通过 Bicep 设置逻辑应用程序网络访问限制

问题描述 投票:0回答:1

我正在使用 Bicep 部署标准逻辑应用程序。 我正在尝试设置“从选择的虚拟网络和 IP 地址启用”以及关联的“站点访问和规则” 下面的代码导致三个“公共网络访问”选项都没有被设置,所以我猜测它被设置为空。有人实现过这个吗?

resource logicApp 'Microsoft.Web/sites@2022-09-01' = {
  name: logicAppName
  location: location
  kind: 'functionapp,workflowapp'
  identity: {
    type: 'SystemAssigned'
  }
    
  properties: {
    serverFarmId: hostingPlan.id
    virtualNetworkSubnetId: subnetLogicAppId
    siteConfig: {
      cors: {
        allowedOrigins: [
          'https://portal.azure.com'
        ]
      }
      ftpsState: 'Disabled'
      minTlsVersion: '1.2'
      use32BitWorkerProcess: false
      netFrameworkVersion: '6.0'
      functionsRuntimeScaleMonitoringEnabled: false
      vnetRouteAllEnabled: true
      **publicNetworkAccess: 'Enabled'
      ipSecurityRestrictions: [
        {
          ipAddress: 'xxx.xxx.xxx.xxx/32'
          action: 'Allow'
          tag: 'Default'
          priority: 300
          name: 'laptop'
          description: 'laptop IP'
        }
        {
          ipAddress: 'Any'
          action: 'Deny'
          priority: 2147483647
          name: 'Deny all'
          description: 'Deny all access'
        }
      ]
      ipSecurityRestrictionsDefaultAction:'Deny'
      scmIpSecurityRestrictions: [
        {
          ipAddress: 'Any'
          action: 'Deny'
          priority: 2147483647
          name: 'Deny all'
          description: 'Deny all access'
        }
      ]
      scmIpSecurityRestrictionsDefaultAction:'Deny'
      scmIpSecurityRestrictionsUseMain: true**
    }
    
    httpsOnly: true
  }
}
azure azure-bicep
1个回答
0
投票

尝试设置“从选定的虚拟网络和 IP 地址启用”以及关联的“站点访问和规则”:

为了确保为逻辑应用正确配置公共网络访问,您需要将 

PublicNetworkAccess
属性显式设置为 
'Enabled'

publicNetworkAccess: 'Enabled'

启用它将在逻辑应用程序的

"Enabled from select virtual networks and IP addresses"
部分下选择所需的设置
Networking

修改后的代码:

param logicAppName string = 'mydapsialsjd'
param location string = 'West Europe'
resource storage 'Microsoft.Storage/storageAccounts@2019-06-01' = {
  name: 'stlogicenvironmentlatest'
  location: location
  kind: 'StorageV2'
  sku: {
    name: 'Standard_GRS'
  }
  properties: {
    supportsHttpsTrafficOnly: true
    minimumTlsVersion: 'TLS1_2'
  }
}
resource plan 'Microsoft.Web/serverfarms@2021-02-01' = {
  name: 'plan-logicnew'
  location: location
  sku: {
    tier: 'WorkflowStandard'
    name: 'WS1'
  }
  properties: {
}
}
resource logicApp 'Microsoft.Web/sites@2022-09-01' = {
  name: logicAppName
  location: location
  kind: 'functionapp,workflowapp'
  identity: {
    type: 'SystemAssigned'
  }
    
  properties: {
    serverFarmId: plan.id
    siteConfig: {
      cors: {
        allowedOrigins: [
          'https://portal.azure.com'
        ]
      }
      ftpsState: 'Disabled'
      minTlsVersion: '1.2'
      use32BitWorkerProcess: false
      netFrameworkVersion: '6.0'
      functionsRuntimeScaleMonitoringEnabled: false
      vnetRouteAllEnabled: true
      publicNetworkAccess: 'Enabled'
      ipSecurityRestrictions: [
        {
          ipAddress: '10.0.0.0/32'
          action: 'Allow'
          tag: 'Default'
          priority: 300
          name: 'laptop'
          description: 'laptop IP'
        }
        {
          ipAddress: 'Any'
          action: 'Deny'
          priority: 2147483647
          name: 'Deny all'
          description: 'Deny all access'
        }
      ]
      ipSecurityRestrictionsDefaultAction:'Deny'
      scmIpSecurityRestrictions: [
        {
          ipAddress: 'Any'
          action: 'Deny'
          priority: 2147483647
          name: 'Deny all'
          description: 'Deny all access'
        }
      ]
      scmIpSecurityRestrictionsDefaultAction:'Deny'
      scmIpSecurityRestrictionsUseMain: true
    }
    
    httpsOnly: true
  }
}

部署成功:

enter image description here

enter image description here

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.