Whitelist KeyVault, ACR and Storage accounts using powershell via Azure DevOps templates
Date published:
Introduction
Azure DevOps is a powerful tool for managing your software development lifecycle. One of the key features of Azure DevOps is the ability to use templates to automate the deployment of your infrastructure. In this blog post, we’ll walk through how to whitelist KeyVault, ACR, and Storage accounts created via PowerShell using Azure DevOps templates.
Step 1: Create a KeyVault, ACR, and Storage Account via PowerShell
Now that you have a resource group, you can create a KeyVault, ACR, and Storage account via PowerShell. To do this, open PowerShell and run the following commands:
-
New-AzResourceGroup -Name MyResourceGroup -Location eastus
-
New-AzKeyVault -Name MyKeyVault -ResourceGroupName MyResourceGroup -Location eastus
-
New-AzStorageAccount -ResourceGroupName MyResourceGroup -Name MyStorageAccount -Location eastus -SkuName Standard_LRS
-
New-AzContainerRegistry -ResourceGroupName MyResourceGroup -Name MyACR -Location eastus -Sku Basic
Step 2: Create the Template
Now that you have defined your pipeline, you need to create the template. Create a new file called whitelist.yml in the Templates repository. Add the following code to the file:
This YAML file defines a template that sets the policy for your KeyVault, updates the default action for your ACR, and updates the default action for your Storage account. The parameters section defines the parameters that are passed to the template.
Step 3: Run the Pipeline
Now that you have defined your pipeline and template, you can run the pipeline. Navigate to your Azure DevOps project and click on “Pipelines” in the left-hand menu. Click on “New pipeline” and select “Azure Repos Git” as the source. Select your repository and branch, and click “Continue”.
Azure DevOps will automatically detect your YAML file and create a pipeline for you. Click on “Run” to run the pipeline. Once the pipeline has completed, your KeyVault, ACR, and Storage accounts will be whitelisted.
Conclusion
In this blog post, we walked through how to whitelist KeyVault, ACR, and Storage accounts created via PowerShell using Azure DevOps templates. By automating this process, you can ensure that your resources are secure and only accessible to authorized users. With Azure DevOps, you can easily manage your infrastructure and streamline your software development lifecycle.