问题
I am creating new NSG with ARM template and updating the subnets at the same ARM template. I would like to be able to get subnets addressprefix with "reference" but when doing so I always get the circular dependency detected. Is there any way around it? My subnet arm template section looks like this:
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[reference(resourceId(variables('ResourceGroupName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName')), '2018-03-01').addressPrefix]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('NSGName'))]"
}
}
},
回答1:
Here is a link on how to apply a NSG to an existing subnet:
Apply a NSG to an existing subnet
This template uses a link template to workaround the circular reference but you can also use a nested template to do the same in the same ARM template (see Using linked and nested templates when deploying Azure resources)
Here is an ARM template that do the same using a nested template:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.1",
"parameters": {
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "The name of the existing VNet"
}
},
"subnetName": {
"type": "string",
"defaultValue": "default",
"metadata": {
"description": "The name of the existing subnet."
}
},
"nsgName": {
"type": "string",
"metadata": {
"description": "The name of the new nsg."
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[parameters('nsgName')]",
"location": "[resourceGroup().location]",
"apiVersion": "2018-03-01",
"properties": {
}
},
{
"apiVersion": "2017-08-01",
"name": "apply-nsg-to-subnet",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[resourceGroup().name]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2018-03-01",
"type": "Microsoft.Network/virtualNetworks/subnets",
"name": "[concat(parameters('virtualNetworkName'), '/', parameters('subnetName'))]",
"location": "[resourceGroup().location]",
"properties": {
"addressPrefix": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName')), '2018-03-01').addressPrefix]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]"
}
}
}
]
}
}
}
],
"outputs": {}
}
来源:https://stackoverflow.com/questions/53059210/how-to-apply-a-nsg-to-an-existing-subnet-using-arm-template