다음을 통해 공유


Microsoft.Network virtualNetworkTaps 2019-11-01

Bicep resource definition

The virtualNetworkTaps resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualNetworkTaps resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/virtualNetworkTaps@2019-11-01' = {
  location: 'string'
  name: 'string'
  properties: {
    destinationLoadBalancerFrontEndIPConfiguration: {
      id: 'string'
      name: 'string'
      properties: {
        privateIPAddress: 'string'
        privateIPAddressVersion: 'string'
        privateIPAllocationMethod: 'string'
        publicIPAddress: {
          id: 'string'
          location: 'string'
          properties: {
            ddosSettings: {
              ddosCustomPolicy: {
                id: 'string'
              }
              protectedIP: bool
              protectionCoverage: 'string'
            }
            dnsSettings: {
              domainNameLabel: 'string'
              fqdn: 'string'
              reverseFqdn: 'string'
            }
            idleTimeoutInMinutes: int
            ipAddress: 'string'
            ipTags: [
              {
                ipTagType: 'string'
                tag: 'string'
              }
            ]
            publicIPAddressVersion: 'string'
            publicIPAllocationMethod: 'string'
            publicIPPrefix: {
              id: 'string'
            }
          }
          sku: {
            name: 'string'
          }
          tags: {
            {customized property}: 'string'
          }
          zones: [
            'string'
          ]
        }
        publicIPPrefix: {
          id: 'string'
        }
        subnet: {
          id: 'string'
          name: 'string'
          properties: {
            addressPrefix: 'string'
            addressPrefixes: [
              'string'
            ]
            delegations: [
              {
                id: 'string'
                name: 'string'
                properties: {
                  serviceName: 'string'
                }
              }
            ]
            natGateway: {
              id: 'string'
            }
            networkSecurityGroup: {
              id: 'string'
              location: 'string'
              properties: {
                securityRules: [
                  {
                    id: 'string'
                    name: 'string'
                    properties: {
                      access: 'string'
                      description: 'string'
                      destinationAddressPrefix: 'string'
                      destinationAddressPrefixes: [
                        'string'
                      ]
                      destinationApplicationSecurityGroups: [
                        {
                          id: 'string'
                          location: 'string'
                          properties: {}
                          tags: {
                            {customized property}: 'string'
                          }
                        }
                      ]
                      destinationPortRange: 'string'
                      destinationPortRanges: [
                        'string'
                      ]
                      direction: 'string'
                      priority: int
                      protocol: 'string'
                      sourceAddressPrefix: 'string'
                      sourceAddressPrefixes: [
                        'string'
                      ]
                      sourceApplicationSecurityGroups: [
                        {
                          id: 'string'
                          location: 'string'
                          properties: {}
                          tags: {
                            {customized property}: 'string'
                          }
                        }
                      ]
                      sourcePortRange: 'string'
                      sourcePortRanges: [
                        'string'
                      ]
                    }
                  }
                ]
              }
              tags: {
                {customized property}: 'string'
              }
            }
            privateEndpointNetworkPolicies: 'string'
            privateLinkServiceNetworkPolicies: 'string'
            routeTable: {
              id: 'string'
              location: 'string'
              properties: {
                disableBgpRoutePropagation: bool
                routes: [
                  {
                    id: 'string'
                    name: 'string'
                    properties: {
                      addressPrefix: 'string'
                      nextHopIpAddress: 'string'
                      nextHopType: 'string'
                    }
                  }
                ]
              }
              tags: {
                {customized property}: 'string'
              }
            }
            serviceEndpointPolicies: [
              {
                id: 'string'
                location: 'string'
                properties: {
                  serviceEndpointPolicyDefinitions: [
                    {
                      id: 'string'
                      name: 'string'
                      properties: {
                        description: 'string'
                        service: 'string'
                        serviceResources: [
                          'string'
                        ]
                      }
                    }
                  ]
                }
                tags: {
                  {customized property}: 'string'
                }
              }
            ]
            serviceEndpoints: [
              {
                locations: [
                  'string'
                ]
                service: 'string'
              }
            ]
          }
        }
      }
      zones: [
        'string'
      ]
    }
    destinationNetworkInterfaceIPConfiguration: {
      id: 'string'
      name: 'string'
      properties: {
        applicationGatewayBackendAddressPools: [
          {
            id: 'string'
            name: 'string'
            properties: {
              backendAddresses: [
                {
                  fqdn: 'string'
                  ipAddress: 'string'
                }
              ]
            }
          }
        ]
        applicationSecurityGroups: [
          {
            id: 'string'
            location: 'string'
            properties: {}
            tags: {
              {customized property}: 'string'
            }
          }
        ]
        loadBalancerBackendAddressPools: [
          {
            id: 'string'
            name: 'string'
            properties: {}
          }
        ]
        loadBalancerInboundNatRules: [
          {
            id: 'string'
            name: 'string'
            properties: {
              backendPort: int
              enableFloatingIP: bool
              enableTcpReset: bool
              frontendIPConfiguration: {
                id: 'string'
              }
              frontendPort: int
              idleTimeoutInMinutes: int
              protocol: 'string'
            }
          }
        ]
        primary: bool
        privateIPAddress: 'string'
        privateIPAddressVersion: 'string'
        privateIPAllocationMethod: 'string'
        publicIPAddress: {
          id: 'string'
          location: 'string'
          properties: {
            ddosSettings: {
              ddosCustomPolicy: {
                id: 'string'
              }
              protectedIP: bool
              protectionCoverage: 'string'
            }
            dnsSettings: {
              domainNameLabel: 'string'
              fqdn: 'string'
              reverseFqdn: 'string'
            }
            idleTimeoutInMinutes: int
            ipAddress: 'string'
            ipTags: [
              {
                ipTagType: 'string'
                tag: 'string'
              }
            ]
            publicIPAddressVersion: 'string'
            publicIPAllocationMethod: 'string'
            publicIPPrefix: {
              id: 'string'
            }
          }
          sku: {
            name: 'string'
          }
          tags: {
            {customized property}: 'string'
          }
          zones: [
            'string'
          ]
        }
        subnet: {
          id: 'string'
          name: 'string'
          properties: {
            addressPrefix: 'string'
            addressPrefixes: [
              'string'
            ]
            delegations: [
              {
                id: 'string'
                name: 'string'
                properties: {
                  serviceName: 'string'
                }
              }
            ]
            natGateway: {
              id: 'string'
            }
            networkSecurityGroup: {
              id: 'string'
              location: 'string'
              properties: {
                securityRules: [
                  {
                    id: 'string'
                    name: 'string'
                    properties: {
                      access: 'string'
                      description: 'string'
                      destinationAddressPrefix: 'string'
                      destinationAddressPrefixes: [
                        'string'
                      ]
                      destinationApplicationSecurityGroups: [
                        {
                          id: 'string'
                          location: 'string'
                          properties: {}
                          tags: {
                            {customized property}: 'string'
                          }
                        }
                      ]
                      destinationPortRange: 'string'
                      destinationPortRanges: [
                        'string'
                      ]
                      direction: 'string'
                      priority: int
                      protocol: 'string'
                      sourceAddressPrefix: 'string'
                      sourceAddressPrefixes: [
                        'string'
                      ]
                      sourceApplicationSecurityGroups: [
                        {
                          id: 'string'
                          location: 'string'
                          properties: {}
                          tags: {
                            {customized property}: 'string'
                          }
                        }
                      ]
                      sourcePortRange: 'string'
                      sourcePortRanges: [
                        'string'
                      ]
                    }
                  }
                ]
              }
              tags: {
                {customized property}: 'string'
              }
            }
            privateEndpointNetworkPolicies: 'string'
            privateLinkServiceNetworkPolicies: 'string'
            routeTable: {
              id: 'string'
              location: 'string'
              properties: {
                disableBgpRoutePropagation: bool
                routes: [
                  {
                    id: 'string'
                    name: 'string'
                    properties: {
                      addressPrefix: 'string'
                      nextHopIpAddress: 'string'
                      nextHopType: 'string'
                    }
                  }
                ]
              }
              tags: {
                {customized property}: 'string'
              }
            }
            serviceEndpointPolicies: [
              {
                id: 'string'
                location: 'string'
                properties: {
                  serviceEndpointPolicyDefinitions: [
                    {
                      id: 'string'
                      name: 'string'
                      properties: {
                        description: 'string'
                        service: 'string'
                        serviceResources: [
                          'string'
                        ]
                      }
                    }
                  ]
                }
                tags: {
                  {customized property}: 'string'
                }
              }
            ]
            serviceEndpoints: [
              {
                locations: [
                  'string'
                ]
                service: 'string'
              }
            ]
          }
        }
        virtualNetworkTaps: [
          {
            id: 'string'
            location: 'string'
            properties: ...
            tags: {
              {customized property}: 'string'
            }
          }
        ]
      }
    }
    destinationPort: int
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

ApplicationGatewayBackendAddress

Name Description Value
fqdn Fully qualified domain name (FQDN). string
ipAddress IP address. string

ApplicationGatewayBackendAddressPool

Name Description Value
id Resource ID. string
name Name of the backend address pool that is unique within an Application Gateway. string
properties Properties of the application gateway backend address pool. ApplicationGatewayBackendAddressPoolPropertiesFormat

ApplicationGatewayBackendAddressPoolPropertiesFormat

Name Description Value
backendAddresses Backend addresses. ApplicationGatewayBackendAddress[]

ApplicationSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the application security group. ApplicationSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

ApplicationSecurityGroupPropertiesFormat

Name Description Value

BackendAddressPool

Name Description Value
id Resource ID. string
name The name of the resource that is unique within the set of backend address pools used by the load balancer. This name can be used to access the resource. string
properties Properties of load balancer backend address pool. BackendAddressPoolPropertiesFormat

BackendAddressPoolPropertiesFormat

Name Description Value

DdosSettings

Name Description Value
ddosCustomPolicy The DDoS custom policy associated with the public IP. SubResource
protectedIP Enables DDoS protection on the public IP. bool
protectionCoverage The DDoS protection policy customizability of the public IP. Only standard coverage will have the ability to be customized. 'Basic'
'Standard'

Delegation

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a subnet. This name can be used to access the resource. string
properties Properties of the subnet. ServiceDelegationPropertiesFormat

FrontendIPConfiguration

Name Description Value
id Resource ID. string
name The name of the resource that is unique within the set of frontend IP configurations used by the load balancer. This name can be used to access the resource. string
properties Properties of the load balancer probe. FrontendIPConfigurationPropertiesFormat
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

FrontendIPConfigurationPropertiesFormat

Name Description Value
privateIPAddress The private IP address of the IP configuration. string
privateIPAddressVersion Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. 'IPv4'
'IPv6'
privateIPAllocationMethod The Private IP allocation method. 'Dynamic'
'Static'
publicIPAddress The reference to the Public IP resource. PublicIPAddress
publicIPPrefix The reference to the Public IP Prefix resource. SubResource
subnet The reference to the subnet resource. Subnet

InboundNatRule

Name Description Value
id Resource ID. string
name The name of the resource that is unique within the set of inbound NAT rules used by the load balancer. This name can be used to access the resource. string
properties Properties of load balancer inbound nat rule. InboundNatRulePropertiesFormat

InboundNatRulePropertiesFormat

Name Description Value
backendPort The port used for the internal endpoint. Acceptable values range from 1 to 65535. int
enableFloatingIP Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. bool
enableTcpReset Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. bool
frontendIPConfiguration A reference to frontend IP addresses. SubResource
frontendPort The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. int
idleTimeoutInMinutes The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. int
protocol The reference to the transport protocol used by the load balancing rule. 'All'
'Tcp'
'Udp'

IpTag

Name Description Value
ipTagType The IP tag type. Example: FirstPartyUsage. string
tag The value of the IP tag associated with the public IP. Example: SQL. string

Microsoft.Network/virtualNetworkTaps

Name Description Value
location Resource location. string
name The resource name string (required)
properties Virtual Network Tap Properties. VirtualNetworkTapPropertiesFormat
tags Resource tags Dictionary of tag names and values. See Tags in templates

NetworkInterfaceIPConfiguration

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Network interface IP configuration properties. NetworkInterfaceIPConfigurationPropertiesFormat

NetworkInterfaceIPConfigurationPropertiesFormat

Name Description Value
applicationGatewayBackendAddressPools The reference to ApplicationGatewayBackendAddressPool resource. ApplicationGatewayBackendAddressPool[]
applicationSecurityGroups Application security groups in which the IP configuration is included. ApplicationSecurityGroup[]
loadBalancerBackendAddressPools The reference to LoadBalancerBackendAddressPool resource. BackendAddressPool[]
loadBalancerInboundNatRules A list of references of LoadBalancerInboundNatRules. InboundNatRule[]
primary Whether this is a primary customer address on the network interface. bool
privateIPAddress Private IP address of the IP configuration. string
privateIPAddressVersion Whether the specific IP configuration is IPv4 or IPv6. Default is IPv4. 'IPv4'
'IPv6'
privateIPAllocationMethod The private IP address allocation method. 'Dynamic'
'Static'
publicIPAddress Public IP address bound to the IP configuration. PublicIPAddress
subnet Subnet bound to the IP configuration. Subnet
virtualNetworkTaps The reference to Virtual Network Taps. VirtualNetworkTap[]

NetworkSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the network security group. NetworkSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

NetworkSecurityGroupPropertiesFormat

Name Description Value
securityRules A collection of security rules of the network security group. SecurityRule[]

PublicIPAddress

Name Description Value
id Resource ID. string
location Resource location. string
properties Public IP address properties. PublicIPAddressPropertiesFormat
sku The public IP address SKU. PublicIPAddressSku
tags Resource tags. ResourceTags
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

PublicIPAddressDnsSettings

Name Description Value
domainNameLabel The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. string
fqdn The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. string
reverseFqdn The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. string

PublicIPAddressPropertiesFormat

Name Description Value
ddosSettings The DDoS protection custom policy associated with the public IP address. DdosSettings
dnsSettings The FQDN of the DNS record associated with the public IP address. PublicIPAddressDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipAddress The IP address associated with the public IP address resource. string
ipTags The list of tags associated with the public IP address. IpTag[]
publicIPAddressVersion The public IP address version. 'IPv4'
'IPv6'
publicIPAllocationMethod The public IP address allocation method. 'Dynamic'
'Static'
publicIPPrefix The Public IP Prefix this Public IP Address should be allocated from. SubResource

PublicIPAddressSku

Name Description Value
name Name of a public IP address SKU. 'Basic'
'Standard'

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

Route

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the route. RoutePropertiesFormat

RoutePropertiesFormat

Name Description Value
addressPrefix The destination CIDR to which the route applies. string
nextHopIpAddress The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType The type of Azure hop the packet should be sent to. 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)

RouteTable

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the route table. RouteTablePropertiesFormat
tags Resource tags. ResourceTags

RouteTablePropertiesFormat

Name Description Value
disableBgpRoutePropagation Whether to disable the routes learned by BGP on that route table. True means disable. bool
routes Collection of routes contained within a route table. Route[]

SecurityRule

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the security rule. SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationApplicationSecurityGroups The application security group specified as destination. ApplicationSecurityGroup[]
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Network protocol this rule applies to. '*'
'Ah'
'Esp'
'Icmp'
'Tcp'
'Udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourceApplicationSecurityGroups The application security group specified as source. ApplicationSecurityGroup[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]

ServiceDelegationPropertiesFormat

Name Description Value
serviceName The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). string

ServiceEndpointPolicy

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the service end point policy. ServiceEndpointPolicyPropertiesFormat
tags Resource tags. ResourceTags

ServiceEndpointPolicyDefinition

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the service endpoint policy definition. ServiceEndpointPolicyDefinitionPropertiesFormat

ServiceEndpointPolicyDefinitionPropertiesFormat

Name Description Value
description A description for this rule. Restricted to 140 chars. string
service Service endpoint name. string
serviceResources A list of service resources. string[]

ServiceEndpointPolicyPropertiesFormat

Name Description Value
serviceEndpointPolicyDefinitions A collection of service endpoint policy definitions of the service endpoint policy. ServiceEndpointPolicyDefinition[]

ServiceEndpointPropertiesFormat

Name Description Value
locations A list of locations. string[]
service The type of the endpoint service. string

Subnet

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the subnet. SubnetPropertiesFormat

SubnetPropertiesFormat

Name Description Value
addressPrefix The address prefix for the subnet. string
addressPrefixes List of address prefixes for the subnet. string[]
delegations An array of references to the delegations on the subnet. Delegation[]
natGateway Nat gateway associated with this subnet. SubResource
networkSecurityGroup The reference to the NetworkSecurityGroup resource. NetworkSecurityGroup
privateEndpointNetworkPolicies Enable or Disable apply network policies on private end point in the subnet. string
privateLinkServiceNetworkPolicies Enable or Disable apply network policies on private link service in the subnet. string
routeTable The reference to the RouteTable resource. RouteTable
serviceEndpointPolicies An array of service endpoint policies. ServiceEndpointPolicy[]
serviceEndpoints An array of service endpoints. ServiceEndpointPropertiesFormat[]

SubResource

Name Description Value
id Resource ID. string

VirtualNetworkTap

Name Description Value
id Resource ID. string
location Resource location. string
properties Virtual Network Tap Properties. VirtualNetworkTapPropertiesFormat
tags Resource tags. ResourceTags

VirtualNetworkTapPropertiesFormat

Name Description Value
destinationLoadBalancerFrontEndIPConfiguration The reference to the private IP address on the internal Load Balancer that will receive the tap. FrontendIPConfiguration
destinationNetworkInterfaceIPConfiguration The reference to the private IP Address of the collector nic that will receive the tap. NetworkInterfaceIPConfiguration
destinationPort The VXLAN destination port that will receive the tapped traffic. int

ARM template resource definition

The virtualNetworkTaps resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualNetworkTaps resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/virtualNetworkTaps",
  "apiVersion": "2019-11-01",
  "name": "string",
  "location": "string",
  "properties": {
    "destinationLoadBalancerFrontEndIPConfiguration": {
      "id": "string",
      "name": "string",
      "properties": {
        "privateIPAddress": "string",
        "privateIPAddressVersion": "string",
        "privateIPAllocationMethod": "string",
        "publicIPAddress": {
          "id": "string",
          "location": "string",
          "properties": {
            "ddosSettings": {
              "ddosCustomPolicy": {
                "id": "string"
              },
              "protectedIP": "bool",
              "protectionCoverage": "string"
            },
            "dnsSettings": {
              "domainNameLabel": "string",
              "fqdn": "string",
              "reverseFqdn": "string"
            },
            "idleTimeoutInMinutes": "int",
            "ipAddress": "string",
            "ipTags": [
              {
                "ipTagType": "string",
                "tag": "string"
              }
            ],
            "publicIPAddressVersion": "string",
            "publicIPAllocationMethod": "string",
            "publicIPPrefix": {
              "id": "string"
            }
          },
          "sku": {
            "name": "string"
          },
          "tags": {
            "{customized property}": "string"
          },
          "zones": [ "string" ]
        },
        "publicIPPrefix": {
          "id": "string"
        },
        "subnet": {
          "id": "string",
          "name": "string",
          "properties": {
            "addressPrefix": "string",
            "addressPrefixes": [ "string" ],
            "delegations": [
              {
                "id": "string",
                "name": "string",
                "properties": {
                  "serviceName": "string"
                }
              }
            ],
            "natGateway": {
              "id": "string"
            },
            "networkSecurityGroup": {
              "id": "string",
              "location": "string",
              "properties": {
                "securityRules": [
                  {
                    "id": "string",
                    "name": "string",
                    "properties": {
                      "access": "string",
                      "description": "string",
                      "destinationAddressPrefix": "string",
                      "destinationAddressPrefixes": [ "string" ],
                      "destinationApplicationSecurityGroups": [
                        {
                          "id": "string",
                          "location": "string",
                          "properties": {
                          },
                          "tags": {
                            "{customized property}": "string"
                          }
                        }
                      ],
                      "destinationPortRange": "string",
                      "destinationPortRanges": [ "string" ],
                      "direction": "string",
                      "priority": "int",
                      "protocol": "string",
                      "sourceAddressPrefix": "string",
                      "sourceAddressPrefixes": [ "string" ],
                      "sourceApplicationSecurityGroups": [
                        {
                          "id": "string",
                          "location": "string",
                          "properties": {
                          },
                          "tags": {
                            "{customized property}": "string"
                          }
                        }
                      ],
                      "sourcePortRange": "string",
                      "sourcePortRanges": [ "string" ]
                    }
                  }
                ]
              },
              "tags": {
                "{customized property}": "string"
              }
            },
            "privateEndpointNetworkPolicies": "string",
            "privateLinkServiceNetworkPolicies": "string",
            "routeTable": {
              "id": "string",
              "location": "string",
              "properties": {
                "disableBgpRoutePropagation": "bool",
                "routes": [
                  {
                    "id": "string",
                    "name": "string",
                    "properties": {
                      "addressPrefix": "string",
                      "nextHopIpAddress": "string",
                      "nextHopType": "string"
                    }
                  }
                ]
              },
              "tags": {
                "{customized property}": "string"
              }
            },
            "serviceEndpointPolicies": [
              {
                "id": "string",
                "location": "string",
                "properties": {
                  "serviceEndpointPolicyDefinitions": [
                    {
                      "id": "string",
                      "name": "string",
                      "properties": {
                        "description": "string",
                        "service": "string",
                        "serviceResources": [ "string" ]
                      }
                    }
                  ]
                },
                "tags": {
                  "{customized property}": "string"
                }
              }
            ],
            "serviceEndpoints": [
              {
                "locations": [ "string" ],
                "service": "string"
              }
            ]
          }
        }
      },
      "zones": [ "string" ]
    },
    "destinationNetworkInterfaceIPConfiguration": {
      "id": "string",
      "name": "string",
      "properties": {
        "applicationGatewayBackendAddressPools": [
          {
            "id": "string",
            "name": "string",
            "properties": {
              "backendAddresses": [
                {
                  "fqdn": "string",
                  "ipAddress": "string"
                }
              ]
            }
          }
        ],
        "applicationSecurityGroups": [
          {
            "id": "string",
            "location": "string",
            "properties": {
            },
            "tags": {
              "{customized property}": "string"
            }
          }
        ],
        "loadBalancerBackendAddressPools": [
          {
            "id": "string",
            "name": "string",
            "properties": {
            }
          }
        ],
        "loadBalancerInboundNatRules": [
          {
            "id": "string",
            "name": "string",
            "properties": {
              "backendPort": "int",
              "enableFloatingIP": "bool",
              "enableTcpReset": "bool",
              "frontendIPConfiguration": {
                "id": "string"
              },
              "frontendPort": "int",
              "idleTimeoutInMinutes": "int",
              "protocol": "string"
            }
          }
        ],
        "primary": "bool",
        "privateIPAddress": "string",
        "privateIPAddressVersion": "string",
        "privateIPAllocationMethod": "string",
        "publicIPAddress": {
          "id": "string",
          "location": "string",
          "properties": {
            "ddosSettings": {
              "ddosCustomPolicy": {
                "id": "string"
              },
              "protectedIP": "bool",
              "protectionCoverage": "string"
            },
            "dnsSettings": {
              "domainNameLabel": "string",
              "fqdn": "string",
              "reverseFqdn": "string"
            },
            "idleTimeoutInMinutes": "int",
            "ipAddress": "string",
            "ipTags": [
              {
                "ipTagType": "string",
                "tag": "string"
              }
            ],
            "publicIPAddressVersion": "string",
            "publicIPAllocationMethod": "string",
            "publicIPPrefix": {
              "id": "string"
            }
          },
          "sku": {
            "name": "string"
          },
          "tags": {
            "{customized property}": "string"
          },
          "zones": [ "string" ]
        },
        "subnet": {
          "id": "string",
          "name": "string",
          "properties": {
            "addressPrefix": "string",
            "addressPrefixes": [ "string" ],
            "delegations": [
              {
                "id": "string",
                "name": "string",
                "properties": {
                  "serviceName": "string"
                }
              }
            ],
            "natGateway": {
              "id": "string"
            },
            "networkSecurityGroup": {
              "id": "string",
              "location": "string",
              "properties": {
                "securityRules": [
                  {
                    "id": "string",
                    "name": "string",
                    "properties": {
                      "access": "string",
                      "description": "string",
                      "destinationAddressPrefix": "string",
                      "destinationAddressPrefixes": [ "string" ],
                      "destinationApplicationSecurityGroups": [
                        {
                          "id": "string",
                          "location": "string",
                          "properties": {
                          },
                          "tags": {
                            "{customized property}": "string"
                          }
                        }
                      ],
                      "destinationPortRange": "string",
                      "destinationPortRanges": [ "string" ],
                      "direction": "string",
                      "priority": "int",
                      "protocol": "string",
                      "sourceAddressPrefix": "string",
                      "sourceAddressPrefixes": [ "string" ],
                      "sourceApplicationSecurityGroups": [
                        {
                          "id": "string",
                          "location": "string",
                          "properties": {
                          },
                          "tags": {
                            "{customized property}": "string"
                          }
                        }
                      ],
                      "sourcePortRange": "string",
                      "sourcePortRanges": [ "string" ]
                    }
                  }
                ]
              },
              "tags": {
                "{customized property}": "string"
              }
            },
            "privateEndpointNetworkPolicies": "string",
            "privateLinkServiceNetworkPolicies": "string",
            "routeTable": {
              "id": "string",
              "location": "string",
              "properties": {
                "disableBgpRoutePropagation": "bool",
                "routes": [
                  {
                    "id": "string",
                    "name": "string",
                    "properties": {
                      "addressPrefix": "string",
                      "nextHopIpAddress": "string",
                      "nextHopType": "string"
                    }
                  }
                ]
              },
              "tags": {
                "{customized property}": "string"
              }
            },
            "serviceEndpointPolicies": [
              {
                "id": "string",
                "location": "string",
                "properties": {
                  "serviceEndpointPolicyDefinitions": [
                    {
                      "id": "string",
                      "name": "string",
                      "properties": {
                        "description": "string",
                        "service": "string",
                        "serviceResources": [ "string" ]
                      }
                    }
                  ]
                },
                "tags": {
                  "{customized property}": "string"
                }
              }
            ],
            "serviceEndpoints": [
              {
                "locations": [ "string" ],
                "service": "string"
              }
            ]
          }
        },
        "virtualNetworkTaps": [
          {
            "id": "string",
            "location": "string",
            "properties": ...,
            "tags": {
              "{customized property}": "string"
            }
          }
        ]
      }
    },
    "destinationPort": "int"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

ApplicationGatewayBackendAddress

Name Description Value
fqdn Fully qualified domain name (FQDN). string
ipAddress IP address. string

ApplicationGatewayBackendAddressPool

Name Description Value
id Resource ID. string
name Name of the backend address pool that is unique within an Application Gateway. string
properties Properties of the application gateway backend address pool. ApplicationGatewayBackendAddressPoolPropertiesFormat

ApplicationGatewayBackendAddressPoolPropertiesFormat

Name Description Value
backendAddresses Backend addresses. ApplicationGatewayBackendAddress[]

ApplicationSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the application security group. ApplicationSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

ApplicationSecurityGroupPropertiesFormat

Name Description Value

BackendAddressPool

Name Description Value
id Resource ID. string
name The name of the resource that is unique within the set of backend address pools used by the load balancer. This name can be used to access the resource. string
properties Properties of load balancer backend address pool. BackendAddressPoolPropertiesFormat

BackendAddressPoolPropertiesFormat

Name Description Value

DdosSettings

Name Description Value
ddosCustomPolicy The DDoS custom policy associated with the public IP. SubResource
protectedIP Enables DDoS protection on the public IP. bool
protectionCoverage The DDoS protection policy customizability of the public IP. Only standard coverage will have the ability to be customized. 'Basic'
'Standard'

Delegation

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a subnet. This name can be used to access the resource. string
properties Properties of the subnet. ServiceDelegationPropertiesFormat

FrontendIPConfiguration

Name Description Value
id Resource ID. string
name The name of the resource that is unique within the set of frontend IP configurations used by the load balancer. This name can be used to access the resource. string
properties Properties of the load balancer probe. FrontendIPConfigurationPropertiesFormat
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

FrontendIPConfigurationPropertiesFormat

Name Description Value
privateIPAddress The private IP address of the IP configuration. string
privateIPAddressVersion Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. 'IPv4'
'IPv6'
privateIPAllocationMethod The Private IP allocation method. 'Dynamic'
'Static'
publicIPAddress The reference to the Public IP resource. PublicIPAddress
publicIPPrefix The reference to the Public IP Prefix resource. SubResource
subnet The reference to the subnet resource. Subnet

InboundNatRule

Name Description Value
id Resource ID. string
name The name of the resource that is unique within the set of inbound NAT rules used by the load balancer. This name can be used to access the resource. string
properties Properties of load balancer inbound nat rule. InboundNatRulePropertiesFormat

InboundNatRulePropertiesFormat

Name Description Value
backendPort The port used for the internal endpoint. Acceptable values range from 1 to 65535. int
enableFloatingIP Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. bool
enableTcpReset Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. bool
frontendIPConfiguration A reference to frontend IP addresses. SubResource
frontendPort The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. int
idleTimeoutInMinutes The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. int
protocol The reference to the transport protocol used by the load balancing rule. 'All'
'Tcp'
'Udp'

IpTag

Name Description Value
ipTagType The IP tag type. Example: FirstPartyUsage. string
tag The value of the IP tag associated with the public IP. Example: SQL. string

Microsoft.Network/virtualNetworkTaps

Name Description Value
apiVersion The api version '2019-11-01'
location Resource location. string
name The resource name string (required)
properties Virtual Network Tap Properties. VirtualNetworkTapPropertiesFormat
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Network/virtualNetworkTaps'

NetworkInterfaceIPConfiguration

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Network interface IP configuration properties. NetworkInterfaceIPConfigurationPropertiesFormat

NetworkInterfaceIPConfigurationPropertiesFormat

Name Description Value
applicationGatewayBackendAddressPools The reference to ApplicationGatewayBackendAddressPool resource. ApplicationGatewayBackendAddressPool[]
applicationSecurityGroups Application security groups in which the IP configuration is included. ApplicationSecurityGroup[]
loadBalancerBackendAddressPools The reference to LoadBalancerBackendAddressPool resource. BackendAddressPool[]
loadBalancerInboundNatRules A list of references of LoadBalancerInboundNatRules. InboundNatRule[]
primary Whether this is a primary customer address on the network interface. bool
privateIPAddress Private IP address of the IP configuration. string
privateIPAddressVersion Whether the specific IP configuration is IPv4 or IPv6. Default is IPv4. 'IPv4'
'IPv6'
privateIPAllocationMethod The private IP address allocation method. 'Dynamic'
'Static'
publicIPAddress Public IP address bound to the IP configuration. PublicIPAddress
subnet Subnet bound to the IP configuration. Subnet
virtualNetworkTaps The reference to Virtual Network Taps. VirtualNetworkTap[]

NetworkSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the network security group. NetworkSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

NetworkSecurityGroupPropertiesFormat

Name Description Value
securityRules A collection of security rules of the network security group. SecurityRule[]

PublicIPAddress

Name Description Value
id Resource ID. string
location Resource location. string
properties Public IP address properties. PublicIPAddressPropertiesFormat
sku The public IP address SKU. PublicIPAddressSku
tags Resource tags. ResourceTags
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

PublicIPAddressDnsSettings

Name Description Value
domainNameLabel The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. string
fqdn The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. string
reverseFqdn The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. string

PublicIPAddressPropertiesFormat

Name Description Value
ddosSettings The DDoS protection custom policy associated with the public IP address. DdosSettings
dnsSettings The FQDN of the DNS record associated with the public IP address. PublicIPAddressDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipAddress The IP address associated with the public IP address resource. string
ipTags The list of tags associated with the public IP address. IpTag[]
publicIPAddressVersion The public IP address version. 'IPv4'
'IPv6'
publicIPAllocationMethod The public IP address allocation method. 'Dynamic'
'Static'
publicIPPrefix The Public IP Prefix this Public IP Address should be allocated from. SubResource

PublicIPAddressSku

Name Description Value
name Name of a public IP address SKU. 'Basic'
'Standard'

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

Route

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the route. RoutePropertiesFormat

RoutePropertiesFormat

Name Description Value
addressPrefix The destination CIDR to which the route applies. string
nextHopIpAddress The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType The type of Azure hop the packet should be sent to. 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)

RouteTable

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the route table. RouteTablePropertiesFormat
tags Resource tags. ResourceTags

RouteTablePropertiesFormat

Name Description Value
disableBgpRoutePropagation Whether to disable the routes learned by BGP on that route table. True means disable. bool
routes Collection of routes contained within a route table. Route[]

SecurityRule

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the security rule. SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationApplicationSecurityGroups The application security group specified as destination. ApplicationSecurityGroup[]
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Network protocol this rule applies to. '*'
'Ah'
'Esp'
'Icmp'
'Tcp'
'Udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourceApplicationSecurityGroups The application security group specified as source. ApplicationSecurityGroup[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]

ServiceDelegationPropertiesFormat

Name Description Value
serviceName The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). string

ServiceEndpointPolicy

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the service end point policy. ServiceEndpointPolicyPropertiesFormat
tags Resource tags. ResourceTags

ServiceEndpointPolicyDefinition

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the service endpoint policy definition. ServiceEndpointPolicyDefinitionPropertiesFormat

ServiceEndpointPolicyDefinitionPropertiesFormat

Name Description Value
description A description for this rule. Restricted to 140 chars. string
service Service endpoint name. string
serviceResources A list of service resources. string[]

ServiceEndpointPolicyPropertiesFormat

Name Description Value
serviceEndpointPolicyDefinitions A collection of service endpoint policy definitions of the service endpoint policy. ServiceEndpointPolicyDefinition[]

ServiceEndpointPropertiesFormat

Name Description Value
locations A list of locations. string[]
service The type of the endpoint service. string

Subnet

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the subnet. SubnetPropertiesFormat

SubnetPropertiesFormat

Name Description Value
addressPrefix The address prefix for the subnet. string
addressPrefixes List of address prefixes for the subnet. string[]
delegations An array of references to the delegations on the subnet. Delegation[]
natGateway Nat gateway associated with this subnet. SubResource
networkSecurityGroup The reference to the NetworkSecurityGroup resource. NetworkSecurityGroup
privateEndpointNetworkPolicies Enable or Disable apply network policies on private end point in the subnet. string
privateLinkServiceNetworkPolicies Enable or Disable apply network policies on private link service in the subnet. string
routeTable The reference to the RouteTable resource. RouteTable
serviceEndpointPolicies An array of service endpoint policies. ServiceEndpointPolicy[]
serviceEndpoints An array of service endpoints. ServiceEndpointPropertiesFormat[]

SubResource

Name Description Value
id Resource ID. string

VirtualNetworkTap

Name Description Value
id Resource ID. string
location Resource location. string
properties Virtual Network Tap Properties. VirtualNetworkTapPropertiesFormat
tags Resource tags. ResourceTags

VirtualNetworkTapPropertiesFormat

Name Description Value
destinationLoadBalancerFrontEndIPConfiguration The reference to the private IP address on the internal Load Balancer that will receive the tap. FrontendIPConfiguration
destinationNetworkInterfaceIPConfiguration The reference to the private IP Address of the collector nic that will receive the tap. NetworkInterfaceIPConfiguration
destinationPort The VXLAN destination port that will receive the tapped traffic. int

Terraform (AzAPI provider) resource definition

The virtualNetworkTaps resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualNetworkTaps resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/virtualNetworkTaps@2019-11-01"
  name = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      destinationLoadBalancerFrontEndIPConfiguration = {
        id = "string"
        name = "string"
        properties = {
          privateIPAddress = "string"
          privateIPAddressVersion = "string"
          privateIPAllocationMethod = "string"
          publicIPAddress = {
            id = "string"
            location = "string"
            properties = {
              ddosSettings = {
                ddosCustomPolicy = {
                  id = "string"
                }
                protectedIP = bool
                protectionCoverage = "string"
              }
              dnsSettings = {
                domainNameLabel = "string"
                fqdn = "string"
                reverseFqdn = "string"
              }
              idleTimeoutInMinutes = int
              ipAddress = "string"
              ipTags = [
                {
                  ipTagType = "string"
                  tag = "string"
                }
              ]
              publicIPAddressVersion = "string"
              publicIPAllocationMethod = "string"
              publicIPPrefix = {
                id = "string"
              }
            }
            sku = {
              name = "string"
            }
            tags = {
              {customized property} = "string"
            }
            zones = [
              "string"
            ]
          }
          publicIPPrefix = {
            id = "string"
          }
          subnet = {
            id = "string"
            name = "string"
            properties = {
              addressPrefix = "string"
              addressPrefixes = [
                "string"
              ]
              delegations = [
                {
                  id = "string"
                  name = "string"
                  properties = {
                    serviceName = "string"
                  }
                }
              ]
              natGateway = {
                id = "string"
              }
              networkSecurityGroup = {
                id = "string"
                location = "string"
                properties = {
                  securityRules = [
                    {
                      id = "string"
                      name = "string"
                      properties = {
                        access = "string"
                        description = "string"
                        destinationAddressPrefix = "string"
                        destinationAddressPrefixes = [
                          "string"
                        ]
                        destinationApplicationSecurityGroups = [
                          {
                            id = "string"
                            location = "string"
                            properties = {
                            }
                            tags = {
                              {customized property} = "string"
                            }
                          }
                        ]
                        destinationPortRange = "string"
                        destinationPortRanges = [
                          "string"
                        ]
                        direction = "string"
                        priority = int
                        protocol = "string"
                        sourceAddressPrefix = "string"
                        sourceAddressPrefixes = [
                          "string"
                        ]
                        sourceApplicationSecurityGroups = [
                          {
                            id = "string"
                            location = "string"
                            properties = {
                            }
                            tags = {
                              {customized property} = "string"
                            }
                          }
                        ]
                        sourcePortRange = "string"
                        sourcePortRanges = [
                          "string"
                        ]
                      }
                    }
                  ]
                }
                tags = {
                  {customized property} = "string"
                }
              }
              privateEndpointNetworkPolicies = "string"
              privateLinkServiceNetworkPolicies = "string"
              routeTable = {
                id = "string"
                location = "string"
                properties = {
                  disableBgpRoutePropagation = bool
                  routes = [
                    {
                      id = "string"
                      name = "string"
                      properties = {
                        addressPrefix = "string"
                        nextHopIpAddress = "string"
                        nextHopType = "string"
                      }
                    }
                  ]
                }
                tags = {
                  {customized property} = "string"
                }
              }
              serviceEndpointPolicies = [
                {
                  id = "string"
                  location = "string"
                  properties = {
                    serviceEndpointPolicyDefinitions = [
                      {
                        id = "string"
                        name = "string"
                        properties = {
                          description = "string"
                          service = "string"
                          serviceResources = [
                            "string"
                          ]
                        }
                      }
                    ]
                  }
                  tags = {
                    {customized property} = "string"
                  }
                }
              ]
              serviceEndpoints = [
                {
                  locations = [
                    "string"
                  ]
                  service = "string"
                }
              ]
            }
          }
        }
        zones = [
          "string"
        ]
      }
      destinationNetworkInterfaceIPConfiguration = {
        id = "string"
        name = "string"
        properties = {
          applicationGatewayBackendAddressPools = [
            {
              id = "string"
              name = "string"
              properties = {
                backendAddresses = [
                  {
                    fqdn = "string"
                    ipAddress = "string"
                  }
                ]
              }
            }
          ]
          applicationSecurityGroups = [
            {
              id = "string"
              location = "string"
              properties = {
              }
              tags = {
                {customized property} = "string"
              }
            }
          ]
          loadBalancerBackendAddressPools = [
            {
              id = "string"
              name = "string"
              properties = {
              }
            }
          ]
          loadBalancerInboundNatRules = [
            {
              id = "string"
              name = "string"
              properties = {
                backendPort = int
                enableFloatingIP = bool
                enableTcpReset = bool
                frontendIPConfiguration = {
                  id = "string"
                }
                frontendPort = int
                idleTimeoutInMinutes = int
                protocol = "string"
              }
            }
          ]
          primary = bool
          privateIPAddress = "string"
          privateIPAddressVersion = "string"
          privateIPAllocationMethod = "string"
          publicIPAddress = {
            id = "string"
            location = "string"
            properties = {
              ddosSettings = {
                ddosCustomPolicy = {
                  id = "string"
                }
                protectedIP = bool
                protectionCoverage = "string"
              }
              dnsSettings = {
                domainNameLabel = "string"
                fqdn = "string"
                reverseFqdn = "string"
              }
              idleTimeoutInMinutes = int
              ipAddress = "string"
              ipTags = [
                {
                  ipTagType = "string"
                  tag = "string"
                }
              ]
              publicIPAddressVersion = "string"
              publicIPAllocationMethod = "string"
              publicIPPrefix = {
                id = "string"
              }
            }
            sku = {
              name = "string"
            }
            tags = {
              {customized property} = "string"
            }
            zones = [
              "string"
            ]
          }
          subnet = {
            id = "string"
            name = "string"
            properties = {
              addressPrefix = "string"
              addressPrefixes = [
                "string"
              ]
              delegations = [
                {
                  id = "string"
                  name = "string"
                  properties = {
                    serviceName = "string"
                  }
                }
              ]
              natGateway = {
                id = "string"
              }
              networkSecurityGroup = {
                id = "string"
                location = "string"
                properties = {
                  securityRules = [
                    {
                      id = "string"
                      name = "string"
                      properties = {
                        access = "string"
                        description = "string"
                        destinationAddressPrefix = "string"
                        destinationAddressPrefixes = [
                          "string"
                        ]
                        destinationApplicationSecurityGroups = [
                          {
                            id = "string"
                            location = "string"
                            properties = {
                            }
                            tags = {
                              {customized property} = "string"
                            }
                          }
                        ]
                        destinationPortRange = "string"
                        destinationPortRanges = [
                          "string"
                        ]
                        direction = "string"
                        priority = int
                        protocol = "string"
                        sourceAddressPrefix = "string"
                        sourceAddressPrefixes = [
                          "string"
                        ]
                        sourceApplicationSecurityGroups = [
                          {
                            id = "string"
                            location = "string"
                            properties = {
                            }
                            tags = {
                              {customized property} = "string"
                            }
                          }
                        ]
                        sourcePortRange = "string"
                        sourcePortRanges = [
                          "string"
                        ]
                      }
                    }
                  ]
                }
                tags = {
                  {customized property} = "string"
                }
              }
              privateEndpointNetworkPolicies = "string"
              privateLinkServiceNetworkPolicies = "string"
              routeTable = {
                id = "string"
                location = "string"
                properties = {
                  disableBgpRoutePropagation = bool
                  routes = [
                    {
                      id = "string"
                      name = "string"
                      properties = {
                        addressPrefix = "string"
                        nextHopIpAddress = "string"
                        nextHopType = "string"
                      }
                    }
                  ]
                }
                tags = {
                  {customized property} = "string"
                }
              }
              serviceEndpointPolicies = [
                {
                  id = "string"
                  location = "string"
                  properties = {
                    serviceEndpointPolicyDefinitions = [
                      {
                        id = "string"
                        name = "string"
                        properties = {
                          description = "string"
                          service = "string"
                          serviceResources = [
                            "string"
                          ]
                        }
                      }
                    ]
                  }
                  tags = {
                    {customized property} = "string"
                  }
                }
              ]
              serviceEndpoints = [
                {
                  locations = [
                    "string"
                  ]
                  service = "string"
                }
              ]
            }
          }
          virtualNetworkTaps = [
            {
              id = "string"
              location = "string"
              properties = ...
              tags = {
                {customized property} = "string"
              }
            }
          ]
        }
      }
      destinationPort = int
    }
  })
}

Property values

ApplicationGatewayBackendAddress

Name Description Value
fqdn Fully qualified domain name (FQDN). string
ipAddress IP address. string

ApplicationGatewayBackendAddressPool

Name Description Value
id Resource ID. string
name Name of the backend address pool that is unique within an Application Gateway. string
properties Properties of the application gateway backend address pool. ApplicationGatewayBackendAddressPoolPropertiesFormat

ApplicationGatewayBackendAddressPoolPropertiesFormat

Name Description Value
backendAddresses Backend addresses. ApplicationGatewayBackendAddress[]

ApplicationSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the application security group. ApplicationSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

ApplicationSecurityGroupPropertiesFormat

Name Description Value

BackendAddressPool

Name Description Value
id Resource ID. string
name The name of the resource that is unique within the set of backend address pools used by the load balancer. This name can be used to access the resource. string
properties Properties of load balancer backend address pool. BackendAddressPoolPropertiesFormat

BackendAddressPoolPropertiesFormat

Name Description Value

DdosSettings

Name Description Value
ddosCustomPolicy The DDoS custom policy associated with the public IP. SubResource
protectedIP Enables DDoS protection on the public IP. bool
protectionCoverage The DDoS protection policy customizability of the public IP. Only standard coverage will have the ability to be customized. 'Basic'
'Standard'

Delegation

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a subnet. This name can be used to access the resource. string
properties Properties of the subnet. ServiceDelegationPropertiesFormat

FrontendIPConfiguration

Name Description Value
id Resource ID. string
name The name of the resource that is unique within the set of frontend IP configurations used by the load balancer. This name can be used to access the resource. string
properties Properties of the load balancer probe. FrontendIPConfigurationPropertiesFormat
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

FrontendIPConfigurationPropertiesFormat

Name Description Value
privateIPAddress The private IP address of the IP configuration. string
privateIPAddressVersion Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. 'IPv4'
'IPv6'
privateIPAllocationMethod The Private IP allocation method. 'Dynamic'
'Static'
publicIPAddress The reference to the Public IP resource. PublicIPAddress
publicIPPrefix The reference to the Public IP Prefix resource. SubResource
subnet The reference to the subnet resource. Subnet

InboundNatRule

Name Description Value
id Resource ID. string
name The name of the resource that is unique within the set of inbound NAT rules used by the load balancer. This name can be used to access the resource. string
properties Properties of load balancer inbound nat rule. InboundNatRulePropertiesFormat

InboundNatRulePropertiesFormat

Name Description Value
backendPort The port used for the internal endpoint. Acceptable values range from 1 to 65535. int
enableFloatingIP Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. bool
enableTcpReset Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. bool
frontendIPConfiguration A reference to frontend IP addresses. SubResource
frontendPort The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. int
idleTimeoutInMinutes The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. int
protocol The reference to the transport protocol used by the load balancing rule. 'All'
'Tcp'
'Udp'

IpTag

Name Description Value
ipTagType The IP tag type. Example: FirstPartyUsage. string
tag The value of the IP tag associated with the public IP. Example: SQL. string

Microsoft.Network/virtualNetworkTaps

Name Description Value
location Resource location. string
name The resource name string (required)
properties Virtual Network Tap Properties. VirtualNetworkTapPropertiesFormat
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Network/virtualNetworkTaps@2019-11-01"

NetworkInterfaceIPConfiguration

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Network interface IP configuration properties. NetworkInterfaceIPConfigurationPropertiesFormat

NetworkInterfaceIPConfigurationPropertiesFormat

Name Description Value
applicationGatewayBackendAddressPools The reference to ApplicationGatewayBackendAddressPool resource. ApplicationGatewayBackendAddressPool[]
applicationSecurityGroups Application security groups in which the IP configuration is included. ApplicationSecurityGroup[]
loadBalancerBackendAddressPools The reference to LoadBalancerBackendAddressPool resource. BackendAddressPool[]
loadBalancerInboundNatRules A list of references of LoadBalancerInboundNatRules. InboundNatRule[]
primary Whether this is a primary customer address on the network interface. bool
privateIPAddress Private IP address of the IP configuration. string
privateIPAddressVersion Whether the specific IP configuration is IPv4 or IPv6. Default is IPv4. 'IPv4'
'IPv6'
privateIPAllocationMethod The private IP address allocation method. 'Dynamic'
'Static'
publicIPAddress Public IP address bound to the IP configuration. PublicIPAddress
subnet Subnet bound to the IP configuration. Subnet
virtualNetworkTaps The reference to Virtual Network Taps. VirtualNetworkTap[]

NetworkSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the network security group. NetworkSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

NetworkSecurityGroupPropertiesFormat

Name Description Value
securityRules A collection of security rules of the network security group. SecurityRule[]

PublicIPAddress

Name Description Value
id Resource ID. string
location Resource location. string
properties Public IP address properties. PublicIPAddressPropertiesFormat
sku The public IP address SKU. PublicIPAddressSku
tags Resource tags. ResourceTags
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

PublicIPAddressDnsSettings

Name Description Value
domainNameLabel The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. string
fqdn The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. string
reverseFqdn The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. string

PublicIPAddressPropertiesFormat

Name Description Value
ddosSettings The DDoS protection custom policy associated with the public IP address. DdosSettings
dnsSettings The FQDN of the DNS record associated with the public IP address. PublicIPAddressDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipAddress The IP address associated with the public IP address resource. string
ipTags The list of tags associated with the public IP address. IpTag[]
publicIPAddressVersion The public IP address version. 'IPv4'
'IPv6'
publicIPAllocationMethod The public IP address allocation method. 'Dynamic'
'Static'
publicIPPrefix The Public IP Prefix this Public IP Address should be allocated from. SubResource

PublicIPAddressSku

Name Description Value
name Name of a public IP address SKU. 'Basic'
'Standard'

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

Route

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the route. RoutePropertiesFormat

RoutePropertiesFormat

Name Description Value
addressPrefix The destination CIDR to which the route applies. string
nextHopIpAddress The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType The type of Azure hop the packet should be sent to. 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)

RouteTable

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the route table. RouteTablePropertiesFormat
tags Resource tags. ResourceTags

RouteTablePropertiesFormat

Name Description Value
disableBgpRoutePropagation Whether to disable the routes learned by BGP on that route table. True means disable. bool
routes Collection of routes contained within a route table. Route[]

SecurityRule

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the security rule. SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationApplicationSecurityGroups The application security group specified as destination. ApplicationSecurityGroup[]
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Network protocol this rule applies to. '*'
'Ah'
'Esp'
'Icmp'
'Tcp'
'Udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourceApplicationSecurityGroups The application security group specified as source. ApplicationSecurityGroup[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]

ServiceDelegationPropertiesFormat

Name Description Value
serviceName The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). string

ServiceEndpointPolicy

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the service end point policy. ServiceEndpointPolicyPropertiesFormat
tags Resource tags. ResourceTags

ServiceEndpointPolicyDefinition

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the service endpoint policy definition. ServiceEndpointPolicyDefinitionPropertiesFormat

ServiceEndpointPolicyDefinitionPropertiesFormat

Name Description Value
description A description for this rule. Restricted to 140 chars. string
service Service endpoint name. string
serviceResources A list of service resources. string[]

ServiceEndpointPolicyPropertiesFormat

Name Description Value
serviceEndpointPolicyDefinitions A collection of service endpoint policy definitions of the service endpoint policy. ServiceEndpointPolicyDefinition[]

ServiceEndpointPropertiesFormat

Name Description Value
locations A list of locations. string[]
service The type of the endpoint service. string

Subnet

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the subnet. SubnetPropertiesFormat

SubnetPropertiesFormat

Name Description Value
addressPrefix The address prefix for the subnet. string
addressPrefixes List of address prefixes for the subnet. string[]
delegations An array of references to the delegations on the subnet. Delegation[]
natGateway Nat gateway associated with this subnet. SubResource
networkSecurityGroup The reference to the NetworkSecurityGroup resource. NetworkSecurityGroup
privateEndpointNetworkPolicies Enable or Disable apply network policies on private end point in the subnet. string
privateLinkServiceNetworkPolicies Enable or Disable apply network policies on private link service in the subnet. string
routeTable The reference to the RouteTable resource. RouteTable
serviceEndpointPolicies An array of service endpoint policies. ServiceEndpointPolicy[]
serviceEndpoints An array of service endpoints. ServiceEndpointPropertiesFormat[]

SubResource

Name Description Value
id Resource ID. string

VirtualNetworkTap

Name Description Value
id Resource ID. string
location Resource location. string
properties Virtual Network Tap Properties. VirtualNetworkTapPropertiesFormat
tags Resource tags. ResourceTags

VirtualNetworkTapPropertiesFormat

Name Description Value
destinationLoadBalancerFrontEndIPConfiguration The reference to the private IP address on the internal Load Balancer that will receive the tap. FrontendIPConfiguration
destinationNetworkInterfaceIPConfiguration The reference to the private IP Address of the collector nic that will receive the tap. NetworkInterfaceIPConfiguration
destinationPort The VXLAN destination port that will receive the tapped traffic. int