Share via


Microsoft.Network networkManagers/securityAdminConfigurations/ruleCollections/rules 2023-11-01

Bicep resource definition

The networkManagers/securityAdminConfigurations/ruleCollections/rules resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2023-11-01' = {
  name: 'string'
  kind: 'string'
  // For remaining properties, see Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules objects
}

Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules objects

Set the kind property to specify the type of object.

For Custom, use:

{
  kind: 'Custom'
  properties: {
    access: 'string'
    description: 'string'
    destinationPortRanges: [
      'string'
    ]
    destinations: [
      {
        addressPrefix: 'string'
        addressPrefixType: 'string'
      }
    ]
    direction: 'string'
    priority: int
    protocol: 'string'
    sourcePortRanges: [
      'string'
    ]
    sources: [
      {
        addressPrefix: 'string'
        addressPrefixType: 'string'
      }
    ]
  }
}

For Default, use:

{
  kind: 'Default'
  properties: {
    flag: 'string'
  }
}

Property Values

Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules

Name Description Value
kind Set to 'Custom' for type AdminRule. Set to 'Default' for type DefaultAdminRule. 'Custom'
'Default' (required)
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: networkManagers/securityAdminConfigurations/ruleCollections

AddressPrefixItem

Name Description Value
addressPrefix Address prefix. string
addressPrefixType Address prefix type. 'IPPrefix'
'ServiceTag'

AdminPropertiesFormat

Name Description Value
access Indicates the access allowed for this particular rule 'Allow'
'AlwaysAllow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationPortRanges The destination port ranges. string[]
destinations The destination address prefixes. CIDR or destination IP ranges. AddressPrefixItem[]
direction Indicates if the traffic matched against the rule in inbound or outbound. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int

Constraints:
Min value = 1
Max value = 4096 (required)
protocol Network protocol this rule applies to. 'Ah'
'Any'
'Esp'
'Icmp'
'Tcp'
'Udp' (required)
sourcePortRanges The source port ranges. string[]
sources The CIDR or source IP ranges. AddressPrefixItem[]

AdminRule

Name Description Value
kind Whether the rule is custom or default. 'Custom' (required)
properties Indicates the properties of the security admin rule AdminPropertiesFormat

DefaultAdminPropertiesFormat

Name Description Value
flag Default rule flag. string

DefaultAdminRule

Name Description Value
kind Whether the rule is custom or default. 'Default' (required)
properties Indicates the properties of the security admin rule DefaultAdminPropertiesFormat

ARM template resource definition

The networkManagers/securityAdminConfigurations/ruleCollections/rules resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules resource, add the following JSON to your template.

{
  "name": "string",
  "kind": "string"
  // For remaining properties, see Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules objects
}

Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules objects

Set the kind property to specify the type of object.

For Custom, use:

{
  "kind": "Custom",
  "properties": {
    "access": "string",
    "description": "string",
    "destinationPortRanges": [ "string" ],
    "destinations": [
      {
        "addressPrefix": "string",
        "addressPrefixType": "string"
      }
    ],
    "direction": "string",
    "priority": "int",
    "protocol": "string",
    "sourcePortRanges": [ "string" ],
    "sources": [
      {
        "addressPrefix": "string",
        "addressPrefixType": "string"
      }
    ]
  }
}

For Default, use:

{
  "kind": "Default",
  "properties": {
    "flag": "string"
  }
}

Property Values

Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules

Name Description Value
apiVersion The api version '2023-11-01'
kind Set to 'Custom' for type AdminRule. Set to 'Default' for type DefaultAdminRule. 'Custom'
'Default' (required)
name The resource name string (required)
type The resource type 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules'

AddressPrefixItem

Name Description Value
addressPrefix Address prefix. string
addressPrefixType Address prefix type. 'IPPrefix'
'ServiceTag'

AdminPropertiesFormat

Name Description Value
access Indicates the access allowed for this particular rule 'Allow'
'AlwaysAllow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationPortRanges The destination port ranges. string[]
destinations The destination address prefixes. CIDR or destination IP ranges. AddressPrefixItem[]
direction Indicates if the traffic matched against the rule in inbound or outbound. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int

Constraints:
Min value = 1
Max value = 4096 (required)
protocol Network protocol this rule applies to. 'Ah'
'Any'
'Esp'
'Icmp'
'Tcp'
'Udp' (required)
sourcePortRanges The source port ranges. string[]
sources The CIDR or source IP ranges. AddressPrefixItem[]

AdminRule

Name Description Value
kind Whether the rule is custom or default. 'Custom' (required)
properties Indicates the properties of the security admin rule AdminPropertiesFormat

DefaultAdminPropertiesFormat

Name Description Value
flag Default rule flag. string

DefaultAdminRule

Name Description Value
kind Whether the rule is custom or default. 'Default' (required)
properties Indicates the properties of the security admin rule DefaultAdminPropertiesFormat

Usage Examples

Terraform (AzAPI provider) resource definition

The networkManagers/securityAdminConfigurations/ruleCollections/rules resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  name = "string"
  kind = "string"
  // For remaining properties, see Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules objects
}

Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules objects

Set the kind property to specify the type of object.

