Search code examples
azuretemplatesazure-resource-managervnet

Azure ARM template vnet peering - subnets deleting

This is a known 'issue' from what I've gathered (https://github.com/Azure/azure-quickstart-templates/issues/2786)

I've build a python script that takes in a .csv and builds out an environment. All works fine. I have a second .csv that does peering, it works but making any changes to virtualNetworks after the fact (and not again specifying the subnets) deletes all subnets that were already there. You'd think I could just update my code to create the peerings on the fly in the same script, but I can't...incremental mode doesn't work. I'd like it to be a more dynamic and separate process.

Note: I'm also doing this across subscriptions, so that adds a bit of fun to the mix

Need some help understanding how I can go in after the fact and setup peerings:

Options I see:

  1. Specify again the subnets when doing the peerings - issue with this is that my code will end up getting a lot larger AND the .csv files will be ugly. Not very efficient but it'll work, I think.

  2. Use some kind of conditional in Python that'll perform the peerings at the time of initial build -- chicken and egg issue here and I still can't go back in and peer after the fact. Not to mention that I have a hub/spoke situation going on... so that'll be a lot to work through.

  3. Can you even do this with nesting?

Also, a 'feature' of my script is that it'll spit out all of the completed ARM templates and parameters files when it is done. The whole idea is to make the initiator only have to fill out the .csv to make it all go.

Hopefully I'm missing something. Can post code but there is a lot and it's fairly straight forward.

EDIT: Remove child-parent comment I made which seemed to make it difficult to understand the issue.

Solution

  • this is how you create a peering without modifying other vnet properties:

    {
    "apiVersion": "2017-04-01",
    "name": "%vnetname%/%peeringName%",
    "location": "%location%",
    "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
    "properties": {
        "remoteVirtualNetwork": {
            "id": "[resourceId('Microsoft.Network/virtualNetworks', '%vnetName%')]"
        },
        "allowVirtualNetworkAccess": true,
        "allowForwardedTraffic": false,
        "allowGatewayTransit": false,
        "useRemoteGateways": false
    }
}

    note, you need to do this twice, one time for each vnet. doing it only on one vnets doesnt achieve anything really.