Demystifying Network Security on Azure: A Terraform Tale
Introduction :-
Welcome! This document will guide you through creating a Network Security Group (NSG) on #Azure using #Terraform. An NSG helps enhance the security of your network by allowing or denying network traffic based on a set of security rules. By the end of this guide, you’ll know how to set up an NSG that suits your project’s needs.
Prerequisites :-
Before we dive in, you’ll need a few things:
* An #Azure account with sufficient permissions to create resources.
* #Terraform installed on your computer.
* Basic knowledge of how #Terraform works and some familiarity with Azure.
Steps for Deploying Security Group
Creating a #Network Security Group in Azure with Terraform involves several steps. We’ll cover them one at a time.
Setting Up Terraform :-
First, ensure #Terraform is correctly installed and configure it to work with Azure. This might include setting up #Azure CLI and signing into your Azure account.
Writing the Terraform Configuration :-
Create a #Terraform configuration file. You can name it `main.tf`. This file will define your #Azure resources, including the Network Security Group. Your configuration may look something like this:
#main.tf
resource "azurerm_resource_group" "corp_network"{
name = var.resource_group_name
location = var.location
}
resource "azurerm_network_security_group" "win_nsg" {
name = var.network_security_group_win
resource_group_name = azurerm_resource_group.corp_network.name
location = azurerm_resource_group.corp_network.location
# We are creating a rule to allow traffic
security_rule {
name = var.name
priority = var.priority
direction = var.direction
access = var.access
protocol = var.protocol
source_port_range = var.source_port_range
destination_port_range = var.destination_port_range
source_address_prefix = var.source_address_prefix
destination_address_prefix = var.destination_address_prefix
}
}
resource "azurerm_subnet_network_security_group_association" "nsg_association" {
subnet_id = var.subnet_id
network_security_group_id = azurerm_network_security_group.win_nsg.id
depends_on = [
azurerm_network_security_group.win_nsg
]
}#variables.tf
variable "resource_group_name" {
description = "The name of the resource group in which the resources will be created."
type = string
default = "k8s-corp-network"
}
variable "location" {
description = "(Optional) The location in which the resources will be created."
type = string
default = "East US 2"
}
variable "network_security_group_win" {
type = string
default = "jumpbox-win-nsg"
}
variable "subnet_id" {
type = string
description = "The Name of the subnet ex: jumbbox-subnet"
default = "example-1234899"
}
variable "name" {
type = string
default = "RDP"
}
variable "priority" {
type = number
default = 300
}
variable "direction" {
type = string
default = "Inbound"
}
variable "access" {
type = string
default = "Allow"
}
variable "protocol" {
type = string
default = "TCP"
}
variable "source_port_range"{
type = string
default = "*"
}
variable "destination_port_range" {
type = number
default = 3389
}
variable "source_address_prefix" {
type = string
default = "*"
}
variable "destination_address_prefix" {
type = string
default = "*"
}Add rules as needed to define which inbound and outbound traffic the NSG should allow or deny.
Initializing Terraform :-
Before applying your configuration, you need to initialize #Terraform. Open a terminal, navigate to the directory with your `main.tf` file, and run: terraform init
This command prepares #Terraform to manage your #Azure resources.
Applying the Configuration
Now, you’re ready to create the NSG in Azure. Apply your #Terraform configuration with: terraform apply
Terraform will show you the actions it will take based on the configuration you wrote. If everything looks good, type `yes` to proceed. Terraform will then create the #NSG in your #Azure account.
Conclusion :-
Congratulations! You’ve learned how to create a #Network Security Group in #Azure using Terraform. Your NSG can now help protect your network by controlling the flow of traffic based on your specified rules. Remember to review and update your security rules as your project needs evolve. Happy securing!
