Share via


Microsoft.Network virtualNetworks/virtualNetworkPeerings 2016-12-01

Bicep resource definition

The virtualNetworks/virtualNetworkPeerings resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualNetworks/virtualNetworkPeerings resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2016-12-01' = {
  parent: resourceSymbolicName
  etag: 'string'
  name: 'string'
  properties: {
    allowForwardedTraffic: bool
    allowGatewayTransit: bool
    allowVirtualNetworkAccess: bool
    peeringState: 'string'
    provisioningState: 'string'
    remoteVirtualNetwork: {
      id: 'string'
    }
    useRemoteGateways: bool
  }
}

Property Values

Microsoft.Network/virtualNetworks/virtualNetworkPeerings

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: virtualNetworks
properties VirtualNetworkPeeringPropertiesFormat

SubResource

Name Description Value
id Resource ID. string

VirtualNetworkPeeringPropertiesFormat

Name Description Value
allowForwardedTraffic Whether the forwarded traffic from the VMs in the remote virtual network will be allowed/disallowed. bool
allowGatewayTransit If gateway links can be used in remote virtual networking to link to this virtual network. bool
allowVirtualNetworkAccess Whether the VMs in the linked virtual network space would be able to access all the VMs in local Virtual network space. bool
peeringState The status of the virtual network peering. Possible values are 'Initiated', 'Connected', and 'Disconnected'. 'Connected'
'Disconnected'
'Initiated'
provisioningState The provisioning state of the resource. string
remoteVirtualNetwork The reference of the remote virtual network. SubResource
useRemoteGateways If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. bool

Usage Examples

Azure Quickstart Samples

The following Azure Quickstart templates contain Bicep samples for deploying this resource type.

Bicep File Description
Azure Game Developer Virtual Machine Azure Game Developer Virtual Machine includes Licencsed Engines like Unreal.
Create a vNet to vNet connection using vNet Peering This template allows you to connect two vNets using vNet Peering
Deploy a Bastion host in a hub Virtual Network This template creates two vNets with peerings, a Bastion host in the Hub vNet and a Linux VM in the spoke vNet
Peer two existing VNets within a single region This template allows you to connect two VNETs from the same or different resource groups in the same region using VNet Peering
Public Load Balancer chained to a Gateway Load Balancer This template allows you to deploy a Public Standard Load Balancer chained to a Gateway Load Balancer. The traffic incoming from internet is routed to the Gateway Load Balancer with linux VMs (NVAs) in the backend pool.
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.

ARM template resource definition

The virtualNetworks/virtualNetworkPeerings resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualNetworks/virtualNetworkPeerings resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
  "apiVersion": "2016-12-01",
  "name": "string",
  "etag": "string",
  "properties": {
    "allowForwardedTraffic": "bool",
    "allowGatewayTransit": "bool",
    "allowVirtualNetworkAccess": "bool",
    "peeringState": "string",
    "provisioningState": "string",
    "remoteVirtualNetwork": {
      "id": "string"
    },
    "useRemoteGateways": "bool"
  }
}

Property Values

Microsoft.Network/virtualNetworks/virtualNetworkPeerings

Name Description Value
apiVersion The api version '2016-12-01'
etag A unique read-only string that changes whenever the resource is updated. string
name The resource name string (required)
properties VirtualNetworkPeeringPropertiesFormat
type The resource type 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings'

SubResource

Name Description Value
id Resource ID. string

VirtualNetworkPeeringPropertiesFormat

Name Description Value
allowForwardedTraffic Whether the forwarded traffic from the VMs in the remote virtual network will be allowed/disallowed. bool
allowGatewayTransit If gateway links can be used in remote virtual networking to link to this virtual network. bool
allowVirtualNetworkAccess Whether the VMs in the linked virtual network space would be able to access all the VMs in local Virtual network space. bool
peeringState The status of the virtual network peering. Possible values are 'Initiated', 'Connected', and 'Disconnected'. 'Connected'
'Disconnected'
'Initiated'
provisioningState The provisioning state of the resource. string
remoteVirtualNetwork The reference of the remote virtual network. SubResource
useRemoteGateways If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. bool

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template Description
Azure Game Developer Virtual Machine

Deploy to Azure
Azure Game Developer Virtual Machine includes Licencsed Engines like Unreal.
Create a vNet to vNet connection using vNet Peering

Deploy to Azure
This template allows you to connect two vNets using vNet Peering
Create an Azure Firewall sandbox with forced tunneling

Deploy to Azure
This template creates an Azure Firewall sandbox (Linux) with one firewall force tunneled through another firewall in a peered VNET
Deploy a Bastion host in a hub Virtual Network

Deploy to Azure
This template creates two vNets with peerings, a Bastion host in the Hub vNet and a Linux VM in the spoke vNet
Deploy a Hub and Spoke topology sandbox

Deploy to Azure
This template creates a basic hub-and-spoke topology setup. It creates a Hub VNet with subnets DMZ, Management, Shared and Gateway (optionally), with two Spoke VNets (development and production) containing a workload subnet each. It also deploys a Windows Jump-Host on the Management subnet of the HUB, and establishes VNet peerings between the Hub and the two spokes.
Deploy HBase replication with two VNets in one region

Deploy to Azure
This template allows you to configure aN HBase environment with two HBase clusters within two VNets in the same region for configuring HBase replication.
Peer two existing VNets within a single region

Deploy to Azure
This template allows you to connect two VNETs from the same or different resource groups in the same region using VNet Peering
Public Load Balancer chained to a Gateway Load Balancer

Deploy to Azure
This template allows you to deploy a Public Standard Load Balancer chained to a Gateway Load Balancer. The traffic incoming from internet is routed to the Gateway Load Balancer with linux VMs (NVAs) in the backend pool.
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology

Deploy to Azure
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.

Terraform (AzAPI provider) resource definition

The virtualNetworks/virtualNetworkPeerings resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualNetworks/virtualNetworkPeerings resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2016-12-01"
  name = "string"
  parent_id = "string"
  body = {
    etag = "string"
    properties = {
      allowForwardedTraffic = bool
      allowGatewayTransit = bool
      allowVirtualNetworkAccess = bool
      peeringState = "string"
      provisioningState = "string"
      remoteVirtualNetwork = {
        id = "string"
      }
      useRemoteGateways = bool
    }
  }
}

Property Values

Microsoft.Network/virtualNetworks/virtualNetworkPeerings

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: virtualNetworks
properties VirtualNetworkPeeringPropertiesFormat
type The resource type "Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2016-12-01"

SubResource

Name Description Value
id Resource ID. string

VirtualNetworkPeeringPropertiesFormat

Name Description Value
allowForwardedTraffic Whether the forwarded traffic from the VMs in the remote virtual network will be allowed/disallowed. bool
allowGatewayTransit If gateway links can be used in remote virtual networking to link to this virtual network. bool
allowVirtualNetworkAccess Whether the VMs in the linked virtual network space would be able to access all the VMs in local Virtual network space. bool
peeringState The status of the virtual network peering. Possible values are 'Initiated', 'Connected', and 'Disconnected'. 'Connected'
'Disconnected'
'Initiated'
provisioningState The provisioning state of the resource. string
remoteVirtualNetwork The reference of the remote virtual network. SubResource
useRemoteGateways If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. bool

Usage Examples

Terraform Samples

A basic example of deploying virtual network peering which allows resources to access other.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "___location" {
  type    = string
  default = "westeurope"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  ___location = var.___location
}

data "azapi_resource_id" "workspace_resource_group" {
  type      = "Microsoft.Resources/resourceGroups@2020-06-01"
  parent_id = azapi_resource.resourceGroup.parent_id
  name      = "databricks-rg-${var.resource_name}"
}

resource "azapi_resource" "workspace" {
  type      = "Microsoft.Databricks/workspaces@2023-02-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      managedResourceGroupId = data.azapi_resource_id.workspace_resource_group.id
      parameters = {
        prepareEncryption = {
          value = false
        }
        requireInfrastructureEncryption = {
          value = false
        }
      }
      publicNetworkAccess = "Enabled"
    }
    sku = {
      name = "standard"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "virtualNetwork" {
  type      = "Microsoft.Network/virtualNetworks@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      addressSpace = {
        addressPrefixes = [
          "10.0.1.0/24",
        ]
      }
      dhcpOptions = {
        dnsServers = [
        ]
      }
      subnets = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
  lifecycle {
    ignore_changes = [body.properties.subnets]
  }
}

resource "azapi_resource" "virtualNetworkPeering" {
  type      = "Microsoft.Databricks/workspaces/virtualNetworkPeerings@2023-02-01"
  parent_id = azapi_resource.workspace.id
  name      = var.resource_name
  body = {
    properties = {
      allowForwardedTraffic     = false
      allowGatewayTransit       = false
      allowVirtualNetworkAccess = true
      databricksAddressSpace = {
        addressPrefixes = [
          "10.139.0.0/16"
        ]
      }
      remoteAddressSpace = {
        addressPrefixes = [
          "10.0.1.0/24",
        ]
      }
      remoteVirtualNetwork = {
        id = azapi_resource.virtualNetwork.id
      }
      useRemoteGateways = false
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}