Azure WebApp - Multiple Custom Domains in single request

Question

I'm trying to bulk upload custom domains to Azure WebApps (specifically the deployment slots). I currently loop through with Azure CLI but it adds 15-20 minutes to CICD process.

I've also tried with ARM Templates but it reports a "conflict" during bulk upload. It requires a condition or dependency on the previous hostname which means it's still configuring the domains one by one.

Does anyone know of a way to bulk configure?

Powershell and Azure CLI

#Set Host Names and SSL
  $WebApp_HostNames = Import-Csv "$(ConfigFiles_Path)\$WebApp-Hostnames.csv"
  if ($null -ne $WebApp_HostNames) {
    foreach ($HostName in $WebApp_HostNames) {
      az webapp config hostname add --hostname $HostName.Name --resource-group "$(ResourceGroup)" --webapp-name "$WebApp" --slot "$WebApp$(WebApp_Slot_Suffix)"
      az webapp config ssl bind --certificate-thumbprint $HostName.Thumbprint --ssl-type SNI --resource-group "$(ResourceGroup)" --name "$WebApp"  --slot "$WebApp$(WebApp_Slot_Suffix)"
    }
  }

EDIT : Got it! Will write out the process and provide the answer here for future reference

Answer 1

TL;DR

I've included the entire Powershell script here including getting your auth token and pushing the json config. There's nothing else you'll need to bulk upload.

Hope this helps

# Get auth token from existing Context
$currentAzureContext = Get-AzContext
$azProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
$profileClient = New-Object Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient($azProfile)
$token = $profileClient.AcquireAccessToken($currentAzureContext.Tenant.TenantId)

# Authorisation Header
$authHeader = @{
 'Content-Type'  = 'application/json'
 'Authorization' = 'Bearer ' + ($token.AccessToken)
}

# Request URL
$url = "https://management.azure.com/subscriptions/{SubscriptionID}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Web/sites/{WebAppName}/slots/{WebAppSlotName}?api-version=2018-11-01"

# JSON body
$body = '
{
    "id":"/subscriptions/{SubscriptionID}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Web/sites/{WebAppName}/slots/{WebAppSlotName}",
    "kind":"app",
    "location":"Australia East",
    "name":"{WebAppName} or {WebAppSlotName}",
    "type":"Microsoft.Web/sites/slots", or "Microsoft.Web/sites",
    "properties":{
        "hostNameSslStates":[
            {
                "name":"sub1.domain.com",
                "sslState":"SniEnabled",
                "thumbprint":"IUAHSIUHASD78ASDIUABFKASF79ASUASD8ASFHOANKSL",
                "toUpdate":true,
                "hostType":"Standard"
            
            },
            {
                "name":"sub2.domain.com",
                "sslState":"SniEnabled",
                "thumbprint":"FHISGF8A7SFG9SUGBSA7G9ASHIAOSHDF08ASHDF08AS",
                "toUpdate":true,
                "hostType":"Standard"
            
            }
        ],
        "hostNames":[
            "sub1.domain.com",
            "sub2.domain.com",
            "{Default WebApp Domain}"
        ]
    }
}
'

# Push to Azure
Invoke-RestMethod -Uri $url -Body $body -Method PUT -Headers $authHeader

Method

In the end I just pressed F12 to capture the traffic in the Networking tab in browser developer tools.

When clicking "Add Binding" in portal there's one PUT request which has the payload required to replicate. I found that the request contains ALL of the Custom Domains and SSL bindings for bulk upload, not just the change. The only trick here was to set the toUpdate property to true for all domains. I stripped out any null and notConfigured values to keep it tidier.

My next progression for this is to fetch my hostnames and certificate thumbprints and dynamically build the body before pushing the change to Azure.