[SOLVED] Adding ARM template for virualNetworkRules for key vault

Adding ARM template for virualNetworkRules for key vault

I have my arm template as below for my keyvault but it doesnt do anything after deployment. Can anyone please shed a light? Thanks!

"networkAcls": {
    "bypass": "AzureServices",
    "defaultAction": "Deny",
    "ipRules": [],
    "virtualnetworkRules": [
        {
            "id": "%RESOURCE_GROUP_NAME%/providers/Microsoft.Network/virtualNetworks/%RESOURCE_GROUP_NAME%-vnet/subnets/default",
            "ignoreMissingVNetServiceEndpoint": false
        }
    ]
}

Solution

If you are using ARM template, it should be :

"networkAcls": {
    "bypass": "AzureServices",
    "defaultAction": "Deny",
    "ipRules": [],
    "virtualnetworkRules": [
        {
            "id": "/subscriptions/<azure sub id>/resourceGroups/<resource group name>/providers/Microsoft.Network/virtualNetworks/<vnet name>/subnets/<subnet name>",
            "ignoreMissingVNetServiceEndpoint": false
        }
    ]
}

If you are using AZ PowerShell, try Update-AzKeyVaultNetworkRuleSet as below:

  $vnetName = ''
  $vnetRG = ''
  $keyvaultName = ''

  $myNetworkResId = (Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $vnetRG).Subnets[0].Id 
  Update-AzKeyVaultNetworkRuleSet -VaultName $keyvaultName -Bypass AzureServices -DefaultAction Deny -VirtualNetworkResourceId $myNetworkResId

I have tested both of them, result: