Application security groups is an attempt to solve this problem. Using them requires the following steps:
- Create an application security group
- Assign an application security group to a NIC, or set of NICs
- Create network security groups with application security group tags
The goal of this post is to demonstrate how to create an application security group from an ARM template. The official documentation for this can be found here.
Here is my example of an application security group template:
{ "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": {}, "variables": {}, "resources": [ { "type":"Microsoft.Network/applicationSecurityGroups", "name": "IISWebServers", "apiVersion": "2017-10-01", "location":"[resourceGroup().location]", "tags":{}, "properties":{} } ], "outputs": {} }
The above example essentially creates a group named IISWebServers. Interestingly, this does not show up as a resource in the portal, even after deployed:
Here is the return from powershell: (Get-AzureRmApplicationSecurityGroup)
When you go to delete the resource group, you do see the item in the list:
Interesting!
No comments:
Post a Comment