Microsoft.Network virtualNetworks

Bicep resource definition

The virtualNetworks resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Remarks

For guidance on creating virtual networks and subnets, see Create virtual network resources by using Bicep.

Resource format

To create a Microsoft.Network/virtualNetworks resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/virtualNetworks@2023-11-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  extendedLocation: {
    name: 'string'
    type: 'EdgeZone'
  }
  properties: {
    addressSpace: {
      addressPrefixes: [
        'string'
      ]
    }
    bgpCommunities: {
      virtualNetworkCommunity: 'string'
    }
    ddosProtectionPlan: {
      id: 'string'
    }
    dhcpOptions: {
      dnsServers: [
        'string'
      ]
    }
    enableDdosProtection: bool
    enableVmProtection: bool
    encryption: {
      enabled: bool
      enforcement: 'string'
    }
    flowTimeoutInMinutes: int
    ipAllocations: [
      {
        id: 'string'
      }
    ]
    subnets: [
      {
        id: 'string'
        name: 'string'
        properties: {
          addressPrefix: 'string'
          addressPrefixes: [
            'string'
          ]
          applicationGatewayIPConfigurations: [
            {
              id: 'string'
              name: 'string'
              properties: {
                subnet: {
                  id: 'string'
                }
              }
            }
          ]
          defaultOutboundAccess: bool
          delegations: [
            {
              id: 'string'
              name: 'string'
              properties: {
                serviceName: 'string'
              }
              type: 'string'
            }
          ]
          ipAllocations: [
            {
              id: 'string'
            }
          ]
          natGateway: {
            id: 'string'
          }
          networkSecurityGroup: {
            id: 'string'
            location: 'string'
            properties: {
              flushConnection: bool
              securityRules: [
                {
                  id: 'string'
                  name: 'string'
                  properties: {
                    access: 'string'
                    description: 'string'
                    destinationAddressPrefix: 'string'
                    destinationAddressPrefixes: [
                      'string'
                    ]
                    destinationApplicationSecurityGroups: [
                      {
                        id: 'string'
                        location: 'string'
                        properties: {}
                        tags: {}
                      }
                    ]
                    destinationPortRange: 'string'
                    destinationPortRanges: [
                      'string'
                    ]
                    direction: 'string'
                    priority: int
                    protocol: 'string'
                    sourceAddressPrefix: 'string'
                    sourceAddressPrefixes: [
                      'string'
                    ]
                    sourceApplicationSecurityGroups: [
                      {
                        id: 'string'
                        location: 'string'
                        properties: {}
                        tags: {}
                      }
                    ]
                    sourcePortRange: 'string'
                    sourcePortRanges: [
                      'string'
                    ]
                  }
                  type: 'string'
                }
              ]
            }
            tags: {}
          }
          privateEndpointNetworkPolicies: 'string'
          privateLinkServiceNetworkPolicies: 'string'
          routeTable: {
            id: 'string'
            location: 'string'
            properties: {
              disableBgpRoutePropagation: bool
              routes: [
                {
                  id: 'string'
                  name: 'string'
                  properties: {
                    addressPrefix: 'string'
                    hasBgpOverride: bool
                    nextHopIpAddress: 'string'
                    nextHopType: 'string'
                  }
                  type: 'string'
                }
              ]
            }
            tags: {}
          }
          serviceEndpointPolicies: [
            {
              id: 'string'
              location: 'string'
              properties: {
                contextualServiceEndpointPolicies: [
                  'string'
                ]
                serviceAlias: 'string'
                serviceEndpointPolicyDefinitions: [
                  {
                    id: 'string'
                    name: 'string'
                    properties: {
                      description: 'string'
                      service: 'string'
                      serviceResources: [
                        'string'
                      ]
                    }
                    type: 'string'
                  }
                ]
              }
              tags: {}
            }
          ]
          serviceEndpoints: [
            {
              locations: [
                'string'
              ]
              service: 'string'
            }
          ]
          sharingScope: 'string'
        }
        type: 'string'
      }
    ]
    virtualNetworkPeerings: [
      {
        id: 'string'
        name: 'string'
        properties: {
          allowForwardedTraffic: bool
          allowGatewayTransit: bool
          allowVirtualNetworkAccess: bool
          doNotVerifyRemoteGateways: bool
          enableOnlyIPv6Peering: bool
          localAddressSpace: {
            addressPrefixes: [
              'string'
            ]
          }
          localSubnetNames: [
            'string'
          ]
          localVirtualNetworkAddressSpace: {
            addressPrefixes: [
              'string'
            ]
          }
          peerCompleteVnets: bool
          peeringState: 'string'
          peeringSyncLevel: 'string'
          remoteAddressSpace: {
            addressPrefixes: [
              'string'
            ]
          }
          remoteBgpCommunities: {
            virtualNetworkCommunity: 'string'
          }
          remoteSubnetNames: [
            'string'
          ]
          remoteVirtualNetwork: {
            id: 'string'
          }
          remoteVirtualNetworkAddressSpace: {
            addressPrefixes: [
              'string'
            ]
          }
          useRemoteGateways: bool
        }
        type: 'string'
      }
    ]
  }
}

Property values

virtualNetworks

Name Description Value
name The resource name string (required)

Character limit: 2-64

Valid characters:
Alphanumerics, underscores, periods, and hyphens.

Start with alphanumeric. End alphanumeric or underscore.
location Resource location. string
tags Resource tags. Dictionary of tag names and values. See Tags in templates
extendedLocation The extended location of the virtual network. ExtendedLocation
properties Properties of the virtual network. VirtualNetworkPropertiesFormat

ExtendedLocation

Name Description Value
name The name of the extended location. string
type The type of the extended location. 'EdgeZone'

VirtualNetworkPropertiesFormat

Name Description Value
addressSpace The AddressSpace that contains an array of IP address ranges that can be used by subnets. AddressSpace
bgpCommunities Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. VirtualNetworkBgpCommunities
ddosProtectionPlan The DDoS protection plan associated with the virtual network. SubResource
dhcpOptions The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network. DhcpOptions
enableDdosProtection Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It requires a DDoS protection plan associated with the resource. bool
enableVmProtection Indicates if VM protection is enabled for all the subnets in the virtual network. bool
encryption Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. VirtualNetworkEncryption
flowTimeoutInMinutes The FlowTimeout value (in minutes) for the Virtual Network int
ipAllocations Array of IpAllocation which reference this VNET. SubResource[]
subnets A list of subnets in a Virtual Network. Subnet[]
virtualNetworkPeerings A list of peerings in a Virtual Network. VirtualNetworkPeering[]

AddressSpace

Name Description Value
addressPrefixes A list of address blocks reserved for this virtual network in CIDR notation. string[]

VirtualNetworkBgpCommunities

Name Description Value
virtualNetworkCommunity The BGP community associated with the virtual network. string (required)

SubResource

Name Description Value
id Resource ID. string

DhcpOptions

Name Description Value
dnsServers The list of DNS servers IP addresses. string[]

VirtualNetworkEncryption

Name Description Value
enabled Indicates if encryption is enabled on the virtual network. bool (required)
enforcement If the encrypted VNet allows VM that does not support encryption 'AllowUnencrypted'
'DropUnencrypted'

Subnet

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the subnet. SubnetPropertiesFormat
type Resource type. string

SubnetPropertiesFormat

Name Description Value
addressPrefix The address prefix for the subnet. string
addressPrefixes List of address prefixes for the subnet. string[]
applicationGatewayIPConfigurations Application gateway IP configurations of virtual network resource. ApplicationGatewayIPConfiguration[]
defaultOutboundAccess Set this property to false to disable default outbound connectivity for all VMs in the subnet. This property can only be set at the time of subnet creation and cannot be updated for an existing subnet. bool
delegations An array of references to the delegations on the subnet. Delegation[]
ipAllocations Array of IpAllocation which reference this subnet. SubResource[]
natGateway Nat gateway associated with this subnet. SubResource
networkSecurityGroup The reference to the NetworkSecurityGroup resource. NetworkSecurityGroup
privateEndpointNetworkPolicies Enable or Disable apply network policies on private end point in the subnet. 'Disabled'
'Enabled'
'NetworkSecurityGroupEnabled'
'RouteTableEnabled'
privateLinkServiceNetworkPolicies Enable or Disable apply network policies on private link service in the subnet. 'Disabled'
'Enabled'
routeTable The reference to the RouteTable resource. RouteTable
serviceEndpointPolicies An array of service endpoint policies. ServiceEndpointPolicy[]
serviceEndpoints An array of service endpoints. ServiceEndpointPropertiesFormat[]
sharingScope Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. 'DelegatedServices'
'Tenant'

ApplicationGatewayIPConfiguration

Name Description Value
id Resource ID. string
name Name of the IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway IP configuration. ApplicationGatewayIPConfigurationPropertiesFormat

ApplicationGatewayIPConfigurationPropertiesFormat

Name Description Value
subnet Reference to the subnet resource. A subnet from where application gateway gets its private address. SubResource

Delegation

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a subnet. This name can be used to access the resource. string
properties Properties of the subnet. ServiceDelegationPropertiesFormat
type Resource type. string

ServiceDelegationPropertiesFormat

Name Description Value
serviceName The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). string

NetworkSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the network security group. NetworkSecurityGroupPropertiesFormat
tags Resource tags. object

NetworkSecurityGroupPropertiesFormat

Name Description Value
flushConnection When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. bool
securityRules A collection of security rules of the network security group. SecurityRule[]

SecurityRule

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the security rule. SecurityRulePropertiesFormat
type The type of the resource. string

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationApplicationSecurityGroups The application security group specified as destination. ApplicationSecurityGroup[]
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int (required)
protocol Network protocol this rule applies to. '*'
'Ah'
'Esp'
'Icmp'
'Tcp'
'Udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourceApplicationSecurityGroups The application security group specified as source. ApplicationSecurityGroup[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]

ApplicationSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the application security group. ApplicationSecurityGroupPropertiesFormat
tags Resource tags. object

ApplicationSecurityGroupPropertiesFormat

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

RouteTable

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the route table. RouteTablePropertiesFormat
tags Resource tags. object

RouteTablePropertiesFormat

Name Description Value
disableBgpRoutePropagation Whether to disable the routes learned by BGP on that route table. True means disable. bool
routes Collection of routes contained within a route table. Route[]

Route

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the route. RoutePropertiesFormat
type The type of the resource. string

RoutePropertiesFormat

Name Description Value
addressPrefix The destination CIDR to which the route applies. string
hasBgpOverride A value indicating whether this route overrides overlapping BGP routes regardless of LPM. bool
nextHopIpAddress The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType The type of Azure hop the packet should be sent to. 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)

ServiceEndpointPolicy

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the service end point policy. ServiceEndpointPolicyPropertiesFormat
tags Resource tags. object

ServiceEndpointPolicyPropertiesFormat

Name Description Value
contextualServiceEndpointPolicies A collection of contextual service endpoint policy. string[]
serviceAlias The alias indicating if the policy belongs to a service string
serviceEndpointPolicyDefinitions A collection of service endpoint policy definitions of the service endpoint policy. ServiceEndpointPolicyDefinition[]

ServiceEndpointPolicyDefinition

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the service endpoint policy definition. ServiceEndpointPolicyDefinitionPropertiesFormat
type The type of the resource. string

ServiceEndpointPolicyDefinitionPropertiesFormat

Name Description Value
description A description for this rule. Restricted to 140 chars. string
service Service endpoint name. string
serviceResources A list of service resources. string[]

ServiceEndpointPropertiesFormat

Name Description Value
locations A list of locations. string[]
service The type of the endpoint service. string

VirtualNetworkPeering

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the virtual network peering. VirtualNetworkPeeringPropertiesFormat
type Resource type. string

VirtualNetworkPeeringPropertiesFormat

Name Description Value
allowForwardedTraffic Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. bool
allowGatewayTransit If gateway links can be used in remote virtual networking to link to this virtual network. bool
allowVirtualNetworkAccess Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. bool
doNotVerifyRemoteGateways If we need to verify the provisioning state of the remote gateway. bool
enableOnlyIPv6Peering Whether only Ipv6 address space is peered for subnet peering. bool
localAddressSpace The local address space of the local virtual network that is peered. AddressSpace
localSubnetNames List of local subnet names that are subnet peered with remote virtual network. string[]
localVirtualNetworkAddressSpace The current local address space of the local virtual network that is peered. AddressSpace
peerCompleteVnets Whether complete virtual network address space is peered. bool
peeringState The status of the virtual network peering. 'Connected'
'Disconnected'
'Initiated'
peeringSyncLevel The peering sync status of the virtual network peering. 'FullyInSync'
'LocalAndRemoteNotInSync'
'LocalNotInSync'
'RemoteNotInSync'
remoteAddressSpace The reference to the address space peered with the remote virtual network. AddressSpace
remoteBgpCommunities The reference to the remote virtual network's Bgp Communities. VirtualNetworkBgpCommunities
remoteSubnetNames List of remote subnet names from remote virtual network that are subnet peered. string[]
remoteVirtualNetwork The reference to the remote virtual network. The remote virtual network can be in the same or different region (preview). See here to register for the preview and learn more (/azure/virtual-network/virtual-network-create-peering). SubResource
remoteVirtualNetworkAddressSpace The reference to the current address space of the remote virtual network. AddressSpace
useRemoteGateways If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. bool

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
201-vnet-2subnets-service-endpoints-storage-integration

Deploy to Azure
Creates 2 new VMs with a NIC each, in two different subnets within the same VNet. Sets service endpoint on one of the subnets and secures storage account to that subnet.
Virtual Network with diagnostic logs

Deploy to Azure
This template creates a Virtual Network with diagnostic logs and allows optional features to be added to each subnet
Create a VNET to VNET connection across two regions

Deploy to Azure
This template allows you to connect two VNETs in different regions using Virtual Network Gateways
Create a BGP VNET to VNET connection

Deploy to Azure
This template allows you to connect two VNETs using Virtual Network Gateways and BGP
Create a vNet to vNet connection using vNet Peering

Deploy to Azure
This template allows you to connect two vNets using vNet Peering
Create three vNets to demonstrate transitive BGP connections

Deploy to Azure
This template deploys three vNets connected using Virtual Network Gateways and BGP-enabled connections
Create a Virtual Network with two Subnets

Deploy to Azure
This template allows you to create a Virtual Network with two subnets.

ARM template resource definition

The virtualNetworks resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Remarks

For guidance on creating virtual networks and subnets, see Create virtual network resources by using Bicep.

Resource format

To create a Microsoft.Network/virtualNetworks resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/virtualNetworks",
  "apiVersion": "2023-11-01",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "extendedLocation": {
    "name": "string",
    "type": "EdgeZone"
  },
  "properties": {
    "addressSpace": {
      "addressPrefixes": [ "string" ]
    },
    "bgpCommunities": {
      "virtualNetworkCommunity": "string"
    },
    "ddosProtectionPlan": {
      "id": "string"
    },
    "dhcpOptions": {
      "dnsServers": [ "string" ]
    },
    "enableDdosProtection": "bool",
    "enableVmProtection": "bool",
    "encryption": {
      "enabled": "bool",
      "enforcement": "string"
    },
    "flowTimeoutInMinutes": "int",
    "ipAllocations": [
      {
        "id": "string"
      }
    ],
    "subnets": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "addressPrefix": "string",
          "addressPrefixes": [ "string" ],
          "applicationGatewayIPConfigurations": [
            {
              "id": "string",
              "name": "string",
              "properties": {
                "subnet": {
                  "id": "string"
                }
              }
            }
          ],
          "defaultOutboundAccess": "bool",
          "delegations": [
            {
              "id": "string",
              "name": "string",
              "properties": {
                "serviceName": "string"
              },
              "type": "string"
            }
          ],
          "ipAllocations": [
            {
              "id": "string"
            }
          ],
          "natGateway": {
            "id": "string"
          },
          "networkSecurityGroup": {
            "id": "string",
            "location": "string",
            "properties": {
              "flushConnection": "bool",
              "securityRules": [
                {
                  "id": "string",
                  "name": "string",
                  "properties": {
                    "access": "string",
                    "description": "string",
                    "destinationAddressPrefix": "string",
                    "destinationAddressPrefixes": [ "string" ],
                    "destinationApplicationSecurityGroups": [
                      {
                        "id": "string",
                        "location": "string",
                        "properties": {},
                        "tags": {}
                      }
                    ],
                    "destinationPortRange": "string",
                    "destinationPortRanges": [ "string" ],
                    "direction": "string",
                    "priority": "int",
                    "protocol": "string",
                    "sourceAddressPrefix": "string",
                    "sourceAddressPrefixes": [ "string" ],
                    "sourceApplicationSecurityGroups": [
                      {
                        "id": "string",
                        "location": "string",
                        "properties": {},
                        "tags": {}
                      }
                    ],
                    "sourcePortRange": "string",
                    "sourcePortRanges": [ "string" ]
                  },
                  "type": "string"
                }
              ]
            },
            "tags": {}
          },
          "privateEndpointNetworkPolicies": "string",
          "privateLinkServiceNetworkPolicies": "string",
          "routeTable": {
            "id": "string",
            "location": "string",
            "properties": {
              "disableBgpRoutePropagation": "bool",
              "routes": [
                {
                  "id": "string",
                  "name": "string",
                  "properties": {
                    "addressPrefix": "string",
                    "hasBgpOverride": "bool",
                    "nextHopIpAddress": "string",
                    "nextHopType": "string"
                  },
                  "type": "string"
                }
              ]
            },
            "tags": {}
          },
          "serviceEndpointPolicies": [
            {
              "id": "string",
              "location": "string",
              "properties": {
                "contextualServiceEndpointPolicies": [ "string" ],
                "serviceAlias": "string",
                "serviceEndpointPolicyDefinitions": [
                  {
                    "id": "string",
                    "name": "string",
                    "properties": {
                      "description": "string",
                      "service": "string",
                      "serviceResources": [ "string" ]
                    },
                    "type": "string"
                  }
                ]
              },
              "tags": {}
            }
          ],
          "serviceEndpoints": [
            {
              "locations": [ "string" ],
              "service": "string"
            }
          ],
          "sharingScope": "string"
        },
        "type": "string"
      }
    ],
    "virtualNetworkPeerings": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "allowForwardedTraffic": "bool",
          "allowGatewayTransit": "bool",
          "allowVirtualNetworkAccess": "bool",
          "doNotVerifyRemoteGateways": "bool",
          "enableOnlyIPv6Peering": "bool",
          "localAddressSpace": {
            "addressPrefixes": [ "string" ]
          },
          "localSubnetNames": [ "string" ],
          "localVirtualNetworkAddressSpace": {
            "addressPrefixes": [ "string" ]
          },
          "peerCompleteVnets": "bool",
          "peeringState": "string",
          "peeringSyncLevel": "string",
          "remoteAddressSpace": {
            "addressPrefixes": [ "string" ]
          },
          "remoteBgpCommunities": {
            "virtualNetworkCommunity": "string"
          },
          "remoteSubnetNames": [ "string" ],
          "remoteVirtualNetwork": {
            "id": "string"
          },
          "remoteVirtualNetworkAddressSpace": {
            "addressPrefixes": [ "string" ]
          },
          "useRemoteGateways": "bool"
        },
        "type": "string"
      }
    ]
  }
}

Property values

virtualNetworks

Name Description Value
type The resource type 'Microsoft.Network/virtualNetworks'
apiVersion The resource api version '2023-11-01'
name The resource name string (required)

Character limit: 2-64

Valid characters:
Alphanumerics, underscores, periods, and hyphens.

Start with alphanumeric. End alphanumeric or underscore.
location Resource location. string
tags Resource tags. Dictionary of tag names and values. See Tags in templates
extendedLocation The extended location of the virtual network. ExtendedLocation
properties Properties of the virtual network. VirtualNetworkPropertiesFormat

ExtendedLocation

Name Description Value
name The name of the extended location. string
type The type of the extended location. 'EdgeZone'

VirtualNetworkPropertiesFormat

Name Description Value
addressSpace The AddressSpace that contains an array of IP address ranges that can be used by subnets. AddressSpace
bgpCommunities Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. VirtualNetworkBgpCommunities
ddosProtectionPlan The DDoS protection plan associated with the virtual network. SubResource
dhcpOptions The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network. DhcpOptions
enableDdosProtection Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It requires a DDoS protection plan associated with the resource. bool
enableVmProtection Indicates if VM protection is enabled for all the subnets in the virtual network. bool
encryption Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. VirtualNetworkEncryption
flowTimeoutInMinutes The FlowTimeout value (in minutes) for the Virtual Network int
ipAllocations Array of IpAllocation which reference this VNET. SubResource[]
subnets A list of subnets in a Virtual Network. Subnet[]
virtualNetworkPeerings A list of peerings in a Virtual Network. VirtualNetworkPeering[]

AddressSpace

Name Description Value
addressPrefixes A list of address blocks reserved for this virtual network in CIDR notation. string[]

VirtualNetworkBgpCommunities

Name Description Value
virtualNetworkCommunity The BGP community associated with the virtual network. string (required)

SubResource

Name Description Value
id Resource ID. string

DhcpOptions

Name Description Value
dnsServers The list of DNS servers IP addresses. string[]

VirtualNetworkEncryption

Name Description Value
enabled Indicates if encryption is enabled on the virtual network. bool (required)
enforcement If the encrypted VNet allows VM that does not support encryption 'AllowUnencrypted'
'DropUnencrypted'

Subnet

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the subnet. SubnetPropertiesFormat
type Resource type. string

SubnetPropertiesFormat

Name Description Value
addressPrefix The address prefix for the subnet. string
addressPrefixes List of address prefixes for the subnet. string[]
applicationGatewayIPConfigurations Application gateway IP configurations of virtual network resource. ApplicationGatewayIPConfiguration[]
defaultOutboundAccess Set this property to false to disable default outbound connectivity for all VMs in the subnet. This property can only be set at the time of subnet creation and cannot be updated for an existing subnet. bool
delegations An array of references to the delegations on the subnet. Delegation[]
ipAllocations Array of IpAllocation which reference this subnet. SubResource[]
natGateway Nat gateway associated with this subnet. SubResource
networkSecurityGroup The reference to the NetworkSecurityGroup resource. NetworkSecurityGroup
privateEndpointNetworkPolicies Enable or Disable apply network policies on private end point in the subnet. 'Disabled'
'Enabled'
'NetworkSecurityGroupEnabled'
'RouteTableEnabled'
privateLinkServiceNetworkPolicies Enable or Disable apply network policies on private link service in the subnet. 'Disabled'
'Enabled'
routeTable The reference to the RouteTable resource. RouteTable
serviceEndpointPolicies An array of service endpoint policies. ServiceEndpointPolicy[]
serviceEndpoints An array of service endpoints. ServiceEndpointPropertiesFormat[]
sharingScope Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. 'DelegatedServices'
'Tenant'

ApplicationGatewayIPConfiguration

Name Description Value
id Resource ID. string
name Name of the IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway IP configuration. ApplicationGatewayIPConfigurationPropertiesFormat

ApplicationGatewayIPConfigurationPropertiesFormat

Name Description Value
subnet Reference to the subnet resource. A subnet from where application gateway gets its private address. SubResource

Delegation

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a subnet. This name can be used to access the resource. string
properties Properties of the subnet. ServiceDelegationPropertiesFormat
type Resource type. string

ServiceDelegationPropertiesFormat

Name Description Value
serviceName The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). string

NetworkSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the network security group. NetworkSecurityGroupPropertiesFormat
tags Resource tags. object

NetworkSecurityGroupPropertiesFormat

Name Description Value
flushConnection When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. bool
securityRules A collection of security rules of the network security group. SecurityRule[]

SecurityRule

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the security rule. SecurityRulePropertiesFormat
type The type of the resource. string

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationApplicationSecurityGroups The application security group specified as destination. ApplicationSecurityGroup[]
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int (required)
protocol Network protocol this rule applies to. '*'
'Ah'
'Esp'
'Icmp'
'Tcp'
'Udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourceApplicationSecurityGroups The application security group specified as source. ApplicationSecurityGroup[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]

ApplicationSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the application security group. ApplicationSecurityGroupPropertiesFormat
tags Resource tags. object

ApplicationSecurityGroupPropertiesFormat

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

RouteTable

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the route table. RouteTablePropertiesFormat
tags Resource tags. object

RouteTablePropertiesFormat

Name Description Value
disableBgpRoutePropagation Whether to disable the routes learned by BGP on that route table. True means disable. bool
routes Collection of routes contained within a route table. Route[]

Route

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the route. RoutePropertiesFormat
type The type of the resource. string

RoutePropertiesFormat

Name Description Value
addressPrefix The destination CIDR to which the route applies. string
hasBgpOverride A value indicating whether this route overrides overlapping BGP routes regardless of LPM. bool
nextHopIpAddress The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType The type of Azure hop the packet should be sent to. 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)

ServiceEndpointPolicy

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the service end point policy. ServiceEndpointPolicyPropertiesFormat
tags Resource tags. object

ServiceEndpointPolicyPropertiesFormat

Name Description Value
contextualServiceEndpointPolicies A collection of contextual service endpoint policy. string[]
serviceAlias The alias indicating if the policy belongs to a service string
serviceEndpointPolicyDefinitions A collection of service endpoint policy definitions of the service endpoint policy. ServiceEndpointPolicyDefinition[]

ServiceEndpointPolicyDefinition

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the service endpoint policy definition. ServiceEndpointPolicyDefinitionPropertiesFormat
type The type of the resource. string

ServiceEndpointPolicyDefinitionPropertiesFormat

Name Description Value
description A description for this rule. Restricted to 140 chars. string
service Service endpoint name. string
serviceResources A list of service resources. string[]

ServiceEndpointPropertiesFormat

Name Description Value
locations A list of locations. string[]
service The type of the endpoint service. string

VirtualNetworkPeering

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the virtual network peering. VirtualNetworkPeeringPropertiesFormat
type Resource type. string

VirtualNetworkPeeringPropertiesFormat

Name Description Value
allowForwardedTraffic Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. bool
allowGatewayTransit If gateway links can be used in remote virtual networking to link to this virtual network. bool
allowVirtualNetworkAccess Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. bool
doNotVerifyRemoteGateways If we need to verify the provisioning state of the remote gateway. bool
enableOnlyIPv6Peering Whether only Ipv6 address space is peered for subnet peering. bool
localAddressSpace The local address space of the local virtual network that is peered. AddressSpace
localSubnetNames List of local subnet names that are subnet peered with remote virtual network. string[]
localVirtualNetworkAddressSpace The current local address space of the local virtual network that is peered. AddressSpace
peerCompleteVnets Whether complete virtual network address space is peered. bool
peeringState The status of the virtual network peering. 'Connected'
'Disconnected'
'Initiated'
peeringSyncLevel The peering sync status of the virtual network peering. 'FullyInSync'
'LocalAndRemoteNotInSync'
'LocalNotInSync'
'RemoteNotInSync'
remoteAddressSpace The reference to the address space peered with the remote virtual network. AddressSpace
remoteBgpCommunities The reference to the remote virtual network's Bgp Communities. VirtualNetworkBgpCommunities
remoteSubnetNames List of remote subnet names from remote virtual network that are subnet peered. string[]
remoteVirtualNetwork The reference to the remote virtual network. The remote virtual network can be in the same or different region (preview). See here to register for the preview and learn more (/azure/virtual-network/virtual-network-create-peering). SubResource
remoteVirtualNetworkAddressSpace The reference to the current address space of the remote virtual network. AddressSpace
useRemoteGateways If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. bool

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
201-vnet-2subnets-service-endpoints-storage-integration

Deploy to Azure
Creates 2 new VMs with a NIC each, in two different subnets within the same VNet. Sets service endpoint on one of the subnets and secures storage account to that subnet.
Virtual Network with diagnostic logs

Deploy to Azure
This template creates a Virtual Network with diagnostic logs and allows optional features to be added to each subnet
Create a VNET to VNET connection across two regions

Deploy to Azure
This template allows you to connect two VNETs in different regions using Virtual Network Gateways
Create a BGP VNET to VNET connection

Deploy to Azure
This template allows you to connect two VNETs using Virtual Network Gateways and BGP
Create a vNet to vNet connection using vNet Peering

Deploy to Azure
This template allows you to connect two vNets using vNet Peering
Create three vNets to demonstrate transitive BGP connections

Deploy to Azure
This template deploys three vNets connected using Virtual Network Gateways and BGP-enabled connections
Create a Virtual Network with two Subnets

Deploy to Azure
This template allows you to create a Virtual Network with two subnets.

Terraform (AzAPI provider) resource definition

The virtualNetworks resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualNetworks resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/virtualNetworks@2023-11-01"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  body = jsonencode({
    properties = {
      addressSpace = {
        addressPrefixes = [
          "string"
        ]
      }
      bgpCommunities = {
        virtualNetworkCommunity = "string"
      }
      ddosProtectionPlan = {
        id = "string"
      }
      dhcpOptions = {
        dnsServers = [
          "string"
        ]
      }
      enableDdosProtection = bool
      enableVmProtection = bool
      encryption = {
        enabled = bool
        enforcement = "string"
      }
      flowTimeoutInMinutes = int
      ipAllocations = [
        {
          id = "string"
        }
      ]
      subnets = [
        {
          id = "string"
          name = "string"
          properties = {
            addressPrefix = "string"
            addressPrefixes = [
              "string"
            ]
            applicationGatewayIPConfigurations = [
              {
                id = "string"
                name = "string"
                properties = {
                  subnet = {
                    id = "string"
                  }
                }
              }
            ]
            defaultOutboundAccess = bool
            delegations = [
              {
                id = "string"
                name = "string"
                properties = {
                  serviceName = "string"
                }
                type = "string"
              }
            ]
            ipAllocations = [
              {
                id = "string"
              }
            ]
            natGateway = {
              id = "string"
            }
            networkSecurityGroup = {
              id = "string"
              location = "string"
              properties = {
                flushConnection = bool
                securityRules = [
                  {
                    id = "string"
                    name = "string"
                    properties = {
                      access = "string"
                      description = "string"
                      destinationAddressPrefix = "string"
                      destinationAddressPrefixes = [
                        "string"
                      ]
                      destinationApplicationSecurityGroups = [
                        {
                          id = "string"
                          location = "string"
                          properties = {}
                          tags = {}
                        }
                      ]
                      destinationPortRange = "string"
                      destinationPortRanges = [
                        "string"
                      ]
                      direction = "string"
                      priority = int
                      protocol = "string"
                      sourceAddressPrefix = "string"
                      sourceAddressPrefixes = [
                        "string"
                      ]
                      sourceApplicationSecurityGroups = [
                        {
                          id = "string"
                          location = "string"
                          properties = {}
                          tags = {}
                        }
                      ]
                      sourcePortRange = "string"
                      sourcePortRanges = [
                        "string"
                      ]
                    }
                    type = "string"
                  }
                ]
              }
              tags = {}
            }
            privateEndpointNetworkPolicies = "string"
            privateLinkServiceNetworkPolicies = "string"
            routeTable = {
              id = "string"
              location = "string"
              properties = {
                disableBgpRoutePropagation = bool
                routes = [
                  {
                    id = "string"
                    name = "string"
                    properties = {
                      addressPrefix = "string"
                      hasBgpOverride = bool
                      nextHopIpAddress = "string"
                      nextHopType = "string"
                    }
                    type = "string"
                  }
                ]
              }
              tags = {}
            }
            serviceEndpointPolicies = [
              {
                id = "string"
                location = "string"
                properties = {
                  contextualServiceEndpointPolicies = [
                    "string"
                  ]
                  serviceAlias = "string"
                  serviceEndpointPolicyDefinitions = [
                    {
                      id = "string"
                      name = "string"
                      properties = {
                        description = "string"
                        service = "string"
                        serviceResources = [
                          "string"
                        ]
                      }
                      type = "string"
                    }
                  ]
                }
                tags = {}
              }
            ]
            serviceEndpoints = [
              {
                locations = [
                  "string"
                ]
                service = "string"
              }
            ]
            sharingScope = "string"
          }
          type = "string"
        }
      ]
      virtualNetworkPeerings = [
        {
          id = "string"
          name = "string"
          properties = {
            allowForwardedTraffic = bool
            allowGatewayTransit = bool
            allowVirtualNetworkAccess = bool
            doNotVerifyRemoteGateways = bool
            enableOnlyIPv6Peering = bool
            localAddressSpace = {
              addressPrefixes = [
                "string"
              ]
            }
            localSubnetNames = [
              "string"
            ]
            localVirtualNetworkAddressSpace = {
              addressPrefixes = [
                "string"
              ]
            }
            peerCompleteVnets = bool
            peeringState = "string"
            peeringSyncLevel = "string"
            remoteAddressSpace = {
              addressPrefixes = [
                "string"
              ]
            }
            remoteBgpCommunities = {
              virtualNetworkCommunity = "string"
            }
            remoteSubnetNames = [
              "string"
            ]
            remoteVirtualNetwork = {
              id = "string"
            }
            remoteVirtualNetworkAddressSpace = {
              addressPrefixes = [
                "string"
              ]
            }
            useRemoteGateways = bool
          }
          type = "string"
        }
      ]
    }
    extendedLocation = {
      name = "string"
      type = "EdgeZone"
    }
  })
}

