Jit Network Access Policies - Create Or Update

참조

서비스:: Defender for Cloud

API 버전:: 2020-01-01

Just-In-Time 액세스 제어를 사용하여 리소스를 보호하기 위한 정책 만들기

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}?api-version=2020-01-01

URI 매개 변수

Name	In(다음 안에)	필수	형식	Description
ascLocation	path	True	string	ASC가 구독의 데이터를 저장하는 위치입니다. 위치 가져오기에서 검색할 수 있습니다.
jitNetworkAccessPolicyName	path	True	string	Just-In-Time 액세스 구성 정책의 이름입니다.
resourceGroupName	path	True	string	사용자의 구독 내에 있는 리소스 그룹의 이름입니다. 이름은 대/소문자를 구분하지 않습니다. regex 패턴: `^[-\w\._]+$`
subscriptionId	path	True	string	Azure 구독 ID regex 패턴: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	작업에 대한 API 버전

요청 본문

Name	필수	형식	Description
properties.virtualMachines	True	JitNetworkAccessPolicyVirtualMachine[]	Microsoft.Compute/virtualMachines 리소스 종류에 대한 구성입니다.
kind		string	리소스 종류
properties.requests		JitNetworkAccessRequest[]

응답

Name	형식	Description
200 OK	JitNetworkAccessPolicy	그래
Other Status Codes	CloudError	작업이 실패한 이유를 설명하는 오류 응답입니다.

보안

azure_auth

Azure Active Directory OAuth2 Flow

형식: oauth2
Flow: implicit
권한 부여 URL: https://login.microsoftonline.com/common/oauth2/authorize

범위

Name	Description
user_impersonation	사용자 계정 가장

예제

Create JIT network access policy

샘플 요청

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01

{
  "kind": "Basic",
  "properties": {
    "virtualMachines": [
      {
        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        "ports": [
          {
            "number": 22,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          },
          {
            "number": 3389,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          }
        ]
      }
    ],
    "requests": [
      {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 3389,
                "allowedSourceAddressPrefix": "192.127.0.2",
                "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                "status": "Initiated",
                "statusReason": "UserRequested"
              }
            ]
          }
        ],
        "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
        "requestor": "barbara@contoso.com"
      }
    ],
    "provisioningState": "Succeeded"
  },
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
  "name": "default",
  "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
  "location": "westeurope"
}


import com.azure.resourcemanager.security.fluent.models.JitNetworkAccessRequestInner;
import com.azure.resourcemanager.security.models.JitNetworkAccessPolicyVirtualMachine;
import com.azure.resourcemanager.security.models.JitNetworkAccessPortRule;
import com.azure.resourcemanager.security.models.JitNetworkAccessRequestPort;
import com.azure.resourcemanager.security.models.JitNetworkAccessRequestVirtualMachine;
import com.azure.resourcemanager.security.models.Protocol;
import com.azure.resourcemanager.security.models.Status;
import com.azure.resourcemanager.security.models.StatusReason;
import java.time.OffsetDateTime;
import java.util.Arrays;

