Terraform network project sample code:
Provider and Variables: Start by configuring the Azure provider and setting up variables for your project.
Virtual Networks (VNet) and Subnets: Create the Virtual Network and Subnets for your infrastructure.
Network Security Groups (NSGs): Define Network Security Groups to control inbound and outbound traffic to your VMs and firewall.
Windows Server and Ubuntu VMs: Create Windows and Ubuntu virtual machines within the respective subnets.
Public IP Addresses and Load Balancers: Allocate public IP addresses to the VMs that need internet access. For load balancing, set up Application Gateway or Load Balancer.
Azure Front Door: Configure Azure Front Door to route traffic to different backends based on path-based routing rules.
Palo Alto and FortiGate Firewall VMs: Deploy Palo Alto and FortiGate firewall VMs within the appropriate subnets.
Checkpoint Firewall VM: Set up a Checkpoint firewall VM within the network.
VPN Gateway and IPsec Tunnels: Create a VPN Gateway and configure IPsec tunnels to connect your on-premises network to Azure.
Route Tables: Define route tables to control traffic within your virtual network and to and from your on-premises network.
ExpressRoute (Optional): If using ExpressRoute for private connections to Azure, configure the ExpressRoute circuit and corresponding connections.
Output and Variables: Define outputs for important information like VM IP addresses, firewall details, and other networking details.
**Azure Terraform network project sample code**
# Define the Azure provider
provider "azurerm" {
features {}
}
# Create a resource group
resource "azurerm_resource_group" "example" {
name = "example-resource-group"
location = "East US"
}
# Create a virtual network
resource "azurerm_virtual_network" "example" {
name = "example-vnet"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
# Create subnets
resource "azurerm_subnet" "windows_subnet" {
name = "windows-subnet"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefix = "10.0.1.0/24"
}
resource "azurerm_subnet" "ubuntu_subnet" {
name = "ubuntu-subnet"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefix = "10.0.2.0/24"
}
# Create Windows VM
resource "azurerm_windows_virtual_machine" "windows_vm" {
name = "windows-vm"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
size = "Standard_DS2_v2"
admin_username = "adminuser"
admin_password = "Password123!"
network_interface_ids = [azurerm_network_interface.windows_nic.id]
os_disk {
name = "osdisk"
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter"
version = "latest"
}
}
# Create Ubuntu VM
resource "azurerm_linux_virtual_machine" "ubuntu_vm" {
name = "ubuntu-vm"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
size = "Standard_DS2_v2"
admin_username = "adminuser"
admin_ssh_key = file("~/.ssh/id_rsa.pub")
network_interface_ids = [azurerm_network_interface.ubuntu_nic.id]
os_disk {
name = "osdisk"
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
}
# Create network interfaces for VMs
resource "azurerm_network_interface" "windows_nic" {
name = "windows-nic"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.windows_subnet.id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_network_interface" "ubuntu_nic" {
name = "ubuntu-nic"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.ubuntu_subnet.id
private_ip_address_allocation = "Dynamic"
}
}
# Create an Azure Virtual Network Gateway
resource "azurerm_virtual_network_gateway" "vpngw" {
name = "vpngw"
location = var.location
resource_group_name = azurerm_resource_group.example.name
type = "Vpn"
vpn_type = "RouteBased"
sku = "VpnGw1"
depends_on = [azurerm_virtual_network.example]
ip_configuration {
name = "vpngw-ipconfig"
subnet_id = azurerm_subnet.vpngw_subnet.id
private_ip_address_allocation = "Dynamic"
}
}
# Create a public IP address for the Virtual Network Gateway
resource "azurerm_public_ip" "vpngw_public_ip" {
name = "vpngw-publicip"
location = var.location
resource_group_name = azurerm_resource_group.example.name
allocation_method = "Dynamic"
}
# Associate the public IP with the Virtual Network Gateway
resource "azurerm_virtual_network_gateway_public_ip" "vpngw_public_ip_association" {
resource_group_name = azurerm_resource_group.example.name
virtual_network_gateway_id = azurerm_virtual_network_gateway.vpngw.id
public_ip_address_id = azurerm_public_ip.vpngw_public_ip.id
}
# Create an Azure ExpressRoute Circuit
resource "azurerm_express_route_circuit" "expressroute_circuit" {
name = "expressroute-circuit"
location = var.location
resource_group_name = azurerm_resource_group.example.name
sku = "Standard_MeteredData"
bandwidth_in_mbps = 100
service_provider_properties {
service_provider_name = "Equinix"
}
}
# Create an ExpressRoute Circuit Peering
resource "azurerm_express_route_circuit_peering" "circuit_peering" {
name = "circuit-peering"
resource_group_name = azurerm_resource_group.example.name
circuit_name = azurerm_express_route_circuit.expressroute_circuit.name
peering_type = "AzurePrivatePeering"
peer_asn = 65000
primary_peer_address_prefix = "192.168.0.0/30"
secondary_peer_address_prefix = "192.168.0.4/30"
}
# Create a network interface for the Palo Alto firewall
resource "azurerm_network_interface" "paloalto_nic" {
name = "paloalto-nic"
location = var.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.paloalto_subnet.id
private_ip_address_allocation = "Dynamic"
}
}
# Create a virtual machine for Palo Alto firewall
resource "azurerm_virtual_machine" "paloalto_vm" {
name = "paloalto-vm"
location = var.location
resource_group_name = azurerm_resource_group.example.name
network_interface_ids = [
azurerm_network_interface.paloalto_nic.id,
]
storage_image_reference {
publisher = "PaloAltoNetworks"
offer = "vmseries1"
sku = "bundle1"
version = "latest"
}
os_disk {
name = "osdisk"
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
admin_username = "adminuser"
admin_password = "Password123!"
}
# Create a network interface for the FortiGate firewall
resource "azurerm_network_interface" "fortigate_nic" {
name = "fortigate-nic"
location = var.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.fortigate_subnet.id
private_ip_address_allocation = "Dynamic"
}
}
# Create a virtual machine for FortiGate firewall
resource "azurerm_virtual_machine" "fortigate_vm" {
name = "fortigate-vm"
location = var.location
resource_group_name = azurerm_resource_group.example.name
network_interface_ids = [
azurerm_network_interface.fortigate_nic.id,
]
storage_image_reference {
publisher = "Fortinet"
offer = "fgt-vm"
sku = "fgt-vm"
version = "latest"
}
os_disk {
name = "osdisk"
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
admin_username = "adminuser"
admin_password = "Password123!"
}
