共用方式為


Microsoft.Network virtualNetworks/subnets 2016-03-30

Remarks

For guidance on creating virtual networks and subnets, see Create virtual network resources by using Bicep.

Bicep resource definition

The virtualNetworks/subnets resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualNetworks/subnets resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/virtualNetworks/subnets@2016-03-30' = {
  etag: 'string'
  name: 'string'
  properties: {
    addressPrefix: 'string'
    ipConfigurations: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          privateIPAddress: 'string'
          privateIPAllocationMethod: 'string'
          provisioningState: 'string'
          publicIPAddress: {
            etag: 'string'
            id: 'string'
            location: 'string'
            properties: {
              dnsSettings: {
                domainNameLabel: 'string'
                fqdn: 'string'
                reverseFqdn: 'string'
              }
              idleTimeoutInMinutes: int
              ipAddress: 'string'
              ipConfiguration: ...
              provisioningState: 'string'
              publicIPAddressVersion: 'string'
              publicIPAllocationMethod: 'string'
              resourceGuid: 'string'
            }
            tags: {
              {customized property}: 'string'
            }
          }
          subnet: {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: ...
          }
        }
      }
    ]
    networkSecurityGroup: {
      etag: 'string'
      id: 'string'
      location: 'string'
      properties: {
        defaultSecurityRules: [
          {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: {
              access: 'string'
              description: 'string'
              destinationAddressPrefix: 'string'
              destinationPortRange: 'string'
              direction: 'string'
              priority: int
              protocol: 'string'
              provisioningState: 'string'
              sourceAddressPrefix: 'string'
              sourcePortRange: 'string'
            }
          }
        ]
        networkInterfaces: [
          {
            etag: 'string'
            id: 'string'
            location: 'string'
            properties: {
              dnsSettings: {
                appliedDnsServers: [
                  'string'
                ]
                dnsServers: [
                  'string'
                ]
                internalDnsNameLabel: 'string'
                internalDomainNameSuffix: 'string'
                internalFqdn: 'string'
              }
              enableIPForwarding: bool
              ipConfigurations: [
                {
                  etag: 'string'
                  id: 'string'
                  name: 'string'
                  properties: {
                    applicationGatewayBackendAddressPools: [
                      {
                        etag: 'string'
                        id: 'string'
                        name: 'string'
                        properties: {
                          backendAddresses: [
                            {
                              fqdn: 'string'
                              ipAddress: 'string'
                            }
                          ]
                          backendIPConfigurations: [
                            ...
                          ]
                          provisioningState: 'string'
                        }
                      }
                    ]
                    loadBalancerBackendAddressPools: [
                      {
                        etag: 'string'
                        id: 'string'
                        name: 'string'
                        properties: {
                          backendIPConfigurations: [
                            ...
                          ]
                          loadBalancingRules: [
                            {
                              id: 'string'
                            }
                          ]
                          outboundNatRule: {
                            id: 'string'
                          }
                          provisioningState: 'string'
                        }
                      }
                    ]
                    loadBalancerInboundNatRules: [
                      {
                        etag: 'string'
                        id: 'string'
                        name: 'string'
                        properties: {
                          backendIPConfiguration: ...
                          backendPort: int
                          enableFloatingIP: bool
                          frontendIPConfiguration: {
                            id: 'string'
                          }
                          frontendPort: int
                          idleTimeoutInMinutes: int
                          protocol: 'string'
                          provisioningState: 'string'
                        }
                      }
                    ]
                    primary: bool
                    privateIPAddress: 'string'
                    privateIPAddressVersion: 'string'
                    privateIPAllocationMethod: 'string'
                    provisioningState: 'string'
                    publicIPAddress: {
                      etag: 'string'
                      id: 'string'
                      location: 'string'
                      properties: {
                        dnsSettings: {
                          domainNameLabel: 'string'
                          fqdn: 'string'
                          reverseFqdn: 'string'
                        }
                        idleTimeoutInMinutes: int
                        ipAddress: 'string'
                        ipConfiguration: {
                          etag: 'string'
                          id: 'string'
                          name: 'string'
                          properties: {
                            privateIPAddress: 'string'
                            privateIPAllocationMethod: 'string'
                            provisioningState: 'string'
                            publicIPAddress: ...
                            subnet: {
                              etag: 'string'
                              id: 'string'
                              name: 'string'
                              properties: ...
                            }
                          }
                        }
                        provisioningState: 'string'
                        publicIPAddressVersion: 'string'
                        publicIPAllocationMethod: 'string'
                        resourceGuid: 'string'
                      }
                      tags: {
                        {customized property}: 'string'
                      }
                    }
                    subnet: {
                      etag: 'string'
                      id: 'string'
                      name: 'string'
                      properties: ...
                    }
                  }
                }
              ]
              macAddress: 'string'
              networkSecurityGroup: ...
              primary: bool
              provisioningState: 'string'
              resourceGuid: 'string'
              virtualMachine: {
                id: 'string'
              }
            }
            tags: {
              {customized property}: 'string'
            }
          }
        ]
        provisioningState: 'string'
        resourceGuid: 'string'
        securityRules: [
          {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: {
              access: 'string'
              description: 'string'
              destinationAddressPrefix: 'string'
              destinationPortRange: 'string'
              direction: 'string'
              priority: int
              protocol: 'string'
              provisioningState: 'string'
              sourceAddressPrefix: 'string'
              sourcePortRange: 'string'
            }
          }
        ]
        subnets: [
          {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: ...
          }
        ]
      }
      tags: {
        {customized property}: 'string'
      }
    }
    provisioningState: 'string'
    routeTable: {
      etag: 'string'
      id: 'string'
      location: 'string'
      properties: {
        provisioningState: 'string'
        routes: [
          {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: {
              addressPrefix: 'string'
              nextHopIpAddress: 'string'
              nextHopType: 'string'
              provisioningState: 'string'
            }
          }
        ]
        subnets: [
          {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: ...
          }
        ]
      }
      tags: {
        {customized property}: 'string'
      }
    }
  }
}

Property values

ApplicationGatewayBackendAddress

Name Description Value
fqdn Gets or sets the dns name string
ipAddress Gets or sets the ip address string

ApplicationGatewayBackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of Backend Address Pool of application gateway ApplicationGatewayBackendAddressPoolPropertiesFormat

ApplicationGatewayBackendAddressPoolPropertiesFormat

Name Description Value
backendAddresses Gets or sets the backend addresses ApplicationGatewayBackendAddress[]
backendIPConfigurations Gets collection of references to IPs defined in NICs NetworkInterfaceIPConfiguration[]
provisioningState Gets or sets Provisioning state of the backend address pool resource Updating/Deleting/Failed string

BackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of BackendAddressPool BackendAddressPoolPropertiesFormat

BackendAddressPoolPropertiesFormat

Name Description Value
backendIPConfigurations Gets collection of references to IPs defined in NICs NetworkInterfaceIPConfiguration[]
loadBalancingRules Gets Load Balancing rules that use this Backend Address Pool SubResource[]
outboundNatRule Gets outbound rules that use this Backend Address Pool SubResource
provisioningState Provisioning state of the PublicIP resource Updating/Deleting/Failed string

InboundNatRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of Inbound NAT rule InboundNatRulePropertiesFormat

InboundNatRulePropertiesFormat

Name Description Value
backendIPConfiguration Gets or sets a reference to a private ip address defined on a NetworkInterface of a VM. Traffic sent to frontendPort of each of the frontendIPConfigurations is forwarded to the backed IP NetworkInterfaceIPConfiguration
backendPort Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API int
enableFloatingIP Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn availability Group. This setting is required when using the SQL Always ON availability Groups in SQL server. This setting can't be changed after you create the endpoint bool
frontendIPConfiguration Gets or sets a reference to frontend IP Addresses SubResource
frontendPort Gets or sets the port for the external endpoint. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive int
idleTimeoutInMinutes Gets or sets the timeout for the Tcp idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to Tcp int
protocol Gets or sets the transport protocol for the external endpoint. Possible values are Udp or Tcp 'Tcp'
'Udp'
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string

IPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of IPConfiguration IPConfigurationPropertiesFormat

IPConfigurationPropertiesFormat

Name Description Value
privateIPAddress Gets or sets the privateIPAddress of the IP Configuration string
privateIPAllocationMethod Gets or sets PrivateIP allocation method (Static/Dynamic) 'Dynamic'
'Static'
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
publicIPAddress Gets or sets the reference of the PublicIP resource PublicIPAddress
subnet Gets or sets the reference of the subnet resource Subnet

Microsoft.Network/virtualNetworks/subnets

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: virtualNetworks
properties SubnetPropertiesFormat

NetworkInterface

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated string
id Resource Id string
location Resource location string
properties NetworkInterface properties. NetworkInterfacePropertiesFormat
tags Resource tags ResourceTags

NetworkInterfaceDnsSettings

Name Description Value
appliedDnsServers Gets or sets list of Applied DNS servers IP addresses string[]
dnsServers Gets or sets list of DNS servers IP addresses string[]
internalDnsNameLabel Gets or sets the Internal DNS name string
internalDomainNameSuffix Gets or sets internal domain name suffix of the NIC. string
internalFqdn Gets or sets the internal FQDN. string

NetworkInterfaceIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of IPConfiguration NetworkInterfaceIPConfigurationPropertiesFormat

NetworkInterfaceIPConfigurationPropertiesFormat

Name Description Value
applicationGatewayBackendAddressPools Gets or sets the reference of ApplicationGatewayBackendAddressPool resource ApplicationGatewayBackendAddressPool[]
loadBalancerBackendAddressPools Gets or sets the reference of LoadBalancerBackendAddressPool resource BackendAddressPool[]
loadBalancerInboundNatRules Gets or sets list of references of LoadBalancerInboundNatRules InboundNatRule[]
primary Gets whether this is a primary customer address on the NIC bool
privateIPAddress string
privateIPAddressVersion Gets or sets PrivateIP address version (IPv4/IPv6) 'IPv4'
'IPv6'
privateIPAllocationMethod Gets or sets PrivateIP allocation method (Static/Dynamic) 'Dynamic'
'Static'
provisioningState string
publicIPAddress PublicIPAddress resource PublicIPAddress
subnet Subnet in a VirtualNetwork resource Subnet

NetworkInterfacePropertiesFormat

Name Description Value
dnsSettings Gets or sets DNS Settings in NetworkInterface NetworkInterfaceDnsSettings
enableIPForwarding Gets or sets whether IPForwarding is enabled on the NIC bool
ipConfigurations Gets or sets list of IPConfigurations of the NetworkInterface NetworkInterfaceIPConfiguration[]
macAddress Gets the MAC Address of the network interface string
networkSecurityGroup Gets or sets the reference of the NetworkSecurityGroup resource NetworkSecurityGroup
primary Gets whether this is a primary NIC on a virtual machine bool
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
resourceGuid Gets or sets resource GUID property of the network interface resource string
virtualMachine Gets or sets the reference of a VirtualMachine SubResource

NetworkSecurityGroup

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated string
id Resource Id string
location Resource location string
properties Network Security Group resource NetworkSecurityGroupPropertiesFormat
tags Resource tags ResourceTags

NetworkSecurityGroupPropertiesFormat

Name Description Value
defaultSecurityRules Gets or sets Default security rules of network security group SecurityRule[]
networkInterfaces Gets collection of references to Network Interfaces NetworkInterface[]
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
resourceGuid Gets or sets resource GUID property of the network security group resource string
securityRules Gets or sets Security rules of network security group SecurityRule[]
subnets Gets collection of references to subnets Subnet[]

PublicIPAddress

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated string
id Resource Id string
location Resource location string
properties PublicIpAddress properties PublicIPAddressPropertiesFormat
tags Resource tags ResourceTags

PublicIPAddressDnsSettings

Name Description Value
domainNameLabel Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. string
fqdn Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. string
reverseFqdn Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. string

PublicIPAddressPropertiesFormat

Name Description Value
dnsSettings Gets or sets FQDN of the DNS record associated with the public IP address PublicIPAddressDnsSettings
idleTimeoutInMinutes Gets or sets the idle timeout of the public IP address int
ipAddress string
ipConfiguration IPConfiguration IPConfiguration
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
publicIPAddressVersion Gets or sets PublicIP address version (IPv4/IPv6) 'IPv4'
'IPv6'
publicIPAllocationMethod Gets or sets PublicIP allocation method (Static/Dynamic) 'Dynamic'
'Static'
resourceGuid Gets or sets resource GUID property of the PublicIP resource string

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

Route

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Route resource RoutePropertiesFormat

RoutePropertiesFormat

Name Description Value
addressPrefix Gets or sets the destination CIDR to which the route applies. string
nextHopIpAddress Gets or sets the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType Gets or sets the type of Azure hop the packet should be sent to. 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)
provisioningState Gets or sets Provisioning state of the resource Updating/Deleting/Failed string

RouteTable

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated string
id Resource Id string
location Resource location string
properties Route Table resource RouteTablePropertiesFormat
tags Resource tags ResourceTags

RouteTablePropertiesFormat

Name Description Value
provisioningState Gets or sets Provisioning state of the resource Updating/Deleting/Failed string
routes Gets or sets Routes in a Route Table Route[]
subnets Gets collection of references to subnets Subnet[]

SecurityRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access Gets or sets network traffic is allowed or denied. Possible values are 'Allow' and 'Deny' 'Allow'
'Deny' (required)
description Gets or sets a description for this rule. Restricted to 140 chars. string
destinationAddressPrefix Gets or sets destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string (required)
destinationPortRange Gets or sets Destination Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
direction Gets or sets the direction of the rule.InBound or Outbound. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority Gets or sets the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Gets or sets Network protocol this rule applies to. Can be Tcp, Udp or All(*). '*'
'Tcp'
'Udp' (required)
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
sourceAddressPrefix Gets or sets source address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string (required)
sourcePortRange Gets or sets Source Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string

Subnet

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties SubnetPropertiesFormat

SubnetPropertiesFormat

Name Description Value
addressPrefix Gets or sets Address prefix for the subnet. string
ipConfigurations Gets array of references to the network interface IP configurations using subnet IPConfiguration[]
networkSecurityGroup Gets or sets the reference of the NetworkSecurityGroup resource NetworkSecurityGroup
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
routeTable Gets or sets the reference of the RouteTable resource RouteTable

