Resource typeMicrosoft.Web/hostingEnvironments and Microsoft.Network/virtualNetworks
apiVersion (i.e. 2022-03-01)
Client (PowerShell, Azure CLI, or API) Azure CLI
Relevant ARM Template code (we only need the resource object for the above resourceType and apiVersion, but if it's easier you can include the entire template
@description('Required. Resource Group name of virtual network if using existing vnet and subnet.')
param vNetResourceGroupName string = resourceGroup().name
@description('Required. The Virtual Network (vNet) Name.')
param virtualNetworkName string = '${aseName}-vnet' //'vnet-asev3'
@description('Required. Location for all resources.')
param location string = resourceGroup().location
@description('Required. An Array of 1 or more IP Address Prefixes for the Virtual Network.')
param vNetAddressPrefixes array = [
'192.168.10.0/23'
]
@description('Required. The subnet range of ASEv3.')
param subnetAddressPrefix string = '192.168.10.0/24'
@description('Required. The subnet Name of ASEv3.')
param subnetName string = 'ase03'
@description('Required. The subnet properties.')
param subnets array = [
{
name: 'ase03'
addressPrefix: subnetAddressPrefix
delegations: [
{
name: 'Microsoft.Web.hostingEnvironments'
properties: {
serviceName: 'Microsoft.Web/hostingEnvironments'
}
}
]
privateEndpointNetworkPolicies: 'Enabled'
privateLinkServiceNetworkPolicies: 'Enabled'
networkSecurityGroupName: 'nsg-asev3'
}
]
@description('Required. Name of ASEv3.')
param aseName string
@description('Required. Dedicated host count of ASEv3.')
param dedicatedHostCount int = 0
@description('Optional. Create a private DNS zone for ASEv3.')
param createPrivateDNS bool = true
@description('Required. Load balancer mode: 0-external load balancer, 3-internal load balancer for ASEv3.')
@allowed([
'Web, Publishing'
'None'
])
param internalLoadBalancingMode string = 'Web, Publishing'
@description('Required. Name of the Network Security Group.')
@minLength(1)
param networkSecurityGroupName string = 'nsg-asev3'
@description('Required. Array of Security Rules to deploy to the Network Security Group.')
param networkSecurityGroupSecurityRules array = []
@description('Workspace ID')
@secure()
param diagnosticWorkspaceId string
@description('Required. Environment Tag.')
param Environment string = 'tst'
var uniStr = uniqueString(resourceGroup().id)
var virtualNetworkId = resourceId(vNetResourceGroupName, 'Microsoft.Network/virtualNetworks', virtualNetworkName)
var subnetId = resourceId(vNetResourceGroupName, 'Microsoft.Network/virtualNetworks/subnets', virtualNetworkName, subnetName)
var ipsslAddressCount = 0
var privateDNSZoneName = asev3.properties.dnsSuffix
var upgradePreference = 'None'
var remoteDebugEnabled = false
var ftpEnabled = true
var inboundIpAddressOverride = '192.168.10.4'
var allowNewPrivateEndpointConnections = false
var zoneRedundantMap = {
dev: false
tst: false
prd: true
}
var zoneRedundant = zoneRedundantMap[Environment]
var clusterSettings = [
{
name: 'DisableTls1.0'
value: '1'
}
]
//Default Logging Values
var diagnosticLogCategoriesToEnable = [ 'allLogs' ]
var diagnosticSettingsName = 'diag-${aseName}-asev3-log'
var diagnosticStorageAccountId = ''
var diagnosticEventHubAuthorizationRuleId = ''
var diagnosticEventHubName = ''
var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): {
category: category
enabled: true
}]
var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [
{
categoryGroup: 'allLogs'
enabled: true
}
] : diagnosticsLogsSpecified
resource networksecuritygroup 'Microsoft.Network/networkSecurityGroups@2020-11-01' = {
name: networkSecurityGroupName
location: location
properties: {
securityRules: [for item in networkSecurityGroupSecurityRules: {
name: item.name
properties: {
description: toLower(item.properties.description)
access: item.properties.access
destinationAddressPrefix: ((item.properties.destinationAddressPrefix == '') ? null : item.properties.destinationAddressPrefix)
destinationAddressPrefixes: ((length(item.properties.destinationAddressPrefixes) == 0) ? null : item.properties.destinationAddressPrefixes)
destinationPortRanges: ((length(item.properties.destinationPortRanges) == 0) ? null : item.properties.destinationPortRanges)
destinationPortRange: ((item.properties.destinationPortRange == '') ? null : item.properties.destinationPortRange)