/**
 * Samples for JitNetworkAccessPolicies CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/
     * CreateJitNetworkAccessPolicy_example.json
     */
    /**
     * Sample code: Create JIT network access policy.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void createJITNetworkAccessPolicy(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.jitNetworkAccessPolicies().define("default").withExistingLocation("myRg1", "westeurope")
            .withVirtualMachines(Arrays.asList(new JitNetworkAccessPolicyVirtualMachine().withId(
                "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1")
                .withPorts(Arrays.asList(
                    new JitNetworkAccessPortRule().withNumber(22).withProtocol(Protocol.ASTERISK)
                        .withAllowedSourceAddressPrefix("*").withMaxRequestAccessDuration("PT3H"),
                    new JitNetworkAccessPortRule().withNumber(3389).withProtocol(Protocol.ASTERISK)
                        .withAllowedSourceAddressPrefix("*").withMaxRequestAccessDuration("PT3H")))))
            .withKind("Basic")
            .withRequests(Arrays.asList(new JitNetworkAccessRequestInner()
                .withVirtualMachines(Arrays.asList(new JitNetworkAccessRequestVirtualMachine().withId(
                    "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1")
                    .withPorts(Arrays.asList(
                        new JitNetworkAccessRequestPort().withNumber(3389).withAllowedSourceAddressPrefix("192.127.0.2")
                            .withEndTimeUtc(OffsetDateTime.parse("2018-05-17T09:06:45.5691611Z"))
                            .withStatus(Status.INITIATED).withStatusReason(StatusReason.USER_REQUESTED)))))
                .withStartTimeUtc(OffsetDateTime.parse("2018-05-17T08:06:45.5691611Z"))
                .withRequestor("barbara@contoso.com")))
            .create();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/CreateJitNetworkAccessPolicy_example.json
func ExampleJitNetworkAccessPoliciesClient_CreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewJitNetworkAccessPoliciesClient().CreateOrUpdate(ctx, "myRg1", "westeurope", "default", armsecurity.JitNetworkAccessPolicy{
		Kind:     to.Ptr("Basic"),
		Location: to.Ptr("westeurope"),
		Name:     to.Ptr("default"),
		Type:     to.Ptr("Microsoft.Security/locations/jitNetworkAccessPolicies"),
		ID:       to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default"),
		Properties: &armsecurity.JitNetworkAccessPolicyProperties{
			ProvisioningState: to.Ptr("Succeeded"),
			Requests: []*armsecurity.JitNetworkAccessRequest{
				{
					Requestor:    to.Ptr("barbara@contoso.com"),
					StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T08:06:45.569Z"); return t }()),
					VirtualMachines: []*armsecurity.JitNetworkAccessRequestVirtualMachine{
						{
							ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
							Ports: []*armsecurity.JitNetworkAccessRequestPort{
								{
									AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
									EndTimeUTC:                 to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T09:06:45.569Z"); return t }()),
									Number:                     to.Ptr[int32](3389),
									Status:                     to.Ptr(armsecurity.StatusInitiated),
									StatusReason:               to.Ptr(armsecurity.StatusReasonUserRequested),
								}},
						}},
				}},
			VirtualMachines: []*armsecurity.JitNetworkAccessPolicyVirtualMachine{
				{
					ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
					Ports: []*armsecurity.JitNetworkAccessPortRule{
						{
							AllowedSourceAddressPrefix: to.Ptr("*"),
							MaxRequestAccessDuration:   to.Ptr("PT3H"),
							Number:                     to.Ptr[int32](22),
							Protocol:                   to.Ptr(armsecurity.ProtocolAll),
						},
						{
							AllowedSourceAddressPrefix: to.Ptr("*"),
							MaxRequestAccessDuration:   to.Ptr("PT3H"),
							Number:                     to.Ptr[int32](3389),
							Protocol:                   to.Ptr(armsecurity.ProtocolAll),
						}},
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.JitNetworkAccessPolicy = armsecurity.JitNetworkAccessPolicy{
	// 	Kind: to.Ptr("Basic"),
	// 	Location: to.Ptr("westeurope"),
	// 	Name: to.Ptr("default"),
	// 	Type: to.Ptr("Microsoft.Security/locations/jitNetworkAccessPolicies"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default"),
	// 	Properties: &armsecurity.JitNetworkAccessPolicyProperties{
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		Requests: []*armsecurity.JitNetworkAccessRequest{
	// 			{
	// 				Requestor: to.Ptr("barbara@contoso.com"),
	// 				StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T08:06:45.569Z"); return t}()),
	// 				VirtualMachines: []*armsecurity.JitNetworkAccessRequestVirtualMachine{
	// 					{
	// 						ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 						Ports: []*armsecurity.JitNetworkAccessRequestPort{
	// 							{
	// 								AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
	// 								EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T09:06:45.569Z"); return t}()),
	// 								Number: to.Ptr[int32](3389),
	// 								Status: to.Ptr(armsecurity.StatusInitiated),
	// 								StatusReason: to.Ptr(armsecurity.StatusReasonUserRequested),
	// 						}},
	// 				}},
	// 		}},
	// 		VirtualMachines: []*armsecurity.JitNetworkAccessPolicyVirtualMachine{
	// 			{
	// 				ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 				Ports: []*armsecurity.JitNetworkAccessPortRule{
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](22),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 					},
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](3389),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 				}},
	// 		}},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Create a policy for protecting resources using Just-in-Time access control
 *
 * @summary Create a policy for protecting resources using Just-in-Time access control
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/CreateJitNetworkAccessPolicy_example.json
 */
async function createJitNetworkAccessPolicy() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "myRg1";
  const ascLocation = "westeurope";
  const jitNetworkAccessPolicyName = "default";
  const body = {
    name: "default",
    type: "Microsoft.Security/locations/jitNetworkAccessPolicies",
    id: "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
    kind: "Basic",
    location: "westeurope",
    provisioningState: "Succeeded",
    requests: [
      {
        requestor: "barbara@contoso.com",
        startTimeUtc: new Date("2018-05-17T08:06:45.5691611Z"),
        virtualMachines: [
          {
            id: "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            ports: [
              {
                allowedSourceAddressPrefix: "192.127.0.2",
                endTimeUtc: new Date("2018-05-17T09:06:45.5691611Z"),
                number: 3389,
                status: "Initiated",
                statusReason: "UserRequested",
              },
            ],
          },
        ],
      },
    ],
    virtualMachines: [
      {
        id: "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        ports: [
          {
            allowedSourceAddressPrefix: "*",
            maxRequestAccessDuration: "PT3H",
            number: 22,
            protocol: "*",
          },
          {
            allowedSourceAddressPrefix: "*",
            maxRequestAccessDuration: "PT3H",
            number: 3389,
            protocol: "*",
          },
        ],
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.jitNetworkAccessPolicies.createOrUpdate(
    resourceGroupName,
    ascLocation,
    jitNetworkAccessPolicyName,
    body,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using System.Xml;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/CreateJitNetworkAccessPolicy_example.json
// this example is just showing the usage of "JitNetworkAccessPolicies_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this JitNetworkAccessPolicyResource created on azure
// for more information of creating JitNetworkAccessPolicyResource, please refer to the document of JitNetworkAccessPolicyResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "myRg1";
AzureLocation ascLocation = new AzureLocation("westeurope");
string jitNetworkAccessPolicyName = "default";
ResourceIdentifier jitNetworkAccessPolicyResourceId = JitNetworkAccessPolicyResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, ascLocation, jitNetworkAccessPolicyName);
JitNetworkAccessPolicyResource jitNetworkAccessPolicy = client.GetJitNetworkAccessPolicyResource(jitNetworkAccessPolicyResourceId);

