LoginSignup
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

@shingo_kawahara(Shingo Kawahara)in株式会社セゾンテクノロジー

BicepでNSG規則をパラメータ化する

Posted at

NSG受信規則、送信規則の設定をBicepファイルではなくBicepパラメータファイルで管理できないかやってみたので残します。

リポジトリ構成

  • 以下のようにモジュール化、パラメータ化しています。
.
├── main.bicep
├── main.bicepparam
└── modules
    └── nsg.bicep

Bicepパラメータファイル

  • NSG定義をパラメータファイルに配列で持たせておきます。
main.bicepparam
using 'main.bicep'

param location = 'japaneast'

param networkSecurityGroupName = 'myNsg'

param nsgSecurityRules = [
  {
    name: 'allow-3389'
    properties: {
      priority: 1000
      access: 'Allow'
      direction: 'Inbound'
      destinationPortRange: '3389'
      protocol: 'Tcp'
      sourcePortRange: '*'
      sourceAddressPrefix: '10.0.0.0/24'
      destinationAddressPrefix: '*'
    }
  }
  {
    name: 'allow-443'
    properties: {
      priority: 1100
      access: 'Allow'
      direction: 'Inbound'
      destinationPortRange: '443'
      protocol: 'Tcp'
      sourcePortRange: '*'
      sourceAddressPrefix: '10.0.0.0/24'
      destinationAddressPrefix: '*'
    }
  }
  {
    name: 'deny-80'
    properties: {
      priority: 1200
      access: 'Deny'
      direction: 'Inbound'
      destinationPortRange: '80'
      protocol: 'Tcp'
      sourcePortRange: '*'
      sourceAddressPrefix: '*'
      destinationAddressPrefix: '*'
    }
  }
]

Bicepファイル

  • mainからモジュールを呼び出すようにしています。
main.bicep

param location string

param networkSecurityGroupName string
param nsgSecurityRules array

module networkSecurityGroupModule './modules/nsg.bicep' = {
  name: 'networkSecurityGroupModule'
  params: {
    location: location
    networkSecurityGroupName: networkSecurityGroupName
    nsgSecurityRules: nsgSecurityRules
  }
}
  • パラメータとして設定したNSG定義の配列をループで設定していきます。
nsg.bicep
param location string
param networkSecurityGroupName string
param nsgSecurityRules array

resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2023-05-01' = {
  name: networkSecurityGroupName
  location: location
  properties: {
    securityRules: [ for rule in nsgSecurityRules : {
      name: rule.name
      properties: {
        priority: rule.properties.priority
        access: rule.properties.access
        direction: rule.properties.direction
        destinationPortRange: rule.properties.destinationPortRange
        protocol: rule.properties.protocol
        sourcePortRange: rule.properties.sourcePortRange
        sourceAddressPrefix: rule.properties.sourceAddressPrefix
        destinationAddressPrefix: rule.properties.destinationAddressPrefix
      }
    }]
  }
}

output networkSecurityGroupId string = networkSecurityGroup.id

実行

  • パラメータを指定してデプロイし、NSGが問題なく作成され、規則が設定されたことを確認します。
az deployment group create --resource-group [Your Resource Group Name] --template-file main.bicep --parameters main.bicepparam

以上です

0
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?