Azure Pyhton Sdk :: 1. Create Azure VNET 2. enable Flow log on NET 3. Attach VNET to Azure Virtual WAN

Question

I want to create Azure VNET programmatically with Azure python SDK then enable the NSG flow logs on NET and finally attach the VNET to the Azure virtual WAN.

score 0 · Answer 1 · answered Aug 16 '21 at 12:28

Install the management package with pip.(Reference-MSDocs)

Bash

pip install azure-mgmt-network

Create a virtual network and an associated subnet.

Python

from azure.mgmt.network import NetworkManagementClient

GROUP_NAME = 'resource-group'
VNET_NAME = 'your-vnet-identifier'
LOCATION = 'region'
SUBNET_NAME = 'your-subnet-identifier'

network_client = NetworkManagementClient(credentials, 'your-subscription-id')

async_vnet_creation = network_client.virtual_networks.create_or_update(
    GROUP_NAME,
    VNET_NAME,
    {
        'location': LOCATION,
        'address_space': {
            'address_prefixes': ['10.0.0.0/16']
        }
    }
)
async_vnet_creation.wait()

# Create Subnet
async_subnet_creation = network_client.subnets.create_or_update(
    GROUP_NAME,
    VNET_NAME,
    SUBNET_NAME,
    {'address_prefix': '10.0.0.0/24'}
)
subnet_info = async_subnet_creation.result()

Create a NSG with a specific security rule. Reference

from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.network.v2017_03_01.models import NetworkSecurityGroup
from azure.mgmt.network.v2017_03_01.models import SecurityRule
from azure.mgmt.resource.resources import ResourceManagementClient

subscription_id = 'xxxxxxxxx-xxxxxxxxxxxxxxxxxxxx'
credentials = ServicePrincipalCredentials(
    client_id = 'xxxxxx-xxxx-xxx-xxxx-xxxxxxx',
    secret = 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx',
    tenant = 'xxxxxx-xxxxxxx'
)

compute_client = ComputeManagementClient(
    credentials,
    subscription_id
)

network_client = NetworkManagementClient(
    credentials,
    subscription_id
)

resource_client = ResourceManagementClient(
    credentials,
    subscription_id
)
resource_client.providers.register('Microsoft.Compute')
resource_client.providers.register('Microsoft.Network')

resource_group_name = 'test-rg'
nsg_name = "testnsg"
parameters = NetworkSecurityGroup(id= "testnsg", location="UK South", tags={ "name" : "testnsg" })


parameters.security_rules = [SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow RDP port 3389',source_port_range='*', destination_port_range='3389', priority=100, name='RDP01')]   


network_client.network_security_groups.create_or_update(resource_group_name, "test-nsg", parameters)

print(“completed  creating security rules”)

Or you can

Associate the NSG to an existing subnet, using python sdk SO reference

subscription_id = "xxxxxx"
credential = ServicePrincipalCredentials(
  client_id="xxxxx",
  secret="xxxxx",
  tenant="xxxxx"
)

network_client = NetworkManagementClient(credential, subscription_id)

resource_group_name = "xxxxx"
vnet_name = "xxxxx"
subnet_name = "xxxxx"
sunet_data = {
  "properties": {
    "addressSpace": {
      "addressPrefixes": [
        "*"
      ]
    },
    "subnets": [
      {
        "name": "default",
        "properties": {
          "addressPrefix": "*",
          "networkSecurityGroup": {
            "id": networkSecurityGroupId ,
            "location": "eastasia"
            }
        }
      }
    ]
  },
  "location": "eastasia"
}

result = network_client.subnets.create_or_update(resource_group_name, vnet_name, subnet_name, subnet_data)

Note: Source/destination_port_ranges simply accepts a list of accepted ports or port ranges. For example: ['80', '100-200'] or other example: destination_port_range=[1000,2000] However, * can only be used with the standalone property and not in the list. source/destination_address_prefixes accepts a list of CIDR addresses, ex: ['10.0.0.0/24', '11.0.0.0/24']. To use * or a tag (Internet or VirtualNetwork for example) you must use the singular property. They cannot be used in the list.

You can check out this document > Operations module where various operations are listed in python sdk. You can click on [source] of the required operation to get the code to be used: Example:

Similar to nsg and vnet ,set required wan parameters and use:

create_or_update(resource_group_name, virtual_wan_name, wan_parameters, custom_headers=None, raw=False, polling=True, **operation_config)

Also see virtual network operations and add vpn gateway if required Sample for Creating Virtual Network Gateway

If you want use azure portal see > Connect a virtual network gateway to an Azure Virtual WAN

Azure Pyhton Sdk :: 1. Create Azure VNET 2. enable Flow log on NET 3. Attach VNET to Azure Virtual WAN

1 Answers1