Hey Folks, Let's start diving into the Azure PowerShell Module for creating Virtual Network Manager Resource. Initially, we will be creating the Azure Virtual Network Manager Instance. The goal of commands below is to have Resource Group and Virtual Network Manager in a region.
๐ง Resource Group for Virtual Network Managerโ
$subscriptionId = "c4932577-xxxx-46e9-xxxx-32b8769be3d5"
$location = "UK South"
$rgDef = @{
Name = 'TailspinToys-AVNM'
Location = $location
}
Select-Azsubscription $subscriptionId
New-AzResourceGroup @rgDef
After you execute the PowerShell Cmdlets above, you will have a single Resource Group in your subscription. Now let's try to run the below one that will create Azure Virtual Network Manager for us.
The scope has to be defined on Azure Virtual Network Manager. Scope defines the scope of the AVNM. It can be a subscription, management group, or combination. It will be a boundary for AVNM that forces it to manage Virtual Networks.
๐ฆ Define Scope for Azure Virtual Network Managerโ
### Make sure that you have import the Az.Network Module. I would assume that you have latest version of Azure PowerShell Module
# Import the Az.Network module
Import-Module -Name Az.Network
# List of subscriptions to add to the scope
$subLists = @(
"/subscriptions/c0439acc-4f93-4d78-b465-71d5ed7d9467"
)
<# You can also add management groups to the scope. I will skip this for now
$mgmtGroups = @(
"/providers/Microsoft.Management/managementGroups/2596de33-c183-49cc-966f-069cfce79321"
)
#>
# define the access types for the scope
$accessTypes = @(
"Connectivity",
"SecurityAdmin"
)
# create the scope for the AVNM
$scope = New-AzNetworkManagerScope -Subscription $subLists
๐ Provision Azure Virtual Network Manager using scopeโ
Now we can create the Azure Virtual Network Manager (AVNM). New-AzNetworkManager is the cmdlet to create the AVNM. We will need to pass the following parameters to the cmdlet.
# Provide the scope and access types to the New-AzNetworkManagerScope cmdlet
$resourceDef = @{
Name = 'avnm' # Name of the network manager
ResourceGroupName = $rgDef.Name # Resource group name
NetworkManagerScope = $scope # Scope of the network manager
NetworkManagerScopeAccess = $accessTypes # Access types for the scope
Location = $location # Location of the network manager
}
$networkmanager = New-AzNetworkManager @avnm # Create the network manager
We can now see the network manager in the portal. It is brand new and empty.
The resource type is Microsoft.Network/networkManagers and the API version is 2022-07-01. I will go ahead and look into the Virtual Network Manager.
Just for the benefit of the doubt, Here is the BiCep template for Azure Virtual Network Manager. You can try to deploy the AVNM using BiCep.
๐ป Deploy Azure Virtual Network Manager using (BiCep)โ
resource networkManager 'Microsoft.Network/networkManagers@2022-07-01' = {
name: name # name of the network manager
location: location # location of the network manager
tags: tags # tags for the network manager
properties: { # properties of the network manager
description: description # description of the network manager
networkManagerScopeAccesses: networkManagerScopeAccesses # access types for the scope of the network manager. Can be Connectivity, SecurityAdmin, SecurityReader, VirtualNetworkAdmin, VirtualNetworkReader
networkManagerScopes: networkManagerScopes # Scope of the network manager
}
}
resource networkManager 'Microsoft.Network/networkManagers@2022-07-01' = {
name: 'avnm' # name of the network manager
location: 'uksouth' # location of the network manager
properties: { # properties of the network manager
description: 'avnm-demo' # description of the network manager
networkManagerScopeAccesses: [
'Connectivity'
'SecurityAdmin'
]
# access types for the scope of the network manager. Can be Connectivity, SecurityAdmin, SecurityReader, VirtualNetworkAdmin, VirtualNetworkReader
networkManagerScopes: {
managementGroups: []
subscriptions: [
"subscriptionId"
]
}
}
}
Stay tuned for the next post. In the next post, we will deploy a network group and a virtual network in the Azure Virtual Network Manager.