I have an Azure webapp and normally if I want to block an IP address, I go to Azure dashboard panel and under networking>Configure Access Restrictions, I add a rule to do so. This picture shows which menu item I mean:
However, I would like to do this programmatically. I see that the documentation shows how you can do this through Powershell.
I have also managed to find the API documentation for WebApp. But I can't find the last piece of the puzzle which is the API that does what I need.
Can someone please tell me if it is possible and which API I should use? Thank you in advance.
According to the doc: Use an Azure REST API PUT operation on the app configuration in Azure Resource Manager. The location for this information in Azure Resource Manager is:
management.azure.com/subscriptions/subscription ID/resourceGroups/resource groups/providers/Microsoft.Web/sites/web app name/config/web?api-version=2020-06-01
Then I searched the Azure Rest API and found this:
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/config/web?api-version=2019-08-01
We could update the field properties.ipSecurityRestrictions to update the value of Access Restrictions.
In addition, you could also check this blog: Bulk add IP Access Restrictions to Azure App Service using Az PowerShell
There does not appear to be a one-to-one match between powershell commands and api.
The closest I could find is:
https://learn.microsoft.com/en-us/rest/api/appservice/webapps/putprivateaccessvnet
This allows you to define which vnet has access to your web app. By controlling access to your vnet, you can control access to your app.
Related
I am trying to load the page 'https://www.customvision.ai' for training Vision Api for improving the object detection ability of Azure Cognitive Service Instance. But it does not getting me to https://www.customvision.ai/projects, fails instead. No error messages in browser console.
I have created a resource for Cognitive Service in West-US2 region in Azure Portal. Do I need to create any more resources specific to Custom-vision? Please suggest.
I am using MSDN Azure Subscription for accessing Azure Portal.
Actually no need to create specific one. Try logging out and switching the subscription. you should be able to access it without a problem if you're under valid subscription
Ashokan, the easiest way to get an answer for your question is
(1) visit https://cognitive.uservoice.com/forums/598141-custom-vision-service
(2) Click "Contact Us"
(3) Report the issue there and submit
This way we'll be able to assist you one-on-one and give you a solution faster.
It was fixed automatically after sometime without me intervening while I am still using MSDN Azure Subscription.
In the Azure API portal there is the Automation script tab, but that generates the ARM template for the entire resource group. It also includes a lot of other stuff that needed.
Is there a (simple) way to get hold of the ARM template for a specific API rather than the entire resource group? Can it be done through Azure cli? the REST API?
Yes, use the Azure Resource Explorer to locate your resource, the Uri at the top of the page will provide you a link to the template (requires authentication if you want to call it from outside of Resource Explorer).
I also always refer back to the reference documentation on ARM templates, it is a very good place to start from. Whilst it doesn't give you your exact template, it does give you a very clear base to start from (example below). I find this far more productive that trying to read the templates in the Automation Script" section of the portal.
Good luck.
No, you cannot do that. there is only 1 resource provider action to export and it exports the whole resource group. just remove all the extra parts.
I have 3 separate Azure subscriptions that have identical and each subscription is paired to an environment e.g. dev, uat, prod. Under each sub/env I have identical Application Insight instances for each application that I deploy. Within each Application Insight instance I construct several dashboard widgets/charts/analytics and pin them to my custom published dashboard. Currently for each instance I have to recreate each widget/chart/analytic and pin them to a dashboard. Is there any way to clone a dashboard or widget to point to another Application Insight instance? I tried using the Azure Resource API but did not get solid results.
In order to clone dashboard tiles and edit the analytics queries from one dashboard to another, do the following:
Download the first dashboard json.
Open the json, search for ResourceId property.
Replace the ResourceId to the desired ResouceId application which you'd like to monitor.
You can get the ResourceId of an application from the Overview blade:
For example for this application:
image of my application you can get it from the url: subscriptions/7948c75a-ee6e-4c34-b391-52ba5dca56dd/resourceGroups/raz_group/providers/microsoft.insights/components/raz_test1 be sure to clear the /overview in the end.
After replacing the ResourceId, delete the SubscriptionId, ResourceGroup and Name properties near it. You don't need those.
Go to the second dashboard (or create a new one) and upload the new json.
Please tell me if something isn't clear,
Thanks.
Azure Dashboards can be deployed using Azure Resource Manager templates. Here is a document that details the operation.
Programmatically create Azure Dashboards
I am trying to use Azure Traffic Manager (GTM) to geographically distribute load to function apps in each region.
I have tried adding an 'app service endpoint' and an 'external endpoint' (including adding the GTM name as a custom CNAME to the function app), but both result in "Error 404 - Web app not found.". The custom CNAME also never adds correctly.
According to the last comment on this post, the ability to do this should now be supported:
Setting up a custom domain with an Azure Function app
I am unable to comment back on the post as I am a new user.
I have tried adding an 'app service endpoint' and an 'external endpoint' (including adding the GTM name as a custom CNAME to the function app)
Azure Traffic Manager is only eligible for use with App Services at the 'Standard' level or above as mentioned here. If your function isn't host in an app plan at the 'Standard' level or above, Azure Traffic Manager will not work.
If you are not using 'Standard' or higher level app plan, Azure Functions Proxies would be a workaround for you. Please check following thread which discuss the similar problem.
Azure Functions Traffic Manager
Here is the quick reference from the answer provided by Dakota Kincer.
So the answer I arrived to after Traffic manager didntsupport Azure functions was to overall build 3 Azure functions. I built an East and a West that has my azure function code on it. Then I built a main Azure Function that has 0 code. It only has Azure proxies on it that route to my 2 other Azure Functions. The route is controlled by a variable in the proxy string that is help in the main API app settings. Using %myvariable% you can set part of the url. When I need to publish I switch the variable to the secondary URL location. Update the Primary and then switch the URL to its original primary location. This will have to work for now till traffic manager is integrated into functions or a better solution arises.
I am unable to comment back on the post as I am a new user.
You could modify your post if you want to provide more information.
Traffic Manager supports Azure functions monitoring. You can enable this by going to TM settings -> endpoints -> add endpoint -> choose Azure endpoint type -> App Service for Target resource type -> under Target Resource choose Function app which you want to monitor.
Most likely you want to be able to access function apps under specific domain domain, for example my-domain.com. For that under Custom Header Settings specify host:my-domain.com. You'll need to setup custom domain in function apps configuration too.
Scenario:
One team had built one application, and application is running on azure.
maintenance is taken care by same team, we don't want to give full access of production instance to developer team, but want to give read permission, like - monitoring of logs, cpu usages etc.
Solution according to me is build an application which will get dashboard data and log data from azure via api and that data will be displayed to development team.
I am referring these 2 links
https://msdn.microsoft.com/en-us/library/azure/dn722415.aspx
https://azure.microsoft.com/en-in/documentation/articles/api-management-get-started/
Question:
Still I am not able to find api which will give the dashboard data. if anyone know api for the same, please help.
Is there any alternative solution for this scenario.
If you deploy your app using the new Azure Resource Manager mode, it provides a Role Based Access Control to your resources. You can deploy your app inside a Resource Group and provide read access to your developers. They will be able to view the information about the services that your app are made of but without the option to change anything.
This session from Build 2015 can help you to understand what ARM is and what you can do with it: https://channel9.msdn.com/Events/Build/2015/2-659