Azure Network Virtual Wan
This page shows how to write Terraform and Azure Resource Manager for Network Virtual Wan and write them securely.
azurerm_virtual_wan (Terraform)
The Virtual Wan in Network can be configured in Terraform with the resource name azurerm_virtual_wan
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_virtual_wan" "vwan" {
name = "vwan"
resource_group_name = data.azurerm_resource_group.main_rg.name
location = data.azurerm_resource_group.main_rg.location
resource "azurerm_virtual_wan" "vwan" {
name = "vwan"
resource_group_name = data.azurerm_resource_group.main_rg.name
location = data.azurerm_resource_group.main_rg.location
resource "azurerm_virtual_wan" "vwan" {
name = var.wanname
resource_group_name = var.rsg
location = var.location
tags = {
resource "azurerm_virtual_wan" "microhack-vwan" {
name = "microhack-vwan"
resource_group_name = azurerm_resource_group.vwan-microhack-hub-rg.name
location = var.location-vwan
}
resource "azurerm_virtual_wan" "vwan" {
name = var.wanname
resource_group_name = var.rsg
location = var.location
tags = {
resource "azurerm_virtual_wan" "test" {
name = "cwan-vwan"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
}
resource "azurerm_virtual_wan" "vwan" {
name = azurecaf_name.vwan.result
resource_group_name = var.resource_group_name
location = var.location
tags = local.tags
resource "azurerm_virtual_wan" "this" {
allow_branch_to_branch_traffic = var.allow_branch_to_branch_traffic
allow_vnet_to_vnet_traffic = var.allow_vnet_to_vnet_traffic
disable_vpn_encryption = var.disable_vpn_encryption
location = var.location
name = var.name
resource "azurerm_virtual_wan" "vwan" {
for_each = var.vwans
name = each.value.name
resource_group_name = azurerm_resource_group.rg[each.value.resource_group_key].name
location = each.key
resource "azurerm_virtual_wan" "example" {
name = "example-virtualwan"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
}
Parameters
-
allow_branch_to_branch_traffic
optional - bool -
allow_vnet_to_vnet_traffic
optional - bool -
disable_vpn_encryption
optional - bool -
id
optional computed - string -
location
required - string -
name
required - string -
office365_local_breakout_category
optional - string -
resource_group_name
required - string -
tags
optional - map from string to string -
type
optional - string -
timeouts
single block
Explanation in Terraform Registry
Manages a Virtual WAN.
Tips: Best Practices for The Other Azure Network Resources
In addition to the azurerm_network_security_group, Azure Network has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_network_security_group
Ensure to disable RDP port from the Internet
It is better to disable the RDP port from the Internet. RDP access should not be accepted from the Internet (*, 0.0.0.0, /0, internet, any), and consider using the Azure Bastion Service.
azurerm_network_security_rule
Ensure to set a more restrictive CIDR range for ingress from the internet
It is better to set a more restrictive CIDR range not to use very broad subnets. If possible, segments should be divided into smaller subnets.
azurerm_network_watcher_flow_log
Ensure to enable Retention policy for flow logs and set it to enough duration
It is better to enable a retention policy for flow logs. Flow logs show us all network activity in the cloud environment and support us when we face critical incidents.
Microsoft.Network/virtualWans (Azure Resource Manager)
The virtualWans in Microsoft.Network can be configured in Azure Resource Manager with the resource name Microsoft.Network/virtualWans
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Network/virtualWans",
"deploymentScope": "Subscription",
"existenceScope": "ResourceGroup",
"name": "[parameters('vwanname')]",
"resourceGroupName": "[parameters('rgName')]",
"roleDefinitionIds": [
"type": "Microsoft.Network/virtualWans",
"deploymentScope": "Subscription",
"existenceScope": "ResourceGroup",
"name": "[parameters('vwanname')]",
"resourceGroupName": "[parameters('rgName')]",
"roleDefinitionIds": [
"type": "Microsoft.Network/virtualWans",
"deploymentScope": "Subscription",
"existenceScope": "ResourceGroup",
"name": "[parameters('vwanname')]",
"resourceGroupName": "[parameters('rgName')]",
"roleDefinitionIds": [
"type": "Microsoft.Network/virtualWans",
"deploymentScope": "Subscription",
"existenceScope": "ResourceGroup",
"name": "[parameters('vwanname')]",
"resourceGroupName": "[parameters('rgName')]",
"roleDefinitionIds": [
"type": "Microsoft.Network/virtualWans",
"deploymentScope": "Subscription",
"existenceScope": "ResourceGroup",
"name": "[parameters('vwanname')]",
"resourceGroupName": "[parameters('rgName')]",
"roleDefinitionIds": [
"type": "Microsoft.Network/virtualWans",
"deploymentScope": "Subscription",
"existenceScope": "ResourceGroup",
"name": "[parameters('vwanname')]",
"resourceGroupName": "[parameters('rgName')]",
"roleDefinitionIds": [
"type": "Microsoft.Network/virtualWans",
"deploymentScope": "Subscription",
"existenceScope": "ResourceGroup",
"name": "[parameters('vwanname')]",
"resourceGroupName": "[parameters('rgName')]",
"roleDefinitionIds": [
"type": "Microsoft.Network/virtualWans",
"deploymentScope": "Subscription",
"existenceScope": "ResourceGroup",
"name": "[parameters('vwanname')]",
"resourceGroupName": "[parameters('rgName')]",
"roleDefinitionIds": [
"type": "Microsoft.Network/virtualWans",
"deploymentScope": "Subscription",
"existenceScope": "ResourceGroup",
"name": "[parameters('vwanname')]",
"resourceGroupName": "[parameters('rgName')]",
"roleDefinitionIds": [
"type": "Microsoft.Network/virtualWans",
"deploymentScope": "Subscription",
"existenceScope": "ResourceGroup",
"name": "[parameters('vwanname')]",
"resourceGroupName": "[parameters('rgName')]",
"roleDefinitionIds": [
Parameters
name
required - stringtype
required - stringapiVersion
required - stringlocation
required - stringResource location.
tags
optional - stringResource tags.
properties
requireddisableVpnEncryption
optional - booleanVpn encryption to be disabled or not.
allowBranchToBranchTraffic
optional - booleanTrue if branch to branch traffic is allowed.
allowVnetToVnetTraffic
optional - booleanTrue if Vnet to Vnet traffic is allowed.
office365LocalBreakoutCategory
optional - stringThe office local breakout category.
type
optional - stringThe type of the VirtualWAN.
Frequently asked questions
What is Azure Network Virtual Wan?
Azure Network Virtual Wan is a resource for Network of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Network Virtual Wan?
For Terraform, the jakubramut/tf_azure, cloudstateu/Terraform-Labs and codysparshu/terraform-tutorial source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the YAACGer/deploy-the-enterprise-scale, Rsimk/AzOps-Terraform and heuristik1/sfes source code examples are useful. See the Azure Resource Manager Example section for further details.