties": {}
},
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webAppServiceName'))]"
],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Off"
},
"azureTableStorage": {
"level": "Off"
},
"azureBlobStorage": {
"level": "[parameters('applicationLogLevel')]",
"sasUrl": "xxx"
}
},
"httpLogs": {
"fileSystem": {
"enabled": false
},
"azureBlobStorage": {
"enabled": true,
"sasUrl": "xxx"
}
},
"failedRequestsTracing": {
"enabled": "[parameters('enableFailedRequestTracing')]"
},
"detailedErrorMessages": {
"enabled": "[parameters('enableDetailedErrorMessages')]"
}
}
}
]
}
When deploying this template without modifying anything, the config section 'logs' is not deployed correctly +- 1 on 2 times. I have just tested the ARM template again, and the first deployment, the web app had not the correct settings for diagnostics logging. The second time neither, but the third time they were ok. But the fourth time, the settings were not correct anymore. It looks like this part of the template has no consistent behavior.
Am I overseeing something?

I try to create WebApp with the appsetting and logs, it works correctly for me. I created the project using Visual Studio. The following is my detail steps.
1.Create the Azure Resource Project
2.Select the WebApp template
3.Click the deploy file then right click and remove the unnecessary resource
4.Add the Appsetting Resource for the WebApp
5.Add the logs code for the Azure WebApp
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]"
],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Off"
},
"azureTableStorage": {
"level": "Off"
},
"azureBlobStorage": {
"level": "[variables('Level')]",
"sasUrl": "xxxx"
}
},
"httpLogs": {
"fileSystem": {
"enabled": false
},
"azureBlobStorage": {
"enabled": true,
"sasUrl": "xxxxxx"
}
},
"failedRequestsTracing": {
"enabled": "[parameters('enableFailedRequestTracing')]"
},
"detailedErrorMessages": {
"enabled": "[parameters('enableDetailedErrorMessages')]"
}
}
}
6.Right click the project and select the deploy
7.Check the result from the Output and Azure portal
The whole arm template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"hostingPlanName": {
"type": "string",
"minLength": 1
},
"enableFailedRequestTracing": {
"type": "bool"
},
"enableDetailedErrorMessages": {
"type": "bool"
},
"skuName": {
"type": "string",
"defaultValue": "F1",
"allowedValues": [
"F1",
"D1",
"B1",
"B2",
"B3",
"S1",
"S2",
"S3",
"P1",
"P2",
"P3",
"P4"
],
"metadata": {
"description": "Describes plan's pricing tier and capacity. Check details at https://azure.microsoft.com/en-us/pricing/details/app-service/"
}
},
"skuCapacity": {
"type": "int",
"defaultValue": 1,
"minValue": 1,
"metadata": {
"description": "Describes plan's instance count"
}
}
},
"variables": {
"webSiteName": "[concat('webSite', uniqueString(resourceGroup().id))]",
"Level": "Error"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[parameters('hostingPlanName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "HostingPlan"
},
"sku": {
"name": "[parameters('skuName')]",
"capacity": "[parameters('skuCapacity')]"
},
"properties": {
"name": "[parameters('hostingPlanName')]"
}
},
{
"apiVersion": "2015-08-01",
"name": "[variables('webSiteName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]": "Resource",
"displayName": "Website"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]"
],
"properties": {
"name": "[variables('webSiteName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('hostingPlanName'))]"
},
"resources": [
{
"name": "appsettings",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('webSiteName'))]"
],
"tags": {
"displayName": "appsettings"
},
"properties": {
"key1": "value1",
"key2": "value2"
}
},
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]"
],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Off"
},
"azureTableStorage": {
"level": "Off"
},
"azureBlobStorage": {
"level": "[variables('Level')]",
"sasUrl": "xxxxx"
}
},
"httpLogs": {
"fileSystem": {
"enabled": false
},
"azureBlobStorage": {
"enabled": true,
"sasUrl": "xxxx"
}
},
"failedRequestsTracing": {
"enabled": "[parameters('enableFailedRequestTracing')]"
},
"detailedErrorMessages": {
"enabled": "[parameters('enableDetailedErrorMessages')]"
}
}
}
]
}
]
}

I have experienced similar issues. We fixed this using dependsOn rules.
You should add dependsOn rules to split the processing of each config section.
It seems like otherwise there can occur problems, for instance ...missing settings.
Arm snippet:
{
"name": "[variables('ExampleAppName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"apiVersion": "2015-08-01",
"kind": "api",
"dependsOn": ["[resourceId('Microsoft.Web/serverfarms', variables('applicationPlanName'))]"],
"tags": {
"displayName": "Example App"
},
"properties": {
"name": "[variables('ExampleAppName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms/', variables('applicationPlanName'))]",
"clientAffinityEnabled": "false"
},
"resources": [{
"name": "web",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": ["[resourceId('Microsoft.Web/sites', variables('ExampleAppName'))]"],
"tags": {
"displayName": "webconfig Example App"
},
"properties": {
"alwaysOn": "true"
}
},
{
"apiVersion": "2015-08-01",
"name": "appsettings",
"type": "config",
"dependsOn": ["[resourceId('Microsoft.Web/sites', variables('ExampleAppName'))]",
"[resourceId('Microsoft.Web/sites/config', variables('ExampleAppName'), 'web')]"],
"tags": {
"displayName": "appsettings Example App"
},
"properties": {
"EXAMPLE1": "[parameters('EXAMPLE1')]",
"EXAMPLE2": "[parameters('EXAMPLE2')]"
}
},
{
"name": "logs",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": ["[concat('Microsoft.Web/sites/', variables('ExampleAppName'))]",
"[resourceId('Microsoft.Web/sites/config', variables('ExampleAppName'), 'appsettings')]"],
"tags": {
"displayName": "logs Example App"
},
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Warning"
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": "35",
"enabled": true
}
},
"detailedErrorMessages": {
"enabled": false
}
}
}]
}
For additional information you can read my post:
Click here!

Related

How can I attach Private End Point to Logic App created using ARM Template

I am creating a logic app using an ARM template and inside the ARM template, I am creating a Private Endpoint for the storage account, and this private endpoint I want to attach to the Logic App.
The private endpoint is getting created but not getting attached. I have searched but I didn't get any results or demo on the same.
Is there any way I can attach the existing private endpoint to my logic app using the ARM template, Via portal I am able to attach it but I want to use the ARM template to do so?
Below is the JSON template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logicAppFEname": {
"type": "String"
},
"use32BitWorkerProcess": {
"type": "Bool"
},
"location": {
"defaultValue": "[resourceGroup().location]",
"type": "String",
"metadata": {
"description": "Location to deploy resources to."
}
},
"subnetNameForPrivateEndpoint": {
"type": "string"
},
"hostingPlanFEName": {
"type": "String"
},
"contentStorageAccountName": {
"type": "String"
},
"sku": {
"type": "String"
},
"skuCode": {
"type": "String"
},
"workerSize": {
"type": "String"
},
"workerSizeId": {
"type": "String"
},
"numberOfWorkers": {
"type": "String"
},
"vnetName": {
"defaultValue": "VirtualNetwork",
"type": "String",
"metadata": {
"description": "Name of the VNET that the Function App and Storage account will communicate over."
}
},
"subnetName": {
"type": "String"
}
},
"variables": {
"privateEndpointFileStorageName": "[concat(parameters('contentStorageAccountName'), '-fileshare-pe')]",
"fileShareName": "[concat(toLower(parameters('logicAppFEname')), 'b86e')]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-04-01",
"name": "[parameters('contentStorageAccountName')]",
"location": "[parameters('Location')]",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"properties": {
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Deny"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
}
}
},
{
"type": "Microsoft.Storage/storageAccounts/fileServices/shares",
"apiVersion": "2021-04-01",
"name": "[concat(parameters('contentStorageAccountName'), '/default/', toLower(variables('fileShareName')))]",
"dependsOn": [
"[parameters('contentStorageAccountName')]"
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-06-01",
"name": "[variables('privateEndpointFileStorageName')]",
"location": "[parameters('Location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/fileServices/shares', parameters('contentStorageAccountName'), 'default',toLower(variables('fileShareName')))]"
],
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetNameForPrivateEndpoint'))]"
},
"privateLinkServiceConnections": [
{
"name": "MyStorageQueuePrivateLinkConnection",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('contentStorageAccountName'))]",
"groupIds": [
"file"
]
}
}
],
"manualPrivateLinkServiceConnections": [],
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetNameForPrivateEndpoint') )]"
}
}
},
{
"type": "Microsoft.Insights/components",
"apiVersion": "2020-02-02",
"name": "[parameters('logicAppFEname')]",
"location": "[parameters('Location')]",
"kind": "web",
"properties": {
"Application_Type": "web"
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2018-11-01",
"name": "[parameters('logicAppFEname')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', parameters('hostingPlanFEName'))]"
],
"tags": {},
"kind": "functionapp,workflowapp",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"name": "[parameters('logicAppFEname')]",
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~3"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "node"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(resourceId('Microsoft.Insights/components', parameters('logicAppFEname')), '2015-05-01').InstrumentationKey]"
},
{
"name": "APPLICATIONINSIGHTS_CONNECTION_STRING",
"value": "[reference(resourceId('Microsoft.Insights/components', parameters('logicAppFEname')), '2015-05-01').ConnectionString]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('contentStorageAccountName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('contentStorageAccountName')), '2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('contentStorageAccountName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('contentStorageAccountName')), '2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower(variables('fileShareName'))]"
},
{
"name": "APP_KIND",
"value": "workflowApp"
},
{
"name": "WEBSITE_VNET_ROUTE_ALL",
"value": "1"
},
{
"name": "AzureFunctionsJobHost__extensionBundle__id",
"value": "Microsoft.Azure.Functions.ExtensionBundle.Workflows",
"slotSetting": false
},
{
"name": "AzureFunctionsJobHost__extensionBundle__version",
"value": "[1.*, 2.0.0)",
"slotSetting": false
},
{
"name": "WEBSITE_CONTENTOVERVNET",
"value": "1",
"slotSetting": false
}
],
"use32BitWorkerProcess": "[parameters('use32BitWorkerProcess')]",
"cors": {
"allowedOrigins": [
"https://afd.hosting.portal.azure.net",
"https://afd.hosting-ms.portal.azure.net",
"https://hosting.portal.azure.net",
"https://ms.hosting.portal.azure.net",
"https://ema-ms.hosting.portal.azure.net",
"https://ema.hosting.portal.azure.net",
"https://ema.hosting.portal.azure.net"
]
}
},
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms/', parameters('hostingPlanFEName'))]",
"clientAffinityEnabled": true
},
"resources": [
{
"type": "networkconfig",
"apiVersion": "2018-11-01",
"name": "virtualNetwork",
"location": "[parameters('location')]",
"dependsOn": [
"[parameters('logicAppFEname')]"
],
"properties": {
"subnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks/subnets',parameters('vnetName'), parameters('subnetName'))]",
"swiftSupported": true
}
}
]
},
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2018-11-01",
"name": "[parameters('hostingPlanFEName')]",
"location": "[parameters('location')]",
"dependsOn": [],
"tags": {},
"sku": {
"Tier": "[parameters('sku')]",
"Name": "[parameters('skuCode')]"
},
"kind": "",
"properties": {
"name": "[parameters('hostingPlanFEName')]",
"workerSize": "[parameters('workerSize')]",
"workerSizeId": "[parameters('workerSizeId')]",
"numberOfWorkers": "[parameters('numberOfWorkers')]",
"maximumElasticWorkerCount": "20"
}
}
]
}
Your ARM template shows few errors, I recommend using Visual Studio Code with ARM Template extension which will help you validate it.
Back to your problem, I suspect you attempt to achieve this
[
At the original Source an ARM template valid is present. Let me know if it solves your issue.

Trying to create Logic App Using ARM Template with exisiting vnet and subnet but getting delegation error

I am trying to create Logic App using ARM Template with existing Vnet and Subnet, but not able to do show, I am getting below error, I am new to ARM templates:
I am also sure whatever, I am doing is the correct way of doing it.
Error :
"code":"PrivateEndpointCreationNotAllowedAsSubnetIsDelegated","message":"Private
endpoint
/subscriptions/f3ffdd01-4400-4ebe-8761-59ecebeba1a2/resourceGroups/logicapp-test-abhishek/providers/Microsoft.Network/privateEndpoints/name
cannot be created as subnet
/subscriptions/f3ffdd01-4400-4ebe-8761-123abdhuue/resourceGroups/my-rg/providers/Microsoft.Network/virtualNetworks/vnet-dev-eastus-edw/subnets/my-vnet
is delegated."}]}
Here is my code :
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logicAppFEname": {
"type": "String"
},
"appInsightName": {
"type": "String"
},
"privateEndpointName": {
"type": "string"
},
"vnetName": {
"type": "string"
},
"vnetRg": {
"type": "string"
},
"subNetName": {
"type": "string"
},
"use32BitWorkerProcess": {
"type": "Bool"
},
"location": {
"defaultValue": "[resourceGroup().location]",
"type": "String",
"metadata": {
"description": "Location to deploy resources to."
}
},
"hostingPlanFEName": {
"type": "String"
},
"contentStorageAccountName": {
"type": "String"
},
"sku": {
"type": "String"
},
"skuCode": {
"type": "String"
},
"workerSize": {
"type": "String"
},
"workerSizeId": {
"type": "String"
},
"numberOfWorkers": {
"type": "String"
}
},
"variables": {
"fileShareName": "[concat(toLower(parameters('logicAppFEname')), 'b86e')]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-04-01",
"name": "[parameters('contentStorageAccountName')]",
"location": "[resourceGroup().location]",
"dependsOn": [],
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"properties": {
"mode": "Incremental",
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
}
}
},
{
"type": "Microsoft.Storage/storageAccounts/fileServices/shares",
"apiVersion": "2021-04-01",
"name": "[concat(parameters('contentStorageAccountName'), '/default/', variables('fileShareName'))]",
"dependsOn": [
"[parameters('contentStorageAccountName')]"
]
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2021-03-01",
"name": "[parameters('vnetName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites/', parameters('logicAppFEname'))]"
],
"properties": {
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets',parameters('vnetName'), parameters('subnetName'))]",
"isSwift": true
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2021-03-01",
"name": "[parameters('privateEndpointName')]",
"location": "[parameters('location')]",
"tags": {},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('logicAppFEname'))]"
],
"properties": {
"subnet": {
"id": "[resourceId(parameters('vnetRg'), 'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subNetName'))]"
},
"privateLinkServiceConnections": [
{
"name": "[parameters('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Web/sites',parameters('logicAppFEname'))]",
"groupIds": [
"Web/sites"
]
}
}
]
}
},
{
"type": "Microsoft.Insights/components",
"apiVersion": "2020-02-02",
"name": "[parameters('appInsightName')]",
"location": "[resourceGroup().location]",
"kind": "web",
"properties": {
"mode": "Incremental",
"Application_Type": "web"
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2018-11-01",
"name": "[parameters('logicAppFEname')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', parameters('hostingPlanFEName'))]"
],
"tags": {},
"kind": "functionapp,workflowapp",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"mode": "Incremental",
"name": "[parameters('logicAppFEname')]",
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~3"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "node"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(resourceId('Microsoft.Insights/components', parameters('appInsightName')), '2015-05-01').InstrumentationKey]"
},
{
"name": "APPLICATIONINSIGHTS_CONNECTION_STRING",
"value": "[reference(resourceId('Microsoft.Insights/components', parameters('appInsightName')), '2015-05-01').ConnectionString]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('contentStorageAccountName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('contentStorageAccountName')), '2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('contentStorageAccountName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('contentStorageAccountName')), '2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[variables('fileShareName')]"
},
{
"name": "APP_KIND",
"value": "workflowApp"
},
{
"name": "WEBSITE_DNS_SERVER",
"value": "168.63.129.16"
},
{
"name": "AzureFunctionsJobHost__extensionBundle__id",
"value": "Microsoft.Azure.Functions.ExtensionBundle.Workflows",
"slotSetting": false
},
{
"name": "AzureFunctionsJobHost__extensionBundle__version",
"value": "[1.*, 2.0.0)",
"slotSetting": false
},
{
"name": "WEBSITE_CONTENTOVERVNET",
"value": "1",
"slotSetting": false
},
{
"name": "WEBSITE_VNET_ROUTE_ALL",
"value": "1"
}
],
"use32BitWorkerProcess": "[parameters('use32BitWorkerProcess')]",
"cors": {
"allowedOrigins": [
"https://afd.hosting.portal.azure.net",
"https://afd.hosting-ms.portal.azure.net",
"https://hosting.portal.azure.net",
"https://ms.hosting.portal.azure.net",
"https://ema-ms.hosting.portal.azure.net",
"https://ema.hosting.portal.azure.net",
"https://ema.hosting.portal.azure.net"
]
}
},
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms/', parameters('hostingPlanFEName'))]",
"clientAffinityEnabled": true
},
"resources": []
},
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2018-11-01",
"name": "[parameters('hostingPlanFEName')]",
"location": "[resourceGroup().location]",
"dependsOn": [],
"tags": {},
"sku": {
"Tier": "[parameters('sku')]",
"Name": "[parameters('skuCode')]"
},
"kind": "",
"properties": {
"mode": "Incremental",
"name": "[parameters('hostingPlanFEName')]",
"workerSize": "[parameters('workerSize')]",
"workerSizeId": "[parameters('workerSizeId')]",
"numberOfWorkers": "[parameters('numberOfWorkers')]",
"maximumElasticWorkerCount": "20"
}
}
]
}
For AppService the networking is different for inbound and outbound directions.
