Forum Discussion
ARM Template To create Multiple NSG's associate with existing Subnet
Hi All,
I am trying to create Multiple NSG with multiple rules associate with subnets. Can anyone give me the Template file which is used as single Template file for Multiple NSG.
Attached is the current files used by me for creating NSG.
The problem in the below script is, It is not creating more than 2 NSG's. So that i am expecting to have a single Template and parameter file to create multiple NSG's. More likely to use copy loops.
Template File:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.1",
"parameters": {
"virtualNetworkName": {
"type": "String"
},
"networkSecurityGroupName1": {
"type": "String"
},
"subnetName1": {
"type": "String"
},
"networkSecurityGroupRules1": {
"type": "Array"
},
"networkSecurityGroupName2": {
"type": "String"
},
"subnetName2": {
"type": "String"
},
"networkSecurityGroupRules2": {
"type": "Array"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2018-03-01",
"name": "[parameters('networkSecurityGroupName1')]",
"location": "[resourceGroup().location]",
"properties": {
"securityRules": "[parameters('networkSecurityGroupRules1')]"
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-08-01",
"name": "apply-nsg-to-subnet1",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName1'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2018-03-01",
"type": "Microsoft.Network/virtualNetworks/subnets",
"name": "[concat(parameters('virtualNetworkName'), '/', parameters('subnetName1'))]",
"location": "[resourceGroup().location]",
"properties": {
"addressPrefix": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName1')), '2018-03-01').addressPrefix]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName1'))]"
}
}
}
]
}
},
"resourceGroup": "[resourceGroup().name]"
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2018-03-01",
"name": "[parameters('networkSecurityGroupName2')]",
"location": "[resourceGroup().location]",
"properties": {
"securityRules": "[parameters('networkSecurityGroupRules2')]"
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-08-01",
"name": "apply-nsg-to-subnet2",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName2'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2018-03-01",
"type": "Microsoft.Network/virtualNetworks/subnets",
"name": "[concat(parameters('virtualNetworkName'), '/', parameters('subnetName2'))]",
"location": "[resourceGroup().location]",
"properties": {
"addressPrefix": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName2')), '2018-03-01').addressPrefix]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName2'))]"
}
}
}
]
}
},
"resourceGroup": "[resourceGroup().name]"
}
],
"outputs": {}
}
Hi!
I've put together a template for you that solves your problem using copy loops for both the NSGs and the subnet association. You can find it here: https://gist.github.com/StefanIvemo/31cda6faa214824b2049a1e98f0e279b
I've created a parameter called NSGs of the type array in the template. Take a look at the example parameter file and adjust it to your needs. All you have to do is add/remove objects to the array and fill in NSGName, SubnetName and your SecurityRules.
The template will first deploy all the NSGs and then do a nested deployment to do the subnet association.
Good luck with your deployment!
- vigneshkrcegmailcomBrass Contributor
@StefanIvem,
Can you please help me to create ARM for Route Tables associate with existing Subnets.
Inside Each Routes i need numbers of Routes should be attached with properties.
Thanks,
Vignesh
- vigneshkrcegmailcomBrass Contributor
Fantastic, NSG is working Expected. In the same way i need to create Route Tables and Number of Routes in each route tables. Can you please help me on that ??
- StefanIvemoBrass Contributor
You can continue with the template I provided. Just add a property for routes to the parameter file for each of the objects in the array, the same way as for securityRules. E.g. "routes": [], and add your custom routes to it.
Then create a copy loop to create Microsoft.Network/routeTables just like the one for NSGs but modify the properties to work with the Route Table resource.
In the nested deploy where the NSG is associated with the subnet you add the routeTable property.
Good luck!
- vigneshkrcegmailcomBrass Contributor
Hi,
Thanks for the quick update.....
I have modified as per your request but deployment is failing. Below is the Modified Template and Para files.
{"contentVersion": "1.0.0.0","parameters": {"location": {"type": "String"},"VNetName": {"type": "String","metadata": {"description": "description"}},"RTs": {"type": "Array"}},"resources": [{"type": "Microsoft.Network/routeTables","apiVersion": "2020-05-01","name": "[concat(parameters('RTs')[copyIndex()].properties.RTName)]","location": "[parameters('Location')]","properties": {"Routes": "[parameters('RTs')[copyIndex()].properties.Routes]"},"copy": {"name": "RTs","count": "[length(parameters('RTs'))]"}},{"type": "Microsoft.Resources/deployments","apiVersion": "2020-06-01","name": "[concat('apply',parameters('RTs')[copyIndex()].properties.RTName)]","dependsOn": ["RTs"],"properties": {"mode": "Incremental","template": {"contentVersion": "1.0.0.0","resources": [{"apiVersion": "2020-05-01","type": "Microsoft.Network/virtualNetworks/subnets","name": "[concat(parameters('VNetName'), '/', parameters('RTs')[copyIndex()].properties.SubnetName)]","location": "[resourceGroup().location]","properties": {"addressPrefix": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('RTs')[copyIndex()].properties.SubnetName), '2018-03-01').addressPrefix]","networkSecurityGroup": {"id": "[resourceId('Microsoft.Network/routeTables', parameters('RTs')[copyIndex()].properties.RTName)]"}}}]}},"copy": {"name": "association","count": "[length(parameters('RTs'))]","mode": "Serial"}}]}======================================{"contentVersion": "1.0.0.0","parameters": {"location": {"value": "East US"},"VNetName": {"value": "VN02"},"RTs": {"value": [{"properties": {"RTName": "RT01","SubnetName": "sub01","securityRules": [{"addressPrefix": "10.1.0.0/16","nextHopType": "VnetLocal"}]}},{"properties": {"RTName": "RT02","SubnetName": "sub02","securityRules": [{"addressPrefix": "10.2.0.0/16","nextHopType": "VnetLocal"}]}},{"properties": {"RTName": "RT03","SubnetName": "sub03","securityRules": [{"addressPrefix": "10.3.0.0/16","nextHopType": "VnetLocal"}]}}]}}}
- StefanIvemoBrass Contributor
Hi!
I've put together a template for you that solves your problem using copy loops for both the NSGs and the subnet association. You can find it here: https://gist.github.com/StefanIvemo/31cda6faa214824b2049a1e98f0e279b
I've created a parameter called NSGs of the type array in the template. Take a look at the example parameter file and adjust it to your needs. All you have to do is add/remove objects to the array and fill in NSGName, SubnetName and your SecurityRules.
The template will first deploy all the NSGs and then do a nested deployment to do the subnet association.
Good luck with your deployment!