Skip to content

azurermVirtualNetworkPeering

Manages a virtual network peering which allows resources to access other resources in the linked virtual network.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "peeredvnets-rg",
  }
);
const azurermVirtualNetworkExample1 = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example-1",
  {
    address_space: ["10.0.1.0/24"],
    location: azurermResourceGroupExample.location,
    name: "peternetwork1",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
const azurermVirtualNetworkExample2 = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example-2",
  {
    address_space: ["10.0.2.0/24"],
    location: azurermResourceGroupExample.location,
    name: "peternetwork2",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
const azurermVirtualNetworkPeeringExample1 =
  new azurerm.virtualNetworkPeering.VirtualNetworkPeering(this, "example-1_3", {
    name: "peer1to2",
    remote_virtual_network_id: azurermVirtualNetworkExample2.id,
    resource_group_name: azurermResourceGroupExample.name,
    virtual_network_name: azurermVirtualNetworkExample1.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkPeeringExample1.overrideLogicalId("example-1");
const azurermVirtualNetworkPeeringExample2 =
  new azurerm.virtualNetworkPeering.VirtualNetworkPeering(this, "example-2_4", {
    name: "peer2to1",
    remote_virtual_network_id: azurermVirtualNetworkExample1.id,
    resource_group_name: azurermResourceGroupExample.name,
    virtual_network_name: azurermVirtualNetworkExample2.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkPeeringExample2.overrideLogicalId("example-2");

Example Usage (Global virtual network peering)

import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
/*Terraform Variables are not always the best fit for getting inputs in the context of Terraform CDK.
You can read more about this at https://cdk.tf/variables*/
const location = new cdktf.TerraformVariable(this, "location", {
  default: ["uksouth", "southeastasia"],
});
const vnetAddressSpace = new cdktf.TerraformVariable(
  this,
  "vnet_address_space",
  {
    default: ["10.0.0.0/16", "10.1.0.0/16"],
  }
);
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: `\${element(${location.value}, count.index)}`,
    name: "rg-global-vnet-peering-${count.index}",
  }
);
/*In most cases loops should be handled in the programming language context and 
not inside of the Terraform context. If you are looping over something external, e.g. a variable or a file input
you should consider using a for loop. If you are looping over something only known to Terraform, e.g. a result of a data source
you need to keep this like it is.*/
azurermResourceGroupExample.addOverride(
  "count",
  `\${length(${location.value})}`
);
const azurermVirtualNetworkVnet = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "vnet",
  {
    address_space: [`\${element(${vnetAddressSpace.value}, count.index)}`],
    location: `\${element(${azurermResourceGroupExample.fqn}.*.location, count.index)}`,
    name: "vnet-${count.index}",
    resource_group_name: `\${element(${azurermResourceGroupExample.fqn}.*.name, count.index)}`,
  }
);
/*In most cases loops should be handled in the programming language context and 
not inside of the Terraform context. If you are looping over something external, e.g. a variable or a file input
you should consider using a for loop. If you are looping over something only known to Terraform, e.g. a result of a data source
you need to keep this like it is.*/
azurermVirtualNetworkVnet.addOverride("count", `\${length(${location.value})}`);
const azurermVirtualNetworkPeeringPeering =
  new azurerm.virtualNetworkPeering.VirtualNetworkPeering(this, "peering", {
    allow_forwarded_traffic: true,
    allow_gateway_transit: false,
    allow_virtual_network_access: true,
    name: `peering-to-\${element(${azurermVirtualNetworkVnet.fqn}.*.name, 1 - count.index)}`,
    remote_virtual_network_id: `\${element(${azurermVirtualNetworkVnet.fqn}.*.id, 1 - count.index)}`,
    resource_group_name: `\${element(${azurermResourceGroupExample.fqn}.*.name, count.index)}`,
    virtual_network_name: `\${element(${azurermVirtualNetworkVnet.fqn}.*.name, count.index)}`,
  });
/*In most cases loops should be handled in the programming language context and 
not inside of the Terraform context. If you are looping over something external, e.g. a variable or a file input
you should consider using a for loop. If you are looping over something only known to Terraform, e.g. a result of a data source
you need to keep this like it is.*/
azurermVirtualNetworkPeeringPeering.addOverride(
  "count",
  `\${length(${location.value})}`
);
const azurermSubnetNva = new azurerm.subnet.Subnet(this, "nva", {
  address_prefix: `\${cidrsubnet(
    element(
      ${azurermVirtualNetworkVnet.fqn}[count.index].address_space,
      count.index,
    ),
    13,
    0,
  )}`,
  name: "nva",
  resource_group_name: `\${element(${azurermResourceGroupExample.fqn}.*.name, count.index)}`,
  virtual_network_name: `\${element(${azurermVirtualNetworkVnet.fqn}.*.name, count.index)}`,
});
/*In most cases loops should be handled in the programming language context and 
not inside of the Terraform context. If you are looping over something external, e.g. a variable or a file input
you should consider using a for loop. If you are looping over something only known to Terraform, e.g. a result of a data source
you need to keep this like it is.*/
azurermSubnetNva.addOverride("count", `\${length(${location.value})}`);

