How to assign a private endpoint to a web.app slot using bicep script
I have a application defined as and I am trying to figure out how to map the preview slot to
resource app 'Microsoft.Web/sites@2022-09-01' = {
name: '${appName}-${env}'
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
serverFarmId: servicePlanId
httpsOnly: true
// clientAffinityEnabled: false
virtualNetworkSubnetId: subnetId
siteConfig: {
ftpsState: 'Disabled'
minTlsVersion: '1.2'
publicNetworkAccess: 'Disabled'
}
}
}
Now I have defined a slot
resource stagingSlot 'Microsoft.Web/sites/slots@2021-02-01' = {
name: 'preview'
parent: app
location: location
kind: 'app'
properties: {
serverFarmId: servicePlanId
}
}
Now I need to create a private endpoint for the main site and for the slot.
the slot gets created and the endpoint connection also but only to the parent item not the release slot
resource stagingSlotEndpoint 'Microsoft.Web/sites/slots/privateEndpointConnections@2022-03-01' = {
name: '${appName}-preview'
kind: 'app'
parent: stagingSlot
properties: {
privateLinkServiceConnectionState: {
status: 'Approved'
description: 'Auto-Approved'
actionsRequired: 'None'
}
}
}
Solution
To assign a private endpoint connection to a web app slot, you need to use Microsoft.Web/sites/privateEndpointConnections resource type.
Add below code to yours and it will work as expected.
resource prodSiteEndpoint 'Microsoft.Web/sites/privateEndpointConnections@2022-03-01' = {
name: 'app-produ'
kind: 'app'
parent: app
properties: {
privateLinkServiceConnectionState: {
status: 'Approved'
description: 'Auto-Approved'
actionsRequired: 'None'
}
}
dependsOn: [
appConfigurationPrivateEndPoint
appConfigurationPrivateDnsZoneGroup
]
}
complete bicep code:
param location string = 'eastus'
param appConfigurationPrivateEp string = 'priend'
param appdns string = 'priend-nic'
resource appServicePlan 'Microsoft.Web/serverfarms@2020-12-01' existing = {
name: 'uovh4pk4fceb6kic6v5wmtms62'
}
resource app 'Microsoft.Web/sites@2022-09-01' existing = {
name: 'uovh4pk4fceb6'
}
resource appConfigurationPrivateEndPoint 'Microsoft.Network/privateEndpoints@2021-03-01' existing= {
name: appConfigurationPrivateEp
}
resource appConfigurationPrivateDnsZoneGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2021-03-01' existing= {
parent: appConfigurationPrivateEp
name: appdns
}
resource stagingSlot 'Microsoft.Web/sites/slots@2021-02-01' = {
name: 'stagingpreviewbla'
parent: app
location: location
kind: 'app'
properties: {
serverFarmId: appServicePlan.id
}
}
resource stagingSlotEndpoint 'Microsoft.Web/sites/slots/privateEndpointConnections@2022-03-01' = {
name: 'app-preview'
kind: 'app'
parent: stagingSlot
properties: {
privateLinkServiceConnectionState: {
status: 'Approved'
description: 'Auto-Approved'
actionsRequired: 'None'
}
}
dependsOn: [
appConfigurationPrivateEndPoint
appConfigurationPrivateDnsZoneGroup
]
}
resource prodSiteEndpoint 'Microsoft.Web/sites/privateEndpointConnections@2022-03-01' = {
name: 'app-produ'
kind: 'app'
parent: app
properties: {
privateLinkServiceConnectionState: {
status: 'Approved'
description: 'Auto-Approved'
actionsRequired: 'None'
}
}
dependsOn: [
appConfigurationPrivateEndPoint
appConfigurationPrivateDnsZoneGroup
]
}
- The template output 'ctrName' is not valid: The language expression property array index '4' is out of bounds
- New-AzResourceGroupDeployment: 5:01:43 PM - The deployment 'BlockBlobStorageDeployment' failed with error(s)
- New-AzResourceGroupDeployment: 4:21:36 PM - The deployment 'FileStorageDeployment' failed with error(s). Showing 1 out of 1 error(s)
- azure bicep deployment modifies network interface resources even though there are no changes
- How to upgrade the existing container registry from basic to premium?
- How do you deploy VNET to an App Service with BICEP?
- OpenIA deployment with bicep
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- How do I trigger a failure in azure pipelines when a bicep template build fails?
- Bicep - Get Service Principal ID from App ID
- roleAssignment with current user id
- bicep multiple parameter files
- Bicep Error: The resource is not defined in the template
- Referencing an existing resource which is present in a bicep module
- .NET version not set in azure function settings - bicep
- How to set the Container App alocation to have 4CPUs and 8Gb of RAM in bicep
- Assign role to resource in a different resource groups
- How to define a parent if I use if expression?
- RBAC with bicep
- Application gateway: how to define redirectConfigurations in bicep
- Microsoft.ApiManagement/service/apis/diagnostics name field issue
- Consecutive "<,>" characters in bicep string parameters causing "> was unexpected at this time"
- Publish apim policy with bicep set-body and set-backend-service at same time
- "InvalidOperationString" Error bicep while creating Resource Group through Azure CLI in pipeline
- Error: Code=InvalidTemplateDeployment; Message=The template deployment 'StAccDeployment' is not valid according to the validation procedure
- New-AzResourceGroupDeployment: Cannot retrieve the dynamic parameters for the cmdlet when trying to execute the bicep script
- Is there a way to mount Azure File Share on Web App via Key Vault Reference using Bicep?
- How to connect a Web App to a SQL database on Azure using Managed Identities?
- Getting "BadRequest" when trying to deploy web app networking settings using Bicep trmplate
- Azure Logic App Authorization Policy set via Bicep