Recently, I performed a lot of work as a Site Reliability Engineer (SRE) / DevOps Engineer on a project that utilizes Azure Synapse for a large data lake and data processing implementation. Through my duties as SRE, I needed to configure the security of Azure Synapse by adding an allow list for IP Addresses that were allowed to connect to the Azure Synapse Workspace.
The Azure CLI provides the az synapse workspace firewall-rule commands for managing the firewall configuration for Azure Synapse Workspaces. The create and delete commands within it can be used to create and delete IP Addresses from the Azure Synapse Firewall allow list respectively.
Below is a sample command for adding an IP Address range to the allow list of the Azure Synapse Workspace firewall. When adding a single IP Address, the start IP Address (aka --start-ip-address) and end IP Address (--end-ip-address) for the range will need to be set to the single IP Address being added. Otherwise, you can specify the starting and ending IP Addresses in the range.
az synapse workspace firewall-rule create \
--name <ip-address-name> \
--start-ip-address <start-ip-address-range> \
--end-ip-address <end-ip-address-range> \
--resource-group <resource-group-name> \
--workspace-name <azure-synapse-workspace-name>Also, below is a sample command for deleting (or removing) an IP Address from the Azure Synapse Workspace firewall allow list.
az synapse workspace firewall-rule delete \
--name <ip-address-name> \
--resource-group <resource-group-name> \
--workspace-name <azure-synapse-workspace-name> \
--yesIn the above Azure CLI az synapse workspace firewall-rule commands, you’ll want to set the following parameters to the appropriate values for your Azure Synapse Workspace:
--nameis the name given to the IP Address range once it’s added to the Azure Synapse Workspace firewall allow list.--resource-groupis the Azure Resource Group name where the Azure Synapse Workspace resides within Azure.--workspace-nameis the name of the Azure Synapse Workspace resource of which the firewall allow list will be managed.
Here’s an example usage of the above command to add a specific IP Address to the firewall allow list of an Azure Synapse Workspace instance:
az synapse workspace firewall-rule create \
--name "SomeMachineThatNeedsAccess" \
--start-ip-address 8.8.8.8 \
--end-ip-address 8.8.8.8 \
--resource-group "MyResourceGroup" \
--workspace-name "MySynapseWorkspace"Happing scripting!
About the Author
Chris Pietschmann
Chris Pietschmann is a Microsoft MVP, HashiCorp Ambassador, and Microsoft Certified Trainer (MCT) with 20+ years of experience designing and building Cloud & Enterprise systems. He has worked with companies of all sizes from startups to large enterprises. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive.
Stack Overflow Upset Over Users Deleting Answers After OpenAI Partnership
GitHub Actions: Commit and Push Changes Back to Repository
Run Your Own Local, Private, ChatGPT-like AI Experience with Ollama and OpenWebUI (Llama3, Phi3, Gemma, Mistral, and more LLMs!)
IPv4 Address CIDR Range Reference and Calculator
Azure Functions: Extend Execution Timeout Past 5 Minutes
