NSG inbound rules - UCL-CloudLabs/deployer GitHub Wiki

When configuring a new VM in Azure for deploying a webapp, new inbound rules need to be created.

When VMs are created, they are automatically associated to a Network Security Group, where VM access is configured. By default they only have one rule for SSH connection on port 22. However websites will need two more inbound rules to be set up in order for users to access the deployed webapp. This can be done from the portal, but in order to automate this, we can add them to the automation script:

[...]
 {
      "apiVersion": "[variables('apiVersion')]",
      "type": "Microsoft.Network/networkSecurityGroups",
      "name": "[variables('networkSecurityGroupName')]",
      "location": "[variables('location')]",
      "properties": {
        "securityRules": [
[...]
          {
              "name": "5000-web",
              "properties": {
                  "protocol": "TCP",
                  "sourcePortRange": "*",
                  "destinationPortRange": "5000",
                  "sourceAddressPrefix": "*",
                  "destinationAddressPrefix": "*",
                  "access": "Allow",
                  "priority": 1010,
                  "direction": "Inbound"
              }
          },
          {
              "name": "80-web",
              "properties": {
                  "protocol": "TCP",
                  "sourcePortRange": "*",
                  "destinationPortRange": "80",
                  "sourceAddressPrefix": "*",
                  "destinationAddressPrefix": "*",
                  "access": "Allow",
                  "priority": 1020,
                  "direction": "Inbound"
              }