title | description | author | ms.service | ms.topic | ms.custom | ms.author | ms.date | content_well_notification | ai-usage | |
---|---|---|---|---|---|---|---|---|---|---|
QuickStart: Create and configure Azure DDoS Network Protection using Terraform |
In this article, you create and configure Azure DDoS Network Protection using Terraform |
TomArcherMsft |
ddos-protection |
quickstart |
devx-track-terraform |
tarcher |
07/17/2024 |
|
ai-assisted |
This QuickStart describes how to use Terraform to create and enable a distributed denial of service (DDoS) protection plan and Azure virtual network (VNet). An Azure DDoS Network Protection plan defines a set of virtual networks that have DDoS protection enabled across subscriptions. You can configure one DDoS protection plan for your organization and link virtual networks from multiple subscriptions to the same plan.
:::image type="content" source="./media/manage-ddos-protection/ddos-network-protection-diagram-simple.png" alt-text="Diagram of DDoS Network Protection." lightbox="./media/manage-ddos-protection/ddos-network-protection-diagram-simple.png":::
[!INCLUDE Terraform abstract]
In this article, you learn how to:
[!div class="checklist"]
- Create a random value for the Azure resource group name using random_pet
- Create an Azure resource group using azurerm_resource_group
- Create a random value for the virtual network name using random_string
- Create an Azure DDoS protection plan using azurerm_network_ddos_protection_plan
- Create an Azure virtual network using azurerm_virtual_network
Note
The sample code for this article is located in the Azure Terraform GitHub repo. You can view the log file containing the test results from current and previous versions of Terraform.
See more articles and sample code showing how to use Terraform to manage Azure resources
-
Create a directory in which to test and run the sample Terraform code and make it the current directory.
-
Create a file named
providers.tf
and insert the following code:[!code-terraformmaster]
-
Create a file named
main.tf
and insert the following code:[!code-terraformmaster]
-
Create a file named
variables.tf
and insert the following code:[!code-terraformmaster]
-
Create a file named
outputs.tf
and insert the following code:[!code-terraformmaster]
[!INCLUDE terraform-init.md]
[!INCLUDE terraform-plan.md]
[!INCLUDE terraform-apply-plan.md]
-
Get the Azure resource group name.
resource_group_name=$(terraform output -raw resource_group_name)
-
Get the DDoS protection plan name.
ddos_protection_plan_name=$(terraform output -raw ddos_protection_plan_name)
-
Run az network ddos-protection show to display information about the new DDoS protection plan.
az network ddos-protection show \ --resource-group $resource_group_name \ --name $ddos_protection_plan_name
-
Get the Azure resource group name.
$resource_group_name=$(terraform output -raw resource_group_name)
-
Get the DDoS protection plan name.
$ddos_protection_plan_name=$(terraform output -raw ddos_protection_plan_name)
-
Run Get-AzDdosProtectionPlan to display information about the new DDoS protection plan.
Get-AzDdosProtectionPlan -ResourceGroupName $resource_group_name ` -Name $ddos_protection_plan_name
[!INCLUDE terraform-plan-destroy.md]
Troubleshoot common problems when using Terraform on Azure
[!div class="nextstepaction"] View and configure DDoS protection telemetry