Policy: Azure > Storage > Storage Account > Firewall > IP Ranges > Approved > CIDR Ranges
Configure storage accounts to allow access from specific public internet IP address ranges. This configuration grants access to specific internet-based services and on-premises networks and blocks general internet traffic.
Provide allowed internet address ranges using CIDR notation in the form 16.17.18.0/24 or as individual IP addresses like 16.17.18.19.
Small address ranges using "/31" or "/32" prefix sizes are not supported. These ranges should be configured using individual IP address rules.
IP network rules are only allowed for public internet IP addresses. IP address ranges reserved for private networks (as defined in RFC 1918) aren't allowed in IP rules. Private networks include addresses that start with 10., 172.16. - 172.31., and 192.168..
Example: - 45.127.45.223 - 223.235.113.55 - 45.64.0.0/10
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
- Azure > Storage > Storage Account > Firewall
- Azure > Storage > Storage Account > Firewall > IP Ranges
- Azure > Storage > Storage Account > Firewall > IP Ranges > Approved
Policy Specification
Schema Type | |
|---|---|
Default | |
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/resourceApproved
- tmod:@turbot/azure-storage#/policy/types/storageAccountFirewallIpRangesApprovedCidrRanges
- turbot graphql policy-type --id "tmod:@turbot/azure-storage#/policy/types/storageAccountFirewallIpRangesApprovedCidrRanges"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-storage#/policy/types/storageAccountFirewallIpRangesApprovedCidrRanges"
Get Policy TypeGet Policy Settings