Share via

Error creating Azure network with security group

Eric Hodges 51 Reputation points
2022-03-03T14:24:50.213+00:00

I am attempting to create an azure network with a security group applied to one of the subnets, using a Bicep template. When I deploy I get an error saying "value for reference id is missing. Path properties.subnets[1].properties.networkSecurityGroup." (Code:MissingJsonReferenceId). Below is the Bicep template. 

@description('The network address for the entire network, in CIDR form')
param NetworkAddress string

@description('The network address for the subnet for Application Gateways, in CIDR form')
param AppGatewayAddress string

@description('The network address for the subnet for VM Scale Sets, in CIDR form')
param VmssAddress string


resource VMNetSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-05-01' = {
  name: 'nsg-vmss'
  location: resourceGroup().location
  properties: {
    securityRules: [
      {
        name: 'Deny80BetweenVms'
        properties: {
          description: 'Keep VMs from talking directly to one another on port 80'
          access: 'Deny'
          direction: 'Inbound'
          protocol: '*'
          sourceAddressPrefix: VmssAddress
          sourcePortRange: '*'
          destinationAddressPrefix: '*'
          destinationPortRange: '80'
          priority: 1000
        }
      }
    ]
  }
}

resource Network 'Microsoft.Network/virtualNetworks@2021-05-01' = {
  name: 'net1'
  location: resourceGroup().location
  properties: {
    addressSpace: {
      addressPrefixes: [
        NetworkAddress
      ]
    }
    subnets: [
      {
        name: 'AppGatewaySubnet'
        properties: {
          addressPrefix: AppGatewayAddress
        }
      }
      {
        name: 'VmssSubnet'
        properties: {
          addressPrefix: VmssAddress
          networkSecurityGroup: VMNetSecurityGroup
        }
      }
    ]
  }
}
Azure Virtual Network
Azure Virtual Network

An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Eric Hodges 51 Reputation points
    2022-03-03T17:44:56.973+00:00

    I figured it out. It should be done like this: 

    {
  name: 'VmssSubnet'
  properties: {
    addressPrefix: VmssAddress
    networkSecurityGroup: {
      id: VMNetSecurityGroup.id
    }
  }
}

    Was this answer helpful?

    0 comments
  2. suvasara-MSFT 10,166 Reputation points Moderator
    2022-03-03T16:18:45.303+00:00

    @Eric Hodges , Do try this way by not enclosing the NSG under properties section of subnet, 

       subnets: [  
         {  
           name: 'subnet1'  
           addressPrefix: '192.168.1.0/24'  
           nsgToAttach: 'nsg1'  
         }  
         {  
           name: 'subnet2'  
           addressPrefix: '192.168.2.0/24'  
         }  
         {  
           name: 'subnet3'  
           addressPrefix: '10.0.0.0/24'  
         }  
       ]

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.