Bicep Module Documentation
← Back to Overview
Module network-watcher
networkWatcher
| Property | Value | Description |
|---|---|---|
| general (required) | general | |
| flowLogs | flowLog[] | List of flow log configurations to be created in the Network Watcher. |
flowLog
| Property | Value | Description |
|---|---|---|
| enabled | bool | Flag to enable/disable flow logging. (default: true) |
| enabledFilteringCriteria | string | Optional field to filter network traffic logs based on SrcIP, SrcPort, DstIP, DstPort, Protocol, Encryption, Direction and Action. If not specified, all network traffic will be logged. |
| flowAnalyticsConfiguration | flowAnalyticsConfiguration | Optional parameters that define the configuration of Traffic Analytics. |
| recordTypes | string | Optional field to filter network traffic logs based on flow states. Value of this field could be any comma separated combination string of letters B,C,E or D. B represents Begin, when a flow is created. C represents Continue for an ongoing flow generated at every five-minute interval. E represents End, when a flow is terminated. D represents Deny, when a flow is denied. If not specified, all network traffic will be logged. |
| retentionPolicy (required) | retentionPolicy | Parameters that define the retention policy for flow log. |
| storageId (required) | string | Resource ID of the storage account which is used to store the flow log. |
| targetResourceId (required) | string | Resource ID to which flow log will be applied. Can be a VNet, subnet or a network interface. |
networkWatcherFlowAnalyticsConfiguration
| Property | Value | Description |
|---|---|---|
| enabled | bool | Flag to enable/disable traffic analytics. (default: true) |
| trafficAnalyticsInterval | '10' '60' |
The interval in minutes which would decide how frequently TA service should do flow analytics. (default: 60) |
| workspaceResourceId (required) | string | Resource ID of the Log Analytics workspace to which flow analytics data will be sent. |
flowAnalyticsConfiguration
| Property | Value | Description |
|---|---|---|
| networkWatcherFlowAnalyticsConfiguration (required) | networkWatcherFlowAnalyticsConfiguration |
retentionPolicy
| Property | Value | Description |
|---|---|---|
| days (required) | int | Number of days to retain flow log records. 0 means retain forever. |
| enabled | bool | Flag to enable/disable retention. (default: true) |
naming
| Property | Value | Description |
|---|---|---|
| forceFunctionAsFullName | bool | Use the function value as the full name of the resource |
| abbreviation | string | Override the abbreviation of this resource with this parameter |
| environment | string | The resource environment (for example: dev, tst, acc, prd) |
| location | string | The resource location (for example: weu, we, westeurope) |
| customer | string | The name of the customer |
| delimiter | string | The delimiter between resources (default: -) |
| nameFormat | Array containing any of: 'abbreviation' 'customer' 'environment' 'function' 'location' 'param1' 'param2' 'param3' 'useCaseName' |
The order of the array defines the order of elements in the naming scheme |
| param1 | string | Extra parameter self defined |
| param2 | string | Extra parameter self defined |
| param3 | string | Extra parameter self defined |
| function (required) | string | Function of the resource [can be app, db, security,...] |
| useCaseName | string | Name of the use case [can be hub, spoke,...] |
| suffix | string | Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...] |
| forceDefaultNaming | bool | Force the CAF naming instead of default company naming |
resourceLock
| Property | Value | Description |
|---|---|---|
| name | string | Character limit: 1-90. Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| level (required) | 'CanNotDelete' 'ReadOnly' |
The level of the lock. Possible values are: CanNotDelete and ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. Read-Only locks must be commented to be able to deploy again |
| notes | string | Notes about the lock. Maximum of 512 characters. |
| owners | resourceLockOwner[] | The owners of the lock |
resourceLockOwner
| Property | Value | Description |
|---|---|---|
| applicationId (required) | string | The application ID of the lock owner. |
roleAssignment
| Property | Value | Description |
|---|---|---|
| principalId (required) | string | The principal ID |
| roleDefinitionId (required) | string | The role definition ID, data file can be used for this |
| condition | string | Condition on the role assignment |
| conditionVersion | string | Version of the condition. Currently the only accepted value is "2.0" |
| delegatedManagedIdentityResourceId | string | Id of the delegated managed identity resource |
| description | string | Description of role assignment |
general
| Property | Value | Description |
|---|---|---|
| tags | object | Tags of the resource [hashtable] |
| location (required) | string | Location of the resource |
| naming (required) | naming | Naming module of the resource |
| resourceGroupName (required) | string | Name of the resource group where the resource should be located |
| sharedNaming (required) | naming | Reference to the default naming |
| roleAssignments | roleAssignment[] | Role assignments on the resource |
| resourceLocks | resourceLock[] | Resource Locks on the resource |
Changelog
2.2.1 (2026-04-03)
Bug Fixes
- flowLogs default values not being set
2.2.0 (2026-03-25)
Features
- add possibility to create flow logs within the Network Watcher
2.1.0 (2025-10-06)
Features
- update resource api version
2.0.1 (2025-09-24)
Bug Fixes
- remove deployment name + cleanup
2.0.0 (2025-09-24)
⚠ BREAKING CHANGES
- remove deprecated outputs
Bug Fixes
- remove deprecated outputs
1.3.0 (2025-03-26)
Features
- add resourceName output