Top / Microsoft Azure / Azure Network / NAT Gateway

Azure Network NAT Gateway

This page shows how to write Terraform and Azure Resource Manager for Network NAT Gateway and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_nat_gateway (Terraform)

The NAT Gateway in Network can be configured in Terraform with the resource name azurerm_nat_gateway. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

nat_gateway_test.tf#L28
resource "azurerm_nat_gateway" "my_gateway" {
  name                    = "nat-Gateway"
  location                = azurerm_resource_group.example.location
  resource_group_name     = azurerm_resource_group.example.name
  public_ip_address_ids   = [azurerm_public_ip.example.id]
  public_ip_prefix_ids    = [azurerm_public_ip_prefix.example.id]
natgateway.tf#L1
resource "azurerm_nat_gateway" "ngw" {
  depends_on = [azurerm_kubernetes_cluster.k8s, azurerm_kubernetes_cluster_node_pool.user]
  name                    = local.nat-name
  location                = var.region_name
  resource_group_name     = azurerm_resource_group.resourcegroup.name
  public_ip_prefix_ids    = [ azurerm_public_ip_prefix.ngw.id ]
main.tf#L21
resource "azurerm_nat_gateway" "natgw" {
  name                = var.name
  location            = var.location
  resource_group_name = var.resource_group_name
  sku_name            = "Standard"
natgateway.tf#L9
resource "azurerm_nat_gateway" "natgw" {
  name                    = "NATGW"
  location                = azurerm_resource_group.plspenat.location
  resource_group_name     = azurerm_resource_group.plspenat.name
  sku_name                = "Standard"
  idle_timeout_in_minutes = 10
main.tf#L13
resource "azurerm_nat_gateway" "natgw" {
  name                    = var.natgw_name
  location                = module.rg.rg_location
  resource_group_name     = module.rg.rg_name
  sku_name                = "Standard"
  idle_timeout_in_minutes = 10
main.tf#L1
resource "azurerm_nat_gateway" "nat_gateway" {
  name                = var.name
  location            = var.location
  resource_group_name = var.resource_group_name
}
main.tf#L14
resource "azurerm_nat_gateway" "natgw" {
  name                    = "nat-Gateway"
  location                = data.azurerm_resource_group.natgw.location
  resource_group_name     = data.azurerm_resource_group.natgw.name
  public_ip_address_ids   = [azurerm_public_ip.natgw.id]
  sku_name                = "Standard"
main.tf#L34
resource "azurerm_nat_gateway" "nat-gw" {
  name                    = "trake-nat-gateway"
  location                = azurerm_resource_group.rg.location
  resource_group_name     = azurerm_resource_group.rg.name
  public_ip_address_ids   = [azurerm_public_ip.p-ip.id]
  public_ip_prefix_ids    = [azurerm_public_ip_prefix.p-ip-px.id]
nat-gateway.tf#L10
resource "azurerm_nat_gateway" "nat_vmms_outbound" {
  resource_group_name = var.rg_name
  location            = var.location
  name                = "nat-vmss-outbound"

  idle_timeout_in_minutes = 15
nat_gateway.tf#L1
resource "azurerm_nat_gateway" "natgateway-marketplace-financial-prod" {
  name                    = "natgateway-marketplace-financial-prod"
  location                = var.BRS
  resource_group_name     = azurerm_resource_group.Marketplace-financeiro-prod.name
  public_ip_address_ids   = [azurerm_public_ip.IP-Public-Marketplace-Financial-prod4.id]
  sku_name                = "Standard"

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Azure NAT Gateway.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Network Resources

In addition to the azurerm_network_security_group, Azure Network has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_network_security_group

Ensure to disable RDP port from the Internet

It is better to disable the RDP port from the Internet. RDP access should not be accepted from the Internet (*, 0.0.0.0, /0, internet, any), and consider using the Azure Bastion Service.

risk-label

azurerm_network_security_rule

Ensure to set a more restrictive CIDR range for ingress from the internet

It is better to set a more restrictive CIDR range not to use very broad subnets. If possible, segments should be divided into smaller subnets.

risk-label

azurerm_network_watcher_flow_log

Ensure to enable Retention policy for flow logs and set it to enough duration

It is better to enable a retention policy for flow logs. Flow logs show us all network activity in the cloud environment and support us when we face critical incidents.

Review your Azure Network settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Network/natGateways (Azure Resource Manager)

The natGateways in Microsoft.Network can be configured in Azure Resource Manager with the resource name Microsoft.Network/natGateways. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

NatGatewayCreateOrUpdate.json#L54
        "type": "Microsoft.Network/natGateways"
      }
    },
    "201": {
      "body": {
        "name": "test-natGateway",
NatGatewayCreateOrUpdate.json#L54
        "type": "Microsoft.Network/natGateways"
      }
    },
    "201": {
      "body": {
        "name": "test-natGateway",
NatGatewayCreateOrUpdate.json#L54
        "type": "Microsoft.Network/natGateways"
      }
    },
    "201": {
      "body": {
        "name": "test-natGateway",
NatGatewayCreateOrUpdate.json#L54
        "type": "Microsoft.Network/natGateways"
      }
    },
    "201": {
      "body": {
        "name": "test-natGateway",
NatGatewayCreateOrUpdate.json#L54
        "type": "Microsoft.Network/natGateways"
      }
    },
    "201": {
      "body": {
        "name": "test-natGateway",
NatGatewayCreateOrUpdate.json#L54
        "type": "Microsoft.Network/natGateways"
      }
    },
    "201": {
      "body": {
        "name": "test-natGateway",
NatGatewayCreateOrUpdate.json#L54
        "type": "Microsoft.Network/natGateways"
      }
    },
    "201": {
      "body": {
        "name": "test-natGateway",
NatGatewayCreateOrUpdate.json#L54
        "type": "Microsoft.Network/natGateways"
      }
    },
    "201": {
      "body": {
        "name": "test-natGateway",
NatGatewayCreateOrUpdate.json#L54
        "type": "Microsoft.Network/natGateways"
      }
    },
    "201": {
      "body": {
        "name": "test-natGateway",
NatGatewayCreateOrUpdate.json#L54
        "type": "Microsoft.Network/natGateways"
      }
    },
    "201": {
      "body": {
        "name": "test-natGateway",

Parameters

  • name required - string
  • type required - string
  • apiVersion required - string
  • location required - string

    Resource location.

  • tags optional - string

    Resource tags.

  • sku optional
      • name optional - string

        Name of Nat Gateway SKU.

  • properties required
      • idleTimeoutInMinutes optional - integer

        The idle timeout of the nat gateway.

      • publicIpAddresses optional array
          • id required - string

            Resource ID.

      • publicIpPrefixes optional array
          • id required - string

            Resource ID.

  • zones optional - array

    A list of availability zones denoting the zone in which Nat Gateway should be deployed.

>> from Azure Resource Manager Documentation

The Other Related Azure Network Resources

Frequently asked questions

What is Azure Network NAT Gateway?

Azure Network NAT Gateway is a resource for Network of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Network NAT Gateway?

For Terraform, the gilyas/infracost, akapernaros/iac_azure_aks and YipCyrus/terraform source code examples are useful. See the Terraform Example section for further details.

For Azure Resource Manager, the jashsing-mic/azure-rest-api-specs, jashsing-mic/azure-rest-api-specs and jashsing-mic/azure-rest-api-specs source code examples are useful. See the Azure Resource Manager Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents