Merge pull request #216581 from ShawnJackson/how-to-create-user-defined-route-instance

edit pass: how-to-create-user-defined-route-instance

Author: itechedit

articles/spring-apps/how-to-create-user-defined-route-instance.md

@@ -15,27 +15,27 @@ ms.custom: devx-track-java, devx-track-azurecli
 
 **This article applies to:** ✔️ Basic/Standard tier ✔️ Enterprise tier
 
-This article describes how to secure outbound traffic from your applications hosted in Azure Spring Apps. The article provides an example of a user-defined route (UDR) instance. UDR is an advanced feature that lets you fully control egress traffic. You can use UDR in scenarios such as disallowing an Azure Spring Apps auto-generated public IP.
+This article describes how to secure outbound traffic from your applications hosted in Azure Spring Apps. The article provides an example of a user-defined route. A user-defined route is an advanced feature that lets you fully control egress traffic. You can use a user-defined route in scenarios such as disallowing an Azure Spring Apps autogenerated public IP address.
 
 ## Prerequisites
 
-- All prerequisites for deploying Azure Spring Apps in a virtual network. For more information, see [Deploy Azure Spring Apps in a virtual network](how-to-deploy-in-azure-virtual-network.md).
-- API version of `2022-09-01 preview` or greater
-- [Azure CLI version 1.1.7 or later](/cli/azure/install-azure-cli).
-- You should be familiar with information in the following articles:
+- All prerequisites for [deploying Azure Spring Apps in a virtual network](how-to-deploy-in-azure-virtual-network.md)
+- An API version of `2022-09-01 preview` or later
+- [Azure CLI version 1.1.7 or later](/cli/azure/install-azure-cli)
+- Familiarity with information in the following articles:
   - [Deploy Azure Spring Apps in a virtual network](how-to-deploy-in-azure-virtual-network.md)
-  - [Customer responsibilities for running Azure Spring Apps in VNET](vnet-customer-responsibilities.md)
-  - [Customize Azure Spring Cloud egress with a User-Defined Route](concept-outbound-type.md)
+  - [Customer responsibilities for running Azure Spring Apps in a virtual network](vnet-customer-responsibilities.md)
+  - [Customize Azure Spring Apps egress with a user-defined route](concept-outbound-type.md)
 
-## Create a VNet instance using a user-defined route
+## Create a virtual network by using a user-defined route
 
-The following illustration shows an example of an Azure Spring Apps VNet instance using a user-defined route.
+The following illustration shows an example of an Azure Spring Apps virtual network that uses a user-defined route (UDR).
 
-:::image type="content" source="media/how-to-create-user-defined-route-instance/user-defined-route-example-architecture.png" lightbox="media/how-to-create-user-defined-route-instance/user-defined-route-example-architecture.png" alt-text="Architecture diagram showing user-defined routing.":::
+:::image type="content" source="media/how-to-create-user-defined-route-instance/user-defined-route-example-architecture.png" lightbox="media/how-to-create-user-defined-route-instance/user-defined-route-example-architecture.png" alt-text="Architecture diagram that shows user-defined routing.":::
 
-### Set configuration using environment variables
+### Define environment variables
 
-The following example shows how to define a set of environment variables to be used in resource creation.
+The following example shows how to define a set of environment variables to be used in resource creation:
 
 ```bash
 PREFIX="asa-egress"
@@ -45,7 +45,7 @@ ASANAME="${PREFIX}"
 VNET_NAME="${PREFIX}-vnet"
 ASA_APP_SUBNET_NAME="asa-app-subnet"
 ASA_SERVICE_RUNTIME_SUBNET_NAME="asa-service-runtime-subnet"
-# DO NOT CHANGE FWSUBNET_NAME - This is currently a requirement for Azure Firewall.
+# Do not change FWSUBNET_NAME. This is currently a requirement for Azure Firewall.
 FWSUBNET_NAME="AzureFirewallSubnet"
 FWNAME="${PREFIX}-fw"
 FWPUBLICIP_NAME="${PREFIX}-fwpublicip"
@@ -58,20 +58,20 @@ ASA_NAME="${PREFIX}-instance"
 
 ### Create a virtual network with multiple subnets
 
-This section shows you how to provision a virtual network with three separate subnets: one for the user apps, one for service runtime, and one for the firewall.
+This section shows you how to provision a virtual network with three separate subnets: one for the user apps, one for the service runtime, and one for the firewall.
 
-First create a resource group, as shown in the following example.
+First create a resource group, as shown in the following example:
 
 ```azurecli
-# Create resource group.
+# Create a resource group.
 
 az group create --name $RG --location $LOC
 ```
 
-Then create a virtual network with three subnets to host the ASA instance and the Azure Firewall, as shown in the following example.
+Then create a virtual network with three subnets to host the Azure Spring Apps and Azure Firewall instances, as shown in the following example:
 
 ```azurecli
-# Dedicated virtual network with ASA app subnet.
+# Dedicated virtual network with an Azure Spring Apps app subnet.
 
 az network vnet create \
     --resource-group $RG \
@@ -81,15 +81,15 @@ az network vnet create \
     --subnet-name $ASA_APP_SUBNET_NAME \
     --subnet-prefix 10.42.1.0/24
 
-# Dedicated subnet for ASA service runtime subnet.
+# Dedicated subnet for the Azure Spring Apps service runtime subnet.
 
 az network vnet subnet create \
     --resource-group $RG \
     --vnet-name $VNET_NAME \
     --name $ASA_SERVICE_RUNTIME_SUBNET_NAME\
     --address-prefix 10.42.2.0/24
 
-# Dedicated subnet for Azure Firewall. (Firewall name cannot be changed.)
+# Dedicated subnet for Azure Firewall. (Firewall name can't be changed.)
 
 az network vnet subnet create \
     --resource-group $RG \
@@ -98,12 +98,12 @@ az network vnet subnet create \
     --address-prefix 10.42.3.0/24
 ```
 
-### Create and set up an Azure Firewall with a user-defined route
+### Set up an Azure Firewall instance with a user-defined route
 
-Use the following command to create and set up an Azure Firewall with a user-defined route and configure Azure Firewall outbound rules. The firewall lets you configure granular egress traffic rules from an Azure Spring Apps instance.
+Use the following command to create and set up an Azure Firewall instance with a user-defined route, and to configure Azure Firewall outbound rules. The firewall lets you configure granular egress traffic rules from Azure Spring Apps.
 
 > [!IMPORTANT]
-> If your cluster or application creates a large number of outbound connections directed to the same or small subset of destinations, you might require more firewall frontend IPs to avoid reaching the maximum ports per front-end IP. For more information on how to create an Azure firewall with multiple IPs, see [Quickstart: Create an Azure Firewall with multiple public IP addresses - ARM template](../firewall/quick-create-multiple-ip-template.md). Create a standard SKU public IP resource that will be used as the Azure Firewall front-end address.
+> If your cluster or application creates a large number of outbound connections directed to the same destination or to a small subset of destinations, you might require more firewall front-end IP addresses to avoid reaching the maximum ports per front-end IP address. For more information on how to create an Azure Firewall instance with multiple IP addresses, see [Quickstart: Create an Azure Firewall instance with multiple public IP addresses - ARM template](../firewall/quick-create-multiple-ip-template.md). Create a Standard SKU public IP resource that will be used as the Azure Firewall front-end address.
 
 ```azurecli
 az network public-ip create \
@@ -112,10 +112,10 @@ az network public-ip create \
     --sku "Standard"
 ```
 
-The following example shows how to install the Azure Firewall preview CLI extension and deploy Azure Firewall.
+The following example shows how to install the Azure Firewall preview CLI extension and deploy Azure Firewall:
 
 ```azurecli
-# Install Azure Firewall preview CLI extension.
+# Install the Azure Firewall preview CLI extension.
 
 az extension add --name azure-firewall
 
@@ -127,13 +127,13 @@ az network firewall create \
     --enable-dns-proxy true
 ```
 
-The following example shows how to assign the IP address you created to the firewall front end.
+The following example shows how to assign the IP address that you created to the firewall front end.
 
 > [!NOTE]
-> Setting up the public IP address to the Azure Firewall may take a few minutes. To leverage FQDN on network rules, enable DNS proxy. When enabled, the firewall will listen on port 53 and forward DNS requests to the specified DNS server. The firewall can then translate the FQDN automatically.
+> Setting up the public IP address to the Azure Firewall instance might take a few minutes. To use a fully qualified domain name (FQDN) on network rules, enable a DNS proxy. After you enable the proxy, the firewall will listen on port 53 and forward DNS requests to the specified DNS server. The firewall can then translate the FQDN automatically.
 
