NSG and Route Table ARM Templates

Contributor

HI All,

 

I have a script which creates Both NSG and Route Tables(With Routes) in single Paramater and Tenplate file.

But in this script it is Mandate to create Route Table and Routes every time while running the Template.

Is it possible to ignore creating Route Table each time while creating NSG's. Or we need to give option like we need to add or avoid creating Route Tables. Help me on this.

 

Template i am following is:

 

{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"VNetName": {
"type": "string",
"metadata": {
"description": "description"
}
},
"SubnetInfo": {
"type": "array"
}
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2020-05-01",
"name": "[concat(parameters('SubnetInfo')[copyIndex()].properties.NSGName)]",
"location": "[parameters('Location')]",
"copy": {
"name": "NSGs",
"count": "[length(parameters('SubnetInfo'))]"
},
"properties": {
"securityRules": "[parameters('SubnetInfo')[copyIndex()].properties.SecurityRules]"
}
},
{
"type": "Microsoft.Network/routeTables",
"apiVersion": "2020-05-01",
"name": "[concat(parameters('SubnetInfo')[copyIndex()].properties.RouteName)]",
"location": "[parameters('Location')]",
"copy": {
"name": "Routes",
"count": "[length(parameters('SubnetInfo'))]"
},
"properties": {
"routes": "[parameters('SubnetInfo')[copyIndex()].properties.Routes]",
"disableBgpRoutePropagation": "[parameters('SubnetInfo')[copyIndex()].properties.disableBgpRoutePropagation]"

}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "[concat('update-',parameters('SubnetInfo')[copyIndex()].properties.SubnetName)]",
"dependsOn": [
"NSGs",
"Routes"
],
"copy": {
"name": "association",
"count": "[length(parameters('SubnetInfo'))]",
"mode": "Serial"
},
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2020-05-01",
"type": "Microsoft.Network/virtualNetworks/subnets",
"name": "[concat(parameters('VNetName'), '/', parameters('SubnetInfo')[copyIndex()].properties.SubnetName)]",
"location": "[resourceGroup().location]",
"properties": {
"addressPrefix": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('SubnetInfo')[copyIndex()].properties.SubnetName), '2018-03-01').addressPrefix]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('SubnetInfo')[copyIndex()].properties.NSGName)]"
},
"routeTable": {
"id": "[resourceId('Microsoft.Network/routeTables', parameters('SubnetInfo')[copyIndex()].properties.RouteName)]"
}
}
}
]
}
}
}
]
}

 

Pramater File:

 

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "East US"
},
"VNetName": {
"value": "VN01"
},
"SubnetInfo": {
"value": [
{
"properties": {
"NSGName": "NSG01",
"SubnetName": "sub01",
"RouteName": "RT01",
"securityRules": [
{
"name": "Inbound_Deny_All",
"properties": {
"description": "Deny all inbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"sourceAddressPrefix": "*",
"destinationPortRange": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 4096,
"direction": "Inbound"
}
}
],
"disableBgpRoutePropagation": true,
"routes": [
{
"name": "route1",
"properties": {
"addressPrefix": "10.0.0.0/24",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "10.0.0.4"
}
},
{
"name": "route2",
"properties": {
"addressPrefix": "10.15.0.0/24",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "10.10.0.68"
}
},
{
"name": "route3",
"properties": {
"addressPrefix": "10.11.0.0/24",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "10.11.0.68"
}
}
]
}
},
{
"properties": {
"NSGName": "NSG02",
"SubnetName": "sub02",
"RouteName": "RT02",
"securityRules": [
{
"name": "Outbound_Deny_All",
"properties": {
"description": "Deny all inbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"sourceAddressPrefix": "*",
"destinationPortRange": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 4096,
"direction": "Outbound"
}
}
],
"disableBgpRoutePropagation": true,
"routes": [
{
"name": "route1",
"properties": {
"addressPrefix": "10.10.0.0/24",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "10.0.0.4"
}
},
{
"name": "route2",
"properties": {
"addressPrefix": "10.0.0.0/24",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "10.10.0.68"
}
},
{
"name": "route3",
"properties": {
"addressPrefix": "10.12.0.0/24",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "10.12.0.68"
}
}
]
}
},
{
"properties": {
"NSGName": "NSG03",
"SubnetName": "sub03",
"RouteName": "RT03",
"securityRules": [
{
"name": "Inbound_Allow_Http",
"properties": {
"description": "Allow inbound http traffic",
"protocol": "TCP",
"sourcePortRange": "*",
"sourceAddressPrefix": "*",
"destinationPortRange": "80",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 4096,
"direction": "Inbound"
}
}
],
"disableBgpRoutePropagation": false,
"routes": [
{
"name": "route1",
"properties": {
"addressPrefix": "10.0.0.0/24",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "10.0.0.4"
}
},
{
"name": "route2",
"properties": {
"addressPrefix": "10.10.0.0/24",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "10.10.0.68"
}
},
{
"name": "route3",
"properties": {
"addressPrefix": "10.13.0.0/24",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "10.13.0.68"
}
}
]
}
}
]
}
}
}

 

Regards,

Vignesh

 

 

1 Reply

@StefanIvem

 

Hi Stefan,

 

Can you pls help on this.