Top / Microsoft Azure / Azure Network / Circuit

Azure Network Circuit

This page shows how to write Terraform and Azure Resource Manager for Network Circuit and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_express_route_circuit (Terraform)

The Circuit in Network can be configured in Terraform with the resource name azurerm_express_route_circuit. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

expressRouteCircuits.tf#L1
resource "azurerm_express_route_circuit" "example" {
  name                  = "expressRoute1"
  resource_group_name   = azurerm_resource_group.example.name
  location              = azurerm_resource_group.example.location
  service_provider_name = "Equinix"
  peering_location      = "Silicon Valley"
resource.tf#L1
resource "azurerm_express_route_circuit" "express_route" {
  name                  = var.name
  location              = var.location
  resource_group_name   = var.rg_name
  bandwidth_in_mbps     = var.bandwidth
  service_provider_name = var.provider_name
main.tf#L1
resource "azurerm_express_route_circuit" "myterraformexpressroute" {
  name                  = var.express_route_name
  location            = var.express_route_location
  resource_group_name = var.express_route_resource_group_name
  service_provider_name = var.express_route_service_provider_name
  peering_location      = var.express_route_peering_location
deploy.tf#L34
resource "azurerm_express_route_circuit" "cloudlab" {
  name                  = var.exrcircuit_name
  resource_group_name   = azurerm_resource_group.cloudlab.name
  location              = azurerm_resource_group.cloudlab.location
  service_provider_name = var.exrcircuit_provider
  peering_location      = var.exrcircuit_location
main.tf#L9
resource "azurerm_express_route_circuit" "poc-frankfurt" {
  name                  = "Equiniq-POC-Frankfurt"
  resource_group_name   = var.rg_name
  location              = var.location
  service_provider_name = var.service_provider_name
  peering_location      = var.peering_location
vng.tf#L1
resource "azurerm_express_route_circuit" "cloudN" {
  name                  = "cloudN-ExpressRoute"
  resource_group_name   = "s5-vnet-rg-01"
  location              = "West US"
  service_provider_name = "Equinix"
  peering_location      = "Silicon Valley"
express_route.tf#L11
resource "azurerm_express_route_circuit" "circuit" {

  name                  = azurecaf_name.circuit.result
  resource_group_name   = var.resource_group_name
  location              = var.location
  tags                  = local.tags
express_route.tf#L11
resource "azurerm_express_route_circuit" "circuit" {

  name                  = azurecaf_name.circuit.result
  resource_group_name   = var.resource_group_name
  location              = var.location
  tags                  = local.tags
express_route.tf#L11
resource "azurerm_express_route_circuit" "circuit" {

  name                  = azurecaf_name.circuit.result
  resource_group_name   = var.resource_group_name
  location              = var.location
  tags                  = local.tags
expressRoute_main.tf#L1
resource "azurerm_express_route_circuit" "express_route" {
  name                  = var.express_route.name
  resource_group_name   = var.resource_group.name
  location              = var.resource_group.location
  service_provider_name = var.express_route.service_provider_name
  peering_location      = var.express_route.peering_location

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages an ExpressRoute circuit.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Network Resources

In addition to the azurerm_network_security_group, Azure Network has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_network_security_group

Ensure to disable RDP port from the Internet

It is better to disable the RDP port from the Internet. RDP access should not be accepted from the Internet (*, 0.0.0.0, /0, internet, any), and consider using the Azure Bastion Service.

risk-label

azurerm_network_security_rule

Ensure to set a more restrictive CIDR range for ingress from the internet

It is better to set a more restrictive CIDR range not to use very broad subnets. If possible, segments should be divided into smaller subnets.

risk-label

azurerm_network_watcher_flow_log

Ensure to enable Retention policy for flow logs and set it to enough duration

It is better to enable a retention policy for flow logs. Flow logs show us all network activity in the cloud environment and support us when we face critical incidents.

Review your Azure Network settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Network/expressRouteCircuits (Azure Resource Manager)

The expressRouteCircuits in Microsoft.Network can be configured in Azure Resource Manager with the resource name Microsoft.Network/expressRouteCircuits. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

ExpressRouteCircuitCreateOnExpressRoutePort.json#L6
        "type": "Microsoft.Network/expressRouteCircuits",
        "circuitName": "expressRouteCircuit1",
        "parameters": {
            "location": "westus",
            "sku": {
                "name": "Premium_MeteredData",
ExpressRouteCircuitCreateOnExpressRoutePort.json#L6
        "type": "Microsoft.Network/expressRouteCircuits",
        "circuitName": "expressRouteCircuit1",
        "parameters": {
            "location": "westus",
            "sku": {
                "name": "Premium_MeteredData",
ExpressRouteCircuitCreateOnExpressRoutePort.json#L6
        "type": "Microsoft.Network/expressRouteCircuits",
        "circuitName": "expressRouteCircuit1",
        "parameters": {
            "location": "westus",
            "sku": {
                "name": "Premium_MeteredData",
ExpressRouteCircuitCreateOnExpressRoutePort.json#L6
        "type": "Microsoft.Network/expressRouteCircuits",
        "circuitName": "expressRouteCircuit1",
        "parameters": {
            "location": "westus",
            "sku": {
                "name": "Premium_MeteredData",
ExpressRouteCircuitCreateOnExpressRoutePort.json#L6
        "type": "Microsoft.Network/expressRouteCircuits",
        "circuitName": "expressRouteCircuit1",
        "parameters": {
            "location": "westus",
            "sku": {
                "name": "Premium_MeteredData",
ExpressRouteCircuitCreateOnExpressRoutePort.json#L6
        "type": "Microsoft.Network/expressRouteCircuits",
        "circuitName": "expressRouteCircuit1",
        "parameters": {
            "location": "westus",
            "sku": {
                "name": "Premium_MeteredData",
ExpressRouteCircuitCreate.json#L32
            "type": "Microsoft.Network/expressRouteCircuits",
            "location": "westus",
            "properties": {
               "provisioningState": "Succeeded",
               "peerings": [],
               "authorizations": [],
ExpressRouteCircuitCreate.json#L32
            "type": "Microsoft.Network/expressRouteCircuits",
            "location": "westus",
            "properties": {
               "provisioningState": "Succeeded",
               "peerings": [],
               "authorizations": [],
ExpressRouteCircuitCreateOnExpressRoutePort.json#L6
        "type": "Microsoft.Network/expressRouteCircuits",
        "circuitName": "expressRouteCircuit1",
        "parameters": {
            "location": "westus",
            "sku": {
                "name": "Premium_MeteredData",
ExpressRouteCircuitCreateOnExpressRoutePort.json#L6
        "type": "Microsoft.Network/expressRouteCircuits",
        "circuitName": "expressRouteCircuit1",
        "parameters": {
            "location": "westus",
            "sku": {
                "name": "Premium_MeteredData",

