Skip to content

cyber-scot/terraform-azurerm-firewall

BranchesTags

Repository files navigation

resource "azurerm_subnet" "firewall_subnet" {
  count                = var.create_firewall_subnet == true ? 1 : 0
  name                 = var.firewall_subnet_name != null ? var.firewall_subnet_name : "AzureFirewallSubnet"
  resource_group_name  = var.vnet_rg_name != null ? var.vnet_rg_name : var.rg_name
  virtual_network_name = var.vnet_name
  address_prefixes     = var.firewall_subnet_prefixes
}

resource "azurerm_subnet" "firewall_management_subnet" {
  count                = var.create_firewall_management_subnet == true ? 1 : 0
  name                 = var.firewall_management_subnet_name != null ? var.firewall_management_subnet_name : "AzureFirewallManagementSubnet"
  resource_group_name  = var.vnet_rg_name != null ? var.vnet_rg_name : var.rg_name
  virtual_network_name = var.vnet_name
  address_prefixes     = var.firewall_management_subnet_prefixes
}

resource "azurerm_public_ip" "firewall_management_pip" {
  count = var.create_firewall_management_public_ip == true ? 1 : 0

  name                = var.pip_name != null ? var.pip_name : "pip-mgmt-${var.name}"
  location            = var.location
  resource_group_name = var.rg_name
  allocation_method   = var.pip_allocation_method
  domain_name_label   = var.pip_custom_dns_label
  sku                 = var.pip_sku

  lifecycle {
    ignore_changes        = [domain_name_label]
    create_before_destroy = true
  }
}

resource "azurerm_public_ip" "firewall_data_pip" {
  count = var.create_firewall_data_public_ip == true ? 1 : 0

  name                = var.pip_name != null ? var.pip_name : "pip-data-${var.name}"
  location            = var.location
  resource_group_name = var.rg_name
  allocation_method   = var.pip_allocation_method
  domain_name_label   = var.pip_custom_dns_label
  sku                 = var.pip_sku

  lifecycle {
    ignore_changes        = [domain_name_label]
    create_before_destroy = true
  }
}

resource "azurerm_firewall" "firewall" {
  name                = var.name
  location            = var.location
  resource_group_name = var.rg_name
  sku_name            = var.firewall_sku_name
  sku_tier            = title(var.firewall_sku_tier)
  firewall_policy_id  = var.firewall_policy_id
  dns_servers         = toset(var.firewall_dns_servers)
  private_ip_ranges   = var.firewall_snat_addresses
  threat_intel_mode   = title(var.firewall_threat_intel_mode)
  zones               = toset(var.firewall_availability_zones)
  tags                = var.tags

  dynamic "ip_configuration" {
    for_each = var.ip_configuration != null ? [var.ip_configuration] : []
    content {
      name                 = ip_configuration.value.name != null ? ip_configuration.value.name : "ipconfig-${var.name}"
      subnet_id            = ip_configuration.value.subnet_id != null ? ip_configuration.value.subnet_id : azurerm_subnet.firewall_subnet[0].id
      public_ip_address_id = ip_configuration.value.public_ip_address_id != null ? ip_configuration.value.public_ip_address_id : azurerm_public_ip.firewall_data_pip[0].id
    }
  }

  dynamic "management_ip_configuration" {
    for_each = var.management_ip_configuration != null ? [var.management_ip_configuration] : []
    content {
      name                 = management_ip_configuration.value.name != null ? management_ip_configuration.value.name : "ipconfig-mgmt-${var.name}"
      subnet_id            = management_ip_configuration.value.subnet_id != null ? management_ip_configuration.value.subnet_id : azurerm_subnet.firewall_management_subnet[0].id
      public_ip_address_id = management_ip_configuration.value.public_ip_address_id != null ? management_ip_configuration.value.public_ip_address_id : azurerm_public_ip.firewall_management_pip[0].id
    }
  }

  dynamic "virtual_hub" {
    for_each = var.virtual_hub != null ? [var.virtual_hub] : []
    content {
      virtual_hub_id  = virtual_hub.value.virtual_hub_id
      public_ip_count = virtual_hub.value.public_ip_count
    }
  }
}

Requirements

No requirements.

Providers

Name Version
azurerm n/a

Modules

No modules.

