Forum Discussion
[Solved] Azure Policy to check the networkAcls.ipRules configuration for a Storage Account
Hi all!
I'm trying to configure a Policy, that I anticipated shouldn't be to tricky, but for some reason I have a hard time getting it to work...
Edit: Started working out of nowhere a few minutes ago...
Configuration is as follow
"parameters": {
"allowedIPAddress": {
"type": "Array",
"metadata": {
"displayName": "Allowed IP Addresses",
"description": "The list of allowed IP adresses for this resource."
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "Microsoft.Storage/storageAccounts/networkAcls.ipRules",
"exists": "true"
},
{
"field": "Microsoft.Storage/storageAccounts/networkAcls.ipRules[*].value",
"notIn": "[parameters('allowedIPAddress')]"
}
]
},
"then": {
"effect": "deny"
}
}
According to the documentation at https://docs.microsoft.com/en-us/azure/governance/policy/how-to/author-policies-for-arrays this should work, right? Only difference I have from the examples is that I check an array instead.
Just to add: I'm having a hard time getting the example code in the documentation to work also, so this might be a person problem 
Thanks!
2 Replies
Hi Anders Eide,
Is there not another {} Missing?
One at the beginning befor the parameters and one at the end?
Kind regards, Peter
Hi Peter_Beckendorf!
I've only added the perameters and policyRule object to the code snippet to avoid to much bloat in the post 🙂
I've updated the original post to fix the indention issue so it's easier to read
