title | description | services | author | ms.service | ms.topic | ms.custom | ms.date | ms.author | content_well_notification | ai-usage | |
---|---|---|---|---|---|---|---|---|---|---|---|
Quickstart: Create an Azure Firewall with Availability Zones - Terraform |
In this quickstart, you deploy Azure Firewall using Terraform. The virtual network has one VNet with three subnets. Two Windows Server virtual machines, a jump box, and a server are deployed. |
firewall |
cshea-msft |
azure-firewall |
quickstart |
devx-track-terraform |
10/15/2023 |
victorh |
|
ai-assisted |
In this quickstart, you use Terraform to deploy an Azure Firewall in three Availability Zones.
[!INCLUDE About Terraform]
The Terraform configuration creates a test network environment with a firewall. The network has one virtual network (VNet) with three subnets: AzureFirewallSubnet, subnet-server, and subnet-jump. The subnet-server and subnet-jump subnet each have a single two-core Windows Server virtual machine.
The firewall is in the AzureFirewallSubnet subnet and has an application rule collection with a single rule that allows access to www.microsoft.com
.
A user-defined route points network traffic from the subnet-server subnet through the firewall where the firewall rules are applied.
For more information about Azure Firewall, see Deploy and configure Azure Firewall using the Azure portal.
In this article, you learn how to:
[!div class="checklist"]
- Create a random value (to be used in the resource group name) using random_pet
- Create an Azure resource group using azurerm_resource_group
- Create an Azure Virtual Network using azurerm_virtual_network
- Create three Azure subnets using azurerm_subnet
- Create an Azure public IP using azurerm_public_ip
- Create an Azure Firewall Policy using azurerm_firewall_policy
- Create an Azure Firewall Policy Rule Collection Group using azurerm_firewall_policy_rule_collection_group
- Create an Azure Firewall using azurerm_firewall
- Create a network interface using azurerm_network_interface
- Create a network security group (to contain a list of network security rules) using azurerm_network_security_group
- Create an association between the network interface and the network security group using - azurerm_network_interface_security_group_association
- Create a route table using azurerm_route_table
- Create an association between the route table and the subnet using - azurerm_subnet_route_table_association
- Create a random value (to be used as the storage name) using random_string
- Create a storage account using azurerm_storage_account
- Create a random password for the Windows VM using random_password
- Create an Azure Windows Virtual Machine using azurerm_windows_virtual_machine
Note
The sample code for this article is located in the Azure Terraform GitHub repo. You can view the log file containing the test results from current and previous versions of Terraform.
See more articles and sample code showing how to use Terraform to manage Azure resources
-
Create a directory in which to test the sample Terraform code and make it the current directory.
-
Create a file named
providers.tf
and insert the following code::::code language="Terraform" source="~/terraform_samples/quickstart/201-azfw-with-avzones/providers.tf":::
-
Create a file named
main.tf
and insert the following code::::code language="Terraform" source="~/terraform_samples/quickstart/201-azfw-with-avzones/main.tf":::
-
Create a file named
variables.tf
and insert the following code::::code language="Terraform" source="~/terraform_samples/quickstart/201-azfw-with-avzones/variables.tf":::
-
Create a file named
outputs.tf
and insert the following code::::code language="Terraform" source="~/terraform_samples/quickstart/201-azfw-with-avzones/outputs.tf":::
[!INCLUDE terraform-init.md]
[!INCLUDE terraform-plan.md]
[!INCLUDE terraform-apply-plan.md]
-
Get the Azure resource group name.
resource_group_name=$(terraform output -raw resource_group_name)
-
Get the firewall name.
firewall_name=$(terraform output -raw firewall_name)
-
Run az network firewall show with a JMESPath query to display the availability zones for the firewall.
az network firewall show --name $firewall_name --resource-group $resource_group_name --query "{Zones:zones"}
[!INCLUDE terraform-plan-destroy.md]
Troubleshoot common problems when using Terraform on Azure
Next, you can monitor the Azure Firewall logs.
[!div class="nextstepaction"] Tutorial: Monitor Azure Firewall logs