Azure VNet Peering with Terraform
Sanmarg Paranjpe
In today's cloud-driven world, network connectivity is essential to ensure smooth and secure communication between environments. One of the most practical ways to connect environments on Azure is by using Virtual Network (VNet) Peering. Let's explore how to set this up using Terraform, along with a real-world use case where this can make a difference.
What is VNet Peering?
VNet Peering allows different Virtual Networks (VNets) in Azure to communicate with each other as if they are on the same network. The key benefit is that traffic remains within the Azure, avoiding the public internet. This makes communication between your environments fast, secure, and cost-effective.
Use Case:
Imagine you have a typical setup where Development and Production environments need to communicate. You don’t want these two environments sitting on the same network for security and isolation purposes, but at the same time, you want them to communicate securely and quickly.
For instance, let’s say your development environment needs to access an API hosted in production. Rather than exposing the API to the public internet or using a complicated gateway, you can use VNet peering.
Key Components of the Setup
1. Development Network (VNet-A)
This VNet is isolated for your dev environment and contains your development resources, like virtual machines, databases, and services. It has its own address space (10.0.0.0/16).
resource "azurerm_virtual_network" "vnet_a" {
name = "dev-vnet-a"
address_space = ["10.0.0.0/16"]
...
}
2. Production Network (VNet-B)
The production environment is similarly isolated with its own resources and address space (10.1.0.0/16).
resource "azurerm_virtual_network" "vnet_b" {
name = "dev-vnet-b"
address_space = ["10.1.0.0/16"]
...
}
3. VNet Peering Between Dev and Prod
This is where the magic happens. The peering connects the two networks, allowing secure communication between the development environment (VNet-A) and production environment (VNet-B).
resource "azurerm_virtual_network_peering" "peer_a_to_b" {
name = "dev-vnet-a-to-vnet-b"
virtual_network_name = azurerm_virtual_network.vnet_a.name
remote_virtual_network_id = azurerm_virtual_network.vnet_b.id
allow_virtual_network_access = true
}
The full code, including all configurations, will be available on my GitHub for you to explore. Here🔗
Benefits of Using VNet Peering:
Security: Peering ensures that communication between the dev and prod environments never leaves the Azure network, reducing the attack surface.
Cost Efficiency: Data transfer within the same region between peered VNets is free. This can save on bandwidth costs, especially if you're dealing with large data volumes.
Low Latency: VNet peering offers low-latency, high-bandwidth communication, which is ideal for environments where real-time communication is critical.
Simplicity: No need to configure and manage complex VPN gateways or additional networking components.
Real-World Scenario
Let’s assume you have a microservices-based application. The development team is building new features and testing them in a dev environment, while the production environment serves live customers. By using VNet peering:
Your dev team can access production data (with proper security measures) to run realistic tests.
The production environment remains isolated, but communication happens smoothly without exposing any public endpoints.
This kind of setup is common in industries like finance, e-commerce, or any SaaS application where development teams need access to live data while maintaining strict security and isolation between environments.
For more detailed code and additional configurations (like subnets, Network Security Groups, and more), check out my GitHub.
Subscribe to my newsletter
Read articles from Sanmarg Paranjpe directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by