Forum Discussion

vigneshkrcegmailcom's avatar
vigneshkrcegmailcom
Brass Contributor
Nov 11, 2020
Solved

ARM Template To create Multiple NSG's associate with existing Subnet

Hi All,   I am trying to create Multiple NSG with multiple rules associate with subnets. Can anyone give me the Template file which is used as single Template file for Multiple NSG. Attached is th...
  • StefanIvemo's avatar
    StefanIvemo
    Nov 17, 2020

    vigneshkrcegmailcom 

    Hi!

     

    I've put together a template for you that solves your problem using copy loops for both the NSGs and the subnet association. You can find it here: https://gist.github.com/StefanIvemo/31cda6faa214824b2049a1e98f0e279b

     

    I've created a parameter called NSGs of the type array in the template. Take a look at the example parameter file and adjust it to your needs. All you have to do is add/remove objects to the array and fill in NSGName, SubnetName and your SecurityRules. 

     

    The template will first deploy all the NSGs and then do a nested deployment to do the subnet association.

     

    Good luck with your deployment!

     

vigneshkrcegmailcom's avatar
vigneshkrcegmailcom
Brass Contributor
Jan 06, 2021

StefanIvemo 

Hi Stefan,

 

 The main aim is we don't need to create Route tables while running the script. If we need Route table we will add Route Property in parameter files. But while doing with this script it is throwing error. I am not sure how to modify Template file accordingly !!!

 

For example if i am running this script now I need to give names of NSG and Route tables as Mandate. If i will not give the route name it is throwing error. So i need to change this, while creating NSG's if needed i need to create Route table or else i will not give the names of Route Table Name as input.

 

Below is the para i have modified. In first property i am creating 1 NSG and 1 Route and in second property i need only NSG, so i am not giving Route Table Name. But this is not working as it is throwing template error.

 

"SubnetInfo": {
"value": [
{
"properties": {
"NSGName": "NSG01",
"SubnetName": "sub01",
"RouteName": "RT01",
"securityRules": [
{
"name": "Inbound_Deny_All",
"properties": {
"description": "Deny all inbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"sourceAddressPrefix": "*",
"destinationPortRange": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 4096,
"direction": "Inbound"
}
}
],
"disableBgpRoutePropagation": true,
"routes": [
{
"name": "route1",
"properties": {
"addressPrefix": "10.0.0.0/24",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "10.0.0.4"
}
}
}
]
}
},
{
"properties": {
"NSGName": "NSG02",
"SubnetName": "sub02",
"securityRules": [
{
"name": "Outbound_Deny_All",
"properties": {
"description": "Deny all inbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"sourceAddressPrefix": "*",
"destinationPortRange": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 4096,
"direction": "Outbound"
}
}
],

}
]
}
}

 

Vignesh

StefanIvemo's avatar
StefanIvemo
Brass Contributor
Jan 11, 2021

Hi vigneshkrcegmailcom !

 

I've updated the template I've shared before with some additional functionality to be able to achieve the task. 


Now if you leave the RouteName property empty in a subnet object in the parameters file no route table will be created for that subnet.

 

The following changes have been made:

 

  •  I've added a condition to the route table resource to define that a route table should only be created if RouteName is provided.
"condition": "[not(empty(parameters('SubnetInfo')[copyIndex()].properties.RouteName))]"
  • I've added a variable iteration called routetableid, to use in the nested deployment where the subnet is created, this is used to build an array with resourceIDs.
"variables": {
        "copy": [
            {
                "name": "routetableid",
                "count": "[length(parameters('SubnetInfo'))]",
                "input": {
                    "id": "[if(empty(parameters('SubnetInfo')[copyIndex('routetableid')].properties.RouteName),'fakeid',resourceId('Microsoft.Network/routeTables', parameters('SubnetInfo')[copyIndex('routetableid')].properties.RouteName))]"
                }
            }
        ]
    }
  • And finally in the nested deployment where the route table is associated with the subnet I've added this if statement to the routeTable property. If a routeName is present the resourceID will be provided from the variable iteration routetableid if not json('null') will be inserted.
"routeTable": "[if(empty(parameters('SubnetInfo')[copyIndex()].properties.RouteName), json('null') ,variables('routetableid')[copyIndex()])]"

 

https://gist.github.com/StefanIvemo/d9fecb77d9089bd282638aa52a2fffb2

 

 

Good luck with your deployment!

Resources