DEV Community: Stiven Castro The latest articles on DEV Community by Stiven Castro (@bcastrom9005). https://dev.to/bcastrom9005 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F578164%2Fbcc3a676-e590-49a6-bf4a-ae04391ee0d3.jpg DEV Community: Stiven Castro https://dev.to/bcastrom9005 en Add Network Restrictions to Azure App Services using Powershell Stiven Castro Sat, 13 Feb 2021 17:04:19 +0000 https://dev.to/bcastrom9005/add-network-restrictions-to-azure-app-services-using-powershell-3m8o https://dev.to/bcastrom9005/add-network-restrictions-to-azure-app-services-using-powershell-3m8o <p>Executing tasks directly in the Azure Portal sometimes needs more time than expected due to in some resources configuration parameters only can be set one by one.</p> <p>This is the case when it is necessary to configure <strong>network restrictions</strong> to an App Service after it is deployed, you only can set 1 rule at a time.</p> <p><a href="https://docs.microsoft.com/en-us/powershell/module/az.resourcegraph/?view=azps-5.5.0" rel="noopener noreferrer">Azure Powershell</a> provides cmdlets that help to manage our resources faster and effectively.</p> <p>In this case, we will see how to configure in an App Service several network restriction rules when they belong to a different network segment using an Azure Powershell function.</p> <h4> Requierements </h4> <p>To start coding first we will need some information that will be used in our PowerShell runbook:</p> <ul> <li>The subscription name and tenant Id where our App Service is hosted</li> <li>The resources group that contains our App Service</li> <li>The App Service name</li> </ul> <h3> Login </h3> <p>Connect to our Azure Account:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="nv">$SubscriptionName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">'Your_Subscription_Name'</span><span class="w"> </span><span class="nv">$TenantId</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">'Your_Tenant_Id'</span><span class="w"> </span><span class="n">Connect-AzAccount</span><span class="w"> </span><span class="nt">-SubscriptionName</span><span class="w"> </span><span class="nv">$SubscriptionName</span><span class="w"> </span><span class="nt">-TenantId</span><span class="w"> </span><span class="nv">$TenantId</span><span class="w"> </span></code></pre> </div> <h3> Define Variables </h3> <p>Define the variables to pass to the function like the Resource Group, the App Service name, and the number of the priority we want to give to the first rule of the set we are creating.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="nv">$ResourceGroup</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Resrouce_Group_Name"</span><span class="w"> </span><span class="nv">$WebappName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"App_Service_Name"</span><span class="w"> </span><span class="nv">$RuleName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">'Your_Rule_Name'</span><span class="w"> </span><span class="nv">$RulePriority</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span></code></pre> </div> <h3> Create the Function </h3> <p>To avoid executing many times the PowerShell runbook, we will create a buckle that will create the Network Restriction Rules in our App Service<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="kr">Function</span><span class="w"> </span><span class="nf">NetworkRestrictions</span><span class="w"> </span><span class="p">(</span><span class="nv">$IpAddress</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">[</span><span class="n">String</span><span class="p">]</span><span class="nv">$IPAddress</span><span class="p">,</span><span class="w"> </span><span class="p">[</span><span class="n">String</span><span class="p">]</span><span class="nv">$ResourceGroup</span><span class="p">,</span><span class="w"> </span><span class="p">[</span><span class="n">String</span><span class="p">]</span><span class="nv">$WebappName</span><span class="p">,</span><span class="w"> </span><span class="p">[</span><span class="n">String</span><span class="p">]</span><span class="nv">$RuleName</span><span class="p">,</span><span class="w"> </span><span class="p">[</span><span class="n">Int</span><span class="p">]</span><span class="nv">$RulePriority</span><span class="w"> </span><span class="n">Add-AzWebAppAccessRestrictionRule</span><span class="w"> </span><span class="nt">-ResourceGroupName</span><span class="w"> </span><span class="nv">$ResourceGroup</span><span class="w"> </span><span class="nt">-WebAppName</span><span class="w"> </span><span class="nv">$WebappName</span><span class="w"> </span><span class="se">` </span><span class="nt">-Name</span><span class="w"> </span><span class="nv">$RuleName</span><span class="w"> </span><span class="nt">-Priority</span><span class="w"> </span><span class="nv">$RulePriority</span><span class="w"> </span><span class="nt">-Action</span><span class="w"> </span><span class="nx">Allow</span><span class="w"> </span><span class="nt">-IpAddress</span><span class="w"> </span><span class="nv">$IPAddress</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">(</span><span class="s1">'IP_1'</span><span class="p">,</span><span class="s1">'IP_2'</span><span class="p">,</span><span class="s1">'IP_3'</span><span class="p">,</span><span class="s1">'IP_n'</span><span class="p">)</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="kr">foreach</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">NetworkRestrictions</span><span class="w"> </span><span class="bp">$_</span><span class="w"> </span><span class="nv">$RulePriority</span><span class="o">++</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Conclusion </h3> <ul> <li><p>We are now able to create several Network Restrictions to an App Services instead of configuring one by one</p></li> <li><p>We will save time because set one rule at a time using the Azure Portal will be slower</p></li> <li><p>We see how useful and powerful are the azure PowerShell modules.</p></li> </ul> powershell azure appservices