Creating Terraform network security groups (NSGs) and demo firewalling subnets – Part 3

Azure & Terraform

Part 3 – Creating Terraform network security groups (NSGs) and demo firewalling for frontend and backend subnets.

# Cloudinspired.com Part 3 - Creating Terraform network security groups (NSGs) and demo firewalling for frontend and backend subnets.

#Create Resource Group in UK south

resource "azurerm_resource_group" "RG" {
    name     = "RGUKS"
    location = "UK South"

    tags {
        environment = "Production"
    }
}

#Create VNET in UK south

resource "azurerm_virtual_network" "VNET" {
    name                = "UKS"
    address_space       = ["10.0.0.0/16"]
    location            = "UK South"
    resource_group_name = "${azurerm_resource_group.RG.name}"

    tags {
        environment = "Production"
    }
}

#Create FrontEnd Subnet 

resource "azurerm_subnet" "FrontEnd" {
    name                 = "FrontEnd"
    resource_group_name  = "${azurerm_resource_group.RG.name}"
    virtual_network_name = "${azurerm_virtual_network.VNET.name}"
    address_prefix       = "10.0.1.0/24"
}

#Create BackendEnd Subnet

resource "azurerm_subnet" "BackEnd" {
    name                 = "BackEnd"
    resource_group_name  = "${azurerm_resource_group.RG.name}"
    virtual_network_name = "${azurerm_virtual_network.VNET.name}"
    address_prefix       = "10.0.2.0/24"
}

#Create Availability Set FrontEnd

resource "azurerm_availability_set" "AS1" {
  name                = "UKSAS1"
  location            = "UK South"
  resource_group_name = "${azurerm_resource_group.RG.name}"
  managed 			  = true
  platform_fault_domain_count = 2

  tags {
    environment = "Production"
  }
}

#Create Availability Set Backend

resource "azurerm_availability_set" "AS2" {
  name                = "UKSAS2"
  location            = "UK South"
  resource_group_name = "${azurerm_resource_group.RG.name}"
  managed 			  = true
  platform_fault_domain_count = 2

  tags {
    environment = "Production"
  }
}

# Tech Pro Part 3 - Create a Network Security Group for FrontEnd and BackEnd subnets.

resource "azurerm_network_security_group" "NSGFrontEnd" {
  name                = "NSGFE"
  location            = "${azurerm_resource_group.RG.location}"
  resource_group_name = "${azurerm_resource_group.RG.name}"

  security_rule {
    name                       = "AllowRDP"
    priority                   = 1001
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "3389"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
  
  tags {
    environment = "Production"
}
  
    security_rule {
    name                       = "AllowHTTPS"
    priority                   = 1002
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "443"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
  tags {
    environment = "Production"
  }
}

resource "azurerm_subnet_network_security_group_association" "frontend" {
  subnet_id                 = "${azurerm_subnet.FrontEnd.id}"
  network_security_group_id = "${azurerm_network_security_group.NSGFrontEnd.id}"
}

resource "azurerm_network_security_group" "NSGBackEnd" {
  name                = "NSGBE"
  location            = "${azurerm_resource_group.RG.location}"
  resource_group_name = "${azurerm_resource_group.RG.name}"

  security_rule {
    name                       = "AllowSQL"
    priority                   = 100
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "1433"
    source_address_prefix      = "10.0.1.0"
    destination_address_prefix = "10.0.2.0"
  }
  tags {
    environment = "Production"
  }
}

resource "azurerm_subnet_network_security_group_association" "backend" {
  subnet_id                 = "${azurerm_subnet.BackEnd.id}"
  network_security_group_id = "${azurerm_network_security_group.NSGBackEnd.id}"
}
 

Add a Comment

Your email address will not be published. Required fields are marked *