-
Notifications
You must be signed in to change notification settings - Fork 0
/
AzureRM - Authorize ER Circuit and Link to Classic VNET in different subscription.ps1
131 lines (90 loc) · 3.74 KB
/
AzureRM - Authorize ER Circuit and Link to Classic VNET in different subscription.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<#
# Enable existing ARM-provisoned ExpressRoute circuit for Classic operations
#>
# Select Azure Cloud Environment
$azureEnv =
(Get-AzureEnvironment).Name |
Out-GridView `
-Title "Select Azure Environment ..." `
-PassThru
# Sign-in to ARM with Azure account credentials
Login-AzureRmAccount `
-EnvironmentName $azureEnv
# Select Azure Subscription
$subscriptionId =
(Get-AzureRmSubscription |
Out-GridView `
-Title "Select an Azure Subscription ..." `
-PassThru).SubscriptionId
Select-AzureRmSubscription `
-SubscriptionId $subscriptionId
# Select Azure Resource Group that contains existing ExpressRoute circuit
$rgName =
(Get-AzureRmResourceGroup |
Out-GridView `
-Title "Select an Azure Resource Group ..." `
-PassThru).ResourceGroupName
# Select existing ExpressRoute circuit
$cktName =
(Get-AzureRmExpressRouteCircuit |
Out-GridView `
-Title "Select an ExpressRoute circuit ..." `
-PassThru).Name
# Enable Classic Operations for ARM-provisioned ExpressRoute circuit
$ckt =
Get-AzureRmExpressRouteCircuit `
-Name $cktName `
-ResourceGroupName $rgName
$ckt.AllowClassicOperations = $true
Set-AzureRmExpressRouteCircuit `
-ExpressRouteCircuit $ckt
<#
# Authorize ExpressRoute circuit for linking to Classic VNET in separate subscription
#>
# Import ExpressRoute PowerShell Module for Classic operations
Import-Module "C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\ExpressRoute\ExpressRoute.psd1"
# Sign-in to ASM with Azure AD credentials
Add-AzureAccount `
-Environment $azureEnv
# Select same Azure subscription for use with ASM
Select-AzureSubscription `
-SubscriptionId $subscriptionId
$authIds =
Read-Host -Prompt "Enter comma-separated list of Microsoft Ids to authorize"
$authDesc =
Read-Host -Prompt "Enter description for this circuit authorization"
$authLimit =
Read-Host -Prompt "Enter a limit on # of VNETs that can be connected for this authorization"
New-AzureDedicatedCircuitLinkAuthorization `
-ServiceKey $ckt.ServiceKey `
-MicrosoftIds $authIds `
-Description "$authDesc" `
-Limit $authLimit
<#
# Link ExpressRoute Circuit to Classic VNET in different subscription
#>
# Import ExpressRoute PowerShell Module for Classic operations
Import-Module "C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\ExpressRoute\ExpressRoute.psd1"
# Select Azure Cloud Environment
$azureEnv =
(Get-AzureEnvironment).Name |
Out-GridView `
-Title "Select Azure Environment ..." `
-PassThru
# Sign-in to ASM as Authorized User
Add-AzureAccount `
-Environment $azureEnv
# Select Azure Subscription to connect to shared ExpressRoute circuit
$authSubscriptionId =
(Get-AzureSubscription |
Out-GridView `
-Title "Select an Azure Subscription ..." `
-PassThru).SubscriptionId
Select-AzureSubscription `
-SubscriptionId $authSubscriptionId
# Get circuit properties for authorized ExpressRoute circuit
$ckt = Get-AzureAuthorizedDedicatedCircuit
# Connect authorized ExpressRoute circuit to Classic VNET with GatewaySubnet and VNET Gateway already provisioned
# See this link for steps to provision GatewaySubnet and VNET Gateway: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-vnet-portal-classic
$vnetName = "classic-vnet-name"
New-AzureDedicatedCircuitLink -ServiceKey $ckt.ServiceKey -VNetName $vnetName