I have some function apps and I found how to allow access to Azure cloud by following the steps in https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions. But I use ARM template to deploy the function apps and every time I do a deployment, the restrictions are gone. So, I would like to include the access restriction in my ARM template so add the restrictions every time they get deployed. I couldn't find a relevant resource anywhere to do this. Does anyone have any idea?
As suggested by #classicSchmosby98 that would be one of the solutions to restrict the azure function app using ARM template.
Create your own azure function manually from portal and add all the restrictions what you need.
Now export the template from the resource group for your resource with this you can even include the IP restrictions.
Also, you can go through the Assign roles using Azure Manager templates.
For more information you can refer explore ARM templates.
Related
I'm looking into publishing bicep templates to a Bicep registry (ACR), and then deploying them via the ARM REST api. However the REST create deployment api only allows me to specify a templateSpec - I don't see any way to reference an ACR url. Is this possible, or do I need to use template specs for this?
For context, I need to create an automated service that can deploy resources when a particular event happens, e.g. add new customer -> spin up Azure resources xyz. Having my service use the REST api seems reasonable, and I'd prefer to use the bicep registry over template specs.
Currently Content in the Bicep module registry can only be deployed from another Bicep file. Template specs can be deployed directly from the API, Azure PowerShell, Azure CLI, and the Azure portal. You can even use UiFormDefinition to customize the portal deployment experience.
You can refer to this documentation for more information.
So I manage Azure stack and I want to put a cap on the number of Windows VMs that could be created per subscription and I also need it in template form for automation. So far I have not been able to do that. Could I please get some help?
Such restrictions on Azure Subscriptions are usually applied by implementing Azure Policies (which can also be programmatically created and managed) but looks like it is not yet supported on Azure Stack. Check this similar thread for details.
I am trying to write an ARM template that can create a service principal on Azure with all the specified permissions. The end goal is to automate this process and create n number of service principals using the template. Is there a way to do this? Any help is much appreciated, thanks!
As #silent said is it not possible to add it via ARM templates.
BUT this is a very common case to use a combination of ARM templates and Powershell or CLI. This will give you more flexibility when creating resources, you should consider that. Mixing ARM templates with the script will solve your problem.
Refs:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-cli
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-powershell
https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-authenticate-service-principal-powershell
No, this is not possible. You can create the service principle only using other tools like Azure CLI.
What you can do is to add a role assignment to an existing SP using ARM templates: https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template
ARM Template wont be able to create a service principal. What You can do is write a PowerShell script to create a single service principal and then parameterize it to use it as a function to create multiple Service Principals by passing different parameters to the same function.
I have a requirement to deploy a logic app individually which is present in different repositories. These logic apps are available in the same resource group. Can this be achieved using ARM template in Azure?
Yes, what you seek is completely possible. Just have separate ARM templates for each of the Logic APP. You need to use the ARM template in the Incremental mode then, all your logic apps will be deployed individual and it will not clear out the old deployed resources in the resource group
What should be the type under resources, if I want to create an ARM template for Azure Active Directory?
Is there any resources for adding User/Group/Application features in Azure Active Directory through ARM templates?
Currently, there is no way to programmatically provision an Azure Active Directory. Thus, there is also no ARM templates available for that.
You have to use either, the Graph API (REST) or a PowerShell Module like AzureAD to create User / Application for an existing AAD.
I'm pretty sure there is none, looking at the Azure ARM schema I don't see anything Azure AD related. You can look at the ARM Schema here.