diff --git a/3_networking/firewall/README.md b/3_networking/firewall/README.md new file mode 100644 index 0000000..6338dbb --- /dev/null +++ b/3_networking/firewall/README.md @@ -0,0 +1,62 @@ +# Terraform Template - Azure Firewall + +Costa Rica + +[![GitHub](https://img.shields.io/badge/--181717?logo=github&logoColor=ffffff)](https://github.com/) +[brown9804](https://github.com/brown9804) + +Last updated: 2025-06-12 + +---------- + +> This template contains Terraform configurations to create and manage an Azure Firewall, including a public IP and required subnet configuration. + +> [!NOTE] +> The subnet used for Azure Firewall **must** be named `AzureFirewallSubnet` and sized at least /26. + +

+ image +

+ + + +## File Descriptions + +- **main.tf**: Contains the main configuration for creating the Azure Firewall and its supporting resources. +- **variables.tf**: Defines the input variables used in the Terraform configuration. +- **terraform.tfvars**: Provides default values for the variables defined in `variables.tf`. +- **outputs.tf**: Defines the outputs such as Firewall ID and public IP address. + +## Variables + +| Variable Name | Description | Type | Example Value | +|---------------------- |--------------------------------------------------|--------|-----------------------------| +| `resource_group_name` | The name of the resource group | string | `"my-firewall-rg"` | +| `location` | The Azure region to deploy resources | string | `"eastus"` | +| `firewall_name` | The name of the Azure Firewall | string | `"my-azfw"` | +| `public_ip_name` | The name of the public IP address for the firewall | string | `"my-azfw-pip"` | +| `subnet_id` | The ID of the subnet for the Azure Firewall | string | `".../subnets/AzureFirewallSubnet"` | + +## Usage + +1. Clone the repository and navigate to the firewall directory. +2. Update the `terraform.tfvars` file with your values. +3. Initialize and apply the Terraform configuration: + +```bash +terraform init +terraform plan +terraform apply +``` + +## Outputs + +| Output Name | Description | +|---------------------|---------------------------------------------| +| `firewall_id` | The ID of the Azure Firewall | +| `firewall_public_ip`| The public IP address of the Azure Firewall | + +
+

Total Visitors

+ Visitor Count +
diff --git a/3_networking/firewall/main.tf b/3_networking/firewall/main.tf new file mode 100644 index 0000000..f1317ba --- /dev/null +++ b/3_networking/firewall/main.tf @@ -0,0 +1,49 @@ +# main.tf +# This file contains the main configuration for creating an Azure Firewall and its supporting resources. + +# Resource Group +resource "azurerm_resource_group" "fw" { + name = var.resource_group_name + location = var.location +} + +# Public IP for Firewall +resource "azurerm_public_ip" "fw" { + name = var.public_ip_name + location = azurerm_resource_group.fw.location + resource_group_name = azurerm_resource_group.fw.name + allocation_method = "Static" + sku = "Standard" +} + +# Virtual Network for Firewall +resource "azurerm_virtual_network" "fw" { + name = var.vnet_name + address_space = var.vnet_address_space + location = azurerm_resource_group.fw.location + resource_group_name = azurerm_resource_group.fw.name +} + +# AzureFirewallSubnet (required name and at least /26) +resource "azurerm_subnet" "fw" { + name = var.subnet_name + resource_group_name = azurerm_resource_group.fw.name + virtual_network_name = azurerm_virtual_network.fw.name + address_prefixes = var.subnet_address_prefixes +} + +# Azure Firewall +resource "azurerm_firewall" "fw" { + name = var.firewall_name + location = azurerm_resource_group.fw.location + resource_group_name = azurerm_resource_group.fw.name + + sku_tier = "Standard" + sku_name = "AZFW_VNet" + + ip_configuration { + name = "configuration" + subnet_id = azurerm_subnet.fw.id # Direct reference to the subnet resource + public_ip_address_id = azurerm_public_ip.fw.id + } +} diff --git a/3_networking/firewall/outputs.tf b/3_networking/firewall/outputs.tf new file mode 100644 index 0000000..77bed48 --- /dev/null +++ b/3_networking/firewall/outputs.tf @@ -0,0 +1,12 @@ +# outputs.tf +# This file defines the outputs for the Azure Firewall configuration. + +output "firewall_id" { + description = "The ID of the Azure Firewall" + value = azurerm_firewall.fw.id +} + +output "firewall_public_ip" { + description = "The public IP address of the Azure Firewall" + value = azurerm_public_ip.fw.ip_address +} diff --git a/3_networking/firewall/provider.tf b/3_networking/firewall/provider.tf new file mode 100644 index 0000000..f3f9b2d --- /dev/null +++ b/3_networking/firewall/provider.tf @@ -0,0 +1,19 @@ +# provider.tf +# This file configures the Azure provider to interact with Azure resources. +# It specifies the required provider and its version, along with provider-specific configurations. + +terraform { + required_version = ">= 1.8, < 2.0" + # Specify the required provider and its version + required_providers { + azurerm = { + source = "hashicorp/azurerm" # Source of the AzureRM provider + version = "~> 4.16.0" # Version of the AzureRM provider + } + } +} + +provider "azurerm" { + features {} # Enable all features for the AzureRM provider + subscription_id = var.subscription_id # Use the subscription ID variable +} diff --git a/3_networking/firewall/terraform.tfvars b/3_networking/firewall/terraform.tfvars new file mode 100644 index 0000000..01ad5f6 --- /dev/null +++ b/3_networking/firewall/terraform.tfvars @@ -0,0 +1,20 @@ +# terraform.tfvars +# This file provides default values for the variables defined in variables.tf. +# These values can be overridden by specifying different values during Terraform execution. + +# Azure Subscription +subscription_id = "" # "your-subscription-id" + +# Resource Group +resource_group_name = "RG-firewall-test" +location = "eastus" + +# Azure Firewall Configuration +firewall_name = "my-azfw" +public_ip_name = "my-azfw-pip" +vnet_name = "my-azfw-vnet" +vnet_address_space = ["10.0.0.0/16"] + +# Subnet Configuration +subnet_name = "AzureFirewallSubnet" +subnet_address_prefixes = ["10.0.1.0/26"] diff --git a/3_networking/firewall/variables.tf b/3_networking/firewall/variables.tf new file mode 100644 index 0000000..01c2045 --- /dev/null +++ b/3_networking/firewall/variables.tf @@ -0,0 +1,47 @@ +# variables.tf +# This file defines the input variables used in the Terraform configuration. + +variable "subscription_id" { + description = "The Azure subscription ID" + type = string +} + +variable "resource_group_name" { + description = "The name of the resource group" + type = string +} + +variable "location" { + description = "The Azure region to deploy resources" + type = string +} + +variable "firewall_name" { + description = "The name of the Azure Firewall" + type = string +} + +variable "public_ip_name" { + description = "The name of the public IP address for the firewall" + type = string +} + +variable "vnet_name" { + description = "The name of the virtual network" + type = string +} + +variable "vnet_address_space" { + description = "The address space of the virtual network" + type = list(string) +} + +variable "subnet_name" { + description = "The name of the subnet for the Azure Firewall" + type = string +} + +variable "subnet_address_prefixes" { + description = "The address prefixes for the subnet" + type = list(string) +}