[英]Add multiple IP address ranges to an NSG security rule with array
我正在嘗試在復制循環中創建 3 個 NSG(這可行),然后添加三個不同的安全規則,每個安全規則包含多個 IP 地址范圍。 當每個規則只指定一個 IP 地址空間時,我可以讓它工作。 當不使用如下參數時,我可以直接在 ARM 模板中指定多個范圍:
“sourceAddressPrefixes”:[“10.100.139.96/28”,“10.100.139.64/27”],
但是當我嘗試指定一個包含多個字符串的數組時,它不起作用。 所以我的問題是:參數 nsgPrefixes 應該是什么樣子,以便可以為每個安全規則添加多個范圍?
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"nsgNames": {
"type": "array"
},
"nsgPrefixes": {
"type": "array"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('nsgNames')[copyIndex()])]",
"location": "[resourceGroup().location]",
"properties": {
"securityRules": [
{
"name": "DenyInternalSubnetInbound",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 4096,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [
"[concat(parameters('nsgPrefixes')[copyIndex()])]"
],
"destinationAddressPrefixes": []
}
},
]
},
"copy": {
"name": "NSGcopy",
"count": "[length(parameters('nsgNames'))]"
}
}
]
}
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"virtualNetworks_vnet_conn_weu_001_name": {
"value": "vnet-conn-weu-001"
},
"location": {
"value": "westeurope"
},
"nsgNames": {
"value": [
"nsg-snet-weu-001",
"nsg-snet-weu-002",
"nsg-snet-weu-003"
]
},
//this works:
"nsgPrefixes": {
"value": [
"10.100.139.0/26",
"10.100.139.64/27",
"10.100.139.96/28"
]
},
//this does not work:
"nsgPrefixes2": {
"value": [
"10.100.139.0/26", "10.100.139.64/27"
"10.100.139.64/27", "10.100.139.96/28"
"10.100.139.96/28", "10.100.139.0/26"
]
},
}
}
在一些微軟的幫助下,我得到了答案:
參數 nsgPrefixes 應配置為數組(在數組內),如下所示(在參數文件中):
"nsgPrefixes": {
"value": [
["10.100.139.0/26", "10.100.139.64/27"],
["10.100.139.64/27", "10.100.139.96/28"],
["10.100.139.96/28", "10.100.139.0/26"]
]
}
在模板文件中,我有兩個外括號 [] 太多,它們已被刪除,因此如下所示:
"sourceAddressPrefixes":
"[concat(parameters('nsgPrefixes')[copyIndex()])]",
而已。 這有效,並且 IP 地址范圍按預期添加到安全規則中。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.