I am trying to deploy a VM using ARM template and static IP. My vnet is in network resource group and I am creating my NIC in compute resource group with VM. My ARM template is failing because it is trying to search the vnet/subnet under compute resource group while creating VM NIC... How to handle this situation ?
you need to provide the proper resourceId to the NIC while attaching it to the vnet\subnet, like this:
"subnet": {
"id": "[resourceId('resourceGroupName', 'Microsoft.Network/virtualNetworks/Subnets', 'vnetName', 'subnetName')]",
},
where resourceGroupName is the name of the resourceGroup your vnet resides in. you can pick a vnet in a different subscription with this function as well. or you can just "calculate" it with concat function, or outside of the template.
more reading: https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-functions-resource#resourceid
Related
I am trying to implement a strategy where I can create a NSG in one Azure subscription and use the same NSG resource to attach to any VMs or NICs created in other subscriptions and resource groups.
How can this implementation work via Terraform where I want to attach a single (default) NSG (created in a separate subscription) to multiple VMs and NICs in other subscriptions?
Default NSG for all Azure Subscriptions via Terraform:
Rules defined for a certain network security group with some network security rules will only apply to that resource group. As a result of this limitation for network security groups, it is not feasible to access an NSG in subscriptions other than the existing ones.
You cannot access an NSG that exists in one subscription in another, even though it is provided in the same region.
If you need to add network security in other subscriptions, you can consider the following methods:
Add multiple subscriptions in provider using alias while deploying Terraform code, as mentioned article by #Jeff Brown.
provider "azurerm"{
alias = "xx"
subscription = "subscription1"
features{}
}
provider "azurerm"{
alias = "xxdev"
subscription = "subscription2"
features{}
}
resource "azurerm_network_security_group" "example"{
//Add configuration
}
Note: Include azurerm providers to deploy the same NSG or any Azure resource across multiple subscriptions provided by subscription Ids.
terraform import can be used to import existing resources from anywhere.
terraform import azurerm_network_security_group.<NSG> <ResourceID>
Output:
I am having one resource group in my azure subscription name "demoterraform"
Now I would like to create one windows VM in this resource group, So I don't deploy new VM in existing resource group.
Use the azurerm_resource_group data source.
data "azurerm_resource_group" "demo" {
name = "demoterraform"
}
in the rest of the code you can refer to it with a similar expression data.azurerm_resource_group.demo.id.
I have an Azure pipeline that creates a new DevTest Lab VM from an Azure Resource Manager (ARM) template. That works great but a new resource group is created for the VM. I would like to specify an existing resource group the VM should belong to but I can't figure out how to configure this in the Azure DevTest Labs Create VM task or in the ARM template JSON file.
I found one example that provided a resourceGroup parameter as part of the resources object in the JSON but that that gives me an invalid template error:
...
"resources": [
{
...
"type": "Microsoft.DevTestLab/labs/virtualmachines",
"name": "[variables('vmName')]",
"resourceGroup": "[parameters('cdResourceGroup')]",
...
}
]
...
This seems like something that should be fairly straightforward but I haven't been able to find this documented.
What I am trying to do is not supported. Looking for other solutions.
Azure DevTest Lab VMs cannot belong to existing resource groups (besides the lab's common resource group). The lab can be configured so that all VMs in the lab belong to a single common resource group or each VM will belong to it's own resource group that is created with the VM (the default). See this Azure DevTest Labs FAQ.
To configure via the Azure portal: Select the lab > "Configuration and policies" > "Lab settings"
2 subnets (A and B) each have 1 VM in them. Each VM and its resources has its own unique resource group value, which is different from the VNet/Subnet resource group value. The ARM template which was used to create the VNet and 2 subnets, gets its related ARM template parameters updated, to make the subnet CIDR of subnet B larger. Is it possible to do an incremental deployment that simply makes a subnet larger?
Yes, unless something is assigned to the subnet. You cant alter a subnet if something is assigned to it
I am creating JSON file for ARM template to deploy Azure VM and its dependent resources.
I have created RHEL VM with following resources(all are newly created):-
Storage Account
Diagnostic Storage Account
Virtual Network
Network Interface
Public IP Address
Network Security Group
Now I want to create Azure VM with existing Vnet, Subnet or new Vnet, subnet. Is there any example I can follow up. How can I do so?
Now I want to create Azure VM with existing Vnet
You could refer to this example.
If you want to more templates, you could search the templates gallery to discover what you need.
or new Vnet, subnet.
You could refer to this example, just use an existing resource group.
This is pretty straightforward with Microsoft's documentation.
The challenge here usually lies with understanding the dependencies. In that example, you aren't saying I want this VM to launch in this Vnet, you are saying, "I want this VM to use this NIC which is associated with this Subnet of this Vnet"
It is easiest to just use the example provided at the bottom of that link and work your way forward. With your case, you will end up being able to simply remove the Vnet resource block and add your own Vnet's properties in.
This is an extra tool for working with ARM templates.