Brass Contributor
Sometimes developers need to access temporarily to Azure resources for troubleshooting purposes or just for the fun ;) but they don't have always access on Azure to proceed by themselves.
That's why I thought to afford them autonomy through Azure DevOps.


Of course these pipelines/scripts can be adapted to answer your own context with different Azure services like Key Vault, Storage Account, Database, ...


Azure DevOps pipelines

Of course, these access, must be temporary, that's why I create:
- One pipeline to allow developers to add their public Ip on Azure resources
- One pipeline to remove automatically these access each day



In our example, the target Azure resource is an App Service, and we add/remove access on Kudu portal.


Add IP to Kudu

The goal of that Pipeline, based on the allow_ips.yml file is to allow developers to add their public IP on Kudu for different environments like DEV, TST or UAT ones.


ApplicationEnvironmentRegionResource GroupApp ServiceVariable Group
MyAppDEVNorth Europe - EUMYAPPLICATION-DEV-EU-RG01MyAppService1var-devops-app1-dev-eu
MyAppTSTNorth Europe - EUMYAPPLICATION-TST-EU-RG01MyAppService2var-devops-app1-tst-eu
MyAppUATNorth Europe - EUMYAPPLICATION-UAT-EU-RG01MyAppService3var-devops-app1-uat-eu
MyAppUATEast US 2 - USMYAPPLICATION-UAT-US-RG01MyAppService4var-devops-app1-uat-us
MyAppUATAustralia East - AUMYAPPLICATION-UAT-AU-RG01MyAppService5var-devops-app1-uat-au


To easily managed the Azure resources in Azure DevOps, I decided to create a varibale group per environment with information like!
- Environment
- ResourceGroupName
- AppServiceName


Remove IP from Kudu

As mentionned previsouly, these access are temporary, so we created another Pipeline that will be triggered every day at a specific time to remove the IP on Kudu.


How to

Process to add your IP

1. First step is to add your public IP into the dev_team_ips.txt file combined with **/32** (The format could be different depending of the Azure services you'll need access):
Example: ****
1. Launch the first Pipeline by selecting your environment and the region
1. You should be able to connect on the App Service through Kudu


Process to remove your IP

Two ways to proceed:
1. Launch manually the pipeline to remove the IP
1. Wait until the configured hour that will automatically trigger the pipeline to remove the IP without any human intervention


All the content used for these pipelines are attached to that post or can be retrieve on my GitHub repository.
0 Replies