Spoke to Spoke via 2 Azure Firewalls

Azure HUB(spoke)<->HUB(spoke)

The Original (manual) setup: Connecting two HUB(spoke)<->HUB((spoke) on two different subscriptions with 2 Azure firewalls on each side:

Each Subscription belonged to its own AzureAD (Entra) and it worked as shown in the image below:

I wrote the Terraform code to perform the deployment and it does work (for the most part), https://github.com/soyroberto/terrahubspoke

except I had to do the peering manually as the service principal althought having permissions didn't perform the action in Terraform.

Documentation is not exactly long or detailed about it and almost everybody ran over the same issue. To be tested further in the future (TF Vnet peering). Move the networking code to the 'i' directory

References:

• https://learn.microsoft.com/en-us/azure/firewall/firewall-multi-hub-spoke#routing-on-the-spoke-subnets

• https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#system-routes

• https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections

• https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections