I have an ARM template, in this template, there are two resources, one is storage account the other is web site. How can I get the ip address of the web site and put it in the allowed ip address of the storage account?
thanks
I believe you could use 'outputs' in 'linked templates' to accomplish it. For more information, refer this section of the article.
Related
I have an Azure storage account with a blob endpoint of: 'blobstorageaccountname.blob.core.windows.net'. I want to choose a static IP Address, because some of my more zealous customers want to only allocate a known set of IP addresses through their firewall. I have already provided them with the list of Azure IP ranges for my Azure region, but they don't want to allocate such broad ranges.
Also: 1
In Azure portal | Storage | Networking | Custom domain: it says "Configure a custom domain for accessing blob data in your Azure storage account, like www.contoso.com".
If that is possible could I allocate the custom domain a static IP address?
Is it really only blob specific, what about queue endpoints? I could configure my DNS with each endpoint having a new CNAME entry.
Also: 2
Azure portal | Add new resource "Public IP Address", allows me to add a public statis IP address for a virtual network gateway (VNG?). I know it's possible to apply a static IP to a VM. How does one create or configure a VNG? or Azure VNet? to apply a static IP to a Storage endpoint?
I read these, but they were not helpful:
https://social.msdn.microsoft.com/forums/en-US/b7dbea96-5349-45c6-8774-f8c766d08e31/help-assign-static-ip-to-a-blob-storage-account?forum=windowsazuredata
Virtual Public IP address
Also posted on the Azure Docs Questions forum
As of 2022, Azure Storage service does not support public IPs, but Azure API management does.
Configuring APIm service with a public static IP, then create a 'pass through' endpoint for each storage type.
Each client's app.config needs "AzureWebJobsStorage" updated to send requests through an API Management route for each endpoint type. I am currently using a generic connection not specifying the endpoints, so each client will need updating to use the 'explicit storage endpoint connection string
Alternative to APIm: investigate dotnet YARP as a reverse proxy hosted on an Azure WebApp and manage re-routing that way.
I have been using the New-AzureReservedIP cmdlet to create a new reserved IP address in Azure and associate it with an Azure cloud service staging slot. Basically what is described in this question. This cmdlet was part of the Azure module. However, as we know the Azure and AzureRM modules are not available in PS7 anymore. And this workstep is not even available in the Azure GUI.
As Microsoft recommends switching to PS7 and the Az module I assume that there is another way there to achieve the same thing. However, so far I was unable to find a solution.
The problem is that the staging slot requires a reserved IP if the production slot has one. To limit expenses we delete our staging slots after deployment. If we'd just keep and update it, that would not be a problem. Also, I was unable to find a way to re-use an existing reserved IP (that was created with New-AzureReservedIPpreviously) for the next staging deployment, so far I always needed to create a new one using New-AzureReservedIP. I ended up having quite a few reserved IP addresses which I don't use anymore so I wonder if they can be recycled somehow?
What would be best practice to solve this in PS7?
Reserved IP belongs to ASM API (Classic) and will be deprecated by 2023. Hence it doesn't exist in ARM. The new ARM API doesn't support this functionality. In ARM you have the option to use static Public IP (IP owned by Microsoft) or Public IP Prefix which is when you buy the IP address/IP range.
New-AzPublicIpAddress
https://learn.microsoft.com/en-us/powershell/module/az.network/new-azpublicipprefix?view=azps-4.5.0
New-AzPublicIpPrefix
https://learn.microsoft.com/en-us/powershell/module/az.network/new-azpublicipaddress?view=azps-4.5.0
But one thing to note is that if you are using App Service you actually get a Static Public IP for your App Service but that one is shared with many other customers hence you need to use your App Service URL eg. https://[AppServiceName].azurewebsites.net or add a Custom Domain to your App Service.
So if you really need a Public IP that is not shared you have to move over to IaaS eg. Virtual Machines
I want to host a website with only html,css,js files in the Azure cloud.
Seems like Azure Blob Static Website is a great option to host it for free if you have an Azure subscription.
Reference: https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website
My question here is:
Is there any way to restrict the public IP addresses which can access the endpoint of the Azure Blob hosted Website?
Many of the Azure services provide this feature of IP filtering, but I did not find any way to do it for the above scenario.
Please guide me.
In the storage account, go to Settings → Firewalls and Virtual Networks
Check the radio Selected Networks and then configure the Firewall to allow selected IP address ranges.
I have created a new Azure Classic Virtual Machine and when I try to access from my office its not able to connect. In previous versions of Azure I used to change the Endpoints to point to 443 public port. But in new portal i'm not sure where i need to change the Endpoints. Can you help in this regard? Thanks
But in new portal i'm not sure where i need to change the Endpoints.
If I understand it correctly, we can add endpoint here:
Update:
It seems you create a ARM VM, if so, we can via Azure portal to add inbound security rules to NSG, like this:
More information about NSG, please refer to this link.
I have a bunch of REST services running in a VM in azure. I'd like to consume them from azure websites in a secure way. I.e. I don't want these services to be accessible from anywhere other than the azure websites.
Is it possible put this limitation? I know that I can limit access to the endpoints by providing IP address ranges but websites don't have fixed IP addresses.
thanks
If you set an unique IP can do it. But remember what the static IP are not available in all web hosting plans.