Virtual Network

Azure Virtual Network is a networking service that allows users to create and manage private networks within the Azure cloud environment. It provides a secure and isolated network environment for Azure resources, including virtual machines, storage accounts, and application services. With Azure Virtual Network, users can connect and isolate their resources within their own virtual network, and customize their network topology, IP addresses, and routing rules. Users can also create subnets within the virtual network and assign them to different resources based on their requirements. Azure Virtual Network provides a range of network security features, including network security groups (NSGs), which allow users to define inbound and outbound traffic rules for their virtual network. Users can also configure virtual private network (VPN) gateways to connect their virtual network to on-premises networks or other Azure virtual networks.‍

Terraform Name

azurerm_virtual_network

Virtual Network

attributes:

The following arguments are supported:

name - (Required) The name of the virtual network. Changing this forces a new resource to be created.
resource_group_name - (Required) The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
address_space - (Required) The address space that is used the virtual network. You can supply more than one address space.
location - (Required) The location/region where the virtual network is created. Changing this forces a new resource to be created.

bgp_community - (Optional) The BGP community attribute in format <as-number>:<community-value>.

NOTE

The as-number segment is the Microsoft ASN, which is always 12076 for now.

ddos_protection_plan - (Optional) A ddos_protection_plan block as documented below.
dns_servers - (Optional) List of IP addresses of DNS servers

NOTE

Since dns_servers can be configured both inline and via the separate azurerm_virtual_network_dns_servers resource, we have to explicitly set it to empty slice ([]) to remove it.

edge_zone - (Optional) Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
flow_timeout_in_minutes - (Optional) The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
subnet - (Optional) Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.

NOTE

Since subnet can be configured both inline and via the separate azurerm_subnet resource, we have to explicitly set it to empty slice ([]) to remove it.

tags - (Optional) A mapping of tags to assign to the resource.

A ddos_protection_plan block supports the following:

id - (Required) The ID of DDoS Protection Plan.
enable - (Required) Enable/disable DDoS Protection Plan on Virtual Network.

The subnet block supports:

name - (Required) The name of the subnet.
address_prefix - (Required) The address prefix to use for the subnet.
security_group - (Optional) The Network Security Group to associate with the subnet. (Referenced by id, ie. azurerm_network_security_group.example.id)

‍

Associating resources with a

Virtual Network

Resources do not "belong" to a

Virtual Network

Rather, one or more Security Groups are associated to a resource.

Create

Virtual Network

via Terraform:

The following HCL manages a virtual network including any configured subnets

Syntax:

resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}

resource "azurerm_network_security_group" "example" {
name = "example-security-group"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_virtual_network" "example" {
name = "example-network"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
dns_servers = ["10.0.0.4", "10.0.0.5"]

subnet {
name = "subnet1"
address_prefix = "10.0.1.0/24"
}

subnet {
name = "subnet2"
address_prefix = "10.0.2.0/24"
security_group = azurerm_network_security_group.example.id
}

tags = {
environment = "Production"
}
}

Create

Virtual Network

via CLI:

Parametres:

az network vnet create --name
--resource-group
[--address-prefixes]
[--bgp-community]
[--ddos-protection {0, 1, f, false, n, no, t, true, y, yes}]
[--ddos-protection-plan]
[--dns-servers]
[--edge-zone]
[--enable-encryption {0, 1, f, false, n, no, t, true, y, yes}]
[--encryption-enforcement-policy {AllowUnencrypted, DropUnencrypted}]
[--flowtimeout]
[--location]
[--network-security-group]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--subnet-name]
[--subnet-prefixes]
[--subnets]
[--tags]
[--vm-protection {0, 1, f, false, n, no, t, true, y, yes}]

Example:

az network vnet create -g MyResourceGroup -n MyVnet --address-prefix 10.0.0.0/16 --subnet-name MySubnet --subnet-prefixes 10.0.0.0/24

Costs

Direct Cost

Indirect Cost

No items found.

Best Practices for

Virtual Network

Categorized by Availability, Security & Compliance and Cost

Medium

AMI (Amazon Machine Images) not in use

AWS Cost Optimization