Demystifying Network Security on Azure: A Terraform Tale

Mahira Technology Private LimitedMahira Technology Private Limited
3 min read

Introduction :-

Welcome! This document will guide you through creating a Network Security Group (NSG) on Azure using Terraform. An NSG helps enhance the security of your network by allowing or denying network traffic based on a set of security rules. By the end of this guide, you’ll know how to set up an NSG that suits your project’s needs.

Prerequisites :-

Before we dive in, you’ll need a few things:

An Azure account with sufficient permissions to create resources. Terraform installed on your computer.
* Basic knowledge of how Terraform works and some familiarity with Azure.

Steps for Deploying Security Group

Creating a Network Security Group in Azure with Terraform involves several steps. We’ll cover them one at a time.

Setting Up Terraform :-

First, ensure Terraform is correctly installed and configure it to work with Azure. This might include setting up Azure CLI and signing into your Azure account.

Writing the Terraform Configuration :-

Create a Terraform configuration file. You can name it main.tf. This file will define your Azure resources, including the Network Security Group. Your configuration may look something like this:

#main.tf
resource "azurerm_resource_group" "corp_network"{
  name     = var.resource_group_name
  location = var.location
}

resource "azurerm_network_security_group" "win_nsg" {
  name                = var.network_security_group_win
  resource_group_name = azurerm_resource_group.corp_network.name
  location            = azurerm_resource_group.corp_network.location

# We are creating a rule to allow traffic 
  security_rule {
    name                       = var.name
    priority                   = var.priority
    direction                  = var.direction
    access                     = var.access
    protocol                   = var.protocol
    source_port_range          = var.source_port_range
    destination_port_range     = var.destination_port_range
    source_address_prefix      = var.source_address_prefix
    destination_address_prefix = var.destination_address_prefix
  }
}

resource "azurerm_subnet_network_security_group_association" "nsg_association" {
  subnet_id                 = var.subnet_id
  network_security_group_id = azurerm_network_security_group.win_nsg.id
  depends_on = [
    azurerm_network_security_group.win_nsg
    ]
}

#variables.tf
variable "resource_group_name" {
  description = "The name of the resource group in which the resources will be created."
  type        = string
  default     = "k8s-corp-network"
}

variable "location" {
  description = "(Optional) The location in which the resources will be created."
  type        = string
  default     = "East US 2"
}

variable "network_security_group_win" {
  type = string
  default = "jumpbox-win-nsg" 
}
variable "subnet_id" {
  type = string
  description = "The Name of the subnet ex: jumbbox-subnet"
  default = "example-1234899"
}

variable "name" {
  type = string
  default = "RDP"
}

variable "priority" {
  type  = number
  default = 300
}

variable "direction" {
  type  = string
  default = "Inbound"
}

variable "access" {
  type  = string
  default = "Allow"
}

variable "protocol" {
  type  = string
  default = "TCP"
}

variable "source_port_range"{
    type = string
    default = "*"
}

variable "destination_port_range" {
  type  = number
  default = 3389
}

variable "source_address_prefix" {
  type = string
  default = "*"
}

variable "destination_address_prefix" {
  type = string
  default = "*"
}

Add rules as needed to define which inbound and outbound traffic the NSG should allow or deny.

Initializing Terraform :-

Before applying your configuration, you need to initialize Terraform. Open a terminal, navigate to the directory with your main.tf file, and run: terraform init

This command prepares Terraform to manage your Azure resources.

Applying the Configuration

Now, you’re ready to create the NSG in Azure. Apply your Terraform configuration with: terraform apply

Terraform will show you the actions it will take based on the configuration you wrote. If everything looks good, type yes to proceed. Terraform will then create the NSG in your Azure account.

Conclusion :-

Congratulations! You’ve learned how to create a Network Security Group in Azure using Terraform. Your NSG can now help protect your network by controlling the flow of traffic based on your specified rules. Remember to review and update your security rules as your project needs evolve. Happy securing!

1
Subscribe to my newsletter

Read articles from Mahira Technology Private Limited directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Terraformazure-devopsbest practicesNSGAzurenetworking

Written by

Mahira Technology Private Limited
Mahira Technology Private Limited

A leading tech consulting firm specializing in innovative solutions. Experts in cloud, DevOps, automation, data analytics & more. Trusted technology partner.