You can only use SQL for database level firewall rules, but you can execute SQL from PowerShell.
Can you recommend the best/simplest way to regularly audit the IP Address Whitelists of the following Azure Resources: API Gateway, Storage Account, Function App, SQL Server/DBs
What is the simplest approach to auditing the IP Address Whitelists for the following Azure resources: API Gateways, Function Apps, Storage Accounts, and SQL Databases/Servers?
We control access to those Azure Resources to an approved list of IP Addresses. We want to regularly check those lists and compare them to a baseline.
My original idea was to write a Powershell script that queried all of those resources' Whitelists and comparing to my approved list. But now I find that there's no Powershell script to query Database level firewall rules, only servers. I can use T-SQL, but I wanted to keep it simple and use a single tool.
Is there another tool that would make that simpler? Or another way to use Powershell to gather all that info? I had also considered using LogAnalytics to alert support if a log that would create or modify those firewall comes through any of those resources.
Can anyone offer a different approach that I may be missing? Or a modification on my current approach that would minimize "the administrative overhead" of this activity?
4 answers
Sort by: Most helpful
-
-
FredFred 1 Reputation point
2020-06-03T22:36:44.227+00:00 Is there an existing solution for testing this sort of thing regularly? Without having to build the entire solution myself? Surely there are others trying to audit their IP Address Whitelists.
-
Jaguaraci Silva 81 Reputation points
2020-09-25T16:50:51.257+00:00 Hi,
use Azure Cloud shell for running a single script file:
1) you can create security groups by application and filter the network traffic by client IP using a whitelist -> https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic-cli
2) connect to Azure databases using database command prompt (e.g. sqlcmd) and execute sp_set_database_firewall_rule to set firewall rules on database.
-
AdrianaNascimento-6675 1 Reputation point
2022-11-25T16:48:39.087+00:00 prezados, estou a conta sendo usada por 3[ pessoa peço critério are que revela-se: asn