Getting "BadRequest" when trying to deploy web app networking settings using Bicep trmplate
While deploying web app Networking Inbound traffic configuration I want to select the Public Network Access setting as "Select Virtual Networks & IP Addresses" where I will add a private endpoint using another private endpoint module. It allows me to make change in networking manually but bicep gives me 'BadRequest' error when deploying through pipeline.
resource appPlan 'Microsoft.Web/serverfarms@2022-03-01' existing = {
name: appPlan
}
resource webApp 'Microsoft.Web/sites@2022-03-01' = {
name: webAppName
location: location
tags: tags
kind: 'app'
identity: 'SystemAssigned'
properties: {
reserved: true
serverFarmId: serverFarm.id
httpsOnly: true
vnetRouteAllEnabled: false
publicNetworkAccess: 'Enabled'
virtualNetworkSubnetId: subnetid
siteConfig: {
alwaysOn: true
ftpsState: 'Disabled'
appSettings: AppSettings
}
}
}
// Change public access to enabled with specific access
resource webAppNetworkAccess 'Microsoft.Web/sites/config@2022-03-01' = {
parent: webApp
name: 'config'
properties: {
publicNetworkAccess: 'Enabled'
ipSecurityRestrictions: [
{
ipAddress: '10.0.0.0/19'
action: 'Allow'
tag: 'Default'
priority: 100
name: 'subnet1'
}
{
ipAddress: '10.0.0.1/19'
action: 'Allow'
tag: 'Default'
priority: 110
name: 'Subnet2'
}
{
ipAddress: 'Any'
action: 'Deny'
priority: 12345678
name: 'Deny all'
description: 'Deny all access'
}
]
}
}
This is what currently is
This is what I want to achieve using bicep
Solution
Getting "Bad Request" when trying to deploy web app networking settings using Bicep template:
You need to configure a private endpoint with a specific DNS Zone group and network configuration to achieve the requirement. Use below Bicep code for the clear approach.
var AddressPrefix = '10.0.0.0/16'
var privateDnsZone = 'privatelink${environment().suffixes.Hostname}'
resource appPlan 'Microsoft.Web/serverfarms@2020-06-01' = {
name: 'AppServicePlanjah'
location: resourceGroup().location
properties: {
reserved: true
}
sku: {
name: 'P1V2'
}
kind: 'linux'
}
resource webApp 'Microsoft.Web/sites@2022-03-01' = {
name: 'abrakjam'
location: resourceGroup().location
kind: 'app'
identity: {
type: 'SystemAssigned'
}
properties: {
reserved: true
serverFarmId: appPlan.id
httpsOnly: true
vnetRouteAllEnabled: false
publicNetworkAccess: 'Enabled'
siteConfig: {
alwaysOn: false
ftpsState: 'Disabled'
}
}
}
resource webAppNetworkAccess 'Microsoft.Web/sites/config@2022-03-01' = {
parent: webApp
name: 'web'
properties: {
publicNetworkAccess: 'Enabled'
ipSecurityRestrictions: [
{
ipAddress: '10.0.0.0/19'
action: 'Allow'
tag: 'Default'
priority: 100
name: 'AllowSubnet1'
}
{
ipAddress: '10.0.0.1/19'
action: 'Allow'
tag: 'Default'
priority: 110
name: 'AllowSubnet2'
}
{
ipAddress: 'Any'
action: 'Deny'
priority: 200
name: 'DenyAll'
description: 'Deny all other access'
}
]
}
}
resource vnet 'Microsoft.Network/virtualNetworks@2021-05-01' = {
name: 'sdaskjd'
location: resourceGroup().location
properties: {
addressSpace: {
addressPrefixes: [
AddressPrefix
]
}
}
}
resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-05-01' = {
parent: vnet
name: 'askdjlksjd'
properties: {
addressPrefix: '10.0.0.0/24'
privateEndpointNetworkPolicies: 'Disabled'
}
}
resource privateEndpoint 'Microsoft.Network/privateEndpoints@2022-01-01' = {
name: 'asjd-privateEndpoint'
location: resourceGroup().location
properties: {
subnet: {
id: subnet.id
}
privateLinkServiceConnections: [
{
name: 'plsConnection'
properties: {
privateLinkServiceId: webApp.id
groupIds: ['sites']
}
}
]
}
}
resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
name: privateDnsZone
location: 'global'
properties: {}
dependsOn: [
vnet
]
}
resource dnsZone 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2024-01-01' = {
parent: privateEndpoint
name: 'sddnsZoneGroup'
properties: {
privateDnsZoneConfigs: [
{
name: 'default'
properties: {
privateDnsZoneId: privateDnsZone.id
}
}
]
}
}
Output:
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs