Get Azure PaaS Endpoint IPs


I've had a few situations where people are trying to find out the public IP Addresses for their own resources in Azure to use for Network Security Groups or User Defined Routes.

Unfortunately there is nothing generic out there that can return this information for every Resource Type, so specific code needs to be developed for each type.
I've made a start on this for Storage Accounts and Azure SQL Servers, being two of the most popular ones.

You can use the function(s) below to return an array containing the IP, Location and Resource Type for all Storage Accounts and SQL Servers in a given subscription.
If you have another Resource Type you need to resolve public IPs for, add the required code under the 'switch ($Res.ResourceTypes)' section.
Please feel free to drop me a line if you need help working out how to get the Public IP for different resource types.

[Updated: 13 Nov 2017]: Updated to include KeyVault and added function parameter switches to filter which Resource Types will be returned.

function Get-FQDNIP (
    [string]$FQDN,
    [object]$Resource
) {
    $IPDetails = [System.Net.Dns]::GetHostAddresses($FQDN)
    $IP = New-Object PSObject -Property @{
        IP = $IPDetails.IPAddressToString
        Locn = $Resource.Location
        Type = $Resource.ResourceType
    }
    Write-Verbose "`t$($IP)"
    return $IP
}
 
 
function Get-PaaSIPs (
    [string]$SubscriptionID,
    [switch]$StorageAccounts,
    [switch]$SQLServers,
    [switch]$KeyVaults
) {    
    Select-AzureRmSubscription -SubscriptionId $SubscriptionID | Out-Null
    $AllRes = Get-AzureRmResource
    $IPs = @()
    $CurrType = ""
    $AllRes = $AllRes | Sort-Object ResourceType
    if (!$StorageAccounts -and !$SQLServers -and !$KeyVaults) {
        $FilteredRes = $AllRes
    }
    if ($StorageAccounts) {
        $FilteredRes = $AllRes | Where-Object {$_.ResourceType -eq "Microsoft.Storage/storageAccounts"}
    }
    if ($SQLServers) {
        $FilteredRes += $AllRes | Where-Object {$_.ResourceType -eq "Microsoft.Sql/servers"}
    }
    if ($KeyVaults) {
        $FilteredRes += $AllRes | Where-Object {$_.ResourceType -eq "Microsoft.KeyVault/vaults"}
    }
    ForEach ($Res in $FilteredRes) {
        if ($CurrType -ne $Res.ResourceType) {
            $CurrType = $Res.ResourceType
            Write-Verbose "$($Res.ResourceType)"
        }
        switch ($Res.ResourceType) {
            "Microsoft.Storage/storageAccounts" {
                $ResDet = Get-AzureRmStorageAccount -Name $Res.ResourceName -ResourceGroupName $Res.ResourceGroupName
                $Blob = $null; $Blob = $ResDet.PrimaryEndpoints.Blob
                $File = $null; $File = $ResDet.PrimaryEndpoints.File
                $Table = $null; $Table = $ResDet.PrimaryEndpoints.Table
                $Queue = $null; $Queue = $ResDet.PrimaryEndpoints.Queue
                 
                if ($Blob -ne $null) {
                    $Blob = $Blob.Substring(8,$Blob.Length-9)
                    $IP = Get-FQDNIP -FQDN $Blob -Resource $Res
                    if ($IP.IP -notin $IPs.IP) {
                        $IPs += $IP
                    }
                }
                if ($File -ne $null) {
                    $File = $File.Substring(8,$File.Length-9)
                    $IP = Get-FQDNIP -FQDN $File -Resource $Res
                    if ($IP.IP -notin $IPs.IP) {
                        $IPs += $IP
                    }
                }
                if ($Table -ne $null) {
                    $Table = $Table.Substring(8,$Table.Length-9)
                    $IP = Get-FQDNIP -FQDN $Table -Resource $Res
                    if ($IP.IP -notin $IPs.IP) {
                        $IPs += $IP
                    }
                }
                    if ($Queue -ne $null) {
                    $Queue = $Queue.Substring(8,$Queue.Length-9)
                    $IP = Get-FQDNIP -FQDN $Queue -Resource $Res
                    if ($IP.IP -notin $IPs.IP) {
                        $IPs += $IP
                    }
                }
            }
            "Microsoft.Sql/servers" {
                $IP = Get-FQDNIP -FQDN "$($Res.ResourceName).database.windows.net" -Resource $Res
                if ($IP.IP -notin $IPs.IP) {
                    $IPs += $IP
                }
            }
            "Microsoft.KeyVault/vaults" {
                #Write-Output "`t$($Res.Name)"
                $Vault = Get-AzureRmKeyVault -VaultName $Res.Name -ResourceGroupName $Res.ResourceGroupName
                $VaultFQDN = $Vault.VaultUri.Substring(8,$Vault.VaultUri.Length-9)
                $IP = Get-FQDNIP -FQDN $VaultFQDN -Resource $Res
                if ($IP.IP -notin $IPs.IP) {
                    $IPs += $IP
                }
            }
            default {
                #Write-Verbose "`t$($Res.Name)"
                #Write-Verbose "`t`t$($Res.ResourceType)"
            }
        }
    }
    return $IPs | Sort-Object Locn, IP, Type
}

Comments (0)

Skip to main content