Powershill script to add network restriction

Abduazim Sobitov 101 Reputation points


I writing a script as part IaC, where I have to add subnets to as networking restrictions in Azure Webapp. We have number of app services and each app service has individual subnets. My script should add all subnets into each app service. My issue is I don't know how to loop subnets so it will add all of them into each app service. Shall somehow increment it or create another nested for each loop.

$apps = @('trustledger','librarian','statements-document','statement-docmosis','statements-reporting','publicapi', 'payment-consumer', 'address', 'rules','worker','common','caouser','comms','mailroom','docgen-browserless','payment','graphqldocuments','workflow','graphql','property','user','property-consumer','docgen','docmosis','docgen-consumer','reporting','template-generator','document','statement')  
$env = 'test'  
$region = 'aue'  
ForEach ($app in $apps) {  
    az webapp config access-restriction add -g "kol-$($env)-$($region)-apps-rg" -n "kol-$($env)-$($region)-$($app)-net6-app" --rule-name "Allow_$($app)"  --action Allow --vnet-name "kol-$($env)-$($region)-vnet" --subnet "$($app)-subnet" --vnet-resource-group kol-$($env)-$($region)-network-rg --priority 300  

Thanks for help

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,048 questions
0 comments No comments
{count} votes

Accepted answer
  1. VenkateshDodda-MSFT 19,301 Reputation points Microsoft Employee

    @Abduazim Sobitov Thank you for reaching out to Microsoft Q&A. Based on the above shared information We have understood that you have multiple app services and multiple subnets in a single Vnet under a single resource group.

    Using PowerShell script, you want to create access restriction rules to every individual app with all the subnets in that particular Vnet. I have written the below script

    $resourcegroup="<ResourceGroupName>" #Resource Group Name  
    $appList= Get-AzWebApp -ResourceGroupName $resourcegroup #list all webapp in that particular resource group  
    $virtualNetwork= Get-AzVirtualNetwork -ResourceGroupName $resourcegroup  #list all the virtual network in that resource group  
    foreach( $item in $appList.name){  
    foreach( $subnet in $virtualNetwork.Subnets.name){  
     az webapp config access-restriction add -g $resourcegroup -n $item --rule-name "Allow_$($item)" --action Allow --vnet-name $virtualNetwork.Name --subnet $subnet --vnet-resource-group $resourcegroup --priority 300  

    I have tested the above script it is working from my end, and I would suggest you validate from your end as well.

    Here is the sample output screenshot Post running the above script:


    Feel free to reach back to me if you have any further questions on this.

    0 comments No comments

0 additional answers

Sort by: Most helpful