azurermVirtualNetwork
Manages a virtual network including any configured subnets. Each subnet can optionally be configured with a security group to be associated with the subnet.
\~> NOTE on Virtual Networks and Subnets: Terraform currently provides both a standalone Subnet resource, and allows for Subnets to be defined in-line within the Virtual Network resource. At this time you cannot use a Virtual Network with in-line Subnets in conjunction with any Subnet resources. Doing so will cause a conflict of Subnet configurations and will overwrite subnets.
\~> NOTE on Virtual Networks and DNS Servers: Terraform currently provides both a standalone virtual network DNS Servers resource, and allows for DNS servers to be defined in-line within the Virtual Network resource. At this time you cannot use a Virtual Network with in-line DNS servers in conjunction with any Virtual Network DNS Servers resources. Doing so will cause a conflict of Virtual Network DNS Servers configurations and will overwrite virtual networks DNS servers.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermNetworkSecurityGroupExample =
new azurerm.networkSecurityGroup.NetworkSecurityGroup(this, "example_1", {
location: azurermResourceGroupExample.location,
name: "example-security-group",
resource_group_name: azurermResourceGroupExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkSecurityGroupExample.overrideLogicalId("example");
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
this,
"example_2",
{
address_space: ["10.0.0.0/16"],
dns_servers: ["10.0.0.4", "10.0.0.5"],
location: azurermResourceGroupExample.location,
name: "example-network",
resource_group_name: azurermResourceGroupExample.name,
subnet: [
{
address_prefix: "10.0.1.0/24",
name: "subnet1",
},
{
address_prefix: "10.0.2.0/24",
name: "subnet2",
security_group: azurermNetworkSecurityGroupExample.id,
},
],
tags: {
environment: "Production",
},
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
-
name- (Required) The name of the virtual network. Changing this forces a new resource to be created. -
resourceGroupName- (Required) The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created. -
addressSpace- (Required) The address space that is used the virtual network. You can supply more than one address space. -
location- (Required) The location/region where the virtual network is created. Changing this forces a new resource to be created.
bgpCommunity- (Optional) The BGP community attribute in format<asNumber>:<communityValue>.
-> NOTE The asNumber segment is the Microsoft ASN, which is always 12076 for now.
-
ddosProtectionPlan- (Optional) AddosProtectionPlanblock as documented below. -
dnsServers- (Optional) List of IP addresses of DNS servers
-> NOTE Since dnsServers can be configured both inline and via the separate azurermVirtualNetworkDnsServers resource, we have to explicitly set it to empty slice ([]) to remove it.
-
edgeZone- (Optional) Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created. -
flowTimeoutInMinutes- (Optional) The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between4and30minutes. -
subnet- (Optional) Can be specified multiple times to define multiple subnets. Eachsubnetblock supports fields documented below.
-> NOTE Since subnet can be configured both inline and via the separate azurermSubnet resource, we have to explicitly set it to empty slice ([]) to remove it.
tags- (Optional) A mapping of tags to assign to the resource.
A ddosProtectionPlan block supports the following:
-
id- (Required) The ID of DDoS Protection Plan. -
enable- (Required) Enable/disable DDoS Protection Plan on Virtual Network.
The subnet block supports:
-
name- (Required) The name of the subnet. -
addressPrefix- (Required) The address prefix to use for the subnet. -
securityGroup- (Optional) The Network Security Group to associate with the subnet. (Referenced byid, ie.azurermNetworkSecurityGroupExampleId)
Attributes Reference
The following attributes are exported:
-
id- The virtual NetworkConfiguration ID. -
name- (Required) The name of the virtual network. Changing this forces a new resource to be created. -
resourceGroupName- (Required) The name of the resource group in which to create the virtual network. -
location- (Required) The location/region where the virtual network is created. Changing this forces a new resource to be created. -
addressSpace- (Required) The list of address spaces used by the virtual network. -
guid- The GUID of the virtual network. -
subnet- (Optional) One or moresubnetblocks as defined below.
The subnet block exports:
id- The ID of this subnet.
Timeouts
The timeouts block allows you to specify timeouts for certain actions:
create- (Defaults to 30 minutes) Used when creating the Virtual Network.update- (Defaults to 30 minutes) Used when updating the Virtual Network.read- (Defaults to 5 minutes) Used when retrieving the Virtual Network.delete- (Defaults to 30 minutes) Used when deleting the Virtual Network.
Import
Virtual Networks can be imported using the resourceId, e.g.