Azure DevOps - Automate Bulk IP Address Restriction Of Azure App Service

This article is divided into three parts,

  1. Azure DevOps - Access Restriction of Azure App Service using Azure Management Portal - We learned how to restrict access to the Azure App Service manually using the Azure Portal.
  2. Azure DevOps - Bulk IP Address Restriction of Azure App Service dynamically using PowerShell - We learned how to leverage PowerShell scripting to dynamically do bulk insertion of IP Addresses for configuring access restrictions for the Azure App Service.
  3. Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - We will learn how to automate the process of Access Restriction every time there is a change in the list of IP addresses using Azure DevOps Pipelines.

Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service
Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - All Methods

Prerequisites

  1. Azure Subscription
  2. Azure DevOps Account
  3. Azure App Service

Please ensure that an App Service is created.

Introduction

In the previous articles, Azure DevOps - Access Restriction of Azure App Service using Azure Management Portal we have learned how to manually add an Allow or Deny rule using the Azure Management Portal in the Networking / Access Restrictions blade by providing the below information.

And, we have also learned how to do Azure DevOps - Bulk IP Address Restriction of Azure App Service dynamically using PowerShell.

It doesn’t make sense to run the PowerShell script manually every time there are new IP Addresses that need to be added.

So, in this article, we are going to learn how to automatically execute the PowerShell script from the Azure DevOps pipeline.

Let’s add both the below files to a Repository as shown below,

Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service
Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Repository

Below is how the IPAddresses.txt files look with dummy IP Addresses.

Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service
Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Dummy IP Address

Let’s understand the next steps.

Build Pipeline

In the build pipeline, we will only be adding the PowerShell script file (ReadIPAddresses.ps1) and the IP Address file (IPAddresses.txt) into the package.

Release Pipeline

In the Release pipeline, we will run the PowerShell script which adds the IP Address restrictions to the App Service - Web App.

Let’s start working on the pipelines.

Package the files using Build Pipeline

Packaging the files is again a 2-step process.

Step 1

Download the files from the git repository to the agent - As shown in the below screenshot, this step copies all the contents ( * means all files) from the folder names Scripts into a pre-defined location specified in the Build.ArtifactStagingDirectory location within the agent.

Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service
Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Copy Artifacts

Step 2

Publish the Artifactory into the Azure Pipeline - as shown in the below screenshot, this step will publish (upload) the artifacts from Build.ArtifactStagingDirectory location to Azure Pipelines.

Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service
Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Publish Artifacts

Go ahead and run the pipeline. You should see the below,

In the Build Pipeline execution summary screen, click on the Artifacts link to view the published artifacts.

Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service
Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Summary

You will be taken to the below screen where you can see the files packaged.

Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service
Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Summary - Publish Artifacts

The above screenshots prove that the build pipeline is successful.

Execute the PowerShell with Release Pipeline

In this section, we will learn how to execute the PowerShell script. Let’s create a release pipeline and add an Azure PowerShell task as shown below.

Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service
Azure DevOps - Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline - Azure Power shell - Pass Parameters

  1. Choose the file which contains the PowerShell script
  2. Provide the arguments to the PowerShell Script.
     
    • Resource Group Name
    • App Service Web App name
    • Location of the file which contains the IP Address list
       
  3. Make sure to choose if you are using PowerShell core.

Finally, after you run the pipeline, all the IP Addresses will be added to the Access Restrictions blade as shown below.

Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service
Azure DevOps - Bulk IP Address Restriction of Azure App Service dynamically using PowerShell - Final Access Restrictions

That’s it. We have learned how to add the rules using PowerShell by integrating it with Azure DevOps pipelines.