Top / Microsoft Azure / Azure Network / Route

Azure Network Route

This page shows how to write Terraform and Azure Resource Manager for Network Route and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_route (Terraform)

The Route in Network can be configured in Terraform with the resource name azurerm_route. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

network.tf#L79
resource "azurerm_route" "training-Internet-Route" {
  name                = "Internet"
  resource_group_name = azurerm_resource_group.default.name
  route_table_name    = azurerm_route_table.rt-training.name
  address_prefix      = "0.0.0.0/0"
  next_hop_type       = "Internet"
routing.tf#L7
resource "azurerm_route" "EUS-Route1" {
  name                   = "EUS-Route1"
  resource_group_name    = azurerm_resource_group.example.name
  route_table_name       = azurerm_route_table.EUS-RT.name
  address_prefix         = "10.3.0.0/16"
  next_hop_type          = "VirtualAppliance"
Routes.tf#L3
resource "azurerm_route" "vnet-ad-prod-weu-001-route-wvd" {
  name                = "vnet-ad-prod-weu-001"
  resource_group_name = azurerm_resource_group.rg-wvd-prod.name
  route_table_name    = azurerm_route_table.route-wvd.name
  address_prefix      = "172.23.179.0/29"
  next_hop_type       = "VirtualAppliance"
vpc.tf#L82
resource "azurerm_route" "public-inet" {
  count               = length(local.public_subnets)
  address_prefix      = "0.0.0.0/0"
  name                = "public-inet"
  next_hop_type       = "Internet"
  resource_group_name = data.azurerm_resource_group.this.name
network.tf#L79
resource "azurerm_route" "training-Internet-Route" {
  name                = "Internet"
  resource_group_name = azurerm_resource_group.default.name
  route_table_name    = azurerm_route_table.rt-training.name
  address_prefix      = "0.0.0.0/0"
  next_hop_type       = "Internet"
routetable.tf#L26
resource "azurerm_route" "nva_route" {
  name                = "NVA"
  resource_group_name = azurerm_resource_group.rtrg.name
  route_table_name    = azurerm_route_table.rt.name
  address_prefix      = "0.0.0.0/0"
  next_hop_type       = "VirtualAppliance"
routetable.tf#L10
resource "azurerm_route" "hubvnet-managementsubnet-to-internet" {
  name                = "hubvnet-managementsubnet-to-internet"
  resource_group_name = azurerm_resource_group.rg.name
  route_table_name    = azurerm_route_table.route-hubvnet-managementsubnet.name
  address_prefix      = "0.0.0.0/0"
  next_hop_type       = "VirtualAppliance"
routetable.tf#L8
resource "azurerm_route" "finance_subnet_route_internet" {
  name                    = "my-route-to-internet"
  resource_group_name     = azurerm_resource_group.hub_spoke_rg.name
  route_table_name        = azurerm_route_table.finance_route_table.name
  address_prefix          = "0.0.0.0/0"
  next_hop_type           = "VirtualAppliance"
route.tf#L37
resource "azurerm_route" "AZ_to_Net" {
  name                   = "AZ_to_Net"
  resource_group_name   = azurerm_resource_group.terra-rg.name
  route_table_name       = azurerm_route_table.main_route.name
  address_prefix         = "10.84.1.0/26"
#  next_hop_type       = "VnetLocal"
subnet_routes.tf#L10
resource "azurerm_route" "dmz_internal" {
  name                = join("_", [ module.global_common_base.name_prefix_short, var.subnet_shortname_dmz, "internal" ] )
  resource_group_name = azurerm_resource_group.main.name
  route_table_name    = azurerm_route_table.internal.name
  address_prefix      = azurerm_subnet.dmz.address_prefix
  next_hop_type       = "vnetlocal"

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Route within a Route Table.

NOTE on Route Tables and Routes: Terraform currently provides both a standalone Route resource, and allows for Routes to be defined in-line within the Route Table resource. At this time you cannot use a Route Table with in-line Routes in conjunction with any Route resources. Doing so will cause a conflict of Route configurations and will overwrite Routes.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Network Resources

In addition to the azurerm_network_security_group, Azure Network has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_network_security_group

Ensure to disable RDP port from the Internet

It is better to disable the RDP port from the Internet. RDP access should not be accepted from the Internet (*, 0.0.0.0, /0, internet, any), and consider using the Azure Bastion Service.

risk-label

azurerm_network_security_rule

Ensure to set a more restrictive CIDR range for ingress from the internet

It is better to set a more restrictive CIDR range not to use very broad subnets. If possible, segments should be divided into smaller subnets.

risk-label

azurerm_network_watcher_flow_log

Ensure to enable Retention policy for flow logs and set it to enough duration

It is better to enable a retention policy for flow logs. Flow logs show us all network activity in the cloud environment and support us when we face critical incidents.

Review your Azure Network settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Network/routeTables/routes (Azure Resource Manager)

The routeTables/routes in Microsoft.Network can be configured in Azure Resource Manager with the resource name Microsoft.Network/routeTables/routes. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

  • name required - string
  • type required - string
  • apiVersion required - string
  • properties required
      • addressPrefix required - string

        The destination CIDR to which the route applies.

      • nextHopType required - string

        The type of Azure hop the packet should be sent to.

      • nextHopIpAddress optional - string

        The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance.

      • hasBgpOverride optional - boolean

        A value indicating whether this route overrides overlapping BGP routes regardless of LPM.

>> from Azure Resource Manager Documentation

The Other Related Azure Network Resources

Frequently asked questions

What is Azure Network Route?

Azure Network Route is a resource for Network of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Network Route?

For Terraform, the udit1926/Terraform_test, Oddjob62/AzureFirewall and sajipoochira/AzureWVD-Terraform source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents