Azure Network Subnet
This page shows how to write Terraform and Azure Resource Manager for Network Subnet and write them securely.
azurerm_subnet (Terraform)
The Subnet in Network can be configured in Terraform with the resource name azurerm_subnet
. The following sections describe 8 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_subnet" "hubsub1" {
name = "hubsub1"
resource_group_name = azurerm_resource_group.test.name
virtual_network_name = azurerm_virtual_network.hub.name
address_prefixes = ["10.1.10.0/24"]
}
resource "azurerm_subnet" "web-api" {
name = var.subnet_web_api
virtual_network_name = azurerm_virtual_network.main.name
resource_group_name = azurerm_resource_group.main.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_subnet" "subnet1" {
name = "subnet1"
resource_group_name = azurerm_resource_group.tamops.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefix = "192.168.1.0/24"
}
resource "azurerm_subnet" "we-project1" {
name = "project1"
resource_group_name = azurerm_resource_group.net.name
virtual_network_name = azurerm_virtual_network.we.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_subnet" "jinwoo-subnet-01" {
name = "subnet01"
resource_group_name = azurerm_resource_group.jinwoo-rg.name
virtual_network_name = azurerm_virtual_network.jinwoo-vnet.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_subnet" "subnet1" {
name = "subnet1"
resource_group_name = azurerm_resource_group.tamops.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefix = "192.168.1.0/24"
}
resource "azurerm_subnet" "web-subnet" {
name = "web-subnet"
virtual_network_name = azurerm_virtual_network.vnet01.name
resource_group_name = var.resource_group
address_prefix = var.websubnetcidr
}
resource "azurerm_subnet" "External_subnet" {
name = "External"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefix = "10.99.0.0/24"
}
Parameters
-
address_prefix
optional computed - string -
address_prefixes
optional computed - list of string -
enforce_private_link_endpoint_network_policies
optional - bool -
enforce_private_link_service_network_policies
optional - bool -
id
optional computed - string -
name
required - string -
resource_group_name
required - string -
service_endpoint_policy_ids
optional - set of string -
service_endpoints
optional - list of string -
virtual_network_name
required - string -
delegation
list block-
name
required - string -
service_delegation
list block
-
-
timeouts
single block
Explanation in Terraform Registry
Manages a subnet. Subnets represent network segments within the IP space defined by the virtual network.
NOTE on Virtual Networks and Subnet's: Terraform currently provides both a standalone Subnet resource, and allows for Subnets to be defined in-line within the Virtual Network resource. At this time you cannot use a Virtual Network with in-line Subnets in conjunction with any Subnet resources. Doing so will cause a conflict of Subnet configurations and will overwrite Subnet's.
Tips: Best Practices for The Other Azure Network Resources
In addition to the azurerm_network_security_group, Azure Network has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_network_security_group
Ensure to disable RDP port from the Internet
It is better to disable the RDP port from the Internet. RDP access should not be accepted from the Internet (*, 0.0.0.0, /0, internet, any), and consider using the Azure Bastion Service.
azurerm_network_security_rule
Ensure to set a more restrictive CIDR range for ingress from the internet
It is better to set a more restrictive CIDR range not to use very broad subnets. If possible, segments should be divided into smaller subnets.
azurerm_network_watcher_flow_log
Ensure to enable Retention policy for flow logs and set it to enough duration
It is better to enable a retention policy for flow logs. Flow logs show us all network activity in the cloud environment and support us when we face critical incidents.
Microsoft.Network/virtualNetworks/subnets (Azure Resource Manager)
The virtualNetworks/subnets in Microsoft.Network can be configured in Azure Resource Manager with the resource name Microsoft.Network/virtualNetworks/subnets
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"functions": [],
"variables": {
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminPassword": {
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"networkSecurityGroupName": {
Parameters
name
required - stringtype
required - stringapiVersion
required - stringproperties
requiredaddressPrefix
required - stringThe address prefix for the subnet.
addressPrefixes
optional - arrayList of address prefixes for the subnet.
networkSecurityGroup
optionalid
required - stringResource ID.
routeTable
optionalid
required - stringResource ID.
natGateway
optionalid
required - stringResource ID.
serviceEndpoints
optional arrayservice
optional - stringThe type of the endpoint service.
locations
optional - arrayA list of locations.
serviceEndpointPolicies
optional arrayid
required - stringResource ID.
ipAllocations
optional arrayid
required - stringResource ID.
delegations
optional arrayproperties
optionalserviceName
optional - stringThe name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers).
name
required - stringThe name of the resource that is unique within a subnet. This name can be used to access the resource.
privateEndpointNetworkPolicies
optional - stringEnable or Disable apply network policies on private end point in the subnet.
privateLinkServiceNetworkPolicies
optional - stringEnable or Disable apply network policies on private link service in the subnet.
Frequently asked questions
What is Azure Network Subnet?
Azure Network Subnet is a resource for Network of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Network Subnet?
For Terraform, the larryclaman/vpnscaffolds, llgjermeni/terraform-project and thomast1906/thomasthorntoncloud-examples source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the INGourav/bicep, INGourav/bicep and ruchipalchopra/AzureDevopsSelfHostedAgents source code examples are useful. See the Azure Resource Manager Example section for further details.