There is a current policy (DenySu.netWithoutNSG) in our framework that basically prevents deployment of su.nets without an nsg. I am trying to bypass this policy through a custom ARM template below is an idea of what I am working with:
Your Policy is to prevent, so it is working as expected and there should be no possibility to bypass;> Anyway, below ARM creates a Su.net with NSG in one run and it will fit into the policy expecting NSG on Su.net (of course review params and ajust to your need):
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"addressPrefix": {
"type": "String"
},
"name": {
"type": "String"
},
"vnet": {
"type": "String"
},
"nsgId": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2021-03-01",
"name": "[concat(parameters('vnet'), '/', parameters('name'))]",
"properties": {
"addressPrefix": "[parameters('addressPrefix')]",
"delegations": [],
"networkSecurityGroup": {
"id": "[parameters('nsgId')]"
},
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled",
"serviceEndpoints": []
}
}
],
"outputs": {
"subnetId": {
"type": "String",
"value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnet'), parameters('name'))]"
}
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.