Last active
November 7, 2023 23:53
-
-
Save RaphHaddad/a5dd336de4457c8067f33411cc6e12a1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Secure-StorageAccount { | |
param( | |
[Parameter(Mandatory=$true)] | |
[string]$storageAccount, | |
[Parameter(Mandatory=$true)] | |
[string]$vnetName, | |
[Parameter(Mandatory=$true)] | |
[string]$subnetName, | |
[Parameter(Mandatory=$true)] | |
[string]$vnetResourceGroup | |
) | |
$storageAccountResourceGroup = az storage account show --name $storageAccount --query resourceGroup --output tsv | |
$blobPrivateEndpointName = $storageAccount + "-blob-pe" | |
az network private-endpoint create --name $blobPrivateEndpointName --resource-group $vnetResourceGroup --vnet-name $vnetName --subnet $subnetName --private-connection-resource-id $(az storage account show --name $storageAccount --resource-group $storageAccountResourceGroup --query id --output tsv) --group-ids blob --connection-name BlobConnection | |
$queuePrivateEndpointName = $storageAccount + "-queue-pe" | |
az network private-endpoint create --name $queuePrivateEndpointName --resource-group $vnetResourceGroup --vnet-name $vnetName --subnet $subnetName --private-connection-resource-id $(az storage account show --name $storageAccount --resource-group $storageAccountResourceGroup --query id --output tsv) --group-ids queue --connection-name QueueConnection | |
az storage account update --name $storageAccount --resource-group $storageAccountResourceGroup --allow-shared-key-access false | |
az storage account update --name $storageAccount --resource-group $storageAccountResourceGroup --public-network-access Disabled | |
az storage account update --name $storageAccount --resource-group $storageAccountResourceGroup --default-action Deny | |
az storage account update --name $storageAccount --resource-group $storageAccountResourceGroup --bypass None | |
az storage account update --name $storageAccount --resource-group $storageAccountResourceGroup --allow-blob-public-access false | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment