1
votes

I have about 50 Azure storage accounts in a client tenant. I need to go through and update the storage accounts so the network access is restricted to specific virtual networks. A few storage account have network restrictions in place but most do not.

Rather than manually selecting all storage accounts one at a time in the Azure Portal I need a way to select all storage accounts and then list the network rules in place (if any) for each storage account. The storage accounts are also in different resource groups. I ran a basic command to get a list of all storage accounts but now i'm looking to display the network rules applied to each storage accounts:

Get-AzureRMStorageAccount | Export-CSV C:\....
Get-AzureRmStorageAccountNetworkRuleSet  -ResourceGroupName "allRG's" -AccountName "allStorageAccounts"

I'm not sure how to issue the Get-AzureRmStorageAccountNetworkRuleSet command and have it select each storage account and its respective resource-group. Any help would be appreciated, thanks!

1
The output object of Get-AzureRMStorageAccount is a PSStorageAccount object. That includes both the resource group name, and a set of network rules. What seems to be the issue here? It looks like it's collecting all the info you want without any loops needed.TheMadTechnician
You are correct, my description was missing additional information, my apologies. I updated it but my problem now is how do I run the Get-AzureRmStorageAccountNetworkRuleSet command against each storage account to view its network/firewall permissions? The command requires that I enter a resource group but there are multiple.jrd1989
Are you not already getting that info? Get-AzureRmStorageAccount says that it returns the network rule set as part of the data it returns.TheMadTechnician
No, when I run Get-AzureRmStorageAccount I only get storage account name, resource group, location, access tier and similar information. It does not provide the network rules applied to each storage account which is what i'm ultimately trying to dojrd1989

1 Answers

2
votes

You can use the below powershell script to get all the storage account present in your subscription and then the Network rule set property.

Connect-AzAccount
$Result=@()
$Storageaccounts = Get-AzStorageAccount
$Storageaccounts | ForEach-Object {
$storageaccount = $_
Get-AzStorageAccountNetworkRuleSet -ResourceGroupName $storageaccount.ResourceGroupName -AccountName $storageaccount.StorageAccountName | ForEach-Object {
$Result += New-Object PSObject -property @{ 
Account = $storageaccount.StorageAccountName
ResourceGroup = $storageaccount.ResourceGroupName
Bypass = $_.Bypass
Action = $_.DefaultAction
IPrules = $_.IpRules
Vnetrules = $_.VirtualNetworkRules
ResourceRules = $_.ResourceAccessRules
}
}
}
$Result | Select Account,ResourceGroup,Bypass,Action,IPrules,Vnetrules,ResourceRules

Output:

enter image description here