Thursday, July 2, 2026

Azure: VNet peerings to multiple VNets with Bicep and for-expression

 VNet peerings in Azure are slightly more complicated than other resources. The reason for this is that a single VNet peering consists of two distinct resources, a local peering and a remote peering - and the remote peering is often placed outside of the current resource group (or scope).

If both VNets are in the same resource group (RG), then it is straight forward. If, however, the remote VNet is in another resource group, but in the same subscription, or in another subscription altogether, then this must be handled separately.

With ARM templates, this can be done using nested templates.  For Bicep you must use a module (basically another Bicep file that is referenced from the main file).

In the template that I'll reference below, it has a for-expression, or a loop, so that multiple peerings can be created by just updating the parameters file.

If you specify just a VNet name and an RG, the template will assume the remote VNet is in the same subscription. If you add a subcriptionId to one or more objects in the array, it will look for the RG in that subscription.

Note that all VNets must already be deployed.



Below are the files including the module. Note that the module must not be deployed itself only referenced (that is if you have a pipeline set up for deployment).

bicep file

param file

module file