The template has the outbound set on Vnet subnet, and that subnet will have been delegated to the AppService. (A normal requirement with other AppService SKUs too).
You need to use a different subnet for inbound traffic to your privatelink connection, or look at other options like service endpoint if the sources are in Azure rather on-premises hybrid.

azure ARm Template - Fails to associate AD app registration with function app

Background
I am trying to create an AD app registration for my function app to use for authentication.
I would like it to be for just our tenant, using Azure AD. The app is function app made up of a few endpoints
When I deploy the ARM template below, I don't get any errors, but in poking around and comparing it with what happens when I create authentication manually for my app, i see the following problems:
the application registration is created but there's no Application ID URI specified. When I create this manually via the portal I believe it's auto filled with a value "api://[applicationClientId]"
there are no scopes defined. again, when i create an authentication policy for my app manually via the portal, it does create a user_impersonation scope for me.
When i open up the function app in the portal, under "authentication" this new app registration hasn't been associated with it / or added.
Code
Here's what the ARM template looks like:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"functionAppName": {
"type": "string",
"defaultValue": "[concat('widgets-', uniqueString(resourceGroup().id),'-app')]",
"minLength": 2,
"metadata": {
"description": "my function app"
}
},
"storageAccountName": {
"type": "string",
"defaultValue": "[concat('widgets', uniqueString(resourceGroup().id))]",
"minLength": 2,
"metadata": {
"description": "StorageAccount"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
"serviceBusNamespaceName": {
"type": "string",
"defaultValue": "[concat('widgets-', uniqueString(resourceGroup().id),'-bus')]",
"metadata": {
"description": "Name of the Service Bus namespace"
}
},
"serviceBusQueueName": {
"type": "string",
"defaultValue": "workspaces",
"metadata": {
"description": "Name of the Queue"
}
},
"queueAuthorizationRuleName": {
"type": "string",
"defaultValue": "myRule",
"metadata": {
"description": "Name of the Queue AuthorizationRule"
}
},
"aadAppClientId": {
"type": "string"
},
"tenant": {
"type": "string"
}
},
"variables": {
"appServicePlanPortalName": "[concat(parameters('functionAppName'),'servicePlan')]",
"appInsightsName": "[concat(parameters('functionAppName'),'-insights')]",
"identityName": "[concat(parameters('functionAppName'),'-userId')]",
"clientSecret": ""
},
"resources": [
{
"name": "[variables('identityName')]",
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
"apiVersion": "2018-11-30",
"location": "[parameters('location')]"
},
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"apiVersion": "2019-06-01",
"location": "[parameters('location')]",
"kind": "StorageV2",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
}
},
{
"type": "Microsoft.Storage/storageAccounts/queueServices",
"apiVersion": "2020-08-01-preview",
"name": "[concat(parameters('storageAccountName'), '/default')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
],
"properties": {
"cors": {
"corsRules": []
}
}
},
{
"type": "Microsoft.Storage/storageAccounts/queueServices/queues",
"apiVersion": "2020-08-01-preview",
"name": "[concat(parameters('storageAccountName'), '/default/workspaces')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/queueServices', parameters('storageAccountName'), 'default')]",
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
],
"properties": {
"metadata": {}
}
},
{
"type": "Microsoft.Storage/storageAccounts/tableServices/tables",
"apiVersion": "2021-06-01",
"name": "[concat(parameters('storageAccountName'), '/default/provisionedWorkspaces')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
],
"properties": {
"partitionName": "workspaces"
}
},
{
"type": "Microsoft.ServiceBus/namespaces",
"apiVersion": "2017-04-01",
"name": "[parameters('serviceBusNamespaceName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {}
},
{
"type": "Microsoft.ServiceBus/namespaces/queues",