SubResource

Name Description Value
id Resource Id string

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Add a subnet to an existing VNET This template allows you to add a subnet to an existing VNET. Deploy into the resource group of the existing VNET
Azure Bastion as a Service This template provisions Azure Bastion in a Virtual Network
Azure Bastion as a Service with NSG This template provisions Azure Bastion in a Virtual Network
Azure Batch pool without public IP addresses This template creates Azure Batch simplified node communication pool without public IP addresses.
Azure Cloud Shell - VNet This template deploys Azure Cloud Shell resources into an Azure virtual network.
Azure Container Instances - VNet Deploy a container instance into an Azure virtual network.
Azure Game Developer Virtual Machine Scale Set Azure Game Developer Virtual Machine Scale Set includes Licencsed Engines like Unreal.
Azure Machine Learning end-to-end secure setup This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy) This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Create a cross-region load balancer This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region.
Create a Route Server in a New Subnet This template deploys a Route Server into a subnet named RouteServerSubnet.
Create a standard internal load balancer This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80
Create a standard load-balancer This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone.
Create AKS with Prometheus and Grafana with privae link This will create an Azure grafana, AKS and install Prometheus, an open-source monitoring and alerting toolkit, on an Azure Kubernetes Service (AKS) cluster. Then you use Azure Managed Grafana's managed private endpoint to connect to this Prometheus server and display the Prometheus data in a Grafana dashboard
Create an AppServicePlan and App in an ASEv3 Create an AppServicePlan and App in an ASEv3
Create an Azure Firewall with multiple IP public addresses This template creates an Azure Firewall with two public IP addresses and two Windows Server 2019 servers to test.
Create an Azure Machine Learning service workspace (legacy) This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Machine Learning service workspace (vnet) This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create sandbox of Azure Firewall, client VM, and server VM This template creates a virtual network with 2 subnets (server subnet and AzureFirewall subnet), A server VM, a client VM, a public IP address for each VM, and a route table to send traffic between VMs through the firewall.
Creates a Cross-tenant Private Endpoint resource This template allows you to create Priavate Endpoint resource within the same or cross-tenant environment and add dns zone configuration.
Creates AVD with Microsoft Entra ID Join This template allows you to create Azure Virtual Desktop resources such as host pool, application group, workspace, a test session host and its extensions with Microsoft Entra ID join
Deploy a simple Windows VM with tags This template will deploy a D2_v3 Windows VM, NIC, Storage Account, Virtual Network, Public IP Address, and Network Security Group. The tag object is created in the variables and will be applied on all resources, where applicable.
Deploy Azure Database for MySQL with VNet This template provides a way to deploy an Azure database for MySQL with VNet integration.
Deploy Azure Database for PostgreSQL (flexible) with VNet This template provides a way to deploy a Flexible server Azure database for PostgreSQL with VNet integration.
Deploy Azure Database for PostgreSQL with VNet This template provides a way to deploy an Azure database for PostgreSQL with VNet integration.
Deploy Azure Database Migration Service (DMS) Azure Database Migration Service is a fully managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime (online migrations).
Deploy MySQL Flexible Server with Private Endpoint This template provides a way to deploy a Azure Database for MySQL Flexible Server with Private Endpoint.
Deploy MySQL Flexible Server with Vnet Integration This template provides a way to deploy a Azure database for MySQL Flexible Server with VNet Integration.
GitLab Omnibus This template simplifies the deployment of GitLab Omnibus on a Virtual Machine with a public DNS, leveraging the public IP's DNS. It utilizes the Standard_F8s_v2 instance size, which aligns with reference architecture and supports up to 1000 users (20 RPS). The instance is pre-configured to use HTTPS with a Let's Encrypt certificate for secure connections.
Private Endpoint example This template shows how to create a private endpoint pointing to Azure SQL Server
Secured virtual hubs This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet.
SharePoint Subscription / 2019 / 2016 fully configured Create a DC, a SQL Server 2022, and from 1 to 5 server(s) hosting a SharePoint Subscription / 2019 / 2016 farm with an extensive configuration, including trusted authentication, user profiles with personal sites, an OAuth trust (using a certificate), a dedicated IIS site for hosting high-trust add-ins, etc... The latest version of key softwares (including Fiddler, vscode, np++, 7zip, ULS Viewer) is installed. SharePoint machines have additional fine-tuning to make them immediately usable (remote administration tools, custom policies for Edge and Chrome, shortcuts, etc...).
Virtual Network NAT with VM Deploy a NAT gateway and virtual machine

