Deploy API Management in internal VNet with public IP

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Bicep Version

Deploy To Azure Visualize

This template shows an example of how to deploy an Azure API Management service within your own virtual network's subnet in internal mode. In internal mode, The subnet is locked down with no client access from the internet. The gateway, developer portal, legacy developer portal, and Git endpoints are only accessible from within the virtual network. Being within the virtual network, the gateway can connect to your backends that are accessible only within your virtual network.

  • The template creates a Premium tier API Management instance that is deployed to two availability zones. You may choose to deploy the API Management instance in the Developer tier; however, availability zones are not supported in that tier.
  • The template deploys a virtual network and a dedicated subnet that hosts the API Management service.
  • The template obtains a Standard SKU public IP address from the customer's subscription.
  • The template also deploys a network security group on the API Management subnet, which is based on recommended configurations.
  • The template disables all unsecure ciphers and SSL/TLS protocols.

Tags: Microsoft.Network/networkSecurityGroups, Microsoft.Network/publicIPAddresses, Microsoft.Network/virtualNetworks, Microsoft.ApiManagement/service