Azure Storage Account provides a default Encryption at Rest means that the data stored in Azure Blob is encrypted before being persisted.
Terraform will retrieve the state from the Azure Storage backend and store it in local memory.
A state is never written to your local disk.
Network Security Group
It can be used to filter network traffic to and from resources in the virtual network.
A nsg contains security rules that allow or deny inbound or outbound network traffic.
In each network security rule, you can specify the source, destination, port and protocol.
- It's a best practice to store your state in remote storage like Azure Storage.
- After deploying your Azure Storage resources, the backend configurations needs to be added to your code to be able to use Azure Storage as your remote state storage.
- Encryption at rest means your state is never written to your local disk.
- You must start with a resource group.
- Your resource group and virtual network will be the foundation that you will build your infrastructure on.
- Adding tags will help you keep resources together.
- Subnets provide full control over managing the integration of Azure servers into the virtual network.
- You can add multiple subnets to your virtual network resource block in their own resource block.
- The address_prefix argument is the most commonly used optional argument.
- The load balancer is the single point of contact for clients.
- It will evenly distribute inbound flows that arrive at the front-end address to the backend pool instances.
- A public load balancer provides outbound connections for VMs inside your VNet and private load balancers are used where private IPs are needed at the front end only.
-
Network security groups can be used to filter network traffic to and from resources in the virtual network.
-
A network security group contains security rules that allow or deny inbound or outbound network traffic.