Bicep resource definition
The expressRouteGateways/expressRouteConnections resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/expressRouteGateways/expressRouteConnections resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/expressRouteGateways/expressRouteConnections@2023-05-01' = {
parent: resourceSymbolicName
name: 'string'
properties: {
authorizationKey: 'string'
enableInternetSecurity: bool
enablePrivateLinkFastPath: bool
expressRouteCircuitPeering: {
id: 'string'
}
expressRouteGatewayBypass: bool
routingConfiguration: {
associatedRouteTable: {
id: 'string'
}
inboundRouteMap: {
id: 'string'
}
outboundRouteMap: {
id: 'string'
}
propagatedRouteTables: {
ids: [
{
id: 'string'
}
]
labels: [
'string'
]
}
vnetRoutes: {
staticRoutes: [
{
addressPrefixes: [
'string'
]
name: 'string'
nextHopIpAddress: 'string'
}
]
staticRoutesConfig: {
vnetLocalRouteOverrideCriteria: 'string'
}
}
}
routingWeight: int
}
}
Property Values
Microsoft.Network/expressRouteGateways/expressRouteConnections
Name |
Description |
Value |
name |
The resource name |
string (required) |
parent |
In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.
For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: expressRouteGateways |
properties |
Properties of the express route connection. |
ExpressRouteConnectionProperties |
ExpressRouteCircuitPeeringId
Name |
Description |
Value |
id |
The ID of the ExpressRoute circuit peering. |
string |
ExpressRouteConnectionProperties
Name |
Description |
Value |
authorizationKey |
Authorization key to establish the connection. |
string |
enableInternetSecurity |
Enable internet security. |
bool |
enablePrivateLinkFastPath |
Bypass the ExpressRoute gateway when accessing private-links. ExpressRoute FastPath (expressRouteGatewayBypass) must be enabled. |
bool |
expressRouteCircuitPeering |
The ExpressRoute circuit peering. |
ExpressRouteCircuitPeeringId (required) |
expressRouteGatewayBypass |
Enable FastPath to vWan Firewall hub. |
bool |
routingConfiguration |
The Routing Configuration indicating the associated and propagated route tables on this connection. |
RoutingConfiguration |
routingWeight |
The routing weight associated to the connection. |
int |
PropagatedRouteTable
Name |
Description |
Value |
ids |
The list of resource ids of all the RouteTables. |
SubResource[] |
labels |
The list of labels. |
string[] |
RoutingConfiguration
Name |
Description |
Value |
associatedRouteTable |
The resource id RouteTable associated with this RoutingConfiguration. |
SubResource |
inboundRouteMap |
The resource id of the RouteMap associated with this RoutingConfiguration for inbound learned routes. |
SubResource |
outboundRouteMap |
The resource id of theRouteMap associated with this RoutingConfiguration for outbound advertised routes. |
SubResource |
propagatedRouteTables |
The list of RouteTables to advertise the routes to. |
PropagatedRouteTable |
vnetRoutes |
List of routes that control routing from VirtualHub into a virtual network connection. |
VnetRoute |
StaticRoute
Name |
Description |
Value |
addressPrefixes |
List of all address prefixes. |
string[] |
name |
The name of the StaticRoute that is unique within a VnetRoute. |
string |
nextHopIpAddress |
The ip address of the next hop. |
string |
StaticRoutesConfig
Name |
Description |
Value |
vnetLocalRouteOverrideCriteria |
Parameter determining whether NVA in spoke vnet is bypassed for traffic with destination in spoke. |
'Contains' 'Equal' |
SubResource
Name |
Description |
Value |
id |
Resource ID. |
string |
VnetRoute
Name |
Description |
Value |
staticRoutes |
List of all Static Routes. |
StaticRoute[] |
staticRoutesConfig |
Configuration for static routes on this HubVnetConnection. |
StaticRoutesConfig |
ARM template resource definition
The expressRouteGateways/expressRouteConnections resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/expressRouteGateways/expressRouteConnections resource, add the following JSON to your template.
{
"type": "Microsoft.Network/expressRouteGateways/expressRouteConnections",
"apiVersion": "2023-05-01",
"name": "string",
"properties": {
"authorizationKey": "string",
"enableInternetSecurity": "bool",
"enablePrivateLinkFastPath": "bool",
"expressRouteCircuitPeering": {
"id": "string"
},
"expressRouteGatewayBypass": "bool",
"routingConfiguration": {
"associatedRouteTable": {
"id": "string"
},
"inboundRouteMap": {
"id": "string"
},
"outboundRouteMap": {
"id": "string"
},
"propagatedRouteTables": {
"ids": [
{
"id": "string"
}
],
"labels": [ "string" ]
},
"vnetRoutes": {
"staticRoutes": [
{
"addressPrefixes": [ "string" ],
"name": "string",
"nextHopIpAddress": "string"
}
],
"staticRoutesConfig": {
"vnetLocalRouteOverrideCriteria": "string"
}
}
},
"routingWeight": "int"
}
}
Property Values
Microsoft.Network/expressRouteGateways/expressRouteConnections
Name |
Description |
Value |
apiVersion |
The api version |
'2023-05-01' |
name |
The resource name |
string (required) |
properties |
Properties of the express route connection. |
ExpressRouteConnectionProperties |
type |
The resource type |
'Microsoft.Network/expressRouteGateways/expressRouteConnections' |
ExpressRouteCircuitPeeringId
Name |
Description |
Value |
id |
The ID of the ExpressRoute circuit peering. |
string |
ExpressRouteConnectionProperties
Name |
Description |
Value |
authorizationKey |
Authorization key to establish the connection. |
string |
enableInternetSecurity |
Enable internet security. |
bool |
enablePrivateLinkFastPath |
Bypass the ExpressRoute gateway when accessing private-links. ExpressRoute FastPath (expressRouteGatewayBypass) must be enabled. |
bool |
expressRouteCircuitPeering |
The ExpressRoute circuit peering. |
ExpressRouteCircuitPeeringId (required) |
expressRouteGatewayBypass |
Enable FastPath to vWan Firewall hub. |
bool |
routingConfiguration |
The Routing Configuration indicating the associated and propagated route tables on this connection. |
RoutingConfiguration |
routingWeight |
The routing weight associated to the connection. |
int |
PropagatedRouteTable
Name |
Description |
Value |
ids |
The list of resource ids of all the RouteTables. |
SubResource[] |
labels |
The list of labels. |
string[] |
RoutingConfiguration
Name |
Description |
Value |
associatedRouteTable |
The resource id RouteTable associated with this RoutingConfiguration. |
SubResource |
inboundRouteMap |
The resource id of the RouteMap associated with this RoutingConfiguration for inbound learned routes. |
SubResource |
outboundRouteMap |
The resource id of theRouteMap associated with this RoutingConfiguration for outbound advertised routes. |
SubResource |
propagatedRouteTables |
The list of RouteTables to advertise the routes to. |
PropagatedRouteTable |
vnetRoutes |
List of routes that control routing from VirtualHub into a virtual network connection. |
VnetRoute |
StaticRoute
Name |
Description |
Value |
addressPrefixes |
List of all address prefixes. |
string[] |
name |
The name of the StaticRoute that is unique within a VnetRoute. |
string |
nextHopIpAddress |
The ip address of the next hop. |
string |
StaticRoutesConfig
Name |
Description |
Value |
vnetLocalRouteOverrideCriteria |
Parameter determining whether NVA in spoke vnet is bypassed for traffic with destination in spoke. |
'Contains' 'Equal' |
SubResource
Name |
Description |
Value |
id |
Resource ID. |
string |
VnetRoute
Name |
Description |
Value |
staticRoutes |
List of all Static Routes. |
StaticRoute[] |
staticRoutesConfig |
Configuration for static routes on this HubVnetConnection. |
StaticRoutesConfig |
Usage Examples
The expressRouteGateways/expressRouteConnections resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/expressRouteGateways/expressRouteConnections resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/expressRouteGateways/expressRouteConnections@2023-05-01"
name = "string"
parent_id = "string"
body = {
properties = {
authorizationKey = "string"
enableInternetSecurity = bool
enablePrivateLinkFastPath = bool
expressRouteCircuitPeering = {
id = "string"
}
expressRouteGatewayBypass = bool
routingConfiguration = {
associatedRouteTable = {
id = "string"
}
inboundRouteMap = {
id = "string"
}
outboundRouteMap = {
id = "string"
}
propagatedRouteTables = {
ids = [
{
id = "string"
}
]
labels = [
"string"
]
}
vnetRoutes = {
staticRoutes = [
{
addressPrefixes = [
"string"
]
name = "string"
nextHopIpAddress = "string"
}
]
staticRoutesConfig = {
vnetLocalRouteOverrideCriteria = "string"
}
}
}
routingWeight = int
}
}
}
Property Values
Microsoft.Network/expressRouteGateways/expressRouteConnections
Name |
Description |
Value |
name |
The resource name |
string (required) |
parent_id |
The ID of the resource that is the parent for this resource. |
ID for resource of type: expressRouteGateways |
properties |
Properties of the express route connection. |
ExpressRouteConnectionProperties |
type |
The resource type |
"Microsoft.Network/expressRouteGateways/expressRouteConnections@2023-05-01" |
ExpressRouteCircuitPeeringId
Name |
Description |
Value |
id |
The ID of the ExpressRoute circuit peering. |
string |
ExpressRouteConnectionProperties
Name |
Description |
Value |
authorizationKey |
Authorization key to establish the connection. |
string |
enableInternetSecurity |
Enable internet security. |
bool |
enablePrivateLinkFastPath |
Bypass the ExpressRoute gateway when accessing private-links. ExpressRoute FastPath (expressRouteGatewayBypass) must be enabled. |
bool |
expressRouteCircuitPeering |
The ExpressRoute circuit peering. |
ExpressRouteCircuitPeeringId (required) |
expressRouteGatewayBypass |
Enable FastPath to vWan Firewall hub. |
bool |
routingConfiguration |
The Routing Configuration indicating the associated and propagated route tables on this connection. |
RoutingConfiguration |
routingWeight |
The routing weight associated to the connection. |
int |
PropagatedRouteTable
Name |
Description |
Value |
ids |
The list of resource ids of all the RouteTables. |
SubResource[] |
labels |
The list of labels. |
string[] |
RoutingConfiguration
Name |
Description |
Value |
associatedRouteTable |
The resource id RouteTable associated with this RoutingConfiguration. |
SubResource |
inboundRouteMap |
The resource id of the RouteMap associated with this RoutingConfiguration for inbound learned routes. |
SubResource |
outboundRouteMap |
The resource id of theRouteMap associated with this RoutingConfiguration for outbound advertised routes. |
SubResource |
propagatedRouteTables |
The list of RouteTables to advertise the routes to. |
PropagatedRouteTable |
vnetRoutes |
List of routes that control routing from VirtualHub into a virtual network connection. |
VnetRoute |
StaticRoute
Name |
Description |
Value |
addressPrefixes |
List of all address prefixes. |
string[] |
name |
The name of the StaticRoute that is unique within a VnetRoute. |
string |
nextHopIpAddress |
The ip address of the next hop. |
string |
StaticRoutesConfig
Name |
Description |
Value |
vnetLocalRouteOverrideCriteria |
Parameter determining whether NVA in spoke vnet is bypassed for traffic with destination in spoke. |
'Contains' 'Equal' |
SubResource
Name |
Description |
Value |
id |
Resource ID. |
string |
VnetRoute
Name |
Description |
Value |
staticRoutes |
List of all Static Routes. |
StaticRoute[] |
staticRoutesConfig |
Configuration for static routes on this HubVnetConnection. |
StaticRoutesConfig |
Usage Examples
A basic example of deploying Express Route Connection.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "___location" {
type = string
default = "westeurope"
}
variable "shared_key" {
type = string
description = "The shared key for the ExpressRoute connection"
sensitive = true
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
___location = var.___location
}
resource "azapi_resource" "ExpressRoutePort" {
type = "Microsoft.Network/ExpressRoutePorts@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
___location = var.___location
body = {
properties = {
bandwidthInGbps = 10
encapsulation = "Dot1Q"
peeringLocation = "CDC-Canberra"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "virtualWan" {
type = "Microsoft.Network/virtualWans@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
___location = var.___location
body = {
properties = {
allowBranchToBranchTraffic = true
disableVpnEncryption = false
office365LocalBreakoutCategory = "None"
type = "Standard"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "virtualHub" {
type = "Microsoft.Network/virtualHubs@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
___location = var.___location
body = {
properties = {
addressPrefix = "10.0.1.0/24"
hubRoutingPreference = "ExpressRoute"
virtualRouterAutoScaleConfiguration = {
minCapacity = 2
}
virtualWan = {
id = azapi_resource.virtualWan.id
}
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "expressRouteCircuit" {
type = "Microsoft.Network/expressRouteCircuits@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
___location = var.___location
body = {
properties = {
authorizationKey = ""
bandwidthInGbps = 5
expressRoutePort = {
id = azapi_resource.ExpressRoutePort.id
}
}
sku = {
family = "MeteredData"
name = "Premium_MeteredData"
tier = "Premium"
}
}
schema_validation_enabled = false
ignore_casing = true
response_export_values = ["*"]
}
resource "azapi_resource" "peering" {
type = "Microsoft.Network/expressRouteCircuits/peerings@2022-07-01"
parent_id = azapi_resource.expressRouteCircuit.id
name = "AzurePrivatePeering"
body = {
properties = {
azureASN = 12076
gatewayManagerEtag = ""
peerASN = 100
peeringType = "AzurePrivatePeering"
primaryPeerAddressPrefix = "192.168.1.0/30"
secondaryPeerAddressPrefix = "192.168.2.0/30"
sharedKey = var.shared_key
state = "Enabled"
vlanId = 100
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "expressRouteGateway" {
type = "Microsoft.Network/expressRouteGateways@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
___location = var.___location
body = {
properties = {
allowNonVirtualWanTraffic = false
autoScaleConfiguration = {
bounds = {
min = 1
}
}
virtualHub = {
id = azapi_resource.virtualHub.id
}
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "expressRouteConnection" {
type = "Microsoft.Network/expressRouteGateways/expressRouteConnections@2022-07-01"
parent_id = azapi_resource.expressRouteGateway.id
name = var.resource_name
body = {
properties = {
enableInternetSecurity = false
expressRouteCircuitPeering = {
id = azapi_resource.peering.id
}
expressRouteGatewayBypass = false
routingConfiguration = {
}
routingWeight = 0
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}