Add-AzureRmKeyVaultNetworkRule
新增規則,以根據用戶端的因特網位址限制對金鑰保存庫的存取。
警告
自 2024 年 2 月 29 日起,AzureRM PowerShell 模組已正式淘汰。 建議使用者從 AzureRM 遷移至 Az PowerShell 模組,以確保持續支援和更新。
雖然 AzureRM 模組可能仍可運作,但不再維護或支援它,但會根據用戶的判斷權和風險放置任何繼續使用。 如需轉換至 Az 模組的指引,請參閱我們的 移轉資源 。
Syntax
Add-AzureRmKeyVaultNetworkRule
[-VaultName] <String>
[[-ResourceGroupName] <String>]
[-IpAddressRange <String[]>]
[-VirtualNetworkResourceId <String[]>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Add-AzureRmKeyVaultNetworkRule
[-InputObject] <PSKeyVault>
[-IpAddressRange <String[]>]
[-VirtualNetworkResourceId <String[]>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Add-AzureRmKeyVaultNetworkRule
[-ResourceId] <String>
[-IpAddressRange <String[]>]
[-VirtualNetworkResourceId <String[]>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Add-AzureRmKeyVaultNetworkRule Cmdlet 會將密鑰保存庫的存取權授與或限制為其 IP 位址或其所屬虛擬網路所指定的一組呼叫者。 此規則有可能限制已透過存取原則授與許可權的其他使用者、應用程式或安全組的存取權。
範例
範例 1
PS C:\> $frontendSubnet = New-AzureRmVirtualNetworkSubnetConfig -Name frontendSubnet -AddressPrefix "10.0.1.0/24" -ServiceEndpoint Microsoft.KeyVault
PS C:\> $virtualNetwork = New-AzureRmVirtualNetwork -Name myVNet -ResourceGroupName myRG -Location westus -AddressPrefix "10.0.0.0/16" -Subnet $frontendSubnet
PS C:\> $myNetworkResId = (Get-AzureRmVirtualNetwork -Name myVNet -ResourceGroupName myRG).Subnets[0].Id
PS C:\> Add-AzureRmKeyVaultNetworkRule -VaultName myvault -IpAddressRange "10.0.1.0/24" -VirtualNetworkResourceId $myNetworkResId -PassThru
Vault Name : myvault
Resource Group Name : myRG
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myRG/providers
/Microsoft.KeyVault/vaults/myvault
Vault URI : https://myvault.vault.azure.net/
Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
SKU : Standard
Enabled For Deployment? : True
Enabled For Template Deployment? : True
Enabled For Disk Encryption? : False
Soft Delete Enabled? : True
Access Policies :
Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
Object ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
Application ID :
Display Name : User Name (username@microsoft.com)
Permissions to Keys : get, create, delete, list, update,
import, backup, restore, recover
Permissions to Secrets : get, list, set, delete, backup,
restore, recover
Permissions to Certificates : get, delete, list, create, import,
update, deleteissuers, getissuers, listissuers, managecontacts, manageissuers,
setissuers, recover
Permissions to (Key Vault Managed) Storage : delete, deletesas, get, getsas, list,
listsas, regeneratekey, set, setsas, update
Network Rule Set :
Default Action : Allow
Bypass : AzureServices
IP Rules : 10.0.1.0/24
Virtual Network Rules : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-
xxxxxxxxxxxxx/resourcegroups/myRG/providers/microsoft.network/virtualnetworks/myvn
et/subnets/frontendsubnet
Tags :此命令會將網路規則新增至指定的保存庫,允許從$myNetworkResId所識別的虛擬網路存取指定的IP位址。
參數
-Confirm
執行 Cmdlet 之前先提示您確認。
| 類型: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
用於與 Azure 通訊的認證、帳戶、租用戶和訂用帳戶。
| 類型: | IAzureContextContainer |
| Aliases: | AzureRmContext, AzureCredential |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
KeyVault 物件
| 類型: | PSKeyVault |
| Position: | 0 |
| 預設值: | None |
| 必要: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-IpAddressRange
指定網路規則允許的網路IP位址範圍。
| 類型: | String[] |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
此 Cmdlet 預設不會傳回 物件。 如果指定此參數,則會傳回更新的金鑰保存庫物件。
| 類型: | SwitchParameter |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceGroupName
指定與正在修改網路規則之金鑰保存庫相關聯的資源組名。
| 類型: | String |
| Position: | 1 |
| 預設值: | None |
| 必要: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceId
KeyVault 資源標識碼
| 類型: | String |
| Position: | 0 |
| 預設值: | None |
| 必要: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-VaultName
指定正在修改網路規則的金鑰儲存庫名稱。
| 類型: | String |
| Position: | 0 |
| 預設值: | None |
| 必要: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-VirtualNetworkResourceId
指定網路規則允許的虛擬網路資源識別碼。
| 類型: | String[] |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
顯示執行 Cmdlet 後會發生的情況。 未執行 Cmdlet。
| 類型: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |