az functionapp config access-restriction

Methods that show, set, add, and remove access restrictions on a functionapp.

Commands

az functionapp config access-restriction add

Adds an Access Restriction to the functionapp.

az functionapp config access-restriction remove

Removes an Access Restriction from the functionapp.

az functionapp config access-restriction set

Sets if SCM site is using the same restrictions as the main site.

az functionapp config access-restriction show

Show Access Restriction settings for functionapp.

az functionapp config access-restriction add

Adds an Access Restriction to the functionapp.

az functionapp config access-restriction add --priority
                                             [--action {Allow, Deny}]
                                             [--description]
                                             [--ids]
                                             [--ignore-missing-endpoint {false, true}]
                                             [--ip-address]
                                             [--name]
                                             [--resource-group]
                                             [--rule-name]
                                             [--scm-site {false, true}]
                                             [--slot]
                                             [--subnet]
                                             [--subscription]
                                             [--vnet-name]

Examples

Add Access Restriction opening (Allow) named developers for IPv4 address 130.220.0.0/27 with priority 200 to main site.

az functionapp config access-restriction add -g ResourceGroup -n AppName --rule-name developers --action Allow --ip-address 130.220.0.0/27 --priority 200

Add Access Restriction opening (Allow) named build_server for IPv4 address 192.168.0.0/27 with priority 250 to scm site.

az functionapp config access-restriction add -g ResourceGroup -n AppName --rule-name build_server --action Allow --ip-address 192.168.0.0/27 --priority 250 --scm-site true

Add Access Restriction opening (Allow) named app_gateway for Subnet app_gw in vNet core_weu with priority 300 to main site.

az functionapp config access-restriction add -g ResourceGroup -n AppName --rule-name app_gateway --action Allow --vnet-name core_weu --subnet app_gateway --priority 300

Add Access Restriction opening (Allow) named internal_agents for Subnet build_agents in vNet corp01 with priority 500 to scm site; and ignore service endpoint registration on the Subnet.

az functionapp config access-restriction add -g ResourceGroup -n AppName --rule-name internal_agents --action Allow --vnet-name corp01 --subnet build_agents --priority 500 --scm-site true --ignore-missing-endpoint true

Required Parameters

--priority -p

Priority of the access restriction rule.

Optional Parameters

--action

Allow or deny access.

accepted values: Allow, Deny
default value: Allow
--description

Description of the access restriction rule.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--ignore-missing-endpoint -i

Create access restriction rule with checking if the subnet has Microsoft.Web service endpoint enabled.

accepted values: false, true
--ip-address

IP address or CIDR range.

--name -n

Name of the function app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-name -r

Name of the access restriction rule to add.

--scm-site

True if access restrictions is added for scm site.

accepted values: false, true
--slot -s

The name of the slot. Default to the productions slot if not specified.

--subnet

Subnet name (requires vNet name) or subnet resource id.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vnet-name

VNet name.

az functionapp config access-restriction remove

Removes an Access Restriction from the functionapp.

az functionapp config access-restriction remove [--action {Allow, Deny}]
                                                [--ids]
                                                [--ip-address]
                                                [--name]
                                                [--resource-group]
                                                [--rule-name]
                                                [--scm-site {false, true}]
                                                [--slot]
                                                [--subnet]
                                                [--subscription]
                                                [--vnet-name]

Examples

Remove Access Restriction named developers from the main site.

az functionapp config access-restriction remove -g ResourceGroup -n AppName --rule-name developers

Remove Access Restriction named internal_agents from the scm site.

az functionapp config access-restriction remove -g ResourceGroup -n AppName --rule-name internal_agents --scm-site true

Optional Parameters

--action

Allow or deny access.

accepted values: Allow, Deny
default value: Allow
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--ip-address

IP address or CIDR range.

--name -n

Name of the function app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-name -r

Name of the access restriction to remove.

--scm-site

True if access restriction should be removed from scm site.

accepted values: false, true
--slot -s

The name of the slot. Default to the productions slot if not specified.

--subnet

Subnet name (requires vNet name) or subnet resource id.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vnet-name

VNet name.

az functionapp config access-restriction set

Sets if SCM site is using the same restrictions as the main site.

az functionapp config access-restriction set --use-same-restrictions-for-scm-site {false, true}
                                             [--ids]
                                             [--name]
                                             [--resource-group]
                                             [--slot]
                                             [--subscription]

Examples

Enable SCM site to use same access restrictions as main site.

az functionapp config access-restriction set -g ResourceGroup -n AppName --use-same-restrictions-for-scm-site true

Required Parameters

--use-same-restrictions-for-scm-site

Use same access restrictions for scm site.

accepted values: false, true

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the function app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az functionapp config access-restriction show

Show Access Restriction settings for functionapp.

az functionapp config access-restriction show [--ids]
                                              [--name]
                                              [--query-examples]
                                              [--resource-group]
                                              [--slot]
                                              [--subscription]

Examples

Get Access Restriction settings for a functionapp.

az functionapp config access-restriction show -g ResourceGroup -n AppName

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the function app.

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.