The azure-native:network:VirtualNetwork resource, part of the Pulumi Azure Native provider, defines an Azure virtual network: its address space, subnets, and network-level features like encryption and service endpoints. This guide focuses on four capabilities: address space and subnet configuration, service endpoints for Azure PaaS connectivity, subnet delegation for managed services, and network encryption.
Virtual networks require a resource group and may reference DDoS protection plans, service endpoint policies, or IPAM pools. The examples are intentionally small. Combine them with your own network security groups, route tables, and peering configurations.
Create a virtual network with address space
Most deployments start by defining a virtual network with an address space that establishes the IP range available for subnets and resources.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualNetwork = new azure_native.network.VirtualNetwork("virtualNetwork", {
addressSpace: {
addressPrefixes: ["10.0.0.0/16"],
},
flowTimeoutInMinutes: 10,
location: "eastus",
resourceGroupName: "rg1",
virtualNetworkName: "test-vnet",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_network = azure_native.network.VirtualNetwork("virtualNetwork",
address_space={
"address_prefixes": ["10.0.0.0/16"],
},
flow_timeout_in_minutes=10,
location="eastus",
resource_group_name="rg1",
virtual_network_name="test-vnet")
package main
import (
network "github.com/pulumi/pulumi-azure-native-sdk/network/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewVirtualNetwork(ctx, "virtualNetwork", &network.VirtualNetworkArgs{
AddressSpace: &network.AddressSpaceArgs{
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
},
},
FlowTimeoutInMinutes: pulumi.Int(10),
Location: pulumi.String("eastus"),
ResourceGroupName: pulumi.String("rg1"),
VirtualNetworkName: pulumi.String("test-vnet"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualNetwork = new AzureNative.Network.VirtualNetwork("virtualNetwork", new()
{
AddressSpace = new AzureNative.Network.Inputs.AddressSpaceArgs
{
AddressPrefixes = new[]
{
"10.0.0.0/16",
},
},
FlowTimeoutInMinutes = 10,
Location = "eastus",
ResourceGroupName = "rg1",
VirtualNetworkName = "test-vnet",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.VirtualNetwork;
import com.pulumi.azurenative.network.VirtualNetworkArgs;
import com.pulumi.azurenative.network.inputs.AddressSpaceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualNetwork = new VirtualNetwork("virtualNetwork", VirtualNetworkArgs.builder()
.addressSpace(AddressSpaceArgs.builder()
.addressPrefixes("10.0.0.0/16")
.build())
.flowTimeoutInMinutes(10)
.location("eastus")
.resourceGroupName("rg1")
.virtualNetworkName("test-vnet")
.build());
}
}
resources:
virtualNetwork:
type: azure-native:network:VirtualNetwork
properties:
addressSpace:
addressPrefixes:
- 10.0.0.0/16
flowTimeoutInMinutes: 10
location: eastus
resourceGroupName: rg1
virtualNetworkName: test-vnet
The addressSpace property defines the CIDR blocks available to the virtual network. The addressPrefixes array can contain multiple ranges. The location property determines the Azure region, and resourceGroupName specifies where the network resource is created. Without subnets defined, the network exists but has no usable address space partitions.
Add subnets inline during network creation
Applications typically segment their network into subnets for different tiers or security zones.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualNetwork = new azure_native.network.VirtualNetwork("virtualNetwork", {
addressSpace: {
addressPrefixes: ["10.0.0.0/16"],
},
location: "eastus",
resourceGroupName: "rg1",
subnets: [{
addressPrefix: "10.0.0.0/24",
name: "test-1",
}],
virtualNetworkName: "test-vnet",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_network = azure_native.network.VirtualNetwork("virtualNetwork",
address_space={
"address_prefixes": ["10.0.0.0/16"],
},
location="eastus",
resource_group_name="rg1",
subnets=[{
"address_prefix": "10.0.0.0/24",
"name": "test-1",
}],
virtual_network_name="test-vnet")
package main
import (
network "github.com/pulumi/pulumi-azure-native-sdk/network/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewVirtualNetwork(ctx, "virtualNetwork", &network.VirtualNetworkArgs{
AddressSpace: &network.AddressSpaceArgs{
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
},
},
Location: pulumi.String("eastus"),
ResourceGroupName: pulumi.String("rg1"),
Subnets: network.SubnetTypeArray{
&network.SubnetTypeArgs{
AddressPrefix: pulumi.String("10.0.0.0/24"),
Name: pulumi.String("test-1"),
},
},
VirtualNetworkName: pulumi.String("test-vnet"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualNetwork = new AzureNative.Network.VirtualNetwork("virtualNetwork", new()
{
AddressSpace = new AzureNative.Network.Inputs.AddressSpaceArgs
{
AddressPrefixes = new[]
{
"10.0.0.0/16",
},
},
Location = "eastus",
ResourceGroupName = "rg1",
Subnets = new[]
{
new AzureNative.Network.Inputs.SubnetArgs
{
AddressPrefix = "10.0.0.0/24",
Name = "test-1",
},
},
VirtualNetworkName = "test-vnet",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.VirtualNetwork;
import com.pulumi.azurenative.network.VirtualNetworkArgs;
import com.pulumi.azurenative.network.inputs.AddressSpaceArgs;
import com.pulumi.azurenative.network.inputs.SubnetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualNetwork = new VirtualNetwork("virtualNetwork", VirtualNetworkArgs.builder()
.addressSpace(AddressSpaceArgs.builder()
.addressPrefixes("10.0.0.0/16")
.build())
.location("eastus")
.resourceGroupName("rg1")
.subnets(SubnetArgs.builder()
.addressPrefix("10.0.0.0/24")
.name("test-1")
.build())
.virtualNetworkName("test-vnet")
.build());
}
}
resources:
virtualNetwork:
type: azure-native:network:VirtualNetwork
properties:
addressSpace:
addressPrefixes:
- 10.0.0.0/16
location: eastus
resourceGroupName: rg1
subnets:
- addressPrefix: 10.0.0.0/24
name: test-1
virtualNetworkName: test-vnet
The subnets array partitions the address space into logical segments. Each subnet requires a name and addressPrefix that falls within the virtual network’s address space. Subnets can also be managed as standalone resources; mixing inline and standalone subnet definitions will cause conflicts.
Enable service endpoints for Azure services
When resources need private connectivity to Azure services like Storage or SQL Database, service endpoints route traffic over the Azure backbone without public internet exposure.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualNetwork = new azure_native.network.VirtualNetwork("virtualNetwork", {
addressSpace: {
addressPrefixes: ["10.0.0.0/16"],
},
location: "eastus",
resourceGroupName: "vnetTest",
subnets: [{
addressPrefix: "10.0.0.0/16",
name: "test-1",
serviceEndpoints: [{
service: "Microsoft.Storage",
}],
}],
virtualNetworkName: "vnet1",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_network = azure_native.network.VirtualNetwork("virtualNetwork",
address_space={
"address_prefixes": ["10.0.0.0/16"],
},
location="eastus",
resource_group_name="vnetTest",
subnets=[{
"address_prefix": "10.0.0.0/16",
"name": "test-1",
"service_endpoints": [{
"service": "Microsoft.Storage",
}],
}],
virtual_network_name="vnet1")
package main
import (
network "github.com/pulumi/pulumi-azure-native-sdk/network/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewVirtualNetwork(ctx, "virtualNetwork", &network.VirtualNetworkArgs{
AddressSpace: &network.AddressSpaceArgs{
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
},
},
Location: pulumi.String("eastus"),
ResourceGroupName: pulumi.String("vnetTest"),
Subnets: network.SubnetTypeArray{
&network.SubnetTypeArgs{
AddressPrefix: pulumi.String("10.0.0.0/16"),
Name: pulumi.String("test-1"),
ServiceEndpoints: network.ServiceEndpointPropertiesFormatArray{
&network.ServiceEndpointPropertiesFormatArgs{
Service: pulumi.String("Microsoft.Storage"),
},
},
},
},
VirtualNetworkName: pulumi.String("vnet1"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualNetwork = new AzureNative.Network.VirtualNetwork("virtualNetwork", new()
{
AddressSpace = new AzureNative.Network.Inputs.AddressSpaceArgs
{
AddressPrefixes = new[]
{
"10.0.0.0/16",
},
},
Location = "eastus",
ResourceGroupName = "vnetTest",
Subnets = new[]
{
new AzureNative.Network.Inputs.SubnetArgs
{
AddressPrefix = "10.0.0.0/16",
Name = "test-1",
ServiceEndpoints = new[]
{
new AzureNative.Network.Inputs.ServiceEndpointPropertiesFormatArgs
{
Service = "Microsoft.Storage",
},
},
},
},
VirtualNetworkName = "vnet1",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.VirtualNetwork;
import com.pulumi.azurenative.network.VirtualNetworkArgs;
import com.pulumi.azurenative.network.inputs.AddressSpaceArgs;
import com.pulumi.azurenative.network.inputs.SubnetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualNetwork = new VirtualNetwork("virtualNetwork", VirtualNetworkArgs.builder()
.addressSpace(AddressSpaceArgs.builder()
.addressPrefixes("10.0.0.0/16")
.build())
.location("eastus")
.resourceGroupName("vnetTest")
.subnets(SubnetArgs.builder()
.addressPrefix("10.0.0.0/16")
.name("test-1")
.serviceEndpoints(ServiceEndpointPropertiesFormatArgs.builder()
.service("Microsoft.Storage")
.build())
.build())
.virtualNetworkName("vnet1")
.build());
}
}
resources:
virtualNetwork:
type: azure-native:network:VirtualNetwork
properties:
addressSpace:
addressPrefixes:
- 10.0.0.0/16
location: eastus
resourceGroupName: vnetTest
subnets:
- addressPrefix: 10.0.0.0/16
name: test-1
serviceEndpoints:
- service: Microsoft.Storage
virtualNetworkName: vnet1
Service endpoints enable Azure PaaS services to accept traffic from specific subnets. The serviceEndpoints array specifies which services (like Microsoft.Storage) can be reached privately. Traffic to these services bypasses the public internet, improving security and potentially reducing latency.
Delegate subnets to Azure services
Some Azure services require dedicated subnets with delegated control to manage their own network interfaces and routing.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualNetwork = new azure_native.network.VirtualNetwork("virtualNetwork", {
addressSpace: {
addressPrefixes: ["10.0.0.0/16"],
},
location: "westcentralus",
resourceGroupName: "rg1",
subnets: [{
addressPrefix: "10.0.0.0/24",
delegations: [{
name: "myDelegation",
serviceName: "Microsoft.Sql/managedInstances",
}],
name: "test-1",
}],
virtualNetworkName: "test-vnet",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_network = azure_native.network.VirtualNetwork("virtualNetwork",
address_space={
"address_prefixes": ["10.0.0.0/16"],
},
location="westcentralus",
resource_group_name="rg1",
subnets=[{
"address_prefix": "10.0.0.0/24",
"delegations": [{
"name": "myDelegation",
"service_name": "Microsoft.Sql/managedInstances",
}],
"name": "test-1",
}],
virtual_network_name="test-vnet")
package main
import (
network "github.com/pulumi/pulumi-azure-native-sdk/network/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewVirtualNetwork(ctx, "virtualNetwork", &network.VirtualNetworkArgs{
AddressSpace: &network.AddressSpaceArgs{
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
},
},
Location: pulumi.String("westcentralus"),
ResourceGroupName: pulumi.String("rg1"),
Subnets: network.SubnetTypeArray{
&network.SubnetTypeArgs{
AddressPrefix: pulumi.String("10.0.0.0/24"),
Delegations: network.DelegationArray{
&network.DelegationArgs{
Name: pulumi.String("myDelegation"),
ServiceName: pulumi.String("Microsoft.Sql/managedInstances"),
},
},
Name: pulumi.String("test-1"),
},
},
VirtualNetworkName: pulumi.String("test-vnet"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualNetwork = new AzureNative.Network.VirtualNetwork("virtualNetwork", new()
{
AddressSpace = new AzureNative.Network.Inputs.AddressSpaceArgs
{
AddressPrefixes = new[]
{
"10.0.0.0/16",
},
},
Location = "westcentralus",
ResourceGroupName = "rg1",
Subnets = new[]
{
new AzureNative.Network.Inputs.SubnetArgs
{
AddressPrefix = "10.0.0.0/24",
Delegations = new[]
{
new AzureNative.Network.Inputs.DelegationArgs
{
Name = "myDelegation",
ServiceName = "Microsoft.Sql/managedInstances",
},
},
Name = "test-1",
},
},
VirtualNetworkName = "test-vnet",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.VirtualNetwork;
import com.pulumi.azurenative.network.VirtualNetworkArgs;
import com.pulumi.azurenative.network.inputs.AddressSpaceArgs;
import com.pulumi.azurenative.network.inputs.SubnetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualNetwork = new VirtualNetwork("virtualNetwork", VirtualNetworkArgs.builder()
.addressSpace(AddressSpaceArgs.builder()
.addressPrefixes("10.0.0.0/16")
.build())
.location("westcentralus")
.resourceGroupName("rg1")
.subnets(SubnetArgs.builder()
.addressPrefix("10.0.0.0/24")
.delegations(DelegationArgs.builder()
.name("myDelegation")
.serviceName("Microsoft.Sql/managedInstances")
.build())
.name("test-1")
.build())
.virtualNetworkName("test-vnet")
.build());
}
}
resources:
virtualNetwork:
type: azure-native:network:VirtualNetwork
properties:
addressSpace:
addressPrefixes:
- 10.0.0.0/16
location: westcentralus
resourceGroupName: rg1
subnets:
- addressPrefix: 10.0.0.0/24
delegations:
- name: myDelegation
serviceName: Microsoft.Sql/managedInstances
name: test-1
virtualNetworkName: test-vnet
Subnet delegation grants an Azure service permission to create service-specific resources in the subnet. The delegations array specifies the serviceName (like Microsoft.Sql/managedInstances) that will control the subnet. Delegated services often have specific subnet size requirements and may restrict what else can be deployed in the subnet.
Enable network traffic encryption
Compliance requirements or security policies may mandate encryption of traffic between VMs within the virtual network.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualNetwork = new azure_native.network.VirtualNetwork("virtualNetwork", {
addressSpace: {
addressPrefixes: ["10.0.0.0/16"],
},
encryption: {
enabled: true,
enforcement: azure_native.network.VirtualNetworkEncryptionEnforcement.AllowUnencrypted,
},
location: "eastus",
resourceGroupName: "rg1",
subnets: [{
addressPrefix: "10.0.0.0/24",
name: "test-1",
}],
virtualNetworkName: "test-vnet",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_network = azure_native.network.VirtualNetwork("virtualNetwork",
address_space={
"address_prefixes": ["10.0.0.0/16"],
},
encryption={
"enabled": True,
"enforcement": azure_native.network.VirtualNetworkEncryptionEnforcement.ALLOW_UNENCRYPTED,
},
location="eastus",
resource_group_name="rg1",
subnets=[{
"address_prefix": "10.0.0.0/24",
"name": "test-1",
}],
virtual_network_name="test-vnet")
package main
import (
network "github.com/pulumi/pulumi-azure-native-sdk/network/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewVirtualNetwork(ctx, "virtualNetwork", &network.VirtualNetworkArgs{
AddressSpace: &network.AddressSpaceArgs{
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
},
},
Encryption: &network.VirtualNetworkEncryptionArgs{
Enabled: pulumi.Bool(true),
Enforcement: pulumi.String(network.VirtualNetworkEncryptionEnforcementAllowUnencrypted),
},
Location: pulumi.String("eastus"),
ResourceGroupName: pulumi.String("rg1"),
Subnets: network.SubnetTypeArray{
&network.SubnetTypeArgs{
AddressPrefix: pulumi.String("10.0.0.0/24"),
Name: pulumi.String("test-1"),
},
},
VirtualNetworkName: pulumi.String("test-vnet"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualNetwork = new AzureNative.Network.VirtualNetwork("virtualNetwork", new()
{
AddressSpace = new AzureNative.Network.Inputs.AddressSpaceArgs
{
AddressPrefixes = new[]
{
"10.0.0.0/16",
},
},
Encryption = new AzureNative.Network.Inputs.VirtualNetworkEncryptionArgs
{
Enabled = true,
Enforcement = AzureNative.Network.VirtualNetworkEncryptionEnforcement.AllowUnencrypted,
},
Location = "eastus",
ResourceGroupName = "rg1",
Subnets = new[]
{
new AzureNative.Network.Inputs.SubnetArgs
{
AddressPrefix = "10.0.0.0/24",
Name = "test-1",
},
},
VirtualNetworkName = "test-vnet",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.VirtualNetwork;
import com.pulumi.azurenative.network.VirtualNetworkArgs;
import com.pulumi.azurenative.network.inputs.AddressSpaceArgs;
import com.pulumi.azurenative.network.inputs.VirtualNetworkEncryptionArgs;
import com.pulumi.azurenative.network.inputs.SubnetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualNetwork = new VirtualNetwork("virtualNetwork", VirtualNetworkArgs.builder()
.addressSpace(AddressSpaceArgs.builder()
.addressPrefixes("10.0.0.0/16")
.build())
.encryption(VirtualNetworkEncryptionArgs.builder()
.enabled(true)
.enforcement("AllowUnencrypted")
.build())
.location("eastus")
.resourceGroupName("rg1")
.subnets(SubnetArgs.builder()
.addressPrefix("10.0.0.0/24")
.name("test-1")
.build())
.virtualNetworkName("test-vnet")
.build());
}
}
resources:
virtualNetwork:
type: azure-native:network:VirtualNetwork
properties:
addressSpace:
addressPrefixes:
- 10.0.0.0/16
encryption:
enabled: true
enforcement: AllowUnencrypted
location: eastus
resourceGroupName: rg1
subnets:
- addressPrefix: 10.0.0.0/24
name: test-1
virtualNetworkName: test-vnet
The encryption property enables encryption of VM-to-VM traffic within the virtual network. Setting enabled to true activates the feature, while enforcement controls whether unencrypted VMs are allowed. The AllowUnencrypted enforcement mode permits mixed encrypted and unencrypted traffic during migration periods.
Beyond these examples
These snippets focus on specific virtual network features: address space and subnet configuration, service endpoints and subnet delegation, and network encryption and BGP communities. They’re intentionally minimal rather than full network architectures.
The examples may reference pre-existing infrastructure such as resource groups, DDoS protection plans, service endpoint policies, and IPAM pools. They focus on configuring the virtual network rather than provisioning everything around it.
To keep things focused, common virtual network patterns are omitted, including:
- Network security groups and route tables
- VNet peering and gateway connections
- DNS configuration (dhcpOptions)
- DDoS protection plan association
- Private endpoints and private link services
These omissions are intentional: the goal is to illustrate how each virtual network feature is wired, not provide drop-in network modules. See the VirtualNetwork resource reference for all available configuration options.
Let's create Azure Virtual Networks
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Resource Management & Conflicts
Should I manage subnets and peerings inline or as standalone resources?
Choose one approach, not both. Mixing inline and standalone resources for
subnets or virtualNetworkPeerings will conflict and lead to resource deletion.What properties can't I change after creating a virtual network?
The
location, resourceGroupName, and virtualNetworkName properties are immutable and cannot be modified after creation.Network Configuration
How do I configure the address space for my virtual network?
Set the
addressSpace property with an addressPrefixes array containing IP address ranges (e.g., ["10.0.0.0/16"]). This property is required.Can I assign multiple address ranges to a single subnet?
Yes, use
addressPrefixes (array) instead of addressPrefix (single string) to specify multiple ranges like ["10.0.0.0/28", "10.0.1.0/28"].What's the flow timeout configuration for?
The
flowTimeoutInMinutes property sets the flow timeout value in minutes for the virtual network.Security & Protection
How do I enable DDoS protection for my virtual network?
Set
enableDdosProtection to true and associate a DDoS protection plan using the ddosProtectionPlan property. DDoS protection is disabled by default.How do I enable encryption on my virtual network?
Configure the
encryption property with enabled: true and set enforcement to either AllowUnencrypted or a stricter policy.How do I configure service endpoints for Azure services?
Add a
serviceEndpoints array to your subnet configuration with the service name (e.g., Microsoft.Storage). You can also attach service endpoint policies.Advanced Features
How do I delegate a subnet to a specific Azure service?
Add a
delegations array to the subnet with name and serviceName properties (e.g., serviceName: "Microsoft.Sql/managedInstances").How do I configure BGP communities for ExpressRoute?
Set the
bgpCommunities property with a virtualNetworkCommunity value (e.g., "12076:20000") to send BGP communities over ExpressRoute.Can I use IPAM pools for automatic address allocation?
Yes, configure
ipamPoolPrefixAllocations in addressSpace with the pool ID and numberOfIpAddresses to allocate addresses from an IPAM pool.