App Service Web App
Note: if you are running CloudGraph locally you can view the interactive, automatically generated documentation in either GraphQL Playground or Altair by clicking the docs button on the right-hand side of the screen. After reading the below information we highly suggest you use one of these tools to test your queries as they will autocomplete fields for you and let you know if your queries are valid before you even submit them.
You can currently query the following attributes and connections on an Azure App Service Web App
query { queryazureAppServiceWebApp{ id name type kind subscriptionId region state hostNames repositorySiteName usageState enabled enabledHostNames availabilityState hostNameSslStates{ id name sslState ipBasedSslResult ipBasedSslState virtualIP thumbprint toUpdate toUpdateIpBasedSsl hostType } serverFarmId reserved isXenon hyperV lastModifiedTimeUtc siteConfig{ numberOfWorkers defaultDocuments netFrameworkVersion phpVersion pythonVersion nodeVersion powerShellVersion linuxFxVersion windowsFxVersion requestTracingEnabled requestTracingExpirationTime remoteDebuggingEnabled remoteDebuggingVersion httpLoggingEnabled acrUseManagedIdentityCreds acrUserManagedIdentityID logsDirectorySizeLimit detailedErrorLoggingEnabled publishingUsername appSettings{ id name value } connectionStrings{ id name connectionString type } documentRoot scmType use32BitWorkerProcess webSocketsEnabled alwaysOn javaVersion javaContainer javaContainerVersion appCommandLine managedPipelineMode virtualApplications{ id virtualPath physicalPath preloadEnabled virtualDirectories{ id virtualPath physicalPath } } loadBalancing limits{ maxPercentageCpu maxMemoryInMb maxDiskSizeInMb } autoHealEnabled tracingOptions vnetName vnetRouteAllEnabled vnetPrivatePortsCount cors{ allowedOrigins supportCredentials } isPushEnabled apiDefinitionInfoUrl apiManagementConfigId autoSwapSlotName localMySqlEnabled managedServiceIdentityId xManagedServiceIdentityId keyVaultReferenceIdentity scmIpSecurityRestrictionsUseMain http20Enabled http20ProxyFlag minTlsVersion scmMinTlsVersion ftpsState preWarmedInstanceCount functionAppScaleLimit healthCheckPath functionsRuntimeScaleMonitoringEnabled websiteTimeZone minimumElasticInstanceCount publicNetworkAccess } trafficManagerHostNames scmSiteAlsoStopped targetSwapSlot hostingEnvironmentProfile { id } clientAffinityEnabled clientCertEnabled clientCertMode clientCertExclusionPaths hostNamesDisabled customDomainVerificationId outboundIpAddresses possibleOutboundIpAddresses containerSize dailyMemoryTimeQuota suspendedTill maxNumberOfWorkers resourceGroupId isDefaultContainer defaultHostName httpsOnly redundancyMode inProgressOperationId storageAccountRequired keyVaultReferenceIdentity virtualNetworkSubnetId appServicePlan{ id # Other fields and connections here... } resourceGroup{ id # Other fields and connections here... } storageAccounts{ id # Other fields and connections here... } tags{ id key value } } }
Get data for a single Azure App Service Web App key that you know the ID for:
query { getazureAppServiceWebApp(id: "12345") { id # Other fields and connections here... } }
Get data for all of the App Service Web Apps in a certain Azure subscription:
query { queryazureAppServiceWebApp(filter: { subscriptionId: { eq: "12345" } }) { id # Other fields and connections here... } } # Note that in addition to "subscriptionId" you can # Filter based on any of the following attributes: # id # name # type # kind # region # resourceGroup # state # hostNames # repositorySiteName # usageState # enabled # enabledHostNames # availabilityState # serverFarmId # reserved # isXenon # hyperV # lastModifiedTimeUtc # trafficManagerHostNames # scmSiteAlsoStopped # targetSwapSlot # hostingEnvironmentProfile: azureOptionalResource # clientAffinityEnabled # clientCertEnabled # clientCertMode # clientCertExclusionPaths # hostNamesDisabled # customDomainVerificationId # outboundIpAddresses # possibleOutboundIpAddresses # containerSize # dailyMemoryTimeQuota # suspendedTill # maxNumberOfWorkers # resourceGroupId # isDefaultContainer # defaultHostName # httpsOnly # redundancyMode # inProgressOperationId # storageAccountRequired # keyVaultReferenceIdentity # virtualNetworkSubnetId # And the following Dgraph filters can also be applied: # has # and # or # not # regexp (regular expressions) # fulltext filters # alloftext # anyoftext
Get data for all of the App Service Web Apps that are NOT in a certain Azure subscription:
query { queryazureAppServiceWebApp(filter: { not: { subscriptionId: { eq: "12345" } } }) { id # Other fields and connections here... } }
Get data for all of the App Service Web Apps that are connected to a storageAccount:
query { queryazureAppServiceWebApp(filter: { has: storageAccounts }) { id # Other fields and connections here... } } # Note that in addition to "storageAccounts" you can filter # Using "has" based on any of the following attributes: # tags
You can order the results you get back either asc or desc depending on your preference:
query { queryazureAppServiceWebApp(order: { desc: name }) { id # Other fields and connections here... } } # Note that in addition to "name" you can filter # Using "asc" or "desc" based on any of the following attributes: # id # type # kind # region # resourceGroup # state # hostNames # repositorySiteName # usageState # enabled # enabledHostNames # availabilityState # serverFarmId # reserved # isXenon # hyperV # lastModifiedTimeUtc # trafficManagerHostNames # scmSiteAlsoStopped # targetSwapSlot # hostingEnvironmentProfile: azureOptionalResource # clientAffinityEnabled # clientCertEnabled # clientCertMode # clientCertExclusionPaths # hostNamesDisabled # customDomainVerificationId # outboundIpAddresses # possibleOutboundIpAddresses # containerSize # dailyMemoryTimeQuota # suspendedTill # maxNumberOfWorkers # resourceGroupId # isDefaultContainer # defaultHostName # httpsOnly # redundancyMode # inProgressOperationId # storageAccountRequired # keyVaultReferenceIdentity # virtualNetworkSubnetId
Only select and return the first two App Service Web Apps that are found:
query { queryazureAppServiceWebApp(first: 2, order: { desc: name }) { id # Other fields and connections here... } }
Only select and return the first two App Service Web Apps that are found, but offset by one so keys two & three are returned:
query { queryazureAppServiceWebApp(first: 2, order: { desc: name }, offset: 1) { id # Other fields and connections here... } }
Count the number of App Service Web Apps across all scanned Azure subscriptions:
query { aggregateazureAppServiceWebApp { count # Other fields and connections here... } } # Note that in addition to "count" you can request the # Following min and max values based on attributes of your App Service Web Apps: # idMin # idMax # nameMin # nameMax # typeMin # typeMax # kindMin # kindMax # subscriptionIdMin # subscriptionIdMax # regionMin # regionMax # stateMin # stateMax # repositorySiteNameMin # repositorySiteNameMax # usageStateMin # usageStateMax # availabilityStateMin # availabilityStateMax # serverFarmIdMin # serverFarmIdMax # lastModifiedTimeUtcMin # lastModifiedTimeUtcMax # targetSwapSlotMin # targetSwapSlotMax # clientCertModeMin # clientCertModeMax # clientCertExclusionPathsMin # clientCertExclusionPathsMax # customDomainVerificationIdMin # customDomainVerificationIdMax # outboundIpAddressesMin # outboundIpAddressesMax # possibleOutboundIpAddressesMin # possibleOutboundIpAddressesMax # containerSizeMin # containerSizeMax # containerSizeSum # containerSizeAvg # dailyMemoryTimeQuotaMin # dailyMemoryTimeQuotaMax # dailyMemoryTimeQuotaSum # dailyMemoryTimeQuotaAvg # suspendedTillMin # suspendedTillMax # maxNumberOfWorkersMin # maxNumberOfWorkersMax # maxNumberOfWorkersSum # maxNumberOfWorkersAvg # resourceGroupIdMin # resourceGroupIdMax # defaultHostNameMin # defaultHostNameMax # redundancyModeMin # redundancyModeMax # inProgressOperationIdMin # inProgressOperationIdMax # keyVaultReferenceIdentityMin # keyVaultReferenceIdentityMax # virtualNetworkSubnetIdMin # virtualNetworkSubnetIdMax
Count the number of App Service Web Apps in a single account. Note that you can apply all of the same filters that are listed above to aggregate queries:
query { aggregateazureAppServiceWebApp(filter: { subscriptionId: { eq: "12345" } }) { count # Other fields and connections here... } }
Find all of the App Service Web Apps that are in the eastus region across all your accounts:
query { queryazureAppServiceWebApp(filter: { region: { eq: "eastus" } }) { id # Other fields and connections here... } }
Find all of the App Service Web Apps that have a tag of Environment:Production for a single Azure Subscription:
query { queryazureTag( filter: { key: { eq: "Environment" }, value: { eq: "Production" } } ) { appServiceWebApps(filter: { subscriptionId: { eq: "12345" } }) { id # Other fields and connections here... } } }
With CloudGraph you can run multiple queries at the same time so you can combine the above two queries if you like:
query { queryazureVirtualMachine(filter: { region: { eq: "eastus" } }) { id # Other fields and connections here... } queryazureTag( filter: { key: { eq: "Environment" }, value: { eq: "Production" } } ) { appServiceWebApps(filter: { subscriptionId: { eq: "12345" } }) { id # Other fields and connections here... } } }
Putting it all together; get all data for all App Service Web Apps across all regions for all scanned Azure subscriptions in a single query.
query { queryazureAppServiceWebApp{ id name type kind subscriptionId region state hostNames repositorySiteName usageState enabled enabledHostNames availabilityState hostNameSslStates{ id name sslState ipBasedSslResult ipBasedSslState virtualIP thumbprint toUpdate toUpdateIpBasedSsl hostType } serverFarmId reserved isXenon hyperV lastModifiedTimeUtc siteConfig{ numberOfWorkers defaultDocuments netFrameworkVersion phpVersion pythonVersion nodeVersion powerShellVersion linuxFxVersion windowsFxVersion requestTracingEnabled requestTracingExpirationTime remoteDebuggingEnabled remoteDebuggingVersion httpLoggingEnabled acrUseManagedIdentityCreds acrUserManagedIdentityID logsDirectorySizeLimit detailedErrorLoggingEnabled publishingUsername appSettings{ id name value } connectionStrings{ id name connectionString type } documentRoot scmType use32BitWorkerProcess webSocketsEnabled alwaysOn javaVersion javaContainer javaContainerVersion appCommandLine managedPipelineMode virtualApplications{ id virtualPath physicalPath preloadEnabled virtualDirectories{ id virtualPath physicalPath } } loadBalancing limits{ maxPercentageCpu maxMemoryInMb maxDiskSizeInMb } autoHealEnabled tracingOptions vnetName vnetRouteAllEnabled vnetPrivatePortsCount cors{ allowedOrigins supportCredentials } isPushEnabled apiDefinitionInfoUrl apiManagementConfigId autoSwapSlotName localMySqlEnabled managedServiceIdentityId xManagedServiceIdentityId keyVaultReferenceIdentity scmIpSecurityRestrictionsUseMain http20Enabled http20ProxyFlag minTlsVersion scmMinTlsVersion ftpsState preWarmedInstanceCount functionAppScaleLimit healthCheckPath functionsRuntimeScaleMonitoringEnabled websiteTimeZone minimumElasticInstanceCount publicNetworkAccess } trafficManagerHostNames scmSiteAlsoStopped targetSwapSlot hostingEnvironmentProfile { id } clientAffinityEnabled clientCertEnabled clientCertMode clientCertExclusionPaths hostNamesDisabled customDomainVerificationId outboundIpAddresses possibleOutboundIpAddresses containerSize dailyMemoryTimeQuota suspendedTill maxNumberOfWorkers resourceGroupId isDefaultContainer defaultHostName httpsOnly redundancyMode inProgressOperationId storageAccountRequired keyVaultReferenceIdentity virtualNetworkSubnetId appServicePlan{ id name type kind subscriptionId region resourceGroup { id } skuDescription{ name tier size family capacity skuCapacity{ minimum maximum elasticMaximum default scaleType } locations capabilities{ id name value reason } } workerTierName status subscription maximumNumberOfWorkers geoRegion perSiteScaling elasticScaleEnabled maximumElasticWorkerCount numberOfSites isSpot spotExpirationTime freeOfferExpirationTime resourceGroupId reserved isXenon hyperV targetWorkerCount targetWorkerSizeId provisioningState zoneRedundant appServiceWebApps{ id # Other fields and connections here... } resourceGroup{ id # Other fields and connections here... } tags{ id key value } } resourceGroup{ id name type kind subscriptionId region managedBy disks { id # Other fields and connections here... } dns { id # Other fields and connections here... } firewalls { id # Other fields and connections here... } functionApps { id # Other fields and connections here... } keyVaults { id # Other fields and connections here... } networkInterfaces { id # Other fields and connections here... } publicIps { id # Other fields and connections here... } securityGroups { id # Other fields and connections here... } storageAccounts { id # Other fields and connections here... } storageContainers { id # Other fields and connections here... } virtualMachines { id # Other fields and connections here... } virtualNetworks { id # Other fields and connections here... } tags{ id key value } } storageAccounts{ id name type kind subscriptionId region resourceGroup { id } extendedLocationName extendedLocationType provisioningState primaryEndpoints{ blob queue table file web dfs } primaryMicrosoftEndpoints { blob queue table file web dfs } primaryInternetEndpoints{ blob file web dfs } primaryLocation statusOfPrimary lastGeoFailoverTime secondaryLocation statusOfSecondary customDomainName customDomainUseSubDomainName sasPolicyExpirationPeriod keyPolicyExpirationPeriodInDays keyCreationTimeKey1 keyCreationTimeKey2 encryptionServiceBlob{ enabled lastEnabledTime keyType } encryptionServiceFile{ enabled lastEnabledTime keyType } encryptionServiceTable{ enabled lastEnabledTime keyType } encryptionServiceQueue{ enabled lastEnabledTime keyType } encryptionKeySource encryptionRequireInfrastructureEncryption encryptionKeyVaultPropertyKeyName encryptionKeyVaultPropertyKeyVersion encryptionKeyVaultPropertyKeyVaultUri encryptionKeyVaultPropertyCurrentVersionedKeyIdentifier encryptionKeyVaultPropertyLastKeyRotationTimestamp encryptionUserAssignedIdentity accessTier azureFilesIdentityBasedAuthenticationDirectoryServiceOptions azureFilesIdentityBasedAuthenticationADProperties{ domainName netBiosDomainName forestName domainGuid domainSid azureStorageSid } enableHttpsTrafficOnly networkRuleSetByPass networkRuleResourceAccessRules { id tenantId resourceId } networkRuleVirtualNetworkRules { id virtualNetworkResourceId action state } networkRuleIpRules{ id iPAddressOrRange action } networkRuleSetDefaultAction isHnsEnabled geoReplicationStatsStatus geoReplicationStatsLastSyncTime geoReplicationStatsCanFailover failoverInProgress largeFileSharesState privateEndpointConnections{ id privateEndpointId privateLinkServiceConnectionStateStatus privateLinkServiceConnectionStateDescription privateLinkServiceConnectionStateActionRequired provisioningState } routingPreferenceChoice routingPreferencePublishMicrosoftEndpoints routingPreferencePublishInternetEndpoints allowBlobPublicAccess minimumTlsVersion allowSharedKeyAccess enableNfsV3 resourceGroup { id # Other fields and connections here... } storageContainers { id # Other fields and connections here... } tags{ id key value } } } }

