I need to disable some rules configured under network security groups with RDP and SSH port open. I am facing some issues with removing the rule configuration :
This is the command I execute :
Get-AzureRmNetworkSecurityGroup -Name $securityGroupName -ResourceGroupName $resourceGroupName | Remove-AzureRmNetworkSecurityRuleConfig -Name $enabledSecurityRDPRule.Name
However when I check the portal or execute the get cmdlet I don't see the earlier command took effect.
I even tried with Set-AzureRmNetworkSecurityRuleConfig to set the access to deny and got the same result.
The service principal that I use to access my environment has contributor privileges.
The Remove-AzureRmNetworkSecurityRuleConfig command just removes the rule from your local NSG object. In order to sync the cloud side, you need to run the Set-AzureRmNetworkSecurityGroup.
Here is a complete script.
$nsg = Get-AzureRmNetworkSecurityGroup -Name <your nsg name> `
-ResourceGroupName <your resource group name>
$nsg = Remove-AzureRmNetworkSecurityRuleConfig -Name <your rule name> `
-NetworkSecurityGroup $nsg
Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $nsg
Related
I am trying to connect to azure cosmosdb from my local machine via powershell but every command I tried to run it returns the "Argument passed in is not serializable."
Here are a few of my commands,
Get-AzCosmosDBAccount -ResourceGroupName "cosmosbackup"
Invoke-AzCosmosDBSqlDatabaseThroughputMigration -ResourceGroupName "cosmosbackup" -AccountName "liabilitydata" -Name liability
New-AzCosmosDBSqlContainer -AccountName "liabilitydata"-DatabaseName "dailyliability"-ResourceGroupName "cosmosbackup"-Name schemes -PartitionKeyPath /Id -PartitionKeyKind Hash
Get-AzCosmosDBSqlContainer `
-ResourceGroupName "cosmosbackup" `
-AccountName "liabilitydata" `
-DatabaseName "dailyliability"
All of them fail for the same reason Argument passed in is not serializable.
Am I missing something? Please help
The issue here is that you need to set the context for running the script,
Step 1 : Connect with your Azure account
Connect-AzAccount
Step 2 : Pass the resource group and the cosmosdb account name as follows,
Get-AzCosmosDBAccount -ResourceGroupName cosmosbackup
I am attempting to configure the VNET of an app service. I am attempting to do this via a powershell script. I have been using the same powershell script for over a year and it has suddenly stopped working without any modifications to the script. The link that is failing is as follows:
$propertiesObject = #{
"vnetResourceId" = "/subscriptions/$($subscriptionId)/resourceGroups/$($vnetToaddResGroup)/providers/Microsoft.Network/virtualNetworks/$($vnetToAdd)"
}
New-AzureRmResource -Location $location -Properties $propertiesObject -ResourceName "$($WebApp)/$($vnetToAdd)/primary" -ResourceType "Microsoft.Web/sites/virtualNetworkConnections/gateways" -ApiVersion 2015-08-01 -ResourceGroupName $WebAppResourceGroup -Force
This then results in the following error:
New-AzureRmResource : {"Code":"NotFound","Message":"Cannot find Vnet with name
VNet-EUDEV02.","Target":null,"Details":[{"Message":"Cannot find Vnet with name
VNet-EUDEV02."},{"Code":"NotFound"},{"ErrorEntity":{"ExtendedCode":"51004","MessageTemplate":"Cannot find {0} with
name {1}.","Parameters":["Vnet","VNet-EUDEV02"],"Code":"NotFound","Message":"Cannot find Vnet with name
VNet-EUDEV02."}}],"Innererror":null}
At C:\Users\Andre\Desktop\Repos\devops-scripting\andre-script-remake\clusterswap.ps1:66 char:5
+ New-AzureRmResource -Location $location -Properties $propertiesOb ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzureRmResource], ErrorResponseMessageException
+ FullyQualifiedErrorId : NotFound,Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourc
eCmdlet
This is strange as I have checked the VNET exists, and also checked the the resource group, and have tried numerous other Vnets.
How can I add VNet integration via a powershell command using azureRM?
This command is trying to use Gateway-required VNet Integration. I guess you already have a gateway provisioned and intend to use it.
Looking at the command, one thing which stands out is this parameter
-ResourceName "$($WebApp)/$($vnetToAdd)/primary"
Refer this post on how to do this.
