Fundamentally, application security groups are an array of groups that can be applied to a specific IP configuration on a specific nic. I think this is a really elegant place to attach these constructs, and will allow for some interesting designs into the future.
Here is a quick ARM template of a bare-bones network interface with an associated application security group.
{ "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": {}, "variables": {}, "resources": [ { "type":"Microsoft.Network/networkInterfaces", "name": "IISWebServer-NIC1", "apiVersion": "2017-10-01", "location":"[resourceGroup().location]", "tags":{}, "properties":{ "ipConfigurations":[ { "name":"ipconfig1", "properties":{ "privateIPAllocationMethod":"Dynamic", "subnet":{ "id": "[concat(resourceId('Microsoft.network/virtualNetworks','appsecurity'),'/subnets/', 'default')]" }, "ApplicationSecurityGroups": [ { "id": "/subscriptions/xxxx/resourceGroups/testappsecuritygroups/providers/Microsoft.Network/applicationSecurityGroups/IISWebServers", "location":"[resourceGroup().location]" } ] } } ] } } ], "outputs": {} }
As with a lot of ARM template constructs, application security groups are referenced via ID. If you are creating a parameterized version of the above, you will need to pass in both the resource group and the name of the application security group.
No comments:
Post a Comment