CloudWiki
Resource
Get a free AWS Well-Architected Assessment ->

Microsoft Azure

Virtual Network

Azure Virtual Network is a networking service that allows users to create and manage private networks within the Azure cloud environment. It provides a secure and isolated network environment for Azure resources, including virtual machines, storage accounts, and application services. With Azure Virtual Network, users can connect and isolate their resources within their own virtual network, and customize their network topology, IP addresses, and routing rules. Users can also create subnets within the virtual network and assign them to different resources based on their requirements. Azure Virtual Network provides a range of network security features, including network security groups (NSGs), which allow users to define inbound and outbound traffic rules for their virtual network. Users can also configure virtual private network (VPN) gateways to connect their virtual network to on-premises networks or other Azure virtual networks.‍
aws cost
Costs
Direct Cost
Indirect Cost
No items found.
Terraform Name
terraform
azurerm_virtual_network
Virtual Network
attributes:

The following arguments are supported:

  • name - (Required) The name of the virtual network. Changing this forces a new resource to be created.
  • resource_group_name - (Required) The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
  • address_space - (Required) The address space that is used the virtual network. You can supply more than one address space.
  • location - (Required) The location/region where the virtual network is created. Changing this forces a new resource to be created.
  • bgp_community - (Optional) The BGP community attribute in format <as-number>:<community-value>.

NOTE

The as-number segment is the Microsoft ASN, which is always 12076 for now.

  • ddos_protection_plan - (Optional) A ddos_protection_plan block as documented below.
  • dns_servers - (Optional) List of IP addresses of DNS servers

NOTE

Since dns_servers can be configured both inline and via the separate azurerm_virtual_network_dns_servers resource, we have to explicitly set it to empty slice ([]) to remove it.

  • edge_zone - (Optional) Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
  • flow_timeout_in_minutes - (Optional) The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
  • subnet - (Optional) Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.

NOTE

Since subnet can be configured both inline and via the separate azurerm_subnet resource, we have to explicitly set it to empty slice ([]) to remove it.

  • tags - (Optional) A mapping of tags to assign to the resource.

A ddos_protection_plan block supports the following:

  • id - (Required) The ID of DDoS Protection Plan.
  • enable - (Required) Enable/disable DDoS Protection Plan on Virtual Network.

The subnet block supports:

  • name - (Required) The name of the subnet.
  • address_prefix - (Required) The address prefix to use for the subnet.
  • security_group - (Optional) The Network Security Group to associate with the subnet. (Referenced by id, ie. azurerm_network_security_group.example.id)

Associating resources with a
Virtual Network
Resources do not "belong" to a
Virtual Network
Rather, one or more Security Groups are associated to a resource.
Create
Virtual Network
via Terraform:
The following HCL manages a virtual network including any configured subnets
Syntax:

resource "azurerm_resource_group" "example" {
 name     = "example-resources"
 location = "West Europe"
}

resource "azurerm_network_security_group" "example" {
 name                = "example-security-group"
 location            = azurerm_resource_group.example.location
 resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_virtual_network" "example" {
 name                = "example-network"
 location            = azurerm_resource_group.example.location
 resource_group_name = azurerm_resource_group.example.name
 address_space       = ["10.0.0.0/16"]
 dns_servers         = ["10.0.0.4", "10.0.0.5"]

 subnet {
   name           = "subnet1"
   address_prefix = "10.0.1.0/24"
 }

 subnet {
   name           = "subnet2"
   address_prefix = "10.0.2.0/24"
   security_group = azurerm_network_security_group.example.id
 }

 tags = {
   environment = "Production"
 }
}

Create
Virtual Network
via CLI:
Parametres:

az network vnet create --name
                      --resource-group
                      [--address-prefixes]
                      [--bgp-community]
                      [--ddos-protection {0, 1, f, false, n, no, t, true, y, yes}]
                      [--ddos-protection-plan]
                      [--dns-servers]
                      [--edge-zone]
                      [--enable-encryption {0, 1, f, false, n, no, t, true, y, yes}]
                      [--encryption-enforcement-policy {AllowUnencrypted, DropUnencrypted}]
                      [--flowtimeout]
                      [--location]
                      [--network-security-group]
                      [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                      [--subnet-name]
                      [--subnet-prefixes]
                      [--subnets]
                      [--tags]
                      [--vm-protection {0, 1, f, false, n, no, t, true, y, yes}]

Example:

az network vnet create -g MyResourceGroup -n MyVnet --address-prefix 10.0.0.0/16 --subnet-name MySubnet --subnet-prefixes 10.0.0.0/24

Best Practices for
Virtual Network

Categorized by Availability, Security & Compliance and Cost

No items found.
Explore all the rules our platform covers
Related blog posts
We haven't write about
Virtual Network
yet.
View all blog posts ->
More from
Microsoft Azure
AKS
Containers
Active Directory
Identity
App-Service Plan
App Services
Blob Storage
Storage
Bot
AI & Machine Learning
CDN Profile
App Services
Cache for Redis
Databases
Cosmos DB
Databases
Data Lake Storage
Storage
Disk Storage
Storage
Domain Service
Identity
Files
Storage
Firewall
Networking
Firewall Policy
Networking
Firewall Policy Rule Collection Group
Networking
Front Door
Networking
Function App
Compute
Group
Identity
Image
Compute
Network Interface
Networking
Network Security Group
Networking
PostgreSQL
Databases
Queue Storage
Storage
Resource Group
Management & Governance
Role Definition
Identity
Route Table
Networking
SQL Database
Databases
SQL Server
Databases
Snapshot
Compute
Storage Account
Storage
Subnet
Networking
User
Identity
Virtual Machine
Compute
Virtual Network
Networking