Skip to content Skip to sidebar Skip to footer
Home / Azure / Python

How To Create Azure Network Security Group Via Python Sdk

Post a Comment
I'm using Azure Python SDK to deploy Azure VM. I can create VM with Network Security Group without any issue via the Azure portal. However, I failed to create a Network Security Gr

Solution 1:

The error means your client does not have the permission to do the operations, you need to add it as an RBAC role in your resource group/subscription.

However, I can create a Network Security Group via the Azure portal by clicking "create a resource" or add new source in Resource Group.

In the portal, your are using the account logged in the portal, if you are using the code here, it uses the credentials of the service principal, it is different.

Here is a complete sample works for me, you follow the steps below.

1.Register an application with Azure AD and create a service principal.

2.Get values for signing in and create a new application secret.

3.Navigate to the resource group or the subscription -> Access control (IAM) -> Add -> add service principal of the AD App as an RBAC role e.g. Contributor, details follow this.

4.Then use the code below.

from azure.identity import ClientSecretCredential
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.network.v2020_06_01.models import NetworkSecurityGroup
from azure.mgmt.network.v2020_06_01.models import SecurityRule

tenant_id = "<tenant-id>"
client_id = "<client-id>"
client_secret = "<client-secret>"
subscription_id = "<subscription-id>"

credential = ClientSecretCredential(tenant_id, client_id, client_secret)
network_client = NetworkManagementClient(credential, subscription_id)

resource_group_name = "<group-name>"
nsg_name = "testnsg"

nsg_params = NetworkSecurityGroup(id= "testnsg", location="UK South", tags={ "name" : "testnsg" })
nsg = network_client.network_security_groups.begin_create_or_update(resource_group_name, "testnsg", parameters=nsg_params)
print(nsg.result().as_dict())

enter image description here

5.Check in the portal:

enter image description here

Update:

If you want to use the user account, you just need to use AzureCliCredential.

1.Install the Azure CLI, then login your account with az login in a local terminal, e.g. powershell.

2.After login, change the code like below and run it.

from azure.identity import ClientSecretCredential
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.network.v2020_06_01.models import NetworkSecurityGroup
from azure.mgmt.network.v2020_06_01.models import SecurityRule


subscription_id = "<subscription-id>"

credential = AzureCliCredential()
network_client = NetworkManagementClient(credential, subscription_id)

resource_group_name = "<group-name>"
nsg_name = "testnsg"

nsg_params = NetworkSecurityGroup(id= "testnsg", location="UK South", tags={ "name" : "testnsg" })
nsg = network_client.network_security_groups.begin_create_or_update(resource_group_name, "testnsg", parameters=nsg_params)
print(nsg.result().as_dict())

Post a Comment for "How To Create Azure Network Security Group Via Python Sdk"