"apiVersion": "2017-04-01",
"name": "[format('{0}/{1}', parameters('serviceBusNamespaceName'), parameters('serviceBusQueueName'))]",
"properties": {
"lockDuration": "PT5M",
"maxSizeInMegabytes": 1024,
"requiresDuplicateDetection": false,
"requiresSession": false,
"defaultMessageTimeToLive": "P10675199DT2H48M5.4775807S",
"deadLetteringOnMessageExpiration": false,
"duplicateDetectionHistoryTimeWindow": "PT10M",
"maxDeliveryCount": 10,
"autoDeleteOnIdle": "P10675199DT2H48M5.4775807S",
"enablePartitioning": false,
"enableExpress": false
},
"resources": [
{
"apiVersion": "2017-04-01",
"name": "[parameters('queueAuthorizationRuleName')]",
"type": "AuthorizationRules",
"dependsOn": ["[parameters('serviceBusQueueName')]"],
"properties": {
"rights": ["Listen", "Send", "Manage"]
}
}
],
"dependsOn": [
"[resourceId('Microsoft.ServiceBus/namespaces', parameters('serviceBusNamespaceName'))]"
]
},
{
"apiVersion": "2015-05-01",
"name": "[variables('appInsightsName')]",
"type": "Microsoft.Insights/components",
"kind": "web",
"location": "[parameters('location')]",
"tags": {
"[concat('hidden-link:', resourceGroup().id, '/providers/Microsoft.Web/sites/', parameters('functionAppName'))]": "Resource"
},
"properties": {
"Application_Type": "web",
"ApplicationId": "[variables('appInsightsName')]"
}
},
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2020-06-01",
"name": "[variables('appServicePlanPortalName')]",
"location": "[parameters('location')]",
"sku": {
"tier": "Standard",
"name": "S1"
},
"kind": "functionapp,linux",
"properties": {
"name": "[variables('appServicePlanPortalName')]",
"reserved": true
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2020-06-01",
"name": "[parameters('functionAppName')]",
"location": "[parameters('location')]",
"kind": "functionapp,linux",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]": {}
}
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanPortalName'))]",
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]"
],
"properties": {
"reserved": true,
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanPortalName'))]",
"siteConfig": {
"linuxFxVersion": "DOTNETCORE|6.0",
"appSettings": [
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(resourceId('Microsoft.Insights/components', variables('appInsightsName')), '2015-05-01').InstrumentationKey]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('storageAccountName'), ';EndpointSuffix=', environment().suffixes.storage, ';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2019-06-01').keys[0].value)]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~4"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "dotnet"
}
],
"resources": [
{
"type": "config",
"apiVersion": "2020-12-01",
"name": "authsettingsV2",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Web/sites/', parameters('functionAppName'))]"
],
"properties": {
"platform": {
"enabled": true,
"runtimeVersion": "~1"
},
"identityProviders": {
"azureActiveDirectory": {
"isAutoProvisioned": false,
"registration": {
"clientId": "[parameters('aadAppClientId')]",
"clientSecret": "[variables('clientSecret')]",
"openIdIssuer": "[concat('https://sts.windows.net/', parameters('tenant'), '/v2.0')]"
},
"validation": {
"allowedAudiences": [
"https://management.core.windows.net/"
]
}
}
}
},
"login": {
"routes": {},
"tokenStore": {
"enabled": true,
"tokenRefreshExtensionHours": 72,
"fileSystem": {},
"azureBlobStorage": {}
},
"preserveUrlFragmentsForLogins": false,
"allowedExternalRedirectUrls": [],
"cookieExpiration": {
"convention": "FixedTime",
"timeToExpiration": "08:00:00"
},
"nonce": {
"validateNonce": true,
"nonceExpirationInterval": "00:05:00"
}
},
"globalValidation": {
"redirectToProvider": "azureactivedirectory",
"unauthenticatedClientAction": "RedirectToLoginPage"
},
"httpSettings": {
"requireHttps": true,
"routes": {
"apiPrefix": "/.auth"
},
"forwardProxy": {
"convention": "NoProxy"
}
}
}
]
}
}
}
]
}
Two comments in case they help / are relevant:
client secret - As you can see I have a variable defined, but its blank. I'm not supplying a client secret value because I was assuming it would auto create for me. But maybe I shouldn't include that parameter at all?
