Script

Copy Security Rules From One Azure Network Security Group To Another Using PowerShell

Network Security Group Azure Network Security Group is used to manage the flow of the network traffic and the direction as well, besides the default inbound and outbound security rules there can be none or many security rules to define the security within in the Azure Virtual Network. Purpose of copying Security Rules There are many scenarios where you need to clone Network Security Group and its security rules to a new Network Security Group or copy the security rules to an existing Network Security Group, it could be as part of the migration, testing, cloning the same security measures for different project, or for a disaster recovery site and etc., You can’t move the Network Security Group from one region to an another. You can only use the method of copy, paste and delete. Copy Security Rules using PowerShell I have created a PowerShell script to copy the security rules from one Network Security Group to another and also it has some other abilities like… Copy security rules from one Network Security Group to another. Creates a new Network Security Group and copy the security rules. Accepts the Network Security Group by name or as an object as well. By default the script merges the security rules, and it has an option to overwrite the existing NSG security rules. Code  View the code in GitHub   Syntax This function will accept the following Parameter Sets… Copy-AzNSGSecurityRules -SourceResourceGroupName <string> -SourceNSGName <string> -TargetResourceGroupName <string> -TargetNSGName <string> [<CommonParameters>] Copy-AzNSGSecurityRules -SourceResourceGroupName <string> -SourceNSGName <string> -TargetResourceGroupName <string> -TargetNSGName <string> -TargetLocation <string> [<CommonParameters>] Copy-AzNSGSecurityRules -SourceNSG <psobject> -TargetResourceGroupName <string> -TargetNSGName <string> -TargetLocation <string> [<CommonParameters>] Copy-AzNSGSecurityRules -SourceNSG <psobject> -TargetNSG <psobject> [-Overwrite] [<CommonParameters>] Example 01 To copy security rules from the existing source NSG to existing target NSG using NSG name… PS C:\> . .\Scripts\Copy-AzNSGSecurityRules.ps1 PS C:\> Copy-AzNSGSecurityRules -SourceResourceGroupName 'rg1' -SourceNSGName 'nsg1' -TargetResourceGroupName 'rg2' -TargetNSGName 'nsg2' Output: Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2' Deny_Internet, Allow_SqlServer Example 02 To create a new NSG and then copy security rules from the existing source NSG PS C:\> . .\Scripts\Copy-AzNSGSecurityRules.ps1 PS C:\> Copy-AzNSGSecurityRules -SourceResourceGroupName 'rg1' -SourceNSGName 'nsg1' -TargetNSGName 'nsg2' -TargetResourceGroupName 'rg2' -TargetLocation 'southindia' Output: New NSG 'nsg2' has been created in resource group 'rg2' in 'southindia' location. Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2' Deny_Internet, Allow_SqlServer If the target NSG is already existed… The NSG 'nsg2' is already existed, so vomiting the '-TagetLocation' parameter value and skiping the NSG creation. Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2' Deny_Internet, Allow_SqlServer Example 03 To copy security rules from the existing source NSG to existing target NSG (When direct NSG objects are provided) PS C:\> . .\Scripts\Copy-AzNSGSecurityRules.ps1 PS C:\> $nsg1 = Get-AzNetworkSecurityGroup -ResourceGroupName 'rg1' -Name 'nsg1' PS C:\> $nsg2 = Get-AzNetworkSecurityGroup -ResourceGroupName 'rg2' -Name 'nsg2' PS C:\> Copy-AzNSGSecurityRules -SourceNSG $nsg1 -TargetNSG $nsg2 Output: Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2' Deny_Internet, Allow_SqlServer Example 04 To create a new NSG and then copy security rules from the existing source NSG (When direct source NSG object is provided) PS C:\> . .\Scripts\Copy-AzNSGSecurityRules.ps1 PS C:\> $nsg1 = Get-AzNetworkSecurityGroup -ResourceGroupName 'rg1' -Name 'nsg1' PS C:\> Copy-AzNSGSecurityRules -SourceNSG $nsg1 -TargetNSGName 'nsg2' -TargetResourceGroupName 'rg2' -TargetLocation 'southindia' Output: New NSG 'nsg2' has been created in resource group 'rg2' in 'southindia' location. Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2' Deny_Internet, Allow_SqlServer If the target NSG is already existed… The NSG 'nsg2' is already existed, so vomiting the '-TagetLocation' parameter value and skiping the NSG creation. Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2' Deny_Internet, Allow_SqlServer Code  View the code in GitHub  


