Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
terraform-azure/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf
ryhud 32a9580ffb adding AML 301
2021-10-06 14:10:15 -04:00

80 lines
2.1 KiB
HCL
Raw Blame History

resource "azurerm_public_ip" "azure_firewall" {
name = "pip-azfw"
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.hub_rg.name
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_firewall_policy" "base_policy" {
name = "afwp-base-01"
resource_group_name = azurerm_resource_group.hub_rg.name
location = azurerm_resource_group.default.location
dns {
proxy_enabled = true
}
depends_on = [
azurerm_virtual_network_peering.direction1,
azurerm_virtual_network_peering.direction2
]
}
resource "azurerm_firewall" "azure_firewall_instance" {
name = "afw-${var.name}-${var.environment}"
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.hub_rg.name
firewall_policy_id = azurerm_firewall_policy.base_policy.id
ip_configuration {
name = "configuration"
subnet_id = azurerm_subnet.azure_firewall.id
public_ip_address_id = azurerm_public_ip.azure_firewall.id
}
timeouts {
create = "60m"
delete = "2h"
}
depends_on = [ azurerm_public_ip.azure_firewall,
azurerm_firewall_policy.base_policy]
}
resource "azurerm_monitor_diagnostic_setting" "azure_firewall_instance" {
name = "diagnostics"
target_resource_id = azurerm_firewall.azure_firewall_instance.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.default.id
log {
category = "AzureFirewallApplicationRule"
enabled = true
retention_policy {
enabled = false
}
}
log {
category = "AzureFirewallNetworkRule"
enabled = true
retention_policy {
enabled = false
}
}
log {
category = "AzureFirewallDnsProxy"
enabled = true
retention_policy {
enabled = false
}
}
metric {
category = "AllMetrics"
retention_policy {
enabled = false
}
}
}
Reference in New Issue View Git Blame Copy Permalink