stackoom
  简体   繁体   中英

How to List Azure Network Security Group from all Subscription using powershell

 原文  2021-01-14 15:42:16       azure/ powershell/ azure-powershell/ azure-security/ azure-nsg

Question

I am trying to create an PowerShell script to list Azure Network Security Groups and it's rule from all subscription and export it to CSV.

Below is my code which list all the NSG Rule Name,Description,Priority,SourceAddressPrefix,SourcePortRange,DestinationAddressPrefix,DestinationPortRange,Protocol,Access and Direction.

############# List All Azure Network Security Groups #############
$subs = Get-AzSubscription

foreach ($sub in $subs) {
    Select-AzSubscription -SubscriptionId $sub.Id
    $nsgs = Get-AzNetworkSecurityGroup

    Foreach ($nsg in $nsgs) {
        $nsgRules = $nsg.SecurityRules

        foreach ($nsgRule in $nsgRules) {
            $nsgRule | Select-Object @{n='SubscriptionName';e={$sub.Name}},
                @{n='ResourceGroupName';e={$nsg.ResourceGroupName}},
                @{n='NetworkSecurityGroupName';e={$nsg.Name}},
                Name,Description,Priority,
                @{Name='SourceAddressPrefix';Expression={[string]::join(",", ($_.SourceAddressPrefix))}},
                @{Name='SourcePortRange';Expression={[string]::join(",", ($_.SourcePortRange))}},
                @{Name='DestinationAddressPrefix';Expression={[string]::join(",", ($_.DestinationAddressPrefix))}},
                @{Name='DestinationPortRange';Expression={[string]::join(",", ($_.DestinationPortRange))}},
                Protocol,Access,Direction |
                    Export-Csv "C:\Users\admin-vishal.singh\Desktop\Test\nsg\NsgRules.csv" -NoTypeInformation -Encoding ASCII -Append        
        }
    }
}

The output I am Getting for above script 在此处输入图像描述

I also tried to call object Resourcegroup, SubscriptionName under $nsgRule | Select-Object it gave me blank column with header Resourcegroup, subscriptionName.

I am trying to get output like this:

在此处输入图像描述

I don't know at which for loop I need to do changes to get output like above.

Basically, I am trying to list all the Azure NSGs with Rules from all subscription with there respective ResourcegroupName, subscriptionName.

2 answers

solution1
 3 ACCPTED  2021-01-14 16:28:31

The extra properties you want to return belong to a different object than $nsgRule . You can still retrieve those properties through the use of Select-Object 's calculated properties.

$subs = Get-AzureRmSubscription

foreach ($sub in $subs) {
    Select-AzureRmSubscription -SubscriptionId $sub.Id
    $nsgs = Get-AzureRmNetworkSecurityGroup

    Foreach ($nsg in $nsgs) {
        $nsgRules = $nsg.SecurityRules

        foreach ($nsgRule in $nsgRules) {
            $nsgRule | Select-Object @{n='SubscriptionName';e={$sub.Name}},
                @{n='ResourceGroupName';e={$nsg.ResourceGroupName}},
                @{n='NetworkSecurityGroupName';e={$nsg.Name}},
                Name,Description,Priority,
                @{Name='SourceAddressPrefix';Expression={[string]::join(",", ($_.SourceAddressPrefix))}},
                @{Name='SourcePortRange';Expression={[string]::join(",", ($_.SourcePortRange))}},
                @{Name='DestinationAddressPrefix';Expression={[string]::join(",", ($_.DestinationAddressPrefix))}},
                @{Name='DestinationPortRange';Expression={[string]::join(",", ($_.DestinationPortRange))}},
                Protocol,Access,Direction |
                    Export-Csv "C:\Vishal\NsgRules.csv" -NoTypeInformation -Encoding ASCII -Append        
        }
    }
}

$nsg contains ResourceGroupName and Name (the.network security group name). $sub contains the subscription name as Name .

solution2
 0  2021-03-28 06:55:14

Not sure if this helps a bit... I'm doing similar and using the az cli (which has direct conversions to powershell)

I'm taking this approach:

#get all the subs in a list
$subs_list = az account list --query [].[id] -o tsv

#loop through list of subs
foreach($sub in $subs_list)
{
    az account set --subscription $sub # change the active sub
    $rg_list = az group list | ConvertFrom-json # retrieve a list of resource groups for that sub
    foreach($rg in $rg_list) # loop through the list of resource groups
    {
        $nsg_list = az network nsg list --resource-group $rg.name | ConvertFrom-json # get the list of nsg for a resource group
        foreach($nsg in $nsg_list) # loop through the list of nsg
        {
            $nsg_rules = az network nsg rule list --nsg $nsg.name --resource-group $rg.name -o table # get a list of rules for each nsg
            $nsg_rules # print the rules to screen
        }
        

    }
}

You'll have to figure out how to format it all, but you now have the subscription object in $sub and the resource group in $rg via $rg.name or $rg.id...

I hope that helps, I'm new to this as well and this is my first question answered on here:)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to list all running webjobs within an azure subscription using powershell How to List Azure Network Security Group Export Azure Network Security Group Rules to CSV using powershell Azure Resource Manager Network Security Group Configuration using Powershell Get list of all azure policies assigned to a subscription using powershell Get list out all Azure services in a subscription using powershell How to associate subnet to network security group in Azure using Python? AZURE: Change the PRIORITY Rule configuration in a network security group via PowerShell Assign Network Security Group to a Network Interface using ARM PowerShell Assign Network Security Group to a Virtual Machine Network Interface using PowerShell
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM