共用方式為


Microsoft.Network virtualnetworks/subnets 2015-06-15

Remarks

For guidance on creating virtual networks and subnets, see Create virtual network resources by using Bicep.

Bicep resource definition

The virtualnetworks/subnets resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualnetworks/subnets resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/virtualnetworks/subnets@2015-06-15' = {
  etag: 'string'
  name: 'string'
  properties: {
    addressPrefix: 'string'
    ipConfigurations: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          privateIPAddress: 'string'
          privateIPAllocationMethod: 'string'
          provisioningState: 'string'
          publicIPAddress: {
            etag: 'string'
            id: 'string'
            location: 'string'
            properties: {
              dnsSettings: {
                domainNameLabel: 'string'
                fqdn: 'string'
                reverseFqdn: 'string'
              }
              idleTimeoutInMinutes: int
              ipAddress: 'string'
              ipConfiguration: ...
              provisioningState: 'string'
              publicIPAllocationMethod: 'string'
              resourceGuid: 'string'
            }
            tags: {
              {customized property}: 'string'
            }
          }
          subnet: {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: ...
          }
        }
      }
    ]
    networkSecurityGroup: {
      etag: 'string'
      id: 'string'
      location: 'string'
      properties: {
        defaultSecurityRules: [
          {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: {
              access: 'string'
              description: 'string'
              destinationAddressPrefix: 'string'
              destinationPortRange: 'string'
              direction: 'string'
              priority: int
              protocol: 'string'
              provisioningState: 'string'
              sourceAddressPrefix: 'string'
              sourcePortRange: 'string'
            }
          }
        ]
        networkInterfaces: [
          {
            etag: 'string'
            id: 'string'
            location: 'string'
            properties: {
              dnsSettings: {
                appliedDnsServers: [
                  'string'
                ]
                dnsServers: [
                  'string'
                ]
                internalDnsNameLabel: 'string'
                internalFqdn: 'string'
              }
              enableIPForwarding: bool
              ipConfigurations: [
                {
                  etag: 'string'
                  id: 'string'
                  name: 'string'
                  properties: {
                    loadBalancerBackendAddressPools: [
                      {
                        etag: 'string'
                        id: 'string'
                        name: 'string'
                        properties: {
                          backendIPConfigurations: [
                            ...
                          ]
                          outboundNatRule: {
                            id: 'string'
                          }
                          provisioningState: 'string'
                        }
                      }
                    ]
                    loadBalancerInboundNatRules: [
                      {
                        etag: 'string'
                        id: 'string'
                        name: 'string'
                        properties: {
                          backendIPConfiguration: ...
                          backendPort: int
                          enableFloatingIP: bool
                          frontendIPConfiguration: {
                            id: 'string'
                          }
                          frontendPort: int
                          idleTimeoutInMinutes: int
                          protocol: 'string'
                          provisioningState: 'string'
                        }
                      }
                    ]
                    primary: bool
                    privateIPAddress: 'string'
                    privateIPAllocationMethod: 'string'
                    provisioningState: 'string'
                    publicIPAddress: {
                      etag: 'string'
                      id: 'string'
                      location: 'string'
                      properties: {
                        dnsSettings: {
                          domainNameLabel: 'string'
                          fqdn: 'string'
                          reverseFqdn: 'string'
                        }
                        idleTimeoutInMinutes: int
                        ipAddress: 'string'
                        ipConfiguration: {
                          etag: 'string'
                          id: 'string'
                          name: 'string'
                          properties: {
                            privateIPAddress: 'string'
                            privateIPAllocationMethod: 'string'
                            provisioningState: 'string'
                            publicIPAddress: ...
                            subnet: {
                              etag: 'string'
                              id: 'string'
                              name: 'string'
                              properties: ...
                            }
                          }
                        }
                        provisioningState: 'string'
                        publicIPAllocationMethod: 'string'
                        resourceGuid: 'string'
                      }
                      tags: {
                        {customized property}: 'string'
                      }
                    }
                    subnet: {
                      etag: 'string'
                      id: 'string'
                      name: 'string'
                      properties: ...
                    }
                  }
                }
              ]
              macAddress: 'string'
              networkSecurityGroup: ...
              primary: bool
              provisioningState: 'string'
              resourceGuid: 'string'
              virtualMachine: {
                id: 'string'
              }
            }
            tags: {
              {customized property}: 'string'
            }
          }
        ]
        provisioningState: 'string'
        resourceGuid: 'string'
        securityRules: [
          {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: {
              access: 'string'
              description: 'string'
              destinationAddressPrefix: 'string'
              destinationPortRange: 'string'
              direction: 'string'
              priority: int
              protocol: 'string'
              provisioningState: 'string'
              sourceAddressPrefix: 'string'
              sourcePortRange: 'string'
            }
          }
        ]
        subnets: [
          {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: ...
          }
        ]
      }
      tags: {
        {customized property}: 'string'
      }
    }
    provisioningState: 'string'
    routeTable: {
      etag: 'string'
      id: 'string'
      location: 'string'
      properties: {
        provisioningState: 'string'
        routes: [
          {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: {
              addressPrefix: 'string'
              nextHopIpAddress: 'string'
              nextHopType: 'string'
              provisioningState: 'string'
            }
          }
        ]
        subnets: [
          {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: ...
          }
        ]
      }
      tags: {
        {customized property}: 'string'
      }
    }
  }
}

Property values

BackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the backend address pool. BackendAddressPoolPropertiesFormat

BackendAddressPoolPropertiesFormat

Name Description Value
backendIPConfigurations Gets collection of references to IP addresses defined in network interfaces. NetworkInterfaceIPConfiguration[]
outboundNatRule Gets outbound rules that use this backend address pool. SubResource
provisioningState Get provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string

InboundNatRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the inbound NAT rule. InboundNatRulePropertiesFormat

InboundNatRulePropertiesFormat

Name Description Value
backendIPConfiguration A reference to a private IP address defined on a network interface of a VM. Traffic sent to the frontend port of each of the frontend IP configurations is forwarded to the backed IP. NetworkInterfaceIPConfiguration
backendPort The port used for the internal endpoint. Acceptable values range from 1 to 65535. int
enableFloatingIP Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. bool
frontendIPConfiguration A reference to frontend IP addresses. SubResource
frontendPort The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. int
idleTimeoutInMinutes The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. int
protocol The transport protocol for the endpoint. Possible values are: 'Udp' or 'Tcp' 'Tcp'
'Udp'
provisioningState Gets the provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string

IPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of IP configuration. IPConfigurationPropertiesFormat

IPConfigurationPropertiesFormat

Name Description Value
privateIPAddress The private IP address of the IP configuration. string
privateIPAllocationMethod The private IP allocation method. Possible values are 'Static' and 'Dynamic'. 'Dynamic'
'Static'
provisioningState Gets the provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
publicIPAddress The reference of the public IP resource. PublicIPAddress
subnet The reference of the subnet resource. Subnet

Microsoft.Network/virtualnetworks/subnets

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: virtualnetworks
properties SubnetPropertiesFormat

NetworkInterface

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
location Resource location. string
properties NetworkInterface properties. NetworkInterfacePropertiesFormat
tags Resource tags. ResourceTags

NetworkInterfaceDnsSettings

Name Description Value
appliedDnsServers If the VM that uses this NIC is part of an Availability Set, then this list will have the union of all DNS servers from all NICs that are part of the Availability Set. This property is what is configured on each of those VMs. string[]
dnsServers List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection. string[]
internalDnsNameLabel Relative DNS name for this NIC used for internal communications between VMs in the same virtual network. string
internalFqdn Fully qualified DNS name supporting internal communications between VMs in the same virtual network. string

NetworkInterfaceIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of IP configuration. NetworkInterfaceIPConfigurationPropertiesFormat

NetworkInterfaceIPConfigurationPropertiesFormat

Name Description Value
loadBalancerBackendAddressPools The reference of LoadBalancerBackendAddressPool resource. BackendAddressPool[]
loadBalancerInboundNatRules A list of references of LoadBalancerInboundNatRules. InboundNatRule[]
primary Gets whether this is a primary customer address on the network interface. bool
privateIPAddress string
privateIPAllocationMethod Defines how a private IP address is assigned. Possible values are: 'Static' and 'Dynamic'. 'Dynamic'
'Static'
provisioningState string
publicIPAddress Public IP address resource. PublicIPAddress
subnet Subnet in a virtual network resource. Subnet

NetworkInterfacePropertiesFormat

Name Description Value
dnsSettings The DNS settings in network interface. NetworkInterfaceDnsSettings
enableIPForwarding Indicates whether IP forwarding is enabled on this network interface. bool
ipConfigurations A list of IPConfigurations of the network interface. NetworkInterfaceIPConfiguration[]
macAddress The MAC address of the network interface. string
networkSecurityGroup The reference of the NetworkSecurityGroup resource. NetworkSecurityGroup
primary Gets whether this is a primary network interface on a virtual machine. bool
provisioningState The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
resourceGuid The resource GUID property of the network interface resource. string
virtualMachine The reference of a virtual machine. SubResource

NetworkSecurityGroup

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
location Resource location. string
properties Network Security Group resource. NetworkSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

NetworkSecurityGroupPropertiesFormat

Name Description Value
defaultSecurityRules The default security rules of network security group. SecurityRule[]
networkInterfaces A collection of references to network interfaces. NetworkInterface[]
provisioningState The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
resourceGuid The resource GUID property of the network security group resource. string
securityRules A collection of security rules of the network security group. SecurityRule[]
subnets A collection of references to subnets. Subnet[]

PublicIPAddress

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
location Resource location. string
properties Public IP address properties. PublicIPAddressPropertiesFormat
tags Resource tags. ResourceTags

PublicIPAddressDnsSettings

Name Description Value
domainNameLabel Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. string
fqdn Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. string
reverseFqdn Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. string

PublicIPAddressPropertiesFormat

Name Description Value
dnsSettings The FQDN of the DNS record associated with the public IP address. PublicIPAddressDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipAddress string
ipConfiguration IPConfiguration IPConfiguration
provisioningState The provisioning state of the PublicIP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
publicIPAllocationMethod The public IP allocation method. Possible values are: 'Static' and 'Dynamic'. 'Dynamic'
'Static'
resourceGuid The resource GUID property of the public IP resource. string

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

Route

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Route resource RoutePropertiesFormat

RoutePropertiesFormat

Name Description Value
addressPrefix The destination CIDR to which the route applies. string
nextHopIpAddress The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType The type of Azure hop the packet should be sent to. Possible values are: 'VirtualNetworkGateway', 'VnetLocal', 'Internet', 'VirtualAppliance', and 'None' 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)
provisioningState The provisioning state of the resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string

RouteTable

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
location Resource location. string
properties Route Table resource RouteTablePropertiesFormat
tags Resource tags. ResourceTags

RouteTablePropertiesFormat

Name Description Value
provisioningState The provisioning state of the resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
routes Collection of routes contained within a route table. Route[]
subnets A collection of references to subnets. Subnet[]

SecurityRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. Possible values are: 'Allow' and 'Deny'. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string (required)
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are: 'Inbound' and 'Outbound'. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Network protocol this rule applies to. Possible values are 'Tcp', 'Udp', and '*'. '*'
'Tcp'
'Udp' (required)
provisioningState The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string (required)
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string

Subnet

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties SubnetPropertiesFormat

SubnetPropertiesFormat

Name Description Value
addressPrefix The address prefix for the subnet. string
ipConfigurations Gets an array of references to the network interface IP configurations using subnet. IPConfiguration[]
networkSecurityGroup The reference of the NetworkSecurityGroup resource. NetworkSecurityGroup
provisioningState The provisioning state of the resource. string
routeTable The reference of the RouteTable resource. RouteTable

SubResource

Name Description Value
id Resource Identifier. string

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Add a subnet to an existing VNET This template allows you to add a subnet to an existing VNET. Deploy into the resource group of the existing VNET
Azure Bastion as a Service This template provisions Azure Bastion in a Virtual Network
Azure Bastion as a Service with NSG This template provisions Azure Bastion in a Virtual Network
Azure Batch pool without public IP addresses This template creates Azure Batch simplified node communication pool without public IP addresses.
Azure Cloud Shell - VNet This template deploys Azure Cloud Shell resources into an Azure virtual network.
Azure Container Instances - VNet Deploy a container instance into an Azure virtual network.
Azure Game Developer Virtual Machine Scale Set Azure Game Developer Virtual Machine Scale Set includes Licencsed Engines like Unreal.
Azure Machine Learning end-to-end secure setup This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy) This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Create a cross-region load balancer This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region.
Create a Route Server in a New Subnet This template deploys a Route Server into a subnet named RouteServerSubnet.
Create a standard internal load balancer This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80
Create a standard load-balancer This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone.
Create AKS with Prometheus and Grafana with privae link This will create an Azure grafana, AKS and install Prometheus, an open-source monitoring and alerting toolkit, on an Azure Kubernetes Service (AKS) cluster. Then you use Azure Managed Grafana's managed private endpoint to connect to this Prometheus server and display the Prometheus data in a Grafana dashboard
Create an AppServicePlan and App in an ASEv3 Create an AppServicePlan and App in an ASEv3
Create an Azure Firewall with multiple IP public addresses This template creates an Azure Firewall with two public IP addresses and two Windows Server 2019 servers to test.
Create an Azure Machine Learning service workspace (legacy) This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Machine Learning service workspace (vnet) This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create sandbox of Azure Firewall, client VM, and server VM This template creates a virtual network with 2 subnets (server subnet and AzureFirewall subnet), A server VM, a client VM, a public IP address for each VM, and a route table to send traffic between VMs through the firewall.
Creates a Cross-tenant Private Endpoint resource This template allows you to create Priavate Endpoint resource within the same or cross-tenant environment and add dns zone configuration.
Creates AVD with Microsoft Entra ID Join This template allows you to create Azure Virtual Desktop resources such as host pool, application group, workspace, a test session host and its extensions with Microsoft Entra ID join
Deploy a simple Windows VM with tags This template will deploy a D2_v3 Windows VM, NIC, Storage Account, Virtual Network, Public IP Address, and Network Security Group. The tag object is created in the variables and will be applied on all resources, where applicable.
Deploy Azure Database for MySQL with VNet This template provides a way to deploy an Azure database for MySQL with VNet integration.
Deploy Azure Database for PostgreSQL (flexible) with VNet This template provides a way to deploy a Flexible server Azure database for PostgreSQL with VNet integration.
Deploy Azure Database for PostgreSQL with VNet This template provides a way to deploy an Azure database for PostgreSQL with VNet integration.
Deploy Azure Database Migration Service (DMS) Azure Database Migration Service is a fully managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime (online migrations).
Deploy MySQL Flexible Server with Private Endpoint This template provides a way to deploy a Azure Database for MySQL Flexible Server with Private Endpoint.
Deploy MySQL Flexible Server with Vnet Integration This template provides a way to deploy a Azure database for MySQL Flexible Server with VNet Integration.
GitLab Omnibus This template simplifies the deployment of GitLab Omnibus on a Virtual Machine with a public DNS, leveraging the public IP's DNS. It utilizes the Standard_F8s_v2 instance size, which aligns with reference architecture and supports up to 1000 users (20 RPS). The instance is pre-configured to use HTTPS with a Let's Encrypt certificate for secure connections.
Private Endpoint example This template shows how to create a private endpoint pointing to Azure SQL Server
Secured virtual hubs This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet.
SharePoint Subscription / 2019 / 2016 fully configured Create a DC, a SQL Server 2022, and from 1 to 5 server(s) hosting a SharePoint Subscription / 2019 / 2016 farm with an extensive configuration, including trusted authentication, user profiles with personal sites, an OAuth trust (using a certificate), a dedicated IIS site for hosting high-trust add-ins, etc... The latest version of key softwares (including Fiddler, vscode, np++, 7zip, ULS Viewer) is installed. SharePoint machines have additional fine-tuning to make them immediately usable (remote administration tools, custom policies for Edge and Chrome, shortcuts, etc...).
Virtual Network NAT with VM Deploy a NAT gateway and virtual machine

ARM template resource definition

The virtualnetworks/subnets resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualnetworks/subnets resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/virtualnetworks/subnets",
  "apiVersion": "2015-06-15",
  "name": "string",
  "etag": "string",
  "properties": {
    "addressPrefix": "string",
    "ipConfigurations": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "privateIPAddress": "string",
          "privateIPAllocationMethod": "string",
          "provisioningState": "string",
          "publicIPAddress": {
            "etag": "string",
            "id": "string",
            "location": "string",
            "properties": {
              "dnsSettings": {
                "domainNameLabel": "string",
                "fqdn": "string",
                "reverseFqdn": "string"
              },
              "idleTimeoutInMinutes": "int",
              "ipAddress": "string",
              "ipConfiguration": ...,
              "provisioningState": "string",
              "publicIPAllocationMethod": "string",
              "resourceGuid": "string"
            },
            "tags": {
              "{customized property}": "string"
            }
          },
          "subnet": {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": ...
          }
        }
      }
    ],
    "networkSecurityGroup": {
      "etag": "string",
      "id": "string",
      "location": "string",
      "properties": {
        "defaultSecurityRules": [
          {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": {
              "access": "string",
              "description": "string",
              "destinationAddressPrefix": "string",
              "destinationPortRange": "string",
              "direction": "string",
              "priority": "int",
              "protocol": "string",
              "provisioningState": "string",
              "sourceAddressPrefix": "string",
              "sourcePortRange": "string"
            }
          }
        ],
        "networkInterfaces": [
          {
            "etag": "string",
            "id": "string",
            "location": "string",
            "properties": {
              "dnsSettings": {
                "appliedDnsServers": [ "string" ],
                "dnsServers": [ "string" ],
                "internalDnsNameLabel": "string",
                "internalFqdn": "string"
              },
              "enableIPForwarding": "bool",
              "ipConfigurations": [
                {
                  "etag": "string",
                  "id": "string",
                  "name": "string",
                  "properties": {
                    "loadBalancerBackendAddressPools": [
                      {
                        "etag": "string",
                        "id": "string",
                        "name": "string",
                        "properties": {
                          "backendIPConfigurations": [
                            ...
                          ],
                          "outboundNatRule": {
                            "id": "string"
                          },
                          "provisioningState": "string"
                        }
                      }
                    ],
                    "loadBalancerInboundNatRules": [
                      {
                        "etag": "string",
                        "id": "string",
                        "name": "string",
                        "properties": {
                          "backendIPConfiguration": ...,
                          "backendPort": "int",
                          "enableFloatingIP": "bool",
                          "frontendIPConfiguration": {
                            "id": "string"
                          },
                          "frontendPort": "int",
                          "idleTimeoutInMinutes": "int",
                          "protocol": "string",
                          "provisioningState": "string"
                        }
                      }
                    ],
                    "primary": "bool",
                    "privateIPAddress": "string",
                    "privateIPAllocationMethod": "string",
                    "provisioningState": "string",
                    "publicIPAddress": {
                      "etag": "string",
                      "id": "string",
                      "location": "string",
                      "properties": {
                        "dnsSettings": {
                          "domainNameLabel": "string",
                          "fqdn": "string",
                          "reverseFqdn": "string"
                        },
                        "idleTimeoutInMinutes": "int",
                        "ipAddress": "string",
                        "ipConfiguration": {
                          "etag": "string",
                          "id": "string",
                          "name": "string",
                          "properties": {
                            "privateIPAddress": "string",
                            "privateIPAllocationMethod": "string",
                            "provisioningState": "string",
                            "publicIPAddress": ...,
                            "subnet": {
                              "etag": "string",
                              "id": "string",
                              "name": "string",
                              "properties": ...
                            }
                          }
                        },
                        "provisioningState": "string",
                        "publicIPAllocationMethod": "string",
                        "resourceGuid": "string"
                      },
                      "tags": {
                        "{customized property}": "string"
                      }
                    },
                    "subnet": {
                      "etag": "string",
                      "id": "string",
                      "name": "string",
                      "properties": ...
                    }
                  }
                }
              ],
              "macAddress": "string",
              "networkSecurityGroup": ...,
              "primary": "bool",
              "provisioningState": "string",
              "resourceGuid": "string",
              "virtualMachine": {
                "id": "string"
              }
            },
            "tags": {
              "{customized property}": "string"
            }
          }
        ],
        "provisioningState": "string",
        "resourceGuid": "string",
        "securityRules": [
          {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": {
              "access": "string",
              "description": "string",
              "destinationAddressPrefix": "string",
              "destinationPortRange": "string",
              "direction": "string",
              "priority": "int",
              "protocol": "string",
              "provisioningState": "string",
              "sourceAddressPrefix": "string",
              "sourcePortRange": "string"
            }
          }
        ],
        "subnets": [
          {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": ...
          }
        ]
      },
      "tags": {
        "{customized property}": "string"
      }
    },
    "provisioningState": "string",
    "routeTable": {
      "etag": "string",
      "id": "string",
      "location": "string",
      "properties": {
        "provisioningState": "string",
        "routes": [
          {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": {
              "addressPrefix": "string",
              "nextHopIpAddress": "string",
              "nextHopType": "string",
              "provisioningState": "string"
            }
          }
        ],
        "subnets": [
          {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": ...
          }
        ]
      },
      "tags": {
        "{customized property}": "string"
      }
    }
  }
}

Property values

BackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the backend address pool. BackendAddressPoolPropertiesFormat

BackendAddressPoolPropertiesFormat

Name Description Value
backendIPConfigurations Gets collection of references to IP addresses defined in network interfaces. NetworkInterfaceIPConfiguration[]
outboundNatRule Gets outbound rules that use this backend address pool. SubResource
provisioningState Get provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string

InboundNatRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the inbound NAT rule. InboundNatRulePropertiesFormat

InboundNatRulePropertiesFormat

Name Description Value
backendIPConfiguration A reference to a private IP address defined on a network interface of a VM. Traffic sent to the frontend port of each of the frontend IP configurations is forwarded to the backed IP. NetworkInterfaceIPConfiguration
backendPort The port used for the internal endpoint. Acceptable values range from 1 to 65535. int
enableFloatingIP Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. bool
frontendIPConfiguration A reference to frontend IP addresses. SubResource
frontendPort The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. int
idleTimeoutInMinutes The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. int
protocol The transport protocol for the endpoint. Possible values are: 'Udp' or 'Tcp' 'Tcp'
'Udp'
provisioningState Gets the provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string

IPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of IP configuration. IPConfigurationPropertiesFormat

IPConfigurationPropertiesFormat

Name Description Value
privateIPAddress The private IP address of the IP configuration. string
privateIPAllocationMethod The private IP allocation method. Possible values are 'Static' and 'Dynamic'. 'Dynamic'
'Static'
provisioningState Gets the provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
publicIPAddress The reference of the public IP resource. PublicIPAddress
subnet The reference of the subnet resource. Subnet

Microsoft.Network/virtualnetworks/subnets

Name Description Value
apiVersion The api version '2015-06-15'
etag A unique read-only string that changes whenever the resource is updated. string
name The resource name string (required)
properties SubnetPropertiesFormat
type The resource type 'Microsoft.Network/virtualnetworks/subnets'

NetworkInterface

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
location Resource location. string
properties NetworkInterface properties. NetworkInterfacePropertiesFormat
tags Resource tags. ResourceTags

NetworkInterfaceDnsSettings

Name Description Value
appliedDnsServers If the VM that uses this NIC is part of an Availability Set, then this list will have the union of all DNS servers from all NICs that are part of the Availability Set. This property is what is configured on each of those VMs. string[]
dnsServers List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection. string[]
internalDnsNameLabel Relative DNS name for this NIC used for internal communications between VMs in the same virtual network. string
internalFqdn Fully qualified DNS name supporting internal communications between VMs in the same virtual network. string

NetworkInterfaceIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of IP configuration. NetworkInterfaceIPConfigurationPropertiesFormat

NetworkInterfaceIPConfigurationPropertiesFormat

Name Description Value
loadBalancerBackendAddressPools The reference of LoadBalancerBackendAddressPool resource. BackendAddressPool[]
loadBalancerInboundNatRules A list of references of LoadBalancerInboundNatRules. InboundNatRule[]
primary Gets whether this is a primary customer address on the network interface. bool
privateIPAddress string
privateIPAllocationMethod Defines how a private IP address is assigned. Possible values are: 'Static' and 'Dynamic'. 'Dynamic'
'Static'
provisioningState string
publicIPAddress Public IP address resource. PublicIPAddress
subnet Subnet in a virtual network resource. Subnet

NetworkInterfacePropertiesFormat

Name Description Value
dnsSettings The DNS settings in network interface. NetworkInterfaceDnsSettings
enableIPForwarding Indicates whether IP forwarding is enabled on this network interface. bool
ipConfigurations A list of IPConfigurations of the network interface. NetworkInterfaceIPConfiguration[]
macAddress The MAC address of the network interface. string
networkSecurityGroup The reference of the NetworkSecurityGroup resource. NetworkSecurityGroup
primary Gets whether this is a primary network interface on a virtual machine. bool
provisioningState The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
resourceGuid The resource GUID property of the network interface resource. string
virtualMachine The reference of a virtual machine. SubResource

NetworkSecurityGroup

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
location Resource location. string
properties Network Security Group resource. NetworkSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

NetworkSecurityGroupPropertiesFormat

Name Description Value
defaultSecurityRules The default security rules of network security group. SecurityRule[]
networkInterfaces A collection of references to network interfaces. NetworkInterface[]
provisioningState The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
resourceGuid The resource GUID property of the network security group resource. string
securityRules A collection of security rules of the network security group. SecurityRule[]
subnets A collection of references to subnets. Subnet[]

PublicIPAddress

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
location Resource location. string
properties Public IP address properties. PublicIPAddressPropertiesFormat
tags Resource tags. ResourceTags

PublicIPAddressDnsSettings

Name Description Value
domainNameLabel Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. string
fqdn Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. string
reverseFqdn Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. string

PublicIPAddressPropertiesFormat

Name Description Value
dnsSettings The FQDN of the DNS record associated with the public IP address. PublicIPAddressDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipAddress string
ipConfiguration IPConfiguration IPConfiguration
provisioningState The provisioning state of the PublicIP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
publicIPAllocationMethod The public IP allocation method. Possible values are: 'Static' and 'Dynamic'. 'Dynamic'
'Static'
resourceGuid The resource GUID property of the public IP resource. string

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

Route

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Route resource RoutePropertiesFormat

RoutePropertiesFormat

Name Description Value
addressPrefix The destination CIDR to which the route applies. string
nextHopIpAddress The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType The type of Azure hop the packet should be sent to. Possible values are: 'VirtualNetworkGateway', 'VnetLocal', 'Internet', 'VirtualAppliance', and 'None' 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)
provisioningState The provisioning state of the resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string

RouteTable

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
location Resource location. string
properties Route Table resource RouteTablePropertiesFormat
tags Resource tags. ResourceTags

RouteTablePropertiesFormat

Name Description Value
provisioningState The provisioning state of the resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
routes Collection of routes contained within a route table. Route[]
subnets A collection of references to subnets. Subnet[]

SecurityRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. Possible values are: 'Allow' and 'Deny'. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string (required)
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are: 'Inbound' and 'Outbound'. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Network protocol this rule applies to. Possible values are 'Tcp', 'Udp', and '*'. '*'
'Tcp'
'Udp' (required)
provisioningState The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string (required)
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string

Subnet

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties SubnetPropertiesFormat

SubnetPropertiesFormat

Name Description Value
addressPrefix The address prefix for the subnet. string
ipConfigurations Gets an array of references to the network interface IP configurations using subnet. IPConfiguration[]
networkSecurityGroup The reference of the NetworkSecurityGroup resource. NetworkSecurityGroup
provisioningState The provisioning state of the resource. string
routeTable The reference of the RouteTable resource. RouteTable

SubResource

Name Description Value
id Resource Identifier. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Add a subnet to an existing VNET

Deploy to Azure
This template allows you to add a subnet to an existing VNET. Deploy into the resource group of the existing VNET
Add an NSG with Redis security rules to an existing subnet

Deploy to Azure
This template allows you to add an NSG with preconfigured Azure Redis Cache security rules to an existing subnet within a VNET. Deploy into the resource group of the existing VNET.
App Service Environment with Azure SQL backend

Deploy to Azure
This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment.
Azure Bastion as a Service

Deploy to Azure
This template provisions Azure Bastion in a Virtual Network
Azure Bastion as a Service with NSG

Deploy to Azure
This template provisions Azure Bastion in a Virtual Network
Azure Batch pool without public IP addresses

Deploy to Azure
This template creates Azure Batch simplified node communication pool without public IP addresses.
Azure Cloud Shell - VNet

Deploy to Azure
This template deploys Azure Cloud Shell resources into an Azure virtual network.
Azure Container Instances - VNet

Deploy to Azure
Deploy a container instance into an Azure virtual network.
Azure Game Developer Virtual Machine Scale Set

Deploy to Azure
Azure Game Developer Virtual Machine Scale Set includes Licencsed Engines like Unreal.
Azure Machine Learning end-to-end secure setup

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy)

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Create a cross-region load balancer

Deploy to Azure
This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region.
Create a Route Server in a New Subnet

Deploy to Azure
This template deploys a Route Server into a subnet named RouteServerSubnet.
Create a standard internal load balancer

Deploy to Azure
This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80
Create a standard load-balancer

Deploy to Azure
This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone.
Create AKS with Prometheus and Grafana with privae link

Deploy to Azure
This will create an Azure grafana, AKS and install Prometheus, an open-source monitoring and alerting toolkit, on an Azure Kubernetes Service (AKS) cluster. Then you use Azure Managed Grafana's managed private endpoint to connect to this Prometheus server and display the Prometheus data in a Grafana dashboard
Create an AppServicePlan and App in an ASEv3

Deploy to Azure
Create an AppServicePlan and App in an ASEv3
Create an Azure Firewall with multiple IP public addresses

Deploy to Azure
This template creates an Azure Firewall with two public IP addresses and two Windows Server 2019 servers to test.
Create an Azure Machine Learning service workspace (legacy)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Machine Learning service workspace (vnet)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Payment HSM

Deploy to Azure
This template creates an Azure Payment HSM, to provide cryptographic key operations for real-time, critical payment transactions in the Azure cloud.
Create new ANF resource with SMB volume

Deploy to Azure
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol.
Create sandbox of Azure Firewall, client VM, and server VM

Deploy to Azure
This template creates a virtual network with 2 subnets (server subnet and AzureFirewall subnet), A server VM, a client VM, a public IP address for each VM, and a route table to send traffic between VMs through the firewall.
Creates a Cross-tenant Private Endpoint resource

Deploy to Azure
This template allows you to create Priavate Endpoint resource within the same or cross-tenant environment and add dns zone configuration.
Creates AVD with Microsoft Entra ID Join

Deploy to Azure
This template allows you to create Azure Virtual Desktop resources such as host pool, application group, workspace, a test session host and its extensions with Microsoft Entra ID join
Deploy a Hub and Spoke topology sandbox

Deploy to Azure
This template creates a basic hub-and-spoke topology setup. It creates a Hub VNet with subnets DMZ, Management, Shared and Gateway (optionally), with two Spoke VNets (development and production) containing a workload subnet each. It also deploys a Windows Jump-Host on the Management subnet of the HUB, and establishes VNet peerings between the Hub and the two spokes.
Deploy a simple Windows VM with tags

Deploy to Azure
This template will deploy a D2_v3 Windows VM, NIC, Storage Account, Virtual Network, Public IP Address, and Network Security Group. The tag object is created in the variables and will be applied on all resources, where applicable.
Deploy Azure Database for MySQL with VNet

Deploy to Azure
This template provides a way to deploy an Azure database for MySQL with VNet integration.
Deploy Azure Database for PostgreSQL (flexible) with VNet

Deploy to Azure
This template provides a way to deploy a Flexible server Azure database for PostgreSQL with VNet integration.
Deploy Azure Database for PostgreSQL with VNet

Deploy to Azure
This template provides a way to deploy an Azure database for PostgreSQL with VNet integration.
Deploy Azure Database Migration Service (DMS)

Deploy to Azure
Azure Database Migration Service is a fully managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime (online migrations).
Deploy Darktrace Autoscaling vSensors

Deploy to Azure
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors
Deploy MySQL Flexible Server with Private Endpoint

Deploy to Azure
This template provides a way to deploy a Azure Database for MySQL Flexible Server with Private Endpoint.
Deploy MySQL Flexible Server with Vnet Integration

Deploy to Azure
This template provides a way to deploy a Azure database for MySQL Flexible Server with VNet Integration.
eShop Website with ILB ASE

Deploy to Azure
An App Service Environment is a Premium service plan option of Azure App Service that provides a fully isolated and dedicated environment for securely running Azure App Service apps at high scale, including Web Apps, Mobile Apps, and API Apps.
GitLab Omnibus

Deploy to Azure
This template simplifies the deployment of GitLab Omnibus on a Virtual Machine with a public DNS, leveraging the public IP's DNS. It utilizes the Standard_F8s_v2 instance size, which aligns with reference architecture and supports up to 1000 users (20 RPS). The instance is pre-configured to use HTTPS with a Let's Encrypt certificate for secure connections.
GPU Vm with OBS-Studio, Skype, MS-Teams for event streaming

Deploy to Azure
This template creates a GPU Vm with OBS-Studio, Skype, MS-Teams for event streaming. It creates the VM in a new vnet, storage account, nic, and public ip with the new compute stack. All installation process based on Chocolately package manager
JMeter environment for Elasticsearch

Deploy to Azure
This template will deploy a JMeter environment into an existing virtual network. One master node and multiple subordinate nodes are deployed into a new jmeter subnet. This template works in conjunction with the Elasticsearch quickstart template.
Multi-client VNS3 network appliance

Deploy to Azure
VNS3 is a software only virtual appliance that provides the combined features and functions of a Security Appliance, Application Delivery Controller and Unified Threat Management device at the cloud application edge. Key benefits, On top of cloud networking, Always on end to end encryption, Federate data centres, cloud regions, cloud providers, and/or containers, creating one unified address space, Attestable control over encryption keys, Meshed network manageable at scale, Reliable HA in the Cloud, Isolate sensitive applications (fast low cost Network Segmentation), Segmentation within applications, Analysis of all data in motion in the cloud. Key network functions; virtual router, switch, firewall, vpn concentrator, multicast distributor, with plugins for WAF, NIDS, Caching, Proxy Load Balancers and other Layer 4 thru 7 network functions, VNS3 doesn't require new knowledge or training to implement, so you can integrate with existing network equipment.
Private Endpoint example

Deploy to Azure
This template shows how to create a private endpoint pointing to Azure SQL Server
Secured virtual hubs

Deploy to Azure
This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet.
SharePoint Subscription / 2019 / 2016 fully configured

Deploy to Azure
Create a DC, a SQL Server 2022, and from 1 to 5 server(s) hosting a SharePoint Subscription / 2019 / 2016 farm with an extensive configuration, including trusted authentication, user profiles with personal sites, an OAuth trust (using a certificate), a dedicated IIS site for hosting high-trust add-ins, etc... The latest version of key softwares (including Fiddler, vscode, np++, 7zip, ULS Viewer) is installed. SharePoint machines have additional fine-tuning to make them immediately usable (remote administration tools, custom policies for Edge and Chrome, shortcuts, etc...).
Standard Load Balancer with Backend Pool by IP Addresses

Deploy to Azure
This template is used to demonstrate how ARM Templates can be used to configure the Backend Pool of a Load Balancer by IP Address as outlined in the Backend Pool management document.
Virtual Network NAT with VM

Deploy to Azure
Deploy a NAT gateway and virtual machine
VNS3 network appliance for cloud connectivity and security

Deploy to Azure
VNS3 is a software only virtual appliance that provides the combined features and functions of a security appliance, application delivery controller and unified threat management device at the cloud application edge. Key benefits, on top of cloud networking, always on end to end encryption, federate data centres, cloud regions, cloud providers, and/or containers, creating one unified address space, attestable control over encryption keys, meshed network manageable at scale, reliable HA in the cloud, isolate sensitive applications (fast low cost Network Segmentation), segmentation within applications, Analysis of all data in motion in the cloud. Key network functions; virtual router, switch, firewall, vpn concentrator, multicast distributor, with plugins for WAF, NIDS, caching, proxy, load balancers and other layer 4 thru 7 network functions, VNS3 doesn't require new knowledge or training to implement, so you can integrate with existing network equipment.
Web App with Private Endpoint

Deploy to Azure
This template allows you to create a Web App and expose it through Private Endpoint

Terraform (AzAPI provider) resource definition

The virtualnetworks/subnets resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualnetworks/subnets resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/virtualnetworks/subnets@2015-06-15"
  name = "string"
  etag = "string"
  body = jsonencode({
    properties = {
      addressPrefix = "string"
      ipConfigurations = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            privateIPAddress = "string"
            privateIPAllocationMethod = "string"
            provisioningState = "string"
            publicIPAddress = {
              etag = "string"
              id = "string"
              location = "string"
              properties = {
                dnsSettings = {
                  domainNameLabel = "string"
                  fqdn = "string"
                  reverseFqdn = "string"
                }
                idleTimeoutInMinutes = int
                ipAddress = "string"
                ipConfiguration = ...
                provisioningState = "string"
                publicIPAllocationMethod = "string"
                resourceGuid = "string"
              }
              tags = {
                {customized property} = "string"
              }
            }
            subnet = {
              etag = "string"
              id = "string"
              name = "string"
              properties = ...
            }
          }
        }
      ]
      networkSecurityGroup = {
        etag = "string"
        id = "string"
        location = "string"
        properties = {
          defaultSecurityRules = [
            {
              etag = "string"
              id = "string"
              name = "string"
              properties = {
                access = "string"
                description = "string"
                destinationAddressPrefix = "string"
                destinationPortRange = "string"
                direction = "string"
                priority = int
                protocol = "string"
                provisioningState = "string"
                sourceAddressPrefix = "string"
                sourcePortRange = "string"
              }
            }
          ]
          networkInterfaces = [
            {
              etag = "string"
              id = "string"
              location = "string"
              properties = {
                dnsSettings = {
                  appliedDnsServers = [
                    "string"
                  ]
                  dnsServers = [
                    "string"
                  ]
                  internalDnsNameLabel = "string"
                  internalFqdn = "string"
                }
                enableIPForwarding = bool
                ipConfigurations = [
                  {
                    etag = "string"
                    id = "string"
                    name = "string"
                    properties = {
                      loadBalancerBackendAddressPools = [
                        {
                          etag = "string"
                          id = "string"
                          name = "string"
                          properties = {
                            backendIPConfigurations = [
                              ...
                            ]
                            outboundNatRule = {
                              id = "string"
                            }
                            provisioningState = "string"
                          }
                        }
                      ]
                      loadBalancerInboundNatRules = [
                        {
                          etag = "string"
                          id = "string"
                          name = "string"
                          properties = {
                            backendIPConfiguration = ...
                            backendPort = int
                            enableFloatingIP = bool
                            frontendIPConfiguration = {
                              id = "string"
                            }
                            frontendPort = int
                            idleTimeoutInMinutes = int
                            protocol = "string"
                            provisioningState = "string"
                          }
                        }
                      ]
                      primary = bool
                      privateIPAddress = "string"
                      privateIPAllocationMethod = "string"
                      provisioningState = "string"
                      publicIPAddress = {
                        etag = "string"
                        id = "string"
                        location = "string"
                        properties = {
                          dnsSettings = {
                            domainNameLabel = "string"
                            fqdn = "string"
                            reverseFqdn = "string"
                          }
                          idleTimeoutInMinutes = int
                          ipAddress = "string"
                          ipConfiguration = {
                            etag = "string"
                            id = "string"
                            name = "string"
                            properties = {
                              privateIPAddress = "string"
                              privateIPAllocationMethod = "string"
                              provisioningState = "string"
                              publicIPAddress = ...
                              subnet = {
                                etag = "string"
                                id = "string"
                                name = "string"
                                properties = ...
                              }
                            }
                          }
                          provisioningState = "string"
                          publicIPAllocationMethod = "string"
                          resourceGuid = "string"
                        }
                        tags = {
                          {customized property} = "string"
                        }
                      }
                      subnet = {
                        etag = "string"
                        id = "string"
                        name = "string"
                        properties = ...
                      }
                    }
                  }
                ]
                macAddress = "string"
                networkSecurityGroup = ...
                primary = bool
                provisioningState = "string"
                resourceGuid = "string"
                virtualMachine = {
                  id = "string"
                }
              }
              tags = {
                {customized property} = "string"
              }
            }
          ]
          provisioningState = "string"
          resourceGuid = "string"
          securityRules = [
            {
              etag = "string"
              id = "string"
              name = "string"
              properties = {
                access = "string"
                description = "string"
                destinationAddressPrefix = "string"
                destinationPortRange = "string"
                direction = "string"
                priority = int
                protocol = "string"
                provisioningState = "string"
                sourceAddressPrefix = "string"
                sourcePortRange = "string"
              }
            }
          ]
          subnets = [
            {
              etag = "string"
              id = "string"
              name = "string"
              properties = ...
            }
          ]
        }
        tags = {
          {customized property} = "string"
        }
      }
      provisioningState = "string"
      routeTable = {
        etag = "string"
        id = "string"
        location = "string"
        properties = {
          provisioningState = "string"
          routes = [
            {
              etag = "string"
              id = "string"
              name = "string"
              properties = {
                addressPrefix = "string"
                nextHopIpAddress = "string"
                nextHopType = "string"
                provisioningState = "string"
              }
            }
          ]
          subnets = [
            {
              etag = "string"
              id = "string"
              name = "string"
              properties = ...
            }
          ]
        }
        tags = {
          {customized property} = "string"
        }
      }
    }
  })
}

Property values

BackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the backend address pool. BackendAddressPoolPropertiesFormat

BackendAddressPoolPropertiesFormat

Name Description Value
backendIPConfigurations Gets collection of references to IP addresses defined in network interfaces. NetworkInterfaceIPConfiguration[]
outboundNatRule Gets outbound rules that use this backend address pool. SubResource
provisioningState Get provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string

InboundNatRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the inbound NAT rule. InboundNatRulePropertiesFormat

InboundNatRulePropertiesFormat

Name Description Value
backendIPConfiguration A reference to a private IP address defined on a network interface of a VM. Traffic sent to the frontend port of each of the frontend IP configurations is forwarded to the backed IP. NetworkInterfaceIPConfiguration
backendPort The port used for the internal endpoint. Acceptable values range from 1 to 65535. int
enableFloatingIP Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. bool
frontendIPConfiguration A reference to frontend IP addresses. SubResource
frontendPort The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. int
idleTimeoutInMinutes The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. int
protocol The transport protocol for the endpoint. Possible values are: 'Udp' or 'Tcp' 'Tcp'
'Udp'
provisioningState Gets the provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string

IPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of IP configuration. IPConfigurationPropertiesFormat

IPConfigurationPropertiesFormat

Name Description Value
privateIPAddress The private IP address of the IP configuration. string
privateIPAllocationMethod The private IP allocation method. Possible values are 'Static' and 'Dynamic'. 'Dynamic'
'Static'
provisioningState Gets the provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
publicIPAddress The reference of the public IP resource. PublicIPAddress
subnet The reference of the subnet resource. Subnet

Microsoft.Network/virtualnetworks/subnets

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: virtualnetworks
properties SubnetPropertiesFormat
type The resource type "Microsoft.Network/virtualnetworks/subnets@2015-06-15"

NetworkInterface

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
location Resource location. string
properties NetworkInterface properties. NetworkInterfacePropertiesFormat
tags Resource tags. ResourceTags

NetworkInterfaceDnsSettings

Name Description Value
appliedDnsServers If the VM that uses this NIC is part of an Availability Set, then this list will have the union of all DNS servers from all NICs that are part of the Availability Set. This property is what is configured on each of those VMs. string[]
dnsServers List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection. string[]
internalDnsNameLabel Relative DNS name for this NIC used for internal communications between VMs in the same virtual network. string
internalFqdn Fully qualified DNS name supporting internal communications between VMs in the same virtual network. string

NetworkInterfaceIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of IP configuration. NetworkInterfaceIPConfigurationPropertiesFormat

NetworkInterfaceIPConfigurationPropertiesFormat

Name Description Value
loadBalancerBackendAddressPools The reference of LoadBalancerBackendAddressPool resource. BackendAddressPool[]
loadBalancerInboundNatRules A list of references of LoadBalancerInboundNatRules. InboundNatRule[]
primary Gets whether this is a primary customer address on the network interface. bool
privateIPAddress string
privateIPAllocationMethod Defines how a private IP address is assigned. Possible values are: 'Static' and 'Dynamic'. 'Dynamic'
'Static'
provisioningState string
publicIPAddress Public IP address resource. PublicIPAddress
subnet Subnet in a virtual network resource. Subnet

NetworkInterfacePropertiesFormat

Name Description Value
dnsSettings The DNS settings in network interface. NetworkInterfaceDnsSettings
enableIPForwarding Indicates whether IP forwarding is enabled on this network interface. bool
ipConfigurations A list of IPConfigurations of the network interface. NetworkInterfaceIPConfiguration[]
macAddress The MAC address of the network interface. string
networkSecurityGroup The reference of the NetworkSecurityGroup resource. NetworkSecurityGroup
primary Gets whether this is a primary network interface on a virtual machine. bool
provisioningState The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
resourceGuid The resource GUID property of the network interface resource. string
virtualMachine The reference of a virtual machine. SubResource

NetworkSecurityGroup

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
location Resource location. string
properties Network Security Group resource. NetworkSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

NetworkSecurityGroupPropertiesFormat

Name Description Value
defaultSecurityRules The default security rules of network security group. SecurityRule[]
networkInterfaces A collection of references to network interfaces. NetworkInterface[]
provisioningState The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
resourceGuid The resource GUID property of the network security group resource. string
securityRules A collection of security rules of the network security group. SecurityRule[]
subnets A collection of references to subnets. Subnet[]

PublicIPAddress

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
location Resource location. string
properties Public IP address properties. PublicIPAddressPropertiesFormat
tags Resource tags. ResourceTags

PublicIPAddressDnsSettings

Name Description Value
domainNameLabel Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. string
fqdn Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. string
reverseFqdn Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. string

PublicIPAddressPropertiesFormat

Name Description Value
dnsSettings The FQDN of the DNS record associated with the public IP address. PublicIPAddressDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipAddress string
ipConfiguration IPConfiguration IPConfiguration
provisioningState The provisioning state of the PublicIP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
publicIPAllocationMethod The public IP allocation method. Possible values are: 'Static' and 'Dynamic'. 'Dynamic'
'Static'
resourceGuid The resource GUID property of the public IP resource. string

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

Route

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Route resource RoutePropertiesFormat

RoutePropertiesFormat

Name Description Value
addressPrefix The destination CIDR to which the route applies. string
nextHopIpAddress The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType The type of Azure hop the packet should be sent to. Possible values are: 'VirtualNetworkGateway', 'VnetLocal', 'Internet', 'VirtualAppliance', and 'None' 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)
provisioningState The provisioning state of the resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string

RouteTable

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
location Resource location. string
properties Route Table resource RouteTablePropertiesFormat
tags Resource tags. ResourceTags

RouteTablePropertiesFormat

Name Description Value
provisioningState The provisioning state of the resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
routes Collection of routes contained within a route table. Route[]
subnets A collection of references to subnets. Subnet[]

SecurityRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. Possible values are: 'Allow' and 'Deny'. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string (required)
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are: 'Inbound' and 'Outbound'. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Network protocol this rule applies to. Possible values are 'Tcp', 'Udp', and '*'. '*'
'Tcp'
'Udp' (required)
provisioningState The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string (required)
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string

Subnet

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource Identifier. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties SubnetPropertiesFormat

SubnetPropertiesFormat

Name Description Value
addressPrefix The address prefix for the subnet. string
ipConfigurations Gets an array of references to the network interface IP configurations using subnet. IPConfiguration[]
networkSecurityGroup The reference of the NetworkSecurityGroup resource. NetworkSecurityGroup
provisioningState The provisioning state of the resource. string
routeTable The reference of the RouteTable resource. RouteTable

SubResource

Name Description Value
id Resource Identifier. string