Fundamentally, application security groups are an array of groups that can be applied to a specific IP configuration on a specific nic. I think this is a really elegant place to attach these constructs, and will allow for some interesting designs into the future.
Here is a quick ARM template of a bare-bones network interface with an associated application security group.
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type":"Microsoft.Network/networkInterfaces",
"name": "IISWebServer-NIC1",
"apiVersion": "2017-10-01",
"location":"[resourceGroup().location]",
"tags":{},
"properties":{
"ipConfigurations":[
{
"name":"ipconfig1",
"properties":{
"privateIPAllocationMethod":"Dynamic",
"subnet":{
"id": "[concat(resourceId('Microsoft.network/virtualNetworks','appsecurity'),'/subnets/', 'default')]"
},
"ApplicationSecurityGroups": [
{
"id": "/subscriptions/xxxx/resourceGroups/testappsecuritygroups/providers/Microsoft.Network/applicationSecurityGroups/IISWebServers",
"location":"[resourceGroup().location]"
}
]
}
}
]
}
}
],
"outputs": {}
}
As with a lot of ARM template constructs, application security groups are referenced via ID. If you are creating a parameterized version of the above, you will need to pass in both the resource group and the name of the application security group.
No comments:
Post a Comment