MicrosoftCloudEssentials-LearningHub · brown9804 · Jun 12, 2025 · Jun 12, 2025 · Jun 12, 2025 · Jun 12, 2025
diff --git a/3_networking/firewall/README.md b/3_networking/firewall/README.md
@@ -0,0 +1,62 @@
+# Terraform Template - Azure Firewall
+
+Costa Rica
+
+[![GitHub](https://img.shields.io/badge/--181717?logo=github&logoColor=ffffff)](https://github.com/)
+[brown9804](https://github.com/brown9804)
+
+Last updated: 2025-06-12
+
+----------
+
+> This template contains Terraform configurations to create and manage an Azure Firewall, including a public IP and required subnet configuration.
+
+> [!NOTE]
+> The subnet used for Azure Firewall **must** be named `AzureFirewallSubnet` and sized at least /26.
+
+<p align="center">
+    <img width="800" alt="image" src="https://github.com/user-attachments/assets/7614ce31-c57d-41ce-a9f2-307c29cb0f3d">
+</p>
+
+
+
+## File Descriptions
+
+- **main.tf**: Contains the main configuration for creating the Azure Firewall and its supporting resources.
+- **variables.tf**: Defines the input variables used in the Terraform configuration.
+- **terraform.tfvars**: Provides default values for the variables defined in `variables.tf`.
+- **outputs.tf**: Defines the outputs such as Firewall ID and public IP address.
+
+## Variables
+
+| Variable Name         | Description                                      | Type   | Example Value                |
+|---------------------- |--------------------------------------------------|--------|-----------------------------|
+| `resource_group_name` | The name of the resource group                   | string | `"my-firewall-rg"`          |
+| `location`            | The Azure region to deploy resources             | string | `"eastus"`                  |
+| `firewall_name`       | The name of the Azure Firewall                   | string | `"my-azfw"`                 |
+| `public_ip_name`      | The name of the public IP address for the firewall | string | `"my-azfw-pip"`           |
+| `subnet_id`           | The ID of the subnet for the Azure Firewall      | string | `".../subnets/AzureFirewallSubnet"` |
+
+## Usage
+
+1. Clone the repository and navigate to the firewall directory.
+2. Update the `terraform.tfvars` file with your values.
+3. Initialize and apply the Terraform configuration:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+## Outputs
+
+| Output Name         | Description                                 |
+|---------------------|---------------------------------------------|
+| `firewall_id`       | The ID of the Azure Firewall                |
+| `firewall_public_ip`| The public IP address of the Azure Firewall |
+
+<div align="center">
+  <h3 style="color: #4CAF50;">Total Visitors</h3>
+  <img src="https://profile-counter.glitch.me/brown9804/count.svg" alt="Visitor Count" style="border: 2px solid #4CAF50; border-radius: 5px; padding: 5px;"/>
+</div>
diff --git a/3_networking/firewall/main.tf b/3_networking/firewall/main.tf
@@ -0,0 +1,49 @@
+# main.tf
+# This file contains the main configuration for creating an Azure Firewall and its supporting resources.
+
+# Resource Group
+resource "azurerm_resource_group" "fw" {
+  name     = var.resource_group_name
+  location = var.location
+}
+
+# Public IP for Firewall
+resource "azurerm_public_ip" "fw" {
+  name                = var.public_ip_name
+  location            = azurerm_resource_group.fw.location
+  resource_group_name = azurerm_resource_group.fw.name
+  allocation_method   = "Static"
+  sku                 = "Standard"
+}
+
+# Virtual Network for Firewall
+resource "azurerm_virtual_network" "fw" {
+  name                = var.vnet_name
+  address_space       = var.vnet_address_space
+  location            = azurerm_resource_group.fw.location
+  resource_group_name = azurerm_resource_group.fw.name
+}
+
+# AzureFirewallSubnet (required name and at least /26)
+resource "azurerm_subnet" "fw" {
+  name                 = var.subnet_name
+  resource_group_name  = azurerm_resource_group.fw.name
+  virtual_network_name = azurerm_virtual_network.fw.name
+  address_prefixes     = var.subnet_address_prefixes
+}
+
+# Azure Firewall
+resource "azurerm_firewall" "fw" {
+  name                = var.firewall_name
+  location            = azurerm_resource_group.fw.location
+  resource_group_name = azurerm_resource_group.fw.name
+
+  sku_tier = "Standard"
+  sku_name = "AZFW_VNet"
+
+  ip_configuration {
+    name                 = "configuration"
+    subnet_id            = azurerm_subnet.fw.id # Direct reference to the subnet resource
+    public_ip_address_id = azurerm_public_ip.fw.id
+  }
+}
diff --git a/3_networking/firewall/outputs.tf b/3_networking/firewall/outputs.tf
@@ -0,0 +1,12 @@
+# outputs.tf
+# This file defines the outputs for the Azure Firewall configuration.
+
+output "firewall_id" {
+  description = "The ID of the Azure Firewall"
+  value       = azurerm_firewall.fw.id
+}
+
+output "firewall_public_ip" {
+  description = "The public IP address of the Azure Firewall"
+  value       = azurerm_public_ip.fw.ip_address
+}
diff --git a/3_networking/firewall/provider.tf b/3_networking/firewall/provider.tf
@@ -0,0 +1,19 @@
+# provider.tf
+# This file configures the Azure provider to interact with Azure resources.
+# It specifies the required provider and its version, along with provider-specific configurations.
+
+terraform {
+  required_version = ">= 1.8, < 2.0"
+  # Specify the required provider and its version
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"  # Source of the AzureRM provider
+      version = "~> 4.16.0"          # Version of the AzureRM provider
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}                        # Enable all features for the AzureRM provider
+  subscription_id = var.subscription_id  # Use the subscription ID variable
+}
diff --git a/3_networking/firewall/terraform.tfvars b/3_networking/firewall/terraform.tfvars
@@ -0,0 +1,20 @@
+# terraform.tfvars
+# This file provides default values for the variables defined in variables.tf.
+# These values can be overridden by specifying different values during Terraform execution.
+
+# Azure Subscription
+subscription_id = "" # "your-subscription-id"
+
+# Resource Group
+resource_group_name = "RG-firewall-test"
+location            = "eastus"
+
+# Azure Firewall Configuration
+firewall_name      = "my-azfw"
+public_ip_name     = "my-azfw-pip"
+vnet_name          = "my-azfw-vnet"
+vnet_address_space = ["10.0.0.0/16"]
+
+# Subnet Configuration
+subnet_name          = "AzureFirewallSubnet"
+subnet_address_prefixes = ["10.0.1.0/26"]
diff --git a/3_networking/firewall/variables.tf b/3_networking/firewall/variables.tf
@@ -0,0 +1,47 @@
+# variables.tf
+# This file defines the input variables used in the Terraform configuration.
+
+variable "subscription_id" {
+  description = "The Azure subscription ID"
+  type        = string
+}
+
+variable "resource_group_name" {
+  description = "The name of the resource group"
+  type        = string
+}
+
+variable "location" {
+  description = "The Azure region to deploy resources"
+  type        = string
+}
+
+variable "firewall_name" {
+  description = "The name of the Azure Firewall"
+  type        = string
+}
+
+variable "public_ip_name" {
+  description = "The name of the public IP address for the firewall"
+  type        = string
+}
+
+variable "vnet_name" {
+  description = "The name of the virtual network"
+  type        = string
+}
+
+variable "vnet_address_space" {
+  description = "The address space of the virtual network"
+  type        = list(string)
+}
+
+variable "subnet_name" {
+  description = "The name of the subnet for the Azure Firewall"
+  type        = string
+}
+
+variable "subnet_address_prefixes" {
+  description = "The address prefixes for the subnet"
+  type        = list(string)
+}