我想创建防火墙规则,以便只有我的Azure Web App可以连接到我的数据库。如果可能的话,我想在我的ARM模板中执行此操作。到目前为止,这是我尝试过的:
{
"variables": {
"defaultResourceName": "[resourceGroup().name]",
},
"resources": [
{
"type": "Microsoft.Web/sites/firewallRules",
"name": "[concat('AllowAzureIpAddress', copyIndex()",
"apiVersion": "2015-05-01-preview",
"properties": {
"startIpAddress": "[reference('Microsoft.Web/sites', variables('defaultResourceName')).possibleOutboundIpAddresses[copyIndex()]]",
"endIpAddress": "[reference('Microsoft.Web/sites', variables('defaultResourceName')).possibleOutboundIpAddresses[copyIndex()]]"
},
"dependsOn": [
"[resourceId('Microsoft.Sql/servers/', toLower(variables('defaultResourceName')))]"
],
"copy": {
"name": "firewallRuleCopy",
"count": "[length(reference('Microsoft.Web/sites', variables('defaultResourceName')).possibleOutboundIpAddresses)]"
}
},
]
}
主要问题是获取可能的OutboundIpAddresses。我不确定在这里是否可以使用它们,尝试验证The template function 'reference' is not expected at this location. Please see https://aka.ms/arm-template-expressions for usage details..
有人这样做对如何获取那些OutboundIpAddresses(最好在列表中,以便副本可以使用它们)有任何建议吗?
答案 0 :(得分:2)
您的问题不是来自以错误的方式使用引用函数,而是来自您不能在copy属性中使用引用函数的事实(复制是在“编译时”评估的,而引用是在运行时评估的,因此它无法评估其长度)复制)。您可能的解决方法是:嵌套部署。这是我一直在使用的:
{
"name": "firewallRules",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2015-01-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "https://paste.ee/d/Hkebg/0",
"contentVersion": "1.0.0.0"
},
"parameters": {
"prefix": {
"value": "[variables('prefix')]"
},
"iterator": {
"value": "[split(reference(concat(parameters('prefix'), '-', parameters('webAppNames').name), '2016-03-01', 'Full').properties.possibleOutboundIpAddresses, ',')]"
}
}
}
},