Forum Discussion

vigneshkrcegmailcom's avatar
vigneshkrcegmailcom
Brass Contributor
Nov 11, 2020

ARM Template To create Multiple NSG's associate with existing Subnet

Hi All,

 

I am trying to create Multiple NSG with multiple rules associate with subnets. Can anyone give me the Template file which is used as single Template file for Multiple NSG.

Attached is the current files used by me for creating NSG.

 

The problem in the below script is, It is not creating more than 2 NSG's. So that i am expecting to have a single Template and parameter file to create multiple NSG's. More likely to use copy loops.

 

Template File:

 

{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.1",
"parameters": {
"virtualNetworkName": {
"type": "String"
},
"networkSecurityGroupName1": {
"type": "String"
},
"subnetName1": {
"type": "String"
},
"networkSecurityGroupRules1": {
"type": "Array"
},
"networkSecurityGroupName2": {
"type": "String"
},
"subnetName2": {
"type": "String"
},
"networkSecurityGroupRules2": {
"type": "Array"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2018-03-01",
"name": "[parameters('networkSecurityGroupName1')]",
"location": "[resourceGroup().location]",
"properties": {
"securityRules": "[parameters('networkSecurityGroupRules1')]"
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-08-01",
"name": "apply-nsg-to-subnet1",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName1'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2018-03-01",
"type": "Microsoft.Network/virtualNetworks/subnets",
"name": "[concat(parameters('virtualNetworkName'), '/', parameters('subnetName1'))]",
"location": "[resourceGroup().location]",
"properties": {
"addressPrefix": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName1')), '2018-03-01').addressPrefix]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName1'))]"
}
}
}
]
}
},
"resourceGroup": "[resourceGroup().name]"
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2018-03-01",
"name": "[parameters('networkSecurityGroupName2')]",
"location": "[resourceGroup().location]",
"properties": {
"securityRules": "[parameters('networkSecurityGroupRules2')]"
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-08-01",
"name": "apply-nsg-to-subnet2",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName2'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2018-03-01",
"type": "Microsoft.Network/virtualNetworks/subnets",
"name": "[concat(parameters('virtualNetworkName'), '/', parameters('subnetName2'))]",
"location": "[resourceGroup().location]",
"properties": {
"addressPrefix": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName2')), '2018-03-01').addressPrefix]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName2'))]"
}
}
}
]
}
},
"resourceGroup": "[resourceGroup().name]"
}
],
"outputs": {}
}

  • vigneshkrcegmailcom 

    Hi!

     

    I've put together a template for you that solves your problem using copy loops for both the NSGs and the subnet association. You can find it here: https://gist.github.com/StefanIvemo/31cda6faa214824b2049a1e98f0e279b

     

    I've created a parameter called NSGs of the type array in the template. Take a look at the example parameter file and adjust it to your needs. All you have to do is add/remove objects to the array and fill in NSGName, SubnetName and your SecurityRules. 

     

    The template will first deploy all the NSGs and then do a nested deployment to do the subnet association.

     

    Good luck with your deployment!

     

  • @StefanIvem,

     

    Can you please help me to create ARM for Route Tables associate with existing Subnets. 

    Inside Each Routes i need numbers of Routes should be attached with properties.

     

    Thanks,

    Vignesh

  • StefanIvemo

     

    Fantastic, NSG is working Expected. In the same way i need to create Route Tables and Number of Routes in each route tables. Can you please help me on that ??

    • StefanIvemo's avatar
      StefanIvemo
      Brass Contributor

      vigneshkrcegmailcom 

      You can continue with the template I provided. Just add a property for routes to the parameter file for each of the objects in the array, the same way as for securityRules. E.g. "routes": [], and add your custom routes to it.

       

      Then create a copy loop to create Microsoft.Network/routeTables just like the one for NSGs but modify the properties to work with the Route Table resource.

       

      In the nested deploy where the NSG is associated with the subnet you add the routeTable property.

       

      Good luck!

       

           
      • vigneshkrcegmailcom's avatar
        vigneshkrcegmailcom
        Brass Contributor

        StefanIvemo 

         

        Hi,

         

        Thanks for the quick update.....

         

        I have modified as per your request but deployment is failing. Below is the Modified Template and Para files.

         

        {
            "contentVersion""1.0.0.0",
            "parameters": {
                "location": {
                    "type""String"
                },
                "VNetName": {
                    "type""String",
                    "metadata": {
                        "description""description"
                    }
                },
                "RTs": {
                    "type""Array"
                }
            },
            "resources": [
                {
                    "type""Microsoft.Network/routeTables",
                    "apiVersion""2020-05-01",
                    "name""[concat(parameters('RTs')[copyIndex()].properties.RTName)]",
                    "location""[parameters('Location')]",
                    "properties": {
                        "Routes""[parameters('RTs')[copyIndex()].properties.Routes]"
                    },
                    "copy": {
                        "name""RTs",
                        "count""[length(parameters('RTs'))]"
                    }
                },
                {
                    "type""Microsoft.Resources/deployments",
                    "apiVersion""2020-06-01",
                    "name""[concat('apply',parameters('RTs')[copyIndex()].properties.RTName)]",
                    "dependsOn": [
                        "RTs"
                    ],
                    "properties": {
                        "mode""Incremental",
                        "template": {
                            "$schema""https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                            "contentVersion""1.0.0.0",
                            "resources": [
                                {
                                    "apiVersion""2020-05-01",
                                    "type""Microsoft.Network/virtualNetworks/subnets",
                                    "name""[concat(parameters('VNetName'), '/', parameters('RTs')[copyIndex()].properties.SubnetName)]",
                                    "location""[resourceGroup().location]",
                                    "properties": {
                                        "addressPrefix""[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('RTs')[copyIndex()].properties.SubnetName), '2018-03-01').addressPrefix]",
                                        "networkSecurityGroup": {
                                            "id""[resourceId('Microsoft.Network/routeTables', parameters('RTs')[copyIndex()].properties.RTName)]"
                                        }
                                    }
                                }
                            ]
                        }
                    },
                    "copy": {
                        "name""association",
                        "count""[length(parameters('RTs'))]",
                        "mode""Serial"
                    }
                }
            ]
        }
         
        ======================================
         
        {
            "contentVersion""1.0.0.0",
            "parameters": {
                "location": {
                    "value""East US"
                },
                "VNetName": {
                    "value""VN02"
                },
                "RTs": {
                    "value": [
                        {
                            "properties": {
                                "RTName""RT01",
                                "SubnetName""sub01",
                                "securityRules": [
                                    {
                                    
                        "addressPrefix""10.1.0.0/16",
                        "nextHopType""VnetLocal"
                    }
                                ]
                            }
                        },
                        {
                            "properties": {
                                "RTName""RT02",
                                "SubnetName""sub02",
                                "securityRules": [
                                {
                        "addressPrefix""10.2.0.0/16",
                        "nextHopType""VnetLocal"
                    }
                                ]
                            }
                        },
                        {
                            "properties": {
                                "RTName""RT03",
                                "SubnetName""sub03",
                                "securityRules": [
                                    {
                                        "addressPrefix""10.3.0.0/16",
                                        "nextHopType""VnetLocal"
                                    }

                                ]
                            }
                        }
                    ]
                }
            }
        }
         
         
  • StefanIvemo's avatar
    StefanIvemo
    Brass Contributor

    vigneshkrcegmailcom 

    Hi!

     

    I've put together a template for you that solves your problem using copy loops for both the NSGs and the subnet association. You can find it here: https://gist.github.com/StefanIvemo/31cda6faa214824b2049a1e98f0e279b

     

    I've created a parameter called NSGs of the type array in the template. Take a look at the example parameter file and adjust it to your needs. All you have to do is add/remove objects to the array and fill in NSGName, SubnetName and your SecurityRules. 

     

    The template will first deploy all the NSGs and then do a nested deployment to do the subnet association.

     

    Good luck with your deployment!

     

Resources