Assign (Set) an Application Security Group to Scale Set in Azure

Question

I provisioned a Virtual Machine ScaleSet in Azure. Now, i want to assign an Application Security Group to the Scaleset:

This is the Scaleset

$vmssWeb = get-azvmss -ResourceGroupName webRG -VMScaleSetName webVMSS
This is the Application Security Group
$asgWeb = Get-AzApplicationSecurityGroup -ResourceGroupName webRG -Name webASG

This is the nic associated to the Scaleset

$nic = $vmss1.VirtualMachineProfile.NetworkProfile.NetworkInterfaceConfigurations[0]

This line generates the error when i want to associate the ASG to VMSS

$nic.IpConfigurations[0].ApplicationSecurityGroups = $asgWeb

Usually this works when we work with NICs. Not in this case :-(

-----------------

Error:
Exception setting "ApplicationSecurityGroups": "Cannot convert the "Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup" value of type 
"Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup" to type "System.Collections.Generic.IList`1[Microsoft.Azure.Management.Compute.Models.SubResource]"."
At line:1 char:1
+ $nic.IpConfigurations[0].ApplicationSecurityGroups = $asgWeb
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], SetValueInvocationException
    + FullyQualifiedErrorId : ExceptionWhenSetting

Any advice?

Answer 1

With the test, I do not find the PowerShell command which can achieve your purpose. Now the PowerShell command does not have the parameter for the Application Security Group.

But instead, you can use the Azure CLI to achieve it. Use the CLI command like this:

az vmss update -g group_name -n vmss_name --add virtualMachineProfile.networkProfile.networkInterfaceConfigurations[0].ipConfigurations[0].applicationSecurityGroups id="asg_id"
az vmss update-instance -g group_name -n vmss_name --instance-ids id_number

Also, you can associate the ASG to the VMSS through the Azure Template in the creation time.