Azure Network NAT Gateway Association
This page shows how to write Terraform and Azure Resource Manager for Network NAT Gateway Association and write them securely.
azurerm_subnet_nat_gateway_association (Terraform)
The NAT Gateway Association in Network can be configured in Terraform with the resource name azurerm_subnet_nat_gateway_association
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_subnet_nat_gateway_association" "app_subnet_association" {
subnet_id = azurerm_virtual_network.vnet.subnet.*.id[1]
nat_gateway_id = azurerm_nat_gateway.nat_gw.id
}
resource "azurerm_subnet_nat_gateway_association" "dbs_subnet_association" {
subnet_id = azurerm_virtual_network.vnet.subnet.*.id[2]
resource "azurerm_subnet_nat_gateway_association" "server" {
subnet_id = azurerm_subnet.server.id
nat_gateway_id = azurerm_nat_gateway.natgw.id
}
resource "azurerm_subnet_nat_gateway_association" "webapp" {
resource "azurerm_subnet_nat_gateway_association" "snetlink1" {
subnet_id = azurerm_subnet.snet1.id
nat_gateway_id = azurerm_nat_gateway.ngw.id
}
resource "azurerm_subnet_nat_gateway_association" "snetlink2" {
resource "azurerm_subnet_nat_gateway_association" "assoc_private_nat" {
subnet_id = azurerm_subnet.privatesubnet.id
nat_gateway_id = azurerm_nat_gateway.nat_gateway.id
}
resource "azurerm_subnet_nat_gateway_association" "assoc_public_nat" {
subnet_id = azurerm_subnet.publicsubnet.id
resource "azurerm_subnet_nat_gateway_association" "subnet" {
subnet_id = var.subnet_id
nat_gateway_id = var.nat_gateway_id
resource "azurerm_subnet_nat_gateway_association" "databricks_private_subnet" {
count = var.use_nat_gateway == true ? 1 : 0
subnet_id = azurerm_subnet.databricks_private_subnet.id
nat_gateway_id = azurerm_nat_gateway.databricks[0].id
}
resource "azurerm_subnet_nat_gateway_association" "sub_nat_assoc_01" {
subnet_id = data.azurerm_subnet.subnet_01.id
nat_gateway_id = azurerm_nat_gateway.nat_gateway_01.id
}
resource "azurerm_subnet_nat_gateway_association" "nat_gateway_association" {
subnet_id = var.subnet_id
nat_gateway_id = azurerm_nat_gateway.nat_gateway.id
resource "azurerm_subnet_nat_gateway_association" "subnet" {
subnet_id = var.subnet_id
nat_gateway_id = var.nat_gateway_id
resource "azurerm_subnet_nat_gateway_association" "snetlink" {
count = length(local.snets)
subnet_id = element(azurerm_subnet.snets, count.index).id
nat_gateway_id = azurerm_nat_gateway.ngw.id
Parameters
-
id
optional computed - string -
nat_gateway_id
required - string -
subnet_id
required - string -
timeouts
single block
Explanation in Terraform Registry
Associates a NAT Gateway with a Subnet within a Virtual Network.
Tips: Best Practices for The Other Azure Network Resources
In addition to the azurerm_network_security_group, Azure Network has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_network_security_group
Ensure to disable RDP port from the Internet
It is better to disable the RDP port from the Internet. RDP access should not be accepted from the Internet (*, 0.0.0.0, /0, internet, any), and consider using the Azure Bastion Service.
azurerm_network_security_rule
Ensure to set a more restrictive CIDR range for ingress from the internet
It is better to set a more restrictive CIDR range not to use very broad subnets. If possible, segments should be divided into smaller subnets.
azurerm_network_watcher_flow_log
Ensure to enable Retention policy for flow logs and set it to enough duration
It is better to enable a retention policy for flow logs. Flow logs show us all network activity in the cloud environment and support us when we face critical incidents.
Microsoft.Network/virtualNetworks/subnets (Azure Resource Manager)
The virtualNetworks/subnets in Microsoft.Network can be configured in Azure Resource Manager with the resource name Microsoft.Network/virtualNetworks/subnets
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"functions": [],
"variables": {
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminPassword": {
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"networkSecurityGroupName": {
Parameters
name
required - stringtype
required - stringapiVersion
required - stringproperties
requiredaddressPrefix
required - stringThe address prefix for the subnet.
addressPrefixes
optional - arrayList of address prefixes for the subnet.
networkSecurityGroup
optionalid
required - stringResource ID.
routeTable
optionalid
required - stringResource ID.
natGateway
optionalid
required - stringResource ID.
serviceEndpoints
optional arrayservice
optional - stringThe type of the endpoint service.
locations
optional - arrayA list of locations.
serviceEndpointPolicies
optional arrayid
required - stringResource ID.
ipAllocations
optional arrayid
required - stringResource ID.
delegations
optional arrayproperties
optionalserviceName
optional - stringThe name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers).
name
required - stringThe name of the resource that is unique within a subnet. This name can be used to access the resource.
privateEndpointNetworkPolicies
optional - stringEnable or Disable apply network policies on private end point in the subnet.
privateLinkServiceNetworkPolicies
optional - stringEnable or Disable apply network policies on private link service in the subnet.
Frequently asked questions
What is Azure Network NAT Gateway Association?
Azure Network NAT Gateway Association is a resource for Network of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Network NAT Gateway Association?
For Terraform, the sanjayap/azure-infra, johankardell/azure and akapernaros/iac_azure_network source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the INGourav/bicep, INGourav/bicep and ruchipalchopra/AzureDevopsSelfHostedAgents source code examples are useful. See the Azure Resource Manager Example section for further details.