This article is divided into below three parts.

1. Azure DevOps – Access Restriction of Azure App Service using Azure Management Portal – We will learn how to restrict the access to the Azure App Service manually using the Azure Portal.
2. This article – Azure DevOps – Bulk IP Address Restriction of Azure App Service dynamically using PowerShell– We learn how to leverage PowerShell scripting to dynamically do bulk insertion of IP Addresses for configuring access restrictions for the Azure App Service.
3. Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline We will learn how to automate the process of Access Restriction every time there is a change in the list of IP addresses using Azure DevOps Pipelines.

Prerequisites:

1. Azure Subscription
2. Azure DevOps Account
3. Azure App Service

Please ensure that an App Service is created.

Introduction

In the previous articles Azure DevOps – Access Restriction of Azure App Service using Azure Management Portalwe have learnt how to manually add an Allow or Deny rule using the Azure Management Portal in the Networking / Access Restrictions blade by providing the below information.

And, we have also learnt how to do a Azure DevOps – Bulk IP Address Restriction of Azure App Service dynamically using PowerShell.

It doesn’t make sense to run the PowerShell script manually every time there are new IP Addresses that needs to be added.

So, in this article, we are going to learn how to automatically execute the PowerShell script from Azure DevOps pipeline.

Let’s add both the below files to a Repository as shown below

Below is how the IPAddresses.txt files look with dummy IP Addresses.

Let’s understand the next steps.

Build Pipeline: In the build pipeline, we will only be adding the PowerShell script file (ReadIPAddresses.ps1) and the IP Address file (IPAddresses.txt) into the package.

Release Pipeline: In the Release pipeline, we will run the PowerShell script which adds the IP Address restrictions to the App Service – Web App.

Let’s start working on the pipelines.

Package the files using Build Pipeline:

Packaging the files in again a 2-step process.

Step1: Download the files from the git repository to the agent – As shown in the below screenshot, this step copies all the contents ( * means all files) from the folder names Scripts into a pre-defined location specified in the Build.ArtifactStagingDirectory location within the agent.

Go ahead and run the pipeline. You should see the below

In the Build Pipeline execution summary screen, click on the Artifacts link to view the published artifacts.

You will be taken to the below screen where you can see the files packaged.

The above screenshots prove that the build pipeline is successful.

Execute the PowerShell with Release Pipeline

In this section, we will learn how to execute the PowerShell script. Let’s create a release pipeline and add an Azure PowerShell task as shown below.

1. Choose the file which contains the PowerShell script
2. Provide the arguments to the PowerShell Script.
   1. Resource Group Name
   2. App Service Web App name
   3. Location of the file which contains the IP Address list
3. Make sure to choose if you are using PowerShell core.

Finally, after you run the pipeline, all the IP Addresses will be added to the Access Restrictions blade as shown below.

That’s it. We have learnt how to add the rules using the PowerShell by integrating it with Azure DevOps pipelines.

Do you like this article? If you want to get more updates about these kind of articles, you can join my WhatsApp group at Azure DevOps World 

This blog is part of Azure Week. Check it out for more great content!

About the Author:

Praveen Kumar Sreeram is an Author, Microsoft Certified Trainer and a certified Azure Solutions architect. He has around 18+ years of experience in the field of development, analysis, design and delivering the applications of various technologies right from Custom Web development using ASP.NET, MVC and building Mobile Apps using Cross Platform technology Xamarin and for domains like Insurance, Telecom and Wireless Expense Management.

He has been awards as Most Valuable Professional for the year 2016-17 by one of the most leading Social community website CSharpCorner for his contributions towards writing articles and helping community members mostly on Microsoft Azure. He is highly focused on Learning Technology.  Avid blogger who writes about his learning at his personal blog at http://PraveenKumarSreeram.com

Reference:

Sreeram, P. (2021). Azure DevOps – Automate Bulk IP Address Restriction of Azure App Service dynamically using PowerShell & Azure DevOps Pipeline. Available at: https://praveenkumarsreeram.com/2021/05/30/azure-devops-automate-bulk-ip-address-restriction-of-azure-app-service-dynamically-using-powershell-azure-devops-pipeline/ [Accessed: 8th July 2021].