Back to Azure Resource templates index <–
A network security group (NSG) includes rules that allow or deny traffic to a virtual network subnet, network interface, or both.
Template Locations
Infrastructure As Code Advisor (Beta)
WAF-compliance
The WAF-compliance advisor validates templates based on the Well Architected Framework practices. Every day a GitHub Action updates the templates compliance data and lists the recomendations.
Sustainbility Advisor
The sustainability advisor is based on the Sogeti Cloud Reference Architecture with sustainble practices. These sustainble practices cover application code, cloud infrastructures and data. The global Sogeti community is continously evolving the sustainble practices and every day new and tuned are added. For cloud infrastructures the sustainble practices are automatically validated and reported below.
note: when 100% it can be that there is no sustainble practices yet for this Cloud infrastructure.
Online documentation
Template reference
Service description
Related Azure Resources
| Resource | Description | Automation |
|---|---|---|
| Azure LoadBalancer | Loadbalancer | ARM |
| Network Security Group | A network security group (NSG) includes rules that allow or deny traffic to a virtual network subnet, network interface, or both. | Bicep |
Requirements
- Resource group must been created with a valid name and location.
- A Network Security Group requires Application name that is the subnet name and the security rules.
Input values
- tagBillingIdentifier: Cost Center.
- customer:Name or abbreviation for the customer.
- environment: The environment denotation.d=Development, t=Test, a=Acceptance, p=Production, dt=Dev-Test,ap=Acceptance-Production.
- applicationName
- sourceAddressPrefix
- destinationAddressPrefix
Output values
- NSGName
Additional information
A network security group (NSG) includes rules that allow or deny traffic to a virtual network subnet, network interface, or both.
A network security group contains several default security rules that allow or deny traffic to or from resources. A network security group can be associated to a network interface, the subnet the network interface is in, or both.
The template contains the basic settings for an Network Security Group, only the Security Rules tag and the Application name needs to be specified. Specific configuration needs can be set with the Azure CLI WebApp configuration. For example add application settings:
az network nsg create
All other settings can follow the same commands.
For an example release see: Cloudification NSG VSTS release
See template for Azure Resource Manager template.
Compliance Advisor details
Resource Health Result
| Message | ResourceType | Severity |
|---|---|---|
| Your current API Version i.e.2021-02-01 for the resource Microsoft.Network/networkSecurityGroups is outdatedconsider updating to new recent version available i.e. 2023-04-01 or 2023-02-01 | Microsoft.Network/networkSecurityGroups | 2 |
| To help other contributors understand the purpose of the resource, specify comments for each resource in the template | Microsoft.Network/networkSecurityGroups | 1 |
TemplateParameterHealthResult
| Message | Severity |
|---|---|
| Define default values for parameters that aren't sensitive. By specifying a default value, it's easier to deploy the template, and users of your template see an example of an appropriate value i.e. nsgCustomNameRead More | 1 |
| Define default values for parameters that aren't sensitive. By specifying a default value, it's easier to deploy the template, and users of your template see an example of an appropriate value i.e. sourceAddressPrefixRead More | 1 |
| Define default values for parameters that aren't sensitive. By specifying a default value, it's easier to deploy the template, and users of your template see an example of an appropriate value i.e. destinationAddressPrefixRead More | 1 |