Share via

Powershill script to add network restriction

Abduazim Sobitov 101 Reputation points
2022-09-28T21:56:03.87+00:00

Hi,

I writing a script as part IaC, where I have to add subnets to as networking restrictions in Azure Webapp. We have number of app services and each app service has individual subnets. My script should add all subnets into each app service. My issue is I don't know how to loop subnets so it will add all of them into each app service. Shall somehow increment it or create another nested for each loop. 

$apps = @('trustledger','librarian','statements-document','statement-docmosis','statements-reporting','publicapi', 'payment-consumer', 'address', 'rules','worker','common','caouser','comms','mailroom','docgen-browserless','payment','graphqldocuments','workflow','graphql','property','user','property-consumer','docgen','docmosis','docgen-consumer','reporting','template-generator','document','statement')  
$env = 'test'  
$region = 'aue'  
  
  
ForEach ($app in $apps) {  
      
    az webapp config access-restriction add -g "kol-$($env)-$($region)-apps-rg" -n "kol-$($env)-$($region)-$($app)-net6-app" --rule-name "Allow_$($app)"  --action Allow --vnet-name "kol-$($env)-$($region)-vnet" --subnet "$($app)-subnet" --vnet-resource-group kol-$($env)-$($region)-network-rg --priority 300  
      
}

Thanks for help

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,407 questions
0 comments
Accepted answer
  1. VenkateshDodda-MSFT 19,646 Reputation points Microsoft Employee
    2022-09-29T14:15:15.09+00:00

    @Abduazim Sobitov Thank you for reaching out to Microsoft Q&A. Based on the above shared information We have understood that you have multiple app services and multiple subnets in a single Vnet under a single resource group.

    Using PowerShell script, you want to create access restriction rules to every individual app with all the subnets in that particular Vnet. I have written the below script 

    $resourcegroup="<ResourceGroupName>" #Resource Group Name  
$appList= Get-AzWebApp -ResourceGroupName $resourcegroup #list all webapp in that particular resource group  
  
$virtualNetwork= Get-AzVirtualNetwork -ResourceGroupName $resourcegroup  #list all the virtual network in that resource group  
  
foreach( $item in $appList.name){  
  
foreach( $subnet in $virtualNetwork.Subnets.name){  
    
 az webapp config access-restriction add -g $resourcegroup -n $item --rule-name "Allow_$($item)" --action Allow --vnet-name $virtualNetwork.Name --subnet $subnet --vnet-resource-group $resourcegroup --priority 300  
   
}  
}

    I have tested the above script it is working from my end, and I would suggest you validate from your end as well.

    Here is the sample output screenshot Post running the above script:

    246048-image.png

    Feel free to reach back to me if you have any further questions on this.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest