Microsoft.Network virtualNetworks/subnets
Bicep resource definition
The virtualNetworks/subnets resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Remarks
For guidance on creating virtual networks and subnets, see Create virtual network resources by using Bicep.
Resource format
To create a Microsoft.Network/virtualNetworks/subnets resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/virtualNetworks/subnets@2023-11-01' = {
name: 'string'
parent: resourceSymbolicName
properties: {
addressPrefix: 'string'
addressPrefixes: [
'string'
]
applicationGatewayIPConfigurations: [
{
id: 'string'
name: 'string'
properties: {
subnet: {
id: 'string'
}
}
}
]
defaultOutboundAccess: bool
delegations: [
{
id: 'string'
name: 'string'
properties: {
serviceName: 'string'
}
type: 'string'
}
]
ipAllocations: [
{
id: 'string'
}
]
natGateway: {
id: 'string'
}
networkSecurityGroup: {
id: 'string'
location: 'string'
properties: {
flushConnection: bool
securityRules: [
{
id: 'string'
name: 'string'
properties: {
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationAddressPrefixes: [
'string'
]
destinationApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {}
}
]
destinationPortRange: 'string'
destinationPortRanges: [
'string'
]
direction: 'string'
priority: int
protocol: 'string'
sourceAddressPrefix: 'string'
sourceAddressPrefixes: [
'string'
]
sourceApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {}
}
]
sourcePortRange: 'string'
sourcePortRanges: [
'string'
]
}
type: 'string'
}
]
}
tags: {}
}
privateEndpointNetworkPolicies: 'string'
privateLinkServiceNetworkPolicies: 'string'
routeTable: {
id: 'string'
location: 'string'
properties: {
disableBgpRoutePropagation: bool
routes: [
{
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
hasBgpOverride: bool
nextHopIpAddress: 'string'
nextHopType: 'string'
}
type: 'string'
}
]
}
tags: {}
}
serviceEndpointPolicies: [
{
id: 'string'
location: 'string'
properties: {
contextualServiceEndpointPolicies: [
'string'
]
serviceAlias: 'string'
serviceEndpointPolicyDefinitions: [
{
id: 'string'
name: 'string'
properties: {
description: 'string'
service: 'string'
serviceResources: [
'string'
]
}
type: 'string'
}
]
}
tags: {}
}
]
serviceEndpoints: [
{
locations: [
'string'
]
service: 'string'
}
]
sharingScope: 'string'
}
}
Property values
virtualNetworks/subnets
Name | Description | Value |
---|---|---|
name | The resource name See how to set names and types for child resources in Bicep. |
string (required) Character limit: 1-80 Valid characters: Alphanumerics, underscores, periods, and hyphens. Start with alphanumeric. End alphanumeric or underscore. |
parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: virtualNetworks |
properties | Properties of the subnet. | SubnetPropertiesFormat |
SubnetPropertiesFormat
Name | Description | Value |
---|---|---|
addressPrefix | The address prefix for the subnet. | string |
addressPrefixes | List of address prefixes for the subnet. | string[] |
applicationGatewayIPConfigurations | Application gateway IP configurations of virtual network resource. | ApplicationGatewayIPConfiguration[] |
defaultOutboundAccess | Set this property to false to disable default outbound connectivity for all VMs in the subnet. This property can only be set at the time of subnet creation and cannot be updated for an existing subnet. | bool |
delegations | An array of references to the delegations on the subnet. | Delegation[] |
ipAllocations | Array of IpAllocation which reference this subnet. | SubResource[] |
natGateway | Nat gateway associated with this subnet. | SubResource |
networkSecurityGroup | The reference to the NetworkSecurityGroup resource. | NetworkSecurityGroup |
privateEndpointNetworkPolicies | Enable or Disable apply network policies on private end point in the subnet. | 'Disabled' 'Enabled' 'NetworkSecurityGroupEnabled' 'RouteTableEnabled' |
privateLinkServiceNetworkPolicies | Enable or Disable apply network policies on private link service in the subnet. | 'Disabled' 'Enabled' |
routeTable | The reference to the RouteTable resource. | RouteTable |
serviceEndpointPolicies | An array of service endpoint policies. | ServiceEndpointPolicy[] |
serviceEndpoints | An array of service endpoints. | ServiceEndpointPropertiesFormat[] |
sharingScope | Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. | 'DelegatedServices' 'Tenant' |
ApplicationGatewayIPConfiguration
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Name of the IP configuration that is unique within an Application Gateway. | string |
properties | Properties of the application gateway IP configuration. | ApplicationGatewayIPConfigurationPropertiesFormat |
ApplicationGatewayIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
subnet | Reference to the subnet resource. A subnet from where application gateway gets its private address. | SubResource |
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
Delegation
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a subnet. This name can be used to access the resource. | string |
properties | Properties of the subnet. | ServiceDelegationPropertiesFormat |
type | Resource type. | string |
ServiceDelegationPropertiesFormat
Name | Description | Value |
---|---|---|
serviceName | The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). | string |
NetworkSecurityGroup
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the network security group. | NetworkSecurityGroupPropertiesFormat |
tags | Resource tags. | object |
NetworkSecurityGroupPropertiesFormat
Name | Description | Value |
---|---|---|
flushConnection | When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. | bool |
securityRules | A collection of security rules of the network security group. | SecurityRule[] |
SecurityRule
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the security rule. | SecurityRulePropertiesFormat |
type | The type of the resource. | string |
SecurityRulePropertiesFormat
Name | Description | Value |
---|---|---|
access | The network traffic is allowed or denied. | 'Allow' 'Deny' (required) |
description | A description for this rule. Restricted to 140 chars. | string |
destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
destinationApplicationSecurityGroups | The application security group specified as destination. | ApplicationSecurityGroup[] |
destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
destinationPortRanges | The destination port ranges. | string[] |
direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int (required) |
protocol | Network protocol this rule applies to. | '*' 'Ah' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
sourceApplicationSecurityGroups | The application security group specified as source. | ApplicationSecurityGroup[] |
sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
sourcePortRanges | The source port ranges. | string[] |
ApplicationSecurityGroup
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the application security group. | ApplicationSecurityGroupPropertiesFormat |
tags | Resource tags. | object |
ApplicationSecurityGroupPropertiesFormat
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
RouteTable
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the route table. | RouteTablePropertiesFormat |
tags | Resource tags. | object |
RouteTablePropertiesFormat
Name | Description | Value |
---|---|---|
disableBgpRoutePropagation | Whether to disable the routes learned by BGP on that route table. True means disable. | bool |
routes | Collection of routes contained within a route table. | Route[] |
Route
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the route. | RoutePropertiesFormat |
type | The type of the resource. | string |
RoutePropertiesFormat
Name | Description | Value |
---|---|---|
addressPrefix | The destination CIDR to which the route applies. | string |
hasBgpOverride | A value indicating whether this route overrides overlapping BGP routes regardless of LPM. | bool |
nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
nextHopType | The type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
ServiceEndpointPolicy
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the service end point policy. | ServiceEndpointPolicyPropertiesFormat |
tags | Resource tags. | object |
ServiceEndpointPolicyPropertiesFormat
Name | Description | Value |
---|---|---|
contextualServiceEndpointPolicies | A collection of contextual service endpoint policy. | string[] |
serviceAlias | The alias indicating if the policy belongs to a service | string |
serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | ServiceEndpointPolicyDefinition[] |
ServiceEndpointPolicyDefinition
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the service endpoint policy definition. | ServiceEndpointPolicyDefinitionPropertiesFormat |
type | The type of the resource. | string |
ServiceEndpointPolicyDefinitionPropertiesFormat
Name | Description | Value |
---|---|---|
description | A description for this rule. Restricted to 140 chars. | string |
service | Service endpoint name. | string |
serviceResources | A list of service resources. | string[] |
ServiceEndpointPropertiesFormat
Name | Description | Value |
---|---|---|
locations | A list of locations. | string[] |
service | The type of the endpoint service. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Azure Game Developer Virtual Machine Scale Set |
Azure Game Developer Virtual Machine Scale Set includes Licencsed Engines like Unreal. |
Multi-client VNS3 network appliance |
VNS3 is a software only virtual appliance that provides the combined features and functions of a Security Appliance, Application Delivery Controller and Unified Threat Management device at the cloud application edge. Key benefits, On top of cloud networking, Always on end to end encryption, Federate data centres, cloud regions, cloud providers, and/or containers, creating one unified address space, Attestable control over encryption keys, Meshed network manageable at scale, Reliable HA in the Cloud, Isolate sensitive applications (fast low cost Network Segmentation), Segmentation within applications, Analysis of all data in motion in the cloud. Key network functions; virtual router, switch, firewall, vpn concentrator, multicast distributor, with plugins for WAF, NIDS, Caching, Proxy Load Balancers and other Layer 4 thru 7 network functions, VNS3 doesn't require new knowledge or training to implement, so you can integrate with existing network equipment. |
VNS3 network appliance for cloud connectivity and security |
VNS3 is a software only virtual appliance that provides the combined features and functions of a security appliance, application delivery controller and unified threat management device at the cloud application edge. Key benefits, on top of cloud networking, always on end to end encryption, federate data centres, cloud regions, cloud providers, and/or containers, creating one unified address space, attestable control over encryption keys, meshed network manageable at scale, reliable HA in the cloud, isolate sensitive applications (fast low cost Network Segmentation), segmentation within applications, Analysis of all data in motion in the cloud. Key network functions; virtual router, switch, firewall, vpn concentrator, multicast distributor, with plugins for WAF, NIDS, caching, proxy, load balancers and other layer 4 thru 7 network functions, VNS3 doesn't require new knowledge or training to implement, so you can integrate with existing network equipment. |
Deploy Darktrace Autoscaling vSensors |
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors |
JMeter environment for Elasticsearch |
This template will deploy a JMeter environment into an existing virtual network. One master node and multiple subordinate nodes are deployed into a new jmeter subnet. This template works in conjunction with the Elasticsearch quickstart template. |
GPU Vm with OBS-Studio, Skype, MS-Teams for event streaming |
This template creates a GPU Vm with OBS-Studio, Skype, MS-Teams for event streaming. It creates the VM in a new vnet, storage account, nic, and public ip with the new compute stack. All installation process based on Chocolately package manager |
SharePoint Subscription / 2019 / 2016 / 2013 all configured |
This template creates a SharePoint Subscription / 2019 / 2016 / 2013 farm with an extensive configuration that would take ages to perform manually, including a federated authentication with ADFS, an OAuth trust, the User Profiles service and a web application with 2 zones that contains multiple path based and host-named site collections. On the SharePoint virtual machines, Chocolatey is used to install the latest version of Notepad++, Visual Studio Code, Azure Data Studio, Fiddler, ULS Viewer and 7-Zip. |
Azure Cloud Shell - VNet |
This template deploys Azure Cloud Shell resources into an Azure virtual network. |
eShop Website with ILB ASE |
An App Service Environment is a Premium service plan option of Azure App Service that provides a fully isolated and dedicated environment for securely running Azure App Service apps at high scale, including Web Apps, Mobile Apps, and API Apps. |
Deploy a Hub and Spoke topology sandbox |
This template creates a basic hub-and-spoke topology setup. It creates a Hub VNet with subnets DMZ, Management, Shared and Gateway (optionally), with two Spoke VNets (development and production) containing a workload subnet each. It also deploys a Windows Jump-Host on the Management subnet of the HUB, and establishes VNet peerings between the Hub and the two spokes. |
Azure Batch pool without public IP addresses |
This template creates Azure Batch simplified node communication pool without public IP addresses. |
Deploy a simple Ubuntu Linux VM 18.04-LTS |
This template deploy a Ubuntu Server with a few options for the VM. You can provide the VM Name, OS Version, VM size, admin username and password. As default the VM size is Standard_B2s and O.S. Version is 18.04-LTS. |
Deploy a simple Windows VM with tags |
This template will deploy a D2_v3 Windows VM, NIC, Storage Account, Virtual Network, Public IP Address, and Network Security Group. The tag object is created in the variables and will be applied on all resources, where applicable. |
Azure Container Instances - VNet |
Deploy a container instance into an Azure virtual network. |
Migrate to Azure SQL database using Azure DMS |
The Azure Database Migration Service (DMS) is designed to streamline the process of migrating on-premises databases to Azure. DMS will simplify the migration of existing on-premises SQL Server and Oracle databases to Azure SQL Database, Azure SQL Managed Instance or Microsoft SQL Server in an Azure Virtual Machine. This template would deploy an instance of Azure Database Migration service, an Azure VM with SQL server installed on it which will act as a Source server with pre created database on it and a Target Azure SQL DB server which will have a pre-created schema of the database to be migrated from Source to Target server. The template will also deploy the required resources like NIC, vnet etc for supporting the Source VM, DMS service and Target server. |
Deploy Azure Database Migration Service (DMS) |
Azure Database Migration Service is a fully managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime (online migrations). |
Deploy Azure Database for MariaDB with VNet |
This template provides a way to deploy an Azure database for MariaDB with VNet integration. |
Deploy Azure Database for MySQL (flexible) with VNet |
This template provides a way to deploy a Flexible server Azure database for MySQL with VNet integration. |
Deploy Azure Database for MySQL with VNet |
This template provides a way to deploy an Azure database for MySQL with VNet integration. |
Deploy Azure Database for PostgreSQL (flexible) with VNet |
This template provides a way to deploy a Flexible server Azure database for PostgreSQL with VNet integration. |
Deploy Azure Database for PostgreSQL with VNet |
This template provides a way to deploy an Azure database for PostgreSQL with VNet integration. |
Create an Azure Payment HSM |
This template creates an Azure Payment HSM, to provide cryptographic key operations for real-time, critical payment transactions in the Azure cloud. |
Integration Service Environment Template |
Template that creates a virtual network, 4 subnets, and then an Integration Service Environment (ISE), including non-native connectors. Use as a base for templates that require a Logic Apps ISE. |
Azure Machine Learning end-to-end secure setup |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy) |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Create an Azure Machine Learning service workspace (vnet) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create an Azure Machine Learning service workspace (legacy) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create new ANF resource with SMB volume |
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol. |
Azure Bastion as a Service |
This template provisions Azure Bastion in a Virtual Network |
Azure Bastion as a Service with NSG |
This template provisions Azure Bastion in a Virtual Network |
Create sandbox of Azure Firewall, client VM, and server VM |
This template creates a virtual network with 2 subnets (server subnet and AzureFirewall subnet), A server VM, a client VM, a public IP address for each VM, and a route table to send traffic between VMs through the firewall. |
Create an Azure Firewall with multiple IP public addresses |
This template creates an Azure Firewall with two public IP addresses and two Windows Server 2019 servers to test. |
Secured virtual hubs |
This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet. |
Create a standard internal load balancer |
This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80 |
Create a cross-region load balancer |
This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region. |
Standard Load Balancer with Backend Pool by IP Addresses |
This template is used to demonstrate how ARM Templates can be used to configure the Backend Pool of a Load Balancer by IP Address as outlined in the Backend Pool management document. |
Create a standard load-balancer |
This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone. |
Virtual Network NAT with VM |
Deploy a NAT gateway and virtual machine |
Create a Route Server in a New Subnet |
This template deploys a Route Server into a subnet named RouteServerSubnet. |
Add a subnet to an existing VNET |
This template allows you to add a subnet to an existing VNET. Deploy into the resource group of the existing VNET |
Azure Virtual WAN Routing Intent and Policies |
This template provisions an Azure Virtual WAN with two hubs with Routing Intent and Policies feature enabled. |
Add an NSG with Redis security rules to an existing subnet |
This template allows you to add an NSG with preconfigured Azure Redis Cache security rules to an existing subnet within a VNET. Deploy into the resource group of the existing VNET. |
Private Endpoint example |
This template shows how to create a private endpoint pointing to Azure SQL Server |
App Service Environment with Azure SQL backend |
This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment. |
Web App with Private Endpoint |
This template allows you to create a Web App and expose it through Private Endpoint |
Create an AppServicePlan and App in an ASEv3 |
Create an AppServicePlan and App in an ASEv3 |
ARM template resource definition
The virtualNetworks/subnets resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Remarks
For guidance on creating virtual networks and subnets, see Create virtual network resources by using Bicep.
Resource format
To create a Microsoft.Network/virtualNetworks/subnets resource, add the following JSON to your template.
{
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2023-11-01",
"name": "string",
"properties": {
"addressPrefix": "string",
"addressPrefixes": [ "string" ],
"applicationGatewayIPConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"subnet": {
"id": "string"
}
}
}
],
"defaultOutboundAccess": "bool",
"delegations": [
{
"id": "string",
"name": "string",
"properties": {
"serviceName": "string"
},
"type": "string"
}
],
"ipAllocations": [
{
"id": "string"
}
],
"natGateway": {
"id": "string"
},
"networkSecurityGroup": {
"id": "string",
"location": "string",
"properties": {
"flushConnection": "bool",
"securityRules": [
{
"id": "string",
"name": "string",
"properties": {
"access": "string",
"description": "string",
"destinationAddressPrefix": "string",
"destinationAddressPrefixes": [ "string" ],
"destinationApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {},
"tags": {}
}
],
"destinationPortRange": "string",
"destinationPortRanges": [ "string" ],
"direction": "string",
"priority": "int",
"protocol": "string",
"sourceAddressPrefix": "string",
"sourceAddressPrefixes": [ "string" ],
"sourceApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {},
"tags": {}
}
],
"sourcePortRange": "string",
"sourcePortRanges": [ "string" ]
},
"type": "string"
}
]
},
"tags": {}
},
"privateEndpointNetworkPolicies": "string",
"privateLinkServiceNetworkPolicies": "string",
"routeTable": {
"id": "string",
"location": "string",
"properties": {
"disableBgpRoutePropagation": "bool",
"routes": [
{
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"hasBgpOverride": "bool",
"nextHopIpAddress": "string",
"nextHopType": "string"
},
"type": "string"
}
]
},
"tags": {}
},
"serviceEndpointPolicies": [
{
"id": "string",
"location": "string",
"properties": {
"contextualServiceEndpointPolicies": [ "string" ],
"serviceAlias": "string",
"serviceEndpointPolicyDefinitions": [
{
"id": "string",
"name": "string",
"properties": {
"description": "string",
"service": "string",
"serviceResources": [ "string" ]
},
"type": "string"
}
]
},
"tags": {}
}
],
"serviceEndpoints": [
{
"locations": [ "string" ],
"service": "string"
}
],
"sharingScope": "string"
}
}
Property values
virtualNetworks/subnets
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Network/virtualNetworks/subnets' |
apiVersion | The resource api version | '2023-11-01' |
name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) Character limit: 1-80 Valid characters: Alphanumerics, underscores, periods, and hyphens. Start with alphanumeric. End alphanumeric or underscore. |
properties | Properties of the subnet. | SubnetPropertiesFormat |
SubnetPropertiesFormat
Name | Description | Value |
---|---|---|
addressPrefix | The address prefix for the subnet. | string |
addressPrefixes | List of address prefixes for the subnet. | string[] |
applicationGatewayIPConfigurations | Application gateway IP configurations of virtual network resource. | ApplicationGatewayIPConfiguration[] |
defaultOutboundAccess | Set this property to false to disable default outbound connectivity for all VMs in the subnet. This property can only be set at the time of subnet creation and cannot be updated for an existing subnet. | bool |
delegations | An array of references to the delegations on the subnet. | Delegation[] |
ipAllocations | Array of IpAllocation which reference this subnet. | SubResource[] |
natGateway | Nat gateway associated with this subnet. | SubResource |
networkSecurityGroup | The reference to the NetworkSecurityGroup resource. | NetworkSecurityGroup |
privateEndpointNetworkPolicies | Enable or Disable apply network policies on private end point in the subnet. | 'Disabled' 'Enabled' 'NetworkSecurityGroupEnabled' 'RouteTableEnabled' |
privateLinkServiceNetworkPolicies | Enable or Disable apply network policies on private link service in the subnet. | 'Disabled' 'Enabled' |
routeTable | The reference to the RouteTable resource. | RouteTable |
serviceEndpointPolicies | An array of service endpoint policies. | ServiceEndpointPolicy[] |
serviceEndpoints | An array of service endpoints. | ServiceEndpointPropertiesFormat[] |
sharingScope | Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. | 'DelegatedServices' 'Tenant' |
ApplicationGatewayIPConfiguration
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Name of the IP configuration that is unique within an Application Gateway. | string |
properties | Properties of the application gateway IP configuration. | ApplicationGatewayIPConfigurationPropertiesFormat |
ApplicationGatewayIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
subnet | Reference to the subnet resource. A subnet from where application gateway gets its private address. | SubResource |
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
Delegation
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a subnet. This name can be used to access the resource. | string |
properties | Properties of the subnet. | ServiceDelegationPropertiesFormat |
type | Resource type. | string |
ServiceDelegationPropertiesFormat
Name | Description | Value |
---|---|---|
serviceName | The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). | string |
NetworkSecurityGroup
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the network security group. | NetworkSecurityGroupPropertiesFormat |
tags | Resource tags. | object |
NetworkSecurityGroupPropertiesFormat
Name | Description | Value |
---|---|---|
flushConnection | When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. | bool |
securityRules | A collection of security rules of the network security group. | SecurityRule[] |
SecurityRule
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the security rule. | SecurityRulePropertiesFormat |
type | The type of the resource. | string |
SecurityRulePropertiesFormat
Name | Description | Value |
---|---|---|
access | The network traffic is allowed or denied. | 'Allow' 'Deny' (required) |
description | A description for this rule. Restricted to 140 chars. | string |
destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
destinationApplicationSecurityGroups | The application security group specified as destination. | ApplicationSecurityGroup[] |
destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
destinationPortRanges | The destination port ranges. | string[] |
direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int (required) |
protocol | Network protocol this rule applies to. | '*' 'Ah' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
sourceApplicationSecurityGroups | The application security group specified as source. | ApplicationSecurityGroup[] |
sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
sourcePortRanges | The source port ranges. | string[] |
ApplicationSecurityGroup
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the application security group. | ApplicationSecurityGroupPropertiesFormat |
tags | Resource tags. | object |
ApplicationSecurityGroupPropertiesFormat
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
RouteTable
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the route table. | RouteTablePropertiesFormat |
tags | Resource tags. | object |
RouteTablePropertiesFormat
Name | Description | Value |
---|---|---|
disableBgpRoutePropagation | Whether to disable the routes learned by BGP on that route table. True means disable. | bool |
routes | Collection of routes contained within a route table. | Route[] |
Route
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the route. | RoutePropertiesFormat |
type | The type of the resource. | string |
RoutePropertiesFormat
Name | Description | Value |
---|---|---|
addressPrefix | The destination CIDR to which the route applies. | string |
hasBgpOverride | A value indicating whether this route overrides overlapping BGP routes regardless of LPM. | bool |
nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
nextHopType | The type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
ServiceEndpointPolicy
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the service end point policy. | ServiceEndpointPolicyPropertiesFormat |
tags | Resource tags. | object |
ServiceEndpointPolicyPropertiesFormat
Name | Description | Value |
---|---|---|
contextualServiceEndpointPolicies | A collection of contextual service endpoint policy. | string[] |
serviceAlias | The alias indicating if the policy belongs to a service | string |
serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | ServiceEndpointPolicyDefinition[] |
ServiceEndpointPolicyDefinition
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the service endpoint policy definition. | ServiceEndpointPolicyDefinitionPropertiesFormat |
type | The type of the resource. | string |
ServiceEndpointPolicyDefinitionPropertiesFormat
Name | Description | Value |
---|---|---|
description | A description for this rule. Restricted to 140 chars. | string |
service | Service endpoint name. | string |
serviceResources | A list of service resources. | string[] |
ServiceEndpointPropertiesFormat
Name | Description | Value |
---|---|---|
locations | A list of locations. | string[] |
service | The type of the endpoint service. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Azure Game Developer Virtual Machine Scale Set |
Azure Game Developer Virtual Machine Scale Set includes Licencsed Engines like Unreal. |
Multi-client VNS3 network appliance |
VNS3 is a software only virtual appliance that provides the combined features and functions of a Security Appliance, Application Delivery Controller and Unified Threat Management device at the cloud application edge. Key benefits, On top of cloud networking, Always on end to end encryption, Federate data centres, cloud regions, cloud providers, and/or containers, creating one unified address space, Attestable control over encryption keys, Meshed network manageable at scale, Reliable HA in the Cloud, Isolate sensitive applications (fast low cost Network Segmentation), Segmentation within applications, Analysis of all data in motion in the cloud. Key network functions; virtual router, switch, firewall, vpn concentrator, multicast distributor, with plugins for WAF, NIDS, Caching, Proxy Load Balancers and other Layer 4 thru 7 network functions, VNS3 doesn't require new knowledge or training to implement, so you can integrate with existing network equipment. |
VNS3 network appliance for cloud connectivity and security |
VNS3 is a software only virtual appliance that provides the combined features and functions of a security appliance, application delivery controller and unified threat management device at the cloud application edge. Key benefits, on top of cloud networking, always on end to end encryption, federate data centres, cloud regions, cloud providers, and/or containers, creating one unified address space, attestable control over encryption keys, meshed network manageable at scale, reliable HA in the cloud, isolate sensitive applications (fast low cost Network Segmentation), segmentation within applications, Analysis of all data in motion in the cloud. Key network functions; virtual router, switch, firewall, vpn concentrator, multicast distributor, with plugins for WAF, NIDS, caching, proxy, load balancers and other layer 4 thru 7 network functions, VNS3 doesn't require new knowledge or training to implement, so you can integrate with existing network equipment. |
Deploy Darktrace Autoscaling vSensors |
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors |
JMeter environment for Elasticsearch |
This template will deploy a JMeter environment into an existing virtual network. One master node and multiple subordinate nodes are deployed into a new jmeter subnet. This template works in conjunction with the Elasticsearch quickstart template. |
GPU Vm with OBS-Studio, Skype, MS-Teams for event streaming |
This template creates a GPU Vm with OBS-Studio, Skype, MS-Teams for event streaming. It creates the VM in a new vnet, storage account, nic, and public ip with the new compute stack. All installation process based on Chocolately package manager |
SharePoint Subscription / 2019 / 2016 / 2013 all configured |
This template creates a SharePoint Subscription / 2019 / 2016 / 2013 farm with an extensive configuration that would take ages to perform manually, including a federated authentication with ADFS, an OAuth trust, the User Profiles service and a web application with 2 zones that contains multiple path based and host-named site collections. On the SharePoint virtual machines, Chocolatey is used to install the latest version of Notepad++, Visual Studio Code, Azure Data Studio, Fiddler, ULS Viewer and 7-Zip. |
Azure Cloud Shell - VNet |
This template deploys Azure Cloud Shell resources into an Azure virtual network. |
eShop Website with ILB ASE |
An App Service Environment is a Premium service plan option of Azure App Service that provides a fully isolated and dedicated environment for securely running Azure App Service apps at high scale, including Web Apps, Mobile Apps, and API Apps. |
Deploy a Hub and Spoke topology sandbox |
This template creates a basic hub-and-spoke topology setup. It creates a Hub VNet with subnets DMZ, Management, Shared and Gateway (optionally), with two Spoke VNets (development and production) containing a workload subnet each. It also deploys a Windows Jump-Host on the Management subnet of the HUB, and establishes VNet peerings between the Hub and the two spokes. |
Azure Batch pool without public IP addresses |
This template creates Azure Batch simplified node communication pool without public IP addresses. |
Deploy a simple Ubuntu Linux VM 18.04-LTS |
This template deploy a Ubuntu Server with a few options for the VM. You can provide the VM Name, OS Version, VM size, admin username and password. As default the VM size is Standard_B2s and O.S. Version is 18.04-LTS. |
Deploy a simple Windows VM with tags |
This template will deploy a D2_v3 Windows VM, NIC, Storage Account, Virtual Network, Public IP Address, and Network Security Group. The tag object is created in the variables and will be applied on all resources, where applicable. |
Azure Container Instances - VNet |
Deploy a container instance into an Azure virtual network. |
Migrate to Azure SQL database using Azure DMS |
The Azure Database Migration Service (DMS) is designed to streamline the process of migrating on-premises databases to Azure. DMS will simplify the migration of existing on-premises SQL Server and Oracle databases to Azure SQL Database, Azure SQL Managed Instance or Microsoft SQL Server in an Azure Virtual Machine. This template would deploy an instance of Azure Database Migration service, an Azure VM with SQL server installed on it which will act as a Source server with pre created database on it and a Target Azure SQL DB server which will have a pre-created schema of the database to be migrated from Source to Target server. The template will also deploy the required resources like NIC, vnet etc for supporting the Source VM, DMS service and Target server. |
Deploy Azure Database Migration Service (DMS) |
Azure Database Migration Service is a fully managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime (online migrations). |
Deploy Azure Database for MariaDB with VNet |
This template provides a way to deploy an Azure database for MariaDB with VNet integration. |
Deploy Azure Database for MySQL (flexible) with VNet |
This template provides a way to deploy a Flexible server Azure database for MySQL with VNet integration. |
Deploy Azure Database for MySQL with VNet |
This template provides a way to deploy an Azure database for MySQL with VNet integration. |
Deploy Azure Database for PostgreSQL (flexible) with VNet |
This template provides a way to deploy a Flexible server Azure database for PostgreSQL with VNet integration. |
Deploy Azure Database for PostgreSQL with VNet |
This template provides a way to deploy an Azure database for PostgreSQL with VNet integration. |
Create an Azure Payment HSM |
This template creates an Azure Payment HSM, to provide cryptographic key operations for real-time, critical payment transactions in the Azure cloud. |
Integration Service Environment Template |
Template that creates a virtual network, 4 subnets, and then an Integration Service Environment (ISE), including non-native connectors. Use as a base for templates that require a Logic Apps ISE. |
Azure Machine Learning end-to-end secure setup |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy) |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Create an Azure Machine Learning service workspace (vnet) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create an Azure Machine Learning service workspace (legacy) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create new ANF resource with SMB volume |
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol. |
Azure Bastion as a Service |
This template provisions Azure Bastion in a Virtual Network |
Azure Bastion as a Service with NSG |
This template provisions Azure Bastion in a Virtual Network |
Create sandbox of Azure Firewall, client VM, and server VM |
This template creates a virtual network with 2 subnets (server subnet and AzureFirewall subnet), A server VM, a client VM, a public IP address for each VM, and a route table to send traffic between VMs through the firewall. |
Create an Azure Firewall with multiple IP public addresses |
This template creates an Azure Firewall with two public IP addresses and two Windows Server 2019 servers to test. |
Secured virtual hubs |
This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet. |
Create a standard internal load balancer |
This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80 |
Create a cross-region load balancer |
This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region. |
Standard Load Balancer with Backend Pool by IP Addresses |
This template is used to demonstrate how ARM Templates can be used to configure the Backend Pool of a Load Balancer by IP Address as outlined in the Backend Pool management document. |
Create a standard load-balancer |
This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone. |
Virtual Network NAT with VM |
Deploy a NAT gateway and virtual machine |
Create a Route Server in a New Subnet |
This template deploys a Route Server into a subnet named RouteServerSubnet. |
Add a subnet to an existing VNET |
This template allows you to add a subnet to an existing VNET. Deploy into the resource group of the existing VNET |
Azure Virtual WAN Routing Intent and Policies |
This template provisions an Azure Virtual WAN with two hubs with Routing Intent and Policies feature enabled. |
Add an NSG with Redis security rules to an existing subnet |
This template allows you to add an NSG with preconfigured Azure Redis Cache security rules to an existing subnet within a VNET. Deploy into the resource group of the existing VNET. |
Private Endpoint example |
This template shows how to create a private endpoint pointing to Azure SQL Server |
App Service Environment with Azure SQL backend |
This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment. |
Web App with Private Endpoint |
This template allows you to create a Web App and expose it through Private Endpoint |
Create an AppServicePlan and App in an ASEv3 |
Create an AppServicePlan and App in an ASEv3 |
Terraform (AzAPI provider) resource definition
The virtualNetworks/subnets resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/virtualNetworks/subnets resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/virtualNetworks/subnets@2023-11-01"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
addressPrefix = "string"
addressPrefixes = [
"string"
]
applicationGatewayIPConfigurations = [
{
id = "string"
name = "string"
properties = {
subnet = {
id = "string"
}
}
}
]
defaultOutboundAccess = bool
delegations = [
{
id = "string"
name = "string"
properties = {
serviceName = "string"
}
type = "string"
}
]
ipAllocations = [
{
id = "string"
}
]
natGateway = {
id = "string"
}
networkSecurityGroup = {
id = "string"
location = "string"
properties = {
flushConnection = bool
securityRules = [
{
id = "string"
name = "string"
properties = {
access = "string"
description = "string"
destinationAddressPrefix = "string"
destinationAddressPrefixes = [
"string"
]
destinationApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {}
tags = {}
}
]
destinationPortRange = "string"
destinationPortRanges = [
"string"
]
direction = "string"
priority = int
protocol = "string"
sourceAddressPrefix = "string"
sourceAddressPrefixes = [
"string"
]
sourceApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {}
tags = {}
}
]
sourcePortRange = "string"
sourcePortRanges = [
"string"
]
}
type = "string"
}
]
}
tags = {}
}
privateEndpointNetworkPolicies = "string"
privateLinkServiceNetworkPolicies = "string"
routeTable = {
id = "string"
location = "string"
properties = {
disableBgpRoutePropagation = bool
routes = [
{
id = "string"
name = "string"
properties = {
addressPrefix = "string"
hasBgpOverride = bool
nextHopIpAddress = "string"
nextHopType = "string"
}
type = "string"
}
]
}
tags = {}
}
serviceEndpointPolicies = [
{
id = "string"
location = "string"
properties = {
contextualServiceEndpointPolicies = [
"string"
]
serviceAlias = "string"
serviceEndpointPolicyDefinitions = [
{
id = "string"
name = "string"
properties = {
description = "string"
service = "string"
serviceResources = [
"string"
]
}
type = "string"
}
]
}
tags = {}
}
]
serviceEndpoints = [
{
locations = [
"string"
]
service = "string"
}
]
sharingScope = "string"
}
})
}
Property values
virtualNetworks/subnets
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.Network/virtualNetworks/subnets@2023-11-01" |
name | The resource name | string (required) Character limit: 1-80 Valid characters: Alphanumerics, underscores, periods, and hyphens. Start with alphanumeric. End alphanumeric or underscore. |
parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: virtualNetworks |
properties | Properties of the subnet. | SubnetPropertiesFormat |
SubnetPropertiesFormat
Name | Description | Value |
---|---|---|
addressPrefix | The address prefix for the subnet. | string |
addressPrefixes | List of address prefixes for the subnet. | string[] |
applicationGatewayIPConfigurations | Application gateway IP configurations of virtual network resource. | ApplicationGatewayIPConfiguration[] |
defaultOutboundAccess | Set this property to false to disable default outbound connectivity for all VMs in the subnet. This property can only be set at the time of subnet creation and cannot be updated for an existing subnet. | bool |
delegations | An array of references to the delegations on the subnet. | Delegation[] |
ipAllocations | Array of IpAllocation which reference this subnet. | SubResource[] |
natGateway | Nat gateway associated with this subnet. | SubResource |
networkSecurityGroup | The reference to the NetworkSecurityGroup resource. | NetworkSecurityGroup |
