Creating Terraform network security groups (NSGs) and demo firewalling subnets – Part 3

Azure & Terraform

Part 3 – Creating Terraform network security groups (NSGs) and demo firewalling for frontend and backend subnets.

# Cloudinspired.com Part 3 - Creating Terraform network security groups (NSGs) and demo firewalling for frontend and backend subnets.

#Create Resource Group in UK south

resource "azurerm_resource_group" "RG" {
    name     = "RGUKS"
    location = "UK South"

    tags {
        environment = "Production"
    }
}

#Create VNET in UK south

resource "azurerm_virtual_network" "VNET" {
    name                = "UKS"
    address_space       = ["10.0.0.0/16"]
    location            = "UK South"
    resource_group_name = "${azurerm_resource_group.RG.name}"

    tags {
        environment = "Production"
    }
}

#Create FrontEnd Subnet 

resource "azurerm_subnet" "FrontEnd" {
    name                 = "FrontEnd"
    resource_group_name  = "${azurerm_resource_group.RG.name}"
    virtual_network_name = "${azurerm_virtual_network.VNET.name}"
    address_prefix       = "10.0.1.0/24"
}

#Create BackendEnd Subnet

resource "azurerm_subnet" "BackEnd" {
    name                 = "BackEnd"
    resource_group_name  = "${azurerm_resource_group.RG.name}"
    virtual_network_name = "${azurerm_virtual_network.VNET.name}"
    address_prefix       = "10.0.2.0/24"
}

#Create Availability Set FrontEnd

resource "azurerm_availability_set" "AS1" {
  name                = "UKSAS1"
  location            = "UK South"
  resource_group_name = "${azurerm_resource_group.RG.name}"
  managed 			  = true
  platform_fault_domain_count = 2

  tags {
    environment = "Production"
  }
}

#Create Availability Set Backend

resource "azurerm_availability_set" "AS2" {
  name                = "UKSAS2"
  location            = "UK South"
  resource_group_name = "${azurerm_resource_group.RG.name}"
  managed 			  = true
  platform_fault_domain_count = 2

  tags {
    environment = "Production"
  }
}

# Tech Pro Part 3 - Create a Network Security Group for FrontEnd and BackEnd subnets.

resource "azurerm_network_security_group" "NSGFrontEnd" {
  name                = "NSGFE"
  location            = "${azurerm_resource_group.RG.location}"
  resource_group_name = "${azurerm_resource_group.RG.name}"

  security_rule {
    name                       = "AllowRDP"
    priority                   = 1001
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "3389"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
  
  tags {
    environment = "Production"
}
  
    security_rule {
    name                       = "AllowHTTPS"
    priority                   = 1002
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "443"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
  tags {
    environment = "Production"
  }
}

resource "azurerm_subnet_network_security_group_association" "frontend" {
  subnet_id                 = "${azurerm_subnet.FrontEnd.id}"
  network_security_group_id = "${azurerm_network_security_group.NSGFrontEnd.id}"
}

resource "azurerm_network_security_group" "NSGBackEnd" {
  name                = "NSGBE"
  location            = "${azurerm_resource_group.RG.location}"
  resource_group_name = "${azurerm_resource_group.RG.name}"

  security_rule {
    name                       = "AllowSQL"
    priority                   = 100
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "1433"
    source_address_prefix      = "10.0.1.0"
    destination_address_prefix = "10.0.2.0"
  }
  tags {
    environment = "Production"
  }
}

resource "azurerm_subnet_network_security_group_association" "backend" {
  subnet_id                 = "${azurerm_subnet.BackEnd.id}"
  network_security_group_id = "${azurerm_network_security_group.NSGBackEnd.id}"
}
 

About cloudinspired

Cloud Inspired authors have over 30 years experience within the IT industry, providing expertise and knowledge on infrastructure, hybrid, public and private clouds platforms. Detailed easy to follow technical videos, training and tutorial guides are provided by subject matter experts covering various technologies including Azure, IaaS, SaaS, PaaS and Microsoft 365. This website focuses mainly on the Microsoft 365 and Azure Cloud platform and provides easy to follow step by step technical guides, diagrams, cloud certifications and tutorials. The aim is to deliver articles and videos on Microsoft 365 and Azure Cloud from start to finish on many different Azure services and certifications, building and increasing the viewers knowledge in a short, logical, easy to understand format quickly getting to the point of the subject matter! Check out the YouTube channel for a full list of published Cloud Inspired videos and lets get inspired about Cloud!

View all posts by cloudinspired →

Leave a Reply

Your email address will not be published. Required fields are marked *