如何通过 ARM 模板在 StorageAccount 中设置选定的网络
Kaj*_*aja 4 arm azure azure-storage vnet
我有以下 ARM 模板来生成存储帐户并添加现有虚拟网络:
\n\n {\n "name": "test0deep0123",\n "type": "Microsoft.Storage/storageAccounts",\n "location": "West Europe",\n "apiVersion": "2018-11-01",\n "sku": {\n "name": "Standard_LRS",\n "tier": "Standard"\n },\n "kind": "StorageV2",\n "properties": {\n "firewallState": "Enabled",\n "virtualNetworkRules": [\n {\n "properties": {\n "subnetId": "subnetid"\n },\n "name": "name"\n },\n {\n "properties": {\n "subnetId": "subnetId"\n },\n "name": "name"\n },\n {\n "properties": {\n "subnetId": "subnetid"\n },\n "name": "name"\n },\n {\n "properties": {\n "subnetId": "subnetid"\n },\n "name": "name"\n },\n {\n "properties": {\n "subnetId": "subnetid"\n },\n "name": "name"\n },\n {\n "properties": {\n "subnetId": subnetid"\n },\n "name": "name"\n },\n {\n "properties": {\n "subnetId": "subnetid"\n },\n "name": "name"\n }\n\n "networkAcls": {\n "bypass": "AzureServices",\n "virtualNetworkRules": [\n {\n "id": "id",\n "action": "Allow",\n "state": "succeeded"\n },\n {\n "id": "id",\n "action": "Allow",\n "state": "succeeded"\n }\n ],\n "ipRules": [],\n "defaultAction": "Allow"\n },\n "supportsHttpsTrafficOnly": false,\n "encryption": {\n "services": {\n "file": {\n "enabled": true\n },\n "blob": {\n "enabled": true\n }\n },\n "keySource": "Microsoft.Storage"\n },\n "accessTier": "Hot"\n }\n }\n我可以在资源组中成功部署此模板,但在控制 \xe2\x80\x9cFirewall 和虚拟网络 \xe2\x80\x9d 之后,我看到,允许访问设置为所有网络,尽管在所选网络下我可以看到添加虚拟网络\n
我应该做什么来检查“选定的网络”?
\n问题是,如果您将 设为virtualNetworkRules则allow需要 defaultAction设为Deny,这样您就会将选定的虚拟网络列入存储帐户的防火墙中的白名单。
在这种情况下,您可以选择现有虚拟网络(启用存储帐户服务端点)ID 到该段落,networkAcls并将 "defaultAction": "Deny". 另外,virtualNetworkRules属于networkAcls不存储帐户的属性。
以下模板可以在我这边使用。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"virtualNetworks_vnet1": {
"defaultValue": "/subscriptions/xxx/resourceGroups/myrg/providers/Microsoft.Network/virtualNetworks/vnet",
"type": "string"
},
"virtualNetworks_vnet2": {
"defaultValue": "/subscriptions/xxx/resourceGroups/myrg/providers/Microsoft.Network/virtualNetworks/mytestvnet1",
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2018-11-01",
"name": "test0deep01234",
"location": "Central US",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"properties": {
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [
{
"id": "[concat(parameters('virtualNetworks_vnet1'), '/subnets/default')]",
"action": "Allow"
},
{
"id": "[concat(parameters('virtualNetworks_vnet2'), '/subnets/default')]",
"action": "Allow"
}
],
"ipRules": [],
"defaultAction": "Deny"
},
"supportsHttpsTrafficOnly": false,
"encryption": {
"services": {
"file": {
"enabled": true
},
"blob": {
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"accessTier": "Hot"
}
}
]
}
参考:Microsoft.Storage storageAccounts 模板参考
| 归档时间: |
|
| 查看次数: |
6230 次 |
| 最近记录: |