CosmosDb 防火墙、Azure IP 地址
CosmosDb Firewall, Azure IP addresses
我正在尝试使用我的 arm 模板中的防火墙来保护我的 cosmos db 帐户。我已经使用门户网站查看应该如何编辑模板。
在门户中,我选择了复选框 "Accept connections from within public Azure datacenters" 和 "Allow access from Azure Portal"。这会将以下 IP 地址添加到 ipRangeFilter 属性.
104.42.195.92
40.76.54.131
52.176.6.30
52.169.50.45
52.187.184.26
0.0.0.0
我可以在 arm 模板中硬编码这些 IP 吗,或者它们将来会改变吗?除了 0.0.0.0,我怀疑它们会改变。如果是这样,如何在不进入门户的情况下自动将这些IP添加到防火墙白名单?
谢谢
已记录门户 IP here
| Region | IP address |
| Germany | 51.4.229.218
| China | 139.217.8.252
| US Gov | 52.244.48.71
| All other regions | 104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26
0.0.0.0 IP 允许任何其他 Azure 服务(包括门户,因为它在 Azure 上运行)按照 here 所述访问帐户。
This option configures the firewall to allow all requests from Azure, including requests from the subscriptions of other customers deployed in Azure. The list of IPs allowed by this option is wide, so it limits the effectiveness of a firewall policy. Use this option only if your requests don’t originate from static IPs or subnets in virtual networks. Choosing this option automatically allows access from the Azure portal because the Azure portal is deployed in Azure.
我正在尝试使用我的 arm 模板中的防火墙来保护我的 cosmos db 帐户。我已经使用门户网站查看应该如何编辑模板。
在门户中,我选择了复选框 "Accept connections from within public Azure datacenters" 和 "Allow access from Azure Portal"。这会将以下 IP 地址添加到 ipRangeFilter 属性.
104.42.195.92
40.76.54.131
52.176.6.30
52.169.50.45
52.187.184.26
0.0.0.0
我可以在 arm 模板中硬编码这些 IP 吗,或者它们将来会改变吗?除了 0.0.0.0,我怀疑它们会改变。如果是这样,如何在不进入门户的情况下自动将这些IP添加到防火墙白名单?
谢谢
已记录门户 IP here
| Region | IP address |
| Germany | 51.4.229.218
| China | 139.217.8.252
| US Gov | 52.244.48.71
| All other regions | 104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26
0.0.0.0 IP 允许任何其他 Azure 服务(包括门户,因为它在 Azure 上运行)按照 here 所述访问帐户。
This option configures the firewall to allow all requests from Azure, including requests from the subscriptions of other customers deployed in Azure. The list of IPs allowed by this option is wide, so it limits the effectiveness of a firewall policy. Use this option only if your requests don’t originate from static IPs or subnets in virtual networks. Choosing this option automatically allows access from the Azure portal because the Azure portal is deployed in Azure.