Azure & GCP Support

Microsoft Azure (Supported)

EntryGuard supports two Azure resource types, both authenticated via Service Principal credentials (tenant ID, client ID, client secret, subscription ID).

Azure Network Security Groups (NSG)

Dynamic IP access management for VMs, AKS, Azure SQL, and other Azure resources protected by NSGs. EntryGuard creates inbound security rules with auto-assigned priorities starting at 200.

Configuration:

• Resource Group (required) — The resource group containing the NSG
• Protocol (default: *) — TCP, UDP, or any
• From Port / To Port (default: *) — Port range to allow

Azure WAF Policy

Dynamic IP allowlisting via custom rules on Azure WAF Policies. EntryGuard manages a single custom rule per policy containing all allowed IP addresses, avoiding the 100 custom rule limit.

Configuration:

• Resource Group (required) — The resource group containing the WAF Policy
• Rule Name (default: EntryGuardAllowList) — Name for the custom rule
• Rule Priority (default: 10) — Priority for the custom rule

Azure Credential Setup

1. Create a Service Principal in Azure Active Directory
2. Assign it the appropriate role on the target resource group:
   • For NSG: Network Contributor role
   • For WAF Policy: Contributor role on the WAF Policy resource
3. In EntryGuard, add a credential with provider AZURE and type service_principal
4. Enter the tenant ID, client ID, client secret, and subscription ID

Google Cloud Platform (GCP) — Planned

GCP support is planned but not yet implemented. The provider option exists in the UI as a placeholder.

Planned: GCP VPC Firewall Rules for Compute Engine, GKE, Cloud SQL, and other GCP services. Authentication via Service Account JSON keys.

If you need GCP support, contact [email protected].

Next Steps

• Get started with AWS credentials →
• Add AWS Security Groups →
• Cloud Resources Overview →