website logo
HomeGithubSlack
⌘K
Overview
Quick Start
Supported Services
Running CloudGraph in EKS
Compliance
Rules Engine
AWS
Querying AWS Data
AWS Policy Packs
Billing Data
Services
Azure
Querying Azure Data
Azure Policy Packs
Services
GCP
Querying GCP Data
GCP Policy Packs
Services
K8s
Querying Kubernetes Data
Services
Docs powered by archbee 

App Service Web App

16min

Note: if you are running CloudGraph locally you can view the interactive, automatically generated documentation in either GraphQL Playground or Altair by clicking the docs button on the right-hand side of the screen. After reading the below information we highly suggest you use one of these tools to test your queries as they will autocomplete fields for you and let you know if your queries are valid before you even submit them.

Overview

You can currently query the following attributes and connections on an Azure App Service Web App

GraphQL
|
query {
  queryazureAppServiceWebApp{
    id
    name
    type
    kind
    subscriptionId
    region
    state
    hostNames
    repositorySiteName
    usageState
    enabled
    enabledHostNames
    availabilityState
    hostNameSslStates{
      id
      name
      sslState
      ipBasedSslResult
      ipBasedSslState
      virtualIP
      thumbprint
      toUpdate
      toUpdateIpBasedSsl
      hostType
    }
    serverFarmId
    reserved
    isXenon
    hyperV
    lastModifiedTimeUtc
    siteConfig{
      numberOfWorkers
      defaultDocuments
      netFrameworkVersion
      phpVersion
      pythonVersion
      nodeVersion
      powerShellVersion
      linuxFxVersion
      windowsFxVersion
      requestTracingEnabled
      requestTracingExpirationTime
      remoteDebuggingEnabled
      remoteDebuggingVersion
      httpLoggingEnabled
      acrUseManagedIdentityCreds
      acrUserManagedIdentityID
      logsDirectorySizeLimit
      detailedErrorLoggingEnabled
      publishingUsername
      appSettings{
        id
        name
        value
      }
      connectionStrings{
        id
        name
        connectionString
        type
      }
      documentRoot
      scmType
      use32BitWorkerProcess
      webSocketsEnabled
      alwaysOn
      javaVersion
      javaContainer
      javaContainerVersion
      appCommandLine
      managedPipelineMode
      virtualApplications{
        id
        virtualPath
        physicalPath
        preloadEnabled
        virtualDirectories{
          id
          virtualPath
          physicalPath
        }
      }
      loadBalancing
      limits{
        maxPercentageCpu
        maxMemoryInMb
        maxDiskSizeInMb
      }
      autoHealEnabled
      tracingOptions
      vnetName
      vnetRouteAllEnabled
      vnetPrivatePortsCount
      cors{
        allowedOrigins
        supportCredentials
      }
      isPushEnabled
      apiDefinitionInfoUrl
      apiManagementConfigId
      autoSwapSlotName
      localMySqlEnabled
      managedServiceIdentityId
      xManagedServiceIdentityId
      keyVaultReferenceIdentity
      scmIpSecurityRestrictionsUseMain
      http20Enabled
      http20ProxyFlag
      minTlsVersion
      scmMinTlsVersion
      ftpsState
      preWarmedInstanceCount
      functionAppScaleLimit
      healthCheckPath
      functionsRuntimeScaleMonitoringEnabled
      websiteTimeZone
      minimumElasticInstanceCount
      publicNetworkAccess
    }
    trafficManagerHostNames
    scmSiteAlsoStopped
    targetSwapSlot
    hostingEnvironmentProfile {
      id
    }
    clientAffinityEnabled
    clientCertEnabled
    clientCertMode
    clientCertExclusionPaths
    hostNamesDisabled
    customDomainVerificationId
    outboundIpAddresses
    possibleOutboundIpAddresses
    containerSize
    dailyMemoryTimeQuota
    suspendedTill
    maxNumberOfWorkers
    resourceGroupId
    isDefaultContainer
    defaultHostName
    httpsOnly
    redundancyMode
    inProgressOperationId
    storageAccountRequired
    keyVaultReferenceIdentity
    virtualNetworkSubnetId
    appServicePlan{
      id
      # Other fields and connections here...
    }
    resourceGroup{
      id
      # Other fields and connections here...
    }
    storageAccounts{
      id
      # Other fields and connections here...
    }
    tags{
      id
      key
      value
    }
  }
}


