Created
March 17, 2019 07:02
-
-
Save asears/62dd1b60ab3065b4ac7c6595c93b442c to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $vnetName = "Replace with your virtual network name" | |
| $resourceGroupName = "Replace with the resource group the virtual network is in" | |
| $subnetName = "Replace with the name of the subnet that you plan to use for HDInsight" | |
| # Get the Virtual Network object | |
| $vnet = Get-AzureRmVirtualNetwork ` | |
| -Name $vnetName ` | |
| -ResourceGroupName $resourceGroupName | |
| # Get the region the Virtual network is in. | |
| $location = $vnet.Location | |
| # Get the subnet object | |
| $subnet = $vnet.Subnets | Where-Object Name -eq $subnetName | |
| # Create a Network Security Group. | |
| # And add exemptions for the HDInsight health and management services. | |
| $nsg = New-AzureRmNetworkSecurityGroup ` | |
| -Name "hdisecure" ` | |
| -ResourceGroupName $resourceGroupName ` | |
| -Location $location ` | |
| | Add-AzureRmNetworkSecurityRuleConfig ` | |
| -name "hdirule1" ` | |
| -Description "HDI health and management address 52.164.210.96" ` | |
| -Protocol "*" ` | |
| -SourcePortRange "*" ` | |
| -DestinationPortRange "443" ` | |
| -SourceAddressPrefix "52.164.210.96" ` | |
| -DestinationAddressPrefix "VirtualNetwork" ` | |
| -Access Allow ` | |
| -Priority 300 ` | |
| -Direction Inbound ` | |
| | Add-AzureRmNetworkSecurityRuleConfig ` | |
| -Name "hdirule2" ` | |
| -Description "HDI health and management 13.74.153.132" ` | |
| -Protocol "*" ` | |
| -SourcePortRange "*" ` | |
| -DestinationPortRange "443" ` | |
| -SourceAddressPrefix "13.74.153.132" ` | |
| -DestinationAddressPrefix "VirtualNetwork" ` | |
| -Access Allow ` | |
| -Priority 301 ` | |
| -Direction Inbound ` | |
| | Add-AzureRmNetworkSecurityRuleConfig ` | |
| -Name "hdirule3" ` | |
| -Description "HDI health and management 168.61.49.99" ` | |
| -Protocol "*" ` | |
| -SourcePortRange "*" ` | |
| -DestinationPortRange "443" ` | |
| -SourceAddressPrefix "168.61.49.99" ` | |
| -DestinationAddressPrefix "VirtualNetwork" ` | |
| -Access Allow ` | |
| -Priority 302 ` | |
| -Direction Inbound ` | |
| | Add-AzureRmNetworkSecurityRuleConfig ` | |
| -Name "hdirule4" ` | |
| -Description "HDI health and management 23.99.5.239" ` | |
| -Protocol "*" ` | |
| -SourcePortRange "*" ` | |
| -DestinationPortRange "443" ` | |
| -SourceAddressPrefix "23.99.5.239" ` | |
| -DestinationAddressPrefix "VirtualNetwork" ` | |
| -Access Allow ` | |
| -Priority 303 ` | |
| -Direction Inbound ` | |
| | Add-AzureRmNetworkSecurityRuleConfig ` | |
| -Name "hdirule5" ` | |
| -Description "HDI health and management 168.61.48.131" ` | |
| -Protocol "*" ` | |
| -SourcePortRange "*" ` | |
| -DestinationPortRange "443" ` | |
| -SourceAddressPrefix "168.61.48.131" ` | |
| -DestinationAddressPrefix "VirtualNetwork" ` | |
| -Access Allow ` | |
| -Priority 304 ` | |
| -Direction Inbound ` | |
| | Add-AzureRmNetworkSecurityRuleConfig ` | |
| -Name "hdirule6" ` | |
| -Description "HDI health and management 138.91.141.162" ` | |
| -Protocol "*" ` | |
| -SourcePortRange "*" ` | |
| -DestinationPortRange "443" ` | |
| -SourceAddressPrefix "138.91.141.162" ` | |
| -DestinationAddressPrefix "VirtualNetwork" ` | |
| -Access Allow ` | |
| -Priority 305 ` | |
| -Direction Inbound ` | |
| # Set the changes to the security group | |
| Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $nsg | |
| # Apply the NSG to the subnet | |
| Set-AzureRmVirtualNetworkSubnetConfig ` | |
| -VirtualNetwork $vnet ` | |
| -Name $subnetName ` | |
| -AddressPrefix $subnet.AddressPrefix ` | |
| -NetworkSecurityGroup $nsg | |
| $vnet | Set-AzureRmVirtualNetwork |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment