Update an Existing NSG to add more rules

Question

Hi Community

I need to add some additional security rules to an existing Network Security Group that's attached to a subnet. I'm kind of unsure if this possible using Bicep and if it is, are there any documents / references that describe how we can achieve this.

In specific, I'm just unsure how can I reference the existing NSG in Bicep and amend / add newer rules to it. Also, I understand that connection to NSG is a property of Subnet (not NSG), so are there any considerations to be aware if when updating an NSG)?

Can someone please provide guidance on this please?

Thanks

Taranjeet Singh

Answer 1

Hi @Taranjeet Malik ,

you can try something like this (not tested)

param nsgName string
param resourceGroupName string
var location = resourceGroup().location
// Use existing NSG
resource existingNSG 'Microsoft.Network/networkSecurityGroups@2020-11-01' existing = {
name: nsgName
scope: resourceGroup(resourceGroupName)
}
// Create additional security rules
resource nsgRule1 'Microsoft.Network/networkSecurityGroups/securityRules@2020-11-01' = {
  parent: existingNSG
  name: 'AllowSomething1'
  properties: {
    priority: 500
    direction: 'Inbound'
    access: 'Allow'
    protocol: 'Tcp'
    sourcePortRange: '*'
    destinationPortRange: '80'
    sourceAddressPrefix: '*'
    destinationAddressPrefix: '*'
  }
}
resource nsgRule2 'Microsoft.Network/networkSecurityGroups/securityRules@2020-11-01' = {
  parent: existingNSG
  name: 'AllowSomething2'
  properties: {
    priority: 510
    direction: 'Inbound'
    access: 'Allow'
    protocol: 'Tcp'
    sourcePortRange: '*'
    destinationPortRange: '443'
    sourceAddressPrefix: '*'
    destinationAddressPrefix: '*'
  }
}

---

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards

Andreas Baumgarten