Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update changes to file

Browse Source
This commit is contained in:
cshea15 2023-09-24 20:38:46 -04:00
parent a242f2310b
commit eda163c0f7
3 changed files with 30 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
quickstart/201-azfw-with-ipgroups/main.tf
View File

@ -49,40 +49,34 @@ resource "azurerm_firewall_policy" "azfw_policy" {
threat_intelligence_mode = "Alert" threat_intelligence_mode = "Alert"
} }
resource "azurerm_firewall_policy_rule_collection_group" "net_policy_rule_collection_group" { resource "azurerm_firewall_policy_rule_collection_group" "prcg" {
name = "DefaultNetworkRuleCollectionGroup" name = "prcg"
firewall_policy_id = azurerm_firewall_policy.azfw_policy.id
priority = 200
network_rule_collection {
name = "DefaultNetworkRuleCollection"
action = "Allow"
priority = 200
rule {
name = "networkRule"
protocols = ["Any"]
destination_ip_groups = [azurerm_ip_group.ip_group_2.id]
destination_ports = ["90"]
source_ip_groups = [azurerm_ip_group.ip_group_1.id]
}
}
}
resource "azurerm_firewall_policy_rule_collection_group" "app_policy_rule_collection_group" {
name = "DefaulApplicationtRuleCollectionGroup"
firewall_policy_id = azurerm_firewall_policy.azfw_policy.id firewall_policy_id = azurerm_firewall_policy.azfw_policy.id
priority = 300 priority = 300
application_rule_collection { application_rule_collection {
name = "DefaultApplicationRuleCollection" name = "app-rule-collection-1"
priority = 101
action = "Allow" action = "Allow"
priority = 500
rule { rule {
name = "SomeAppRule" name = "someAppRule"
protocols { protocols {
type = "Http" type = "Https"
port = 8080 port = 443
} }
source_ip_groups = [azurerm_ip_group.ip_group_1.id] destination_fqdns = [ "*bing.com" ]
destination_fqdns = ["*bing.com"] source_ip_groups = [ azurerm_ip_group.ip_group_1.id ]
}
}
network_rule_collection {
name = "net-rule-collection-1"
priority = 200
action = "Allow"
rule {
name = "someNetRule"
protocols = [ "TCP", "UDP", "ICMP" ]
source_ip_groups = [ azurerm_ip_group.ip_group_1.id ]
destination_ip_groups = [ azurerm_ip_group.ip_group_2.id ]
destination_ports = ["90"]
} }
} }
} }
@ -129,7 +123,7 @@ resource "azurerm_subnet" "azfw_subnet" {
} }
resource "azurerm_subnet" "server_subnet" { resource "azurerm_subnet" "server_subnet" {
name = "subnet-workload" name = "subnet-server"
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.azfw_vnet.name virtual_network_name = azurerm_virtual_network.azfw_vnet.name
address_prefixes = ["10.10.1.0/24"] address_prefixes = ["10.10.1.0/24"]

2
quickstart/201-azfw-with-ipgroups/readme.md
View File

@ -14,7 +14,7 @@ This template deploys an [Azure Firewall](https://registry.terraform.io/provider
- [azurerm_firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall) - [azurerm_firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall)
- [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) - [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface)
- [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) - [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group)
- [azurerm_network_interface_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association - [azurerm_network_interface_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association)
- [azurerm_route_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table) - [azurerm_route_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table)
- [azurerm_subnet_route_table_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) - [azurerm_subnet_route_table_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association)
- [azurerm_linux_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) - [azurerm_linux_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine)

6
quickstart/201-azfw-with-ipgroups/variables.tf
View File

@ -29,9 +29,3 @@ variable "virtual_machine_size" {
variable "admin_username" { variable "admin_username" {
default = "azureuser" default = "azureuser"
} }
variable "storage_name" {
type = string
description = "value of the storage account name"
default = "azfwteststgacctipg"
}