sample for firewall

brown9804 · web-flow · commit eb347d8c9f6a · 2025-06-12T14:12:11.000-06:00
diff --git a/3_networking/firewall/main.tf b/3_networking/firewall/main.tf
@@ -0,0 +1,49 @@
+# main.tf
+# This file contains the main configuration for creating an Azure Firewall and its supporting resources.
+
+# Resource Group
+resource "azurerm_resource_group" "fw" {
+  name     = var.resource_group_name
+  location = var.location
+}
+
+# Public IP for Firewall
+resource "azurerm_public_ip" "fw" {
+  name                = var.public_ip_name
+  location            = azurerm_resource_group.fw.location
+  resource_group_name = azurerm_resource_group.fw.name
+  allocation_method   = "Static"
+  sku                 = "Standard"
+}
+
+# Virtual Network for Firewall
+resource "azurerm_virtual_network" "fw" {
+  name                = var.vnet_name
+  address_space       = var.vnet_address_space
+  location            = azurerm_resource_group.fw.location
+  resource_group_name = azurerm_resource_group.fw.name
+}
+
+# AzureFirewallSubnet (required name and at least /26)
+resource "azurerm_subnet" "fw" {
+  name                 = var.subnet_name
+  resource_group_name  = azurerm_resource_group.fw.name
+  virtual_network_name = azurerm_virtual_network.fw.name
+  address_prefixes     = var.subnet_address_prefixes
+}
+
+# Azure Firewall
+resource "azurerm_firewall" "fw" {
+  name                = var.firewall_name
+  location            = azurerm_resource_group.fw.location
+  resource_group_name = azurerm_resource_group.fw.name
+
+  sku_tier = "Standard"
+  sku_name = "AZFW_VNet"
+
+  ip_configuration {
+    name                 = "configuration"
+    subnet_id            = azurerm_subnet.fw.id # Direct reference to the subnet resource
+    public_ip_address_id = azurerm_public_ip.fw.id
+  }
+}
diff --git a/3_networking/firewall/outputs.tf b/3_networking/firewall/outputs.tf
@@ -0,0 +1,12 @@
+# outputs.tf
+# This file defines the outputs for the Azure Firewall configuration.
+
+output "firewall_id" {
+  description = "The ID of the Azure Firewall"
+  value       = azurerm_firewall.fw.id
+}
+
+output "firewall_public_ip" {
+  description = "The public IP address of the Azure Firewall"
+  value       = azurerm_public_ip.fw.ip_address
+}
diff --git a/3_networking/firewall/provider.tf b/3_networking/firewall/provider.tf
@@ -0,0 +1,19 @@
+# provider.tf
+# This file configures the Azure provider to interact with Azure resources.
+# It specifies the required provider and its version, along with provider-specific configurations.
+
+terraform {
+  required_version = ">= 1.8, < 2.0"
+  # Specify the required provider and its version
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"  # Source of the AzureRM provider
+      version = "~> 4.16.0"          # Version of the AzureRM provider
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}                        # Enable all features for the AzureRM provider
+  subscription_id = var.subscription_id  # Use the subscription ID variable
+}
diff --git a/3_networking/firewall/terraform.tfvars b/3_networking/firewall/terraform.tfvars
@@ -0,0 +1,20 @@
+# terraform.tfvars
+# This file provides default values for the variables defined in variables.tf.
+# These values can be overridden by specifying different values during Terraform execution.
+
+# Azure Subscription
+subscription_id = "" # "your-subscription-id"
+
+# Resource Group
+resource_group_name = "RG-firewall-test"
+location            = "eastus"
+
+# Azure Firewall Configuration
+firewall_name      = "my-azfw"
+public_ip_name     = "my-azfw-pip"
+vnet_name          = "my-azfw-vnet"
+vnet_address_space = ["10.0.0.0/16"]
+
+# Subnet Configuration
+subnet_name          = "AzureFirewallSubnet"
+subnet_address_prefixes = ["10.0.1.0/26"]
diff --git a/3_networking/firewall/variables.tf b/3_networking/firewall/variables.tf
@@ -0,0 +1,47 @@
+# variables.tf
+# This file defines the input variables used in the Terraform configuration.
+
+variable "subscription_id" {
+  description = "The Azure subscription ID"
+  type        = string
+}
+
+variable "resource_group_name" {
+  description = "The name of the resource group"
+  type        = string
+}
+
+variable "location" {
+  description = "The Azure region to deploy resources"
+  type        = string
+}
+
+variable "firewall_name" {
+  description = "The name of the Azure Firewall"
+  type        = string
+}
+
+variable "public_ip_name" {
+  description = "The name of the public IP address for the firewall"
+  type        = string
+}
+
+variable "vnet_name" {
+  description = "The name of the virtual network"
+  type        = string
+}
+
+variable "vnet_address_space" {
+  description = "The address space of the virtual network"
+  type        = list(string)
+}
+
+variable "subnet_name" {
+  description = "The name of the subnet for the Azure Firewall"
+  type        = string
+}
+
+variable "subnet_address_prefixes" {
+  description = "The address prefixes for the subnet"
+  type        = list(string)
+}
