Check for previous/existing GitHub issues/module proposals
Check this module doesn't already exist in the module indexes
Bicep or Terraform?
Terraform
Module Classification?
Resource Module
Module Name
avm-res-network-networksecurityperimeter
Module Details
Module Display Name: Network Security Perimeter
Module Name: avm-res-network-networksecurityperimeter
Azure Resource Provider: Microsoft.Network
Azure Resource Type: networkSecurityPerimeters
Description:
This module deploys and manages an Azure Network Security Perimeter (NSP) — a relatively new Azure networking primitive that enables organisations to define a logical network boundary around PaaS resources (such as Azure Storage, Key Vault, and Azure SQL) and control inbound and outbound access at the perimeter level, independent of private endpoints or service endpoints.
The module will cover the full resource lifecycle including:
- Network Security Perimeter resource creation and configuration
- Profile management (associating NSP profiles to PaaS resources)
- Inbound and outbound access rules (CIDR ranges, subscriptions, service tags)
- Resource associations (linking PaaS resources to the perimeter)
- Diagnostic settings, locks, role assignments, and tags — in line with AVM interface specifications
Why this module is needed:
Network Security Perimeter is a GA Azure service that currently has no AVM Terraform representation. As Microsoft pushes Zero Trust and data exfiltration prevention as core enterprise requirements, NSP is increasingly being mandated in Azure Landing Zone deployments — particularly in regulated industries (Financial Services, Healthcare, Government). Without an AVM module, teams are forced to write custom Terraform from scratch, with no consistency or governance guardrails.
This module directly supports the CAF Secure methodology and aligns with the Azure Landing Zone accelerator's security baseline.
Note on module ownership:
I am a community contributor (not a Microsoft FTE) and would like to develop this module. I am fully committed to building, testing, and maintaining it to AVM specification standards. I am happy to collaborate with a Microsoft FTE module owner as required by AVM governance, and I understand and accept the contribution and co-ownership model for non-FTE contributors.
Do you want to be the owner of this module?
No
Module Owner's GitHub Username (handle)
No response
(Optional) Secondary Module Owner's GitHub Username (handle)
No response
Check for previous/existing GitHub issues/module proposals
Check this module doesn't already exist in the module indexes
Bicep or Terraform?
Terraform
Module Classification?
Resource Module
Module Name
avm-res-network-networksecurityperimeter
Module Details
Module Display Name: Network Security Perimeter
Module Name: avm-res-network-networksecurityperimeter
Azure Resource Provider: Microsoft.Network
Azure Resource Type: networkSecurityPerimeters
Description:
This module deploys and manages an Azure Network Security Perimeter (NSP) — a relatively new Azure networking primitive that enables organisations to define a logical network boundary around PaaS resources (such as Azure Storage, Key Vault, and Azure SQL) and control inbound and outbound access at the perimeter level, independent of private endpoints or service endpoints.
The module will cover the full resource lifecycle including:
Why this module is needed:
Network Security Perimeter is a GA Azure service that currently has no AVM Terraform representation. As Microsoft pushes Zero Trust and data exfiltration prevention as core enterprise requirements, NSP is increasingly being mandated in Azure Landing Zone deployments — particularly in regulated industries (Financial Services, Healthcare, Government). Without an AVM module, teams are forced to write custom Terraform from scratch, with no consistency or governance guardrails.
This module directly supports the CAF Secure methodology and aligns with the Azure Landing Zone accelerator's security baseline.
Note on module ownership:
I am a community contributor (not a Microsoft FTE) and would like to develop this module. I am fully committed to building, testing, and maintaining it to AVM specification standards. I am happy to collaborate with a Microsoft FTE module owner as required by AVM governance, and I understand and accept the contribution and co-ownership model for non-FTE contributors.
Do you want to be the owner of this module?
No
Module Owner's GitHub Username (handle)
No response
(Optional) Secondary Module Owner's GitHub Username (handle)
No response