When creating a VNet peering between two VNets, this has to be configured separately on both VNets as it's two separate peerings. If instead you want to configure both VNet peerings in the same ARM template, this can be done using nested templates.
The resource type to use for peering is: "Microsoft.Network/virtualNetworks/virtualNetworkPeerings"
It's a standalone resource but is typically added together with VNet ARM template.
The ARM template first adds the VNet peering on the current or the spoke VNet and the nested template creates an additional peering which is configured on the remote or hub VNet pointing back to the current/spoke VNet. The nested peering is required because the deployment of the Hub peering is not in the same resource group as the current deployment.
I've uploaded the full files to Github. This file (VNet-with-nested-peering.json and its parameters file) will deploy a VNet, a subnet, an NSG and the two VNet peerings. You just have to update the parameters file.
Below is shown the code specific to the VNet peerings (it doesn't format well below, but you can copy and paste it into a separate file if needed or preferably use the Github link above):
-----------------
{
"name": "[concat(parameters('VNet_name'), variables('spokePeeringName'))]",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"apiVersion": "2019-11-01",
"dependsOn": [
"[parameters('VNet_name')]"
],
"properties": {
"allowVirtualNetworkAccess": true,
"allowForwardedTraffic": true,
"allowGatewayTransit": false,
"useRemoteGateways": false,
"remoteVirtualNetwork": {
"id": "[resourceid(parameters('HubSubscriptionId'), parameters('hubVnetRG'), 'Microsoft.Network/virtualNetworks', parameters('hubVnetName'))]"
}
}
},
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('hubVnetRG')]",
"subscriptionId": "[parameters('HubSubscriptionId')]",
"dependsOn": [
"[resourceId(variables('currentSub'), variables('currentRg'), 'Microsoft.Network/virtualNetworks', parameters('VNet_name')) ]",
"[concat(resourceId(variables('currentSub'), variables('currentRG'), 'Microsoft.Network/virtualNetworks', parameters('VNet_name')), '/virtualNetworkPeerings',variables('spokePeeringName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "[concat(parameters('hubVnetName'), variables('hubPeeringName'))]",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"apiVersion": "2019-11-01",
"properties": {
"allowVirtualNetworkAccess": true,
"allowForwardedTraffic": true,
"allowGatewayTransit": false,
"useRemoteGateways": false,
"remoteVirtualNetwork": {
"id": "[resourceId(variables('currentSub'), variables('currentRg'), 'Microsoft.Network/virtualNetworks', parameters('VNet_name')) ]"
}
}
}
]
}
}
}
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.