Deploy two App Services - Front web app with VNet injection and Back web app with a Private Endpoint | TypeScript

View Code Deploy

This deploys a secure front end - back end web app. The front end web app is plugged in a subnet with the feature regional VNet integration enabled. Settings are set to consume a DNS private zone. The backend web app is only exposed through a private endpoint.

It will create a VNet, two subnets, one where your Private Endpoint will exist, the second where you will inject the front web app, an App Service Plan in PremiumV2 tier (mandatory for Private Endpoint), a Private Endpoint, settings for DNS queries to the DNS Private Zone, and a private DNS zone with record for the Private Endpoint.


  1. Install Pulumi
  2. Install node.js
  3. Configure Azure Credentials

Optional config params

  1. virtualNetworkCIDR - CIDR range for the vnet (defaults to
  2. backendCIDR - subnet CIDR range for the backend (defaults to
  3. frontendCIDR - subnet CIDR range for the frontend (defaults to


After cloning this repo, from this working directory, run these commands:

  1. Create a new stack, which is an isolated deployment target for this example:

    $ pulumi stack init dev
  2. Set the Azure region location to use:

    $ pulumi config set azure-native:location westus2
  3. Next, install the dependencies:

    $ npm install
  4. Stand up the cluster by invoking pulumi

    $ pulumi up