Find Azure Resources By Tags Using PowerShell

Recently, I have been requested to write a small PowerShell script to fetch all the Azure resources with no tags at all, but I thought of writing a comprehensive script that is not only to find all the resources with no tags but also to find resources with specific tag name(s), tag value(s), tag(s), or with all tags. Tagging in Azure I have already covered Tagging Microsoft Azure Resources Using Powershell (Az)  in my previous post, but just to brief… Tags in Azure play pivotal role in managing the resources, predominantly in the cost governance strategies and much useful for automation and maintain environment hygiene. More than a resource name, tagging is very crucial and it must be consistent and appropriate across the resources in all the resource groups and subscriptions. Many organizations leverage the tagging effectively and consistently using the Azure policies or some automation techniques. Find-AzResource However, finding the resources in Azure is also crucial, and especially finding all the resources of all types from multiple subscriptions or resource groups. So I have come up with a PowerShell script to find all the Azure tagged/not tagged resources, and you can find the script in my GitHub repo…  View the code in GitHub   The script comes with an in-build help, and if you run the script without any parameters it will display the help as below… C:\Users\kiran\PSScripts> . .\Find-AzResource.ps1 C:\Users\kiran\PSScripts> Find-AzResource Output: NAME Find-AzResource SYNOPSIS Find-AzResource gets all the Azure tagged/not tagged resources, SYNTAX Find-AzResource [-ResourceName <String[]>] [-Location <String[]>] [-ResourceType <String[]>] [<CommonParameters>] Find-AzResource -ResourceGroupName <String[]> [-ResourceName <String[]>] [-Location <String[]>] [-ResourceType <String[]>] -Tag <Hashtable> [<CommonParameters>] Find-AzResource -ResourceGroupName <String[]> [-ResourceName <String[]>] [-Location <String[]>] [-ResourceType <String[]>] -TagValue <String[]> [<CommonParameters>] Find-AzResource -ResourceGroupName <String[]> [-ResourceName <String[]>] [-Location <String[]>] [-ResourceType <String[]>] -TagName <String[]> [<CommonParameters>] Find-AzResource -ResourceGroupName <String[]> [-ResourceName <String[]>] [-Location <String[]>] [-ResourceType <String[]>] -WithNoTag [<CommonParameters>] Find-AzResource -ResourceGroupName <String[]> [-ResourceName <String[]>] [-Location <String[]>] [-ResourceType <String[]>] -AllTagged [<CommonParameters>] Find-AzResource -SubscriptionName <String[]> [-ResourceName <String[]>] [-Location <String[]>] [-ResourceType <String[]>] -Tag <Hashtable> [<CommonParameters>] Find-AzResource -SubscriptionName <String[]> [-ResourceName <String[]>] [-Location <String[]>] [-ResourceType <String[]>] -TagValue <String[]> [<CommonParameters>] Find-AzResource -SubscriptionName <String[]> [-ResourceName <String[]>] [-Location <String[]>] [-ResourceType <String[]>] -TagName <String[]> [<CommonParameters>] Find-AzResource -SubscriptionName <String[]> [-ResourceName <String[]>] [-Location <String[]>] [-ResourceType <String[]>] -WithNoTag [<CommonParameters>] Find-AzResource -SubscriptionName <String[]> [-ResourceName <String[]>] [-Location <String[]>] [-ResourceType <String[]>] -AllTagged [<CommonParameters>] DESCRIPTION Find-AzResource gets all the Azure resources with... > All tags > No tags > Specific tag name(s) > Specific tag value(s) > Specific tag(s) ... from one or more resourcegroup(s) or subscripttion(s) and optionally filter the resources by location, name and type as well. ... output truncated ... -------------------------- EXAMPLE 1 -------------------------- PS > Find-AzResource Displays full help -------------------------- EXAMPLE 2 -------------------------- PS > Find-AzResource -SubscriptionName Sub1, Sub2 -AllTagged Finds all the resources with tags in the given Subscriptions. it even works with ResourceGroupName as well. Optionally, you can even filter the resources by Name, Location and Type. -------------------------- EXAMPLE 3 -------------------------- PS > Find-AzResource -SubscriptionName Sub1, Sub2 -WithNoTag Finds all the resources with no tags in the given Subscriptions. It even works with ResourceGroupName as well. Optionally, you can even filter the resources by Name, Location and Type. -------------------------- EXAMPLE 4 -------------------------- PS > Find-AzResource -ResourceGroupName RG1, RG2 -TagName Status Finds all the resources with given tag name in the given resource groups. It even works with the subscriptions as well. Optionally, you can even filter the resources by Name, Location and Type. -------------------------- EXAMPLE 5 -------------------------- PS > Find-AzResource -ResourceGroupName RG1, RG2 -TagValue HR, Finance Finds all the resources with given tag values in the given resource groups. It even works with the subscriptions as well. Optionally, you can even filter the resources by Name, Location and Type. -------------------------- EXAMPLE 6 -------------------------- PS > Find-AzResource -ResourceGroupName RG1, RG2 -Tag @{Dept='IT'; Status="Expired"} Finds all the resources with given tags in the given resource groups. It even works with the subscriptions as well. Optionally, you can even filter the resources by Name, Location and Type.  View the code in GitHub