farmer
farmer copied to clipboard
CompositionalIT
Storage account IP-rules
I cannot find a way to add "Storage Account -> Networking -> Firewall IpRules".
"type": "Microsoft.Storage/storageAccounts",
// <other properties cut here/>
"properties": {
// <other properties cut here/>
"networkAcls": {
// <other properties cut here/>
"ipRules": [
{
"value": "11.22.33.44",
"action": "Allow"
},
{
"value": "12.23.45.78",
"action": "Allow"
}
],
"defaultAction": "Deny"
},
"supportsHttpsTrafficOnly": true,
// <other properties cut here/>
}
This could be useful if you have already defined static IP-addresses by Farmer script and you wouldn't want to open a public storage.
This is supported:
storageAccount {
restrict_to_ip "11.22.33.44"
restrict_to_ip "12.23.45.78"
}
The supportsHttpsTrafficOnly isn't emitted but will default to true so unless you want it to allow HTTP, you should be good.
Thanks, it is undocumented: https://compositionalit.github.io/farmer/api-overview/resources/storage-account/
Also, I'd need to push there a list of just-deployed-VMs as ResourceId list, not a string of absolute address.
I apologize that is missing in the documentation.
Are these VM's attached to a virtual network? If so, this will generate the ACL to restrict access to a subnet.
restrict_to_subnet "myvnet" "mysubnet"
This should be used in conjunction with a service endpoint on that subnet - example here.