Crying Cloud

View Original

Associate a WAF policy with an existing Application Gateway - using Azure CLI

I recently had to associate a WAF policy that I had created to an existing Application Gateway that has another WAF policy assigned. The official documentation shows this is possible, and gives an example using PowerShell. I wanted to do the same, but with Azure CLI. I couldn’t find any examples when searching the Web, so here’s what I put together, for anyone else needing to do the same (examples are using Linux):

  1. Obtain the Id of the WAF Policy you want to assign to the App Gateway

    Update the configuration on the Application Gateway:

export WAF_POL_ID=$(az network application-gateway waf-policy show -g <WAF Resource Group> --name <WAF policy name> --query id -o tsv)

2. Update the configuration on the Application Gateway:

az network application-gateway update --resource-group <App Gateway RG Name> --name <App Gateway Name> --set firewallPolicy.id=$WAF_POL_ID

That’s it!

Here’s an example code snippet you can use in your scripts:

export APPGW_RG="<app gw rg>"
export WAF_RG="<waf policy rg>"
export WAF_POL_NAME="<waf policy name>"

export APPGW_NAME=$(az network application-gateway list -g ${APPGW_RG} --query [].name -o tsv)

export WAF_POL_ID=$(az network application-gateway waf-policy show -g ${WAF_RG}  --name ${WAF_POL_NAME}  --query id -o tsv)

# update the firewall policy assigned to the WAF
az network application-gateway update  --resource-group $APPGW_RG --name $APPGW_NAME --set firewallPolicy.id=$WAF_POL_ID