// invoke the operation
JitNetworkAccessPolicyData data = new JitNetworkAccessPolicyData(new JitNetworkAccessPolicyVirtualMachine[]
{
new JitNetworkAccessPolicyVirtualMachine(new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),new JitNetworkAccessPortRule[]
{
new JitNetworkAccessPortRule(22,JitNetworkAccessPortProtocol.All,XmlConvert.ToTimeSpan("PT3H"))
{
AllowedSourceAddressPrefix = "*",
},new JitNetworkAccessPortRule(3389,JitNetworkAccessPortProtocol.All,XmlConvert.ToTimeSpan("PT3H"))
{
AllowedSourceAddressPrefix = "*",
}
})
})
{
    Requests =
    {
    new JitNetworkAccessRequestInfo(new JitNetworkAccessRequestVirtualMachine[]
    {
    new JitNetworkAccessRequestVirtualMachine(new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),new JitNetworkAccessRequestPort[]
    {
    new JitNetworkAccessRequestPort(3389,DateTimeOffset.Parse("2018-05-17T09:06:45.5691611Z"),JitNetworkAccessPortStatus.Initiated,JitNetworkAccessPortStatusReason.UserRequested)
    {
    AllowedSourceAddressPrefix = "192.127.0.2",
    }
    })
    },DateTimeOffset.Parse("2018-05-17T08:06:45.5691611Z"),"barbara@contoso.com")
    },
    Kind = "Basic",
};
ArmOperation<JitNetworkAccessPolicyResource> lro = await jitNetworkAccessPolicy.UpdateAsync(WaitUntil.Completed, data);
JitNetworkAccessPolicyResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
JitNetworkAccessPolicyData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

샘플 응답

상태 코드:: 200

{
  "kind": "Basic",
  "properties": {
    "virtualMachines": [
      {
        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        "ports": [
          {
            "number": 22,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          },
          {
            "number": 3389,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          }
        ]
      }
    ],
    "requests": [
      {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 3389,
                "allowedSourceAddressPrefix": "192.127.0.2",
                "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                "status": "Initiated",
                "statusReason": "UserRequested"
              }
            ]
          }
        ],
        "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
        "requestor": "barbara@contoso.com"
      }
    ],
    "provisioningState": "Succeeded"
  },
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
  "name": "default",
  "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
  "location": "westeurope"
}

정의

Name	Description
CloudError	실패한 작업에 대한 오류 세부 정보를 반환하는 모든 Azure Resource Manager API에 대한 일반적인 오류 응답입니다. 또한 OData 오류 응답 형식을 따릅니다.
CloudErrorBody	오류 세부 정보입니다.
ErrorAdditionalInfo	리소스 관리 오류 추가 정보입니다.
JitNetworkAccessPolicy
JitNetworkAccessPolicyVirtualMachine
JitNetworkAccessPortRule
JitNetworkAccessRequest
JitNetworkAccessRequestPort
JitNetworkAccessRequestVirtualMachine
protocol
status	포트의 상태
statusReason	`status` 값이 있는 이유에 대한 설명

CloudError

실패한 작업에 대한 오류 세부 정보를 반환하는 모든 Azure Resource Manager API에 대한 일반적인 오류 응답입니다. 또한 OData 오류 응답 형식을 따릅니다.

