Question 418918 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – How do you deploy VNET to an App Service with BICEP?

I want to deploy a BICEP template that configures Outbound traffic for an App Service. When I deploy the BICEP template, there are no errors and it says successful, but it does not add Virtual Network Integration.

$template = 'main.bicep'
$resourceGroup = "my-resource-group"
az deployment group create `
   --resource-group $resourceGroup `
   --template-file $template

main.bicep:

var vnetResourceId = '/subscriptions/{subscription-id}/resourceGroups/my-resource-group/providers/Microsoft.Network/virtualNetworks/{vnet-name}/subnets/default'
var outboundVnetNet = 'doesItEvenMatter'
resource appService 'Microsoft.Web/sites@2024-04-01' = {
  name: 'my-awesome-app-lol'
  location: 'WestUS2'
  properties: {
    serverFarmId: appServicePlanId
    httpsOnly: true
    siteConfig: {
      cors: {
        allowedOrigins: [
          'https://portal.azure.com'
        ]
      }
      ftpsState: 'FtpsOnly'
      netFrameworkVersion: 'v8.0'
      vnetRouteAllEnabled: true
      vnetName: outboundVnetNet
    }
  }
}

resource outboundVnetConfiguration 'Microsoft.Web/sites/virtualNetworkConnections@2023-12-01' = {
  name: outboundVnetNet
  parent: appService
  properties: {
    isSwift: true
    vnetResourceId: vnetResourceId
  }
}

When I manually do it inside the portal, the exported ARM template from the UI adds the following JSON:

{
  "type": "Microsoft.Web/sites/virtualNetworkConnections",
  "apiVersion": "2023-12-01",
  "name": "my-awesome-app-lol/9e717979-f385-412e-b1a5-2fdffd21fa7f_default",
  "location": "West US 2",
  "dependsOn": [
    "[resourceId('Microsoft.Web/sites', 'my-awesome-app-lol')]"
  ],
  "properties": {
    "vnetResourceId": "/subscriptions/{subscription-id}/resourceGroups/my-resource-group/providers/Microsoft.Network/virtualNetworks/{vnet-name}/subnets/default",
    "isSwift": true
  }
}

What am I missing that is preventing the Virtual Network Integration from deploying when I use BICEP?

Tags:

2

Answers


  1. 0

    You only need to specify the virtualNetworkSubnetId property with api-version 2024-04-01.

    Also vnetRouteAllEnabled and virtualNetworkSubnetId are outside the siteConfig object:

    var vnetResourceId = '/subscriptions/{subscription-id}/resourceGroups/my-resource-group/providers/Microsoft.Network/virtualNetworks/{vnet-name}/subnets/default'
resource appService 'Microsoft.Web/sites@2024-04-01' = {
  name: 'my-awesome-app-lol'
  location: 'WestUS2'
  properties: {
    serverFarmId: appServicePlanId
    httpsOnly: true
    siteConfig: {
      cors: {
        allowedOrigins: [
          'https://portal.azure.com'
        ]
      }
      ftpsState: 'FtpsOnly'
      netFrameworkVersion: 'v8.0'      
    }
    vnetRouteAllEnabled: true
    virtualNetworkSubnetId: vnetResourceId
  }
}
    Login or Signup to reply.
  2. 0

    I’m not very familiar with web apps, but from an API docs, what you configure is actually two things:

    config1:

    Create Or Update Swift Virtual Network Connection With Check

    config2:

    Create Or Update Vnet Connection

    When you deploy the following resources, you are actually configuring config 2, which not show Virtual Network integation in azure portal. but the resource actually deployed. "/subscriptions/xxx/resourceGroups/wb-debug/providers/Microsoft.Web/sites/xxxxx/virtualNetworkConnections/doesItEvenMatter"

    resource outboundVnetConfiguration 'Microsoft.Web/sites/virtualNetworkConnections@2023-12-01' = {
  name: outboundVnetNet
  parent: appService
  properties: {
    isSwift: true
    vnetResourceId: vnet.id
  }
}

    When add following in site bicep, I guess you actually deploy the config 1, which shows Virtual network integration in azure portal.

      properties: {
    virtualNetworkSubnetId: vnetResourceId
  }
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search