Adding Azure/AWS region IPs to Network Traffic Rules

I got some days ago a question from a partner if we can limit the outgoing traffic from several locations to Amazon S3. In VBR there is a single “any to Internet” rule where you can limit the traffic, but you cannot limit this to different IP subnets. The customer has a very big range of possible line speeds and thats why the need to specify different rules based on subnet.

I figured out that Amazon as well as Microsoft provides APIs to request the IP subnets of their datacenter regions.

I created two scripts called “Add-AwsTrafficRules.ps1” and “Add-AzureTrafficRules.ps1”, which can be run with this parameters:

-Name test -SourceIPSubnet 192.168.33.0/24 -AwsRegion eu-central-1 -ThrottlingValue 5 -ThrottlingUnit MbitPerSec
#or
-Name test -SourceIPSubnet 192.168.33.0/24 -AzureRegion europewest -ThrottlingValue 5 -ThrottlingUnit MbitPerSec

Already existing Rules (based on Name) will be skipped and this is the result.

Have fun with this little helper. You can find them hier:
https://github.com/marcohorstmann/powershell/blob/master/BR-CloudTrafficRules/

You may also like...

3 Responses

  1. Freddy says:

    Hi Marco
    Nice script, but we have an error while running it: Region not found
    The ‘Region’ for the Azure Blobl is set to ‘Azure Global’
    How can we get this to work?

    Best regards
    Freddy

  2. Freddy says:

    Hi Marco

    Thanks for the fast replay. ‘Azure Global’ is set at the config of the Veeam-Repo. If I create a new one, I can only select Global, Germany, China and Government.
    Unfortunately I cant login on shell.azure.com. I’m just ‘the Backup-Guy’ and dont have access. Our customer got this BlobStorage from the headoffice, if I ask them to execute this command, I have to wait several weeks…

Leave a Reply

Your email address will not be published. Required fields are marked *