Azure DevOps Pipeline Agent IP address range for firewall rules

Paruta, Taras 0 Reputation points
2024-02-28T09:29:36.6233333+00:00

Hi there. I have a problem with setting up firewall rules for our PostgreSQL flexible server. I have a maven task in my Azure DevOps pipeline which connects to the mentioned above DB server. We use Microsoft-hosted pipeline agents.

Our security policy presumes strict firewall rules with explicit IP ranges. IP ranges according to the information here: https://learn.microsoft.com/en-us/azure/devops/organizations/security/allow-list-ip-url?view=azure-devops&tabs=IP-V4https://learn.microsoft.com/en-us/azure/devops/organizations/security/allow-list-ip-url?view=azure-devops&tabs=IP-V4 and here: https://www.microsoft.com/en-us/download/details.aspx?id=56519 don't help - the connection can't be established. Only checking the checkbox "Allow public access from any Azure service within Azure to this server" allows those connections to succeed.

The region where the SQL server runs is West Europe. I've added the corresponding IP range also for North Europe, because the documentation says that West Europe sometimes uses France geo as the fallback one. But those ranges still don't work.

I've added logging the internal and external IP addresses for the jobs in DevOps pipeline which connect to the DB server and they change all the time - there is no fixed range.

Another problem is that the firewall logs are not present although I've activated all logs inside the Diagnostic Settings menu for the PostgreSQL flexible server. Without these logs I can't see which IP addresses are used in order to connect to this server from Azure DevOps agents.

Could you please give some hints or advice on how to resolve this issue? Either which IP range to use or how to find out which IP address contacts the DB server each time ?

Azure Database for PostgreSQL
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. ShaktiSingh-MSFT 15,056 Reputation points
    2024-02-29T03:50:29.9966667+00:00

    Hi Paruta, Taras •,

    Welcome to the MS Q&A platform.

    The query posted by you is not supported in the Q&A forum. I would request you post your query in the Azure DevOps forum

    This will assist you with a faster reply to your query.

    Hope this will help.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.