Azure-cli: Network watcher automatically created when I create a VM

Created on 11 Jan 2019  路  6Comments  路  Source: Azure/azure-cli

Describe the bug
When I create my VM new group 'NetworkWatcherRG' is automatically created.

To Reproduce
root@Alexey-HP:~# az group list | grep -i NetworkWatcherRG
root@Alexey-HP:~#

root@Alexey-HP:~# az group create

--name centosresourcegroup
--location northeurope
Location Name

northeurope centosresourcegroup

root@Alexey-HP:~# az vm create

--name centos-ent10-prepare
--resource-group centosresourcegroup
--image OpenLogic:CentOS:7.5:7.5.20180815
--location northeurope
--size Standard_DS1
--ssh-key-value ~/.ssh/id_rsa.pub
--admin-username azureuser
--authentication-type ssh
--public-ip-address-dns-name centos-ent10-prepare-dnsname
--os-disk-name centos-ent10-prepare-osdisk
--storage-sku Standard_LRS
ResourceGroup PowerState PublicIpAddress Fqdns PrivateIpAddress MacAddress Location Zones

centosresourcegroup VM running 40.127.199.114 centos-ent10-prepare-dnsname.northeurope.cloudapp.azure.com 10.0.0.4 00-0D-3A-B1-69-B6 northeurope
root@Alexey-HP:~#

root@Alexey-HP:~# az group list | grep -i NetworkWatcherRG
NetworkWatcherRG northeurope Succeeded
root@Alexey-HP:~#

Expected behavior
New group 'NetworkWatcherRG' should not be created.

Environment summary
Bash on Windows 10

root@Alexey-HP:~# az --version | head -1
azure-cli (2.0.54)

Microsoft Windows [Version 10.0.18309.1000]
(c) 2018 Microsoft Corporation. All rights reserved.

Additional context
I didn't happen earlier.

Compute - VM Network - Network Watcher Service Attention question
Source
picture alexeyshishkin01

Most helpful comment

Also, if you would like to opt-out of this behavior (which is not recommended) please see:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-create

picture tjprescott on 11 Jan 2019
😕2 😄1 👎1 👍1

All 6 comments

Interesting. I can reproduce this. It looks like it is enabling Network Watcher for the region you create your VM in. When I run with --validate --verbose to examine the ARM template actually sent to Azure (without actually sending it), I see no mention of this resource group or network watchers in general. This may be a change in the service-side behavior.

tjprescott picture tjprescott on 11 Jan 2019

It isn't just the resource group that is created. The Network Watcher resource itself is created for that region. However, this is not done by the CLI.

tjprescott picture tjprescott on 11 Jan 2019

Hi @alexeyshishkin01 this is a service-side behavior that is by design. Please see:
https://azure.microsoft.com/en-us/updates/azure-network-watcher-will-be-enabled-by-default-for-subscriptions-containing-virtual-networks/

The resource is free, but if you wanted, you could delete the resource group (which would delete the resources as well). Since this is by-design service behavior, I will close this issue.

tjprescott picture tjprescott on 11 Jan 2019

Also, if you would like to opt-out of this behavior (which is not recommended) please see:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-create

tjprescott picture tjprescott on 11 Jan 2019
😕2 😄1 👎1 👍1

In my case is see the resource group is created as Network watcherRG but inside this i do not see the resource which is network-watcher.

DJM0502 picture DJM0502 on 16 Oct 2019

i thought i might get some reply.
but i was able to figure this out it is hidden resources.
if i do show hidden resources i can see the name of the resources NetworkWatcher_centralus.
so i short this is the resource created with this group.

Thanks
DJM

DJM0502 picture DJM0502 on 17 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

binderjoe picture binderjoe  路  3Comments
ambakshi picture ambakshi  路  3Comments
williexu picture williexu  路  3Comments
dhermans picture dhermans  路  3Comments
Kannaj picture Kannaj  路  3Comments