2
votes

I would like to add virtualNetworkRules in ARM Template. But unfortunately it is not able to get the parameter and activate the Firewall and Virtual Networks settings.

I create an ARM template using the Script below: https://docs.microsoft.com/en-us/azure/templates/microsoft.keyvault/2018-02-14/vaults#IPRule

    {
      "type": "Microsoft.KeyVault/vaults",
      "name": "[parameters('keyVaultName')]",
      "apiVersion": "2018-02-14",
      "location": "[parameters('location')]",
      "properties": {
        "firewallState": "Enabled",
        "enabledForDeployment": "[parameters('enabledForDeployment')]",
        "enabledForDiskEncryption": "[parameters('enabledForDiskEncryption')]",
        "enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
        "tenantId": "[parameters('tenantId')]",
        "accessPolicies": [
          {
            "objectId": "[parameters('objectId')]",
            "tenantId": "[parameters('tenantId')]",
            "permissions": {
              "keys": "[parameters('keysPermissions')]",
              "secrets": "[parameters('secretsPermissions')]"
            }
          }
        ],
        "sku": {
          "name": "[parameters('skuName')]",
          "family": "A"
        },
        "networkAcls": {
          "bypass": "AzureServices",
          "ipRules": [
            {
              "value": "xxxx"
            }
          ],
          "virtualNetworkRules": [
            {
                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnet1Name'))]"
            }
          ]
        }
      }
    }
  ]

The networkAcls part in ARM Script is not working at all. It does not activate the Firewall and Virtual Networks settings.

1
try adding "defaultAction": "Deny" to the networkAcls?4c74356b41
@4c74356b41 shit i didnt even try that option. thanks. Its working!PUser

1 Answers

4
votes

the problem was due to missing one of the properties, after adding that it worked:

        "networkAcls": {
          "bypass": "AzureServices",
          "defaultAction": "Deny"
          "ipRules": [
            {
              "value": "xxxx"
            }
          ],
          "virtualNetworkRules": [
            {
                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnet1Name'))]"
            }
          ]
        }