Created
May 31, 2021 19:47
-
-
Save terasaka/e58286e631bb336deb9864245f1644d9 to your computer and use it in GitHub Desktop.
AZURE - Storage Account Set Firewall Rules
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| rg=rg-nomedorg | |
| stg=stgnomestg | |
| stgStatus=$(az storage account show --resource-group $rg --name $stg -o tsv --query networkRuleSet.defaultAction) | |
| if [ $stgStatus = "Allow" ] | |
| then | |
| echo "Restringindo acesso default" | |
| az storage account update --resource-group $rg --name $stg --default-action Deny > /dev/null | |
| else | |
| echo "Storage Account ja esta restrita" | |
| fi | |
| echo "Validando necessidade de liberacao" | |
| # Pegandos os ips de origem da CloudFlare | |
| # Obs. Pode ser um array com IPs | |
| ipsCloudFlare=$(curl -s https://www.cloudflare.com/ips-v4) | |
| ipsRules=$(az storage account network-rule list --account-name $stg -g $rg -o tsv --query ipRules) | |
| ipsDiff=() | |
| ipsDiff=$(echo ${ipsCloudFlare[@]} ${ipsRules[@]} | tr ' ' '\n' | sort | uniq -u) | |
| if [[ -z ${ipsDiff} ]] | |
| then | |
| echo "Sem alteracao de regras" | |
| else | |
| echo "Adicionando regras:" | |
| echo $ipsDiff | |
| for ip in ${ipsDiff[*]}; | |
| do az storage account network-rule add -g $rg --account-name $stg --ip-address ${ip} > /dev/null; | |
| done | |
| fi | |
| ipsLiberados=$(az storage account network-rule list --account-name $stg -g $rg -o tsv --query ipRules) | |
| echo "Status dos ips liberados" | |
| echo ${ipsLiberados[*]} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment