import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a subnet. Subnets represent network segments within the IP space defined by the virtual network. * * > **NOTE on Virtual Networks and Subnet's:** This provider currently * provides both a standalone Subnet resource, and allows for Subnets to be defined in-line within the Virtual Network resource. * At this time you cannot use a Virtual Network with in-line Subnets in conjunction with any Subnet resources. Doing so will cause a conflict of Subnet configurations and will overwrite Subnets. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", { * name: "example-vnet", * addressSpaces: ["10.0.0.0/16"], * location: example.location, * resourceGroupName: example.name, * }); * const exampleSubnet = new azure.network.Subnet("example", { * name: "example-subnet", * resourceGroupName: example.name, * virtualNetworkName: exampleVirtualNetwork.name, * addressPrefixes: ["10.0.1.0/24"], * delegations: [{ * name: "delegation", * serviceDelegation: { * name: "Microsoft.ContainerInstance/containerGroups", * actions: [ * "Microsoft.Network/virtualNetworks/subnets/join/action", * "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", * ], * }, * }], * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.Network` - 2025-01-01 * * ## Import * * Subnets can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:network/subnet:Subnet exampleSubnet /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/virtualNetworks/myvnet1/subnets/mysubnet1 * ``` */ export declare class Subnet extends pulumi.CustomResource { /** * Get an existing Subnet resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: SubnetState, opts?: pulumi.CustomResourceOptions): Subnet; /** * Returns true if the given object is an instance of Subnet. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Subnet; /** * The address prefixes to use for the subnet. * * > **Note:** Exactly one of `addressPrefixes` or `ipAddressPool` must be specified. */ readonly addressPrefixes: pulumi.Output; /** * Enable default outbound access to the internet for the subnet. Defaults to `true`. */ readonly defaultOutboundAccessEnabled: pulumi.Output; /** * One or more `delegation` blocks as defined below. */ readonly delegations: pulumi.Output; /** * An `ipAddressPool` block as defined below. * * > **Note:** Exactly one of `addressPrefixes` or `ipAddressPool` must be specified. */ readonly ipAddressPool: pulumi.Output; /** * The name of the subnet. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * Enable or Disable network policies for the private endpoint on the subnet. Possible values are `Disabled`, `Enabled`, `NetworkSecurityGroupEnabled` and `RouteTableEnabled`. Defaults to `Disabled`. * * > **NOTE:** If you don't want to use network policies like user-defined Routes and Network Security Groups, you need to set `privateEndpointNetworkPolicies` in the subnet to `Disabled`. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet. For other resources in the Subnet, access is controlled based via the Network Security Group which can be configured using the `azure.network.SubnetNetworkSecurityGroupAssociation` resource. * * > **NOTE:** If you want to use network policies like user-defined Routes and Network Security Groups, you need to set the `privateEndpointNetworkPolicies` in the Subnet to `Enabled`/`NetworkSecurityGroupEnabled`/`RouteTableEnabled`. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet. For other resources in the Subnet, access is controlled based via the Network Security Group which can be configured using the `azure.network.SubnetNetworkSecurityGroupAssociation` resource. * * > **NOTE:** See more details from [Manage network policies for Private Endpoints](https://learn.microsoft.com/en-gb/azure/private-link/disable-private-endpoint-network-policy?tabs=network-policy-portal). */ readonly privateEndpointNetworkPolicies: pulumi.Output; /** * Enable or Disable network policies for the private link service on the subnet. Defaults to `true`. * * > **NOTE:** When configuring Azure Private Link service, the explicit setting `privateLinkServiceNetworkPoliciesEnabled` must be set to `false` in the subnet since Private Link Service does not support network policies like user-defined Routes and Network Security Groups. This setting only affects the Private Link service. For other resources in the subnet, access is controlled based on the Network Security Group which can be configured using the `azure.network.SubnetNetworkSecurityGroupAssociation` resource. See more details from [Manage network policies for Private Link Services](https://learn.microsoft.com/en-gb/azure/private-link/disable-private-link-service-network-policy?tabs=private-link-network-policy-powershell). */ readonly privateLinkServiceNetworkPoliciesEnabled: pulumi.Output; /** * The name of the resource group in which to create the subnet. This must be the resource group that the virtual network resides in. Changing this forces a new resource to be created. */ readonly resourceGroupName: pulumi.Output; /** * The list of IDs of Service Endpoint Policies to associate with the subnet. */ readonly serviceEndpointPolicyIds: pulumi.Output; /** * The list of Service endpoints to associate with the subnet. Possible values include: `Microsoft.AzureActiveDirectory`, `Microsoft.AzureCosmosDB`, `Microsoft.ContainerRegistry`, `Microsoft.EventHub`, `Microsoft.KeyVault`, `Microsoft.ServiceBus`, `Microsoft.Sql`, `Microsoft.Storage`, `Microsoft.Storage.Global` and `Microsoft.Web`. * * > **NOTE:** In order to use `Microsoft.Storage.Global` service endpoint (which allows access to virtual networks in other regions), you must enable the `AllowGlobalTagsForStorage` feature in your subscription. This is currently a preview feature, please see the [official documentation](https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-cli#enabling-access-to-virtual-networks-in-other-regions-preview) for more information. */ readonly serviceEndpoints: pulumi.Output; /** * The sharing scope of the subnet. Possible value is `Tenant`. * * > **Note:** This property cannot be set if `defaultOutboundAccessEnabled` is set to `true`. * * !> **Note:** The `sharingScope` property is only available to users who have been explicitly registered and granted access by the Azure Networking Product Group. */ readonly sharingScope: pulumi.Output; /** * The name of the virtual network to which to attach the subnet. Changing this forces a new resource to be created. */ readonly virtualNetworkName: pulumi.Output; /** * Create a Subnet resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SubnetArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Subnet resources. */ export interface SubnetState { /** * The address prefixes to use for the subnet. * * > **Note:** Exactly one of `addressPrefixes` or `ipAddressPool` must be specified. */ addressPrefixes?: pulumi.Input[]>; /** * Enable default outbound access to the internet for the subnet. Defaults to `true`. */ defaultOutboundAccessEnabled?: pulumi.Input; /** * One or more `delegation` blocks as defined below. */ delegations?: pulumi.Input[]>; /** * An `ipAddressPool` block as defined below. * * > **Note:** Exactly one of `addressPrefixes` or `ipAddressPool` must be specified. */ ipAddressPool?: pulumi.Input; /** * The name of the subnet. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * Enable or Disable network policies for the private endpoint on the subnet. Possible values are `Disabled`, `Enabled`, `NetworkSecurityGroupEnabled` and `RouteTableEnabled`. Defaults to `Disabled`. * * > **NOTE:** If you don't want to use network policies like user-defined Routes and Network Security Groups, you need to set `privateEndpointNetworkPolicies` in the subnet to `Disabled`. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet. For other resources in the Subnet, access is controlled based via the Network Security Group which can be configured using the `azure.network.SubnetNetworkSecurityGroupAssociation` resource. * * > **NOTE:** If you want to use network policies like user-defined Routes and Network Security Groups, you need to set the `privateEndpointNetworkPolicies` in the Subnet to `Enabled`/`NetworkSecurityGroupEnabled`/`RouteTableEnabled`. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet. For other resources in the Subnet, access is controlled based via the Network Security Group which can be configured using the `azure.network.SubnetNetworkSecurityGroupAssociation` resource. * * > **NOTE:** See more details from [Manage network policies for Private Endpoints](https://learn.microsoft.com/en-gb/azure/private-link/disable-private-endpoint-network-policy?tabs=network-policy-portal). */ privateEndpointNetworkPolicies?: pulumi.Input; /** * Enable or Disable network policies for the private link service on the subnet. Defaults to `true`. * * > **NOTE:** When configuring Azure Private Link service, the explicit setting `privateLinkServiceNetworkPoliciesEnabled` must be set to `false` in the subnet since Private Link Service does not support network policies like user-defined Routes and Network Security Groups. This setting only affects the Private Link service. For other resources in the subnet, access is controlled based on the Network Security Group which can be configured using the `azure.network.SubnetNetworkSecurityGroupAssociation` resource. See more details from [Manage network policies for Private Link Services](https://learn.microsoft.com/en-gb/azure/private-link/disable-private-link-service-network-policy?tabs=private-link-network-policy-powershell). */ privateLinkServiceNetworkPoliciesEnabled?: pulumi.Input; /** * The name of the resource group in which to create the subnet. This must be the resource group that the virtual network resides in. Changing this forces a new resource to be created. */ resourceGroupName?: pulumi.Input; /** * The list of IDs of Service Endpoint Policies to associate with the subnet. */ serviceEndpointPolicyIds?: pulumi.Input[]>; /** * The list of Service endpoints to associate with the subnet. Possible values include: `Microsoft.AzureActiveDirectory`, `Microsoft.AzureCosmosDB`, `Microsoft.ContainerRegistry`, `Microsoft.EventHub`, `Microsoft.KeyVault`, `Microsoft.ServiceBus`, `Microsoft.Sql`, `Microsoft.Storage`, `Microsoft.Storage.Global` and `Microsoft.Web`. * * > **NOTE:** In order to use `Microsoft.Storage.Global` service endpoint (which allows access to virtual networks in other regions), you must enable the `AllowGlobalTagsForStorage` feature in your subscription. This is currently a preview feature, please see the [official documentation](https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-cli#enabling-access-to-virtual-networks-in-other-regions-preview) for more information. */ serviceEndpoints?: pulumi.Input[]>; /** * The sharing scope of the subnet. Possible value is `Tenant`. * * > **Note:** This property cannot be set if `defaultOutboundAccessEnabled` is set to `true`. * * !> **Note:** The `sharingScope` property is only available to users who have been explicitly registered and granted access by the Azure Networking Product Group. */ sharingScope?: pulumi.Input; /** * The name of the virtual network to which to attach the subnet. Changing this forces a new resource to be created. */ virtualNetworkName?: pulumi.Input; } /** * The set of arguments for constructing a Subnet resource. */ export interface SubnetArgs { /** * The address prefixes to use for the subnet. * * > **Note:** Exactly one of `addressPrefixes` or `ipAddressPool` must be specified. */ addressPrefixes?: pulumi.Input[]>; /** * Enable default outbound access to the internet for the subnet. Defaults to `true`. */ defaultOutboundAccessEnabled?: pulumi.Input; /** * One or more `delegation` blocks as defined below. */ delegations?: pulumi.Input[]>; /** * An `ipAddressPool` block as defined below. * * > **Note:** Exactly one of `addressPrefixes` or `ipAddressPool` must be specified. */ ipAddressPool?: pulumi.Input; /** * The name of the subnet. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * Enable or Disable network policies for the private endpoint on the subnet. Possible values are `Disabled`, `Enabled`, `NetworkSecurityGroupEnabled` and `RouteTableEnabled`. Defaults to `Disabled`. * * > **NOTE:** If you don't want to use network policies like user-defined Routes and Network Security Groups, you need to set `privateEndpointNetworkPolicies` in the subnet to `Disabled`. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet. For other resources in the Subnet, access is controlled based via the Network Security Group which can be configured using the `azure.network.SubnetNetworkSecurityGroupAssociation` resource. * * > **NOTE:** If you want to use network policies like user-defined Routes and Network Security Groups, you need to set the `privateEndpointNetworkPolicies` in the Subnet to `Enabled`/`NetworkSecurityGroupEnabled`/`RouteTableEnabled`. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet. For other resources in the Subnet, access is controlled based via the Network Security Group which can be configured using the `azure.network.SubnetNetworkSecurityGroupAssociation` resource. * * > **NOTE:** See more details from [Manage network policies for Private Endpoints](https://learn.microsoft.com/en-gb/azure/private-link/disable-private-endpoint-network-policy?tabs=network-policy-portal). */ privateEndpointNetworkPolicies?: pulumi.Input; /** * Enable or Disable network policies for the private link service on the subnet. Defaults to `true`. * * > **NOTE:** When configuring Azure Private Link service, the explicit setting `privateLinkServiceNetworkPoliciesEnabled` must be set to `false` in the subnet since Private Link Service does not support network policies like user-defined Routes and Network Security Groups. This setting only affects the Private Link service. For other resources in the subnet, access is controlled based on the Network Security Group which can be configured using the `azure.network.SubnetNetworkSecurityGroupAssociation` resource. See more details from [Manage network policies for Private Link Services](https://learn.microsoft.com/en-gb/azure/private-link/disable-private-link-service-network-policy?tabs=private-link-network-policy-powershell). */ privateLinkServiceNetworkPoliciesEnabled?: pulumi.Input; /** * The name of the resource group in which to create the subnet. This must be the resource group that the virtual network resides in. Changing this forces a new resource to be created. */ resourceGroupName: pulumi.Input; /** * The list of IDs of Service Endpoint Policies to associate with the subnet. */ serviceEndpointPolicyIds?: pulumi.Input[]>; /** * The list of Service endpoints to associate with the subnet. Possible values include: `Microsoft.AzureActiveDirectory`, `Microsoft.AzureCosmosDB`, `Microsoft.ContainerRegistry`, `Microsoft.EventHub`, `Microsoft.KeyVault`, `Microsoft.ServiceBus`, `Microsoft.Sql`, `Microsoft.Storage`, `Microsoft.Storage.Global` and `Microsoft.Web`. * * > **NOTE:** In order to use `Microsoft.Storage.Global` service endpoint (which allows access to virtual networks in other regions), you must enable the `AllowGlobalTagsForStorage` feature in your subscription. This is currently a preview feature, please see the [official documentation](https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-cli#enabling-access-to-virtual-networks-in-other-regions-preview) for more information. */ serviceEndpoints?: pulumi.Input[]>; /** * The sharing scope of the subnet. Possible value is `Tenant`. * * > **Note:** This property cannot be set if `defaultOutboundAccessEnabled` is set to `true`. * * !> **Note:** The `sharingScope` property is only available to users who have been explicitly registered and granted access by the Azure Networking Product Group. */ sharingScope?: pulumi.Input; /** * The name of the virtual network to which to attach the subnet. Changing this forces a new resource to be created. */ virtualNetworkName: pulumi.Input; }