Top / Microsoft Azure / Azure Network / Circuit Peering

Azure Network Circuit Peering

This page shows how to write Terraform and Azure Resource Manager for Network Circuit Peering and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_express_route_circuit_peering (Terraform)

The Circuit Peering in Network can be configured in Terraform with the resource name azurerm_express_route_circuit_peering. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

ExpressRoutePeering.tf#L1
resource "azurerm_express_route_circuit_peering" "Hub-ExpressRoute-Peering" {
  peering_type                  = var.ExpressRoute-PeeringType
  express_route_circuit_name    = var.ExpressRoute-CircuitName
  resource_group_name           = var.ExpressRoute-RGName
  peer_asn                      = var.PeerASN
  primary_peer_address_prefix   = var.PrimaryPeerAddressPrefix
ExpressRoutePeering.tf#L1
resource "azurerm_express_route_circuit_peering" "Hub-ExpressRoute-Peering" {
  peering_type                  = var.ExpressRoute-PeeringType
  express_route_circuit_name    = var.ExpressRoute-CircuitName
  resource_group_name           = var.ExpressRoute-RGName
  peer_asn                      = var.PeerASN
  primary_peer_address_prefix   = var.PrimaryPeerAddressPrefix
vng.tf#L15
resource "azurerm_express_route_circuit_peering" "cloudN" {
  peering_type                  = "AzurePrivatePeering"
  express_route_circuit_name    = azurerm_express_route_circuit.cloudN.name
  resource_group_name           = "s5-vnet-rg-01"
  peer_asn                      = 65000              # on prem router ASN
  primary_peer_address_prefix   = "10.255.255.20/30" # IP prefix for ER
ExpressRoutePeering.tf#L1
resource "azurerm_express_route_circuit_peering" "Hub-ExpressRoute-Peering" {
  peering_type                  = var.ExpressRoute-PeeringType
  express_route_circuit_name    = var.ExpressRoute-CircuitName
  resource_group_name           = var.ExpressRoute-RGName
  peer_asn                      = var.PeerASN
  primary_peer_address_prefix   = var.PrimaryPeerAddressPrefix
main.tf#L7
resource "azurerm_express_route_circuit_peering" "this" {
  express_route_circuit_name    = var.express_route_circuit_name
  peer_asn                      = var.peer_asn
  peering_type                  = var.peering_type
  primary_peer_address_prefix   = var.primary_peer_address_prefix
  resource_group_name           = var.resource_group_name
main.tf#L7
resource "azurerm_express_route_circuit_peering" "this" {
  express_route_circuit_name    = var.express_route_circuit_name
  peer_asn                      = var.peer_asn
  peering_type                  = var.peering_type
  primary_peer_address_prefix   = var.primary_peer_address_prefix
  resource_group_name           = var.resource_group_name
post-circuit.tf#L5
resource "azurerm_express_route_circuit_peering" "example" {
  peering_type                  = "AzurePrivatePeering"
  express_route_circuit_name    = azurerm_express_route_circuit.example.name
  resource_group_name           = azurerm_resource_group.example.name
  shared_key                    = "ItsASecret"
  peer_asn                      = 100
r-express-route.tf#L30
resource "azurerm_express_route_circuit_peering" "ercprivatepeer" {
  for_each                      = var.express_route_enabled && var.express_route_private_peering_enabled ? toset(["express_route"]) : toset([])
  resource_group_name           = var.resource_group_name
  express_route_circuit_name    = azurerm_express_route_circuit.erc["express_route"].name
  peering_type                  = "AzurePrivatePeering"
  primary_peer_address_prefix   = var.express_route_circuit_private_peering_primary_peer_address_prefix
main.tf#L9
resource "azurerm_express_route_circuit_peering" "example" {
  peering_type                  = "AzurePrivatePeering"
  # Acceptable values include AzurePrivatePeering, AzurePublicPeering and MicrosoftPeering
  express_route_circuit_name    = var.express_route_circuit_name
  resource_group_name           = var.rg_name
  peer_asn                      = var.peer_asn
main.tf#L26
resource "azurerm_express_route_circuit_peering" "local" {
  count                         = var.configure_er_private_peering ? 1 : 0
  peering_type                  = "AzurePrivatePeering"
  express_route_circuit_name    = azurerm_express_route_circuit.local.name
  resource_group_name           = var.resource_group_name
  peer_asn                      = var.express_route_definitions.azure_private_peering.peer_asn

