AzureVirtualNetworkExtensions Methods
Class Methods 11 members
Provides extension methods for adding Azure Virtual Network resources to the application model.
AddAzureVirtualNetwork(IDistributedApplicationBuilder, string, string?) Section titled AddAzureVirtualNetwork(IDistributedApplicationBuilder, string, string?) extension IResourceBuilder<AzureVirtualNetworkResource> Adds an Azure Virtual Network resource to the application model.
public static class AzureVirtualNetworkExtensions{ public static IResourceBuilder<AzureVirtualNetworkResource> AddAzureVirtualNetwork( this IDistributedApplicationBuilder builder, string name, string? addressPrefix = null) { // ... }}Parameters
builder IDistributedApplicationBuilder The builder for the distributed application. name string The name of the Azure Virtual Network resource. addressPrefix string? optional The address prefix for the virtual network (e.g., "10.0.0.0/16"). If null, defaults to "10.0.0.0/16". Returns
IResourceBuilder<AzureVirtualNetworkResource> A reference to the ApplicationModel.IResourceBuilder`1. Examples
This example creates a virtual network with a subnet for private endpoints:
var vnet = builder.AddAzureVirtualNetwork("vnet");var subnet = vnet.AddSubnet("pe-subnet", "10.0.1.0/24");AddAzureVirtualNetwork(IDistributedApplicationBuilder, string, IResourceBuilder<ParameterResource>) Section titled AddAzureVirtualNetwork(IDistributedApplicationBuilder, string, IResourceBuilder<ParameterResource>) extension IResourceBuilder<AzureVirtualNetworkResource> Adds an Azure Virtual Network resource to the application model with a parameterized address prefix.
public static class AzureVirtualNetworkExtensions{ public static IResourceBuilder<AzureVirtualNetworkResource> AddAzureVirtualNetwork( this IDistributedApplicationBuilder builder, string name, IResourceBuilder<ParameterResource> addressPrefix) { // ... }}Parameters
builder IDistributedApplicationBuilder The builder for the distributed application. name string The name of the Azure Virtual Network resource. addressPrefix IResourceBuilder<ParameterResource> The parameter resource containing the address prefix for the virtual network (e.g., "10.0.0.0/16"). Returns
IResourceBuilder<AzureVirtualNetworkResource> A reference to the ApplicationModel.IResourceBuilder`1. Examples
This example creates a virtual network with a parameterized address prefix:
var vnetPrefix = builder.AddParameter("vnetPrefix");var vnet = builder.AddAzureVirtualNetwork("vnet", vnetPrefix);var subnet = vnet.AddSubnet("pe-subnet", "10.0.1.0/24");AddSubnet(IResourceBuilder<AzureVirtualNetworkResource>, string, string, string?) Section titled AddSubnet(IResourceBuilder<AzureVirtualNetworkResource>, string, string, string?) extension IResourceBuilder<AzureSubnetResource> Adds an Azure Subnet to the Virtual Network.
public static class AzureVirtualNetworkExtensions{ public static IResourceBuilder<AzureSubnetResource> AddSubnet( this IResourceBuilder<AzureVirtualNetworkResource> builder, string name, string addressPrefix, string? subnetName = null) { // ... }}Parameters
builder IResourceBuilder<AzureVirtualNetworkResource> The Virtual Network resource builder. name string The name of the subnet resource. addressPrefix string The address prefix for the subnet (e.g., "10.0.1.0/24"). subnetName string? optional The subnet name in Azure. If null, the resource name is used. Returns
IResourceBuilder<AzureSubnetResource> A reference to the ApplicationModel.IResourceBuilder`1. Examples
This example adds a subnet to a virtual network:
var vnet = builder.AddAzureVirtualNetwork("vnet");var subnet = vnet.AddSubnet("my-subnet", "10.0.1.0/24");AddSubnet(IResourceBuilder<AzureVirtualNetworkResource>, string, IResourceBuilder<ParameterResource>, string?) Section titled AddSubnet(IResourceBuilder<AzureVirtualNetworkResource>, string, IResourceBuilder<ParameterResource>, string?) extension IResourceBuilder<AzureSubnetResource> Adds an Azure Subnet to the Virtual Network with a parameterized address prefix.
public static class AzureVirtualNetworkExtensions{ public static IResourceBuilder<AzureSubnetResource> AddSubnet( this IResourceBuilder<AzureVirtualNetworkResource> builder, string name, IResourceBuilder<ParameterResource> addressPrefix, string? subnetName = null) { // ... }}Parameters
builder IResourceBuilder<AzureVirtualNetworkResource> The Virtual Network resource builder. name string The name of the subnet resource. addressPrefix IResourceBuilder<ParameterResource> The parameter resource containing the address prefix for the subnet (e.g., "10.0.1.0/24"). subnetName string? optional The subnet name in Azure. If null, the resource name is used. Returns
IResourceBuilder<AzureSubnetResource> A reference to the ApplicationModel.IResourceBuilder`1. Examples
This example adds a subnet with a parameterized address prefix:
var subnetPrefix = builder.AddParameter("subnetPrefix");var vnet = builder.AddAzureVirtualNetwork("vnet");var subnet = vnet.AddSubnet("my-subnet", subnetPrefix);AllowInbound(IResourceBuilder<AzureSubnetResource>, string?, string?, string?, SecurityRuleProtocol?, int?, string?) Section titled AllowInbound(IResourceBuilder<AzureSubnetResource>, string?, string?, string?, SecurityRuleProtocol?, int?, string?) extension IResourceBuilder<AzureSubnetResource> Adds an inbound allow rule to the subnet's Network Security Group.
public static class AzureVirtualNetworkExtensions{ public static IResourceBuilder<AzureSubnetResource> AllowInbound( this IResourceBuilder<AzureSubnetResource> builder, string? port = null, string? from = null, string? to = null, SecurityRuleProtocol? protocol = null, int? priority = null, string? name = null) { // ... }}Parameters
builder IResourceBuilder<AzureSubnetResource> The subnet resource builder. port string? optional The destination port range (e.g., "443", "80-443"). Defaults to "*" (any). from string? optional The source address prefix (e.g., "AzureLoadBalancer", "Internet", "10.0.0.0/8"). Defaults to "*" (any). to string? optional The destination address prefix. Defaults to "*" (any). protocol SecurityRuleProtocol? optional The network protocol. Defaults to SecurityRuleProtocol.Asterisk (any). priority int? optional The rule priority (100-4096). If not specified, auto-increments from 100 by 100. name string? optional The rule name. If not specified, auto-generated from parameters. Returns
IResourceBuilder<AzureSubnetResource> A reference to the ApplicationModel.IResourceBuilder`1 for chaining. Remarks
If no Network Security Group has been associated with the subnet, one is automatically created.
Examples
This example allows HTTPS traffic from the Azure Load Balancer:
var subnet = vnet.AddSubnet("web", "10.0.1.0/24") .AllowInbound(port: "443", from: AzureServiceTags.AzureLoadBalancer, protocol: SecurityRuleProtocol.Tcp) .DenyInbound(from: AzureServiceTags.Internet);AllowOutbound(IResourceBuilder<AzureSubnetResource>, string?, string?, string?, SecurityRuleProtocol?, int?, string?) Section titled AllowOutbound(IResourceBuilder<AzureSubnetResource>, string?, string?, string?, SecurityRuleProtocol?, int?, string?) extension IResourceBuilder<AzureSubnetResource> Adds an outbound allow rule to the subnet's Network Security Group.
public static class AzureVirtualNetworkExtensions{ public static IResourceBuilder<AzureSubnetResource> AllowOutbound( this IResourceBuilder<AzureSubnetResource> builder, string? port = null, string? from = null, string? to = null, SecurityRuleProtocol? protocol = null, int? priority = null, string? name = null) { // ... }}Parameters
builder IResourceBuilder<AzureSubnetResource> The subnet resource builder. port string? optional The destination port range (e.g., "443", "80-443"). Defaults to "*" (any). from string? optional The source address prefix. Defaults to "*" (any). to string? optional The destination address prefix (e.g., "Internet", "VirtualNetwork"). Defaults to "*" (any). protocol SecurityRuleProtocol? optional The network protocol. Defaults to SecurityRuleProtocol.Asterisk (any). priority int? optional The rule priority (100-4096). If not specified, auto-increments from 100 by 100. name string? optional The rule name. If not specified, auto-generated from parameters. Returns
IResourceBuilder<AzureSubnetResource> A reference to the ApplicationModel.IResourceBuilder`1 for chaining. Remarks
If no Network Security Group has been associated with the subnet, one is automatically created.
DenyInbound(IResourceBuilder<AzureSubnetResource>, string?, string?, string?, SecurityRuleProtocol?, int?, string?) Section titled DenyInbound(IResourceBuilder<AzureSubnetResource>, string?, string?, string?, SecurityRuleProtocol?, int?, string?) extension IResourceBuilder<AzureSubnetResource> Adds an inbound deny rule to the subnet's Network Security Group.
public static class AzureVirtualNetworkExtensions{ public static IResourceBuilder<AzureSubnetResource> DenyInbound( this IResourceBuilder<AzureSubnetResource> builder, string? port = null, string? from = null, string? to = null, SecurityRuleProtocol? protocol = null, int? priority = null, string? name = null) { // ... }}Parameters
builder IResourceBuilder<AzureSubnetResource> The subnet resource builder. port string? optional The destination port range (e.g., "443", "80-443"). Defaults to "*" (any). from string? optional The source address prefix (e.g., "Internet", "VirtualNetwork", "10.0.0.0/8"). Defaults to "*" (any). to string? optional The destination address prefix. Defaults to "*" (any). protocol SecurityRuleProtocol? optional The network protocol. Defaults to SecurityRuleProtocol.Asterisk (any). priority int? optional The rule priority (100-4096). If not specified, auto-increments from 100 by 100. name string? optional The rule name. If not specified, auto-generated from parameters. Returns
IResourceBuilder<AzureSubnetResource> A reference to the ApplicationModel.IResourceBuilder`1 for chaining. Remarks
If no Network Security Group has been associated with the subnet, one is automatically created.
DenyOutbound(IResourceBuilder<AzureSubnetResource>, string?, string?, string?, SecurityRuleProtocol?, int?, string?) Section titled DenyOutbound(IResourceBuilder<AzureSubnetResource>, string?, string?, string?, SecurityRuleProtocol?, int?, string?) extension IResourceBuilder<AzureSubnetResource> Adds an outbound deny rule to the subnet's Network Security Group.
public static class AzureVirtualNetworkExtensions{ public static IResourceBuilder<AzureSubnetResource> DenyOutbound( this IResourceBuilder<AzureSubnetResource> builder, string? port = null, string? from = null, string? to = null, SecurityRuleProtocol? protocol = null, int? priority = null, string? name = null) { // ... }}Parameters
builder IResourceBuilder<AzureSubnetResource> The subnet resource builder. port string? optional The destination port range (e.g., "443", "80-443"). Defaults to "*" (any). from string? optional The source address prefix. Defaults to "*" (any). to string? optional The destination address prefix (e.g., "Internet", "VirtualNetwork"). Defaults to "*" (any). protocol SecurityRuleProtocol? optional The network protocol. Defaults to SecurityRuleProtocol.Asterisk (any). priority int? optional The rule priority (100-4096). If not specified, auto-increments from 100 by 100. name string? optional The rule name. If not specified, auto-generated from parameters. Returns
IResourceBuilder<AzureSubnetResource> A reference to the ApplicationModel.IResourceBuilder`1 for chaining. Remarks
If no Network Security Group has been associated with the subnet, one is automatically created.
WithDelegatedSubnet(IResourceBuilder<T>, IResourceBuilder<AzureSubnetResource>) Section titled WithDelegatedSubnet(IResourceBuilder<T>, IResourceBuilder<AzureSubnetResource>) extension IResourceBuilder<T> Configures the resource to use the specified subnet with appropriate service delegation.
public static class AzureVirtualNetworkExtensions{ public static IResourceBuilder<T> WithDelegatedSubnet<T>( this IResourceBuilder<T> builder, IResourceBuilder<AzureSubnetResource> subnet) { // ... }}Parameters
builder IResourceBuilder<T> The resource builder. subnet IResourceBuilder<AzureSubnetResource> The subnet to associate with the resource. Returns
IResourceBuilder<T> A reference to the ApplicationModel.IResourceBuilder`1. Remarks
This method automatically configures the subnet with the appropriate service delegation for the target resource type (e.g., "Microsoft.App/environments" for Azure Container Apps).
Examples
This example configures an Azure Container App Environment to use a subnet:
var vnet = builder.AddAzureVirtualNetwork("vnet");var subnet = vnet.AddSubnet("aca-subnet", "10.0.0.0/23");
var env = builder.AddAzureContainerAppEnvironment("env") .WithDelegatedSubnet(subnet);WithNatGateway(IResourceBuilder<AzureSubnetResource>, IResourceBuilder<AzureNatGatewayResource>) Section titled WithNatGateway(IResourceBuilder<AzureSubnetResource>, IResourceBuilder<AzureNatGatewayResource>) extension IResourceBuilder<AzureSubnetResource> Associates a NAT Gateway with the subnet.
public static class AzureVirtualNetworkExtensions{ public static IResourceBuilder<AzureSubnetResource> WithNatGateway( this IResourceBuilder<AzureSubnetResource> builder, IResourceBuilder<AzureNatGatewayResource> natGateway) { // ... }}Parameters
builder IResourceBuilder<AzureSubnetResource> The subnet resource builder. natGateway IResourceBuilder<AzureNatGatewayResource> The NAT Gateway to associate with the subnet. Returns
IResourceBuilder<AzureSubnetResource> A reference to the ApplicationModel.IResourceBuilder`1 for chaining. Remarks
A NAT Gateway provides outbound internet connectivity for resources in the subnet. A subnet can have at most one NAT Gateway.
Examples
This example creates a subnet with an associated NAT Gateway:
var natGateway = builder.AddNatGateway("nat");var vnet = builder.AddAzureVirtualNetwork("vnet");var subnet = vnet.AddSubnet("aca-subnet", "10.0.0.0/23") .WithNatGateway(natGateway);WithNetworkSecurityGroup(IResourceBuilder<AzureSubnetResource>, IResourceBuilder<AzureNetworkSecurityGroupResource>) Section titled WithNetworkSecurityGroup(IResourceBuilder<AzureSubnetResource>, IResourceBuilder<AzureNetworkSecurityGroupResource>) extension IResourceBuilder<AzureSubnetResource> Associates a Network Security Group with the subnet.
public static class AzureVirtualNetworkExtensions{ public static IResourceBuilder<AzureSubnetResource> WithNetworkSecurityGroup( this IResourceBuilder<AzureSubnetResource> builder, IResourceBuilder<AzureNetworkSecurityGroupResource> nsg) { // ... }}Parameters
builder IResourceBuilder<AzureSubnetResource> The subnet resource builder. nsg IResourceBuilder<AzureNetworkSecurityGroupResource> The Network Security Group to associate with the subnet. Returns
IResourceBuilder<AzureSubnetResource> A reference to the ApplicationModel.IResourceBuilder`1 for chaining. Exceptions
InvalidOperationException Thrown when the subnet already has security rules added via shorthand methods ( AzureVirtualNetworkExtensions.AllowInbound, AzureVirtualNetworkExtensions.DenyInbound, AzureVirtualNetworkExtensions.AllowOutbound, AzureVirtualNetworkExtensions.DenyOutbound). Use either shorthand methods or an explicit NSG, not both. Examples
This example creates a subnet with an associated Network Security Group:
var nsg = builder.AddNetworkSecurityGroup("web-nsg");var vnet = builder.AddAzureVirtualNetwork("vnet");var subnet = vnet.AddSubnet("web-subnet", "10.0.1.0/24") .WithNetworkSecurityGroup(nsg);