Also, I'm using a linux container for the web app.
Any tips on how to fix these issues would be appreciated.
EDIT 1
I manually created and added an authencation policy and then I've been using resources.azure.com to see what's been created for me. I have two relevant sections under config.
One is called authsettings and looks like this:
And the other is under authsettingsV2 and looks like this:
I'm trying to use the authsettingsV2 for now... but it's not clear where I should paste it into in the ARM template.
Any suggestions?
EDIT 2
Added all the authsettingsv2 stuff under the site resource. No errors. but still the same results.
Found out that I can use the Az Powershell commandlets:
New-AzADApplication
New-AzADAppCredential

Appservice and slots deployment issues with ARM template

I have a ARM template code to deploy the webapp and slot creating along with app with respective the environment based on the condition. When i try to deploy the resource using the template it only deploys the web app and the slot is not created using the settings on the App. I am new to the ARM stuff could any one please help me out on what i have done wrong with my template.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceGroup": {
"type": "string"
},
"displayNameTag": {
"type": "string"
},
"appInsightName": {
"type": "string"
},
"environment": {
"type": "string"
},
"appType": {
"type": "string"
},
"appServicePlanName": {
"type": "string"
},
"alwaysOn": {
"type": "bool"
},
"currentStack": {
"type": "string"
},
"netFrameworkVersion": {
"type": "string",
"defaultValue": "v4.0"
},
"secondaryApp":{
"type":"string"
}
},
"variables": {
"AustraliaEast": {
"countryCode": "au",
"regionShortCode": "aue",
"regionShortCodePair": "aue",
"omsLocation": "AustraliaEast",
"omsLocationShortCode": "aue",
"PrimaryRegion": true,
"SecondaryRegion": "AustraliaSoutheast",
"regionLocation":"AustraliaEast"
},
"AustraliaSoutheast": {
"countryCode": "au",
"regionShortCode": "aus",
"regionShortCodePair": "aue",
"PrimaryRegion": false,
"regionLocation":"AustraliaSoutheast"
},
"regionSpec": "[variables(resourceGroup().location)]",
"applicationRegion" : "[if(equals(parameters('secondaryApp'),'Yes'),variables('AustraliaSoutheast'),variables('regionspec'))]",
"appName": "[concat('myapp-',parameters('environment'),'-',parameters('appType'),'-',variables('applicationRegion').regionShortcode,'-',parameters('displayNameTag'))]"
},
"resources": [
{
"apiVersion": "2018-11-01",
"name": "[variables('appName')]",
"type": "Microsoft.Web/sites",
"location": "[variables('applicationRegion').regionLocation]",
"tags": {
"displayName": "[parameters('displayNameTag')]",
"environment": "[parameters('environment')]"
},
"dependsOn": [],
"properties": {
"name": "[variables('appName')]",
"mode": "incremental",
"siteConfig": {
"appSettings": [
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(resourceId('Microsoft.Insights/components', parameters('appInsightName')), '2015-05-01').InstrumentationKey]"
},
{
"name": "APPLICATIONINSIGHTS_CONNECTION_STRING",
"value": "[concat('InstrumentationKey=',reference(resourceId('Microsoft.Insights/components', parameters('appInsightName')), '2015-05-01').InstrumentationKey)]"
}
],
"metadata": [
{
"name": "CURRENT_STACK",
"value": "[parameters('currentStack')]"
}
],
"netFrameworkVersion": "[parameters('netFrameworkVersion')]",
"alwaysOn": "[parameters('alwaysOn')]"
},
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlanName'))]",
"clientAffinityEnabled": true
}
},
{
"condition":"[equals(parameters('secondaryApp'),'Yes')]",
"apiVersion": "2018-11-01",
"type": "Microsoft.Web/sites/slots",
"name": "[concat(variables('appName'), '/', 'Slot-Staging')]",
"location": "[variables('applicationRegion').regionLocation]",
"comments": "This specifies the web app slots.",
"tags": {
"displayName": "WebAppSlots"
},
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlanName'))]"
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('appName'))]"
]
}
],
"outputs": {
"webAppName": {
"type": "string",
"value": "[variables('appName')]"
}
}
}'
Please have a try to add the json code snipped in the ARM template.
