|
| 1 | +--- |
| 2 | +title: 'Connect Azure Front Door Premium to an App Service origin with Private Link using Azure PowerShell' |
| 3 | +titleSuffix: Azure Private Link |
| 4 | +description: Learn how to connect your Azure Front Door Premium to a WebApp privately using Azure PowerShell. |
| 5 | +services: frontdoor |
| 6 | +author: jainsabal |
| 7 | +ms.service: azure-frontdoor |
| 8 | +ms.topic: how-to |
| 9 | +ms.date: 11/15/2024 |
| 10 | +ms.author: jainsabal |
| 11 | +--- |
| 12 | + |
| 13 | +# Connect Azure Front Door Premium to an App Service (Web App) origin with Private Link using Azure PowerShell |
| 14 | + |
| 15 | +This article guides you through how to configure Azure Front Door Premium tier to connect to your App Service (Web App) privately using the Azure Private Link service with Azure PowerShell. |
| 16 | + |
| 17 | +## Prerequisites |
| 18 | + |
| 19 | +- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). |
| 20 | +- Azure PowerShell installed locally or Azure Cloud Shell |
| 21 | +- Azure FrontDoor Premium profile, endpoint, and origin group. For more information on how to create an Azure Front Door profile, see [Create a Front Door - PowerShell](../create-front-door-powershell.md). |
| 22 | +- Azure App Service (WebApp) instance. For more information on how to create an Azure App Service, see [Create an App Service - PowerShell](../create-app-service-plan-powershell.md). |
| 23 | + |
| 24 | +> [!NOTE] |
| 25 | +> Private endpoints requires your App Service plan to meet some requirements. For more information, see [Using Private Endpoints for Azure Web App](../../app-service/networking/private-endpoint.md). |
| 26 | +> This feature is not supported with App Service Slots |
| 27 | +
|
| 28 | +## Enable Private Link to an App Service in Azure Front Door Premium |
| 29 | + |
| 30 | +1. Run [Get-AzResource](/powershell/module/az.resources/get-azresource) to get the resource ID of the App Service to be used as the origin for Azure Front Door |
| 31 | + |
| 32 | + ```azurepowershell-interactive |
| 33 | + get-AzResource -Name testWebAppAFD |
| 34 | + -ResourceGroupName testRG |
| 35 | + |
| 36 | + ``` |
| 37 | +
|
| 38 | +2. Run [New-AzFrontDoorCdnOrigin](/powershell/module/az.cdn/new-azfrontdoorcdnorigin) to add your App Service origin to your origin group. |
| 39 | +
|
| 40 | + ```azurepowershell-interactive |
| 41 | + # Add App Service origin to the Azure Front Door profile with Private Link |
| 42 | + $origin1 = New-AzFrontDoorCdnOrigin ` |
| 43 | + -OriginGroupName default-origin-group ` |
| 44 | + -OriginName test-origin ` |
| 45 | + -ProfileName testAFD ` |
| 46 | + -ResourceGroupName testRG ` |
| 47 | + -HostName testwebapp.canadacentral-01.azurewebsites.net ` |
| 48 | + -OriginHostHeader testwebapp.canadacentral-01.azurewebsites.net ` |
| 49 | + -HttpPort 80 ` |
| 50 | + -HttpsPort 443 ` |
| 51 | + -Priority 1 ` |
| 52 | + -Weight 1000 ` |
| 53 | + -PrivateLinkId /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testRG/providers/Microsoft.Web/sites/testWebAppAFD ` |
| 54 | + -SharedPrivateLinkResourceGroupId sites ` |
| 55 | + -SharedPrivateLinkResourcePrivateLinkLocation "Central US" ` |
| 56 | + -SharedPrivateLinkResourceRequestMessage "testWebAppAFDPL Private Link request" ` |
| 57 | + |
| 58 | + ``` |
| 59 | +
|
| 60 | +## Approve Azure Front Door Premium private endpoint connection from App Service |
| 61 | +
|
| 62 | +1. Run [Get-AzPrivateEndpointConnection](/powershell/module/az.network/get-azprivateendpointconnection) to list the private endpoint connections for your App Service. Note down the 'Name' of the private endpoint connection available in your App Service, in the first line of your output. |
| 63 | +
|
| 64 | + ```azurepowershell-interactive |
| 65 | + |
| 66 | + #PrivateLinkResourceId is the resource ID of the WebApp |
| 67 | + Get-AzPrivateEndpointConnection -PrivateLinkResourceId '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testRG/providers/Microsoft.Web/sites/testWebAppAFD' |
| 68 | + |
| 69 | + ``` |
| 70 | +
|
| 71 | +2. Run [Approve-AzPrivateEndpointConnection](/powershell/module/az.network/approve-azprivateendpointconnection) to approve the private endpoint connection. |
| 72 | +
|
| 73 | + ```azurepowershell-interactive |
| 74 | + |
| 75 | + Approve-AzPrivateEndpointConnection -Name 00000000-0000-0000-0000-000000000000-00000000-0000-0000-0000-000000000000 -ResourceGroupName testRG -ServiceName testWebAppAFD -PrivateLinkResourceType Microsoft.Web/sites |
| 76 | + |
| 77 | + ``` |
| 78 | +
|
| 79 | +3. Once approved, it takes a few minutes for the connection to fully establish. You can now access your App Service from Azure Front Door Premium. Direct access to the App Service from the public internet gets disabled after private endpoint gets enabled. Run [Get-AzPrivateEndpointConnection](/powershell/module/az.network/get-azprivateendpointconnection) to verify the status of the private endpoint connection. |
| 80 | +
|
| 81 | + ```azurepowershell-interactive |
| 82 | + |
| 83 | + Get-AzPrivateEndpointConnection -PrivateLinkResourceId '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testRG/providers/Microsoft.Web/sites/testWebAppAFD' |
| 84 | + |
| 85 | + ``` |
| 86 | +
|
| 87 | +## Next steps |
| 88 | +
|
| 89 | +Learn about [Private Link service with App service](../../app-service/networking/private-endpoint.md). |
0 commit comments