Name	형식	Description
error.additionalInfo	ErrorAdditionalInfo[]	오류 추가 정보입니다.
error.code	string	오류 코드입니다.
error.details	CloudErrorBody[]	오류 세부 정보입니다.
error.message	string	오류 메시지입니다.
error.target	string	오류 대상입니다.

CloudErrorBody

오류 세부 정보입니다.

Name	형식	Description
additionalInfo	ErrorAdditionalInfo[]	오류 추가 정보입니다.
code	string	오류 코드입니다.
details	CloudErrorBody[]	오류 세부 정보입니다.
message	string	오류 메시지입니다.
target	string	오류 대상입니다.

ErrorAdditionalInfo

리소스 관리 오류 추가 정보입니다.

Name	형식	Description
info	object	추가 정보입니다.
type	string	추가 정보 유형입니다.

JitNetworkAccessPolicy

Name	형식	Description
id	string	리소스 ID
kind	string	리소스 종류
location	string	리소스가 저장되는 위치
name	string	리소스 이름
properties.provisioningState	string	Just-In-Time 정책의 프로비전 상태를 가져옵니다.
properties.requests	JitNetworkAccessRequest[]
properties.virtualMachines	JitNetworkAccessPolicyVirtualMachine[]	Microsoft.Compute/virtualMachines 리소스 종류에 대한 구성입니다.
type	string	리소스 종류

JitNetworkAccessPolicyVirtualMachine

Name	형식	Description
id	string	이 정책에 연결된 가상 머신의 리소스 ID
ports	JitNetworkAccessPortRule[]	가상 머신에 대한 포트 구성
publicIpAddress	string	해당되는 경우 이 정책에 연결된 Azure Firewall의 공용 IP 주소

JitNetworkAccessPortRule

Name	형식	Description
allowedSourceAddressPrefix	string	"allowedSourceAddressPrefixes" 매개 변수와 함께 사용할 수 없습니다. IP 주소 또는 CIDR(예: "192.168.0.3" 또는 "192.168.0.0/16")이어야 합니다.
allowedSourceAddressPrefixes	string[]	"allowedSourceAddressPrefix" 매개 변수와 함께 사용할 수 없습니다.
maxRequestAccessDuration	string	최대 기간 요청을 수행할 수 있습니다. ISO 8601 기간 형식입니다. 최소 5분, 최대 1일
number	integer
protocol	protocol

JitNetworkAccessRequest

Name	형식	Description
justification	string	시작 요청을 만들기 위한 근거
requestor	string	요청을 한 사람의 ID입니다.
startTimeUtc	string	요청의 시작 시간(UTC)
virtualMachines	JitNetworkAccessRequestVirtualMachine[]

JitNetworkAccessRequestPort

Name	형식	Description
allowedSourceAddressPrefix	string	"allowedSourceAddressPrefixes" 매개 변수와 함께 사용할 수 없습니다. IP 주소 또는 CIDR(예: "192.168.0.3" 또는 "192.168.0.0/16")이어야 합니다.
allowedSourceAddressPrefixes	string[]	"allowedSourceAddressPrefix" 매개 변수와 함께 사용할 수 없습니다.
endTimeUtc	string	요청이 UTC로 끝나는 날짜 & 시간입니다.
mappedPort	integer	해당하는 경우 Azure Firewall에서 이 포트의 `number` 매핑되는 포트
number	integer
status	status	포트의 상태
statusReason	statusReason	`status` 값이 있는 이유에 대한 설명

JitNetworkAccessRequestVirtualMachine

Name	형식	Description
id	string	이 정책에 연결된 가상 머신의 리소스 ID
ports	JitNetworkAccessRequestPort[]	가상 머신에 대해 열린 포트

protocol

Name	형식	Description
*	string
TCP	string
UDP	string

status

포트의 상태

Name	형식	Description
Initiated	string
Revoked	string

statusReason

status 값이 있는 이유에 대한 설명

Name	형식	Description
Expired	string
NewerRequestInitiated	string
UserRequested	string

다음을 통해 공유

Jit Network Access Policies - Create Or Update

URI 매개 변수

요청 본문

응답

보안

azure_auth

범위

예제

Create JIT network access policy

샘플 요청

샘플 응답

정의

CloudError

CloudErrorBody

ErrorAdditionalInfo

JitNetworkAccessPolicy

JitNetworkAccessPolicyVirtualMachine

JitNetworkAccessPortRule

JitNetworkAccessRequest

JitNetworkAccessRequestPort

JitNetworkAccessRequestVirtualMachine

protocol

status

statusReason

추가 리소스