Created
January 31, 2024 22:16
-
-
Save RylandDeGregory/3082bc2979a5aee13f24f3ef578f79aa to your computer and use it in GitHub Desktop.
Associate an Azure App Gateway (v2) with a User Assigned Managed Identity and an Azure Key Vault SSL Certificate.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Define variables | |
| $ResourceGroupName = '' | |
| $AppGatewayName = '' | |
| $ManagedIdentityName = '' | |
| $KeyVaultName = '' | |
| $KeyVaultCertficateName = '' | |
| # Get App Gateway and Managed Identity resource objects | |
| $AppGateway = Get-AzApplicationGateway -Name $AppGatewayName -ResourceGroupName $ResourceGroupName | |
| $ManagedIdentity = Get-AzUserAssignedIdentity -Name $ManagedIdentityName -ResourceGroupName $ResourceGroupName | |
| # Associate the Managed Identity with the Application Gateway | |
| Set-AzApplicationGatewayIdentity -ApplicationGateway $AppGateway -UserAssignedIdentityId $ManagedIdentity.Id | |
| # Get the certificate from Key Vault | |
| # Required Azure RBAC Role: Key Vault Secrets User | |
| $Secret = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name $KeyVaultCertficateName | |
| # Remove the secret version so App Gateway will use the latest version in future syncs | |
| $SecretId = $Secret.Id.Replace($Secret.Version, '') | |
| # Associate the certificate with the Application Gateway | |
| Add-AzApplicationGatewaySslCertificate -KeyVaultSecretId $SecretId -ApplicationGateway $AppGateway -Name $Secret.Name | |
| # Commit the changes to the Application Gateway | |
| Set-AzApplicationGateway -ApplicationGateway $AppGateway |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment