RSS

Category Archives: Automation

PowerShell Script to Add Current IP Address to Azure FireWall Rules

When you are connecting to Azure databases it is necessary to add current public IP address to the Azure firewall rules to white list your public IP. This can be done via azure management portal but this might be annoying at sometimes especially when you’re IP changes with router restarts where you are not under a static public IP. The other drawback is automatic firewall rule generated via portal is the firewall rule names will clutter up in firewall rules table and you should remember to clean these unnecessary IP addresses to avoid not only to remove unnecessary IPs but to avoid security risks with public ISP provided dynamic IPs from the pool.

You could automate this by relatively easily by using PowerShell script as described below. In order for it to run you should import azure publish settings profile. Script uses certificate based authentication that can easily be achieved by importing publish settings profile. Note: this should be done in your azure management computer so after importing publish settings to your management machine’s certificate store, you can issue powershell azure cmdlets without explicitly needing to enter Azure credentials.

1. Run Windows PowerShell as an administrator as follows:
Choose Start, in the Search box, type Windows Powershell then Right-click the Windows PowerShell link, and then choose Run as administrator.

2. At the Windows PowerShell command prompt, type Get-AzurePublishSettingsFile and then press Enter.
3. Web browser opens with azure management portal and log in to it and follow instructions to download publish profile.
4. Once you have downloaded publish profile, import the publish profile by entering following command in Powershell command prompt.
Import-AzurePublishSettingsFile ‘{pathtopublishsettingsfile}’

5. If no error fired up then entering Get-AzureSubscription in powershell should show current subscription(s).

get-current-subscriptions

6. Once you have done that you can run the following PowerShell script by changing variables to appropriate values as shown below. You can save this to “ps1” type file(powershell script file) and execute the script through power shell when necessary or even better “PS2EXE” method as described below.

  • $subscriptionName – Get the subscription name from “Subscription Name” field got from above step 5
  • $firewallRule – Fire wall rule name which is something descriptive to you eg. Dimuthu-Home
  • $serverName – Your server name

Note : Full script can be downloaded at here...


$subscriptionName = 'Your Subscription Name'
$ipGetCommand = 'http://www.iplocation.net/find-ip-address'
$firewallRule = 'Dimuthu-Home'
$serverName = "Your Azure Server Instance Name";
$webclient = New-Object System.Net.WebClient
$queryResult = $webclient.DownloadString($ipGetCommand)
$queryResult -match '\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b'
$currentPublicIp = $($matches[0])

Select-AzureSubscription -SubscriptionName $subscriptionName

If ((Get-AzureSqlDatabaseServerFirewallRule -ServerName $serverName -RuleName $firewallRule) -eq $null) {
    New-AzureSqlDatabaseServerFirewallRule -ServerName $serverName -RuleName $firewallRule -StartIpAddress $currentPublicIp -EndIpAddress $currentPublicIp
}
else {
    Set-AzureSqlDatabaseServerFirewallRule -ServerName $serverName -RuleName $firewallRule -StartIpAddress $currentPublicIp -EndIpAddress $currentPublicIp
}

7. I have saved this script to “azure-ipenable.ps1” for demo purpose and executed it through PowerShell as shown below. This will create firewall rule with given name i.e. “Dimuthu-Home” if it does not exist or will update the IP address if the firewall rule does exist. This is especially useful when router resets or your dynamic public IP address changes.

after-create-rule-output

Running PS1 Script More Easily By Converting to EXE


To make life more easier when after you change subscription details to appropriate values you could convert it to exe.

First download the PS2EXE utility and follow instructions!
https://gallery.technet.microsoft.com/PS2EXE-Convert-PowerShell-9e4e07f1
Following is the command I used to convert PS script to exe…
ps2exe

This will generate .NET executable that will do the job more easily…:-)

ps2exe output

Advertisements
 
Leave a comment

Posted by on September 16, 2015 in Automation, Azure, Powershell

 

Tags: , ,