Tips-Of-Mine/terraform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update changes to file

Browse Source
This commit is contained in:
cshea15 2023-09-24 20:38:46 -04:00
parent a242f2310b
commit eda163c0f7
3 changed files with 30 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
quickstart/201-azfw-with-ipgroups/main.tf
View File

@ -49,42 +49,36 @@ resource "azurerm_firewall_policy" "azfw_policy" {
threat_intelligence_mode = "Alert" threat_intelligence_mode = "Alert"
} }
resource "azurerm_firewall_policy_rule_collection_group" "net_policy_rule_collection_group" { resource "azurerm_firewall_policy_rule_collection_group" "prcg" {
name = "DefaultNetworkRuleCollectionGroup" name = "prcg"
firewall_policy_id = azurerm_firewall_policy.azfw_policy.id firewall_policy_id = azurerm_firewall_policy.azfw_policy.id
priority = 200 priority = 300
network_rule_collection { application_rule_collection {
name = "DefaultNetworkRuleCollection" name = "app-rule-collection-1"
action = "Allow" priority = 101
priority = 200 action = "Allow"
rule { rule {
name = "networkRule" name = "someAppRule"
protocols = ["Any"] protocols {
destination_ip_groups = [azurerm_ip_group.ip_group_2.id] type = "Https"
destination_ports = ["90"] port = 443
source_ip_groups = [azurerm_ip_group.ip_group_1.id] }
} destination_fqdns = [ "*bing.com" ]
} source_ip_groups = [ azurerm_ip_group.ip_group_1.id ]
} }
}
resource "azurerm_firewall_policy_rule_collection_group" "app_policy_rule_collection_group" { network_rule_collection {
name = "DefaulApplicationtRuleCollectionGroup" name = "net-rule-collection-1"
firewall_policy_id = azurerm_firewall_policy.azfw_policy.id priority = 200
priority = 300 action = "Allow"
application_rule_collection { rule {
name = "DefaultApplicationRuleCollection" name = "someNetRule"
action = "Allow" protocols = [ "TCP", "UDP", "ICMP" ]
priority = 500 source_ip_groups = [ azurerm_ip_group.ip_group_1.id ]
rule { destination_ip_groups = [ azurerm_ip_group.ip_group_2.id ]
name = "SomeAppRule" destination_ports = ["90"]
protocols {
type = "Http"
port = 8080
} }
source_ip_groups = [azurerm_ip_group.ip_group_1.id]
destination_fqdns = ["*bing.com"]
} }
}
} }
resource "azurerm_firewall" "fw" { resource "azurerm_firewall" "fw" {
@ -129,7 +123,7 @@ resource "azurerm_subnet" "azfw_subnet" {
} }
resource "azurerm_subnet" "server_subnet" { resource "azurerm_subnet" "server_subnet" {
name = "subnet-workload" name = "subnet-server"
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.azfw_vnet.name virtual_network_name = azurerm_virtual_network.azfw_vnet.name
address_prefixes = ["10.10.1.0/24"] address_prefixes = ["10.10.1.0/24"]

2
quickstart/201-azfw-with-ipgroups/readme.md
View File

@ -14,7 +14,7 @@ This template deploys an [Azure Firewall](https://registry.terraform.io/provider
- [azurerm_firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall) - [azurerm_firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall)
- [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) - [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface)
- [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) - [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group)
- [azurerm_network_interface_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association - [azurerm_network_interface_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association)
- [azurerm_route_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table) - [azurerm_route_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table)
- [azurerm_subnet_route_table_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) - [azurerm_subnet_route_table_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association)
- [azurerm_linux_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) - [azurerm_linux_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine)

6
quickstart/201-azfw-with-ipgroups/variables.tf
View File

@ -29,9 +29,3 @@ variable "virtual_machine_size" {
variable "admin_username" { variable "admin_username" {
default = "azureuser" default = "azureuser"
} }
variable "storage_name" {
type = string
description = "value of the storage account name"
default = "azfwteststgacctipg"
}