I am trying to write an ARM template to create a Resource Group and a Virtual Network with a Network Security Group (eventually I want a Network Interface, Public IP, and a VM in there as well). I can't figure out how to link the newly created Network Security Group to the Virtual Network.
This is my template so far. Both the dependsOn and subnets.properties.id links are not working.
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string"
}
},
"variables": {
"uniqueID": "[uniqueString(subscription().subscriptionId)]",
"resourceGroupName": "[concat(parameters('name'), '-RG-', variables('uniqueID'))]",
"nestedDeploymentName": "[concat(parameters('name'), '-NDEPL-', variables('uniqueID'))]",
"subnetName": "[concat(parameters('name'),'-SUBNET-', variables('uniqueID'))]",
"virtualNetworkName": "[concat(parameters('name'),'-VNET-', variables('uniqueID'))]",
"networkSecurityGroupName": "[concat(parameters('name'),'-NSG-', variables('uniqueID'))]"
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"name": "[variables('resourceGroupName')]",
"apiVersion": "2019-10-01",
"location": "westeurope",
"tags": {
// TODO add some tags for easier monitoring
}
},
{
"type": "Microsoft.Resources/deployments",
"name": "[variables('nestedDeploymentName')]",
"apiVersion": "2019-10-01",
"resourceGroup": "[variables('resourceGroupName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups',variables('resourceGroupName'))]"
],
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2020-05-01",
"name": "[variables('networkSecurityGroupName')]",
"location": "westeurope",
"properties": {
"securityRules": [
{
"name": "SSH",
"properties": {
"protocol": "TCP",
"sourcePortRange": "*",
"destinationPortRange": "22",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 300,
"direction": "Inbound"
}
}
]
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2020-05-01",
"name": "[variables('virtualNetworkName')]",
"location": "westeurope",
"dependsOn": [
"[resourceId(subscription().subscriptionId, variables('resourceGroupName'),'Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]"
],
"properties": {
"addressSpace": {
"addressPrefixes": ["10.1.1.0/24"]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "10.1.1.0/24",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]"
}
}
}
]
}
}
]
}
}
}
]
}
I am getting this error.
Unable to process template language expressions for resource '/subscriptions/2c9ecdfxxxxx/resourceGroups/moglum-test1-RG-cagtkca6aky5o/providers/Microsoft.Resources/deployments/moglum-test1-NDEPL-cagtkca6aky5o' at line '52' and column '5'. 'Unable to evaluate template language function 'resourceId': function requires fully qualified resource type 'Microsoft.Network/networkSecurityGroups' as one of first three arguments for resource at resource group scope, or first two arguments for resource at subscription scope. Please see https://aka.ms/arm-template-expressions/#resourceid for usage details.
Thanks
I eventually found a solution by switching:
"expressionEvaluationOptions": {
"scope": "inner"
},
and passing both the original parameters and my generated uniqueID as parameters into the nested template. With the scope set to inner, I can use the simple variant of resourceId() to link the Resources together in the nested template.
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2020-05-01",
"name": "[variables('networkInterfaceName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]",
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]"
}
}
}
]
}
},```