 ```azurecli
-# Configure firewall IP config.
+# Configure the firewall IP address.
 
 az network firewall ip-config create \
     --resource-group $RG \
@@ -143,10 +143,10 @@ az network firewall ip-config create \
     --vnet-name $VNET_NAME
 ```
 
-When the operation has completed, save the firewall front-end IP address for configuration later, as shown in the following example.
+When the operation is finished, save the firewall's front-end IP address for configuration later, as shown in the following example:
 
 ```azurecli
-# Capture firewall IP address for later use.
+# Capture the firewall IP address for later use.
 
 FWPUBLIC_IP=$(az network public-ip show \
     --resource-group $RG \
@@ -162,12 +162,12 @@ FWPRIVATE_IP=$(az network firewall show \
 
 ### Create a user-defined route with a hop to Azure Firewall
 
-Azure automatically routes traffic between Azure subnets, virtual networks, and on-premises networks. If you want to change Azure's default routing, create a route table.
+Azure automatically routes traffic between Azure subnets, virtual networks, and on-premises networks. If you want to change the default routing in Azure, create a route table.
 
-The following example shows how to create a route table to be associated with a specified subnet. The route table defines the next hop, as in the Azure Firewall you created. Each subnet can have one route table associated with it, or could have no associated route table.
+The following example shows how to create a route table to be associated with a specified subnet. The route table defines the next hop, as in the Azure Firewall instance that you created. Each subnet can have one route table associated with it, or it might have no associated route table.
 
 ```azurecli
-# Create UDR and add a route for Azure Firewall.
+# Create a user-defined route and add a route for Azure Firewall.
 
 az network route-table create \
     --resource-group $RG -l $LOC \
@@ -191,9 +191,9 @@ az network route-table route create \
     --next-hop-ip-address $FWPRIVATE_IP
 ```
 
-### Adding firewall rules
+### Add firewall rules
 
-The following example shows hot to add rules to your firewall. For more information, see [Customer responsibilities for running Azure Spring Apps in VNET](vnet-customer-responsibilities.md).
+The following example shows how to add rules to your firewall. For more information, see [Customer responsibilities for running Azure Spring Apps in a virtual network](vnet-customer-responsibilities.md).
 
 ```azurecli
 # Add firewall network rules.
@@ -241,10 +241,10 @@ az network firewall application-rule create \
 
 ### Associate route tables with subnets
 
-To associate the cluster with the firewall, the dedicated subnet for the cluster's subnet must reference the route table you created. App and service runtime subnets must be associated with corresponding route tables. The following example shows how to associate a route table with a subnet.
+To associate the cluster with the firewall, make sure that the dedicated subnet for the cluster references the route table that you created. App and service runtime subnets must be associated with corresponding route tables. The following example shows how to associate a route table with a subnet:
 
 ```azurecli
-# Associate route table with next hop to Firewall to the Azure Spring Apps subnet.
+# Associate the route table with a next hop to the firewall for the Azure Spring Apps subnet.
 
 az network vnet subnet update \
     --resource-group $RG \
@@ -259,9 +259,9 @@ az network vnet subnet update
     --route-table $SERVICE_RUNTIME_ROUTE_TABLE_NAME
 ```
 
-### Add a role for an Azure Spring Apps RP
+### Add a role for an Azure Spring Apps relying party
 
-The following example shows how to add a role for an Azure Spring Apps RP.
+The following example shows how to add a role for an Azure Spring Apps relying party:
 
 ```azurecli
 VIRTUAL_NETWORK_RESOURCE_ID=$(az network vnet show \
@@ -276,9 +276,9 @@ az role assignment create \
     --assignee e8de9221-a19c-4c81-b814-fd37c6caf9d2
 ```
 
-### Create a UDR Azure Spring Apps instance
+### Create an Azure Spring Apps instance with user-defined routing
 
-The following example shows how to create a UDR Azure Spring Apps instance.
+The following example shows how to create an Azure Spring Apps instance with user-defined routing:
 
 ```azurecli
 az spring create \
@@ -290,9 +290,9 @@ az spring create \
     --outbound-type userDefinedRouting
 ```
 
-You can now access the public IP of the firewall from the internet. The firewall will route traffic into Azure Spring Apps subnets according to your routing rules.
+You can now access the public IP address of the firewall from the internet. The firewall will route traffic into Azure Spring Apps subnets according to your routing rules.
 
 ## Next steps
 
 - [Troubleshooting Azure Spring Apps in virtual networks](troubleshooting-vnet.md)
-- [Customer responsibilities for running Azure Spring Apps in VNET](vnet-customer-responsibilities.md)
+- [Customer responsibilities for running Azure Spring Apps in a virtual network](vnet-customer-responsibilities.md)