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages an ExpressRoute Circuit Peering.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Network Resources

In addition to the azurerm_network_security_group, Azure Network has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_network_security_group

Ensure to disable RDP port from the Internet

It is better to disable the RDP port from the Internet. RDP access should not be accepted from the Internet (*, 0.0.0.0, /0, internet, any), and consider using the Azure Bastion Service.

risk-label

azurerm_network_security_rule

Ensure to set a more restrictive CIDR range for ingress from the internet

It is better to set a more restrictive CIDR range not to use very broad subnets. If possible, segments should be divided into smaller subnets.

risk-label

azurerm_network_watcher_flow_log

Ensure to enable Retention policy for flow logs and set it to enough duration

It is better to enable a retention policy for flow logs. Flow logs show us all network activity in the cloud environment and support us when we face critical incidents.

Review your Azure Network settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Network/expressRouteCircuits/peerings (Azure Resource Manager)

The expressRouteCircuits/peerings in Microsoft.Network can be configured in Azure Resource Manager with the resource name Microsoft.Network/expressRouteCircuits/peerings. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

  • name required - string
  • type required - string
  • apiVersion required - string
  • properties required
      • peeringType optional - string

        The peering type.

      • state optional - string

        The peering state.

      • peerASN optional - integer

        The peer ASN.

      • primaryPeerAddressPrefix optional - string

        The primary address prefix.

      • secondaryPeerAddressPrefix optional - string

        The secondary address prefix.

      • sharedKey optional - string

        The shared key.

      • vlanId optional - integer

        The VLAN ID.

      • microsoftPeeringConfig optional
          • advertisedPublicPrefixes optional - array

            The reference to AdvertisedPublicPrefixes.

          • advertisedCommunities optional - array

            The communities of bgp peering. Specified for microsoft peering.

          • legacyMode optional - integer

            The legacy mode of the peering.

          • customerASN optional - integer

            The CustomerASN of the peering.

          • routingRegistryName optional - string

            The RoutingRegistryName of the configuration.

      • stats optional
          • primarybytesIn optional - integer

            The Primary BytesIn of the peering.

          • primarybytesOut optional - integer

            The primary BytesOut of the peering.

          • secondarybytesIn optional - integer

            The secondary BytesIn of the peering.

          • secondarybytesOut optional - integer

            The secondary BytesOut of the peering.

      • gatewayManagerEtag optional - string

        The GatewayManager Etag.

      • routeFilter optional
          • id required - string

            Resource ID.

      • ipv6PeeringConfig optional
          • primaryPeerAddressPrefix optional - string

            The primary address prefix.

          • secondaryPeerAddressPrefix optional - string

            The secondary address prefix.

          • microsoftPeeringConfig optional
              • advertisedPublicPrefixes optional - array

                The reference to AdvertisedPublicPrefixes.

              • advertisedCommunities optional - array

                The communities of bgp peering. Specified for microsoft peering.

              • legacyMode optional - integer

                The legacy mode of the peering.

              • customerASN optional - integer

                The CustomerASN of the peering.

              • routingRegistryName optional - string

                The RoutingRegistryName of the configuration.

          • routeFilter optional
              • id required - string

                Resource ID.

          • state optional - string

            The state of peering.

      • expressRouteConnection optional
          • id required - string

            Resource ID.

>> from Azure Resource Manager Documentation

The Other Related Azure Network Resources

Frequently asked questions

What is Azure Network Circuit Peering?

Azure Network Circuit Peering is a resource for Network of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Network Circuit Peering?

For Terraform, the AErmie/Terraform-Real-World-Edition, AErmie/TFCloud-IaC-Using-Terraform and karolnedza/migration source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents