Skip to content
Branch: master
Find file History

README.md

Only Allow public IP in specific subnets

Only allow public IP to be used in specific subnets

The subnetIds parameter must be provided with a list of subnets in format of resource ID (e.g /subscriptions/{subscription_id}/resourcegroups/{resource_group)/providers/microsoft.network/virtualnetworks/{vnet}/subnets/{subnet-name})

Try on Portal

Deploy to Azure

Try with PowerShell

$definition = New-AzPolicyDefinition -Name "no-public-ip-except-for-one-subnet" -DisplayName "Only Allow public IP in specific subnets" -description "Only allow public IP to be used in specific subnets" -Policy 'https://raw.githubusercontent.com/Azure/azure-policy/master/samples/Network/no-public-ip-except-for-one-subnet/azurepolicy.rules.json' -Parameter 'https://raw.githubusercontent.com/Azure/azure-policy/master/samples/Network/no-public-ip-except-for-one-subnet/azurepolicy.parameters.json' -Mode All
$definition
$assignment = New-AzPolicyAssignment -Name <assignmentname> -Scope <scope>  -subnetIds <List of Subnets you can use public IP> -PolicyDefinition $definition
$assignment 

Try with CLI


az policy definition create --name 'no-public-ip-except-for-one-subnet' --display-name 'Only Allow public IP in specific subnets' --description 'Only allow public IP to be used in specific subnets' --rules 'https://raw.githubusercontent.com/Azure/azure-policy/master/samples/Network/no-public-ip-except-for-one-subnet/azurepolicy.rules.json' --params 'https://raw.githubusercontent.com/Azure/azure-policy/master/samples/Network/no-public-ip-except-for-one-subnet/azurepolicy.parameters.json' --mode All

az policy assignment create --name <assignmentname> --scope <scope> --policy "no-public-ip-except-for-one-subnet" 

You can’t perform that action at this time.