A simple PowerShell script that can be used to create Azure Resource Manager Network Security Groups (NSG) from CSV input files.

It accepts 2 input CSV files, the purpose of having 2 files is to have a set of Default rules that can apply to all NSGs, and then a custom set of rules that should only apply to the specific NSG that is being created. 

For Example, the Default set of rules could include basic connectivity requirements like Active Directory, Antivirus, Patching, etc. The Custom CSV could be application specific communications such as SQL, SAP, etc.

This makes creating and maintaining NSGs simpler, since the default rules would remain more static, and the custom rules would be added per application/security zone.

Inputting the rules into CSV also provides a clear and simple way to define the required rules, in a familiar format when looking at firewall rules.

It fully supports default NSG tags such as Internet, VirtualNetwork, etc.

 

ruleName description priority sourcePrefix sourcePort destinationPrefix destinationPort protocol access direction
denyInternet denyInternet 4000 * * Internet * * DENY OUTBOUND

 

----------------------

 

Usage:

1. Copy the blank.csv and create a new CSV, rename it, then define your "Default" rules and save the file. e.g defaultRules.csv

2. Copy the blank.csv and create a new CSV, rename it, then define your "Application specific" rules and safe the file. e.g. customRules.csv

 2a. If you only want to use a single CSV, then leave the second CSV blank with no values and it will just use the rules in the first CSV.

3. Run the script

 

PowerShell
Edit|Remove
.\Create-AzureRmNsg.ps1 -nsgName "nsg01" -resourceGroup "rg01" -location "Australia East" -tagName "Description" -tagValue "NSG for SQL Prod" -defaultCsv .\defaultRules.csv -customCsv .\customRules.csv