Automatically query the Azure CDN Edge Nodes List
What if you need to pull down the list of Azure CDN IP Addresses? If you need to do this once in a while then Microsoft’s Try It button…
What if you need to pull down the list of Azure CDN IP Addresses? If you need to do this once in a while then Microsoft’s Try It button works great to quickly get you the JSON data¹. Quickly parsing that into CIDR notation can be a headache. Its an even bigger headache if you need to fetch this list daily.
Manual way
Once you get the JSON list you can run the commands below. This will take the formatted JSON data and output it into standard CIDR format. These commands are for Linux/OSX, however you can get JQ for Windows. If someone wants to comment with a Powershell equivalent that would be awesome!For IPv4:
cat edgenodes.json | jq -r '.value[].properties.ipAddressGroups[].ipv4Addresses[] | "\(.baseIpAddress)/\(.prefixLength)"' | sort | uniqFor IPv6:
cat edgenodes.json | jq -r ‘.value[].properties.ipAddressGroups[].ipv6Addresses[] | “\(.baseIpAddress)/\(.prefixLength)”’ | sort | uniq
Automatic Way
If you want to setup a script and have a list downloaded everyday then you’re in luck because I wrote one and shared it! Its called get-azure-cdn-ips and is really easy to setup and get running. The hardest part was figuring out what I needed to setup within Azure in order to be able to access this API programmatically. Thankfully I figured that out for you and its pretty simple.
Getting an API Token from Azure
- Login to https://portal.azure.com/ and search for App registrations
- Click Enterprise Applications and then New registration. Give it a name and keep the default settings and then click Register.
- Once registered you’ll see the Application (client) ID and Directory (tenant) ID, you’ll need these later.
- Click on Certificates & secrets and click New client secret, set it to Never expire. Once generated copy this secret and save it offline. After you leave this page you won’t be able to see it again.
- Once you have these details you can plug them into the script and run it to get the your list of CIDRs. Enjoy!
[1]: Provided you have a Microsoft Azure account setup already