Is it possible to use Terraform and an Azure Key Vault Firewall without having to specify my IP address every time I want to make a change?

azure terraform

Solution 1:

If you have the Key Vault firewall enabled then any machine that needs to talk to it will need to be allowed in that firewall, it would be a pretty terrible firewall if that was not the case. There are a few ways you can work with this:

  1. Add your machines IP into the firewall permanently, maybe as part of your Terraform deployment
  2. Run your Terraform Pipelines from another machine, like a build agent, and allow this IP. Moving to using CI/CD tools for your Terraform is going to be beneficial in may other ways too
  3. As above, use a build agent, but instead of using adding it's external IP to the KV firewall, use private endpoints to allow access over the private network. This requires the machine to be in Azure, or connected to Azure over VPN/ExpressRoute

Related

Growing a raid 1 with mdadm
How do I avoid repeating myself with Terraform?
getting "broken pipe" at about 1.2 MB files (from HP-UX to macOS) ... how fix?
How is this email passing DMARC?
Postfix rejects incoming mails
Does increasing cpu affect load average?
Why grant all privileges doesn't work in Phpmyadmin?
Simple solution for PDF storage [closed]
How do I decode this WordPress hack? [closed]
Email catch all (domain and subdomains) Postfix
Reloading a kernel "live" in CentOS / RHEL 6
Automatically block IP who requests certain URL