我想在ARM模板中添加virtualNetworkRules。但不幸的是,它无法获取参数并激活防火墙和虚拟网络设置。
我使用以下脚本创建ARM模板: https://docs.microsoft.com/en-us/azure/templates/microsoft.keyvault/2018-02-14/vaults#IPRule
{
"type": "Microsoft.KeyVault/vaults",
"name": "[parameters('keyVaultName')]",
"apiVersion": "2018-02-14",
"location": "[parameters('location')]",
"properties": {
"firewallState": "Enabled",
"enabledForDeployment": "[parameters('enabledForDeployment')]",
"enabledForDiskEncryption": "[parameters('enabledForDiskEncryption')]",
"enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
"tenantId": "[parameters('tenantId')]",
"accessPolicies": [
{
"objectId": "[parameters('objectId')]",
"tenantId": "[parameters('tenantId')]",
"permissions": {
"keys": "[parameters('keysPermissions')]",
"secrets": "[parameters('secretsPermissions')]"
}
}
],
"sku": {
"name": "[parameters('skuName')]",
"family": "A"
},
"networkAcls": {
"bypass": "AzureServices",
"ipRules": [
{
"value": "xxxx"
}
],
"virtualNetworkRules": [
{
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnet1Name'))]"
}
]
}
}
}
]
ARM Script中的networkAcls部分根本无法工作。它不会激活防火墙和虚拟网络设置。
答案 0 :(得分:1)
问题是由于缺少其中一个属性后,它才起作用:
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Deny"
"ipRules": [
{
"value": "xxxx"
}
],
"virtualNetworkRules": [
{
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnet1Name'))]"
}
]
}