Azure Network Route Table Association
This page shows how to write Terraform and Azure Resource Manager for Network Route Table Association and write them securely.
azurerm_subnet_route_table_association (Terraform)
The Route Table Association in Network can be configured in Terraform with the resource name azurerm_subnet_route_table_association. The following sections describe 6 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_subnet_route_table_association" "Gateway_Subnet_Assoc" {
subnet_id = azurerm_subnet.Gateway_subnet.id
route_table_id = azurerm_route_table.GWRT.id
}
resource "azurerm_subnet" "Internal_subnet" {
resource "azurerm_subnet_route_table_association" "hub_gateway" {
subnet_id = azurerm_subnet.hub_gateway.id
route_table_id = azurerm_route_table.hub_gateway.id
depends_on = ["azurerm_subnet.hub_gateway"]
}
resource "azurerm_subnet_route_table_association" "aks_00" {
route_table_id = azurerm_route_table.route_table.id
subnet_id = azurerm_subnet.aks_00_subnet.id
}
resource "azurerm_subnet_route_table_association" "aks_01" {
resource "azurerm_subnet_route_table_association" "udr_associate" {
route_table_id = var.udr_id
subnet_id = var.private_subnet_id
}
resource "azurerm_subnet_route_table_association" "udr_associate2" {
resource "azurerm_subnet_route_table_association" "dmz-associate" {
subnet_id = azurerm_subnet.dmz_subnet.id
route_table_id = azurerm_route_table.dmz.id
}
resource "azurerm_subnet_route_table_association" "internal-associate" {
resource "azurerm_subnet_route_table_association" "DMZ1_Subnet_Assoc" {
subnet_id = azurerm_subnet.DMZ1_subnet.id
route_table_id = azurerm_route_table.DMZ1RT.id
}
resource "azurerm_subnet" "DMZ2_subnet" {
Parameters
-
idoptional computed - string -
route_table_idrequired - string -
subnet_idrequired - string -
timeoutssingle block
Explanation in Terraform Registry
Associates a Route Table with a Subnet within a Virtual Network.
Tips: Best Practices for The Other Azure Network Resources
In addition to the azurerm_network_security_group, Azure Network has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_network_security_group
Ensure to disable RDP port from the Internet
It is better to disable the RDP port from the Internet. RDP access should not be accepted from the Internet (*, 0.0.0.0, /0, internet, any), and consider using the Azure Bastion Service.
azurerm_network_security_rule
Ensure to set a more restrictive CIDR range for ingress from the internet
It is better to set a more restrictive CIDR range not to use very broad subnets. If possible, segments should be divided into smaller subnets.
azurerm_network_watcher_flow_log
Ensure to enable Retention policy for flow logs and set it to enough duration
It is better to enable a retention policy for flow logs. Flow logs show us all network activity in the cloud environment and support us when we face critical incidents.
Microsoft.Network/virtualNetworks/subnets (Azure Resource Manager)
The virtualNetworks/subnets in Microsoft.Network can be configured in Azure Resource Manager with the resource name Microsoft.Network/virtualNetworks/subnets. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"functions": [],
"variables": {
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminPassword": {
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"networkSecurityGroupName": {
Parameters
namerequired - stringtyperequired - stringapiVersionrequired - stringpropertiesrequiredaddressPrefixrequired - stringThe address prefix for the subnet.
addressPrefixesoptional - arrayList of address prefixes for the subnet.
networkSecurityGroupoptionalidrequired - stringResource ID.
routeTableoptionalidrequired - stringResource ID.
natGatewayoptionalidrequired - stringResource ID.
serviceEndpointsoptional arrayserviceoptional - stringThe type of the endpoint service.
locationsoptional - arrayA list of locations.
serviceEndpointPoliciesoptional arrayidrequired - stringResource ID.
ipAllocationsoptional arrayidrequired - stringResource ID.
delegationsoptional arraypropertiesoptionalserviceNameoptional - stringThe name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers).
namerequired - stringThe name of the resource that is unique within a subnet. This name can be used to access the resource.
privateEndpointNetworkPoliciesoptional - stringEnable or Disable apply network policies on private end point in the subnet.
privateLinkServiceNetworkPoliciesoptional - stringEnable or Disable apply network policies on private link service in the subnet.
Frequently asked questions
What is Azure Network Route Table Association?
Azure Network Route Table Association is a resource for Network of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Network Route Table Association?
For Terraform, the rdarst/Terraform-CheckPoint_Azure-ScaleSet_R80.40, jeffan18/Terraform-code-Azure-App.Services and hmcts/aks-module-network source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the INGourav/bicep, INGourav/bicep and ruchipalchopra/AzureDevopsSelfHostedAgents source code examples are useful. See the Azure Resource Manager Example section for further details.