Filtering

Get data for a single Azure App Service Web App key that you know the ID for:

GraphQL
|
query {
  getazureAppServiceWebApp(id: "12345") {
    id
    # Other fields and connections here...
  }
}


Get data for all of the App Service Web Apps in a certain Azure subscription:

GraphQL
|
query {
  queryazureAppServiceWebApp(filter: { subscriptionId: { eq: "12345" } }) {
    id
    # Other fields and connections here...
  }
}

# Note that in addition to "subscriptionId" you can
# Filter based on any of the following attributes:

# id
# name
# type
# kind
# region
# resourceGroup
# state
# hostNames
# repositorySiteName
# usageState
# enabled
# enabledHostNames
# availabilityState
# serverFarmId
# reserved
# isXenon
# hyperV
# lastModifiedTimeUtc
# trafficManagerHostNames
# scmSiteAlsoStopped
# targetSwapSlot
# hostingEnvironmentProfile: azureOptionalResource
# clientAffinityEnabled
# clientCertEnabled
# clientCertMode
# clientCertExclusionPaths
# hostNamesDisabled
# customDomainVerificationId
# outboundIpAddresses
# possibleOutboundIpAddresses
# containerSize
# dailyMemoryTimeQuota
# suspendedTill
# maxNumberOfWorkers
# resourceGroupId
# isDefaultContainer
# defaultHostName
# httpsOnly
# redundancyMode
# inProgressOperationId
# storageAccountRequired
# keyVaultReferenceIdentity
# virtualNetworkSubnetId

# And the following Dgraph filters can also be applied:

# has
# and
# or
# not
# regexp (regular expressions)

# fulltext filters

# alloftext
# anyoftext


Get data for all of the App Service Web Apps that are NOT in a certain Azure subscription:

GraphQL
|
query {
  queryazureAppServiceWebApp(filter: { not: { subscriptionId: { eq: "12345" } } }) {
    id
    # Other fields and connections here...
  }
}


Advanced Filtering

Get data for all of the App Service Web Apps that are connected to a storageAccount:

GraphQL
|
query {
  queryazureAppServiceWebApp(filter: { has: storageAccounts }) {
    id
    # Other fields and connections here...
  }
}

# Note that in addition to "storageAccounts" you can filter
# Using "has" based on any of the following attributes:

# tags


Ordering

You can order the results you get back either asc or desc depending on your preference:

GraphQL
|
query {
  queryazureAppServiceWebApp(order: { desc: name }) {
    id
    # Other fields and connections here...
  }
}

# Note that in addition to "name" you can filter
# Using "asc" or "desc" based on any of the following attributes:

# id
# type
# kind
# region
# resourceGroup
# state
# hostNames
# repositorySiteName
# usageState
# enabled
# enabledHostNames
# availabilityState
# serverFarmId
# reserved
# isXenon
# hyperV
# lastModifiedTimeUtc
# trafficManagerHostNames
# scmSiteAlsoStopped
# targetSwapSlot
# hostingEnvironmentProfile: azureOptionalResource
# clientAffinityEnabled
# clientCertEnabled
# clientCertMode
# clientCertExclusionPaths
# hostNamesDisabled
# customDomainVerificationId
# outboundIpAddresses
# possibleOutboundIpAddresses
# containerSize
# dailyMemoryTimeQuota
# suspendedTill
# maxNumberOfWorkers
# resourceGroupId
# isDefaultContainer
# defaultHostName
# httpsOnly
# redundancyMode
# inProgressOperationId
# storageAccountRequired
# keyVaultReferenceIdentity
# virtualNetworkSubnetId


Only select and return the first two App Service Web Apps that are found:

GraphQL
|
query {
  queryazureAppServiceWebApp(first: 2, order: { desc: name }) {
    id
    # Other fields and connections here...
  }
}


Only select and return the first two App Service Web Apps that are found, but offset by one so keys two & three are returned:

