Hi there. I have a problem with setting up firewall rules for our PostgreSQL flexible server. I have a maven task in my Azure DevOps pipeline which connects to the mentioned above DB server. We use Microsoft-hosted pipeline agents.
Our security policy presumes strict firewall rules with explicit IP ranges. IP ranges according to the information here: https://learn.microsoft.com/en-us/azure/devops/organizations/security/allow-list-ip-url?view=azure-devops&tabs=IP-V4https://learn.microsoft.com/en-us/azure/devops/organizations/security/allow-list-ip-url?view=azure-devops&tabs=IP-V4 and here: https://www.microsoft.com/en-us/download/details.aspx?id=56519 don't help - the connection can't be established. Only checking the checkbox "Allow public access from any Azure service within Azure to this server" allows those connections to succeed.
The region where the SQL server runs is West Europe. I've added the corresponding IP range also for North Europe, because the documentation says that West Europe sometimes uses France geo as the fallback one. But those ranges still don't work.
I've added logging the internal and external IP addresses for the jobs in DevOps pipeline which connect to the DB server and they change all the time - there is no fixed range.
Another problem is that the firewall logs are not present although I've activated all logs inside the Diagnostic Settings menu for the PostgreSQL flexible server. Without these logs I can't see which IP addresses are used in order to connect to this server from Azure DevOps agents.
Could you please give some hints or advice on how to resolve this issue? Either which IP range to use or how to find out which IP address contacts the DB server each time ?