Create a Azure API Management service instance with custom domain (SSL cert) using PowerShell script in Azure Devops using Release Pipelines

We will go through the process of setting up a release pipeline to provision a new API Management Service to an Azure Subscription. This will be achieved by running PowerShell script. It will create APIM service instance, If you have got your ssl certificate from Azure (App Service Certificate) then the certificates are saved in Key Vault. The script will access the ssl Certificate from Key Vault and will set custom domain for the portal and gateway endpoints. The script will be executed by release pipeline.

Download the script from apimdeploy.ps1

Add it to your repo.

Create a build pipeline and run it

Now create azure release pipeline to execute the PowerShell script to provision the APIM service instance

Add task to this pipeline as shown

Add variables and values as shown

-apimServiceName "$(apimServiceName)" -resourceGroupName "$(resourceGroupName)" -location "$(location)" -organisation "$(organisation)" -sku "$(sku)" -adminEmail "$(adminEmail)" -certificatePath "$(certificatePath)" -keyVaultName "$(keyVaultName)" -resourceGroupNameKeyVault "$(resourceGroupNameKeyVault)" -svcPrincipalAppObjectId "$(svcPrincipalAppObjectId)"  -secretName "$(secretName)" -certPassword "$(certPassword)" -proxyHostname "$(proxyHostname)" -portalHostname "$(portalHostname)"

$apimServiceName                        # This is the APIM service name

$resourceGroupName                   # The APIM service will be created in this resource group.

$location                                           # APIM service will be created in this location

$organisation                                   # APIM service will be part of this organisation, you will get this from devops URL – https://dev.azure.com/<organisation name>/<projectname>/

$sku                                                   # This could be ‘Developer’ or ‘Standard’ or ‘Premium’

$adminEmail                                   # Provide admin email where emails related to APIM will be sent

$certificatePath                               # When certificate is downloaded and converted to pfx format, it will be saved in this path on build agent. you can save it in”$(System.DefaultWorkingDirectory)/_<buildname>/drop/appservicecertificate.pfx”

$keyVaultName                               # This is the Key Vault name where the certificate is available for APIM service to use.

$resourceGroupNameKeyVault   # Resource group name of Key Vault

$svcPrincipalAppObjectId            # Release pipeline Service principal would need access to the Key Vault. Provide the ObjectID of the Service Principal. To find the objectID follow the article – http://raaviblog.com/where-to-find-application-and-service-principal-objects-in-azure-active-directory/

$secretName                                    # The secret name in Key Vault

$certPassword                                 # when the certificate is converted to pfx format, it will ask for password to be set. This password will be provided to secure the access of certificate.

$proxyHostname                            # This is custom domain name for Gateway like gateway1.contoso.com

$portalHostname                           # This is custom domain name for portal like portal1.contoso.com

Running this pipeline will create New API Management service instance. Also custom domain names for gateway and portal will be set using ssl certificate. Later you can add your API’s to product.