Question 171073 in Azure Question posted in
The official documentation to get you started can be found here.

Can Azure & Bicep add outbound IPs to webapps even if an if statement exists?

My bicep deployment template is for some reason deploying outbound IP addresses to all webapps, despite logic indicating it should only perform this when it iterates over a specific parameter in the param file.

From the main bicep file:

module WebApps 'webapps.bicep' = [for WebAppConfig in WebAppDeployments: {
  name: 'WebApp${WebAppConfig.NamingSuffix}'
  dependsOn: [
    applicationInsights
    sqlServer
  ]
  scope: resourceGroup('${NamePrefix}-RG-1')
  params: {
    NamePrefix: NamePrefix
    NamePrefixInfra: NamePrefixInfra
    Tags: Tags
    Location: Location
    dockerImageName: dockerImageName
    WebAppConfig: WebAppConfig
  }
}]

// Azure SQL Whitelists

module SQLServerWhitelistIPs 'sqlWhitelist.bicep' = [for (WebAppConfig, index) in WebAppDeployments: if (WebAppConfig=='BACKEND') {
  name: 'SqlServerWhitelists${index}'
  dependsOn: [
    WebApps
    sqlServer
  ]
  scope: resourceGroup('${NamePrefix}-RG-1')
  params: {
    NamePrefix: NamePrefix
    WebAppConfig: WebAppConfig
    WebAppIps: WebApps[index].outputs.WebAppIps
  }

In the webapp module, at the end I place:

output WebAppIps array = split(WebApp.properties.possibleOutboundIpAddresses, ',')

And in the param file:

 "WebAppDeployments": {
      "value": [
        {
          "NamingSuffix": "FRONTEND"
        },
        {
          "NamingSuffix": "BACKEND"
        },
        {
          "NamingSuffix": "CMS"
        }
      ]
    }

The problem is, instead of creating three webapps with only one having the outbound IP addresses whitelisted, it populates all three. I’m not sure what I’m doing wrong here.

I tried changing the main bicep file :

module SQLServerWhitelistIPs 'sqlWhitelist.bicep' = [for (WebAppConfig, index) in WebAppDeployments: if (WebAppConfig=='BACKEND') {
  name: 'SqlServerWhitelists${index}'
  dependsOn: [
    WebApps
    sqlServer
  ]
  scope: resourceGroup('${NamePrefix}-RG-1')
  params: {
    NamePrefix: NamePrefix
    WebAppConfig: WebAppConfig
    WebAppIps: WebApps[index].outputs.WebAppIps
  }
}]

to

module SQLServerWhitelistIPs 'sqlWhitelist.bicep' = [for (WebAppConfig, index) in WebAppDeployments: if (WebAppConfig.NamingSuffix=='BACKEND')

but to no avail. It still populates every webapp, instead of JUST the backend one.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I apologise - my code was indeed working correctly, but due to me being a giant newbie at this, I was simply looking at the wrong values. I was checking the Outbound IP addresses of the webapp, instead of the networking tab of the SQL server. After changing from WebAppConfig == 'BACKEND' to WebAppConfig.Namingsuffix == 'BACKEND' , the ip's have been populated in the whitelisting. However, many thanks to @Jahnavi for providing another way to perform this operation, its very informative.


  2. 0

    One of the possible reasons is with the output block. You can modify the output block by adding the condition for the Backend webapps as below:

    output WebAppIps array = if (WebAppConfig.NamingSuffix == 'BACKEND') { split(WebApp.properties.possibleOutboundIpAddresses, ',') }

    Moreover, instead of passing if (WebAppConfig=='BACKEND'), you need to pass the condition with Namingsuffix. Modify it as if(WebAppConfig.NamingSuffix=='BACKEND') because the WebAppConfig object includes a property called NamingSuffix for different webapps parameters.

    And then you can filter the WebAppDeployments array in the SQLServerWhitelistIPs module to just include the backend web app.

    module SQLServerWhitelistIPs 'sqlWhitelist.bicep' = [for (WebAppConfig, index) in WebAppDeployments:  if (WebAppConfig.NamingSuffix == 'BACKEND') 
{  
   name:  'SqlServerWhitelists${index}'  
   dependsOn:  [  
   WebApps 
  sqlServer 
] 
scope:  resourceGroup('RG')  
   params:  {  
   NamePrefix:  NamePrefix  
   WebAppConfig:  WebAppConfig  
   WebAppIps:  WebApps[index].outputs.WebAppIps } }]

    After checking the above, I modified your code and was able to deploy it successfully.

    enter image description here

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search