天天看點

[Azure]使用Powershell輸出某台ARM虛拟機的NSG

這個腳本用于輸出ARM模式下虛拟機的NSG,對于多網卡虛拟機也同樣适用。可以輸出所有網絡接口的NSG以及虛拟機所在子網的NSG。

腳本如下:

param(
    #The name of the subscription to take all the operations within. 
    [Parameter(Mandatory = $true)] 
    [string]$SubscriptionName, 

    # Resource Group Name.
    [Parameter(Mandatory = $true)]
    [string]$ResourceGroupName,
 
    # Virtual Machine Name.
    [Parameter(Mandatory = $true)]
    [string]$VMName
)

$cred = Get-Credential;
Login-AzureRmAccount -EnvironmentName AzureChinaCloud -Credential $cred;

Select-AzureRmSubscription -SubscriptionName $SubscriptionName;

Function GetResourceNameFromResourceId($resourceId)
{
    return $resourceId.Substring($resourceId.LastIndexOf('/')+1);
}

Function GetResourcePropertyFromResourceId($resourceId, $propertyName)
{
    $propertyName = $propertyName + "/";
    $rgName = $resourceId.Substring($resourceId.IndexOf($propertyName)+$propertyName.Length);
    return $rgName.Substring(0, $rgName.IndexOf("/"));
}

Function PrintVirtualMachineNetworkSecurityRules($vm)
{
    #loop all the network interfaces
    $customRules = New-Object System.Collections.ArrayList;
    #$defaultRules = New-Object System.Collections.ArrayList;

    $duplicateRules = New-Object System.Collections.ArrayList;

    foreach($nic in $vm.NetworkProfile.NetworkInterfaces)
    {
        # get network interface object
        $nicId = $nic.Id;
        $nicName = GetResourceNameFromResourceId $nicId;
        $nicRgName = GetResourcePropertyFromResourceId $nicId "resourceGroups";
        $interface = Get-AzureRmNetworkInterface -Name $nicName -ResourceGroupName $nicRgName;

        # get nsg for this network interface
        $nicNsgId = $interface.NetworkSecurityGroup.Id;
        if($nicNsgId -ne $NULL)
        {
            if(!$duplicateRules.Contains($nicNsgId))
            {
                $duplicateRules.Add($nicNsgId);
                $nicNsgName = GetResourceNameFromResourceId $nicNsgId;
                $nicNsgRgName = GetResourcePropertyFromResourceId $nicNsgId "resourceGroups";
                $nicNsg = Get-AzureRmNetworkSecurityGroup -Name $nicNsgName -ResourceGroupName $nicNsgRgName;
                $nicNsgCustomRules = $nicNsg.SecurityRules;
                foreach($nicNsgCustomRule in $nicNsgCustomRules)
                {
                    $customRules.Add(@{RuleName=$nicNsgCustomRule.Name; Protocol=$nicNsgCustomRule.Protocol; Source=$nicNsgCustomRule.SourceAddressPrefix; SourcePort=$nicNsgCustomRule.SourcePortRange; Dest=$nicNsgCustomRule.DestinationAddressPrefix; DestPortRange=$nicNsgCustomRule.DestinationPortRange; Access=$nicNsgCustomRule.Access; Priority=$nicNsgCustomRule.Priority; Direction=$nicNsgCustomRule.Direction; Catagory="Interface NSG";});
                }
                #$nicNsgDefaultRules = $nicNsg.DefaultSecurityRules;
                #foreach($nicNsgDefaultRule in $nicNsgDefaultRules)
                #{
                #    $customRules.Add(@{RuleName=$nicNsgDefaultRule.Name; Protocol=$nicNsgDefaultRule.Protocol; Source=$nicNsgDefaultRule.SourceAddressPrefix; SourcePort=$nicNsgDefaultRule.SourcePortRange; Dest=$nicNsgDefaultRule.DestinationAddressPrefix; DestPortRange=$nicNsgDefaultRule.DestinationPortRange; Access=$nicNsgDefaultRule.Access; Priority=$nicNsgDefaultRule.Priority; Direction=$nicNsgDefaultRule.Direction;});
                #}
            }
        }

        # get subnet object
        $subnetId = $interface.IpConfigurations.Subnet.Id;
        $subnetName = GetResourceNameFromResourceId $subnetId;
        $subnetRgName = GetResourcePropertyFromResourceId $subnetId "resourceGroups";
        $virtualNetworkName = GetResourcePropertyFromResourceId $subnetId "virtualNetworks";
        $vnet = Get-AzureRmVirtualNetwork -Name $virtualNetworkName -ResourceGroupName $subnetRgName;
        $subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name $subnetName -VirtualNetwork $vnet

        # get nsg for the subnet
        $subnetNsgId = $subnet.NetworkSecurityGroup.Id;
        if($subnetNsgId -ne $NULL)
        {
            if(!$duplicateRules.Contains($subnetNsgId))
            {
                $duplicateRules.Add($subnetNsgId);
                $subnetNsgName = GetResourceNameFromResourceId $subnetNsgId;
                $subnetNsgRgName = GetResourcePropertyFromResourceId $subnetNsgId "resourceGroups";
                $subnetNsg = Get-AzureRmNetworkSecurityGroup -Name $subnetNsgName -ResourceGroupName $subnetNsgRgName;
                $subnetNsgCustomRules = $subnetNsg.SecurityRules;
                foreach($subnetNsgCustomRule in $subnetNsgCustomRules)
                {
                    $customRules.Add(@{RuleName=$subnetNsgCustomRule.Name; Protocol=$subnetNsgCustomRule.Protocol; Source=$subnetNsgCustomRule.SourceAddressPrefix; SourcePort=$subnetNsgCustomRule.SourcePortRange; Dest=$subnetNsgCustomRule.DestinationAddressPrefix; DestPortRange=$subnetNsgCustomRule.DestinationPortRange; Access=$subnetNsgCustomRule.Access; Priority=$subnetNsgCustomRule.Priority; Direction=$subnetNsgCustomRule.Direction; Catagory="Subnet NSG";});
                }
                #$subnetNsgDefaultRules = $subnetNsg.DefaultSecurityRules;
                #foreach($subnetNsgDefaultRule in $subnetNsgDefaultRules)
                #{
                #    $customRules.Add(@{RuleName=$subnetNsgDefaultRule.Name; Protocol=$subnetNsgDefaultRule.Protocol; Source=$subnetNsgDefaultRule.SourceAddressPrefix; SourcePort=$subnetNsgDefaultRule.SourcePortRange; Dest=$subnetNsgDefaultRule.DestinationAddressPrefix; DestPortRange=$subnetNsgDefaultRule.DestinationPortRange; Access=$subnetNsgDefaultRule.Access; Priority=$subnetNsgDefaultRule.Priority; Direction=$subnetNsgDefaultRule.Direction;});
                #}
            }
        }
    }

    $customRules | select @{Name="Name"; Expression={$_["RuleName"]}}, @{Name="Protocol";Expression={$_["Protocol"]}}, @{Name="Source"; Expression={$_["Source"]}}, @{Name="SourcePort"; Expression={$_["SourcePort"]}}, @{Name="Dest"; Expression={$_["Dest"]}}, @{Name="DestPortRange"; Expression={$_["DestPortRange"]}}, @{Name="Access"; Expression={$_["Access"]}}, @{Name="Priority"; Expression={$_["Priority"]}}, @{Name="Direction"; Expression={$_["Direction"]}}, @{Name="Catagory"; Expression={$_["Catagory"]}} | Out-GridView;
}

$vm = Get-AzureRmVM -ResourceGroupName $ResourceGroupName -Name $VMName;
PrintVirtualMachineNetworkSecurityRules $vm;
           

調用方法:

[ARM]show_virtual_machine_nsgs.ps1 -SubscriptionName <Subscription Name> -ResourceGroupName <ResourceGroupName> -VMName <VM Name>

輸出結果:

[Azure]使用Powershell輸出某台ARM虛拟機的NSG



繼續閱讀