hands-on lab

Securing Azure Container Apps With Private Endpoints and Application Gateway

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

Azure Container Apps is an Azure service that allows you to deploy and manage containers without having to manage the underlying infrastructure. While using the Container Apps service, it's important to understand the importance of securing the communication of the application instance so that you are not exposing it to the internet without a proper communication mechanism.

With Private Endpoints, the traffic between Container Apps and other Azure services remains within the Azure network, eliminating the need to expose your application to the public internet. By combining Azure Container Apps, Private Endpoints, and Application Gateway, you can create a secure and scalable architecture for hosting your containerized applications. This not only protects your application and data but also provides you with greater control over network traffic and enhanced performance.

Learn how to secure the communication of an Azure Container Apps instance using a private endpoint and an Application Gateway in this hands-on lab.

Learning Objectives

Upon completion of this advanced-level lab, you will be able to:

  • Create an Application Gateway instance
  • Configure the Application Gateway to use the private link
  • Create a Private DNS zone for an Azure Container Apps instance
  • Test the communication of the Azure Container Apps instance

Intended Audience

  • Candidates for the Azure DevOps Exam (AZ-400)
  • Cloud Architects
  • Data Engineers
  • DevOps Engineers
  • Software Engineers


Familiarity with the following will be beneficial but is not required:

  • Azure Container Apps
  • Azure Application Gateway
  • Azure Private Link
  • Azure Private DNS Zones

The following content can be used to fulfill the prerequisites:

Environment before

Environment after

About the author
Learning paths

Parveen is an Azure advocate with previous experience in the professional consulting services industries. He specializes in infrastructure and DevOps with a wide range of knowledge in security and access management. He is also an Azure Certified - DevOps Engineer Expert, Security Engineer, Developer Associate, Administrator Associate, CompTIA Certified - Network+, Security+, and AWS Cloud Practitioner.
Parveen enjoys writing about cloud technologies and sharing the knowledge with the community to help students upskill in the cloud.

Covered topics
Lab steps
Logging in to the Microsoft Azure Portal
Creating an Azure Application Gateway V2 With Private Link
Creating an Azure Private DNS for Container Apps Environment
Validating Application Gateway Endpoint Health and Private Link Traffic