Additionally, there is a PS script here that can be used to provision the VPN gateway and then configure it with the Web App.
BTW, there are other options to consider.
If your resources are in the same region, then you could avoid additional costs associated with Gateways, by using Regional VNet Integration. This is super easy to setup. The CLI is available here
There is also NAT Gateway. See this for provisioning NAT Gateways
HTH
I have been running the following command via powershell for AZURE but all that gets swapped are the application settings:
Switch-AzureRmWebAppSlot -ResourceGroupName 'myresourcegroup' -Name 'mywebsitename' -SourceSlotName "staging" -DestinationSlotName "production" -confirm -verbose
The same thing happens when I run this command:
Switch-AzureRmWebAppSlot -ResourceGroupName 'myresourcegroup' -Name 'mywebsitename' -SourceSlotName "staging" -DestinationSlotName "production" -SwapWithPreviewAction CompleteSlotSwap -confirm -verbose
I cannot use Switch-AzureWebsite as I cannot set a default subscription with my permissions.
Using the Login-AzureRMAccount the only way I found to switch slots is as follows:
$ParametersObject = #{targetSlot = "production"}
$RGN = 'resource-group-name-'
Invoke-AzureRmResourceAction -ResourceGroupName $RGN -ResourceType Microsoft.Web/sites/slots -ResourceName website-name/staging -Action slotsswap -Parameters $ParametersObject -Verbose -force
This was hard to find, in part because many examples required you to set your Azure default subscription prior to executing Switch-AzureWebsite and the other switch only moved the configuration elements over. I am curious if anyone has a clever way to discover power shell commands or ARM template commands aside from the ones generated for deployments on Azure. Ideally, I could perform an action on Azure an then see same thing scripted as PowerShell.
REF: Microsoft Docs Here
I am unable to find a way to remove a host name from a azure web app/app service.
I have tried to use the following filtering our unwanted hosts, but nothing is removed.
Set-AzureWebsite -Name "<<name>>" -HostNames $hosts
and
Set-AzureRmWebApp -Name "<<name>>" -ResourceGroupName "<<name>>" -HostNames $hosts
I have around 200 hosts to delete, however, I can't seem to find an automated way of doing it.
at a top level this is what you need to do:
Get the websites resource
Manipulate the hostnames collection
Post the changes back to azure
Here is an example of how I did it:
$webApp = Get-AzureRmWebApp -ResourceGroupName "<<Resource-Group-Name>>" -Name "<<App_Name>>"
$webApp.HostNames.Clear()
$webApp.Hostnames.Add($webApp.DefaultHostName)
set-AzureRmWebApp -ResourceGroupName "<<Resource-Group-Name>>" -Name <<App_Name>> -HostNames $webApp.HostNames
This will remove all custom hostnames and leave only the default one.
If you want to remove a specific hostname for the collection you could use:
$webApp.HostNames.Remove("your_hostname_goes_here")
NOTE
If your hostname has SSL bindings you will need to remove those first and then delete the hostname.
Just an update
AzureRm has now been replaced with Az so the statement would now be
$webApp = Get-AzWebApp -ResourceGroupName "<Resource-Group-Name>" -Name "<App-Name>";
$webApp.HostNames.Clear();
$webApp.Hostnames.Add($webApp.DefaultHostName);
Set-AzWebApp `
-ResourceGroupName "<Resource-Group-Name>" `
-Name <App-Name> `
-HostNames $webApp.HostNames;
I'm trying to create a parallel Workflow script but facing some challenges while attaching NIC to existing Subnet. I'm getting the following error.
Microsoft.PowerShell.Utility\Write-Error : Cannot validate argument on
parameter 'SubnetId'. The argument is null or empty. Provide an
argument that is not null or empty, and then try the command again.
Following is my Workflow script which creates VNet, Subnet, NSG, PIP and tries to create NIC from AzureRM automation Runbook.
"Get Virtual Network Information" $gvnet = Get-AzureRmVirtualNetwork
-Name $VNetName -ResourceGroupName $SharedResourcesRGName
$nic = New-AzureRmNetworkInterface -Name "$VMName-NIC"
-ResourceGroupName $VMName -Location $VMLocation `
-SubnetId $gvnet.Subnets[0].ID -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $gnsg.Id -Force
How do I get the value of Subnet in AzureRM Workflow runbook
Gulab Pasha