Example Usage (Triggers)

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "peeredvnets-rg",
  }
);
const azurermVirtualNetworkExample1 = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example-1",
  {
    address_space: ["10.0.1.0/24"],
    location: azurermResourceGroupExample.location,
    name: "peternetwork1",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
const azurermVirtualNetworkExample2 = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example-2",
  {
    address_space: ["10.0.2.0/24"],
    location: azurermResourceGroupExample.location,
    name: "peternetwork2",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
const azurermVirtualNetworkPeeringExample1 =
  new azurerm.virtualNetworkPeering.VirtualNetworkPeering(this, "example-1_3", {
    name: "peer1to2",
    remote_virtual_network_id: azurermVirtualNetworkExample2.id,
    resource_group_name: azurermResourceGroupExample.name,
    triggers: [
      {
        remote_address_space: `\${join(",", ${azurermVirtualNetworkExample2.addressSpace})}`,
      },
    ],
    virtual_network_name: azurermVirtualNetworkExample1.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkPeeringExample1.overrideLogicalId("example-1");
const azurermVirtualNetworkPeeringExample2 =
  new azurerm.virtualNetworkPeering.VirtualNetworkPeering(this, "example-2_4", {
    name: "peer2to1",
    remote_virtual_network_id: azurermVirtualNetworkExample1.id,
    resource_group_name: azurermResourceGroupExample.name,
    triggers: [
      {
        remote_address_space: `\${join(",", ${azurermVirtualNetworkExample1.addressSpace})}`,
      },
    ],
    virtual_network_name: azurermVirtualNetworkExample2.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkPeeringExample2.overrideLogicalId("example-2");

Argument Reference

The following arguments are supported:

  • name - (Required) The name of the virtual network peering. Changing this forces a new resource to be created.

  • virtualNetworkName - (Required) The name of the virtual network. Changing this forces a new resource to be created.

  • remoteVirtualNetworkId - (Required) The full Azure resource ID of the remote virtual network. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The name of the resource group in which to create the virtual network peering. Changing this forces a new resource to be created.

  • allowVirtualNetworkAccess - (Optional) Controls if the VMs in the remote virtual network can access VMs in the local virtual network. Defaults to true.

  • allowForwardedTraffic - (Optional) Controls if forwarded traffic from VMs in the remote virtual network is allowed. Defaults to false.

  • allowGatewayTransit - (Optional) Controls gatewayLinks can be used in the remote virtual network’s link to the local virtual network. Defaults to false.

  • useRemoteGateways - (Optional) Controls if remote gateways can be used on the local virtual network. If the flag is set to true, and allowGatewayTransit on the remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Defaults to false.

-> NOTE: useRemoteGateways must be set to false if using Global Virtual Network Peerings.

  • triggers - (Optional) A mapping of key values pairs that can be used to sync network routes from the remote virtual network to the local virtual network. See the trigger example for an example on how to set it up.

Attributes Reference

The following attributes are exported:

  • id - The ID of the Virtual Network Peering.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Virtual Network Peering.
  • update - (Defaults to 30 minutes) Used when updating the Virtual Network Peering.
  • read - (Defaults to 5 minutes) Used when retrieving the Virtual Network Peering.
  • delete - (Defaults to 30 minutes) Used when deleting the Virtual Network Peering.

Note

Virtual Network peerings cannot be created, updated or deleted concurrently.

Import

Virtual Network Peerings can be imported using the resourceId, e.g.

terraform import azurerm_virtual_network_peering.examplePeering /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/virtualNetworks/myvnet1/virtualNetworkPeerings/myvnet1peering