Top / Microsoft Azure / Azure Network / Connection

Azure Network Connection

This page shows how to write Terraform and Azure Resource Manager for Network Connection and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_virtual_hub_connection (Terraform)

The Connection in Network can be configured in Terraform with the resource name azurerm_virtual_hub_connection. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

vwan.tf#L27
 resource "azurerm_virtual_hub_connection" "microhack-eus2-hub-spoke1" {
  name                      = "eus2-hub-spoke1"
  virtual_hub_id            = azurerm_virtual_hub.microhack-eus2-hub.id
  remote_virtual_network_id = azurerm_virtual_network.spoke-1-vnet.id
}
 resource "azurerm_virtual_hub_connection" "microhack-eus2-hub-spoke2" {
vnets.tf#L113
resource "azurerm_virtual_hub_connection" "vnet-2-northeurope-hub" {
  name                      = "vnet-2-northeurope-hub"
  virtual_hub_id            = azurerm_virtual_hub.HUB-NorthEurope.id
  remote_virtual_network_id = azurerm_virtual_network.vnet-2.id
}
main.tf#L6
resource "azurerm_virtual_hub_connection" "R1_Red_1" {
  name                      = "R1_Red_1"
  virtual_hub_id            = data.azurerm_virtual_hub.VH_R1.id
  remote_virtual_network_id = data.azurerm_virtual_network.R1_Red_1.id
}
main.tf#L16
resource "azurerm_virtual_hub_connection" "R1_Red_1" {
  name                      = "R1_Red_1"
  virtual_hub_id            = data.azurerm_virtual_hub.VH_R1.id
  remote_virtual_network_id = data.azurerm_virtual_network.R1_Red_1.id

  routing {
main.tf#L30
resource "azurerm_virtual_hub_connection" "R1_Red_1" {
  name                      = "R1_Red_1"
  virtual_hub_id            = data.azurerm_virtual_hub.VH_R1.id
  remote_virtual_network_id = data.azurerm_virtual_network.R1_Red_1.id

  routing {
main.tf#L26
resource "azurerm_virtual_hub_connection" "R1_Red_1" {
  name                      = "R1_Red_1"
  virtual_hub_id            = data.azurerm_virtual_hub.VH_R1.id
  remote_virtual_network_id = data.azurerm_virtual_network.R1_Red_1.id

  routing {
main.tf#L26
resource "azurerm_virtual_hub_connection" "R1_Red_1" {
  name                      = "R1_Red_1"
  virtual_hub_id            = data.azurerm_virtual_hub.VH_R1.id
  remote_virtual_network_id = data.azurerm_virtual_network.R1_Red_1.id

  routing {
vwan.tf#L61
resource "azurerm_virtual_hub_connection" "westeu_vnet_to_westeu_vHub" {
  name                      = "westeu_vnet_to_westeu_vHub"
  virtual_hub_id            = azurerm_virtual_hub.westeu_vHub.id
  remote_virtual_network_id = azurerm_virtual_network.mre_az_hub1_useast.id  //typo in the name of the vnet , should be mre_az_westeu_hub1 to highlight real region name

  routing  {
hub.tf#L182
resource "azurerm_virtual_hub_connection" "spoke1" {
  name                      = "CONN_SPOKE1"
  virtual_hub_id            = azurerm_virtual_hub.vwan_hub.id
  remote_virtual_network_id = azurerm_virtual_network.spoke1.id
  # default values, TF wants to destroy without changes without explicitly defining
  vitual_network_to_hub_gateways_traffic_allowed = true
vwanvpn.tf#L48
resource "azurerm_virtual_hub_connection" "spoke1-conn" {
  name                = "spoke1-conn"
  virtual_hub_id      = azurerm_virtual_hub.demo-we-hub.id
  remote_virtual_network_id = azurerm_virtual_network.spoke1.id
}
resource "azurerm_virtual_hub_connection" "spoke2-conn" {

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Connection for a Virtual Hub.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Network Resources

In addition to the azurerm_network_security_group, Azure Network has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_network_security_group

Ensure to disable RDP port from the Internet

It is better to disable the RDP port from the Internet. RDP access should not be accepted from the Internet (*, 0.0.0.0, /0, internet, any), and consider using the Azure Bastion Service.

risk-label

azurerm_network_security_rule

Ensure to set a more restrictive CIDR range for ingress from the internet

It is better to set a more restrictive CIDR range not to use very broad subnets. If possible, segments should be divided into smaller subnets.

risk-label

azurerm_network_watcher_flow_log

Ensure to enable Retention policy for flow logs and set it to enough duration

It is better to enable a retention policy for flow logs. Flow logs show us all network activity in the cloud environment and support us when we face critical incidents.

Review your Azure Network settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Network/virtualHubs/hubVirtualNetworkConnections (Azure Resource Manager)

The virtualHubs/hubVirtualNetworkConnections in Microsoft.Network can be configured in Azure Resource Manager with the resource name Microsoft.Network/virtualHubs/hubVirtualNetworkConnections. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

  • name required - string
  • type required - string
  • apiVersion required - string
  • properties required
      • remoteVirtualNetwork optional
          • id required - string

            Resource ID.

      • allowHubToRemoteVnetTransit optional - boolean

        Deprecated: VirtualHub to RemoteVnet transit to enabled or not.

      • allowRemoteVnetToUseHubVnetGateways optional - boolean

        Deprecated: Allow RemoteVnet to use Virtual Hub's gateways.

      • enableInternetSecurity optional - boolean

        Enable internet security.

      • routingConfiguration optional
          • associatedRouteTable optional
              • id required - string

                Resource ID.

          • propagatedRouteTables optional
              • labels optional - array

                The list of labels.

              • ids optional array
                  • id required - string

                    Resource ID.

          • vnetRoutes optional
              • staticRoutes optional array
                  • name optional - string

                    The name of the StaticRoute that is unique within a VnetRoute.

                  • addressPrefixes optional - array

                    List of all address prefixes.

                  • nextHopIpAddress optional - string

                    The ip address of the next hop.

>> from Azure Resource Manager Documentation

The Other Related Azure Network Resources

Frequently asked questions

What is Azure Network Connection?

Azure Network Connection is a resource for Network of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Network Connection?

For Terraform, the zipphreak/azure-vwan-microhack2.0, SzkolaDevNet/Terraform-Azure-vWAN and ipspace/pubcloud source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents