Azure v6.21.0, Mar 7 25

We recommend using Azure Native.

Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-azure

azure.network.VirtualNetwork

Explore with Pulumi AI

We recommend using Azure Native.

Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-azure

NOTE on Virtual Networks and Subnet’s: This provider currently provides both a standalone Subnet resource, and allows for Subnets to be defined in-line within the Virtual Network resource. At this time you cannot use a Virtual Network with in-line Subnets in conjunction with any Subnet resources. Doing so will cause a conflict of Subnet configurations and will overwrite Subnet’s. NOTE on Virtual Networks and DNS Servers: This provider currently provides both a standalone virtual network DNS Servers resource, and allows for DNS servers to be defined in-line within the Virtual Network resource. At this time you cannot use a Virtual Network with in-line DNS servers in conjunction with any Virtual Network DNS Servers resources. Doing so will cause a conflict of Virtual Network DNS Servers configurations and will overwrite virtual networks DNS servers.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = new azure.core.ResourceGroup("example", {
    name: "example-resources",
    location: "West Europe",
});
const exampleNetworkSecurityGroup = new azure.network.NetworkSecurityGroup("example", {
    name: "example-security-group",
    location: example.location,
    resourceGroupName: example.name,
});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", {
    name: "example-network",
    location: example.location,
    resourceGroupName: example.name,
    addressSpaces: ["10.0.0.0/16"],
    dnsServers: [
        "10.0.0.4",
        "10.0.0.5",
    ],
    subnets: [
        {
            name: "subnet1",
            addressPrefixes: ["10.0.1.0/24"],
        },
        {
            name: "subnet2",
            addressPrefixes: ["10.0.2.0/24"],
            securityGroup: exampleNetworkSecurityGroup.id,
        },
    ],
    tags: {
        environment: "Production",
    },
});

import pulumi
import pulumi_azure as azure

example = azure.core.ResourceGroup("example",
    name="example-resources",
    location="West Europe")
example_network_security_group = azure.network.NetworkSecurityGroup("example",
    name="example-security-group",
    location=example.location,
    resource_group_name=example.name)
example_virtual_network = azure.network.VirtualNetwork("example",
    name="example-network",
    location=example.location,
    resource_group_name=example.name,
    address_spaces=["10.0.0.0/16"],
    dns_servers=[
        "10.0.0.4",
        "10.0.0.5",
    ],
    subnets=[
        {
            "name": "subnet1",
            "address_prefixes": ["10.0.1.0/24"],
        },
        {
            "name": "subnet2",
            "address_prefixes": ["10.0.2.0/24"],
            "security_group": example_network_security_group.id,
        },
    ],
    tags={
        "environment": "Production",
    })

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleNetworkSecurityGroup, err := network.NewNetworkSecurityGroup(ctx, "example", &network.NetworkSecurityGroupArgs{
			Name:              pulumi.String("example-security-group"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
		})
		if err != nil {
			return err
		}
		_, err = network.NewVirtualNetwork(ctx, "example", &network.VirtualNetworkArgs{
			Name:              pulumi.String("example-network"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			AddressSpaces: pulumi.StringArray{
				pulumi.String("10.0.0.0/16"),
			},
			DnsServers: pulumi.StringArray{
				pulumi.String("10.0.0.4"),
				pulumi.String("10.0.0.5"),
			},
			Subnets: network.VirtualNetworkSubnetArray{
				&network.VirtualNetworkSubnetArgs{
					Name: pulumi.String("subnet1"),
					AddressPrefixes: pulumi.StringArray{
						pulumi.String("10.0.1.0/24"),
					},
				},
				&network.VirtualNetworkSubnetArgs{
					Name: pulumi.String("subnet2"),
					AddressPrefixes: pulumi.StringArray{
						pulumi.String("10.0.2.0/24"),
					},
					SecurityGroup: exampleNetworkSecurityGroup.ID(),
				},
			},
			Tags: pulumi.StringMap{
				"environment": pulumi.String("Production"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-resources",
        Location = "West Europe",
    });

    var exampleNetworkSecurityGroup = new Azure.Network.NetworkSecurityGroup("example", new()
    {
        Name = "example-security-group",
        Location = example.Location,
        ResourceGroupName = example.Name,
    });

    var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("example", new()
    {
        Name = "example-network",
        Location = example.Location,
        ResourceGroupName = example.Name,
        AddressSpaces = new[]
        {
            "10.0.0.0/16",
        },
        DnsServers = new[]
        {
            "10.0.0.4",
            "10.0.0.5",
        },
        Subnets = new[]
        {
            new Azure.Network.Inputs.VirtualNetworkSubnetArgs
            {
                Name = "subnet1",
                AddressPrefixes = new[]
                {
                    "10.0.1.0/24",
                },
            },
            new Azure.Network.Inputs.VirtualNetworkSubnetArgs
            {
                Name = "subnet2",
                AddressPrefixes = new[]
                {
                    "10.0.2.0/24",
                },
                SecurityGroup = exampleNetworkSecurityGroup.Id,
            },
        },
        Tags = 
        {
            { "environment", "Production" },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.NetworkSecurityGroup;
import com.pulumi.azure.network.NetworkSecurityGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.inputs.VirtualNetworkSubnetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-resources")
            .location("West Europe")
            .build());

        var exampleNetworkSecurityGroup = new NetworkSecurityGroup("exampleNetworkSecurityGroup", NetworkSecurityGroupArgs.builder()
            .name("example-security-group")
            .location(example.location())
            .resourceGroupName(example.name())
            .build());

        var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
            .name("example-network")
            .location(example.location())
            .resourceGroupName(example.name())
            .addressSpaces("10.0.0.0/16")
            .dnsServers(            
                "10.0.0.4",
                "10.0.0.5")
            .subnets(            
                VirtualNetworkSubnetArgs.builder()
                    .name("subnet1")
                    .addressPrefixes("10.0.1.0/24")
                    .build(),
                VirtualNetworkSubnetArgs.builder()
                    .name("subnet2")
                    .addressPrefixes("10.0.2.0/24")
                    .securityGroup(exampleNetworkSecurityGroup.id())
                    .build())
            .tags(Map.of("environment", "Production"))
            .build());

    }
}

resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-resources
      location: West Europe
  exampleNetworkSecurityGroup:
    type: azure:network:NetworkSecurityGroup
    name: example
    properties:
      name: example-security-group
      location: ${example.location}
      resourceGroupName: ${example.name}
  exampleVirtualNetwork:
    type: azure:network:VirtualNetwork
    name: example
    properties:
      name: example-network
      location: ${example.location}
      resourceGroupName: ${example.name}
      addressSpaces:
        - 10.0.0.0/16
      dnsServers:
        - 10.0.0.4
        - 10.0.0.5
      subnets:
        - name: subnet1
          addressPrefixes:
            - 10.0.1.0/24
        - name: subnet2
          addressPrefixes:
            - 10.0.2.0/24
          securityGroup: ${exampleNetworkSecurityGroup.id}
      tags:
        environment: Production

Create VirtualNetwork Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new VirtualNetwork(name: string, args: VirtualNetworkArgs, opts?: CustomResourceOptions);

@overload
def VirtualNetwork(resource_name: str,
                   args: VirtualNetworkArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def VirtualNetwork(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   address_spaces: Optional[Sequence[str]] = None,
                   resource_group_name: Optional[str] = None,
                   flow_timeout_in_minutes: Optional[int] = None,
                   dns_servers: Optional[Sequence[str]] = None,
                   edge_zone: Optional[str] = None,
                   encryption: Optional[VirtualNetworkEncryptionArgs] = None,
                   ddos_protection_plan: Optional[VirtualNetworkDdosProtectionPlanArgs] = None,
                   location: Optional[str] = None,
                   name: Optional[str] = None,
                   private_endpoint_vnet_policies: Optional[str] = None,
                   bgp_community: Optional[str] = None,
                   subnets: Optional[Sequence[VirtualNetworkSubnetArgs]] = None,
                   tags: Optional[Mapping[str, str]] = None)

func NewVirtualNetwork(ctx *Context, name string, args VirtualNetworkArgs, opts ...ResourceOption) (*VirtualNetwork, error)

public VirtualNetwork(string name, VirtualNetworkArgs args, CustomResourceOptions? opts = null)

public VirtualNetwork(String name, VirtualNetworkArgs args)
public VirtualNetwork(String name, VirtualNetworkArgs args, CustomResourceOptions options)

type: azure:network:VirtualNetwork
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args VirtualNetworkArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args VirtualNetworkArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args VirtualNetworkArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args VirtualNetworkArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args VirtualNetworkArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var azureVirtualNetworkResource = new Azure.Network.VirtualNetwork("azureVirtualNetworkResource", new()
{
    AddressSpaces = new[]
    {
        "string",
    },
    ResourceGroupName = "string",
    FlowTimeoutInMinutes = 0,
    DnsServers = new[]
    {
        "string",
    },
    EdgeZone = "string",
    Encryption = new Azure.Network.Inputs.VirtualNetworkEncryptionArgs
    {
        Enforcement = "string",
    },
    DdosProtectionPlan = new Azure.Network.Inputs.VirtualNetworkDdosProtectionPlanArgs
    {
        Enable = false,
        Id = "string",
    },
    Location = "string",
    Name = "string",
    PrivateEndpointVnetPolicies = "string",
    BgpCommunity = "string",
    Subnets = new[]
    {
        new Azure.Network.Inputs.VirtualNetworkSubnetArgs
        {
            AddressPrefixes = new[]
            {
                "string",
            },
            Name = "string",
            DefaultOutboundAccessEnabled = false,
            Delegation = new Azure.Network.Inputs.VirtualNetworkSubnetDelegationArgs
            {
                Name = "string",
                ServiceDelegation = new Azure.Network.Inputs.VirtualNetworkSubnetDelegationServiceDelegationArgs
                {
                    Name = "string",
                    Actions = new[]
                    {
                        "string",
                    },
                },
            },
            Id = "string",
            PrivateEndpointNetworkPolicies = "string",
            PrivateLinkServiceNetworkPoliciesEnabled = false,
            RouteTableId = "string",
            SecurityGroup = "string",
            ServiceEndpointPolicyIds = new[]
            {
                "string",
            },
            ServiceEndpoints = new[]
            {
                "string",
            },
        },
    },
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := network.NewVirtualNetwork(ctx, "azureVirtualNetworkResource", &network.VirtualNetworkArgs{
	AddressSpaces: pulumi.StringArray{
		pulumi.String("string"),
	},
	ResourceGroupName:    pulumi.String("string"),
	FlowTimeoutInMinutes: pulumi.Int(0),
	DnsServers: pulumi.StringArray{
		pulumi.String("string"),
	},
	EdgeZone: pulumi.String("string"),
	Encryption: &network.VirtualNetworkEncryptionArgs{
		Enforcement: pulumi.String("string"),
	},
	DdosProtectionPlan: &network.VirtualNetworkDdosProtectionPlanArgs{
		Enable: pulumi.Bool(false),
		Id:     pulumi.String("string"),
	},
	Location:                    pulumi.String("string"),
	Name:                        pulumi.String("string"),
	PrivateEndpointVnetPolicies: pulumi.String("string"),
	BgpCommunity:                pulumi.String("string"),
	Subnets: network.VirtualNetworkSubnetArray{
		&network.VirtualNetworkSubnetArgs{
			AddressPrefixes: pulumi.StringArray{
				pulumi.String("string"),
			},
			Name:                         pulumi.String("string"),
			DefaultOutboundAccessEnabled: pulumi.Bool(false),
			Delegation: &network.VirtualNetworkSubnetDelegationArgs{
				Name: pulumi.String("string"),
				ServiceDelegation: &network.VirtualNetworkSubnetDelegationServiceDelegationArgs{
					Name: pulumi.String("string"),
					Actions: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Id:                                       pulumi.String("string"),
			PrivateEndpointNetworkPolicies:           pulumi.String("string"),
			PrivateLinkServiceNetworkPoliciesEnabled: pulumi.Bool(false),
			RouteTableId:                             pulumi.String("string"),
			SecurityGroup:                            pulumi.String("string"),
			ServiceEndpointPolicyIds: pulumi.StringArray{
				pulumi.String("string"),
			},
			ServiceEndpoints: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var azureVirtualNetworkResource = new VirtualNetwork("azureVirtualNetworkResource", VirtualNetworkArgs.builder()
    .addressSpaces("string")
    .resourceGroupName("string")
    .flowTimeoutInMinutes(0)
    .dnsServers("string")
    .edgeZone("string")
    .encryption(VirtualNetworkEncryptionArgs.builder()
        .enforcement("string")
        .build())
    .ddosProtectionPlan(VirtualNetworkDdosProtectionPlanArgs.builder()
        .enable(false)
        .id("string")
        .build())
    .location("string")
    .name("string")
    .privateEndpointVnetPolicies("string")
    .bgpCommunity("string")
    .subnets(VirtualNetworkSubnetArgs.builder()
        .addressPrefixes("string")
        .name("string")
        .defaultOutboundAccessEnabled(false)
        .delegation(VirtualNetworkSubnetDelegationArgs.builder()
            .name("string")
            .serviceDelegation(VirtualNetworkSubnetDelegationServiceDelegationArgs.builder()
                .name("string")
                .actions("string")
                .build())
            .build())
        .id("string")
        .privateEndpointNetworkPolicies("string")
        .privateLinkServiceNetworkPoliciesEnabled(false)
        .routeTableId("string")
        .securityGroup("string")
        .serviceEndpointPolicyIds("string")
        .serviceEndpoints("string")
        .build())
    .tags(Map.of("string", "string"))
    .build());

azure_virtual_network_resource = azure.network.VirtualNetwork("azureVirtualNetworkResource",
    address_spaces=["string"],
    resource_group_name="string",
    flow_timeout_in_minutes=0,
    dns_servers=["string"],
    edge_zone="string",
    encryption={
        "enforcement": "string",
    },
    ddos_protection_plan={
        "enable": False,
        "id": "string",
    },
    location="string",
    name="string",
    private_endpoint_vnet_policies="string",
    bgp_community="string",
    subnets=[{
        "address_prefixes": ["string"],
        "name": "string",
        "default_outbound_access_enabled": False,
        "delegation": {
            "name": "string",
            "service_delegation": {
                "name": "string",
                "actions": ["string"],
            },
        },
        "id": "string",
        "private_endpoint_network_policies": "string",
        "private_link_service_network_policies_enabled": False,
        "route_table_id": "string",
        "security_group": "string",
        "service_endpoint_policy_ids": ["string"],
        "service_endpoints": ["string"],
    }],
    tags={
        "string": "string",
    })

const azureVirtualNetworkResource = new azure.network.VirtualNetwork("azureVirtualNetworkResource", {
    addressSpaces: ["string"],
    resourceGroupName: "string",
    flowTimeoutInMinutes: 0,
    dnsServers: ["string"],
    edgeZone: "string",
    encryption: {
        enforcement: "string",
    },
    ddosProtectionPlan: {
        enable: false,
        id: "string",
    },
    location: "string",
    name: "string",
    privateEndpointVnetPolicies: "string",
    bgpCommunity: "string",
    subnets: [{
        addressPrefixes: ["string"],
        name: "string",
        defaultOutboundAccessEnabled: false,
        delegation: {
            name: "string",
            serviceDelegation: {
                name: "string",
                actions: ["string"],
            },
        },
        id: "string",
        privateEndpointNetworkPolicies: "string",
        privateLinkServiceNetworkPoliciesEnabled: false,
        routeTableId: "string",
        securityGroup: "string",
        serviceEndpointPolicyIds: ["string"],
        serviceEndpoints: ["string"],
    }],
    tags: {
        string: "string",
    },
});

type: azure:network:VirtualNetwork
properties:
    addressSpaces:
        - string
    bgpCommunity: string
    ddosProtectionPlan:
        enable: false
        id: string
    dnsServers:
        - string
    edgeZone: string
    encryption:
        enforcement: string
    flowTimeoutInMinutes: 0
    location: string
    name: string
    privateEndpointVnetPolicies: string
    resourceGroupName: string
    subnets:
        - addressPrefixes:
            - string
          defaultOutboundAccessEnabled: false
          delegation:
            name: string
            serviceDelegation:
                actions:
                    - string
                name: string
          id: string
          name: string
          privateEndpointNetworkPolicies: string
          privateLinkServiceNetworkPoliciesEnabled: false
          routeTableId: string
          securityGroup: string
          serviceEndpointPolicyIds:
            - string
          serviceEndpoints:
            - string
    tags:
        string: string

VirtualNetwork Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The VirtualNetwork resource accepts the following input properties:

AddressSpaces List<string>: The address space that is used the virtual network. You can supply more than one address space.
ResourceGroupName string: The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
BgpCommunity string: The BGP community attribute in format <as-number>:<community-value>.
NOTE The as-number segment is the Microsoft ASN, which is always 12076 for now.
DdosProtectionPlan VirtualNetworkDdosProtectionPlan: A ddos_protection_plan block as documented below.
DnsServers List<string>: List of IP addresses of DNS servers
NOTE Since dns_servers can be configured both inline and via the separate azure.network.VirtualNetworkDnsServers resource, we have to explicitly set it to empty slice ([]) to remove it.
EdgeZone string: Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
Encryption VirtualNetworkEncryption: A encryption block as defined below.
FlowTimeoutInMinutes int: The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
Location string: The location/region where the virtual network is created. Changing this forces a new resource to be created.
Name string: The name of the virtual network. Changing this forces a new resource to be created.
PrivateEndpointVnetPolicies string: The Private Endpoint VNet Policies for the Virtual Network. Possible values are Disabled and Basic. Defaults to Disabled.
Subnets List<VirtualNetworkSubnet>: Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.
NOTE Since subnet can be configured both inline and via the separate azure.network.Subnet resource, we have to explicitly set it to empty slice ([]) to remove it.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.

AddressSpaces []string: The address space that is used the virtual network. You can supply more than one address space.
ResourceGroupName string: The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
BgpCommunity string: The BGP community attribute in format <as-number>:<community-value>.
NOTE The as-number segment is the Microsoft ASN, which is always 12076 for now.
DdosProtectionPlan VirtualNetworkDdosProtectionPlanArgs: A ddos_protection_plan block as documented below.
DnsServers []string: List of IP addresses of DNS servers
NOTE Since dns_servers can be configured both inline and via the separate azure.network.VirtualNetworkDnsServers resource, we have to explicitly set it to empty slice ([]) to remove it.
EdgeZone string: Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
Encryption VirtualNetworkEncryptionArgs: A encryption block as defined below.
FlowTimeoutInMinutes int: The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
Location string: The location/region where the virtual network is created. Changing this forces a new resource to be created.
Name string: The name of the virtual network. Changing this forces a new resource to be created.
PrivateEndpointVnetPolicies string: The Private Endpoint VNet Policies for the Virtual Network. Possible values are Disabled and Basic. Defaults to Disabled.
Subnets []VirtualNetworkSubnetArgs: Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.
NOTE Since subnet can be configured both inline and via the separate azure.network.Subnet resource, we have to explicitly set it to empty slice ([]) to remove it.
Tags map[string]string: A mapping of tags to assign to the resource.

addressSpaces List<String>: The address space that is used the virtual network. You can supply more than one address space.
resourceGroupName String: The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
bgpCommunity String: The BGP community attribute in format <as-number>:<community-value>.
NOTE The as-number segment is the Microsoft ASN, which is always 12076 for now.
ddosProtectionPlan VirtualNetworkDdosProtectionPlan: A ddos_protection_plan block as documented below.
dnsServers List<String>: List of IP addresses of DNS servers
NOTE Since dns_servers can be configured both inline and via the separate azure.network.VirtualNetworkDnsServers resource, we have to explicitly set it to empty slice ([]) to remove it.
edgeZone String: Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
encryption VirtualNetworkEncryption: A encryption block as defined below.
flowTimeoutInMinutes Integer: The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
location String: The location/region where the virtual network is created. Changing this forces a new resource to be created.
name String: The name of the virtual network. Changing this forces a new resource to be created.
privateEndpointVnetPolicies String: The Private Endpoint VNet Policies for the Virtual Network. Possible values are Disabled and Basic. Defaults to Disabled.
subnets List<VirtualNetworkSubnet>: Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.
NOTE Since subnet can be configured both inline and via the separate azure.network.Subnet resource, we have to explicitly set it to empty slice ([]) to remove it.
tags Map<String,String>: A mapping of tags to assign to the resource.

addressSpaces string[]: The address space that is used the virtual network. You can supply more than one address space.
resourceGroupName string: The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
bgpCommunity string: The BGP community attribute in format <as-number>:<community-value>.
NOTE The as-number segment is the Microsoft ASN, which is always 12076 for now.
ddosProtectionPlan VirtualNetworkDdosProtectionPlan: A ddos_protection_plan block as documented below.
dnsServers string[]: List of IP addresses of DNS servers
NOTE Since dns_servers can be configured both inline and via the separate azure.network.VirtualNetworkDnsServers resource, we have to explicitly set it to empty slice ([]) to remove it.
edgeZone string: Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
encryption VirtualNetworkEncryption: A encryption block as defined below.
flowTimeoutInMinutes number: The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
location string: The location/region where the virtual network is created. Changing this forces a new resource to be created.
name string: The name of the virtual network. Changing this forces a new resource to be created.
privateEndpointVnetPolicies string: The Private Endpoint VNet Policies for the Virtual Network. Possible values are Disabled and Basic. Defaults to Disabled.
subnets VirtualNetworkSubnet[]: Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.
NOTE Since subnet can be configured both inline and via the separate azure.network.Subnet resource, we have to explicitly set it to empty slice ([]) to remove it.
tags {[key: string]: string}: A mapping of tags to assign to the resource.

address_spaces Sequence[str]: The address space that is used the virtual network. You can supply more than one address space.
resource_group_name str: The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
bgp_community str: The BGP community attribute in format <as-number>:<community-value>.
NOTE The as-number segment is the Microsoft ASN, which is always 12076 for now.
ddos_protection_plan VirtualNetworkDdosProtectionPlanArgs: A ddos_protection_plan block as documented below.
dns_servers Sequence[str]: List of IP addresses of DNS servers
NOTE Since dns_servers can be configured both inline and via the separate azure.network.VirtualNetworkDnsServers resource, we have to explicitly set it to empty slice ([]) to remove it.
edge_zone str: Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
encryption VirtualNetworkEncryptionArgs: A encryption block as defined below.
flow_timeout_in_minutes int: The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
location str: The location/region where the virtual network is created. Changing this forces a new resource to be created.
name str: The name of the virtual network. Changing this forces a new resource to be created.
private_endpoint_vnet_policies str: The Private Endpoint VNet Policies for the Virtual Network. Possible values are Disabled and Basic. Defaults to Disabled.
subnets Sequence[VirtualNetworkSubnetArgs]: Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.
NOTE Since subnet can be configured both inline and via the separate azure.network.Subnet resource, we have to explicitly set it to empty slice ([]) to remove it.
tags Mapping[str, str]: A mapping of tags to assign to the resource.

addressSpaces List<String>: The address space that is used the virtual network. You can supply more than one address space.
resourceGroupName String: The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
bgpCommunity String: The BGP community attribute in format <as-number>:<community-value>.
NOTE The as-number segment is the Microsoft ASN, which is always 12076 for now.
ddosProtectionPlan Property Map: A ddos_protection_plan block as documented below.
dnsServers List<String>: List of IP addresses of DNS servers
NOTE Since dns_servers can be configured both inline and via the separate azure.network.VirtualNetworkDnsServers resource, we have to explicitly set it to empty slice ([]) to remove it.
edgeZone String: Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
encryption Property Map: A encryption block as defined below.
flowTimeoutInMinutes Number: The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
location String: The location/region where the virtual network is created. Changing this forces a new resource to be created.
name String: The name of the virtual network. Changing this forces a new resource to be created.
privateEndpointVnetPolicies String: The Private Endpoint VNet Policies for the Virtual Network. Possible values are Disabled and Basic. Defaults to Disabled.
subnets List<Property Map>: Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.
NOTE Since subnet can be configured both inline and via the separate azure.network.Subnet resource, we have to explicitly set it to empty slice ([]) to remove it.
tags Map<String>: A mapping of tags to assign to the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the VirtualNetwork resource produces the following output properties:

Guid string: The GUID of the virtual network.
Id string: The provider-assigned unique ID for this managed resource.

Guid string: The GUID of the virtual network.
Id string: The provider-assigned unique ID for this managed resource.

guid String: The GUID of the virtual network.
id String: The provider-assigned unique ID for this managed resource.

guid string: The GUID of the virtual network.
id string: The provider-assigned unique ID for this managed resource.

guid str: The GUID of the virtual network.
id str: The provider-assigned unique ID for this managed resource.

guid String: The GUID of the virtual network.
id String: The provider-assigned unique ID for this managed resource.

Look up Existing VirtualNetwork Resource

Get an existing VirtualNetwork resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VirtualNetworkState, opts?: CustomResourceOptions): VirtualNetwork

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        address_spaces: Optional[Sequence[str]] = None,
        bgp_community: Optional[str] = None,
        ddos_protection_plan: Optional[VirtualNetworkDdosProtectionPlanArgs] = None,
        dns_servers: Optional[Sequence[str]] = None,
        edge_zone: Optional[str] = None,
        encryption: Optional[VirtualNetworkEncryptionArgs] = None,
        flow_timeout_in_minutes: Optional[int] = None,
        guid: Optional[str] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        private_endpoint_vnet_policies: Optional[str] = None,
        resource_group_name: Optional[str] = None,
        subnets: Optional[Sequence[VirtualNetworkSubnetArgs]] = None,
        tags: Optional[Mapping[str, str]] = None) -> VirtualNetwork

func GetVirtualNetwork(ctx *Context, name string, id IDInput, state *VirtualNetworkState, opts ...ResourceOption) (*VirtualNetwork, error)

public static VirtualNetwork Get(string name, Input<string> id, VirtualNetworkState? state, CustomResourceOptions? opts = null)

public static VirtualNetwork get(String name, Output<String> id, VirtualNetworkState state, CustomResourceOptions options)

resources:  _:    type: azure:network:VirtualNetwork    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AddressSpaces List<string>: The address space that is used the virtual network. You can supply more than one address space.
BgpCommunity string: The BGP community attribute in format <as-number>:<community-value>.
NOTE The as-number segment is the Microsoft ASN, which is always 12076 for now.
DdosProtectionPlan VirtualNetworkDdosProtectionPlan: A ddos_protection_plan block as documented below.
DnsServers List<string>: List of IP addresses of DNS servers
NOTE Since dns_servers can be configured both inline and via the separate azure.network.VirtualNetworkDnsServers resource, we have to explicitly set it to empty slice ([]) to remove it.
EdgeZone string: Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
Encryption VirtualNetworkEncryption: A encryption block as defined below.
FlowTimeoutInMinutes int: The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
Guid string: The GUID of the virtual network.
Location string: The location/region where the virtual network is created. Changing this forces a new resource to be created.
Name string: The name of the virtual network. Changing this forces a new resource to be created.
PrivateEndpointVnetPolicies string: The Private Endpoint VNet Policies for the Virtual Network. Possible values are Disabled and Basic. Defaults to Disabled.
ResourceGroupName string: The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
Subnets List<VirtualNetworkSubnet>: Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.
NOTE Since subnet can be configured both inline and via the separate azure.network.Subnet resource, we have to explicitly set it to empty slice ([]) to remove it.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.

AddressSpaces []string: The address space that is used the virtual network. You can supply more than one address space.
BgpCommunity string: The BGP community attribute in format <as-number>:<community-value>.
NOTE The as-number segment is the Microsoft ASN, which is always 12076 for now.
DdosProtectionPlan VirtualNetworkDdosProtectionPlanArgs: A ddos_protection_plan block as documented below.
DnsServers []string: List of IP addresses of DNS servers
NOTE Since dns_servers can be configured both inline and via the separate azure.network.VirtualNetworkDnsServers resource, we have to explicitly set it to empty slice ([]) to remove it.
EdgeZone string: Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
Encryption VirtualNetworkEncryptionArgs: A encryption block as defined below.
FlowTimeoutInMinutes int: The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
Guid string: The GUID of the virtual network.
Location string: The location/region where the virtual network is created. Changing this forces a new resource to be created.
Name string: The name of the virtual network. Changing this forces a new resource to be created.
PrivateEndpointVnetPolicies string: The Private Endpoint VNet Policies for the Virtual Network. Possible values are Disabled and Basic. Defaults to Disabled.
ResourceGroupName string: The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
Subnets []VirtualNetworkSubnetArgs: Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.
NOTE Since subnet can be configured both inline and via the separate azure.network.Subnet resource, we have to explicitly set it to empty slice ([]) to remove it.
Tags map[string]string: A mapping of tags to assign to the resource.

addressSpaces List<String>: The address space that is used the virtual network. You can supply more than one address space.
bgpCommunity String: The BGP community attribute in format <as-number>:<community-value>.
NOTE The as-number segment is the Microsoft ASN, which is always 12076 for now.
ddosProtectionPlan VirtualNetworkDdosProtectionPlan: A ddos_protection_plan block as documented below.
dnsServers List<String>: List of IP addresses of DNS servers
NOTE Since dns_servers can be configured both inline and via the separate azure.network.VirtualNetworkDnsServers resource, we have to explicitly set it to empty slice ([]) to remove it.
edgeZone String: Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
encryption VirtualNetworkEncryption: A encryption block as defined below.
flowTimeoutInMinutes Integer: The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
guid String: The GUID of the virtual network.
location String: The location/region where the virtual network is created. Changing this forces a new resource to be created.
name String: The name of the virtual network. Changing this forces a new resource to be created.
privateEndpointVnetPolicies String: The Private Endpoint VNet Policies for the Virtual Network. Possible values are Disabled and Basic. Defaults to Disabled.
resourceGroupName String: The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
subnets List<VirtualNetworkSubnet>: Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.
NOTE Since subnet can be configured both inline and via the separate azure.network.Subnet resource, we have to explicitly set it to empty slice ([]) to remove it.
tags Map<String,String>: A mapping of tags to assign to the resource.

addressSpaces string[]: The address space that is used the virtual network. You can supply more than one address space.
bgpCommunity string: The BGP community attribute in format <as-number>:<community-value>.
NOTE The as-number segment is the Microsoft ASN, which is always 12076 for now.
ddosProtectionPlan VirtualNetworkDdosProtectionPlan: A ddos_protection_plan block as documented below.
dnsServers string[]: List of IP addresses of DNS servers
NOTE Since dns_servers can be configured both inline and via the separate azure.network.VirtualNetworkDnsServers resource, we have to explicitly set it to empty slice ([]) to remove it.
edgeZone string: Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
encryption VirtualNetworkEncryption: A encryption block as defined below.
flowTimeoutInMinutes number: The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
guid string: The GUID of the virtual network.
location string: The location/region where the virtual network is created. Changing this forces a new resource to be created.
name string: The name of the virtual network. Changing this forces a new resource to be created.
privateEndpointVnetPolicies string: The Private Endpoint VNet Policies for the Virtual Network. Possible values are Disabled and Basic. Defaults to Disabled.
resourceGroupName string: The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
subnets VirtualNetworkSubnet[]: Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.
NOTE Since subnet can be configured both inline and via the separate azure.network.Subnet resource, we have to explicitly set it to empty slice ([]) to remove it.
tags {[key: string]: string}: A mapping of tags to assign to the resource.

address_spaces Sequence[str]: The address space that is used the virtual network. You can supply more than one address space.
bgp_community str: The BGP community attribute in format <as-number>:<community-value>.
NOTE The as-number segment is the Microsoft ASN, which is always 12076 for now.
ddos_protection_plan VirtualNetworkDdosProtectionPlanArgs: A ddos_protection_plan block as documented below.
dns_servers Sequence[str]: List of IP addresses of DNS servers
NOTE Since dns_servers can be configured both inline and via the separate azure.network.VirtualNetworkDnsServers resource, we have to explicitly set it to empty slice ([]) to remove it.
edge_zone str: Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
encryption VirtualNetworkEncryptionArgs: A encryption block as defined below.
flow_timeout_in_minutes int: The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
guid str: The GUID of the virtual network.
location str: The location/region where the virtual network is created. Changing this forces a new resource to be created.
name str: The name of the virtual network. Changing this forces a new resource to be created.
private_endpoint_vnet_policies str: The Private Endpoint VNet Policies for the Virtual Network. Possible values are Disabled and Basic. Defaults to Disabled.
resource_group_name str: The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
subnets Sequence[VirtualNetworkSubnetArgs]: Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.
NOTE Since subnet can be configured both inline and via the separate azure.network.Subnet resource, we have to explicitly set it to empty slice ([]) to remove it.
tags Mapping[str, str]: A mapping of tags to assign to the resource.

addressSpaces List<String>: The address space that is used the virtual network. You can supply more than one address space.
bgpCommunity String: The BGP community attribute in format <as-number>:<community-value>.
NOTE The as-number segment is the Microsoft ASN, which is always 12076 for now.
ddosProtectionPlan Property Map: A ddos_protection_plan block as documented below.
dnsServers List<String>: List of IP addresses of DNS servers
NOTE Since dns_servers can be configured both inline and via the separate azure.network.VirtualNetworkDnsServers resource, we have to explicitly set it to empty slice ([]) to remove it.
edgeZone String: Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.
encryption Property Map: A encryption block as defined below.
flowTimeoutInMinutes Number: The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.
guid String: The GUID of the virtual network.
location String: The location/region where the virtual network is created. Changing this forces a new resource to be created.
name String: The name of the virtual network. Changing this forces a new resource to be created.
privateEndpointVnetPolicies String: The Private Endpoint VNet Policies for the Virtual Network. Possible values are Disabled and Basic. Defaults to Disabled.
resourceGroupName String: The name of the resource group in which to create the virtual network. Changing this forces a new resource to be created.
subnets List<Property Map>: Can be specified multiple times to define multiple subnets. Each subnet block supports fields documented below.
NOTE Since subnet can be configured both inline and via the separate azure.network.Subnet resource, we have to explicitly set it to empty slice ([]) to remove it.
tags Map<String>: A mapping of tags to assign to the resource.

Supporting Types

VirtualNetworkDdosProtectionPlan, VirtualNetworkDdosProtectionPlanArgs

Enable bool: Enable/disable DDoS Protection Plan on Virtual Network.
Id string: The ID of DDoS Protection Plan.

Enable bool: Enable/disable DDoS Protection Plan on Virtual Network.
Id string: The ID of DDoS Protection Plan.

enable Boolean: Enable/disable DDoS Protection Plan on Virtual Network.
id String: The ID of DDoS Protection Plan.

enable boolean: Enable/disable DDoS Protection Plan on Virtual Network.
id string: The ID of DDoS Protection Plan.

enable bool: Enable/disable DDoS Protection Plan on Virtual Network.
id str: The ID of DDoS Protection Plan.

enable Boolean: Enable/disable DDoS Protection Plan on Virtual Network.
id String: The ID of DDoS Protection Plan.

VirtualNetworkEncryption, VirtualNetworkEncryptionArgs

Enforcement string: Specifies if the encrypted Virtual Network allows VM that does not support encryption. Possible values are DropUnencrypted and AllowUnencrypted.
NOTE: Currently AllowUnencrypted is the only supported value for the enforcement property as DropUnencrypted is not yet in public preview or general availability. Please see the official documentation for more information.

Enforcement string: Specifies if the encrypted Virtual Network allows VM that does not support encryption. Possible values are DropUnencrypted and AllowUnencrypted.
NOTE: Currently AllowUnencrypted is the only supported value for the enforcement property as DropUnencrypted is not yet in public preview or general availability. Please see the official documentation for more information.

enforcement String: Specifies if the encrypted Virtual Network allows VM that does not support encryption. Possible values are DropUnencrypted and AllowUnencrypted.
NOTE: Currently AllowUnencrypted is the only supported value for the enforcement property as DropUnencrypted is not yet in public preview or general availability. Please see the official documentation for more information.

enforcement string: Specifies if the encrypted Virtual Network allows VM that does not support encryption. Possible values are DropUnencrypted and AllowUnencrypted.
NOTE: Currently AllowUnencrypted is the only supported value for the enforcement property as DropUnencrypted is not yet in public preview or general availability. Please see the official documentation for more information.

enforcement str: Specifies if the encrypted Virtual Network allows VM that does not support encryption. Possible values are DropUnencrypted and AllowUnencrypted.
NOTE: Currently AllowUnencrypted is the only supported value for the enforcement property as DropUnencrypted is not yet in public preview or general availability. Please see the official documentation for more information.

enforcement String: Specifies if the encrypted Virtual Network allows VM that does not support encryption. Possible values are DropUnencrypted and AllowUnencrypted.
NOTE: Currently AllowUnencrypted is the only supported value for the enforcement property as DropUnencrypted is not yet in public preview or general availability. Please see the official documentation for more information.

