Azure DevOps Free BuildAgent

Hello Team,

As you all know, in Azure DevOps you can use a free build agent with 1 limitation – no static IP address. It may generate and it will generate a lot of problems (DB deploy, Firewall troubles and etc.). If you open a ticket to MS Support, they will ask you to open all Region in your Firewall (thousands of IPs πŸ™‚ ).

A small workaround for AWS:

  1. Add PowerShell step:


$ip = (Invoke-WebRequest -uri "").Content
Write-Host "$ip 1 step"
Write-Host "##vso[task.setvariable variable=IP]$ip"

2. Then add next step: AWS Tools for Windows PowerShell Script:


$allow = @{IpProtocol="tcp"; FromPort="1433"; ToPort="1433"; IpRanges="$(ip)/32"}
Grant-EC2SecurityGroupIngress -GroupID sg-805f89e8 -IpPermission @($allow)

3. And add the last step to remove the rule: AWS Tools for Windows PowerShell Script


$allow = @{IpProtocol="tcp"; FromPort="1433"; ToPort="1433"; IpRanges="$(ip)/32"}
Revoke-EC2SecurityGroupIngress -GroupID sg-805f89e8 -IpPermission @($allow)

These steps will automatically add temporary security rule to AWS and then in may case (for DB upgrade) remove all the rules created earlier.

Have fun.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s