add missing fw rules for ml

2021-10-07 15:55:47 -04:00 · 2021-10-07 15:55:47 -04:00 · 7cfe24f0ff
commit 7cfe24f0ff
parent e3d2f4db37
2 changed files with 19 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,5 @@ quickstart/301-machine-learning-hub-spoke-secure/*.terraform.lock.hcl
 quickstart/301-machine-learning-hub-spoke-secure/*.tfstate
 quickstart/301-machine-learning-hub-spoke-secure/.terraform/providers/registry.terraform.io/hashicorp/azurerm/2.79.1/windows_amd64/terraform-provider-azurerm_v2.79.1_x5.exe
 quickstart/301-machine-learning-hub-spoke-secure/.terraform/providers/registry.terraform.io/hashicorp/random/3.1.0/windows_amd64/terraform-provider-random_v3.1.0_x5.exe
+quickstart/301-machine-learning-hub-spoke-secure/.terraform.tfstate.lock.info
+quickstart/301-machine-learning-hub-spoke-secure/terraform.tfstate.*
--- a/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf
+++ b/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf
@ -354,6 +354,20 @@ application_rule_collection {
      source_ip_groups = [azurerm_ip_group.ip_group_spoke.id]      
      destination_fqdns = ["dc.services.visualstudio.com"]
    }
+
+    rule {
+      name = "azureml-instances"
+      protocols {
+        type = "Http"
+        port = 80
+      }
+      protocols {
+        type = "Https"
+        port = 443
+      }
+      source_ip_groups = [azurerm_ip_group.ip_group_spoke.id]      
+      destination_fqdns = ["*.instances.azureml.net", "*.instances.azureml.ms"]
+    }
  }

 network_rule_collection {
@ -364,8 +378,8 @@ application_rule_collection {
    rule {
      name                  = "hub-to-spoke-rule"
      protocols             = ["Any"]
-      source_ip_groups      = [azurerm_ip_group.ip_group_spoke.id]   
-      destination_ip_groups = [azurerm_ip_group.ip_group_hub.id]
+      source_ip_groups      = [azurerm_ip_group.ip_group_spoke.id,azurerm_ip_group.ip_group_hub.id]   
+      destination_ip_groups = [azurerm_ip_group.ip_group_hub.id,azurerm_ip_group.ip_group_spoke.id]
      destination_ports     = ["*"]
    }

@ -421,7 +435,7 @@ application_rule_collection {
      name                  = "Azure-Front-Door-Frontend"
      protocols             = ["TCP"]
      source_ip_groups      = [azurerm_ip_group.ip_group_spoke.id]      
-      destination_addresses = ["AzureFrontDoor.Frontend"]
+      destination_addresses = ["AzureFrontDoor.Frontend","AzureFrontDoor.FirstParty"]
      destination_ports     = ["443"]
    }