direction: item.properties.direction
priority: int(item.properties.priority)
protocol: item.properties.protocol
sourceAddressPrefix: ((item.properties.sourceAddressPrefix == '') ? null : item.properties.sourceAddressPrefix)
sourcePortRanges: ((length(item.properties.sourcePortRanges) == 0) ? null : item.properties.sourcePortRanges)
sourcePortRange: item.properties.sourcePortRange
}
}]
}
}
resource virtualnetwork 'Microsoft.Network/virtualNetworks@2020-11-01' = {
name: virtualNetworkName
location: location
dependsOn: [
networksecuritygroup
]
properties: {
addressSpace: {
addressPrefixes: vNetAddressPrefixes
}
subnets: [for item in subnets: {
name: item.name
properties: {
addressPrefix: item.addressPrefix
networkSecurityGroup: (empty(item.networkSecurityGroupName) ? null : json('{"id": "${resourceId('Microsoft.Network/networkSecurityGroups', item.networkSecurityGroupName)}"}'))
delegations: item.delegations
}
}]
}
}
resource asev3 'Microsoft.Web/hostingEnvironments@2022-03-01' = {
name: aseName
location: location
kind: 'ASEV3'
dependsOn: [
virtualnetwork
]
properties: {
clusterSettings: clusterSettings
dedicatedHostCount: dedicatedHostCount != 0 ? dedicatedHostCount : null
//dnsSuffix: dnsSuffix
//frontEndScaleFactor: frontEndScaleFactor
internalLoadBalancingMode: internalLoadBalancingMode
ipsslAddressCount: ipsslAddressCount != 0 ? ipsslAddressCount : null
//multiSize: !empty(multiSize) ? any(multiSize) : null
upgradePreference: upgradePreference
//userWhitelistedIpRanges: !empty(userWhitelistedIpRanges) ? userWhitelistedIpRanges : null
virtualNetwork: {
id: subnetId
}
zoneRedundant: zoneRedundant
}
}
resource configuration 'Microsoft.Web/hostingEnvironments/configurations@2022-03-01' = {
name: 'networking'
parent: asev3
properties: {
allowNewPrivateEndpointConnections: allowNewPrivateEndpointConnections
ftpEnabled: ftpEnabled
inboundIpAddressOverride: inboundIpAddressOverride
remoteDebugEnabled: remoteDebugEnabled
}
}
resource asev3_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId)) {
name: !empty(diagnosticSettingsName) ? diagnosticSettingsName : '${aseName}-diagnosticSettings'
properties: {
storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null
workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null
eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null
eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null
logs: diagnosticsLogs
}
scope: asev3
}
module privatednszone 'modules/privatednszone.bicep' = if (createPrivateDNS && internalLoadBalancingMode == 3) {
name: 'private-dns-zone-deployment-${uniStr}'
params: {
privateDNSZoneName: privateDNSZoneName
virtualNetworkId: virtualNetworkId
aseName: aseName
}
}
@description('The resource ID of the App Service Environment.')
output resourceId string = asev3.id
@description('The resource group the App Service Environment was deployed into.')
output resourceGroupName string = resourceGroup().name
@description('The name of the App Service Environment.')
output name string = asev3.name
@description('The location the resource was deployed into.')
output location string = asev3.location
Expected response (i.e. "I expected no noise since the template has not been modified since the resources were deployed)
I expect no changes since the what-if was executed right after deployment. It always returns list of changes that in reality are not applied.
Current (noisy) response (either include a screenshot of the what-if output, or copy/paste the text)
Describe the noise
Resource type
Microsoft.Web/hostingEnvironments
andMicrosoft.Network/virtualNetworks
apiVersion (i.e. 2022-03-01)
Client (PowerShell, Azure CLI, or API) Azure CLI
Relevant ARM Template code (we only need the resource object for the above
resourceType
andapiVersion
, but if it's easier you can include the entire templateExpected response (i.e. "I expected no noise since the template has not been modified since the resources were deployed) I expect no changes since the
what-if
was executed right after deployment. It always returns list of changes that in reality are not applied.Current (noisy) response (either include a screenshot of the what-if output, or copy/paste the text)
Additional context Issue is impacting Customer.