create NSG.

Author: sivakami

.pipelines/swiftv2-long-running/scripts/create_nsg.sh

@@ -3,11 +3,58 @@ set -e
 
 SUBSCRIPTION_ID=$1
 RG=$2
+LOCATION=${3:-centraluseuap}
 
 VNET_A1="cx_vnet_a1"
 S1_PREFIX="10.10.1.0/24"
 S2_PREFIX="10.10.2.0/24"
 NSG_NAME="${VNET_A1}-nsg"
 
-az network nsg create -g "$RG" -n "$NSG_NAME" --output none
-az network nsg rule create -g "$RG"
+echo "==> Creating Network Security Group: $NSG_NAME"
+az network nsg create -g "$RG" -n "$NSG_NAME" -l "$LOCATION" --output none
+
+echo "==> Adding NSG rules"
+
+# Allow SSH from any
+az network nsg rule create \
+  -g "$RG" \
+  --nsg-name "$NSG_NAME" \
+  -n allow-ssh \
+  --priority 100 \
+  --source-address-prefixes "*" \
+  --destination-port-ranges 22 \
+  --direction Inbound \
+  --access Allow \
+  --protocol Tcp \
+  --description "Allow SSH access" \
+  --output none
+
+# Allow internal VNet traffic
+az network nsg rule create \
+  -g "$RG" \
+  --nsg-name "$NSG_NAME" \
+  -n allow-vnet \
+  --priority 200 \
+  --source-address-prefixes VirtualNetwork \
+  --destination-address-prefixes VirtualNetwork \
+  --direction Inbound \
+  --access Allow \
+  --protocol "*" \
+  --description "Allow VNet internal traffic" \
+  --output none
+
+# Allow AKS API traffic
+az network nsg rule create \
+  -g "$RG" \
+  --nsg-name "$NSG_NAME" \
+  -n allow-aks-controlplane \
+  --priority 300 \
+  --source-address-prefixes AzureCloud \
+  --destination-port-ranges 443 \
+  --direction Inbound \
+  --access Allow \
+  --protocol Tcp \
+  --description "Allow AKS control plane traffic" \
+  --output none
+
+echo "NSG '$NSG_NAME' created successfully with rules."