VirtualNetworkSubnet, VirtualNetworkSubnetArgs

AddressPrefixes List<string>: The address prefixes to use for the subnet.
Name string: The name of the subnet.
DefaultOutboundAccessEnabled bool: Enable default outbound access to the internet for the subnet. Defaults to true.
Delegation VirtualNetworkSubnetDelegation: One or more delegation blocks as defined below.
Id string: The ID of this subnet.
PrivateEndpointNetworkPolicies string: Enable or Disable network policies for the private endpoint on the subnet. Possible values are Disabled, Enabled, NetworkSecurityGroupEnabled and RouteTableEnabled. Defaults to Disabled.
NOTE: If you don't want to use network policies like user-defined Routes and Network Security Groups, you need to set private_endpoint_network_policies in the subnet to Disabled. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet.
NOTE: If you want to use network policies like user-defined Routes and Network Security Groups, you need to set the private_endpoint_network_policies in the Subnet to Enabled/NetworkSecurityGroupEnabled/RouteTableEnabled. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet.
NOTE: See more details from Manage network policies for Private Endpoints.
PrivateLinkServiceNetworkPoliciesEnabled bool: Enable or Disable network policies for the private link service on the subnet. Defaults to true.
NOTE: When configuring Azure Private Link service, the explicit setting private_link_service_network_policies_enabled must be set to false in the subnet since Private Link Service does not support network policies like user-defined Routes and Network Security Groups. This setting only affects the Private Link service. For other resources in the subnet, access is controlled based on the Network Security Group which can be configured using the azure.network.SubnetNetworkSecurityGroupAssociation resource. See more details from Manage network policies for Private Link Services.
RouteTableId string: The ID of the Route Table that should be associated with this subnet.
SecurityGroup string: The Network Security Group to associate with the subnet. (Referenced by id, ie. azurerm_network_security_group.example.id)
ServiceEndpointPolicyIds List<string>: The list of IDs of Service Endpoint Policies to associate with the subnet.
ServiceEndpoints List<string>: The list of Service endpoints to associate with the subnet. Possible values include: Microsoft.AzureActiveDirectory, Microsoft.AzureCosmosDB, Microsoft.ContainerRegistry, Microsoft.EventHub, Microsoft.KeyVault, Microsoft.ServiceBus, Microsoft.Sql, Microsoft.Storage, Microsoft.Storage.Global and Microsoft.Web.

AddressPrefixes []string: The address prefixes to use for the subnet.
Name string: The name of the subnet.
DefaultOutboundAccessEnabled bool: Enable default outbound access to the internet for the subnet. Defaults to true.
Delegation VirtualNetworkSubnetDelegation: One or more delegation blocks as defined below.
Id string: The ID of this subnet.
PrivateEndpointNetworkPolicies string: Enable or Disable network policies for the private endpoint on the subnet. Possible values are Disabled, Enabled, NetworkSecurityGroupEnabled and RouteTableEnabled. Defaults to Disabled.
NOTE: If you don't want to use network policies like user-defined Routes and Network Security Groups, you need to set private_endpoint_network_policies in the subnet to Disabled. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet.
NOTE: If you want to use network policies like user-defined Routes and Network Security Groups, you need to set the private_endpoint_network_policies in the Subnet to Enabled/NetworkSecurityGroupEnabled/RouteTableEnabled. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet.
NOTE: See more details from Manage network policies for Private Endpoints.
PrivateLinkServiceNetworkPoliciesEnabled bool: Enable or Disable network policies for the private link service on the subnet. Defaults to true.
NOTE: When configuring Azure Private Link service, the explicit setting private_link_service_network_policies_enabled must be set to false in the subnet since Private Link Service does not support network policies like user-defined Routes and Network Security Groups. This setting only affects the Private Link service. For other resources in the subnet, access is controlled based on the Network Security Group which can be configured using the azure.network.SubnetNetworkSecurityGroupAssociation resource. See more details from Manage network policies for Private Link Services.
RouteTableId string: The ID of the Route Table that should be associated with this subnet.
SecurityGroup string: The Network Security Group to associate with the subnet. (Referenced by id, ie. azurerm_network_security_group.example.id)
ServiceEndpointPolicyIds []string: The list of IDs of Service Endpoint Policies to associate with the subnet.
ServiceEndpoints []string: The list of Service endpoints to associate with the subnet. Possible values include: Microsoft.AzureActiveDirectory, Microsoft.AzureCosmosDB, Microsoft.ContainerRegistry, Microsoft.EventHub, Microsoft.KeyVault, Microsoft.ServiceBus, Microsoft.Sql, Microsoft.Storage, Microsoft.Storage.Global and Microsoft.Web.

addressPrefixes List<String>: The address prefixes to use for the subnet.
name String: The name of the subnet.
defaultOutboundAccessEnabled Boolean: Enable default outbound access to the internet for the subnet. Defaults to true.
delegation VirtualNetworkSubnetDelegation: One or more delegation blocks as defined below.
id String: The ID of this subnet.
privateEndpointNetworkPolicies String: Enable or Disable network policies for the private endpoint on the subnet. Possible values are Disabled, Enabled, NetworkSecurityGroupEnabled and RouteTableEnabled. Defaults to Disabled.
NOTE: If you don't want to use network policies like user-defined Routes and Network Security Groups, you need to set private_endpoint_network_policies in the subnet to Disabled. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet.
NOTE: If you want to use network policies like user-defined Routes and Network Security Groups, you need to set the private_endpoint_network_policies in the Subnet to Enabled/NetworkSecurityGroupEnabled/RouteTableEnabled. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet.
NOTE: See more details from Manage network policies for Private Endpoints.
privateLinkServiceNetworkPoliciesEnabled Boolean: Enable or Disable network policies for the private link service on the subnet. Defaults to true.
NOTE: When configuring Azure Private Link service, the explicit setting private_link_service_network_policies_enabled must be set to false in the subnet since Private Link Service does not support network policies like user-defined Routes and Network Security Groups. This setting only affects the Private Link service. For other resources in the subnet, access is controlled based on the Network Security Group which can be configured using the azure.network.SubnetNetworkSecurityGroupAssociation resource. See more details from Manage network policies for Private Link Services.
routeTableId String: The ID of the Route Table that should be associated with this subnet.
securityGroup String: The Network Security Group to associate with the subnet. (Referenced by id, ie. azurerm_network_security_group.example.id)
serviceEndpointPolicyIds List<String>: The list of IDs of Service Endpoint Policies to associate with the subnet.
serviceEndpoints List<String>: The list of Service endpoints to associate with the subnet. Possible values include: Microsoft.AzureActiveDirectory, Microsoft.AzureCosmosDB, Microsoft.ContainerRegistry, Microsoft.EventHub, Microsoft.KeyVault, Microsoft.ServiceBus, Microsoft.Sql, Microsoft.Storage, Microsoft.Storage.Global and Microsoft.Web.

addressPrefixes string[]: The address prefixes to use for the subnet.
name string: The name of the subnet.
defaultOutboundAccessEnabled boolean: Enable default outbound access to the internet for the subnet. Defaults to true.
delegation VirtualNetworkSubnetDelegation: One or more delegation blocks as defined below.
id string: The ID of this subnet.
privateEndpointNetworkPolicies string: Enable or Disable network policies for the private endpoint on the subnet. Possible values are Disabled, Enabled, NetworkSecurityGroupEnabled and RouteTableEnabled. Defaults to Disabled.
NOTE: If you don't want to use network policies like user-defined Routes and Network Security Groups, you need to set private_endpoint_network_policies in the subnet to Disabled. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet.
NOTE: If you want to use network policies like user-defined Routes and Network Security Groups, you need to set the private_endpoint_network_policies in the Subnet to Enabled/NetworkSecurityGroupEnabled/RouteTableEnabled. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet.
NOTE: See more details from Manage network policies for Private Endpoints.
privateLinkServiceNetworkPoliciesEnabled boolean: Enable or Disable network policies for the private link service on the subnet. Defaults to true.
NOTE: When configuring Azure Private Link service, the explicit setting private_link_service_network_policies_enabled must be set to false in the subnet since Private Link Service does not support network policies like user-defined Routes and Network Security Groups. This setting only affects the Private Link service. For other resources in the subnet, access is controlled based on the Network Security Group which can be configured using the azure.network.SubnetNetworkSecurityGroupAssociation resource. See more details from Manage network policies for Private Link Services.
routeTableId string: The ID of the Route Table that should be associated with this subnet.
securityGroup string: The Network Security Group to associate with the subnet. (Referenced by id, ie. azurerm_network_security_group.example.id)
serviceEndpointPolicyIds string[]: The list of IDs of Service Endpoint Policies to associate with the subnet.
serviceEndpoints string[]: The list of Service endpoints to associate with the subnet. Possible values include: Microsoft.AzureActiveDirectory, Microsoft.AzureCosmosDB, Microsoft.ContainerRegistry, Microsoft.EventHub, Microsoft.KeyVault, Microsoft.ServiceBus, Microsoft.Sql, Microsoft.Storage, Microsoft.Storage.Global and Microsoft.Web.