GraphQL
|
query {
  queryazureAppServiceWebApp(first: 2, order: { desc: name }, offset: 1) {
    id
    # Other fields and connections here...
  }
}


Aggregation

Count the number of App Service Web Apps across all scanned Azure subscriptions:

GraphQL
|
query {
  aggregateazureAppServiceWebApp {
    count
    # Other fields and connections here...
  }
}

# Note that in addition to "count" you can request the
# Following min and max values based on attributes of your App Service Web Apps:

# idMin
# idMax
# nameMin
# nameMax
# typeMin
# typeMax
# kindMin
# kindMax
# subscriptionIdMin
# subscriptionIdMax
# regionMin
# regionMax
# stateMin
# stateMax
# repositorySiteNameMin
# repositorySiteNameMax
# usageStateMin
# usageStateMax
# availabilityStateMin
# availabilityStateMax
# serverFarmIdMin
# serverFarmIdMax
# lastModifiedTimeUtcMin
# lastModifiedTimeUtcMax
# targetSwapSlotMin
# targetSwapSlotMax
# clientCertModeMin
# clientCertModeMax
# clientCertExclusionPathsMin
# clientCertExclusionPathsMax
# customDomainVerificationIdMin
# customDomainVerificationIdMax
# outboundIpAddressesMin
# outboundIpAddressesMax
# possibleOutboundIpAddressesMin
# possibleOutboundIpAddressesMax
# containerSizeMin
# containerSizeMax
# containerSizeSum
# containerSizeAvg
# dailyMemoryTimeQuotaMin
# dailyMemoryTimeQuotaMax
# dailyMemoryTimeQuotaSum
# dailyMemoryTimeQuotaAvg
# suspendedTillMin
# suspendedTillMax
# maxNumberOfWorkersMin
# maxNumberOfWorkersMax
# maxNumberOfWorkersSum
# maxNumberOfWorkersAvg
# resourceGroupIdMin
# resourceGroupIdMax
# defaultHostNameMin
# defaultHostNameMax
# redundancyModeMin
# redundancyModeMax
# inProgressOperationIdMin
# inProgressOperationIdMax
# keyVaultReferenceIdentityMin
# keyVaultReferenceIdentityMax
# virtualNetworkSubnetIdMin
# virtualNetworkSubnetIdMax


Count the number of App Service Web Apps in a single account. Note that you can apply all of the same filters that are listed above to aggregate queries:

GraphQL
|
query {
  aggregateazureAppServiceWebApp(filter: { subscriptionId: { eq: "12345" } }) {
    count
    # Other fields and connections here...
  }
}


Examples

Find all of the App Service Web Apps that are in the eastus region across all your accounts:

GraphQL
|
query {
  queryazureAppServiceWebApp(filter: { region: { eq: "eastus" } }) {
    id
    # Other fields and connections here...
  }
}


Find all of the App Service Web Apps that have a tag of Environment:Production for a single Azure Subscription:

GraphQL
|
query {
  queryazureTag(
    filter: { key: { eq: "Environment" }, value: { eq: "Production" } }
  ) {
    appServiceWebApps(filter: { subscriptionId: { eq: "12345" } }) {
      id
      # Other fields and connections here...
    }
  }
}


With CloudGraph you can run multiple queries at the same time so you can combine the above two queries if you like:

GraphQL
|
query {
  queryazureVirtualMachine(filter: { region: { eq: "eastus" } }) {
    id
    # Other fields and connections here...
  }
  queryazureTag(
    filter: { key: { eq: "Environment" }, value: { eq: "Production" } }
  ) {
    appServiceWebApps(filter: { subscriptionId: { eq: "12345" } }) {
      id
      # Other fields and connections here...
    }
  }
}


Kitchen Sink

Putting it all together; get all data for all App Service Web Apps across all regions for all scanned Azure subscriptions in a single query.

