Azure Stack Admin REST API - Add Tags within Public IP Addresses endpoint
We would like to make some automation on Azure Stack and PIP @ip address within Datacenter integration by using TAGS.
The REST API : https://docs.microsoft.com/en-ca/rest/api/azurestack/publicipaddresses/list?view=servicefabricactors-2.6.204 have tags properties available, but when we call the REST API Endpoint, the JSON response not reporting value setup within Stack :(
In term of usage, here 2 use cases.
use case 1 : if Public IP scenario is used for PIP and deployement, then by "default" the Public IP could be protected by Physical Firewall in front of Stack (ie Policy with low priority with Deny/Deny by default). Then, if the end user want to expose/open the Public IP Address, the user will setup a TAGs on Publci IP Object within Stack (ie. internet=allow). Then an automation script we setup, will periodically scan/list all Public IP allocated at Stack/Region level to automated some policy change within Firewall to "Allow/Allow" Internet traffic to Public IP.
use case 2 : within PIP (Private / RFC2918) scenario, that required some NAT engineering to brige Privaet PIP with a Public IP, some work have to be done. Once again, it could be automated.
From end user perspective, it will allow some self service feature by using TAGs, and from CDR/recharging/billing perspective, it will allow to re-use the TAGs value (if reported within CDR) to make some custom billing.
Option : this approach could be used or extended by ISP to setup different or several Firewall Policy/Protection and allow end user to select/pickup the appropriate one. As example :
* Tag : Internet / Value : Open (allow/allow)
* Tag : Internet / Value : Basic (allow/allow + some filtering vs @ip * having bad reputation (ie. Dshield, Spamhaus, ...)
* Tag : Internet / Value : Medium (same as Basic + some additional protection)
* etc ...