Skip to content

Latest commit

 

History

History
129 lines (85 loc) · 7.38 KB

deploy-terraform.md

File metadata and controls

129 lines (85 loc) · 7.38 KB
Raw
title description services author ms.service ms.topic ms.custom ms.date ms.author content_well_notification ai-usage
Quickstart: Create an Azure Firewall with Availability Zones - Terraform
In this quickstart, you deploy Azure Firewall using Terraform. The virtual network has one VNet with three subnets. Two Windows Server virtual machines, a jump box, and a server are deployed.
firewall
cshea-msft
azure-firewall
quickstart
devx-track-terraform
10/15/2023
victorh
AI-contribution
ai-assisted

Quickstart: Deploy Azure Firewall with Availability Zones - Terraform

In this quickstart, you use Terraform to deploy an Azure Firewall in three Availability Zones.

[!INCLUDE About Terraform]

The Terraform configuration creates a test network environment with a firewall. The network has one virtual network (VNet) with three subnets: AzureFirewallSubnet, subnet-server, and subnet-jump. The subnet-server and subnet-jump subnet each have a single two-core Windows Server virtual machine.

The firewall is in the AzureFirewallSubnet subnet and has an application rule collection with a single rule that allows access to www.microsoft.com.

A user-defined route points network traffic from the subnet-server subnet through the firewall where the firewall rules are applied.

For more information about Azure Firewall, see Deploy and configure Azure Firewall using the Azure portal.

In this article, you learn how to:

[!div class="checklist"]

Prerequisites

Implement the Terraform code

Note

The sample code for this article is located in the Azure Terraform GitHub repo. You can view the log file containing the test results from current and previous versions of Terraform.

See more articles and sample code showing how to use Terraform to manage Azure resources

  1. Create a directory in which to test the sample Terraform code and make it the current directory.

  2. Create a file named providers.tf and insert the following code:

    :::code language="Terraform" source="~/terraform_samples/quickstart/201-azfw-with-avzones/providers.tf":::

  3. Create a file named main.tf and insert the following code:

    :::code language="Terraform" source="~/terraform_samples/quickstart/201-azfw-with-avzones/main.tf":::

  4. Create a file named variables.tf and insert the following code:

    :::code language="Terraform" source="~/terraform_samples/quickstart/201-azfw-with-avzones/variables.tf":::

  5. Create a file named outputs.tf and insert the following code:

    :::code language="Terraform" source="~/terraform_samples/quickstart/201-azfw-with-avzones/outputs.tf":::

Initialize Terraform

[!INCLUDE terraform-init.md]

Create a Terraform execution plan

[!INCLUDE terraform-plan.md]

Apply a Terraform execution plan

[!INCLUDE terraform-apply-plan.md]

Verify the results

Azure CLI

  1. Get the Azure resource group name.

    resource_group_name=$(terraform output -raw resource_group_name)

  2. Get the firewall name.

    firewall_name=$(terraform output -raw firewall_name)

  3. Run az network firewall show with a JMESPath query to display the availability zones for the firewall.

    az network firewall show --name $firewall_name --resource-group $resource_group_name --query "{Zones:zones"}

Clean up resources

[!INCLUDE terraform-plan-destroy.md]

Troubleshoot Terraform on Azure

Troubleshoot common problems when using Terraform on Azure

Next steps

Next, you can monitor the Azure Firewall logs.

[!div class="nextstepaction"] Tutorial: Monitor Azure Firewall logs