Property values

virtualNetworks

Name Description Value
type The resource type "Microsoft.Network/virtualNetworks@2023-11-01"
name The resource name string (required)

Character limit: 2-64

Valid characters:
Alphanumerics, underscores, periods, and hyphens.

Start with alphanumeric. End alphanumeric or underscore.
location Resource location. string
parent_id To deploy to a resource group, use the ID of that resource group. string (required)
tags Resource tags. Dictionary of tag names and values.
extendedLocation The extended location of the virtual network. ExtendedLocation
properties Properties of the virtual network. VirtualNetworkPropertiesFormat

ExtendedLocation

Name Description Value
name The name of the extended location. string
type The type of the extended location. "EdgeZone"

VirtualNetworkPropertiesFormat

Name Description Value
addressSpace The AddressSpace that contains an array of IP address ranges that can be used by subnets. AddressSpace
bgpCommunities Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. VirtualNetworkBgpCommunities
ddosProtectionPlan The DDoS protection plan associated with the virtual network. SubResource
dhcpOptions The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network. DhcpOptions
enableDdosProtection Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It requires a DDoS protection plan associated with the resource. bool
enableVmProtection Indicates if VM protection is enabled for all the subnets in the virtual network. bool
encryption Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. VirtualNetworkEncryption
flowTimeoutInMinutes The FlowTimeout value (in minutes) for the Virtual Network int
ipAllocations Array of IpAllocation which reference this VNET. SubResource[]
subnets A list of subnets in a Virtual Network. Subnet[]
virtualNetworkPeerings A list of peerings in a Virtual Network. VirtualNetworkPeering[]

AddressSpace

Name Description Value
addressPrefixes A list of address blocks reserved for this virtual network in CIDR notation. string[]

VirtualNetworkBgpCommunities

Name Description Value
virtualNetworkCommunity The BGP community associated with the virtual network. string (required)

SubResource

Name Description Value
id Resource ID. string

DhcpOptions

Name Description Value
dnsServers The list of DNS servers IP addresses. string[]

VirtualNetworkEncryption

Name Description Value
enabled Indicates if encryption is enabled on the virtual network. bool (required)
enforcement If the encrypted VNet allows VM that does not support encryption "AllowUnencrypted"
"DropUnencrypted"

Subnet

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the subnet. SubnetPropertiesFormat
type Resource type. string

SubnetPropertiesFormat

Name Description Value
addressPrefix The address prefix for the subnet. string
addressPrefixes List of address prefixes for the subnet. string[]
applicationGatewayIPConfigurations Application gateway IP configurations of virtual network resource. ApplicationGatewayIPConfiguration[]
defaultOutboundAccess Set this property to false to disable default outbound connectivity for all VMs in the subnet. This property can only be set at the time of subnet creation and cannot be updated for an existing subnet. bool
delegations An array of references to the delegations on the subnet. Delegation[]
ipAllocations Array of IpAllocation which reference this subnet. SubResource[]
natGateway Nat gateway associated with this subnet. SubResource
networkSecurityGroup The reference to the NetworkSecurityGroup resource. NetworkSecurityGroup
privateEndpointNetworkPolicies Enable or Disable apply network policies on private end point in the subnet. "Disabled"
"Enabled"
"NetworkSecurityGroupEnabled"
"RouteTableEnabled"
privateLinkServiceNetworkPolicies Enable or Disable apply network policies on private link service in the subnet. "Disabled"
"Enabled"
routeTable The reference to the RouteTable resource. RouteTable
serviceEndpointPolicies An array of service endpoint policies. ServiceEndpointPolicy[]
serviceEndpoints An array of service endpoints. ServiceEndpointPropertiesFormat[]
sharingScope Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. "DelegatedServices"
"Tenant"

ApplicationGatewayIPConfiguration

Name Description Value
id Resource ID. string
name Name of the IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway IP configuration. ApplicationGatewayIPConfigurationPropertiesFormat

ApplicationGatewayIPConfigurationPropertiesFormat

Name Description Value
subnet Reference to the subnet resource. A subnet from where application gateway gets its private address. SubResource

Delegation

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a subnet. This name can be used to access the resource. string
properties Properties of the subnet. ServiceDelegationPropertiesFormat
type Resource type. string

ServiceDelegationPropertiesFormat

Name Description Value
serviceName The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). string

NetworkSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the network security group. NetworkSecurityGroupPropertiesFormat
tags Resource tags. object

NetworkSecurityGroupPropertiesFormat

Name Description Value
flushConnection When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. bool
securityRules A collection of security rules of the network security group. SecurityRule[]

SecurityRule

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the security rule. SecurityRulePropertiesFormat
type The type of the resource. string

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. "Allow"
"Deny" (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationApplicationSecurityGroups The application security group specified as destination. ApplicationSecurityGroup[]
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. "Inbound"
"Outbound" (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int (required)
protocol Network protocol this rule applies to. "*"
"Ah"
"Esp"
"Icmp"
"Tcp"
"Udp" (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourceApplicationSecurityGroups The application security group specified as source. ApplicationSecurityGroup[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]

ApplicationSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the application security group. ApplicationSecurityGroupPropertiesFormat
tags Resource tags. object

ApplicationSecurityGroupPropertiesFormat

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

RouteTable

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the route table. RouteTablePropertiesFormat
tags Resource tags. object

RouteTablePropertiesFormat

Name Description Value
disableBgpRoutePropagation Whether to disable the routes learned by BGP on that route table. True means disable. bool
routes Collection of routes contained within a route table. Route[]

Route

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the route. RoutePropertiesFormat
type The type of the resource. string

RoutePropertiesFormat

Name Description Value
addressPrefix The destination CIDR to which the route applies. string
hasBgpOverride A value indicating whether this route overrides overlapping BGP routes regardless of LPM. bool
nextHopIpAddress The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType The type of Azure hop the packet should be sent to. "Internet"
"None"
"VirtualAppliance"
"VirtualNetworkGateway"
"VnetLocal" (required)

ServiceEndpointPolicy

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the service end point policy. ServiceEndpointPolicyPropertiesFormat
tags Resource tags. object

ServiceEndpointPolicyPropertiesFormat

Name Description Value
contextualServiceEndpointPolicies A collection of contextual service endpoint policy. string[]
serviceAlias The alias indicating if the policy belongs to a service string
serviceEndpointPolicyDefinitions A collection of service endpoint policy definitions of the service endpoint policy. ServiceEndpointPolicyDefinition[]

ServiceEndpointPolicyDefinition

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the service endpoint policy definition. ServiceEndpointPolicyDefinitionPropertiesFormat
type The type of the resource. string

ServiceEndpointPolicyDefinitionPropertiesFormat

Name Description Value
description A description for this rule. Restricted to 140 chars. string
service Service endpoint name. string
serviceResources A list of service resources. string[]

ServiceEndpointPropertiesFormat

Name Description Value
locations A list of locations. string[]
service The type of the endpoint service. string

VirtualNetworkPeering

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the virtual network peering. VirtualNetworkPeeringPropertiesFormat
type Resource type. string

VirtualNetworkPeeringPropertiesFormat

Name Description Value
allowForwardedTraffic Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. bool
allowGatewayTransit If gateway links can be used in remote virtual networking to link to this virtual network. bool
allowVirtualNetworkAccess Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. bool
doNotVerifyRemoteGateways If we need to verify the provisioning state of the remote gateway. bool
enableOnlyIPv6Peering Whether only Ipv6 address space is peered for subnet peering. bool
localAddressSpace The local address space of the local virtual network that is peered. AddressSpace
localSubnetNames List of local subnet names that are subnet peered with remote virtual network. string[]
localVirtualNetworkAddressSpace The current local address space of the local virtual network that is peered. AddressSpace
peerCompleteVnets Whether complete virtual network address space is peered. bool
peeringState The status of the virtual network peering. "Connected"
"Disconnected"
"Initiated"
peeringSyncLevel The peering sync status of the virtual network peering. "FullyInSync"
"LocalAndRemoteNotInSync"
"LocalNotInSync"
"RemoteNotInSync"
remoteAddressSpace The reference to the address space peered with the remote virtual network. AddressSpace
remoteBgpCommunities The reference to the remote virtual network's Bgp Communities. VirtualNetworkBgpCommunities
remoteSubnetNames List of remote subnet names from remote virtual network that are subnet peered. string[]
remoteVirtualNetwork The reference to the remote virtual network. The remote virtual network can be in the same or different region (preview). See here to register for the preview and learn more (/azure/virtual-network/virtual-network-create-peering). SubResource
remoteVirtualNetworkAddressSpace The reference to the current address space of the remote virtual network. AddressSpace
useRemoteGateways If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. bool