Deploy two App Services - Front web app with VNet injection and Back web app with a Private Endpoint
This deploys a secure front end - back end web app. The front end web app is plugged in a subnet with the feature regional VNet integration enabled. Settings are set to consume a DNS private zone. The backend web app is only exposed through a private endpoint.
It will create a VNet, two subnets, one where your Private Endpoint will exist, the second where you will inject the front web app, an App Service Plan in PremiumV2 tier (mandatory for Private Endpoint), a Private Endpoint, settings for DNS queries to the DNS Private Zone, and a private DNS zone with record for the Private Endpoint.
Prerequisites
Optional config params
- virtualNetworkCIDR- CIDR range for the vnet (defaults to- 10.200.0.0/16)
- backendCIDR- subnet CIDR range for the backend (defaults to- 10.200.1.0/24)
- frontendCIDR- subnet CIDR range for the frontend (defaults to- 10.200.2.0/24)
Steps
After cloning this repo, from this working directory, run these commands:
- Create a new stack, which is an isolated deployment target for this example: - $ pulumi stack init dev
- Set the Azure region location to use: - $ pulumi config set azure-native:location westus2
- Next, install the dependencies: - $ npm install
- Stand up the cluster by invoking pulumi - $ pulumi up