Reputation: 371
"Allow access to Azure services" turn off by default from ARM template
Does anybody know how to setup ARM Template to keep "Allow access to Azure services" switch be turned OFF by default?
Here is what I currently have
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[parameters('location')]",
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "[parameters('serverVersion')]"
},
"tags": {
"deploymentVersion": "[parameters('deploymentVersion')]",
"deploymentType": "[parameters('deploymentType')]"
},
"resources": [
{
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"location": "[parameters('location')]",
"name": "AllowAllWindowsAzureIps",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
},
"type": "firewallrules"
}
]
} ]
Upvotes: 3
Views: 4710
Answers (4)
Reputation: 309
Here is a bicep example:
resource sqlServer 'Microsoft.Sql/servers@2022-02-01-preview' = {
name: name
location: location
tags: tags
properties: {
administratorLogin: sqlAdministratorLogin
administratorLoginPassword: sqlAdministratorLoginPassword
version: '12.0'
}
}
resource allowAccessToAzureServices 'Microsoft.Sql/servers/firewallRules@2020-11-01-preview' = {
name: 'allow-access-to-azure-services'
parent: sqlServer
properties: {
startIpAddress: '0.0.0.0'
endIpAddress: '0.0.0.0'
}
}
Upvotes: -1
Reputation: 21
My experience is when you use the name AllowAllWindowsAzureIps for a firewall resource type then it will ignore what range you specifiy in properties and just turn Allow Access to Azure Services flag on.
If you want to not have it enabled then don't include a resource with that name in your template.
Upvotes: 1
Reputation: 19195
Just modify endIpAddress and startIpAddress to 255.255.255.255. Like below:
{
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"location": "[parameters('location')]",
"name": "AllowAllWindowsAzureIps",
"properties": {
"endIpAddress": "255.255.255.255",
"startIpAddress": "255.255.255.255"
},
"type": "firewallrules"
}
Upvotes: 2
Reputation: 72171
Just remove the nested resources section. Then the sql will deploy without that checkmark. Redeploying won't remove the rule, but deploying a new sql will work.
Upvotes: 1
Related Questions
- ListConnectionStrings cosmosDB permission
- Enabling disableLocalAuth in cosmos Db using ARM Template
- How to set access restrictions using ARM template?
- Enabling auditing settings on Azure SQL database via ARM Template
- How to enable using arm template vulnerabilityAssessments for sql server with storage account behind firewall
- Unable to connect the sql database using azure
- Deployment of ARM: Authorization failed for template resource 'sql
- How to turn on Auditing & Threat Detection for Azure SQL Database in ARM Template?
- Azure App Service / SQL - Allow access to Azure Services disabled
- Azure SQL server set Allow access to Azure services in an ARM template or PowerShell