Regarding Azure Rest Api functionalties

Ananya Sarkar 311 Reputation points
2020-12-15T07:10:46.333+00:00

Hi,

Can we do the following operations through Azure Rest Api call?

  1. Vnet peering
  2. Create log analytics workspace and add it to a FW/NSG
  3. Create storage account & add it to a FW/NSG?
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
667 questions
0 comments No comments
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 49,606 Reputation points Microsoft Employee
    2020-12-15T11:26:13.01+00:00

    Hello @Ananya Sarkar ,

    Please find below the articles for your requested operations through Azure Rest Api call:

    Creating Vnet peering : https://learn.microsoft.com/en-us/rest/api/virtualnetwork/virtualnetworkpeerings/createorupdate

    Creating log analytics workspace : https://learn.microsoft.com/en-us/rest/api/loganalytics/workspaces/createorupdate
    Adding log analytics workspace to NSG : https://learn.microsoft.com/en-us/rest/api/virtualnetwork/networksecuritygroups/createorupdate
    Adding Firewall to log analytics workspace : Not available.

    Creating Storage account : https://learn.microsoft.com/en-us/rest/api/storagerp/storageaccounts/create
    Adding NSG to Storage account - Not possible. Azure Storage Services are not part of a Virtual Network. So what did you refer as adding NSG to Storage?
    Adding Firewall to Storage : Could you please provide clarity on this requirement?

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


1 additional answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,606 Reputation points Microsoft Employee
    2020-12-16T09:15:48.433+00:00

    Hello @Ananya Sarkar ,

    Each Azure resource requires its own diagnostic setting, which defines the following criteria:

    1. Categories of logs and metric data sent to the destinations defined in the setting. The available categories will vary for different resource types.
    2. One or more destinations to send the logs. Current destinations include Log Analytics workspace, Event Hubs, and Azure Storage.

    And these diagnostic settings can be created/enabled by using Azure Portal/Azure PowerShell/Azure CLI/ARM Template/Rest API/Azure Policy.
    Please refer : https://learn.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-settings

    To create or update diagnostic settings for a specified resource via Azure Rest API, you can refer the below article:
    https://learn.microsoft.com/en-us/rest/api/monitor/diagnosticsettings/createorupdate

    The resourceUri will be the identifier of the resource on which you want to enable diagnostic settings. It could be your NSG or Azure Firewall.
    And in the request body, you can define the below:

    1. properties.storageAccountId : The resource ID of the storage account to which you would like to send Diagnostic Logs.
    2. properties.workspaceId : The full ARM resource ID of the Log Analytics workspace to which you would like to send Diagnostic Logs.

    NOTE : The resource ID of any Azure resource can be found in the Properties tab of that resource in Azure portal.

    Hope this helps!

    Regards,
    Gita

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.