anyone know if it is possible to create app gw with azure cli, when my vnet is in different resource group, not in the same as i'm creating the application gateway in? It seems az command doesnt let me provide --vnet-name id of vnet. If i provide the name of it, it just created new on in same resource group where i'm creating the app gateway.
Is it possible to reference the vnet from another resource group when using command - az network application-gateway create? As it seems from parameters only subnet supports the reference by ID... Is there a workaround?
--subnet
Name or ID of the subnet. Will create resource if it does not exist. If name specified, also specify --vnet-name.
--vnet-name
The virtual network (VNet) name.
Yeah. In Azure, there are many resources and sub-resources. Most have the ID that represents the unique one in Azure. For Subnet, it belongs to Vnet. If it exists and the ID can only refer to it.
So if you want to reference the existing subnet of a Vnet in Azure you just need to reference its ID. In addition, the Application Gateway needs an empty subnet and there should be no resource in it. You should pay attention to this point.
Got this answered by #Charles Xu.
The subnet always in a Vnet. If you reference the subnet it also means reference the Vnet. – Charles Xu
Related
I'm having some trouble attaching a NIC (in resource group A) to a subnet belonging to a Vnet and NSG in a different resource group (say B). I have Contributor role in resource group A, but only Reader role in resource group B. Is this possible? If so, what am I doing wrong? Here's what it looks like (with UIDs shortened).
% az network nic create --resource-group A --name bastion-nic --vnet-name VN-B --subnet SubnetB
(InvalidResourceReference) Resource /subscriptions/40ef-b75f-c05a034bf2ff/resourceGroups/A/providers/Microsoft.Network/virtualNetworks/VN-B/subnets/SubnetB referenced by resource /subscriptions/b75f-c05a034bf2ff/resourceGroups/A/providers/Microsoft.Network/networkInterfaces/bastion-nic was not found. Please make sure that the referenced resource exists, and that both resources are in the same region.
Code: InvalidResourceReference
I tested the same scenario in my environment .
Scenario: I created a user , 2 resource groups i.e. contributorTest with Contributor access for the user and readerTest with Reader access for the user.
If I use the command you are using then it gives me the same error message as you. To describe the issue when you are using vnet-name, the command thinks that the vnet is also present in the same resource which has been mentioned in the command.
az network nic create --resource-group contributorTest --name bastion-nic --vnet-name ansumantest-vnet --subnet default
So , for example in the above command resource group is contributorTest and we have just provided vnet name and subnet name , which it thinks is present in the same group. So it throws the error as below:
As a Solution you can use the below command to create NIC if the VNet is in different resource group:
az network nic create --resource-group contributorTest --name bastion-nic --subnet /subscriptions/subID/resourceGroups/readerTest/providers/Microsoft.Network/virtualNetworks/ansumantest-vnet/subnets/default
In the above command , we are not providing vnet name & subnet name , as a alternative we have provided the resourceID of the subnet.
Note: The above solution should work only if you have contributor access on both the resource group , in your case you will be getting the below error:
To describe the issue here, while you are creating a NIC it requires to join that NIC to the Subnet which you have specified but as you have reader access only on the VNET resource group it doesn't allow you to join the NIC and subnet.
So , Final solution can be :
Either have the VNET and subnet in the same resource group you are creating NIC on and have a Contributor access on it and use the command you are using .
Grant Contributor Access to the user for the second resource group and use the second Command that I have mentioned as a solution.
Output for the second command after providing contributor access for both the resource groups:
I have a resource group for my vnet (rg-private-vnet) and one for my webapp and sql server (rg-webapp). Now I want to create a private endpoint for my SQl server in the rg-webapp.
This works in case the private endpoint is created in the resource group from he vnet. But I want it to be located in the resource group of the sql server.
I used:
az network private-endpoint create --name $sqlPrivateEndpoint --resource-group $resourceGroupVnet --vnet-name $vnetName --subnet $sqlSubnetName --private-connection-resource-id $id --connection-name mySqlConnection --group-id sqlServer
In case I use the rg-webapp I got the error:
(InvalidResourceReference) Resource /subscriptions/XXX/[...} referenced by resource /subscriptions/XXX/[...] was not found. Please make sure that the referenced resource exists, and that both resources are in the same region.
with the rg-private-vnet it works. In the azure portal it is no problem to create the endpoint in the rg-webapp resource group. I don't see any more parameters to create it in a diffrent rg.
According to the documentation you need to provide the resource id of the subnet to the --subnet parameter (instead of the subnet name) and skip the --vnet-name parameter if the subnet resides in a different resource group:
--subnet Name or ID of an existing subnet. If name specified, also specify --vnet-name. If you want to use an existing subnet in other resource group or subscription, please provide the ID instead of the name of the subnet and do not specify the --vnet-name. (az network private-endpoint | Microsoft Docs)
While creating aks cluster by using terraform and using existing values like resource group, vnet, subnet, network security group,
Deployment creating additional resource group, network security group, dns zone.
Do you have any idea how to stop that or disable?
Creating new RG with name MC_RG_XXXXXXXX
Good things:
Cluster getting created by using existing Vnet, subnet, cluster linked with existing RG but its creating network security Group and DNS Zones with new RG.
Any idea?
This is an automatic resource group created to house the cluster https://learn.microsoft.com/en-us/azure/aks/faq#why-are-two-resource-groups-created-with-aks , there is an option in preview to specify the name of this resource group using Azure CLI and within an ARM template https://learn.microsoft.com/en-us/azure/aks/faq#can-i-provide-my-own-name-for-the-aks-node-resource-group.
I'm not sure how this will map in Terraform though.
I want to check if a vpn gateway connection is given to a vnet through a powershell command given a vnet name.
I have created 2 vnets in 2 different resource groups and enabled peering.
You can use command in following manners
First get virtual network object from azure from following command:
Vnet_object = Get-AzVirtualNetwork -Name MyVirtualNetwork -ResourceGroupName TestResourceGroup
"Vnet_object" will be of type "PSVirtualNetworkGateway"
Pass this object in following command and you will get virtual network gateway if it is connected to that Vnet.
Get-AzVirtualNetworkGatewayVpnClientConnectionHealth
-InputObject
Link for above command: https://learn.microsoft.com/en-us/powershell/module/az.network/get-azvirtualnetworkgatewayvpnclientconnectionhealth?view=azps-2.4.0
If I'm not understanding you correctly, please let me know. It seems that you want to know if a VNet has gateway connected when you have enabled VNet peering.
You could use Azure PowerShell (Get-AzVirtualNetwork -ResourceGroupName $myrg -Name $myVnet).VirtualNetworkPeerings, then you will check the value of parameter AllowGatewayTransit and UseRemoteGateways. One of those values is true, this vNet has a connecting gateway.
Additionally, the new Az module is used for Azure Resource Manager model, it's recommended to migrate Azure PowerShell from AzureRM to Az. If you still use the old AzureRM module, you could replace Get-AzVirtualNetwork with Get-azurermVirtualNetwork.
I am creating JSON file for ARM template to deploy Azure VM and its dependent resources.
I have created RHEL VM with following resources(all are newly created):-
Storage Account
Diagnostic Storage Account
Virtual Network
Network Interface
Public IP Address
Network Security Group
Now I want to create Azure VM with existing Vnet, Subnet or new Vnet, subnet. Is there any example I can follow up. How can I do so?
Now I want to create Azure VM with existing Vnet
You could refer to this example.
If you want to more templates, you could search the templates gallery to discover what you need.
or new Vnet, subnet.
You could refer to this example, just use an existing resource group.
This is pretty straightforward with Microsoft's documentation.
The challenge here usually lies with understanding the dependencies. In that example, you aren't saying I want this VM to launch in this Vnet, you are saying, "I want this VM to use this NIC which is associated with this Subnet of this Vnet"
It is easiest to just use the example provided at the bottom of that link and work your way forward. With your case, you will end up being able to simply remove the Vnet resource block and add your own Vnet's properties in.
This is an extra tool for working with ARM templates.