address_prefixes Sequence[str]: The address prefixes to use for the subnet.
name str: The name of the subnet.
default_outbound_access_enabled bool: Enable default outbound access to the internet for the subnet. Defaults to true.
delegation VirtualNetworkSubnetDelegation: One or more delegation blocks as defined below.
id str: The ID of this subnet.
private_endpoint_network_policies str: Enable or Disable network policies for the private endpoint on the subnet. Possible values are Disabled, Enabled, NetworkSecurityGroupEnabled and RouteTableEnabled. Defaults to Disabled.
NOTE: If you don't want to use network policies like user-defined Routes and Network Security Groups, you need to set private_endpoint_network_policies in the subnet to Disabled. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet.
NOTE: If you want to use network policies like user-defined Routes and Network Security Groups, you need to set the private_endpoint_network_policies in the Subnet to Enabled/NetworkSecurityGroupEnabled/RouteTableEnabled. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet.
NOTE: See more details from Manage network policies for Private Endpoints.
private_link_service_network_policies_enabled bool: Enable or Disable network policies for the private link service on the subnet. Defaults to true.
NOTE: When configuring Azure Private Link service, the explicit setting private_link_service_network_policies_enabled must be set to false in the subnet since Private Link Service does not support network policies like user-defined Routes and Network Security Groups. This setting only affects the Private Link service. For other resources in the subnet, access is controlled based on the Network Security Group which can be configured using the azure.network.SubnetNetworkSecurityGroupAssociation resource. See more details from Manage network policies for Private Link Services.
route_table_id str: The ID of the Route Table that should be associated with this subnet.
security_group str: The Network Security Group to associate with the subnet. (Referenced by id, ie. azurerm_network_security_group.example.id)
service_endpoint_policy_ids Sequence[str]: The list of IDs of Service Endpoint Policies to associate with the subnet.
service_endpoints Sequence[str]: The list of Service endpoints to associate with the subnet. Possible values include: Microsoft.AzureActiveDirectory, Microsoft.AzureCosmosDB, Microsoft.ContainerRegistry, Microsoft.EventHub, Microsoft.KeyVault, Microsoft.ServiceBus, Microsoft.Sql, Microsoft.Storage, Microsoft.Storage.Global and Microsoft.Web.

addressPrefixes List<String>: The address prefixes to use for the subnet.
name String: The name of the subnet.
defaultOutboundAccessEnabled Boolean: Enable default outbound access to the internet for the subnet. Defaults to true.
delegation Property Map: One or more delegation blocks as defined below.
id String: The ID of this subnet.
privateEndpointNetworkPolicies String: Enable or Disable network policies for the private endpoint on the subnet. Possible values are Disabled, Enabled, NetworkSecurityGroupEnabled and RouteTableEnabled. Defaults to Disabled.
NOTE: If you don't want to use network policies like user-defined Routes and Network Security Groups, you need to set private_endpoint_network_policies in the subnet to Disabled. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet.
NOTE: If you want to use network policies like user-defined Routes and Network Security Groups, you need to set the private_endpoint_network_policies in the Subnet to Enabled/NetworkSecurityGroupEnabled/RouteTableEnabled. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet.
NOTE: See more details from Manage network policies for Private Endpoints.
privateLinkServiceNetworkPoliciesEnabled Boolean: Enable or Disable network policies for the private link service on the subnet. Defaults to true.
NOTE: When configuring Azure Private Link service, the explicit setting private_link_service_network_policies_enabled must be set to false in the subnet since Private Link Service does not support network policies like user-defined Routes and Network Security Groups. This setting only affects the Private Link service. For other resources in the subnet, access is controlled based on the Network Security Group which can be configured using the azure.network.SubnetNetworkSecurityGroupAssociation resource. See more details from Manage network policies for Private Link Services.
routeTableId String: The ID of the Route Table that should be associated with this subnet.
securityGroup String: The Network Security Group to associate with the subnet. (Referenced by id, ie. azurerm_network_security_group.example.id)
serviceEndpointPolicyIds List<String>: The list of IDs of Service Endpoint Policies to associate with the subnet.
serviceEndpoints List<String>: The list of Service endpoints to associate with the subnet. Possible values include: Microsoft.AzureActiveDirectory, Microsoft.AzureCosmosDB, Microsoft.ContainerRegistry, Microsoft.EventHub, Microsoft.KeyVault, Microsoft.ServiceBus, Microsoft.Sql, Microsoft.Storage, Microsoft.Storage.Global and Microsoft.Web.

VirtualNetworkSubnetDelegation, VirtualNetworkSubnetDelegationArgs

Name string: A name for this delegation.
ServiceDelegation VirtualNetworkSubnetDelegationServiceDelegation: A service_delegation block as defined below.

Name string: A name for this delegation.
ServiceDelegation VirtualNetworkSubnetDelegationServiceDelegation: A service_delegation block as defined below.

name String: A name for this delegation.
serviceDelegation VirtualNetworkSubnetDelegationServiceDelegation: A service_delegation block as defined below.

name string: A name for this delegation.
serviceDelegation VirtualNetworkSubnetDelegationServiceDelegation: A service_delegation block as defined below.

name str: A name for this delegation.
service_delegation VirtualNetworkSubnetDelegationServiceDelegation: A service_delegation block as defined below.

name String: A name for this delegation.
serviceDelegation Property Map: A service_delegation block as defined below.

VirtualNetworkSubnetDelegationServiceDelegation, VirtualNetworkSubnetDelegationServiceDelegationArgs

Name string: The name of service to delegate to. Possible values are GitHub.Network/networkSettings, Informatica.DataManagement/organizations, Microsoft.ApiManagement/service, Microsoft.Apollo/npu, Microsoft.App/environments, Microsoft.App/testClients, Microsoft.AVS/PrivateClouds, Microsoft.AzureCosmosDB/clusters, Microsoft.BareMetal/AzureHostedService, Microsoft.BareMetal/AzureHPC, Microsoft.BareMetal/AzurePaymentHSM, Microsoft.BareMetal/AzureVMware, Microsoft.BareMetal/CrayServers, Microsoft.BareMetal/MonitoringServers, Microsoft.Batch/batchAccounts, Microsoft.CloudTest/hostedpools, Microsoft.CloudTest/images, Microsoft.CloudTest/pools, Microsoft.Codespaces/plans, Microsoft.ContainerInstance/containerGroups, Microsoft.ContainerService/managedClusters, Microsoft.ContainerService/TestClients, Microsoft.Databricks/workspaces, Microsoft.DBforMySQL/flexibleServers, Microsoft.DBforMySQL/servers, Microsoft.DBforMySQL/serversv2, Microsoft.DBforPostgreSQL/flexibleServers, Microsoft.DBforPostgreSQL/serversv2, Microsoft.DBforPostgreSQL/singleServers, Microsoft.DelegatedNetwork/controller, Microsoft.DevCenter/networkConnection, Microsoft.DevOpsInfrastructure/pools, Microsoft.DocumentDB/cassandraClusters, Microsoft.Fidalgo/networkSettings, Microsoft.HardwareSecurityModules/dedicatedHSMs, Microsoft.Kusto/clusters, Microsoft.LabServices/labplans, Microsoft.Logic/integrationServiceEnvironments, Microsoft.MachineLearningServices/workspaces, Microsoft.Netapp/volumes, Microsoft.Network/dnsResolvers, Microsoft.Network/managedResolvers, Microsoft.Network/fpgaNetworkInterfaces, Microsoft.Network/networkWatchers., Microsoft.Network/virtualNetworkGateways, Microsoft.Orbital/orbitalGateways, Microsoft.PowerPlatform/enterprisePolicies, Microsoft.PowerPlatform/vnetaccesslinks, Microsoft.ServiceFabricMesh/networks, Microsoft.ServiceNetworking/trafficControllers, Microsoft.Singularity/accounts/networks, Microsoft.Singularity/accounts/npu, Microsoft.Sql/managedInstances, Microsoft.Sql/managedInstancesOnebox, Microsoft.Sql/managedInstancesStage, Microsoft.Sql/managedInstancesTest, Microsoft.Sql/servers, Microsoft.StoragePool/diskPools, Microsoft.StreamAnalytics/streamingJobs, Microsoft.Synapse/workspaces, Microsoft.Web/hostingEnvironments, Microsoft.Web/serverFarms, NGINX.NGINXPLUS/nginxDeployments, PaloAltoNetworks.Cloudngfw/firewalls, Qumulo.Storage/fileSystems, and Oracle.Database/networkAttachments.
Actions List<string>: A list of Actions which should be delegated. This list is specific to the service to delegate to. Possible values are Microsoft.Network/networkinterfaces/*, Microsoft.Network/publicIPAddresses/join/action, Microsoft.Network/publicIPAddresses/read, Microsoft.Network/virtualNetworks/read, Microsoft.Network/virtualNetworks/subnets/action, Microsoft.Network/virtualNetworks/subnets/join/action, Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action, and Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action.
NOTE: Azure may add default actions depending on the service delegation name and they can't be changed.

Name string: The name of service to delegate to. Possible values are GitHub.Network/networkSettings, Informatica.DataManagement/organizations, Microsoft.ApiManagement/service, Microsoft.Apollo/npu, Microsoft.App/environments, Microsoft.App/testClients, Microsoft.AVS/PrivateClouds, Microsoft.AzureCosmosDB/clusters, Microsoft.BareMetal/AzureHostedService, Microsoft.BareMetal/AzureHPC, Microsoft.BareMetal/AzurePaymentHSM, Microsoft.BareMetal/AzureVMware, Microsoft.BareMetal/CrayServers, Microsoft.BareMetal/MonitoringServers, Microsoft.Batch/batchAccounts, Microsoft.CloudTest/hostedpools, Microsoft.CloudTest/images, Microsoft.CloudTest/pools, Microsoft.Codespaces/plans, Microsoft.ContainerInstance/containerGroups, Microsoft.ContainerService/managedClusters, Microsoft.ContainerService/TestClients, Microsoft.Databricks/workspaces, Microsoft.DBforMySQL/flexibleServers, Microsoft.DBforMySQL/servers, Microsoft.DBforMySQL/serversv2, Microsoft.DBforPostgreSQL/flexibleServers, Microsoft.DBforPostgreSQL/serversv2, Microsoft.DBforPostgreSQL/singleServers, Microsoft.DelegatedNetwork/controller, Microsoft.DevCenter/networkConnection, Microsoft.DevOpsInfrastructure/pools, Microsoft.DocumentDB/cassandraClusters, Microsoft.Fidalgo/networkSettings, Microsoft.HardwareSecurityModules/dedicatedHSMs, Microsoft.Kusto/clusters, Microsoft.LabServices/labplans, Microsoft.Logic/integrationServiceEnvironments, Microsoft.MachineLearningServices/workspaces, Microsoft.Netapp/volumes, Microsoft.Network/dnsResolvers, Microsoft.Network/managedResolvers, Microsoft.Network/fpgaNetworkInterfaces, Microsoft.Network/networkWatchers., Microsoft.Network/virtualNetworkGateways, Microsoft.Orbital/orbitalGateways, Microsoft.PowerPlatform/enterprisePolicies, Microsoft.PowerPlatform/vnetaccesslinks, Microsoft.ServiceFabricMesh/networks, Microsoft.ServiceNetworking/trafficControllers, Microsoft.Singularity/accounts/networks, Microsoft.Singularity/accounts/npu, Microsoft.Sql/managedInstances, Microsoft.Sql/managedInstancesOnebox, Microsoft.Sql/managedInstancesStage, Microsoft.Sql/managedInstancesTest, Microsoft.Sql/servers, Microsoft.StoragePool/diskPools, Microsoft.StreamAnalytics/streamingJobs, Microsoft.Synapse/workspaces, Microsoft.Web/hostingEnvironments, Microsoft.Web/serverFarms, NGINX.NGINXPLUS/nginxDeployments, PaloAltoNetworks.Cloudngfw/firewalls, Qumulo.Storage/fileSystems, and Oracle.Database/networkAttachments.
Actions []string: A list of Actions which should be delegated. This list is specific to the service to delegate to. Possible values are Microsoft.Network/networkinterfaces/*, Microsoft.Network/publicIPAddresses/join/action, Microsoft.Network/publicIPAddresses/read, Microsoft.Network/virtualNetworks/read, Microsoft.Network/virtualNetworks/subnets/action, Microsoft.Network/virtualNetworks/subnets/join/action, Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action, and Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action.
NOTE: Azure may add default actions depending on the service delegation name and they can't be changed.

name String: The name of service to delegate to. Possible values are GitHub.Network/networkSettings, Informatica.DataManagement/organizations, Microsoft.ApiManagement/service, Microsoft.Apollo/npu, Microsoft.App/environments, Microsoft.App/testClients, Microsoft.AVS/PrivateClouds, Microsoft.AzureCosmosDB/clusters, Microsoft.BareMetal/AzureHostedService, Microsoft.BareMetal/AzureHPC, Microsoft.BareMetal/AzurePaymentHSM, Microsoft.BareMetal/AzureVMware, Microsoft.BareMetal/CrayServers, Microsoft.BareMetal/MonitoringServers, Microsoft.Batch/batchAccounts, Microsoft.CloudTest/hostedpools, Microsoft.CloudTest/images, Microsoft.CloudTest/pools, Microsoft.Codespaces/plans, Microsoft.ContainerInstance/containerGroups, Microsoft.ContainerService/managedClusters, Microsoft.ContainerService/TestClients, Microsoft.Databricks/workspaces, Microsoft.DBforMySQL/flexibleServers, Microsoft.DBforMySQL/servers, Microsoft.DBforMySQL/serversv2, Microsoft.DBforPostgreSQL/flexibleServers, Microsoft.DBforPostgreSQL/serversv2, Microsoft.DBforPostgreSQL/singleServers, Microsoft.DelegatedNetwork/controller, Microsoft.DevCenter/networkConnection, Microsoft.DevOpsInfrastructure/pools, Microsoft.DocumentDB/cassandraClusters, Microsoft.Fidalgo/networkSettings, Microsoft.HardwareSecurityModules/dedicatedHSMs, Microsoft.Kusto/clusters, Microsoft.LabServices/labplans, Microsoft.Logic/integrationServiceEnvironments, Microsoft.MachineLearningServices/workspaces, Microsoft.Netapp/volumes, Microsoft.Network/dnsResolvers, Microsoft.Network/managedResolvers, Microsoft.Network/fpgaNetworkInterfaces, Microsoft.Network/networkWatchers., Microsoft.Network/virtualNetworkGateways, Microsoft.Orbital/orbitalGateways, Microsoft.PowerPlatform/enterprisePolicies, Microsoft.PowerPlatform/vnetaccesslinks, Microsoft.ServiceFabricMesh/networks, Microsoft.ServiceNetworking/trafficControllers, Microsoft.Singularity/accounts/networks, Microsoft.Singularity/accounts/npu, Microsoft.Sql/managedInstances, Microsoft.Sql/managedInstancesOnebox, Microsoft.Sql/managedInstancesStage, Microsoft.Sql/managedInstancesTest, Microsoft.Sql/servers, Microsoft.StoragePool/diskPools, Microsoft.StreamAnalytics/streamingJobs, Microsoft.Synapse/workspaces, Microsoft.Web/hostingEnvironments, Microsoft.Web/serverFarms, NGINX.NGINXPLUS/nginxDeployments, PaloAltoNetworks.Cloudngfw/firewalls, Qumulo.Storage/fileSystems, and Oracle.Database/networkAttachments.
actions List<String>: A list of Actions which should be delegated. This list is specific to the service to delegate to. Possible values are Microsoft.Network/networkinterfaces/*, Microsoft.Network/publicIPAddresses/join/action, Microsoft.Network/publicIPAddresses/read, Microsoft.Network/virtualNetworks/read, Microsoft.Network/virtualNetworks/subnets/action, Microsoft.Network/virtualNetworks/subnets/join/action, Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action, and Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action.
NOTE: Azure may add default actions depending on the service delegation name and they can't be changed.

name string: The name of service to delegate to. Possible values are GitHub.Network/networkSettings, Informatica.DataManagement/organizations, Microsoft.ApiManagement/service, Microsoft.Apollo/npu, Microsoft.App/environments, Microsoft.App/testClients, Microsoft.AVS/PrivateClouds, Microsoft.AzureCosmosDB/clusters, Microsoft.BareMetal/AzureHostedService, Microsoft.BareMetal/AzureHPC, Microsoft.BareMetal/AzurePaymentHSM, Microsoft.BareMetal/AzureVMware, Microsoft.BareMetal/CrayServers, Microsoft.BareMetal/MonitoringServers, Microsoft.Batch/batchAccounts, Microsoft.CloudTest/hostedpools, Microsoft.CloudTest/images, Microsoft.CloudTest/pools, Microsoft.Codespaces/plans, Microsoft.ContainerInstance/containerGroups, Microsoft.ContainerService/managedClusters, Microsoft.ContainerService/TestClients, Microsoft.Databricks/workspaces, Microsoft.DBforMySQL/flexibleServers, Microsoft.DBforMySQL/servers, Microsoft.DBforMySQL/serversv2, Microsoft.DBforPostgreSQL/flexibleServers, Microsoft.DBforPostgreSQL/serversv2, Microsoft.DBforPostgreSQL/singleServers, Microsoft.DelegatedNetwork/controller, Microsoft.DevCenter/networkConnection, Microsoft.DevOpsInfrastructure/pools, Microsoft.DocumentDB/cassandraClusters, Microsoft.Fidalgo/networkSettings, Microsoft.HardwareSecurityModules/dedicatedHSMs, Microsoft.Kusto/clusters, Microsoft.LabServices/labplans, Microsoft.Logic/integrationServiceEnvironments, Microsoft.MachineLearningServices/workspaces, Microsoft.Netapp/volumes, Microsoft.Network/dnsResolvers, Microsoft.Network/managedResolvers, Microsoft.Network/fpgaNetworkInterfaces, Microsoft.Network/networkWatchers., Microsoft.Network/virtualNetworkGateways, Microsoft.Orbital/orbitalGateways, Microsoft.PowerPlatform/enterprisePolicies, Microsoft.PowerPlatform/vnetaccesslinks, Microsoft.ServiceFabricMesh/networks, Microsoft.ServiceNetworking/trafficControllers, Microsoft.Singularity/accounts/networks, Microsoft.Singularity/accounts/npu, Microsoft.Sql/managedInstances, Microsoft.Sql/managedInstancesOnebox, Microsoft.Sql/managedInstancesStage, Microsoft.Sql/managedInstancesTest, Microsoft.Sql/servers, Microsoft.StoragePool/diskPools, Microsoft.StreamAnalytics/streamingJobs, Microsoft.Synapse/workspaces, Microsoft.Web/hostingEnvironments, Microsoft.Web/serverFarms, NGINX.NGINXPLUS/nginxDeployments, PaloAltoNetworks.Cloudngfw/firewalls, Qumulo.Storage/fileSystems, and Oracle.Database/networkAttachments.
actions string[]: A list of Actions which should be delegated. This list is specific to the service to delegate to. Possible values are Microsoft.Network/networkinterfaces/*, Microsoft.Network/publicIPAddresses/join/action, Microsoft.Network/publicIPAddresses/read, Microsoft.Network/virtualNetworks/read, Microsoft.Network/virtualNetworks/subnets/action, Microsoft.Network/virtualNetworks/subnets/join/action, Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action, and Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action.
NOTE: Azure may add default actions depending on the service delegation name and they can't be changed.