"resources": [
{
"apiVersion": "2015-08-01",
"name": "appsettings",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites/Slots', variables('webSiteName'), 'Staging')]"
],
"properties": {
"AppSettingKey1": "Some staging value",
"AppSettingKey2": "My second staging setting",
"AppSettingKey3": "My third staging setting"
}
}
]
Follow this SO for complete reference.

Attach an existing Web Service plan to a new Website using Azure Resource Manager templates

I am trying to automate website deployment using the Azure Resource Manager. Website creation and code deployment is working fine, but I am unable to attach the new site to an existing Web Hosting plan.
I am using the 2015-08-01 API and from different examples I think that this template should work (it does not...):
The deployment fails at "Microsoft.Web/sites/config" and the site is beeing assigned a new default free hosting plan.
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"siteName": {
"type": "string"
},
"subscriptionId": {
"type": "string"
},
"setting1": {
"type": "string"
},
"setting2": {
"type": "string"
}
},
"resources": [
{
"apiVersion": "2015-08-01",
"type": "Microsoft.Web/sites",
"name": "[parameters('siteName')]",
"location": "[resourceGroup().location]",
"properties": {
"serverFarmId ": "/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/Microsoft.Web/serverfarms/xxxxxx"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "web",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', parameters('siteName'))]"
],
"properties": {
"phpVersion": "off",
"netFrameworkVersion": "v4.6",
"use32BitWorkerProcess": false,
"webSocketsEnabled": true,
"alwaysOn": true,
"requestTracingEnabled": false,
"httpLoggingEnabled": false,
"logsDirectorySizeLimit": 40,
"detailedErrorLoggingEnabled": false,
"appSettings": [
{
"Name": "setting1",
"Value": "Value1"
},
{
"Name": "setting2",
"Value": "Value2"
}
]
}
},
{
"apiVersion": "2015-08-01",
"type": "extensions",
"name": "MSDeploy",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('siteName'))]"
],
"properties": {
"packageUri": "xxxxxxxx",
"dbType": "None",
"connectionString": ""
}
}
]
}
],
"outputs": {
"siteUri": {
"type": "string",
"value": "[concat('http://',reference(resourceId('Microsoft.Web/sites', parameters('siteName'))).hostNames[0])]"
}
}
}
I ended up falling back to the 2014-06-01 API and with some adjustments to the script, was able to do what I wanted.
Providing the script for future references.
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"siteName": {
"type": "string"
},
"subscriptionId": {
"type": "string"
},
"hostingPlanName": {
"type": "string"
},
"setting1": {
"type": "string"
},
"setting2": {
"type": "string"
}
},
"resources": [
{
"apiVersion": "2014-06-01",
"type": "Microsoft.Web/sites",
"name": "[parameters('siteName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
],
"properties": {
"name": "[parameters('siteName')]",
"serverFarm": "[parameters('hostingPlanName')]"
},
"resources": [
{
"apiVersion": "2014-06-01",
"name": "web",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', parameters('siteName'))]",
"[concat('Microsoft.Web/Sites/', parameters('siteName'), '/Extensions/MSDeploy')]"
],
"properties": {
"phpVersion": "off",
"netFrameworkVersion": "v4.6",
"use32BitWorkerProcess": false,
"webSocketsEnabled": true,
"alwaysOn": true,
"requestTracingEnabled": false,
"httpLoggingEnabled": false,
"logsDirectorySizeLimit": 40,
"detailedErrorLoggingEnabled": false
}
},
{
"apiVersion": "2014-11-01",
"name": "appsettings",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', parameters('siteName'))]",
"[concat('Microsoft.Web/Sites/', parameters('siteName'), '/Extensions/MSDeploy')]"
],
"properties": {
"Setting1": "[parameters('setting1')]",
"Setting2": "[parameters('setting2')]"
}
},
{
"apiVersion": "2015-08-01",
"type": "extensions",
"name": "MSDeploy",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', parameters('siteName'))]"
],
"properties": {
"packageUri": "https://xxxxx.zip",
"dbType": "None",
"connectionString": ""
}
}
]
}
]
}

Resources