История

msftkenneth 567dc8eeb2 Add sourceAddressPrefixes to the Resource section (#164 ) It is probably missed to add the suggested line to cater multiple values in array form for the source address prefixes.		2020-08-18 16:21:43 -07:00
..
Pipeline	Module folder cleanup (#128 )	2019-09-24 15:35:33 -07:00
Policy	Module folder cleanup (#128 )	2019-09-24 15:35:33 -07:00
RBAC	Module folder cleanup (#128 )	2019-09-24 15:35:33 -07:00
Scripts	Update GH actions to deploy shared services & tear down (#169 )	2020-06-17 12:45:37 -04:00
Tests	Module folder cleanup (#128 )	2019-09-24 15:35:33 -07:00
deploy.json	Add sourceAddressPrefixes to the Resource section (#164 )	2020-08-18 16:21:43 -07:00
readme.md	Module folder cleanup (#128 )	2019-09-24 15:35:33 -07:00

readme.md

NetworkSecurityGroups

This template deploys a Network Security Groups (NSG) with optional security rules.

Resources

Microsoft.Network/networkSecurityGroups

Parameters

Parameter Name	Default Value	Description
`workspaceId`		Resource Id of the Log Analytics workspace.
`diagnosticStorageAccountId`		Required. Resource Id of the diagnostics Storage Account.
`logRetentionInDays`	365	Optional. Information about how many days log information will be retained in a diagnostic Storage Account.
`networkSecurityGroupName`		Required. Name of the Network Security Group.
`networkSecurityGroupSecurityRules`		Required. Array of Security Rules to deploy to the Network Security Group.

Parameter Usage: `networkSecurityGroupSecurityRules`

The networkSecurityGroupSecurityRules parameter accepts a JSON Array of securityRule to deploy to the Network Security Group (NSG).

Here's an example of specifying a couple security rules:

    "networkSecurityGroupSecurityRules": {
      "value": [
        {
          "name": "Port_8080",
          "properties": {
              "protocol": "*",
              "sourcePortRange": "*",
              "destinationPortRange": "8080",
              "sourceAddressPrefix": "*",
              "destinationAddressPrefix": null,
              "access": "Allow",
              "priority": 100,
              "direction": "Inbound",
              "sourcePortRanges": [],
              "destinationPortRanges": [],
              "sourceAddressPrefixes": [],
              "destinationAddressPrefixes": [],
              "destinationApplicationSecurityGroups": [
                  {
                    "name": "test-asg"
                  }
              ],
              "sourceApplicationSecurityGroups": []
          }
        },
        {
            "name": "Port_RDP",
            "properties": {
                "protocol": "TCP",
                "sourcePortRange": "*",
                "destinationPortRange": "3389",
                "sourceAddressPrefix": "*",
                "destinationAddressPrefix": "*",
                "access": "Allow",
                "priority": 110,
                "direction": "Inbound",
                "sourcePortRanges": [],
                "destinationPortRanges": [],
                "sourceAddressPrefixes": [],
                "destinationAddressPrefixes": [],
                "destinationApplicationSecurityGroups": [],
                "sourceApplicationSecurityGroups": []
            }
        }

      ]

    }

Outputs

Output Name	Description
`networkSecurityGroupResourceGroup`	The name of the Resource Group the Network Security Groups were created in.
`networkSecurityGroupResourceId`	The Resource Ids of the Network Security Group deployed.
`networkSecurityGroupName`	The Name of the Network Security Group deployed.

Considerations

When specifying the Security Rules for the Network Security Group (NSG) with the networkSecurityGroupSecurityRules parameter, pass in the Security Rules as a JSON Array in the same format as would be used for the securityRules property of the Microsoft.Network/networkSecurityGroups resource provider in an ARM Template.