Skip to content

Commit

Permalink
Merge pull request #1804 from jemrobinson/1781-bug-fix
Browse files Browse the repository at this point in the history 
Change AllowExternalAzureAutomationOperations to a network rule
  • Loading branch information
@JimMadge
JimMadge committed Apr 15, 2024
2 parents 64eea3d + ff3e07e commit 1788895
Showing 1 changed file with 16 additions and 3 deletions.
19 changes: 16 additions & 3 deletions data_safe_haven/infrastructure/stacks/shm/firewall.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -313,8 +313,10 @@ def __init__(
description="Allow external Azure Automation requests",
name="AllowExternalAzureAutomationOperations",
protocols=[
network.AzureFirewallNetworkRuleProtocol.TCP,
network.AzureFirewallNetworkRuleProtocol.UDP,
network.AzureFirewallApplicationRuleProtocolArgs(
port=443,
protocol_type="Https",
)
],
source_addresses=["*"],
target_fqdns=[
Expand Down Expand Up @@ -484,8 +486,8 @@ def __init__(
destination_ports=["53"],
name="AllowExternalDnsResolver",
protocols=[
network.AzureFirewallNetworkRuleProtocol.UDP,
network.AzureFirewallNetworkRuleProtocol.TCP,
network.AzureFirewallNetworkRuleProtocol.UDP,
],
source_addresses=[props.subnet_identity_servers_iprange],
),
Expand All @@ -496,6 +498,17 @@ def __init__(
name=f"{stack_name}-all",
priority=1010,
rules=[
network.AzureFirewallNetworkRuleArgs(
description="Allow external Azure Automation requests",
destination_addresses=["GuestAndHybridManagement"],
destination_ports=["*"],
name="AllowExternalAzureAutomationOperations",
protocols=[
network.AzureFirewallNetworkRuleProtocol.TCP,
network.AzureFirewallNetworkRuleProtocol.UDP,
],
source_addresses=["*"],
),
network.AzureFirewallNetworkRuleArgs(
description="Allow external NTP requests",
destination_addresses=ntp_ip_addresses,
Expand Down

0 comments on commit 1788895

Please sign in to comment.