Parameters

  • name required - string
  • type required - string
  • apiVersion required - string
  • location required - string

    Resource location.

  • tags optional - string

    Resource tags.

  • sku optional
      • name optional - string

        The name of the SKU.

      • tier optional - string

        The tier of the SKU.

      • family optional - string

        The family of the SKU.

  • properties required
      • allowClassicOperations optional - boolean

        Allow classic operations.

      • authorizations optional array
          • properties optional
            • name optional - string

              The name of the resource that is unique within a resource group. This name can be used to access the resource.

        • peerings optional array
            • properties optional
                • peeringType optional - string

                  The peering type.

                • state optional - string

                  The peering state.

                • peerASN optional - integer

                  The peer ASN.

                • primaryPeerAddressPrefix optional - string

                  The primary address prefix.

                • secondaryPeerAddressPrefix optional - string

                  The secondary address prefix.

                • sharedKey optional - string

                  The shared key.

                • vlanId optional - integer

                  The VLAN ID.

                • microsoftPeeringConfig optional
                    • advertisedPublicPrefixes optional - array

                      The reference to AdvertisedPublicPrefixes.

                    • advertisedCommunities optional - array

                      The communities of bgp peering. Specified for microsoft peering.

                    • legacyMode optional - integer

                      The legacy mode of the peering.

                    • customerASN optional - integer

                      The CustomerASN of the peering.

                    • routingRegistryName optional - string

                      The RoutingRegistryName of the configuration.

                • stats optional
                    • primarybytesIn optional - integer

                      The Primary BytesIn of the peering.

                    • primarybytesOut optional - integer

                      The primary BytesOut of the peering.

                    • secondarybytesIn optional - integer

                      The secondary BytesIn of the peering.

                    • secondarybytesOut optional - integer

                      The secondary BytesOut of the peering.

                • gatewayManagerEtag optional - string

                  The GatewayManager Etag.

                • routeFilter optional
                    • id required - string

                      Resource ID.

                • ipv6PeeringConfig optional
                    • primaryPeerAddressPrefix optional - string

                      The primary address prefix.

                    • secondaryPeerAddressPrefix optional - string

                      The secondary address prefix.

                    • microsoftPeeringConfig optional
                        • advertisedPublicPrefixes optional - array

                          The reference to AdvertisedPublicPrefixes.

                        • advertisedCommunities optional - array

                          The communities of bgp peering. Specified for microsoft peering.

                        • legacyMode optional - integer

                          The legacy mode of the peering.

                        • customerASN optional - integer

                          The CustomerASN of the peering.

                        • routingRegistryName optional - string

                          The RoutingRegistryName of the configuration.

                    • routeFilter optional
                        • id required - string

                          Resource ID.

                    • state optional - string

                      The state of peering.

                • expressRouteConnection optional
                    • id required - string

                      Resource ID.

            • name optional - string

              The name of the resource that is unique within a resource group. This name can be used to access the resource.

        • serviceProviderNotes optional - string

          The ServiceProviderNotes.

        • serviceProviderProperties optional
            • serviceProviderName optional - string

              The serviceProviderName.

            • peeringLocation optional - string

              The peering location.

            • bandwidthInMbps optional - integer

              The BandwidthInMbps.

        • expressRoutePort optional
            • id required - string

              Resource ID.

        • bandwidthInGbps optional - number

          The bandwidth of the circuit when the circuit is provisioned on an ExpressRoutePort resource.

        • gatewayManagerEtag optional - string

          The GatewayManager Etag.

    >> from Azure Resource Manager Documentation

    The Other Related Azure Network Resources

    Frequently asked questions

    What is Azure Network Circuit?

    Azure Network Circuit is a resource for Network of Microsoft Azure. Settings can be wrote in Terraform.

    Where can I find the example code for the Azure Network Circuit?

    For Terraform, the dmaxim/wimc-net, mgsj2006/azurerm-module-express-route and parmeet12singh/terraform_scripts source code examples are useful. See the Terraform Example section for further details.

    For Azure Resource Manager, the shawns1/shawns1CI, shawns1/shawns1CI and assing/alerts-extension source code examples are useful. See the Azure Resource Manager Example section for further details.

    security-icon

    Automate config file reviews on your commits

    Fix issues in your infrastructure as code with auto-generated patches.

    Table of Contents