Created
April 12, 2016 21:54
-
-
Save Bigjono/332673b0ccaa48d4dbb577f47b661619 to your computer and use it in GitHub Desktop.
A Powershell script to attach an existing Azure Web App to and Existing V2 VNet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Import-Module AzureRm.Network | |
# VNet Connection Name that we wish to connect our App Service to | |
$vnetConnectionName = "{your V2 VNet Name Goes Here}" | |
# Resource groups name that contains our VNet | |
$vnetResourceGroupName = "{The name of the resource group that contains your V2 VNet}" | |
# Web App Name & Resouce Group | |
$webAppName = "{Your Web App Name}" | |
$appResourceGroupName="{Name of the resource group that contains your web app}" | |
# Azure Login | |
$userName ="{azure login name}" | |
$pwd ="{azure password}" | |
$SubscriptionID= "{subscription ID}" | |
$TenantId ="{Tenant ID} | |
# Login and set the context | |
$pwdConvert = ConvertTo-SecureString $pwd -AsPlainText -Force | |
$cred = New-Object -TypeName pscredential -ArgumentList $userName, $pwdConvert | |
Login-AzureRmAccount -Credential $cred -ServicePrincipal -TenantId $TenantId | |
Set-AzureRmContext -SubscriptionId $SubscriptionID | |
# At this point, the gateway should be able to be joined to an App, but may require some minor tweaking. We will declare to the App now to use this VNET | |
Write-Host "Getting App information" | |
$webApp = Get-AzureRmResource -ResourceName $webAppName -ResourceType "Microsoft.Web/sites" -ApiVersion 2015-08-01 -ResourceGroupName $appResourceGroupName | |
$location = $webApp.Location | |
$webAppConfig = Get-AzureRmResource -ResourceName "$($webAppName)/web" -ResourceType "Microsoft.Web/sites/config" -ApiVersion 2015-08-01 -ResourceGroupName $appResourceGroupName | |
$currentVnet = $webAppConfig.Properties.VnetName | |
if($currentVnet -ne $null -and $currentVnet -ne "") | |
{ | |
Write-Host "Currently connected to VNET $currentVnet" | |
# App is already part of the virtual network, we cannot add again. | |
return | |
} | |
# get the vnet details | |
$vnet = Get-AzureRmVirtualNetwork -Name $vnetConnectionName -ResourceGroupName $vnetResourceGroupName | |
# We need to check if this VNET is able to be joined to a App, based on following criteria | |
# If there is no gateway, we can create one. | |
# If there is a gateway: | |
# It must be of type Vpn | |
# It must be of VpnType RouteBased | |
# If it doesn't have the right certificate, we will need to add it. | |
# If it doesn't have a point-to-site range, we will need to add it. | |
$gatewaySubnet = $vnet.Subnets | Where-Object { $_.Name -eq "GatewaySubnet" } | |
if($gatewaySubnet -eq $null -or $gatewaySubnet.IpConfigurations -eq $null -or $gatewaySubnet.IpConfigurations.Count -eq 0) { | |
Write-Host "Gateway Invaid cannot continue, check you have a GatewaySubnet and its has an IP Configuration" | |
return | |
} | |
$uriParts = $gatewaySubnet.IpConfigurations[0].Id.Split('/') | |
$gatewayResourceGroup = $uriParts[4] | |
$gatewayName = $uriParts[8] | |
$gateway = Get-AzureRmVirtualNetworkGateway -ResourceGroupName $vnet.ResourceGroupName -Name $gatewayName | |
# validate gateway types, etc. | |
if($gateway.GatewayType -ne "Vpn") | |
{ | |
Write-Error "This gateway is not of the Vpn type. It cannot be joined to an App." | |
return | |
} | |
if($gateway.VpnType -ne "RouteBased") | |
{ | |
Write-Error "This gateways Vpn type is not RouteBased. It cannot be joined to an App." | |
return | |
} | |
if($gateway.VpnClientConfiguration -eq $null -or $gateway.VpnClientConfiguration.VpnClientAddressPool -eq $null) | |
{ | |
Write-Host "This gateway does not have a Point-to-site Address Range. Please specify one in CIDR notation, e.g. 10.0.0.0/8" | |
return | |
} | |
Write-Host "Creating App assocation to VNET" | |
$propertiesObject = @{ | |
"vnetResourceId" = "/subscriptions/$($SubscriptionID)/resourceGroups/$($vnet.ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/$($vnetConnectionName)" | |
} | |
$virtualNetwork = New-AzureRmResource -Location $location -Properties $PropertiesObject -ResourceName "$($webAppName)/$($vnet.Name)" -ResourceType "Microsoft.Web/sites/virtualNetworkConnections" -ApiVersion 2015-08-01 -ResourceGroupName $appResourceGroupName -Force | |
# We need to check if the certificate here exists in the gateway. | |
$certificates = $gateway.VpnClientConfiguration.VpnClientRootCertificates | |
$certFound = $false | |
foreach($certificate in $certificates) | |
{ | |
if($certificate.PublicCertData -eq $virtualNetwork.Properties.CertBlob) | |
{ | |
$certFound = $true | |
break | |
} | |
} | |
if(-not $certFound) | |
{ | |
Write-Host "Adding certificate" | |
Add-AzureRmVpnClientRootCertificate -VpnClientRootCertificateName $("{0}.cer" -f $webAppName) -PublicCertData $virtualNetwork.Properties.CertBlob -VirtualNetworkGatewayName $gateway.Name | |
} | |
# Now finish joining by getting the VPN package and giving it to the App | |
Write-Host "Retreiving VPN Package and supplying to App" | |
$packageUri = Get-AzureRmVpnClientPackage -ResourceGroupName $vnet.ResourceGroupName -VirtualNetworkGatewayName $gateway.Name -ProcessorArchitecture Amd64 | |
# Put the VPN client configuration package onto the App | |
$PropertiesObject = @{ | |
"vnetName" = $vnet.Name; "vpnPackageUri" = $packageUri | |
} | |
New-AzureRmResource -Location $location -Properties $PropertiesObject -ResourceName "$($webAppName)/$($vnet.Name)/primary" -ResourceType "Microsoft.Web/sites/virtualNetworkConnections/gateways" -ApiVersion 2015-08-01 -ResourceGroupName $appResourceGroupName -Force | |
Write-Output "Intergration between " + $webAppName + " and " + $vnet.Name + " Complete !" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Somehow this appears to be the only script that I can find which actually works, so thank you so much!
Only edit is that
Add-AzureRmVpnClientRootCertificate
needs a-ResourceGroupName
parameter