For Custom, use:

{
  kind = "Custom"
  properties = {
    access = "string"
    description = "string"
    destinationPortRanges = [
      "string"
    ]
    destinations = [
      {
        addressPrefix = "string"
        addressPrefixType = "string"
      }
    ]
    direction = "string"
    priority = int
    protocol = "string"
    sourcePortRanges = [
      "string"
    ]
    sources = [
      {
        addressPrefix = "string"
        addressPrefixType = "string"
      }
    ]
  }
}

For Default, use:

{
  kind = "Default"
  properties = {
    flag = "string"
  }
}

Property Values

Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules

Name Description Value
kind Set to 'Custom' for type AdminRule. Set to 'Default' for type DefaultAdminRule. 'Custom'
'Default' (required)
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: networkManagers/securityAdminConfigurations/ruleCollections
type The resource type "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2023-11-01"

AddressPrefixItem

Name Description Value
addressPrefix Address prefix. string
addressPrefixType Address prefix type. 'IPPrefix'
'ServiceTag'

AdminPropertiesFormat

Name Description Value
access Indicates the access allowed for this particular rule 'Allow'
'AlwaysAllow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationPortRanges The destination port ranges. string[]
destinations The destination address prefixes. CIDR or destination IP ranges. AddressPrefixItem[]
direction Indicates if the traffic matched against the rule in inbound or outbound. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int

Constraints:
Min value = 1
Max value = 4096 (required)
protocol Network protocol this rule applies to. 'Ah'
'Any'
'Esp'
'Icmp'
'Tcp'
'Udp' (required)
sourcePortRanges The source port ranges. string[]
sources The CIDR or source IP ranges. AddressPrefixItem[]

AdminRule

Name Description Value
kind Whether the rule is custom or default. 'Custom' (required)
properties Indicates the properties of the security admin rule AdminPropertiesFormat

DefaultAdminPropertiesFormat

Name Description Value
flag Default rule flag. string

DefaultAdminRule

Name Description Value
kind Whether the rule is custom or default. 'Default' (required)
properties Indicates the properties of the security admin rule DefaultAdminPropertiesFormat

Usage Examples

Terraform Samples

A basic example of deploying Network Manager Admin Rule.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
    azurerm = {
      source = "hashicorp/azurerm"
    }
  }
}

provider "azurerm" {
  features {
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "___location" {
  type    = string
  default = "westeurope"
}

data "azurerm_client_config" "current" {
}

data "azapi_resource" "subscription" {
  type                   = "Microsoft.Resources/subscriptions@2021-01-01"
  resource_id            = "/subscriptions/${data.azurerm_client_config.current.subscription_id}"
  response_export_values = ["*"]
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  ___location = var.___location
}

resource "azapi_resource" "networkManager" {
  type      = "Microsoft.Network/networkManagers@2022-09-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      description = ""
      networkManagerScopeAccesses = [
        "SecurityAdmin",
      ]
      networkManagerScopes = {
        managementGroups = [
        ]
        subscriptions = [
          data.azapi_resource.subscription.id,
        ]
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "securityAdminConfiguration" {
  type      = "Microsoft.Network/networkManagers/securityAdminConfigurations@2022-09-01"
  parent_id = azapi_resource.networkManager.id
  name      = var.resource_name
  body = {
    properties = {
      applyOnNetworkIntentPolicyBasedServices = []
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "networkGroup" {
  type      = "Microsoft.Network/networkManagers/networkGroups@2022-09-01"
  parent_id = azapi_resource.networkManager.id
  name      = var.resource_name
  body = {
    properties = {
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "ruleCollection" {
  type      = "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections@2022-09-01"
  parent_id = azapi_resource.securityAdminConfiguration.id
  name      = var.resource_name
  body = {
    properties = {
      appliesToGroups = [
        {
          networkGroupId = azapi_resource.networkGroup.id
        },
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "rule" {
  type      = "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2022-09-01"
  parent_id = azapi_resource.ruleCollection.id
  name      = var.resource_name
  body = {
    kind = "Custom"
    properties = {
      access                = "Deny"
      destinationPortRanges = []
      destinations          = []
      direction             = "Outbound"
      priority              = 1
      protocol              = "Tcp"
      sourcePortRanges      = []
      sources               = []
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}