GraphQL
|
query {
  queryazureAppServiceWebApp{
    id
    name
    type
    kind
    subscriptionId
    region
    state
    hostNames
    repositorySiteName
    usageState
    enabled
    enabledHostNames
    availabilityState
    hostNameSslStates{
      id
      name
      sslState
      ipBasedSslResult
      ipBasedSslState
      virtualIP
      thumbprint
      toUpdate
      toUpdateIpBasedSsl
      hostType
    }
    serverFarmId
    reserved
    isXenon
    hyperV
    lastModifiedTimeUtc
    siteConfig{
      numberOfWorkers
      defaultDocuments
      netFrameworkVersion
      phpVersion
      pythonVersion
      nodeVersion
      powerShellVersion
      linuxFxVersion
      windowsFxVersion
      requestTracingEnabled
      requestTracingExpirationTime
      remoteDebuggingEnabled
      remoteDebuggingVersion
      httpLoggingEnabled
      acrUseManagedIdentityCreds
      acrUserManagedIdentityID
      logsDirectorySizeLimit
      detailedErrorLoggingEnabled
      publishingUsername
      appSettings{
        id
        name
        value
      }
      connectionStrings{
        id
        name
        connectionString
        type
      }
      documentRoot
      scmType
      use32BitWorkerProcess
      webSocketsEnabled
      alwaysOn
      javaVersion
      javaContainer
      javaContainerVersion
      appCommandLine
      managedPipelineMode
      virtualApplications{
        id
        virtualPath
        physicalPath
        preloadEnabled
        virtualDirectories{
          id
          virtualPath
          physicalPath
        }
      }
      loadBalancing
      limits{
        maxPercentageCpu
        maxMemoryInMb
        maxDiskSizeInMb
      }
      autoHealEnabled
      tracingOptions
      vnetName
      vnetRouteAllEnabled
      vnetPrivatePortsCount
      cors{
        allowedOrigins
        supportCredentials
      }
      isPushEnabled
      apiDefinitionInfoUrl
      apiManagementConfigId
      autoSwapSlotName
      localMySqlEnabled
      managedServiceIdentityId
      xManagedServiceIdentityId
      keyVaultReferenceIdentity
      scmIpSecurityRestrictionsUseMain
      http20Enabled
      http20ProxyFlag
      minTlsVersion
      scmMinTlsVersion
      ftpsState
      preWarmedInstanceCount
      functionAppScaleLimit
      healthCheckPath
      functionsRuntimeScaleMonitoringEnabled
      websiteTimeZone
      minimumElasticInstanceCount
      publicNetworkAccess
    }
    trafficManagerHostNames
    scmSiteAlsoStopped
    targetSwapSlot
    hostingEnvironmentProfile {
      id
    }
    clientAffinityEnabled
    clientCertEnabled
    clientCertMode
    clientCertExclusionPaths
    hostNamesDisabled
    customDomainVerificationId
    outboundIpAddresses
    possibleOutboundIpAddresses
    containerSize
    dailyMemoryTimeQuota
    suspendedTill
    maxNumberOfWorkers
    resourceGroupId
    isDefaultContainer
    defaultHostName
    httpsOnly
    redundancyMode
    inProgressOperationId
    storageAccountRequired
    keyVaultReferenceIdentity
    virtualNetworkSubnetId
    appServicePlan{
      id
      name
      type
      kind
      subscriptionId
      region
      resourceGroup {
        id
      }
      skuDescription{
        name
        tier
        size
        family
        capacity
        skuCapacity{
          minimum
          maximum
          elasticMaximum
          default
          scaleType
        }
        locations
        capabilities{
          id
          name
          value
          reason
        }
      }
      workerTierName
      status
      subscription
      maximumNumberOfWorkers
      geoRegion
      perSiteScaling
      elasticScaleEnabled
      maximumElasticWorkerCount
      numberOfSites
      isSpot
      spotExpirationTime
      freeOfferExpirationTime
      resourceGroupId
      reserved
      isXenon
      hyperV
      targetWorkerCount
      targetWorkerSizeId
      provisioningState
      zoneRedundant
      appServiceWebApps{
        id
        # Other fields and connections here...
      }
      resourceGroup{
        id
        # Other fields and connections here...
      }
      tags{
        id
        key
        value
      }
    }
    resourceGroup{
      id
      name
      type
      kind
      subscriptionId
      region
      managedBy
      disks {
        id
        # Other fields and connections here...
      }
      dns {
        id
        # Other fields and connections here...
      }
      firewalls {
        id
        # Other fields and connections here...
      }
      functionApps {
        id
        # Other fields and connections here...
      }
      keyVaults {
        id
        # Other fields and connections here...
      }
      networkInterfaces {
        id
        # Other fields and connections here...
      }
      publicIps {
        id
        # Other fields and connections here...
      }
      securityGroups {
        id
        # Other fields and connections here...
      }
      storageAccounts {
        id
        # Other fields and connections here...
      }
      storageContainers {
        id
        # Other fields and connections here...
      }
      virtualMachines {
        id
        # Other fields and connections here...
      }
      virtualNetworks {
        id
        # Other fields and connections here...
      }
      tags{
        id
        key
        value
      }
    }
    storageAccounts{
      id
      name
      type
      kind
      subscriptionId
      region
      resourceGroup {
        id
      }
      extendedLocationName
      extendedLocationType
      provisioningState
      primaryEndpoints{
        blob
        queue
        table
        file
        web
        dfs
      }
      primaryMicrosoftEndpoints {
        blob
        queue
        table
        file
        web
        dfs
      }
      primaryInternetEndpoints{
        blob
        file
        web
        dfs
      }
      primaryLocation
      statusOfPrimary
      lastGeoFailoverTime
      secondaryLocation
      statusOfSecondary
      customDomainName
      customDomainUseSubDomainName
      sasPolicyExpirationPeriod
      keyPolicyExpirationPeriodInDays
      keyCreationTimeKey1
      keyCreationTimeKey2
      encryptionServiceBlob{
        enabled
        lastEnabledTime
        keyType
      }
      encryptionServiceFile{
        enabled
        lastEnabledTime
        keyType
      }
      encryptionServiceTable{
        enabled
        lastEnabledTime
        keyType
      }
      encryptionServiceQueue{
        enabled
        lastEnabledTime
        keyType
      }
      encryptionKeySource
      encryptionRequireInfrastructureEncryption
      encryptionKeyVaultPropertyKeyName
      encryptionKeyVaultPropertyKeyVersion
      encryptionKeyVaultPropertyKeyVaultUri
      encryptionKeyVaultPropertyCurrentVersionedKeyIdentifier
      encryptionKeyVaultPropertyLastKeyRotationTimestamp
      encryptionUserAssignedIdentity
      accessTier
      azureFilesIdentityBasedAuthenticationDirectoryServiceOptions
      azureFilesIdentityBasedAuthenticationADProperties{
        domainName
        netBiosDomainName
        forestName
        domainGuid
        domainSid
        azureStorageSid
      }
      enableHttpsTrafficOnly
      networkRuleSetByPass
      networkRuleResourceAccessRules {
        id
        tenantId
        resourceId
      }
      networkRuleVirtualNetworkRules {
        id
        virtualNetworkResourceId
        action
        state
      }
      networkRuleIpRules{
        id
        iPAddressOrRange
        action
      }
      networkRuleSetDefaultAction
      isHnsEnabled
      geoReplicationStatsStatus
      geoReplicationStatsLastSyncTime
      geoReplicationStatsCanFailover
      failoverInProgress
      largeFileSharesState
      privateEndpointConnections{
        id
        privateEndpointId
        privateLinkServiceConnectionStateStatus
        privateLinkServiceConnectionStateDescription
        privateLinkServiceConnectionStateActionRequired
        provisioningState
      }
      routingPreferenceChoice
      routingPreferencePublishMicrosoftEndpoints
      routingPreferencePublishInternetEndpoints
      allowBlobPublicAccess
      minimumTlsVersion
      allowSharedKeyAccess
      enableNfsV3
      resourceGroup {
        id
        # Other fields and connections here...
      }
      storageContainers {
        id
        # Other fields and connections here...
      }
      tags{
        id
        key
        value
      }
    }
  }
}


References

Dgraph documentation on querying

Azure App Service Environment Documentation

Updated 03 Mar 2023
Did this page help you?
Yes
No
PREVIOUS
App Service Plan
NEXT
AuthRoleAssignment
Docs powered by archbee 
TABLE OF CONTENTS
Overview
Filtering
Advanced Filtering
Ordering
Aggregation
Examples
Kitchen Sink
References