/terraform-azurerm-nsg

Terraform module for Azure Network Security Group

Primary LanguageHCLApache License 2.0Apache-2.0

Azure Network Security Group

Changelog Notice Apache V2 License TF Registry

This module creates an Azure Network Security Group without any rule.

Version compatibility

Module version Terraform version AzureRM version
>= 3.x.x 0.12.x >= 2.0
>= 2.x.x, < 3.x.x 0.12.x < 2.0
< 2.x.x 0.11.x < 2.0

Usage

This module is optimized to work with the Claranet terraform-wrapper tool which set some terraform variables in the environment needed by this module. More details about variables set by the terraform-wrapper available in the documentation.

module "azure-region" {
  source  = "claranet/regions/azurerm"
  version = "x.x.x"

  azure_region = var.azure_region
}

module "rg" {
  source  = "claranet/rg/azurerm"
  version = "x.x.x"

  location    = module.azure-region.location
  client_name = var.client_name
  environment = var.environment
  stack       = var.stack
}

module "network-security-group" {
  source  = "claranet/nsg/azurerm"
  version = "x.x.x"

  client_name         = var.client_name
  environment         = var.environment
  stack               = var.stack
  resource_group_name = module.rg.resource_group_name
  location            = module.azure-region.location
  location_short      = module.azure-region.location_short

  # You can set either a prefix for generated name or a custom one for the resource naming
  custom_network_security_group_names = [var.security_group_name]
}

# Single port and prefix sample
resource "azurerm_network_security_rule" "http" {
  name = "my-http-rule"

  resource_group_name         = module.rg.resource_group_name
  network_security_group_name = module.network-security-group.network_security_group_name[0]

  priority                   = 100
  direction                  = "Inbound"
  access                     = "Allow"
  protocol                   = "Tcp"
  source_port_range          = "*"
  destination_port_range     = "80"
  source_address_prefix      = "10.0.0.0/24"
  destination_address_prefix = "*"
}

# Multiple ports and prefixes sample
resource "azurerm_network_security_rule" "custom" {
  name = "my-custom-rule"

  resource_group_name         = module.rg.resource_group_name
  network_security_group_name = module.network-security-group.network_security_group_name[0]

  priority                   = 200
  direction                  = "Inbound"
  access                     = "Allow"
  protocol                   = "Tcp"
  source_port_range          = "*"
  destination_port_ranges    = ["22", "80", "1000-2000"]
  source_address_prefixes    = ["10.0.0.0/24", "10.1.0.0/24"]
  destination_address_prefix = "*"
}

Inputs

Name Description Type Default Required
client_name Client name/account used in naming string n/a yes
custom_network_security_group_names List of Network Security Group custom names. list(string) 
[
  ""
]
 no
environment Project environment string n/a yes
extra_tags Additional tags to associate with your Network Security Group. map(string) {} no
location Azure location. string n/a yes
location_short Short string for Azure location. string n/a yes
name_prefix Optional prefix for Network Security Group name string "" no
network_security_group_instances Number of Network Security Group to create. number 1 no
resource_group_name Resource group name string n/a yes
stack Project stack name string n/a yes

Outputs

Name Description
network_security_group_id Network security group id
network_security_group_name Network security group name

Related documentation

Microsoft Network security groups documentation: docs.microsoft.com/en-us/azure/virtual-network/security-overview

Terraform resource documentation: terraform.io/docs/providers/azurerm/r/network_security_group.html