azureazure-resource-managerazure-rm-templateazure-subscription
Azure ARM template vnet peering different subscriptions
I am trying to do the vnet peering for existing vnets in different subscriptions(hub and spoke model). I want to give the subscription id dynamically (not hardcoded). I know we can use the susbcription().id for same subscription but what is the function for different subscription
Solution
As mentioned in comments , there is no function to get the subscription B id when you are deploying the template in subscription A . You have to manually provide the Subscription B id as mentioned in this Microsoft Document.
Example:
You can use the below template for vnet peering of VNETS in different subscriptions:
{
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vnetAName": {
"type": "string",
"defaultValue":"ansuman-vnet",
"metadata": {
"description": "Name of the first VNET"
}
},
"vnetBName": {
"type": "string",
"defaultValue":"vnet-ansuman",
"metadata": {
"description": "Name of the Second VNET"
}
},
"vnetAPrefix": {
"type": "string",
"defaultValue": "10.0.0.0/16",
"metadata": {
"description": "Prefix of the first VNET"
}
},
"vnetBPrefix": {
"type": "string",
"defaultValue": "10.1.0.0/16",
"metadata": {
"description": "Prefix of the Second VNET"
}
},
"subscriptionAID": {
"type": "string",
"metadata": {
"description": "the Subscription ID for the first VNET"
},
"defaultValue": "subA"
},
"resourceGroupAName": {
"type": "string",
"defaultValue": "ansumantest",
"metadata": {
"description": "the resource group name for the first VNET"
}
},
"subscriptionBID": {
"type": "string",
"defaultValue": "subB",
"metadata": {
"description": "the Subscription ID for the second VNET"
}
},
"resourceGroupBName": {
"type": "string",
"defaultValue": "rgB",
"metadata": {
"description": "the resource group name for the second VNET"
}
},
"location": {
"type": "string",
"defaultValue": "West US 2"
}
},
"variables": {
"vnetAtoVnetBPeeringName": "[concat(parameters('vnetAName'),'-to-',parameters('vnetBName'))]",
"vnetBtoVnetAPeeringName": "[concat(parameters('vnetBName'),'-to-',parameters('vnetAName'))]"
},
"resources": [
{
"apiVersion": "2020-06-01",
"name": "createPeeringAtoB",
"type": "Microsoft.Resources/deployments",
"location": "[parameters('location')]",
"subscriptionId": "[parameters('subscriptionAID')]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "createNetworkPeeringfromA",
"location": "[parameters('location')]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"apiVersion": "2020-05-01",
"name": "[concat(parameters('vnetAName'), '/', variables('vnetAtoVnetBPeeringName'))]",
"properties": {
"peeringState": "Connected",
"remoteVirtualNetwork": {
"id": "[concat('/subscriptions/',parameters('subscriptionBID'),'/resourceGroups/',parameters('resourceGroupBName'),'/providers/Microsoft.Network/virtualNetworks/', parameters('vnetBName'))]"
},
"allowVirtualNetworkAccess": true,
"allowForwardedTraffic": true,
"allowGatewayTransit": false,
"useRemoteGateways": false,
"remoteAddressSpace": {
"addressPrefixes": [
"[parameters('vnetBPrefix')]"
]
}
}
}
]
}
}
}
]
}
}
},
{
"apiVersion": "2020-06-01",
"name": "createPeeringBtoA",
"type": "Microsoft.Resources/deployments",
"location": "[parameters('location')]",
"subscriptionId": "[parameters('subscriptionBID')]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "createNetworkPeeringfromB",
"location": "[parameters('location')]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"apiVersion": "2020-05-01",
"name": "[concat(parameters('vnetBName'), '/', variables('vnetBtoVnetAPeeringName'))]",
"properties": {
"peeringState": "Connected",
"remoteVirtualNetwork": {
"id": "[concat('/subscriptions/',parameters('subscriptionAID'),'/resourceGroups/',parameters('resourceGroupAName'),'/providers/Microsoft.Network/virtualNetworks/', parameters('vnetAName'))]"
},
"allowVirtualNetworkAccess": true,
"allowForwardedTraffic": true,
"allowGatewayTransit": false,
"useRemoteGateways": false,
"remoteAddressSpace": {
"addressPrefixes": [
"[parameters('vnetAPrefix')]"
]
}
}
}
]
}
}
}
]
}
}
}
],
"outputs": {
}
}
Output:
Note: If you are deploying the above code to Subscription A then you can replace "[parameters('subscriptionAID')]" to subscription().id and similarly if you are deploying it to Subscription B then you can replace "[parameters('subscriptionBID')]" to subscription().id. As subscription().id takes the value of only the current subscription i.e. where the template is being deployed to .
- Deploy filtered metrics on Azure dashboard with Bicep
- IAsyncEnumerable JSON streaming is not streaming on azure web app running on IIS
- node-fetch azure document translator
- Need help getting Azure AD B2C SSO with Azure AD
- Unable to get all users from Microsoft Graph using Python SDK
- You need to ensure that WebApp1 uses the ASP.NET v4.7 runtime stack
- MS Graph API - How to query additional pages
- how to hash users into random values in azure databricks
- How can I manage Azure SQL user/login/credentials
- How to connect secrets value stored in Azure key vault to Azure app service env variables directly
- AVD Insights Host Performance Blade Empty after vhange to new Azure Monitoring Agent
- How to get a list of users from azure graph API
- Azure App Service Flask Deployment Error: "Failed to Respond to HTTP Pings on Port 8000; Site Start Failed. Check Container Logs for Debugging."
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
- Can you publish a new standalone Angular project (esproj) directly from VS2022 to Azure?
- Cors configuration
- Publish error: Found multiple publish output files with the same relative path
- remove event subscriptions from system topics
- Is it possible to use .env in a React Web project?
- Sign in to Azure Account from VS Code
- How to copy blobs from azure to aws using python?
- AKV10032: Invalid issuer error when connecting to Azure Key Vault from App Service
- how to mask hash users into random values [email protected] in azure databricks
- Can we use PostgREST API with Azure
- Bicep adding DNS Records saying already exists when it doesn't
- Issue in sending personal message in MS Teams with Graph API
- import files to databricks workspace
- Create an Api connection to log analytics workspace via bicep
- az funcapp publish .net8 Isolated breaking Azure configuration runtime settings on Sync