Resources

Name Type
azurerm_firewall.firewall resource
azurerm_public_ip.firewall_data_pip resource
azurerm_public_ip.firewall_management_pip resource
azurerm_subnet.firewall_management_subnet resource
azurerm_subnet.firewall_subnet resource

Inputs

Name Description Type Default Required
create_firewall_data_public_ip Boolean flag to control whether a firewall public IP is created. bool true no
create_firewall_management_public_ip Boolean flag to control whether a firewall public IP is created. bool true no
create_firewall_management_subnet Boolean flag to control whether a firewall subnet is created. bool false no
create_firewall_subnet Boolean flag to control whether a firewall subnet is created. bool false no
firewall_availability_zones The availability zones for the firewall. set(string) null no
firewall_dns_servers The DNS servers for the firewall. set(string) null no
firewall_management_subnet_name The name of the firewall subnet. string "AzureFirewallManagementSubnet" no
firewall_management_subnet_prefixes The address prefixes for the firewall subnet. set(string) null no
firewall_policy_id The ID of the firewall policy. string null no
firewall_sku_name The SKU name of the firewall. string "AZFW_VNet" no
firewall_sku_tier The SKU tier of the firewall. string "Standard" no
firewall_snat_addresses The SNAT addresses for the firewall. any null no
firewall_subnet_name The name of the firewall subnet. string "AzureFirewallSubnet" no
firewall_subnet_prefixes The address prefixes for the firewall subnet. set(string) null no
firewall_threat_intel_mode The threat intelligence mode for the firewall. string "Alert" no
ip_configuration Configuration for IP settings. 
object({
    name                 = optional(string)
    subnet_id            = optional(string)
    public_ip_address_id = optional(string)
  })
 null no
ip_configuration_name The name of the IP configuration. string null no
ip_configuration_public_ip_address_id The public IP address ID of the IP configuration. string null no
ip_configuration_subnet_id The subnet ID of the IP configuration. string null no
location The location where resources will be created. string n/a yes
management_ip_configuration Configuration for management IP settings. 
object({
    name                 = optional(string)
    subnet_id            = optional(string)
    public_ip_address_id = optional(string)
  })
 null no
management_ip_configuration_name The name of the management IP configuration. string null no
management_ip_configuration_public_ip_address_id The public IP address ID of the management IP configuration. string null no
management_ip_configuration_subnet_id The subnet ID of the management IP configuration. string null no
name The name of the firewall. string n/a yes
pip_allocation_method The allocation method for the public IP. string "Static" no
pip_custom_dns_label The custom DNS label for the public IP. string null no
pip_name The name of the public IP. string null no
pip_sku The SKU of the public IP. string "Standard" no
public_ip_count The number of public IPs for the virtual hub. number 1 no
rg_name The name of the resource group. string n/a yes
tags A map of tags to add to all resources. map(string) {} no
virtual_hub Configuration for virtual hub settings. 
object({
    virtual_hub_id  = optional(string)
    public_ip_count = optional(number)
  })
 null no
virtual_hub_id The ID of the virtual hub. string null no
vnet_name The name of the virtual network. string null no
vnet_rg_name The name of the resource group for the virtual network. string null no

Outputs

Name Description
firewall_data_public_ip_address The address of the firewall public IP.
firewall_data_public_ip_fqdn The Fully Qualified Domain Name (FQDN) of the firewall public IP.
firewall_data_public_ip_id The ID of the firewall public IP.
firewall_id The ID of the firewall.
firewall_ip_configuration The IP configuration of the firewall.
firewall_management_ip_configuration The management IP configuration of the firewall.
firewall_management_public_ip_address The address of the firewall public IP.
firewall_management_public_ip_fqdn The Fully Qualified Domain Name (FQDN) of the firewall public IP.
firewall_management_public_ip_id The ID of the firewall public IP.
firewall_management_subnet_id The ID of the management firewall subnet.
firewall_name The name of the firewall.
firewall_rg_name The resource group name of the firewall.
firewall_subnet_id The ID of the firewall subnet.
firewall_tags The tags of the firewall.
firewall_virtual_hub_configuration The virtual hub configuration of the firewall.

About

A module used to deploy an Azure Firewall 🧱

Topics

azure terraform-module terraform-registry azurerm-terraform-provider azure-terraform

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages