Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline

This article is divided into below three parts.

  1. Azure DevOps – Access Restriction of Azure App Service using Azure Management Portal – We will learn how to restrict the access to the Azure App Service manually using the Azure Portal.
  2. This article – Azure DevOps – Bulk IP Address Restriction of Azure App Service dynamically using PowerShell– We learn how to leverage PowerShell scripting to dynamically do bulk insertion of IP Addresses for configuring access restrictions for the Azure App Service.
  3. Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline We will learn how to automate the process of Access Restriction every time there is a change in the list of IP addresses using Azure DevOps Pipelines.
Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - All Methods
Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline – All Methods

Prerequisites:

  1. Azure Subscription
  2. Azure DevOps Account
  3. Azure App Service

Please ensure that an App Service is created.

Introduction

In the previous articles Azure DevOps – Access Restriction of Azure App Service using Azure Management Portalwe have learnt how to manually add an Allow or Deny rule using the Azure Management Portal in the Networking / Access Restrictions blade by providing the below information.

And, we have also learnt how to do a Azure DevOps – Bulk IP Address Restriction of Azure App Service dynamically using PowerShell.

It doesn’t make sense to run the PowerShell script manually every time there are new IP Addresses that needs to be added.

So, in this article, we are going to learn how to automatically execute the PowerShell script from Azure DevOps pipeline.

Let’s add both the below files to a Repository as shown below

Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Repository
Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline – Repository

Below is how the IPAddresses.txt files look with dummy IP Addresses.

Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Dummy IP Address
Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline – Dummy IP Address

Let’s understand the next steps.

Build Pipeline: In the build pipeline, we will only be adding the PowerShell script file (ReadIPAddresses.ps1) and the IP Address file (IPAddresses.txt) into the package.

Release Pipeline: In the Release pipeline, we will run the PowerShell script which adds the IP Address restrictions to the App Service – Web App.

Let’s start working on the pipelines.

Package the files using Build Pipeline:

Packaging the files in again a 2-step process.

Step1: Download the files from the git repository to the agent – As shown in the below screenshot, this step copies all the contents ( * means all files) from the folder names Scripts into a pre-defined location specified in the Build.ArtifactStagingDirectory location within the agent.

Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Copy Artifacts
Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline – Copy Artifacts

Step2: Publish the Artifactory into the Azure Pipeline – as shown in the below screenshot, this step will publish (upload) the artifacts from Build.ArtifactStagingDirectory location to Azure Pipelines.

Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Publish Artifacts
Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline – Publish Artifacts

Go ahead and run the pipeline. You should see the below

In the Build Pipeline execution summary screen, click on the Artifacts link to view the published artifacts.

Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Summary
Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline – Summary

You will be taken to the below screen where you can see the files packaged.

Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Summary - Publish Artifacts
Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline – Summary – Publish Artifacts

The above screenshots prove that the build pipeline is successful.

Execute the PowerShell with Release Pipeline

In this section, we will learn how to execute the PowerShell script. Let’s create a release pipeline and add an Azure PowerShell task as shown below.

 Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Azure Power shell - Pass Parameters
Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline – Azure Power shell – Pass Parameters
  1. Choose the file which contains the PowerShell script
  2. Provide the arguments to the PowerShell Script.
    1. Resource Group Name
    1. App Service Web App name
    1. Location of the file which contains the IP Address list
  3. Make sure to choose if you are using PowerShell core.

Finally, after you run the pipeline, all the IP Addresses will be added to the Access Restrictions blade as shown below.

Azure DevOps - Bulk IP Address Restriction of Azure App Service dynamically using PowerShell - Final Access Restrictions
Azure DevOps – Bulk IP Address Restriction of Azure App Service dynamically using PowerShell – Final Access Restrictions

That’s it. We have learnt how to add the rules using the PowerShell by integrating it with Azure DevOps pipelines.

Do you like this article? If you want to get more updates about these kind of articles, you can join my WhatsApp group at Azure DevOps World 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s