Implementing Azure SQL Server Firewall Rules with Bicep and Azure Verified Modules
When managing Azure resources, ensuring your SQL server is secure from unauthorized access is a priority. One way to secure your Azure SQL server is by implementing firewall rules. In this post, I’ll guide you through using Bicep and the Azure Verified Modules from GitHub to set up firewall rules for an Azure SQL server.
Example Bicep:
@description('Deploy Azure SQL Server')
module createsqlServer '../sql/server/main.bicep' = {
scope: resourceGroup(rgSQL)
name: 'sqlServer-${environmentName}'
params: {
name: 'sql-demoserver'
administratorLogin: administratorLogin
administratorLoginPassword: administratorLoginPassword
managedIdentities: {
systemAssigned: false
userAssignedResourceIds: [
createManagedIdentity.outputs.resourceId
]
}
primaryUserAssignedIdentityId: createManagedIdentity.outputs.resourceId
location: location
tags: tags
databases: [
{
name: 'demidb1'
skuName: 'ElasticPool'
skuTier: 'GeneralPurpose'
capacity: 0
maxLogSizeBytes: 34359738368
compatibilityLevel: 120
elasticPoolId: createSqlServerElasticPool.outputs.resourceId
}
]
firewallRules: [
{
name: '<database firewall rule 1>'
startIpAddress: 'enter ip address here'
endIpAddress: 'enter ip address here'
}
{
name: '<database firewall rule 2>'
startIpAddress: '<enter ip address here>'
endIpAddress: '<enter ip address here>'
}
]
}
}This Bicep file defines 2 simple rule that allows traffic from certain defined IP addresses. Be sure to adjust the startIpAddress and endIpAddress to fit your security requirements. This example doesn’t show the code for the creation of the elasticPool or the Managed Identity.
This example serves as a foundational guide to get you started with automated deployment of firewall rules using Infrastructure as Code (IaC) practices with Bicep.
