Bicep resource definition
The networkWatchers/flowLogs resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/networkWatchers/flowLogs@2020-11-01' = {
parent: resourceSymbolicName
___location: 'string'
name: 'string'
properties: {
enabled: bool
flowAnalyticsConfiguration: {
networkWatcherFlowAnalyticsConfiguration: {
enabled: bool
trafficAnalyticsInterval: int
workspaceId: 'string'
workspaceRegion: 'string'
workspaceResourceId: 'string'
}
}
format: {
type: 'string'
version: int
}
retentionPolicy: {
days: int
enabled: bool
}
storageId: 'string'
targetResourceId: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.Network/networkWatchers/flowLogs
Name |
Description |
Value |
___location |
Resource ___location. |
string |
name |
The resource name |
string (required) |
parent |
In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.
For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: networkWatchers |
properties |
Properties of the flow log. |
FlowLogPropertiesFormat |
tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
Name |
Description |
Value |
type |
The file type of flow log. |
'JSON' |
version |
The version (revision) of the flow log. |
int |
Name |
Description |
Value |
enabled |
Flag to enable/disable flow logging. |
bool |
flowAnalyticsConfiguration |
Parameters that define the configuration of traffic analytics. |
TrafficAnalyticsProperties |
format |
Parameters that define the flow log format. |
FlowLogFormatParameters |
retentionPolicy |
Parameters that define the retention policy for flow log. |
RetentionPolicyParameters |
storageId |
ID of the storage account which is used to store the flow log. |
string (required) |
targetResourceId |
ID of network security group to which flow log will be applied. |
string (required) |
RetentionPolicyParameters
Name |
Description |
Value |
days |
Number of days to retain flow log records. |
int |
enabled |
Flag to enable/disable retention. |
bool |
TrafficAnalyticsConfigurationProperties
Name |
Description |
Value |
enabled |
Flag to enable/disable traffic analytics. |
bool |
trafficAnalyticsInterval |
The interval in minutes which would decide how frequently TA service should do flow analytics. |
int |
workspaceId |
The resource guid of the attached workspace. |
string |
workspaceRegion |
The ___location of the attached workspace. |
string |
workspaceResourceId |
Resource Id of the attached workspace. |
string |
TrafficAnalyticsProperties
Usage Examples
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
ARM template resource definition
The networkWatchers/flowLogs resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following JSON to your template.
{
"type": "Microsoft.Network/networkWatchers/flowLogs",
"apiVersion": "2020-11-01",
"name": "string",
"___location": "string",
"properties": {
"enabled": "bool",
"flowAnalyticsConfiguration": {
"networkWatcherFlowAnalyticsConfiguration": {
"enabled": "bool",
"trafficAnalyticsInterval": "int",
"workspaceId": "string",
"workspaceRegion": "string",
"workspaceResourceId": "string"
}
},
"format": {
"type": "string",
"version": "int"
},
"retentionPolicy": {
"days": "int",
"enabled": "bool"
},
"storageId": "string",
"targetResourceId": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.Network/networkWatchers/flowLogs
Name |
Description |
Value |
apiVersion |
The api version |
'2020-11-01' |
___location |
Resource ___location. |
string |
name |
The resource name |
string (required) |
properties |
Properties of the flow log. |
FlowLogPropertiesFormat |
tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
type |
The resource type |
'Microsoft.Network/networkWatchers/flowLogs' |
Name |
Description |
Value |
type |
The file type of flow log. |
'JSON' |
version |
The version (revision) of the flow log. |
int |
Name |
Description |
Value |
enabled |
Flag to enable/disable flow logging. |
bool |
flowAnalyticsConfiguration |
Parameters that define the configuration of traffic analytics. |
TrafficAnalyticsProperties |
format |
Parameters that define the flow log format. |
FlowLogFormatParameters |
retentionPolicy |
Parameters that define the retention policy for flow log. |
RetentionPolicyParameters |
storageId |
ID of the storage account which is used to store the flow log. |
string (required) |
targetResourceId |
ID of network security group to which flow log will be applied. |
string (required) |
RetentionPolicyParameters
Name |
Description |
Value |
days |
Number of days to retain flow log records. |
int |
enabled |
Flag to enable/disable retention. |
bool |
TrafficAnalyticsConfigurationProperties
Name |
Description |
Value |
enabled |
Flag to enable/disable traffic analytics. |
bool |
trafficAnalyticsInterval |
The interval in minutes which would decide how frequently TA service should do flow analytics. |
int |
workspaceId |
The resource guid of the attached workspace. |
string |
workspaceRegion |
The ___location of the attached workspace. |
string |
workspaceResourceId |
Resource Id of the attached workspace. |
string |
TrafficAnalyticsProperties
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
The networkWatchers/flowLogs resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/networkWatchers/flowLogs@2020-11-01"
name = "string"
parent_id = "string"
___location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
enabled = bool
flowAnalyticsConfiguration = {
networkWatcherFlowAnalyticsConfiguration = {
enabled = bool
trafficAnalyticsInterval = int
workspaceId = "string"
workspaceRegion = "string"
workspaceResourceId = "string"
}
}
format = {
type = "string"
version = int
}
retentionPolicy = {
days = int
enabled = bool
}
storageId = "string"
targetResourceId = "string"
}
}
}
Property Values
Microsoft.Network/networkWatchers/flowLogs
Name |
Description |
Value |
___location |
Resource ___location. |
string |
name |
The resource name |
string (required) |
parent_id |
The ID of the resource that is the parent for this resource. |
ID for resource of type: networkWatchers |
properties |
Properties of the flow log. |
FlowLogPropertiesFormat |
tags |
Resource tags |
Dictionary of tag names and values. |
type |
The resource type |
"Microsoft.Network/networkWatchers/flowLogs@2020-11-01" |
Name |
Description |
Value |
type |
The file type of flow log. |
'JSON' |
version |
The version (revision) of the flow log. |
int |
Name |
Description |
Value |
enabled |
Flag to enable/disable flow logging. |
bool |
flowAnalyticsConfiguration |
Parameters that define the configuration of traffic analytics. |
TrafficAnalyticsProperties |
format |
Parameters that define the flow log format. |
FlowLogFormatParameters |
retentionPolicy |
Parameters that define the retention policy for flow log. |
RetentionPolicyParameters |
storageId |
ID of the storage account which is used to store the flow log. |
string (required) |
targetResourceId |
ID of network security group to which flow log will be applied. |
string (required) |
RetentionPolicyParameters
Name |
Description |
Value |
days |
Number of days to retain flow log records. |
int |
enabled |
Flag to enable/disable retention. |
bool |
TrafficAnalyticsConfigurationProperties
Name |
Description |
Value |
enabled |
Flag to enable/disable traffic analytics. |
bool |
trafficAnalyticsInterval |
The interval in minutes which would decide how frequently TA service should do flow analytics. |
int |
workspaceId |
The resource guid of the attached workspace. |
string |
workspaceRegion |
The ___location of the attached workspace. |
string |
workspaceResourceId |
Resource Id of the attached workspace. |
string |
TrafficAnalyticsProperties
Usage Examples
A basic example of deploying Network Watcher Flow Log.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "___location" {
type = string
default = "eastus2"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
___location = var.___location
}
resource "azapi_resource" "virtualNetwork" {
type = "Microsoft.Network/virtualNetworks@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
___location = var.___location
body = {
properties = {
addressSpace = {
addressPrefixes = [
"10.0.0.0/16",
]
}
dhcpOptions = {
dnsServers = [
]
}
subnets = [
]
}
}
schema_validation_enabled = false
response_export_values = ["*"]
lifecycle {
ignore_changes = [body.properties.subnets]
}
}
resource "azapi_resource" "networkWatchers" {
type = "Microsoft.Network/networkWatchers@2023-11-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
___location = var.___location
body = {
properties = {
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "storageAccount" {
type = "Microsoft.Storage/storageAccounts@2021-09-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
___location = var.___location
body = {
kind = "StorageV2"
properties = {
accessTier = "Hot"
allowBlobPublicAccess = true
allowCrossTenantReplication = true
allowSharedKeyAccess = true
defaultToOAuthAuthentication = false
encryption = {
keySource = "Microsoft.Storage"
services = {
queue = {
keyType = "Service"
}
table = {
keyType = "Service"
}
}
}
isHnsEnabled = false
isNfsV3Enabled = false
isSftpEnabled = false
minimumTlsVersion = "TLS1_2"
networkAcls = {
defaultAction = "Allow"
}
publicNetworkAccess = "Enabled"
supportsHttpsTrafficOnly = true
}
sku = {
name = "Standard_LRS"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "flowLog" {
type = "Microsoft.Network/networkWatchers/flowLogs@2023-11-01"
name = var.resource_name
___location = var.___location
parent_id = azapi_resource.networkWatchers.id
body = {
properties = {
enabled = true
flowAnalyticsConfiguration = {
networkWatcherFlowAnalyticsConfiguration = {
enabled = false
}
}
format = {
type = "JSON"
version = 2
}
retentionPolicy = {
days = 7
enabled = true
}
storageId = azapi_resource.storageAccount.id
targetResourceId = azapi_resource.virtualNetwork.id
}
}
}