privateEndpointNetworkPolicies | Enable or Disable apply network policies on private end point in the subnet. | "Disabled" "Enabled" "NetworkSecurityGroupEnabled" "RouteTableEnabled" |
privateLinkServiceNetworkPolicies | Enable or Disable apply network policies on private link service in the subnet. | "Disabled" "Enabled" |
routeTable | The reference to the RouteTable resource. | RouteTable |
serviceEndpointPolicies | An array of service endpoint policies. | ServiceEndpointPolicy[] |
serviceEndpoints | An array of service endpoints. | ServiceEndpointPropertiesFormat[] |
sharingScope | Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. | "DelegatedServices" "Tenant" |
ApplicationGatewayIPConfiguration
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Name of the IP configuration that is unique within an Application Gateway. | string |
properties | Properties of the application gateway IP configuration. | ApplicationGatewayIPConfigurationPropertiesFormat |
ApplicationGatewayIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
subnet | Reference to the subnet resource. A subnet from where application gateway gets its private address. | SubResource |
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
Delegation
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a subnet. This name can be used to access the resource. | string |
properties | Properties of the subnet. | ServiceDelegationPropertiesFormat |
type | Resource type. | string |
ServiceDelegationPropertiesFormat
Name | Description | Value |
---|---|---|
serviceName | The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). | string |
NetworkSecurityGroup
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the network security group. | NetworkSecurityGroupPropertiesFormat |
tags | Resource tags. | object |
NetworkSecurityGroupPropertiesFormat
Name | Description | Value |
---|---|---|
flushConnection | When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. | bool |
securityRules | A collection of security rules of the network security group. | SecurityRule[] |
SecurityRule
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the security rule. | SecurityRulePropertiesFormat |
type | The type of the resource. | string |
SecurityRulePropertiesFormat
Name | Description | Value |
---|---|---|
access | The network traffic is allowed or denied. | "Allow" "Deny" (required) |
description | A description for this rule. Restricted to 140 chars. | string |
destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
destinationApplicationSecurityGroups | The application security group specified as destination. | ApplicationSecurityGroup[] |
destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
destinationPortRanges | The destination port ranges. | string[] |
direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | "Inbound" "Outbound" (required) |
priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int (required) |
protocol | Network protocol this rule applies to. | "*" "Ah" "Esp" "Icmp" "Tcp" "Udp" (required) |
sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
sourceApplicationSecurityGroups | The application security group specified as source. | ApplicationSecurityGroup[] |
sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
sourcePortRanges | The source port ranges. | string[] |
ApplicationSecurityGroup
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the application security group. | ApplicationSecurityGroupPropertiesFormat |
tags | Resource tags. | object |
ApplicationSecurityGroupPropertiesFormat
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
RouteTable
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the route table. | RouteTablePropertiesFormat |
tags | Resource tags. | object |
RouteTablePropertiesFormat
Name | Description | Value |
---|---|---|
disableBgpRoutePropagation | Whether to disable the routes learned by BGP on that route table. True means disable. | bool |
routes | Collection of routes contained within a route table. | Route[] |
Route
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the route. | RoutePropertiesFormat |
type | The type of the resource. | string |
RoutePropertiesFormat
Name | Description | Value |
---|---|---|
addressPrefix | The destination CIDR to which the route applies. | string |
hasBgpOverride | A value indicating whether this route overrides overlapping BGP routes regardless of LPM. | bool |
nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
nextHopType | The type of Azure hop the packet should be sent to. | "Internet" "None" "VirtualAppliance" "VirtualNetworkGateway" "VnetLocal" (required) |
ServiceEndpointPolicy
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the service end point policy. | ServiceEndpointPolicyPropertiesFormat |
tags | Resource tags. | object |
ServiceEndpointPolicyPropertiesFormat
Name | Description | Value |
---|---|---|
contextualServiceEndpointPolicies | A collection of contextual service endpoint policy. | string[] |
serviceAlias | The alias indicating if the policy belongs to a service | string |
serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | ServiceEndpointPolicyDefinition[] |
ServiceEndpointPolicyDefinition
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the service endpoint policy definition. | ServiceEndpointPolicyDefinitionPropertiesFormat |
type | The type of the resource. | string |
ServiceEndpointPolicyDefinitionPropertiesFormat
Name | Description | Value |
---|---|---|
description | A description for this rule. Restricted to 140 chars. | string |
service | Service endpoint name. | string |
serviceResources | A list of service resources. | string[] |
ServiceEndpointPropertiesFormat
Name | Description | Value |
---|---|---|
locations | A list of locations. | string[] |
service | The type of the endpoint service. | string |