如何在 Bicep 模板中创建 Azure 网络安全组/NSG 流日志?
How can I create an Azure Network Security Group / NSG flow log within a Bicep template?
我想为我使用 Bicep 创建的网络安全组和存储帐户创建 NSG 流日志。
我正在部署类似
的 NSG
resource nsg 'Microsoft.Network/networkSecurityGroups@2020-06-01' = {
name: networkSecurityGroupName
location: location
properties: {
securityRules: [
...
和像
这样的存储帐户
resource stg 'Microsoft.Storage/storageAccounts@2021-01-01' = {
name: storageName
location: location
kind: 'StorageV2'
sku: {
name: 'Standard_LRS'
}
}
但是当使用
添加和部署 NSG 流程时
resource nsgFlowLogs 'Microsoft.Network/networkWatchers/flowLogs@2020-08-01' = {
name: 'NetworkWatcher_${location}/${nsgFlowName}'
location: location
properties: {
targetResourceId: nsg.Id
storageId: stg.Id
enabled: true
retentionPolicy: {
days: 2
enabled: true
}
format: {
type: 'JSON'
version: 2
}
}
}
我收到一个错误
| 19:02:20 - Error: Code=ResourceCountExceedsLimitDueToTemplate; Message=Subscription
| 853049fd-4889-45b6-aad9-f3f54421399c has a quota of 1 for resources of type NetworkWatcher with sku SkuNotSpecified.
| Subscription currently has 1 resources and the template contains 1 new resources of the this type which exceeds the
| quota. Please contact support to increase the quota for resource type NetworkWatcher
我发现 Network Watcher 资源和相应的流日志需要在预定义的资源组中创建 NetworkWatcherRG。
因此我提取了一个模块nsgflowlog.bicep
param name string
param location string = resourceGroup().location
param nsgId string
param storageId string
resource nsgFlowLogs 'Microsoft.Network/networkWatchers/flowLogs@2020-08-01' = {
name: 'NetworkWatcher_${location}/${name}'
location: location
properties: {
targetResourceId: nsgId
storageId: storageId
enabled: true
retentionPolicy: {
days: 2
enabled: true
}
format: {
type: 'JSON'
version: 2
}
}
}
这样我就可以在部署期间切换资源组:
module nsgFlow './nsgflowlog.bicep' = {
name: '${resourcePrefix}-nsgFlow'
scope: resourceGroup('NetworkWatcherRG')
params: {
name: nsgFlowName
nsgId: nsg.id
storageId: stg.id
}
}
我想为我使用 Bicep 创建的网络安全组和存储帐户创建 NSG 流日志。
我正在部署类似
的 NSGresource nsg 'Microsoft.Network/networkSecurityGroups@2020-06-01' = {
name: networkSecurityGroupName
location: location
properties: {
securityRules: [
...
和像
这样的存储帐户resource stg 'Microsoft.Storage/storageAccounts@2021-01-01' = {
name: storageName
location: location
kind: 'StorageV2'
sku: {
name: 'Standard_LRS'
}
}
但是当使用
添加和部署 NSG 流程时resource nsgFlowLogs 'Microsoft.Network/networkWatchers/flowLogs@2020-08-01' = {
name: 'NetworkWatcher_${location}/${nsgFlowName}'
location: location
properties: {
targetResourceId: nsg.Id
storageId: stg.Id
enabled: true
retentionPolicy: {
days: 2
enabled: true
}
format: {
type: 'JSON'
version: 2
}
}
}
我收到一个错误
| 19:02:20 - Error: Code=ResourceCountExceedsLimitDueToTemplate; Message=Subscription
| 853049fd-4889-45b6-aad9-f3f54421399c has a quota of 1 for resources of type NetworkWatcher with sku SkuNotSpecified.
| Subscription currently has 1 resources and the template contains 1 new resources of the this type which exceeds the
| quota. Please contact support to increase the quota for resource type NetworkWatcher
我发现 Network Watcher 资源和相应的流日志需要在预定义的资源组中创建 NetworkWatcherRG。
因此我提取了一个模块nsgflowlog.bicep
param name string
param location string = resourceGroup().location
param nsgId string
param storageId string
resource nsgFlowLogs 'Microsoft.Network/networkWatchers/flowLogs@2020-08-01' = {
name: 'NetworkWatcher_${location}/${name}'
location: location
properties: {
targetResourceId: nsgId
storageId: storageId
enabled: true
retentionPolicy: {
days: 2
enabled: true
}
format: {
type: 'JSON'
version: 2
}
}
}
这样我就可以在部署期间切换资源组:
module nsgFlow './nsgflowlog.bicep' = {
name: '${resourcePrefix}-nsgFlow'
scope: resourceGroup('NetworkWatcherRG')
params: {
name: nsgFlowName
nsgId: nsg.id
storageId: stg.id
}
}