Here is an ARM template also (gives you a overview)
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sslCertificateData": {
"type": "string",
"metadata": {
"description": "The base-64 encoded SSL certificate PFX data. Must be supplied via a parameters file references to a Key Vault / Secret Name."
}
},
"sslCertificatePassword": {
"type": "securestring",
"metadata": {
"description": "The SSL certificate password. Must be supplied via a parameters file references to a Key Vault / Secret Name."
}
},
"vNetId": {
"type": "string",
"metadata": {
"description": "The ID of the VNet."
}
},
"subnetName": {
"type": "string",
"metadata": {
"description": "The name of the DMZ Subnet."
}
}
},
"variables": {
"networkApiVersion": "2017-04-01",
"subnetId": "[concat(parameters('vNetId'), '/subnets/', parameters('subnetName'))]",
"appGatewayPublicIpAddressId": "[resourceId('Microsoft.Network/publicIPAddresses', 'appGatewayPublicIpAddress')]",
"appGwId": "[resourceId('Microsoft.Network/applicationGateways', 'appGateway')]",
"appGwSize": "Standard_Small",
"appGwTier": "Standard",
"appGwCapacity": 5,
"appGwFePort": 443,
"appGwFeProtocol": "Https",
"appGwBePort": 80,
"appGwBEProtocol": "Http"
},
"resources": [
{
"type": "Microsoft.Network/publicIPAddresses",
"name": "appGatewayPublicIpAddress",
"location": "[resourceGroup().location]",
"apiVersion": "[variables('networkApiVersion')]",
"comments": "This creates a single, dynamically allocated public IP address for use by the Application Gateway.",
"properties": {
"publicIPAllocationMethod": "Dynamic"
}
},
{
"type": "Microsoft.Network/applicationGateways",
"name": "appGateway",
"location": "[resourceGroup().location]",
"apiVersion": "[variables('networkApiVersion')]",
"comments": "This creates the Application Gateway.",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', 'appGatewayPublicIpAddress')]"
],
"properties": {
"sku": {
"name": "[variables('appGwSize')]",
"tier": "[variables('appGwTier')]",
"capacity": "[variables('appGwCapacity')]"
},
"gatewayIPConfigurations": [
{
"name": "gatewayIpCofig",
"properties": {
"subnet": {
"id": "[variables('subnetId')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "frontendIpConfig",
"properties": {
"PublicIPAddress": {
"id": "[variables('appGatewayPublicIpAddressId')]"
}
}
}
],
"frontendPorts": [
{
"name": "frontendPort",
"properties": {
"Port": "[variables('appGwFePort')]"
}
}
],
"sslCertificates": [
{
"name": "appGwSslCertificate",
"properties": {
"data": "[parameters('sslCertificateData')]",
"password": "[parameters('sslCertificatePassword')]"
}
}
],
"backendAddressPools": [
{
"name": "BackendAddressPool"
}
],
"backendHttpSettingsCollection": [
{
"name": "HttpSettings",
"properties": {
"Port": "[variables('appGwBePort')]",
"Protocol": "[variables('appGwBeProtocol')]"
}
}
],
"httpListeners": [
{
"name": "HttpListener",
"properties": {
"FrontendIPConfiguration": {
"Id": "[concat(variables('appGwId'), '/frontendIPConfigurations/frontendIpConfig')]"
},
"FrontendPort": {
"Id": "[concat(variables('appGwId'), '/frontendPorts/frontendPort')]"
},
"Protocol": "[variables('appGwFeProtocol')]",
"SslCertificate": {
"id": "[concat(variables('appGwId'), '/sslCertificates/appGwSslCertificate')]"
}
}
}
],
"requestRoutingRules": [
{
"Name": "RoutingRule",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[concat(variables('appGwId'), '/httpListeners/HttpListener')]"
},
"backendAddressPool": {
"id": "[concat(variables('appGwId'), '/backendAddressPools/BackendAddressPool')]"
},
"backendHttpSettings": {
"id": "[concat(variables('appGwId'), '/backendHttpSettingsCollection/HttpSettings')]"
}
}
}
]
}
}
]
}
```
### ARM Template Parameter File
*app-gateway-parameters.json*
```
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sslCertificateData": {
"reference": {
"keyVault": {
"id": "/subscriptions/SUBSCRIPTION_ID/resourcegroups/RESOURCE_GROUP/providers/Microsoft.KeyVault/vaults/KEY_VAULT_NAME"
},
"secretName": "CERT_SECRET_NAME"
}
},
"sslCertificatePassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/SUBSCRIPTION_ID/resourcegroups/RESOURCE_GROUP/providers/Microsoft.KeyVault/vaults/KEY_VAULT_NAME"
},
"secretName": "CERT_PASSWORD_SECRET_NAME"
}
},
"vNetId": {
"value": "/subscriptions/SUBSCRIPTION_ID/resourceGroups/RESOURCE_GROUP/providers/Microsoft.Network/virtualNetworks/VNET_NAME"
},
"subnetName": {
"value": "SUBNET_NAME"
}
}
}