Edit

Share via

Remove-AzKeyVaultManagedHsmNetworkRule

Module:
Az.KeyVault Module

Remove one or more IP network rules from a Managed HSM firewall configuration.

Syntax

ByName (Default) 

Remove-AzKeyVaultManagedHsmNetworkRule
    [-Name] <String>
    [[-ResourceGroupName] <String>]
    [-IpAddressRange <String[]>]
    [-VirtualNetworkResourceId <String[]>]
    [-PassThru]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [-SubscriptionId <String>]
    [<CommonParameters>]

ByInputObject 

Remove-AzKeyVaultManagedHsmNetworkRule
    [-InputObject] <PSManagedHsm>
    [-IpAddressRange <String[]>]
    [-VirtualNetworkResourceId <String[]>]
    [-PassThru]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [-SubscriptionId <String>]
    [<CommonParameters>]

ByResourceId 

Remove-AzKeyVaultManagedHsmNetworkRule
    [-ResourceId] <String>
    [-IpAddressRange <String[]>]
    [-VirtualNetworkResourceId <String[]>]
    [-PassThru]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [-SubscriptionId <String>]
    [<CommonParameters>]

Description

Removes the specified CIDR ranges from the Managed HSM IP rule list. Ranges that are not currently present are ignored (no error). The firewall remains in its prior DefaultAction state; removing all IP rules does not automatically change DefaultAction.

To subsequently open the firewall, run Update-AzKeyVaultManagedHsmNetworkRuleSet -DefaultAction Allow AFTER ensuring there are no remaining IP rules.

Examples

Example 1: Remove a single IP range

Remove-AzKeyVaultManagedHsmNetworkRule -Name myHsm -ResourceGroupName myRg -IpAddressRange 203.0.113.0/24

(No output but the IP "203.0.113.0/24" is removed from the list of strings)

Removes one IP rule if it exists.

Example 2: Remove multiple ranges and return the updated object

Remove-AzKeyVaultManagedHsmNetworkRule -Name myHsm -ResourceGroupName myRg -IpAddressRange 203.0.113.0/24,198.51.100.10/32 -PassThru

(The two IPs are removed from the list in IPRules)

Name           Resource Group Name Location SKU        ProvisioningState Security Domain ActivationStatus
----           ------------------- -------- ---        ----------------- --------------------------------
mhsm1814428918 kv-mhsm-rg          eastus   StandardB1 Succeeded         NotActivated


$hsm.OriginalManagedHsm.Properties.NetworkAcls
Bypass              : AzureServices
DefaultAction       : Deny
IPRules             : {100.0.100.0/24}
ServiceTags         : {}
VirtualNetworkRules : {}

Removes both ranges (ignoring any that are missing) and outputs the Managed HSM.

Example 3: Remove the last rule then allow all traffic

Remove-AzKeyVaultManagedHsmNetworkRule -Name myHsm -ResourceGroupName myRg -IpAddressRange 198.51.100.0/24
Update-AzKeyVaultManagedHsmNetworkRuleSet -Name myHsm -ResourceGroupName myRg -DefaultAction Allow

(No Output but "198.51.100.0/24" was removed from the list)


Name           Resource Group Name Location SKU        ProvisioningState Security Domain ActivationStatus
----           ------------------- -------- ---        ----------------- --------------------------------
mhsm1814428918 kv-mhsm-rg          eastus   StandardB1 Succeeded         NotActivated


$h.OriginalManagedHsm.Properties.NetworkAcls
Bypass              : AzureServices
DefaultAction       : Allow
IPRules             : {}
ServiceTags         : {}
VirtualNetworkRules : {}

First clears the final IP rule; then switches the firewall to Allow.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False
Aliases:cf

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Parameter properties

Type:IAzureContextContainer
Default value:None
Supports wildcards:False
DontShow:False
Aliases:AzContext, AzureRmContext, AzureCredential

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-InputObject

Managed HSM object.

Parameter properties

Type:PSManagedHsm
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

ByInputObject
Position:0
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False

-IpAddressRange

One or more CIDR ranges to remove. Must match existing entries exactly (case-insensitive). Required.

Parameter properties

Type:

String[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Name

Specifies the name of a Managed HSM whose network rule set is being modified.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False
Aliases:HsmName

Parameter sets

ByName
Position:0
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-PassThru

This Cmdlet does not return an object by default. If this switch is specified, it returns the updated managed HSM object.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-ResourceGroupName

Specifies the resource group name of the Managed HSM whose network rule set is being modified.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

ByName
Position:1
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-ResourceId

Managed HSM resource Id.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

ByResourceId
Position:0
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-SubscriptionId

The ID of the subscription.

By default, cmdlets are executed in the subscription that is set in the current context. If the user specifies another subscription, the current cmdlet is executed in the subscription specified by the user.

Overriding subscriptions only take effect during the lifecycle of the current cmdlet. It does not change the subscription in the context, and does not affect subsequent cmdlets.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-VirtualNetworkResourceId

(Not supported) Virtual network rules are not currently supported for Managed HSM.

Parameter properties

Type:

String[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False
Aliases:wi

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

PSManagedHsm

String

Outputs

PSManagedHsm