Azure Network Route
This page shows how to write Terraform and Azure Resource Manager for Network Route and write them securely.
azurerm_route (Terraform)
The Route in Network can be configured in Terraform with the resource name azurerm_route
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_route" "training-Internet-Route" {
name = "Internet"
resource_group_name = azurerm_resource_group.default.name
route_table_name = azurerm_route_table.rt-training.name
address_prefix = "0.0.0.0/0"
next_hop_type = "Internet"
resource "azurerm_route" "EUS-Route1" {
name = "EUS-Route1"
resource_group_name = azurerm_resource_group.example.name
route_table_name = azurerm_route_table.EUS-RT.name
address_prefix = "10.3.0.0/16"
next_hop_type = "VirtualAppliance"
resource "azurerm_route" "vnet-ad-prod-weu-001-route-wvd" {
name = "vnet-ad-prod-weu-001"
resource_group_name = azurerm_resource_group.rg-wvd-prod.name
route_table_name = azurerm_route_table.route-wvd.name
address_prefix = "172.23.179.0/29"
next_hop_type = "VirtualAppliance"
resource "azurerm_route" "public-inet" {
count = length(local.public_subnets)
address_prefix = "0.0.0.0/0"
name = "public-inet"
next_hop_type = "Internet"
resource_group_name = data.azurerm_resource_group.this.name
resource "azurerm_route" "training-Internet-Route" {
name = "Internet"
resource_group_name = azurerm_resource_group.default.name
route_table_name = azurerm_route_table.rt-training.name
address_prefix = "0.0.0.0/0"
next_hop_type = "Internet"
resource "azurerm_route" "nva_route" {
name = "NVA"
resource_group_name = azurerm_resource_group.rtrg.name
route_table_name = azurerm_route_table.rt.name
address_prefix = "0.0.0.0/0"
next_hop_type = "VirtualAppliance"
resource "azurerm_route" "hubvnet-managementsubnet-to-internet" {
name = "hubvnet-managementsubnet-to-internet"
resource_group_name = azurerm_resource_group.rg.name
route_table_name = azurerm_route_table.route-hubvnet-managementsubnet.name
address_prefix = "0.0.0.0/0"
next_hop_type = "VirtualAppliance"
resource "azurerm_route" "finance_subnet_route_internet" {
name = "my-route-to-internet"
resource_group_name = azurerm_resource_group.hub_spoke_rg.name
route_table_name = azurerm_route_table.finance_route_table.name
address_prefix = "0.0.0.0/0"
next_hop_type = "VirtualAppliance"
resource "azurerm_route" "AZ_to_Net" {
name = "AZ_to_Net"
resource_group_name = azurerm_resource_group.terra-rg.name
route_table_name = azurerm_route_table.main_route.name
address_prefix = "10.84.1.0/26"
# next_hop_type = "VnetLocal"
resource "azurerm_route" "dmz_internal" {
name = join("_", [ module.global_common_base.name_prefix_short, var.subnet_shortname_dmz, "internal" ] )
resource_group_name = azurerm_resource_group.main.name
route_table_name = azurerm_route_table.internal.name
address_prefix = azurerm_subnet.dmz.address_prefix
next_hop_type = "vnetlocal"
Parameters
-
address_prefix
required - string -
id
optional computed - string -
name
required - string -
next_hop_in_ip_address
optional - string -
next_hop_type
required - string -
resource_group_name
required - string -
route_table_name
required - string -
timeouts
single block
Explanation in Terraform Registry
Manages a Route within a Route Table.
NOTE on Route Tables and Routes: Terraform currently provides both a standalone Route resource, and allows for Routes to be defined in-line within the Route Table resource. At this time you cannot use a Route Table with in-line Routes in conjunction with any Route resources. Doing so will cause a conflict of Route configurations and will overwrite Routes.
Tips: Best Practices for The Other Azure Network Resources
In addition to the azurerm_network_security_group, Azure Network has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_network_security_group
Ensure to disable RDP port from the Internet
It is better to disable the RDP port from the Internet. RDP access should not be accepted from the Internet (*, 0.0.0.0, /0, internet, any), and consider using the Azure Bastion Service.
azurerm_network_security_rule
Ensure to set a more restrictive CIDR range for ingress from the internet
It is better to set a more restrictive CIDR range not to use very broad subnets. If possible, segments should be divided into smaller subnets.
azurerm_network_watcher_flow_log
Ensure to enable Retention policy for flow logs and set it to enough duration
It is better to enable a retention policy for flow logs. Flow logs show us all network activity in the cloud environment and support us when we face critical incidents.
Microsoft.Network/routeTables/routes (Azure Resource Manager)
The routeTables/routes in Microsoft.Network can be configured in Azure Resource Manager with the resource name Microsoft.Network/routeTables/routes
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
name
required - stringtype
required - stringapiVersion
required - stringproperties
requiredaddressPrefix
required - stringThe destination CIDR to which the route applies.
nextHopType
required - stringThe type of Azure hop the packet should be sent to.
nextHopIpAddress
optional - stringThe IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance.
hasBgpOverride
optional - booleanA value indicating whether this route overrides overlapping BGP routes regardless of LPM.
Frequently asked questions
What is Azure Network Route?
Azure Network Route is a resource for Network of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Network Route?
For Terraform, the udit1926/Terraform_test, Oddjob62/AzureFirewall and sajipoochira/AzureWVD-Terraform source code examples are useful. See the Terraform Example section for further details.