Hi, I'm Nicholas 👋
I'm a Senior Platform Engineer

Buy Me A Coffee

Whitelist and Removing IPs from Azure DevOps and Storage Account Firewall

Date published:

Welcome

Hey,

Managing IP whitelisting and removal is a critical aspect of securing Azure resources. In this blog post, I’ll walk you through how to dynamically remove IP addresses from the Azure Storage Account Firewall using Azure DevOps pipelines and PowerShell scripting.

Why is IP Management Important?

Azure Storage Accounts often require strict access control to ensure data security. By whitelisting IPs, you allow specific addresses to access your resources. However, when these IPs are no longer needed, removing them promptly is essential to maintain security.

Implementation

Here’s a YAML snippet for an Azure DevOps pipeline task that removes an IP address from the Storage Account Firewall dynamically:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
name: Deploy Frontend App
- task: AzureCLI@2
  displayName: Remove Storage Firewall Rule
  continueOnError: false
  inputs:
    azureSubscription: AzureSubscription
    scriptType: ps
    scriptLocation: inlineScript
    inlineScript: |
      $PublicIp = Invoke-RestMethod https://ipinfo.io/json | Select -ExpandProperty Ip      
 
      Write-Host "##[warning]Removing $PublicIp From Storage Account Firewall, Please Wait..."

      az storage account network-rule remove -g rgtest --account-name storageaccount1 --ip-address $PublicIp

      Start-Sleep -Seconds 20
        Write-Host "##[warning]Removed $AgentPublicIp From Storage Account Firewall"
  1. Retrieve Public IP:

    • The script uses Invoke-RestMethod to fetch the public IP dynamically.
  2. Remove IP from Firewall:

    • The az storage account network-rule remove command removes the IP from the specified Storage Account Firewall.
  3. Confirmation:

    • A confirmation message is displayed after the removal process.

Conclusion

By integrating this script into your Azure DevOps pipeline, you can streamline the process of managing IP whitelisting and removal for Azure Storage Accounts. This approach not only saves time but also strengthens the security posture of your cloud environment.