1

When I created an Azure virtual network, it automatically creates a Network Watcher called NetworkWatcher_canadacentral for me in its own resource group called NetworkWatcherRG.

My question is whether its possible to give the Network Watcher and the resource group it gets created in a custom name. I'm using Pulumi to Create my virtual network but answers showing ARM/Bicep/Terraform are also welcome.

Muhammad Rehan Saeed
  • 35,627
  • 39
  • 202
  • 311

1 Answers1

1

You can name it whatever you want as long as it meets the naming requirements which is 1-80 chars, Alphanumerics, underscores, periods, and hyphens. Start with alphanumeric. End alphanumeric or underscore.

Terraform

In Terraform you just give the Network Watcher resource name whatever you want like so:

resource "azurerm_network_watcher" "app1_traffic" {
  name                = "MyAwesomeNetworkWatcherName"
  location            = azurerm_resource_group.application1.location
  resource_group_name = azurerm_resource_group.application1.name
}

PowerShell

In PowerShell the command is:

New-AzNetworkWatcher -Name "MyNetworkWatcherName" -ResourceGroupName "secstuff" -Location "East US 2"

Pulumi

From what I see on the Pulumi docs Network Watcher does take a name parameter.

enter image description here

Ken W - Zero Networks
  • 3,533
  • 1
  • 13
  • 18
  • 1
    I am not creating a network watcher explicitly. One is created for me when I create a virtual network. I'm trying to figure out how I can control the naming of it. – Muhammad Rehan Saeed Feb 10 '22 at 17:07
  • 1
    If it's being created automatically, then I would guess your subscription has the **Deploy network watcher when virtual networks are created** policy assigned. You will need to disable this policy if you want to change the default Network Watcher name. – Ken W - Zero Networks Feb 10 '22 at 17:40
  • You could modify the policy to put the Network Watcher elsewhere. – Ken W - Zero Networks Feb 10 '22 at 18:01
  • Is it possible to disable the policy through ARM/Bicep/Terraform/Pulumi since it seems to be a default in Azure? Do I need to do anything to connect the network watcher with the virtual network? – Muhammad Rehan Saeed Feb 11 '22 at 10:24
  • 1
    That's not how policy was designed to be used. Policies are implemented to ensure compliance and if you could easily disable/circumvent them it wouldn't do much good to have them. You can reverse a policy that is created via Terraform easily but if the policy was created outside then you need to use Powershell or the CLI to remove policy. – Ken W - Zero Networks Feb 11 '22 at 13:58
  • Thanks. Do I need to do anything to connect the network watcher with the virtual network? – Muhammad Rehan Saeed Feb 11 '22 at 14:15
  • No, it is automatically enabled for any VNET created in the same region as then watcher, nothing to connect or configure. You can opt-out of the automatic enablement but this impacts the entire subscription and will require a support ticket to re-enable. https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-create#opt-out-of-network-watcher-automatic-enablement – Ken W - Zero Networks Feb 11 '22 at 17:22