I am trying to create an arm template that creates an additional subnet on an existing Vnet and also creates the NSG at the same time and then attaches it to the subnet. I have got it to the point the NSGs are created but the minute I try to attach NSG to multiple subnets it fails to create the subnet and NSG. Error below
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"subnetname1": {
"type": "string",
"defaultValue":"front-end"
},
"subnetprefix1": {
"type": "string",
"defaultValue": "10.12.4.0/24"
},
"nsgsubnet1": {
"type": "string",
"defaultValue": "nsg-frontend"
},
"subnetname2": {
"type": "string",
"defaultValue": "back-end"
},
"subnetprefix2": {
"type": "string",
"defaultValue": "10.12.5.0/24"
},
"nsgsubnet2": {
"type": "string",
"defaultValue": "nsg-backend"
},
"subnetname3": {
"type": "string",
"defaultValue": "database"
},
"subnetprefix3": {
"type": "string",
"defaultValue": "10.12.6.0/24"
},
"nsgsubnet3": {
"type": "string",
"defaultValue": "nsg-database"
}
},
"variables": {
"vnetName":"vn-uks-Production"
},
"resources": [
{
"apiVersion": "2019-02-01",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[parameters('nsgsubnet1')]",
"location": "[resourceGroup().location]",
"properties": {
}
},
{
"apiVersion": "2019-02-01",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[parameters('nsgsubnet2')]",
"location": "[resourceGroup().location]",
"properties": {
}
},
{
"apiVersion": "2019-02-01",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[parameters('nsgsubnet3')]",
"location": "[resourceGroup().location]",
"properties": {
}
},
{
"name": "vn-uks-production",
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2019-11-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[parameters('nsgsubnet1')]"
],
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.12.0.0/19"
]
}
},
"resources": [
{
"apiVersion": "2018-10-01",
"type": "subnets",
"name": "[parameters('subnetname1')]",
"dependsOn": [
"[variables('vnetName')]"
],
"properties": {
"mode": "Incremental",
"addressPrefix": "[parameters('subnetprefix1')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgsubnet1'))]"
}
}
},
{
"apiVersion": "2018-10-01",
"type": "subnets",
"name": "[parameters('subnetname2')]",
"dependsOn": [
"[variables('vnetName')]"
],
"properties": {
"addressPrefix": "[parameters('subnetprefix2')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgsubnet2'))]"
}
}
}
]
}
]
}
The error I am getting is
{
"status": "Failed",
"error": {
"code": "InvalidRequestFormat",
"message": "Cannot parse the request.",
"details": [
{
"code": "InvalidJson",
"message": "Could not find member 'mode' on object of type 'SubnetProperties'. Path 'properties.mode', line 1, position 22."
}
]
}
}
You have a "mode": "Incremental" property on a resource 'subnetname1'. subnet does not take a mode parameter - see the reference: https://learn.microsoft.com/en-us/azure/templates/microsoft.network/virtualnetworks/subnets?tabs=json
However, when deploying virtual network, be aware of an well known problem - you need to specify subnets as a property of a vnet. Although you have option do deploy a subnet resource, when you run your template for the second time, virtualNetwork resource will try to remove all subnets (because property subnets is empty) - see more here: https://github.com/Azure/azure-quickstart-templates/issues/2786