name str: The name of service to delegate to. Possible values are GitHub.Network/networkSettings, Informatica.DataManagement/organizations, Microsoft.ApiManagement/service, Microsoft.Apollo/npu, Microsoft.App/environments, Microsoft.App/testClients, Microsoft.AVS/PrivateClouds, Microsoft.AzureCosmosDB/clusters, Microsoft.BareMetal/AzureHostedService, Microsoft.BareMetal/AzureHPC, Microsoft.BareMetal/AzurePaymentHSM, Microsoft.BareMetal/AzureVMware, Microsoft.BareMetal/CrayServers, Microsoft.BareMetal/MonitoringServers, Microsoft.Batch/batchAccounts, Microsoft.CloudTest/hostedpools, Microsoft.CloudTest/images, Microsoft.CloudTest/pools, Microsoft.Codespaces/plans, Microsoft.ContainerInstance/containerGroups, Microsoft.ContainerService/managedClusters, Microsoft.ContainerService/TestClients, Microsoft.Databricks/workspaces, Microsoft.DBforMySQL/flexibleServers, Microsoft.DBforMySQL/servers, Microsoft.DBforMySQL/serversv2, Microsoft.DBforPostgreSQL/flexibleServers, Microsoft.DBforPostgreSQL/serversv2, Microsoft.DBforPostgreSQL/singleServers, Microsoft.DelegatedNetwork/controller, Microsoft.DevCenter/networkConnection, Microsoft.DevOpsInfrastructure/pools, Microsoft.DocumentDB/cassandraClusters, Microsoft.Fidalgo/networkSettings, Microsoft.HardwareSecurityModules/dedicatedHSMs, Microsoft.Kusto/clusters, Microsoft.LabServices/labplans, Microsoft.Logic/integrationServiceEnvironments, Microsoft.MachineLearningServices/workspaces, Microsoft.Netapp/volumes, Microsoft.Network/dnsResolvers, Microsoft.Network/managedResolvers, Microsoft.Network/fpgaNetworkInterfaces, Microsoft.Network/networkWatchers., Microsoft.Network/virtualNetworkGateways, Microsoft.Orbital/orbitalGateways, Microsoft.PowerPlatform/enterprisePolicies, Microsoft.PowerPlatform/vnetaccesslinks, Microsoft.ServiceFabricMesh/networks, Microsoft.ServiceNetworking/trafficControllers, Microsoft.Singularity/accounts/networks, Microsoft.Singularity/accounts/npu, Microsoft.Sql/managedInstances, Microsoft.Sql/managedInstancesOnebox, Microsoft.Sql/managedInstancesStage, Microsoft.Sql/managedInstancesTest, Microsoft.Sql/servers, Microsoft.StoragePool/diskPools, Microsoft.StreamAnalytics/streamingJobs, Microsoft.Synapse/workspaces, Microsoft.Web/hostingEnvironments, Microsoft.Web/serverFarms, NGINX.NGINXPLUS/nginxDeployments, PaloAltoNetworks.Cloudngfw/firewalls, Qumulo.Storage/fileSystems, and Oracle.Database/networkAttachments.
actions Sequence[str]: A list of Actions which should be delegated. This list is specific to the service to delegate to. Possible values are Microsoft.Network/networkinterfaces/*, Microsoft.Network/publicIPAddresses/join/action, Microsoft.Network/publicIPAddresses/read, Microsoft.Network/virtualNetworks/read, Microsoft.Network/virtualNetworks/subnets/action, Microsoft.Network/virtualNetworks/subnets/join/action, Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action, and Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action.
NOTE: Azure may add default actions depending on the service delegation name and they can't be changed.

name String: The name of service to delegate to. Possible values are GitHub.Network/networkSettings, Informatica.DataManagement/organizations, Microsoft.ApiManagement/service, Microsoft.Apollo/npu, Microsoft.App/environments, Microsoft.App/testClients, Microsoft.AVS/PrivateClouds, Microsoft.AzureCosmosDB/clusters, Microsoft.BareMetal/AzureHostedService, Microsoft.BareMetal/AzureHPC, Microsoft.BareMetal/AzurePaymentHSM, Microsoft.BareMetal/AzureVMware, Microsoft.BareMetal/CrayServers, Microsoft.BareMetal/MonitoringServers, Microsoft.Batch/batchAccounts, Microsoft.CloudTest/hostedpools, Microsoft.CloudTest/images, Microsoft.CloudTest/pools, Microsoft.Codespaces/plans, Microsoft.ContainerInstance/containerGroups, Microsoft.ContainerService/managedClusters, Microsoft.ContainerService/TestClients, Microsoft.Databricks/workspaces, Microsoft.DBforMySQL/flexibleServers, Microsoft.DBforMySQL/servers, Microsoft.DBforMySQL/serversv2, Microsoft.DBforPostgreSQL/flexibleServers, Microsoft.DBforPostgreSQL/serversv2, Microsoft.DBforPostgreSQL/singleServers, Microsoft.DelegatedNetwork/controller, Microsoft.DevCenter/networkConnection, Microsoft.DevOpsInfrastructure/pools, Microsoft.DocumentDB/cassandraClusters, Microsoft.Fidalgo/networkSettings, Microsoft.HardwareSecurityModules/dedicatedHSMs, Microsoft.Kusto/clusters, Microsoft.LabServices/labplans, Microsoft.Logic/integrationServiceEnvironments, Microsoft.MachineLearningServices/workspaces, Microsoft.Netapp/volumes, Microsoft.Network/dnsResolvers, Microsoft.Network/managedResolvers, Microsoft.Network/fpgaNetworkInterfaces, Microsoft.Network/networkWatchers., Microsoft.Network/virtualNetworkGateways, Microsoft.Orbital/orbitalGateways, Microsoft.PowerPlatform/enterprisePolicies, Microsoft.PowerPlatform/vnetaccesslinks, Microsoft.ServiceFabricMesh/networks, Microsoft.ServiceNetworking/trafficControllers, Microsoft.Singularity/accounts/networks, Microsoft.Singularity/accounts/npu, Microsoft.Sql/managedInstances, Microsoft.Sql/managedInstancesOnebox, Microsoft.Sql/managedInstancesStage, Microsoft.Sql/managedInstancesTest, Microsoft.Sql/servers, Microsoft.StoragePool/diskPools, Microsoft.StreamAnalytics/streamingJobs, Microsoft.Synapse/workspaces, Microsoft.Web/hostingEnvironments, Microsoft.Web/serverFarms, NGINX.NGINXPLUS/nginxDeployments, PaloAltoNetworks.Cloudngfw/firewalls, Qumulo.Storage/fileSystems, and Oracle.Database/networkAttachments.
actions List<String>: A list of Actions which should be delegated. This list is specific to the service to delegate to. Possible values are Microsoft.Network/networkinterfaces/*, Microsoft.Network/publicIPAddresses/join/action, Microsoft.Network/publicIPAddresses/read, Microsoft.Network/virtualNetworks/read, Microsoft.Network/virtualNetworks/subnets/action, Microsoft.Network/virtualNetworks/subnets/join/action, Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action, and Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action.
NOTE: Azure may add default actions depending on the service delegation name and they can't be changed.

Import

Virtual Networks can be imported using the resource id, e.g.

$ pulumi import azure:network/virtualNetwork:VirtualNetwork exampleNetwork /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/virtualNetworks/myvnet1

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-azure

azure.network.VirtualNetwork

On this page

On this page

Example Usage

Create VirtualNetwork Resource

Constructor syntax

Parameters

Constructor example

VirtualNetwork Resource Properties

Inputs

Outputs

Look up Existing VirtualNetwork Resource

Supporting Types

VirtualNetworkDdosProtectionPlan, VirtualNetworkDdosProtectionPlanArgs

VirtualNetworkEncryption, VirtualNetworkEncryptionArgs

VirtualNetworkSubnet, VirtualNetworkSubnetArgs

VirtualNetworkSubnetDelegation, VirtualNetworkSubnetDelegationArgs

VirtualNetworkSubnetDelegationServiceDelegation, VirtualNetworkSubnetDelegationServiceDelegationArgs

Import

Package Details

On this page

On this page