Skip to content

Instantly share code, notes, and snippets.

View fabriciosanchez's full-sized avatar

Fabrício Sanchez fabriciosanchez

View GitHub Profile
@fabriciosanchez
fabriciosanchez / ag-url-path-map.ps1
Created April 11, 2020 22:17
Creates a configuration object to url path map.
$pathmap = Get-AzApplicationGatewayUrlPathMapConfig `
-ApplicationGateway $appgw `
-Name "external-urlpathmapconfig"
@fabriciosanchez
fabriciosanchez / ag-path-rule-mapping.ps1
Created April 11, 2020 21:50
Creates the mapping of the existing rule and applies it to the AG.
$appgw = Add-AzApplicationGatewayUrlPathMapConfig `
-ApplicationGateway $appgw `
-Name "external-urlpathmapconfig" `
-PathRules $pathRule `
-DefaultBackendAddressPool $sinkpool `
-DefaultBackendHttpSettings $poolSettings
$appgw = Set-AzApplicationGateway `
-ApplicationGateway $appgw
@fabriciosanchez
fabriciosanchez / ag-path-rule-external.ps1
Created April 11, 2020 21:45
Creating a path rule configuration for external calls.
$pathRule = New-AzApplicationGatewayPathRuleConfig `
-Name "external" `
-Paths "/external/*" `
-BackendAddressPool $pool `
-BackendHttpSettings $poolSettings
@fabriciosanchez
fabriciosanchez / ag-retrieve-information.ps1
Created April 11, 2020 21:37
Retrieves AG's information.
# Get existing Application Gateway config
$appgw = Get-AzApplicationGateway `
-ResourceGroupName $resGroupName `
-Name $appgwName
$listener = Get-AzApplicationGatewayHttpListener `
-Name "apim-api-listener" `
-ApplicationGateway $appgw
$sinkpool = Get-AzApplicationGatewayBackendAddressPool `
@fabriciosanchez
fabriciosanchez / ag-final-conf-deploy.ps1
Created April 10, 2020 21:00
Creates the AG itself.
# step 11 - change App Gateway SKU and instances (# instances can be configured as required)
$sku = New-AzApplicationGatewaySku -Name "WAF_Medium" -Tier "WAF" -Capacity 1
# step 12 - configure WAF to be in prevention mode
$config = New-AzApplicationGatewayWebApplicationFirewallConfiguration `
-Enabled $true `
-FirewallMode "Detection"
# Deploy the App Gateway
$appgwName = "aumanager-apim-app-gw"
@fabriciosanchez
fabriciosanchez / ag-rule-developer-portal.ps1
Created April 10, 2020 20:55
Creates a rule that directs external users to APIM's developers portal.
# step 10 - create a routing rule to allow external Internet access to the developer portal
$rule01 = New-AzApplicationGatewayRequestRoutingRule `
-Name "apim-portal-rule" `
-RuleType Basic `
-HttpListener $portalListener `
-BackendAddressPool $apimProxyBackendPool `
-BackendHttpSettings $apimPoolPortalSetting
@fabriciosanchez
fabriciosanchez / ag-requesting-routing-rule.ps1
Created April 10, 2020 20:39
Creates a rule that allows external users access developers portal from the outside.
# step 10 - create a routing rule to allow external Internet access to the developer portal
$rule01 = New-AzApplicationGatewayRequestRoutingRule `
-Name "apim-portal-rule" `
-RuleType Basic `
-HttpListener $portalListener `
-BackendAddressPool $apimProxyBackendPool `
-BackendHttpSettings $apimPoolPortalSetting
@fabriciosanchez
fabriciosanchez / ag-backend-pool-no-target.ps1
Last active April 10, 2020 20:52
Creating AG's backend pool with no target.
# step 9a - configure back-end IP address pool with internal IP of APIM
$apimProxyBackendPool = New-AzApplicationGatewayBackendAddressPool `
-Name "apimbackend" `
-BackendIPAddresses $apimService.PrivateIPAddresses[0]
# step 9b - create sinkpool for API-M requests we want to discard
$sinkpool = New-AzApplicationGatewayBackendAddressPool -Name "sinkpool"
@fabriciosanchez
fabriciosanchez / ag-backend-pool-apim-internal-ip.ps1
Created April 10, 2020 20:32
Configure AG's backend pool that refers to API's calls to hit APIM's internal IP.
# step 9a - configure back-end IP address pool with internal IP of APIM
$apimProxyBackendPool = New-AzApplicationGatewayBackendAddressPool `
-Name "apimbackend" `
-BackendIPAddresses $apimService.PrivateIPAddresses[0]
@fabriciosanchez
fabriciosanchez / ag-backend-pools.ps1
Created April 10, 2020 20:26
Deploys two different backend pools.
# step 8 - configure HTTPs backend settings for the App Gateway
$apimPoolSetting = New-AzApplicationGatewayBackendHttpSettings `
-Name "apim-api-poolsetting" `
-Port 443 `
-Protocol "Https" `
-CookieBasedAffinity "Disabled" `
-Probe $apimprobe `
-AuthenticationCertificates $authcert `
-RequestTimeout 180