Azure Virtual Network Manager is a feature that is currently in public preview. It enables you to view your entire network design in a single pane of glass. You can manage and create network topologies across al your subscriptions using this feature.
If you want to learn more about this feature go here
In this blog post I’ll focus on creating a new Virtual Network Manager and creating a spokes group with all my current spoke virtual networks.
- hub vnet
- prd spoke vnet
- dev spoke vnet
- avd spoke vnet
Azure Virtual Network Manager
The first step is to deploy the AZVNM itself. For this resource we are not using the azurerm provider but the azapi provider. Change the subscription id in the code to your id. You can choose the scope of the vnm. This can either a subscription or a management group. In this example I’m using a subscription.
resource "azapi_resource" "network-manager" {
type = "Microsoft.Network/networkManagers@2022-07-01"
name = "vnm-hub-jvn-01"
location = "westeurope"
parent_id = "/subscriptions/subdid/resourceGroups/rg-hub-jvn-networking-01"
tags = {
"Critical" = "Yes"
"Solution" = "networking"
"Costcenter" = "It"
"Environment" = "hub"
}
body = jsonencode({
properties = {
description = "vnm-jvn-01"
networkManagerScopeAccesses = [
"Connectivity",
"SecurityAdmin"
]
networkManagerScopes = {
managementGroups = [
]
subscriptions = [
data.azurerm_subscription.current.id
]
}
}
})
}
Adding a spoke group
Now that we have our Virtual Network Manager it’s time to create a spoke group. You can have multiple spoke groups.
resource "azapi_resource" "spoke_group" {
type = "Microsoft.Network/networkManagers/networkGroups@2022-04-01-preview"
name = "spokes-vnm-jvn-01"
parent_id = azapi_resource.network-manager.id
body = jsonencode({
properties = {
memberType = "VirtualNetwork"
}
})
}
Adding members to the spoke group
To be able to manage our spoke virtual networks we need to add them to the spoke group. You can do this with the help of an Azure Policy. In this example I’ll show you the Terraform code to add a spoke Virtual Network.
I’m using a data resource as the resourceId. You can also choose to have the Virtual Network Manager create a new vnet.
data "azurerm_virtual_network" "avd-spoke" {
name = "vnet-prd-jvn-avd-we-01"
resource_group_name = "rg-prd-jvn-avd-networking-01"
}resource "azapi_resource" "spoke_group_members-avd" {
name = "vnet-prd-jvn-avd-we-01"
type = "Microsoft.Network/networkManagers/networkGroups/staticMembers@2022-04-01-preview"
parent_id = azapi_resource.spoke_group.id
body = jsonencode({
properties = {
resourceId = data.azurerm_virtual_network.avd-spoke.id
}
})
}
From this point you can choose to create a Hub-Spoke network by connecting the spokes with the hub using virtual network peering. You can also start configuring the security of your network.
All the code for this can be found on my Github.
This conclused this blogpost to create a Virtual Network Manager, Spoke Group and adding the Spoke networks. If you have any questions about this, feel free to contact me.