ARM template resource definition

The virtualNetworks/subnets resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualNetworks/subnets resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/virtualNetworks/subnets",
  "apiVersion": "2016-03-30",
  "name": "string",
  "etag": "string",
  "properties": {
    "addressPrefix": "string",
    "ipConfigurations": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "privateIPAddress": "string",
          "privateIPAllocationMethod": "string",
          "provisioningState": "string",
          "publicIPAddress": {
            "etag": "string",
            "id": "string",
            "location": "string",
            "properties": {
              "dnsSettings": {
                "domainNameLabel": "string",
                "fqdn": "string",
                "reverseFqdn": "string"
              },
              "idleTimeoutInMinutes": "int",
              "ipAddress": "string",
              "ipConfiguration": ...,
              "provisioningState": "string",
              "publicIPAddressVersion": "string",
              "publicIPAllocationMethod": "string",
              "resourceGuid": "string"
            },
            "tags": {
              "{customized property}": "string"
            }
          },
          "subnet": {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": ...
          }
        }
      }
    ],
    "networkSecurityGroup": {
      "etag": "string",
      "id": "string",
      "location": "string",
      "properties": {
        "defaultSecurityRules": [
          {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": {
              "access": "string",
              "description": "string",
              "destinationAddressPrefix": "string",
              "destinationPortRange": "string",
              "direction": "string",
              "priority": "int",
              "protocol": "string",
              "provisioningState": "string",
              "sourceAddressPrefix": "string",
              "sourcePortRange": "string"
            }
          }
        ],
        "networkInterfaces": [
          {
            "etag": "string",
            "id": "string",
            "location": "string",
            "properties": {
              "dnsSettings": {
                "appliedDnsServers": [ "string" ],
                "dnsServers": [ "string" ],
                "internalDnsNameLabel": "string",
                "internalDomainNameSuffix": "string",
                "internalFqdn": "string"
              },
              "enableIPForwarding": "bool",
              "ipConfigurations": [
                {
                  "etag": "string",
                  "id": "string",
                  "name": "string",
                  "properties": {
                    "applicationGatewayBackendAddressPools": [
                      {
                        "etag": "string",
                        "id": "string",
                        "name": "string",
                        "properties": {
                          "backendAddresses": [
                            {
                              "fqdn": "string",
                              "ipAddress": "string"
                            }
                          ],
                          "backendIPConfigurations": [
                            ...
                          ],
                          "provisioningState": "string"
                        }
                      }
                    ],
                    "loadBalancerBackendAddressPools": [
                      {
                        "etag": "string",
                        "id": "string",
                        "name": "string",
                        "properties": {
                          "backendIPConfigurations": [
                            ...
                          ],
                          "loadBalancingRules": [
                            {
                              "id": "string"
                            }
                          ],
                          "outboundNatRule": {
                            "id": "string"
                          },
                          "provisioningState": "string"
                        }
                      }
                    ],
                    "loadBalancerInboundNatRules": [
                      {
                        "etag": "string",
                        "id": "string",
                        "name": "string",
                        "properties": {
                          "backendIPConfiguration": ...,
                          "backendPort": "int",
                          "enableFloatingIP": "bool",
                          "frontendIPConfiguration": {
                            "id": "string"
                          },
                          "frontendPort": "int",
                          "idleTimeoutInMinutes": "int",
                          "protocol": "string",
                          "provisioningState": "string"
                        }
                      }
                    ],
                    "primary": "bool",
                    "privateIPAddress": "string",
                    "privateIPAddressVersion": "string",
                    "privateIPAllocationMethod": "string",
                    "provisioningState": "string",
                    "publicIPAddress": {
                      "etag": "string",
                      "id": "string",
                      "location": "string",
                      "properties": {
                        "dnsSettings": {
                          "domainNameLabel": "string",
                          "fqdn": "string",
                          "reverseFqdn": "string"
                        },
                        "idleTimeoutInMinutes": "int",
                        "ipAddress": "string",
                        "ipConfiguration": {
                          "etag": "string",
                          "id": "string",
                          "name": "string",
                          "properties": {
                            "privateIPAddress": "string",
                            "privateIPAllocationMethod": "string",
                            "provisioningState": "string",
                            "publicIPAddress": ...,
                            "subnet": {
                              "etag": "string",
                              "id": "string",
                              "name": "string",
                              "properties": ...
                            }
                          }
                        },
                        "provisioningState": "string",
                        "publicIPAddressVersion": "string",
                        "publicIPAllocationMethod": "string",
                        "resourceGuid": "string"
                      },
                      "tags": {
                        "{customized property}": "string"
                      }
                    },
                    "subnet": {
                      "etag": "string",
                      "id": "string",
                      "name": "string",
                      "properties": ...
                    }
                  }
                }
              ],
              "macAddress": "string",
              "networkSecurityGroup": ...,
              "primary": "bool",
              "provisioningState": "string",
              "resourceGuid": "string",
              "virtualMachine": {
                "id": "string"
              }
            },
            "tags": {
              "{customized property}": "string"
            }
          }
        ],
        "provisioningState": "string",
        "resourceGuid": "string",
        "securityRules": [
          {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": {
              "access": "string",
              "description": "string",
              "destinationAddressPrefix": "string",
              "destinationPortRange": "string",
              "direction": "string",
              "priority": "int",
              "protocol": "string",
              "provisioningState": "string",
              "sourceAddressPrefix": "string",
              "sourcePortRange": "string"
            }
          }
        ],
        "subnets": [
          {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": ...
          }
        ]
      },
      "tags": {
        "{customized property}": "string"
      }
    },
    "provisioningState": "string",
    "routeTable": {
      "etag": "string",
      "id": "string",
      "location": "string",
      "properties": {
        "provisioningState": "string",
        "routes": [
          {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": {
              "addressPrefix": "string",
              "nextHopIpAddress": "string",
              "nextHopType": "string",
              "provisioningState": "string"
            }
          }
        ],
        "subnets": [
          {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": ...
          }
        ]
      },
      "tags": {
        "{customized property}": "string"
      }
    }
  }
}

Property values

ApplicationGatewayBackendAddress

Name Description Value
fqdn Gets or sets the dns name string
ipAddress Gets or sets the ip address string

ApplicationGatewayBackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of Backend Address Pool of application gateway ApplicationGatewayBackendAddressPoolPropertiesFormat

ApplicationGatewayBackendAddressPoolPropertiesFormat

Name Description Value
backendAddresses Gets or sets the backend addresses ApplicationGatewayBackendAddress[]
backendIPConfigurations Gets collection of references to IPs defined in NICs NetworkInterfaceIPConfiguration[]
provisioningState Gets or sets Provisioning state of the backend address pool resource Updating/Deleting/Failed string

BackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of BackendAddressPool BackendAddressPoolPropertiesFormat

BackendAddressPoolPropertiesFormat

Name Description Value
backendIPConfigurations Gets collection of references to IPs defined in NICs NetworkInterfaceIPConfiguration[]
loadBalancingRules Gets Load Balancing rules that use this Backend Address Pool SubResource[]
outboundNatRule Gets outbound rules that use this Backend Address Pool SubResource
provisioningState Provisioning state of the PublicIP resource Updating/Deleting/Failed string

InboundNatRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of Inbound NAT rule InboundNatRulePropertiesFormat

InboundNatRulePropertiesFormat

Name Description Value
backendIPConfiguration Gets or sets a reference to a private ip address defined on a NetworkInterface of a VM. Traffic sent to frontendPort of each of the frontendIPConfigurations is forwarded to the backed IP NetworkInterfaceIPConfiguration
backendPort Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API int
enableFloatingIP Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn availability Group. This setting is required when using the SQL Always ON availability Groups in SQL server. This setting can't be changed after you create the endpoint bool
frontendIPConfiguration Gets or sets a reference to frontend IP Addresses SubResource
frontendPort Gets or sets the port for the external endpoint. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive int
idleTimeoutInMinutes Gets or sets the timeout for the Tcp idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to Tcp int
protocol Gets or sets the transport protocol for the external endpoint. Possible values are Udp or Tcp 'Tcp'
'Udp'
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string

IPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of IPConfiguration IPConfigurationPropertiesFormat

IPConfigurationPropertiesFormat

Name Description Value
privateIPAddress Gets or sets the privateIPAddress of the IP Configuration string
privateIPAllocationMethod Gets or sets PrivateIP allocation method (Static/Dynamic) 'Dynamic'
'Static'
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
publicIPAddress Gets or sets the reference of the PublicIP resource PublicIPAddress
subnet Gets or sets the reference of the subnet resource Subnet

Microsoft.Network/virtualNetworks/subnets

Name Description Value
apiVersion The api version '2016-03-30'
etag A unique read-only string that changes whenever the resource is updated string
name The resource name string (required)
properties SubnetPropertiesFormat
type The resource type 'Microsoft.Network/virtualNetworks/subnets'

NetworkInterface

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated string
id Resource Id string
location Resource location string
properties NetworkInterface properties. NetworkInterfacePropertiesFormat
tags Resource tags ResourceTags

NetworkInterfaceDnsSettings

Name Description Value
appliedDnsServers Gets or sets list of Applied DNS servers IP addresses string[]
dnsServers Gets or sets list of DNS servers IP addresses string[]
internalDnsNameLabel Gets or sets the Internal DNS name string
internalDomainNameSuffix Gets or sets internal domain name suffix of the NIC. string
internalFqdn Gets or sets the internal FQDN. string

NetworkInterfaceIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of IPConfiguration NetworkInterfaceIPConfigurationPropertiesFormat

NetworkInterfaceIPConfigurationPropertiesFormat

Name Description Value
applicationGatewayBackendAddressPools Gets or sets the reference of ApplicationGatewayBackendAddressPool resource ApplicationGatewayBackendAddressPool[]
loadBalancerBackendAddressPools Gets or sets the reference of LoadBalancerBackendAddressPool resource BackendAddressPool[]
loadBalancerInboundNatRules Gets or sets list of references of LoadBalancerInboundNatRules InboundNatRule[]
primary Gets whether this is a primary customer address on the NIC bool
privateIPAddress string
privateIPAddressVersion Gets or sets PrivateIP address version (IPv4/IPv6) 'IPv4'
'IPv6'
privateIPAllocationMethod Gets or sets PrivateIP allocation method (Static/Dynamic) 'Dynamic'
'Static'
provisioningState string
publicIPAddress PublicIPAddress resource PublicIPAddress
subnet Subnet in a VirtualNetwork resource Subnet

NetworkInterfacePropertiesFormat

Name Description Value
dnsSettings Gets or sets DNS Settings in NetworkInterface NetworkInterfaceDnsSettings
enableIPForwarding Gets or sets whether IPForwarding is enabled on the NIC bool
ipConfigurations Gets or sets list of IPConfigurations of the NetworkInterface NetworkInterfaceIPConfiguration[]
macAddress Gets the MAC Address of the network interface string
networkSecurityGroup Gets or sets the reference of the NetworkSecurityGroup resource NetworkSecurityGroup
primary Gets whether this is a primary NIC on a virtual machine bool
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
resourceGuid Gets or sets resource GUID property of the network interface resource string
virtualMachine Gets or sets the reference of a VirtualMachine SubResource

NetworkSecurityGroup

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated string
id Resource Id string
location Resource location string
properties Network Security Group resource NetworkSecurityGroupPropertiesFormat
tags Resource tags ResourceTags

NetworkSecurityGroupPropertiesFormat

Name Description Value
defaultSecurityRules Gets or sets Default security rules of network security group SecurityRule[]
networkInterfaces Gets collection of references to Network Interfaces NetworkInterface[]
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
resourceGuid Gets or sets resource GUID property of the network security group resource string
securityRules Gets or sets Security rules of network security group SecurityRule[]
subnets Gets collection of references to subnets Subnet[]

PublicIPAddress

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated string
id Resource Id string
location Resource location string
properties PublicIpAddress properties PublicIPAddressPropertiesFormat
tags Resource tags ResourceTags

PublicIPAddressDnsSettings

Name Description Value
domainNameLabel Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. string
fqdn Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. string
reverseFqdn Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. string

PublicIPAddressPropertiesFormat

Name Description Value
dnsSettings Gets or sets FQDN of the DNS record associated with the public IP address PublicIPAddressDnsSettings
idleTimeoutInMinutes Gets or sets the idle timeout of the public IP address int
ipAddress string
ipConfiguration IPConfiguration IPConfiguration
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
publicIPAddressVersion Gets or sets PublicIP address version (IPv4/IPv6) 'IPv4'
'IPv6'
publicIPAllocationMethod Gets or sets PublicIP allocation method (Static/Dynamic) 'Dynamic'
'Static'
resourceGuid Gets or sets resource GUID property of the PublicIP resource string

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

Route

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Route resource RoutePropertiesFormat

RoutePropertiesFormat

Name Description Value
addressPrefix Gets or sets the destination CIDR to which the route applies. string
nextHopIpAddress Gets or sets the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType Gets or sets the type of Azure hop the packet should be sent to. 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)
provisioningState Gets or sets Provisioning state of the resource Updating/Deleting/Failed string

RouteTable

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated string
id Resource Id string
location Resource location string
properties Route Table resource RouteTablePropertiesFormat
tags Resource tags ResourceTags

RouteTablePropertiesFormat

Name Description Value
provisioningState Gets or sets Provisioning state of the resource Updating/Deleting/Failed string
routes Gets or sets Routes in a Route Table Route[]
subnets Gets collection of references to subnets Subnet[]

SecurityRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access Gets or sets network traffic is allowed or denied. Possible values are 'Allow' and 'Deny' 'Allow'
'Deny' (required)
description Gets or sets a description for this rule. Restricted to 140 chars. string
destinationAddressPrefix Gets or sets destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string (required)
destinationPortRange Gets or sets Destination Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
direction Gets or sets the direction of the rule.InBound or Outbound. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority Gets or sets the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Gets or sets Network protocol this rule applies to. Can be Tcp, Udp or All(*). '*'
'Tcp'
'Udp' (required)
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
sourceAddressPrefix Gets or sets source address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string (required)
sourcePortRange Gets or sets Source Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string

Subnet

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties SubnetPropertiesFormat

SubnetPropertiesFormat

Name Description Value
addressPrefix Gets or sets Address prefix for the subnet. string
ipConfigurations Gets array of references to the network interface IP configurations using subnet IPConfiguration[]
networkSecurityGroup Gets or sets the reference of the NetworkSecurityGroup resource NetworkSecurityGroup
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
routeTable Gets or sets the reference of the RouteTable resource RouteTable

SubResource

Name Description Value
id Resource Id string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Add a subnet to an existing VNET

Deploy to Azure
This template allows you to add a subnet to an existing VNET. Deploy into the resource group of the existing VNET
Add an NSG with Redis security rules to an existing subnet

Deploy to Azure
This template allows you to add an NSG with preconfigured Azure Redis Cache security rules to an existing subnet within a VNET. Deploy into the resource group of the existing VNET.
App Service Environment with Azure SQL backend

Deploy to Azure
This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment.
Azure Bastion as a Service

Deploy to Azure
This template provisions Azure Bastion in a Virtual Network
Azure Bastion as a Service with NSG

Deploy to Azure
This template provisions Azure Bastion in a Virtual Network
Azure Batch pool without public IP addresses

Deploy to Azure
This template creates Azure Batch simplified node communication pool without public IP addresses.
Azure Cloud Shell - VNet

Deploy to Azure
This template deploys Azure Cloud Shell resources into an Azure virtual network.
Azure Container Instances - VNet

Deploy to Azure
Deploy a container instance into an Azure virtual network.
Azure Game Developer Virtual Machine Scale Set

Deploy to Azure
Azure Game Developer Virtual Machine Scale Set includes Licencsed Engines like Unreal.
Azure Machine Learning end-to-end secure setup

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy)

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Create a cross-region load balancer

Deploy to Azure
This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region.
Create a Route Server in a New Subnet

Deploy to Azure
This template deploys a Route Server into a subnet named RouteServerSubnet.
Create a standard internal load balancer

Deploy to Azure
This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80
Create a standard load-balancer

Deploy to Azure
This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone.
Create AKS with Prometheus and Grafana with privae link

Deploy to Azure
This will create an Azure grafana, AKS and install Prometheus, an open-source monitoring and alerting toolkit, on an Azure Kubernetes Service (AKS) cluster. Then you use Azure Managed Grafana's managed private endpoint to connect to this Prometheus server and display the Prometheus data in a Grafana dashboard
Create an AppServicePlan and App in an ASEv3

Deploy to Azure
Create an AppServicePlan and App in an ASEv3
Create an Azure Firewall with multiple IP public addresses

Deploy to Azure
This template creates an Azure Firewall with two public IP addresses and two Windows Server 2019 servers to test.
Create an Azure Machine Learning service workspace (legacy)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Machine Learning service workspace (vnet)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Payment HSM

Deploy to Azure
This template creates an Azure Payment HSM, to provide cryptographic key operations for real-time, critical payment transactions in the Azure cloud.
Create new ANF resource with SMB volume

Deploy to Azure
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol.
Create sandbox of Azure Firewall, client VM, and server VM

Deploy to Azure
This template creates a virtual network with 2 subnets (server subnet and AzureFirewall subnet), A server VM, a client VM, a public IP address for each VM, and a route table to send traffic between VMs through the firewall.
Creates a Cross-tenant Private Endpoint resource

Deploy to Azure
This template allows you to create Priavate Endpoint resource within the same or cross-tenant environment and add dns zone configuration.
Creates AVD with Microsoft Entra ID Join

Deploy to Azure
This template allows you to create Azure Virtual Desktop resources such as host pool, application group, workspace, a test session host and its extensions with Microsoft Entra ID join
Deploy a Hub and Spoke topology sandbox

Deploy to Azure
This template creates a basic hub-and-spoke topology setup. It creates a Hub VNet with subnets DMZ, Management, Shared and Gateway (optionally), with two Spoke VNets (development and production) containing a workload subnet each. It also deploys a Windows Jump-Host on the Management subnet of the HUB, and establishes VNet peerings between the Hub and the two spokes.
Deploy a simple Windows VM with tags

Deploy to Azure
This template will deploy a D2_v3 Windows VM, NIC, Storage Account, Virtual Network, Public IP Address, and Network Security Group. The tag object is created in the variables and will be applied on all resources, where applicable.
Deploy Azure Database for MySQL with VNet

Deploy to Azure
This template provides a way to deploy an Azure database for MySQL with VNet integration.
Deploy Azure Database for PostgreSQL (flexible) with VNet

Deploy to Azure
This template provides a way to deploy a Flexible server Azure database for PostgreSQL with VNet integration.
Deploy Azure Database for PostgreSQL with VNet

Deploy to Azure
This template provides a way to deploy an Azure database for PostgreSQL with VNet integration.
Deploy Azure Database Migration Service (DMS)

Deploy to Azure
Azure Database Migration Service is a fully managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime (online migrations).
Deploy Darktrace Autoscaling vSensors

Deploy to Azure
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors
Deploy MySQL Flexible Server with Private Endpoint

Deploy to Azure
This template provides a way to deploy a Azure Database for MySQL Flexible Server with Private Endpoint.
Deploy MySQL Flexible Server with Vnet Integration

Deploy to Azure
This template provides a way to deploy a Azure database for MySQL Flexible Server with VNet Integration.
eShop Website with ILB ASE

Deploy to Azure
An App Service Environment is a Premium service plan option of Azure App Service that provides a fully isolated and dedicated environment for securely running Azure App Service apps at high scale, including Web Apps, Mobile Apps, and API Apps.
GitLab Omnibus

Deploy to Azure
This template simplifies the deployment of GitLab Omnibus on a Virtual Machine with a public DNS, leveraging the public IP's DNS. It utilizes the Standard_F8s_v2 instance size, which aligns with reference architecture and supports up to 1000 users (20 RPS). The instance is pre-configured to use HTTPS with a Let's Encrypt certificate for secure connections.
GPU Vm with OBS-Studio, Skype, MS-Teams for event streaming

Deploy to Azure
This template creates a GPU Vm with OBS-Studio, Skype, MS-Teams for event streaming. It creates the VM in a new vnet, storage account, nic, and public ip with the new compute stack. All installation process based on Chocolately package manager
JMeter environment for Elasticsearch

Deploy to Azure
This template will deploy a JMeter environment into an existing virtual network. One master node and multiple subordinate nodes are deployed into a new jmeter subnet. This template works in conjunction with the Elasticsearch quickstart template.
Multi-client VNS3 network appliance

Deploy to Azure
VNS3 is a software only virtual appliance that provides the combined features and functions of a Security Appliance, Application Delivery Controller and Unified Threat Management device at the cloud application edge. Key benefits, On top of cloud networking, Always on end to end encryption, Federate data centres, cloud regions, cloud providers, and/or containers, creating one unified address space, Attestable control over encryption keys, Meshed network manageable at scale, Reliable HA in the Cloud, Isolate sensitive applications (fast low cost Network Segmentation), Segmentation within applications, Analysis of all data in motion in the cloud. Key network functions; virtual router, switch, firewall, vpn concentrator, multicast distributor, with plugins for WAF, NIDS, Caching, Proxy Load Balancers and other Layer 4 thru 7 network functions, VNS3 doesn't require new knowledge or training to implement, so you can integrate with existing network equipment.
Private Endpoint example

Deploy to Azure
This template shows how to create a private endpoint pointing to Azure SQL Server
Secured virtual hubs

Deploy to Azure
This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet.
SharePoint Subscription / 2019 / 2016 fully configured

Deploy to Azure
Create a DC, a SQL Server 2022, and from 1 to 5 server(s) hosting a SharePoint Subscription / 2019 / 2016 farm with an extensive configuration, including trusted authentication, user profiles with personal sites, an OAuth trust (using a certificate), a dedicated IIS site for hosting high-trust add-ins, etc... The latest version of key softwares (including Fiddler, vscode, np++, 7zip, ULS Viewer) is installed. SharePoint machines have additional fine-tuning to make them immediately usable (remote administration tools, custom policies for Edge and Chrome, shortcuts, etc...).
Standard Load Balancer with Backend Pool by IP Addresses

Deploy to Azure
This template is used to demonstrate how ARM Templates can be used to configure the Backend Pool of a Load Balancer by IP Address as outlined in the Backend Pool management document.
Virtual Network NAT with VM

Deploy to Azure
Deploy a NAT gateway and virtual machine
VNS3 network appliance for cloud connectivity and security

Deploy to Azure
VNS3 is a software only virtual appliance that provides the combined features and functions of a security appliance, application delivery controller and unified threat management device at the cloud application edge. Key benefits, on top of cloud networking, always on end to end encryption, federate data centres, cloud regions, cloud providers, and/or containers, creating one unified address space, attestable control over encryption keys, meshed network manageable at scale, reliable HA in the cloud, isolate sensitive applications (fast low cost Network Segmentation), segmentation within applications, Analysis of all data in motion in the cloud. Key network functions; virtual router, switch, firewall, vpn concentrator, multicast distributor, with plugins for WAF, NIDS, caching, proxy, load balancers and other layer 4 thru 7 network functions, VNS3 doesn't require new knowledge or training to implement, so you can integrate with existing network equipment.
Web App with Private Endpoint

Deploy to Azure
This template allows you to create a Web App and expose it through Private Endpoint

Terraform (AzAPI provider) resource definition

The virtualNetworks/subnets resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualNetworks/subnets resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/virtualNetworks/subnets@2016-03-30"
  name = "string"
  etag = "string"
  body = jsonencode({
    properties = {
      addressPrefix = "string"
      ipConfigurations = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            privateIPAddress = "string"
            privateIPAllocationMethod = "string"
            provisioningState = "string"
            publicIPAddress = {
              etag = "string"
              id = "string"
              location = "string"
              properties = {
                dnsSettings = {
                  domainNameLabel = "string"
                  fqdn = "string"
                  reverseFqdn = "string"
                }
                idleTimeoutInMinutes = int
                ipAddress = "string"
                ipConfiguration = ...
                provisioningState = "string"
                publicIPAddressVersion = "string"
                publicIPAllocationMethod = "string"
                resourceGuid = "string"
              }
              tags = {
                {customized property} = "string"
              }
            }
            subnet = {
              etag = "string"
              id = "string"
              name = "string"
              properties = ...
            }
          }
        }
      ]
      networkSecurityGroup = {
        etag = "string"
        id = "string"
        location = "string"
        properties = {
          defaultSecurityRules = [
            {
              etag = "string"
              id = "string"
              name = "string"
              properties = {
                access = "string"
                description = "string"
                destinationAddressPrefix = "string"
                destinationPortRange = "string"
                direction = "string"
                priority = int
                protocol = "string"
                provisioningState = "string"
                sourceAddressPrefix = "string"
                sourcePortRange = "string"
              }
            }
          ]
          networkInterfaces = [
            {
              etag = "string"
              id = "string"
              location = "string"
              properties = {
                dnsSettings = {
                  appliedDnsServers = [
                    "string"
                  ]
                  dnsServers = [
                    "string"
                  ]
                  internalDnsNameLabel = "string"
                  internalDomainNameSuffix = "string"
                  internalFqdn = "string"
                }
                enableIPForwarding = bool
                ipConfigurations = [
                  {
                    etag = "string"
                    id = "string"
                    name = "string"
                    properties = {
                      applicationGatewayBackendAddressPools = [
                        {
                          etag = "string"
                          id = "string"
                          name = "string"
                          properties = {
                            backendAddresses = [
                              {
                                fqdn = "string"
                                ipAddress = "string"
                              }
                            ]
                            backendIPConfigurations = [
                              ...
                            ]
                            provisioningState = "string"
                          }
                        }
                      ]
                      loadBalancerBackendAddressPools = [
                        {
                          etag = "string"
                          id = "string"
                          name = "string"
                          properties = {
                            backendIPConfigurations = [
                              ...
                            ]
                            loadBalancingRules = [
                              {
                                id = "string"
                              }
                            ]
                            outboundNatRule = {
                              id = "string"
                            }
                            provisioningState = "string"
                          }
                        }
                      ]
                      loadBalancerInboundNatRules = [
                        {
                          etag = "string"
                          id = "string"
                          name = "string"
                          properties = {
                            backendIPConfiguration = ...
                            backendPort = int
                            enableFloatingIP = bool
                            frontendIPConfiguration = {
                              id = "string"
                            }
                            frontendPort = int
                            idleTimeoutInMinutes = int
                            protocol = "string"
                            provisioningState = "string"
                          }
                        }
                      ]
                      primary = bool
                      privateIPAddress = "string"
                      privateIPAddressVersion = "string"
                      privateIPAllocationMethod = "string"
                      provisioningState = "string"
                      publicIPAddress = {
                        etag = "string"
                        id = "string"
                        location = "string"
                        properties = {
                          dnsSettings = {
                            domainNameLabel = "string"
                            fqdn = "string"
                            reverseFqdn = "string"
                          }
                          idleTimeoutInMinutes = int
                          ipAddress = "string"
                          ipConfiguration = {
                            etag = "string"
                            id = "string"
                            name = "string"
                            properties = {
                              privateIPAddress = "string"
                              privateIPAllocationMethod = "string"
                              provisioningState = "string"
                              publicIPAddress = ...
                              subnet = {
                                etag = "string"
                                id = "string"
                                name = "string"
                                properties = ...
                              }
                            }
                          }
                          provisioningState = "string"
                          publicIPAddressVersion = "string"
                          publicIPAllocationMethod = "string"
                          resourceGuid = "string"
                        }
                        tags = {
                          {customized property} = "string"
                        }
                      }
                      subnet = {
                        etag = "string"
                        id = "string"
                        name = "string"
                        properties = ...
                      }
                    }
                  }
                ]
                macAddress = "string"
                networkSecurityGroup = ...
                primary = bool
                provisioningState = "string"
                resourceGuid = "string"
                virtualMachine = {
                  id = "string"
                }
              }
              tags = {
                {customized property} = "string"
              }
            }
          ]
          provisioningState = "string"
          resourceGuid = "string"
          securityRules = [
            {
              etag = "string"
              id = "string"
              name = "string"
              properties = {
                access = "string"
                description = "string"
                destinationAddressPrefix = "string"
                destinationPortRange = "string"
                direction = "string"
                priority = int
                protocol = "string"
                provisioningState = "string"
                sourceAddressPrefix = "string"
                sourcePortRange = "string"
              }
            }
          ]
          subnets = [
            {
              etag = "string"
              id = "string"
              name = "string"
              properties = ...
            }
          ]
        }
        tags = {
          {customized property} = "string"
        }
      }
      provisioningState = "string"
      routeTable = {
        etag = "string"
        id = "string"
        location = "string"
        properties = {
          provisioningState = "string"
          routes = [
            {
              etag = "string"
              id = "string"
              name = "string"
              properties = {
                addressPrefix = "string"
                nextHopIpAddress = "string"
                nextHopType = "string"
                provisioningState = "string"
              }
            }
          ]
          subnets = [
            {
              etag = "string"
              id = "string"
              name = "string"
              properties = ...
            }
          ]
        }
        tags = {
          {customized property} = "string"
        }
      }
    }
  })
}

Property values

ApplicationGatewayBackendAddress

Name Description Value
fqdn Gets or sets the dns name string
ipAddress Gets or sets the ip address string

ApplicationGatewayBackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of Backend Address Pool of application gateway ApplicationGatewayBackendAddressPoolPropertiesFormat

ApplicationGatewayBackendAddressPoolPropertiesFormat

Name Description Value
backendAddresses Gets or sets the backend addresses ApplicationGatewayBackendAddress[]
backendIPConfigurations Gets collection of references to IPs defined in NICs NetworkInterfaceIPConfiguration[]
provisioningState Gets or sets Provisioning state of the backend address pool resource Updating/Deleting/Failed string

BackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of BackendAddressPool BackendAddressPoolPropertiesFormat

BackendAddressPoolPropertiesFormat

Name Description Value
backendIPConfigurations Gets collection of references to IPs defined in NICs NetworkInterfaceIPConfiguration[]
loadBalancingRules Gets Load Balancing rules that use this Backend Address Pool SubResource[]
outboundNatRule Gets outbound rules that use this Backend Address Pool SubResource
provisioningState Provisioning state of the PublicIP resource Updating/Deleting/Failed string

InboundNatRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of Inbound NAT rule InboundNatRulePropertiesFormat

InboundNatRulePropertiesFormat

Name Description Value
backendIPConfiguration Gets or sets a reference to a private ip address defined on a NetworkInterface of a VM. Traffic sent to frontendPort of each of the frontendIPConfigurations is forwarded to the backed IP NetworkInterfaceIPConfiguration
backendPort Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API int
enableFloatingIP Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn availability Group. This setting is required when using the SQL Always ON availability Groups in SQL server. This setting can't be changed after you create the endpoint bool
frontendIPConfiguration Gets or sets a reference to frontend IP Addresses SubResource
frontendPort Gets or sets the port for the external endpoint. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive int
idleTimeoutInMinutes Gets or sets the timeout for the Tcp idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to Tcp int
protocol Gets or sets the transport protocol for the external endpoint. Possible values are Udp or Tcp 'Tcp'
'Udp'
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string

IPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of IPConfiguration IPConfigurationPropertiesFormat

IPConfigurationPropertiesFormat

Name Description Value
privateIPAddress Gets or sets the privateIPAddress of the IP Configuration string
privateIPAllocationMethod Gets or sets PrivateIP allocation method (Static/Dynamic) 'Dynamic'
'Static'
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
publicIPAddress Gets or sets the reference of the PublicIP resource PublicIPAddress
subnet Gets or sets the reference of the subnet resource Subnet

Microsoft.Network/virtualNetworks/subnets

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: virtualNetworks
properties SubnetPropertiesFormat
type The resource type "Microsoft.Network/virtualNetworks/subnets@2016-03-30"

NetworkInterface

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated string
id Resource Id string
location Resource location string
properties NetworkInterface properties. NetworkInterfacePropertiesFormat
tags Resource tags ResourceTags

NetworkInterfaceDnsSettings

Name Description Value
appliedDnsServers Gets or sets list of Applied DNS servers IP addresses string[]
dnsServers Gets or sets list of DNS servers IP addresses string[]
internalDnsNameLabel Gets or sets the Internal DNS name string
internalDomainNameSuffix Gets or sets internal domain name suffix of the NIC. string
internalFqdn Gets or sets the internal FQDN. string

NetworkInterfaceIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Properties of IPConfiguration NetworkInterfaceIPConfigurationPropertiesFormat

NetworkInterfaceIPConfigurationPropertiesFormat

Name Description Value
applicationGatewayBackendAddressPools Gets or sets the reference of ApplicationGatewayBackendAddressPool resource ApplicationGatewayBackendAddressPool[]
loadBalancerBackendAddressPools Gets or sets the reference of LoadBalancerBackendAddressPool resource BackendAddressPool[]
loadBalancerInboundNatRules Gets or sets list of references of LoadBalancerInboundNatRules InboundNatRule[]
primary Gets whether this is a primary customer address on the NIC bool
privateIPAddress string
privateIPAddressVersion Gets or sets PrivateIP address version (IPv4/IPv6) 'IPv4'
'IPv6'
privateIPAllocationMethod Gets or sets PrivateIP allocation method (Static/Dynamic) 'Dynamic'
'Static'
provisioningState string
publicIPAddress PublicIPAddress resource PublicIPAddress
subnet Subnet in a VirtualNetwork resource Subnet

NetworkInterfacePropertiesFormat

Name Description Value
dnsSettings Gets or sets DNS Settings in NetworkInterface NetworkInterfaceDnsSettings
enableIPForwarding Gets or sets whether IPForwarding is enabled on the NIC bool
ipConfigurations Gets or sets list of IPConfigurations of the NetworkInterface NetworkInterfaceIPConfiguration[]
macAddress Gets the MAC Address of the network interface string
networkSecurityGroup Gets or sets the reference of the NetworkSecurityGroup resource NetworkSecurityGroup
primary Gets whether this is a primary NIC on a virtual machine bool
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
resourceGuid Gets or sets resource GUID property of the network interface resource string
virtualMachine Gets or sets the reference of a VirtualMachine SubResource

NetworkSecurityGroup

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated string
id Resource Id string
location Resource location string
properties Network Security Group resource NetworkSecurityGroupPropertiesFormat
tags Resource tags ResourceTags

NetworkSecurityGroupPropertiesFormat

Name Description Value
defaultSecurityRules Gets or sets Default security rules of network security group SecurityRule[]
networkInterfaces Gets collection of references to Network Interfaces NetworkInterface[]
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
resourceGuid Gets or sets resource GUID property of the network security group resource string
securityRules Gets or sets Security rules of network security group SecurityRule[]
subnets Gets collection of references to subnets Subnet[]

PublicIPAddress

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated string
id Resource Id string
location Resource location string
properties PublicIpAddress properties PublicIPAddressPropertiesFormat
tags Resource tags ResourceTags

PublicIPAddressDnsSettings

Name Description Value
domainNameLabel Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. string
fqdn Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. string
reverseFqdn Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. string

PublicIPAddressPropertiesFormat

Name Description Value
dnsSettings Gets or sets FQDN of the DNS record associated with the public IP address PublicIPAddressDnsSettings
idleTimeoutInMinutes Gets or sets the idle timeout of the public IP address int
ipAddress string
ipConfiguration IPConfiguration IPConfiguration
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
publicIPAddressVersion Gets or sets PublicIP address version (IPv4/IPv6) 'IPv4'
'IPv6'
publicIPAllocationMethod Gets or sets PublicIP allocation method (Static/Dynamic) 'Dynamic'
'Static'
resourceGuid Gets or sets resource GUID property of the PublicIP resource string

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

Route

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties Route resource RoutePropertiesFormat

RoutePropertiesFormat

Name Description Value
addressPrefix Gets or sets the destination CIDR to which the route applies. string
nextHopIpAddress Gets or sets the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType Gets or sets the type of Azure hop the packet should be sent to. 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)
provisioningState Gets or sets Provisioning state of the resource Updating/Deleting/Failed string

RouteTable

Name Description Value
etag Gets a unique read-only string that changes whenever the resource is updated string
id Resource Id string
location Resource location string
properties Route Table resource RouteTablePropertiesFormat
tags Resource tags ResourceTags

RouteTablePropertiesFormat

Name Description Value
provisioningState Gets or sets Provisioning state of the resource Updating/Deleting/Failed string
routes Gets or sets Routes in a Route Table Route[]
subnets Gets collection of references to subnets Subnet[]

SecurityRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access Gets or sets network traffic is allowed or denied. Possible values are 'Allow' and 'Deny' 'Allow'
'Deny' (required)
description Gets or sets a description for this rule. Restricted to 140 chars. string
destinationAddressPrefix Gets or sets destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string (required)
destinationPortRange Gets or sets Destination Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
direction Gets or sets the direction of the rule.InBound or Outbound. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority Gets or sets the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Gets or sets Network protocol this rule applies to. Can be Tcp, Udp or All(*). '*'
'Tcp'
'Udp' (required)
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
sourceAddressPrefix Gets or sets source address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string (required)
sourcePortRange Gets or sets Source Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string

Subnet

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
id Resource Id string
name Gets name of the resource that is unique within a resource group. This name can be used to access the resource string
properties SubnetPropertiesFormat

SubnetPropertiesFormat

Name Description Value
addressPrefix Gets or sets Address prefix for the subnet. string
ipConfigurations Gets array of references to the network interface IP configurations using subnet IPConfiguration[]
networkSecurityGroup Gets or sets the reference of the NetworkSecurityGroup resource NetworkSecurityGroup
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
routeTable Gets or sets the reference of the RouteTable resource RouteTable

SubResource

Name Description Value
id Resource Id string