azurermSubnet
Manages a subnet. Subnets represent network segments within the IP space defined by the virtual network.
\~> NOTE on Virtual Networks and Subnet's: Terraform currently provides both a standalone Subnet resource, and allows for Subnets to be defined in-line within the Virtual Network resource. At this time you cannot use a Virtual Network with in-line Subnets in conjunction with any Subnet resources. Doing so will cause a conflict of Subnet configurations and will overwrite Subnet's.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
this,
"example_1",
{
address_space: ["10.0.0.0/16"],
location: azurermResourceGroupExample.location,
name: "example-vnet",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const azurermSubnetExample = new azurerm.subnet.Subnet(this, "example_2", {
address_prefixes: ["10.0.1.0/24"],
delegation: [
{
name: "delegation",
service_delegation: [
{
actions: [
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
],
name: "Microsoft.ContainerInstance/containerGroups",
},
],
},
],
name: "example-subnet",
resource_group_name: azurermResourceGroupExample.name,
virtual_network_name: azurermVirtualNetworkExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
-
name- (Required) The name of the subnet. Changing this forces a new resource to be created. -
resourceGroupName- (Required) The name of the resource group in which to create the subnet. Changing this forces a new resource to be created. -
virtualNetworkName- (Required) The name of the virtual network to which to attach the subnet. Changing this forces a new resource to be created. -
addressPrefixes- (Required) The address prefixes to use for the subnet.
-> NOTE: Currently only a single address prefix can be set as the Multiple Subnet Address Prefixes Feature is not yet in public preview or general availability.
-
delegation- (Optional) One or moredelegationblocks as defined below. -
privateEndpointNetworkPoliciesEnabled- (Optional) Enable or Disable network policies for the private endpoint on the subnet. Setting this totruewill Enable the policy and setting this tofalsewill Disable the policy. Defaults totrue.
-> NOTE: Network policies, like network security groups (NSG), are not supported for Private Link Endpoints or Private Link Services. In order to deploy a Private Link Endpoint on a given subnet, you must set the privateEndpointNetworkPoliciesEnabled attribute to false. This setting is only applicable for the Private Link Endpoint, for all other resources in the subnet access is controlled based via the Network Security Group which can be configured using the azurermSubnetNetworkSecurityGroupAssociation resource.
privateLinkServiceNetworkPoliciesEnabled- (Optional) Enable or Disable network policies for the private link service on the subnet. Setting this totruewill Enable the policy and setting this tofalsewill Disable the policy. Defaults totrue.
-> NOTE: In order to deploy a Private Link Service on a given subnet, you must set the privateLinkServiceNetworkPoliciesEnabled attribute to false. This setting is only applicable for the Private Link Service, for all other resources in the subnet access is controlled based on the Network Security Group which can be configured using the azurermSubnetNetworkSecurityGroupAssociation resource.
-
serviceEndpoints- (Optional) The list of Service endpoints to associate with the subnet. Possible values include:microsoftAzureActiveDirectory,microsoftAzureCosmosDb,microsoftContainerRegistry,microsoftEventHub,microsoftKeyVault,microsoftServiceBus,microsoftSql,microsoftStorage, andmicrosoftWeb. -
serviceEndpointPolicyIds- (Optional) The list of IDs of Service Endpoint Policies to associate with the subnet.
A delegation block supports the following:
-
name- (Required) A name for this delegation. -
serviceDelegation- (Required) AserviceDelegationblock as defined below.
A serviceDelegation block supports the following:
-> NOTE: Delegating to services may not be available in all regions. Check that the service you are delegating to is available in your region using the Azure CLI. Also, actions is specific to each service type. The exact list of actions needs to be retrieved using the aforementioned Azure CLI.
-
name- (Required) The name of service to delegate to. Possible values aremicrosoftApiManagement/service,microsoftAzureCosmosDb/clusters,microsoftBareMetal/azureVMware,microsoftBareMetal/crayServers,microsoftBatch/batchAccounts,microsoftContainerInstance/containerGroups,microsoftContainerService/managedClusters,microsoftDatabricks/workspaces,microsoftDBforMySql/flexibleServers,microsoftDBforMySql/serversv2,microsoftDBforPostgreSql/flexibleServers,microsoftDBforPostgreSql/serversv2,microsoftDBforPostgreSql/singleServers,microsoftHardwareSecurityModules/dedicatedHsMs,microsoftKusto/clusters,microsoftLogic/integrationServiceEnvironments,microsoftLabServices/labplans,microsoftMachineLearningServices/workspaces,microsoftNetapp/volumes,microsoftNetwork/dnsResolvers,microsoftNetwork/managedResolvers,microsoftPowerPlatform/vnetaccesslinks,microsoftServiceFabricMesh/networks,microsoftSql/managedInstances,microsoftSql/servers,microsoftStoragePool/diskPools,microsoftStreamAnalytics/streamingJobs,microsoftSynapse/workspaces,microsoftWeb/hostingEnvironments,microsoftWeb/serverFarms,microsoftOrbital/orbitalGateways,nginxNginxplus/nginxDeployments,paloAltoNetworksCloudngfw/firewalls, andqumuloStorage/fileSystems. -
actions- (Optional) A list of Actions which should be delegated. This list is specific to the service to delegate to. Possible values aremicrosoftNetwork/networkinterfaces/*,microsoftNetwork/publicIpAddresses/join/action,microsoftNetwork/publicIpAddresses/read,microsoftNetwork/virtualNetworks/read,microsoftNetwork/virtualNetworks/subnets/action,microsoftNetwork/virtualNetworks/subnets/join/action,microsoftNetwork/virtualNetworks/subnets/prepareNetworkPolicies/action, andmicrosoftNetwork/virtualNetworks/subnets/unprepareNetworkPolicies/action.
-> NOTE: Azure may add default actions depending on the service delegation name and they can't be changed.
Attributes Reference
The following attributes are exported:
id- The subnet ID.name- (Required) The name of the subnet. Changing this forces a new resource to be created.resourceGroupName- (Required) The name of the resource group in which the subnet is created in.virtualNetworkName- (Required) The name of the virtual network in which the subnet is created in. Changing this forces a new resource to be created.addressPrefixes- (Required) The address prefixes for the subnet
Timeouts
The timeouts block allows you to specify timeouts for certain actions:
create- (Defaults to 30 minutes) Used when creating the Subnet.update- (Defaults to 30 minutes) Used when updating the Subnet.read- (Defaults to 5 minutes) Used when retrieving the Subnet.delete- (Defaults to 30 minutes) Used when deleting the Subnet.
Import
Subnets can be imported using the resourceId, e.g.