Azurecloud~30 mins

Azure SQL firewall rules - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Azure SQL Firewall Rules Setup

📖 Scenario: You are setting up an Azure SQL Database for a small company. To keep the database secure, you need to configure firewall rules that allow only specific IP addresses to access the database server.

🎯 Goal: Build an Azure Resource Manager (ARM) template snippet that defines an Azure SQL Server and configures firewall rules to allow access from two specific IP addresses.

📋 What You'll Learn

Create an Azure SQL Server resource with a specified name and location.

Add two firewall rules to the SQL Server to allow access from two exact IP addresses.

Use exact resource names and IP addresses as specified.

Ensure the ARM template JSON is valid and deployable.

💡 Why This Matters

🌍 Real World

Configuring firewall rules is essential to secure Azure SQL Databases by allowing only trusted IP addresses to connect.

💼 Career

Cloud engineers and infrastructure specialists often write ARM templates to automate secure deployment of Azure SQL resources.

Progress0 / 4 steps

Create Azure SQL Server resource

Create an Azure SQL Server resource in the ARM template with the name mySqlServer and location eastus. Use the resource type Microsoft.Sql/servers and API version 2021-02-01-preview. Set the administrator login to sqladmin and administrator login password to StrongP@ssw0rd!.

Azure

{
  "resources": [
    {
      "type": "Microsoft.Sql/servers",
      "apiVersion": "2021-02-01-preview",
      "name": "mySqlServer",
      "location": "eastus",
      "properties": {
        "administratorLogin": "sqladmin",
        "administratorLoginPassword": "StrongP@ssw0rd!"
      }
    }
  ]
}
# Your code here

Need a hint?

Define a resource with type Microsoft.Sql/servers and set the required properties exactly as specified.

Add first firewall rule configuration

Add a firewall rule resource to the ARM template to allow access from IP address 192.168.1.10. The resource type should be Microsoft.Sql/servers/firewallRules with API version 2021-02-01-preview. Name the firewall rule AllowIP1 and set both startIpAddress and endIpAddress to 192.168.1.10. The firewall rule resource must be a child of the SQL Server resource mySqlServer.

Azure

{
  "resources": [
    {
      "type": "Microsoft.Sql/servers",
      "apiVersion": "2021-02-01-preview",
      "name": "mySqlServer",
      "location": "eastus",
      "properties": {
        "administratorLogin": "sqladmin",
        "administratorLoginPassword": "StrongP@ssw0rd!"
      }
    },
    {
      "type": "Microsoft.Sql/servers/firewallRules",
      "apiVersion": "2021-02-01-preview",
      "name": "mySqlServer/AllowIP1",
      "properties": {
        "startIpAddress": "192.168.1.10",
        "endIpAddress": "192.168.1.10"
      }
    }
  ]
}
# Your code here

Need a hint?

Firewall rule resource name must be in the format mySqlServer/AllowIP1 to link it as a child resource.

Add second firewall rule configuration

Add another firewall rule resource to the ARM template to allow access from IP address 203.0.113.5. Use the same resource type and API version as before. Name this firewall rule AllowIP2 and set both startIpAddress and endIpAddress to 203.0.113.5. This resource must also be a child of the SQL Server resource mySqlServer.

Azure

{
  "resources": [
    {
      "type": "Microsoft.Sql/servers",
      "apiVersion": "2021-02-01-preview",
      "name": "mySqlServer",
      "location": "eastus",
      "properties": {
        "administratorLogin": "sqladmin",
        "administratorLoginPassword": "StrongP@ssw0rd!"
      }
    },
    {
      "type": "Microsoft.Sql/servers/firewallRules",
      "apiVersion": "2021-02-01-preview",
      "name": "mySqlServer/AllowIP1",
      "properties": {
        "startIpAddress": "192.168.1.10",
        "endIpAddress": "192.168.1.10"
      }
    },
    {
      "type": "Microsoft.Sql/servers/firewallRules",
      "apiVersion": "2021-02-01-preview",
      "name": "mySqlServer/AllowIP2",
      "properties": {
        "startIpAddress": "203.0.113.5",
        "endIpAddress": "203.0.113.5"
      }
    }
  ]
}
# Your code here

Need a hint?

Remember to use the full resource name format mySqlServer/AllowIP2 for the firewall rule.

Complete ARM template with all resources

Ensure the ARM template JSON includes the Azure SQL Server resource mySqlServer and both firewall rules named AllowIP1 and AllowIP2 with their respective IP addresses. The template must be valid JSON and ready for deployment.

Azure

{
  "resources": [
    {
      "type": "Microsoft.Sql/servers",
      "apiVersion": "2021-02-01-preview",
      "name": "mySqlServer",
      "location": "eastus",
      "properties": {
        "administratorLogin": "sqladmin",
        "administratorLoginPassword": "StrongP@ssw0rd!"
      }
    },
    {
      "type": "Microsoft.Sql/servers/firewallRules",
      "apiVersion": "2021-02-01-preview",
      "name": "mySqlServer/AllowIP1",
      "properties": {
        "startIpAddress": "192.168.1.10",
        "endIpAddress": "192.168.1.10"
      }
    },
    {
      "type": "Microsoft.Sql/servers/firewallRules",
      "apiVersion": "2021-02-01-preview",
      "name": "mySqlServer/AllowIP2",
      "properties": {
        "startIpAddress": "203.0.113.5",
        "endIpAddress": "203.0.113.5"
      }
    }
  ]
}
# Verify the full template is complete and valid

Need a hint?

Make sure the ARM template includes all three resources with correct names and IP addresses.