Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md
azurepolicy.json
azurepolicy.parameters.json
azurepolicy.rules.json

README.md

Restrict IP ranges used in Storage Accounts firewall rules

This policy restrict IP ranges used in Storage Accounts firewall rules. When a Storage Account is connected to a VNet service endpoint, this policy allows you to define what IP ranges are allowed to be white-listed in the Storage Account firewall rules. Any IP ranges that are not listed in the policy assignment will be blocked from been added to the firewall rules.

Try on Portal

Deploy to Azure

Try with PowerShell

$definition = New-AzureRmPolicyDefinition -Name "restrict-storageAccount-firewall-rules" -DisplayName "Restrict Storage Accounts firewall rules" -description "This policy restrict IP ranges used in Storage Accounts firewall rules" -Policy 'https://raw.githubusercontent.com/tyconsulting/azurepolicy/master/policy-definitions/restrict-storageAccount-firewall-rules/azurepolicy.rules.json' -Parameter 'https://raw.githubusercontent.com/tyconsulting/azurepolicy/master/policy-definitions/restrict-storageAccount-firewall-rules/azurepolicy.parameters.json' -Mode All -Metadata '{ "category": "Storage"}'
$definition
$assignment = New-AzureRMPolicyAssignment -Name <assignmentname> -Scope <scope> -PolicyDefinition $definition
$assignment 

Try with CLI


az policy definition create --name 'restrict-storageAccount-firewall-rules' --display-name 'Restrict Storage Accounts firewall rules' --description 'This policy restrict IP ranges used in Storage Accounts firewall rules' --rules 'https://raw.githubusercontent.com/tyconsulting/azurepolicy/master/policy-definitions/restrict-storageAccount-firewall-rules/azurepolicy.rules.json' --params 'https://raw.githubusercontent.com/tyconsulting/azurepolicy/master/policy-definitions/restrict-storageAccount-firewall-rules/azurepolicy.parameters.json' --mode All

az policy assignment create --name <assignmentname> --scope <scope> --policy "restrict-storageAccount-firewall-rules"