Azure & Terraform
Part 3 – Creating Terraform network security groups (NSGs) and demo firewalling for frontend and backend subnets.
# Cloudinspired.com Part 3 - Creating Terraform network security groups (NSGs) and demo firewalling for frontend and backend subnets. #Create Resource Group in UK south resource "azurerm_resource_group" "RG" { name = "RGUKS" location = "UK South" tags { environment = "Production" } } #Create VNET in UK south resource "azurerm_virtual_network" "VNET" { name = "UKS" address_space = ["10.0.0.0/16"] location = "UK South" resource_group_name = "${azurerm_resource_group.RG.name}" tags { environment = "Production" } } #Create FrontEnd Subnet resource "azurerm_subnet" "FrontEnd" { name = "FrontEnd" resource_group_name = "${azurerm_resource_group.RG.name}" virtual_network_name = "${azurerm_virtual_network.VNET.name}" address_prefix = "10.0.1.0/24" } #Create BackendEnd Subnet resource "azurerm_subnet" "BackEnd" { name = "BackEnd" resource_group_name = "${azurerm_resource_group.RG.name}" virtual_network_name = "${azurerm_virtual_network.VNET.name}" address_prefix = "10.0.2.0/24" } #Create Availability Set FrontEnd resource "azurerm_availability_set" "AS1" { name = "UKSAS1" location = "UK South" resource_group_name = "${azurerm_resource_group.RG.name}" managed = true platform_fault_domain_count = 2 tags { environment = "Production" } } #Create Availability Set Backend resource "azurerm_availability_set" "AS2" { name = "UKSAS2" location = "UK South" resource_group_name = "${azurerm_resource_group.RG.name}" managed = true platform_fault_domain_count = 2 tags { environment = "Production" } } # Tech Pro Part 3 - Create a Network Security Group for FrontEnd and BackEnd subnets. resource "azurerm_network_security_group" "NSGFrontEnd" { name = "NSGFE" location = "${azurerm_resource_group.RG.location}" resource_group_name = "${azurerm_resource_group.RG.name}" security_rule { name = "AllowRDP" priority = 1001 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" destination_address_prefix = "*" } tags { environment = "Production" } security_rule { name = "AllowHTTPS" priority = 1002 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" destination_address_prefix = "*" } tags { environment = "Production" } } resource "azurerm_subnet_network_security_group_association" "frontend" { subnet_id = "${azurerm_subnet.FrontEnd.id}" network_security_group_id = "${azurerm_network_security_group.NSGFrontEnd.id}" } resource "azurerm_network_security_group" "NSGBackEnd" { name = "NSGBE" location = "${azurerm_resource_group.RG.location}" resource_group_name = "${azurerm_resource_group.RG.name}" security_rule { name = "AllowSQL" priority = 100 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "1433" source_address_prefix = "10.0.1.0" destination_address_prefix = "10.0.2.0" } tags { environment = "Production" } } resource "azurerm_subnet_network_security_group_association" "backend" { subnet_id = "${azurerm_subnet.BackEnd.id}" network_security_group_id = "${azurerm_network_security_group.NSGBackEnd.id}" }