如何在创建Azure路由时在Terraform中引用防火墙私有IP地址。

huangapple go评论72阅读模式
英文:

How can I reference Firewall Private IP address in Terraform while creating Route in Azure

问题

我正在尝试通过Terraform为Azure创建路由,并希望将防火墙的私有IP地址作为下一跳地址。但是其中的代码都没有起作用。

resource "azurerm_firewall" "Fireall-variable" {
  name                = "Main-Firewall"
  location            = azurerm_resource_group.East-rg-variable.location
  resource_group_name = azurerm_resource_group.East-rg-variable.name
  sku_name            = "AZFW_VNet"
  sku_tier            = "Standard"

  ip_configuration {
    name                 = "configuration"
    subnet_id            = azurerm_subnet.subnet2.id
    public_ip_address_id = azurerm_public_ip.Firewallip-variable.id
  }
}
resource "azurerm_route_table" "westroute" {
  name                          = "West-route-table"
  location                      = azurerm_resource_group.East-rg-variable.location
  resource_group_name           = azurerm_resource_group.East-rg-variable.name
  disable_bgp_route_propagation = false

  route {
    name           = "route1"
    address_prefix = "0.0.0.0/0"
    next_hop_type  = "VirtualAppliance"
    next_hop_in_ip_address = "10.0.1.4"
  }
}
英文:

I am trying to create Route for Azure through Terraform and and wants to next Firewall's private IP address as next hop address. But none of the coding is working.

resource "azurerm_firewall" "Fireall-variable" {
  name                = "Main-Firewall"
location =  azurerm_resource_group.East-rg-variable.location
 resource_group_name = azurerm_resource_group.East-rg-variable.name
  sku_name            = "AZFW_VNet"
  sku_tier            = "Standard"

ip_configuration {
    name                 = "configuration"
    subnet_id            = azurerm_subnet.subnet2.id
    public_ip_address_id = azurerm_public_ip.Firewallip-variable.id
  }
}

resource "azurerm_route_table" "westroute" {
  name                          = "West-route-table"
  location                      = azurerm_resource_group.East-rg-variable.location
  resource_group_name           = azurerm_resource_group.East-rg-variable.name
  disable_bgp_route_propagation = false

  route {
    name           = "route1"
   address_prefix = "0.0.0.0/0"
   next_hop_type  = "VirtualAppliance"
   next_hop_in_ip_address = "10.0.1.4"
 }

答案1

得分: 1

我在我的环境中进行了复制,并获得了如下所示的预期结果:

以下是我使用创建带有路由表的Azure防火墙的代码,并且我遵循了Document1Document2

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "emo-rg" {
  name     = "emo-resources"
  location = "West Europe"
}

resource "azurerm_public_ip" "example" {
  name                = "testpip"
  location            = azurerm_resource_group.emo-rg.location
  resource_group_name = azurerm_resource_group.emo-rg.name
  allocation_method   = "Static"
  sku                 = "Standard"
}

resource "azurerm_virtual_network" "vnet" {
  name                = "ritwik-vnet"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.emo-rg.location
  resource_group_name = azurerm_resource_group.emo-rg.name
}

resource "azurerm_subnet" "subnet" {
  name                 = "AzureFirewallSubnet"
  resource_group_name  = azurerm_resource_group.emo-rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = ["10.0.1.0/24"]
}

resource "azurerm_firewall" "firewall" {
  name                = "testfirewall"
  location            = azurerm_resource_group.emo-rg.location
  resource_group_name = azurerm_resource_group.emo-rg.name
  sku_name            = "AZFW_VNet"
  sku_tier            = "Premium"

  ip_configuration {
    name                 = "configuration"
    subnet_id            = azurerm_subnet.subnet.id
    public_ip_address_id = azurerm_public_ip.example.id
  }
}

resource "azurerm_route_table" "westroute" {
  name                          = "West-route-table"
  location                      = azurerm_resource_group.emo-rg.location
  resource_group_name           = azurerm_resource_group.emo-rg.name
  disable_bgp_route_propagation = false

  route {
    name                 = "route1"
    address_prefix       = "0.0.0.0/0"
    next_hop_type        = "VirtualAppliance"
    next_hop_in_ip_address = azurerm_firewall.firewall.ip_configuration[0].private_ip_address
  }
}

输出:

执行terraform代码后创建的资源:

如何在创建Azure路由时在Terraform中引用防火墙私有IP地址。

成功运行上述代码后,路由表将使用以下IP地址创建:

如何在创建Azure路由时在Terraform中引用防火墙私有IP地址。

现在在防火墙中:

如何在创建Azure路由时在Terraform中引用防火墙私有IP地址。

英文:

I have reproduced in my environment and got expected results as below:

Here is the code with which I created Azure Firewall with route table and I followed Document1 and Document2:

provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "emo-rg" {
name     = "emo-resources"
location = "West Europe"
}
resource "azurerm_public_ip" "example" {
name                = "testpip"
location            = azurerm_resource_group.emo-rg.location
resource_group_name = azurerm_resource_group.emo-rg.name
allocation_method   = "Static"
sku                 = "Standard"
}
resource "azurerm_virtual_network" "vnet" {
name                = "ritwik-vnet"
address_space       = ["10.0.0.0/16"]
location            = azurerm_resource_group.emo-rg.location
resource_group_name = azurerm_resource_group.emo-rg.name
}
resource "azurerm_subnet" "subnet" {
name                 = "AzureFirewallSubnet"
resource_group_name  = azurerm_resource_group.emo-rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes     = ["10.0.1.0/24"]
}
resource "azurerm_firewall" "firewall" {
name                = "testfirewall"
location            = azurerm_resource_group.emo-rg.location
resource_group_name = azurerm_resource_group.emo-rg.name
sku_name            = "AZFW_VNet"
sku_tier            = "Premium"
ip_configuration {
name                 = "configuration"
subnet_id            = azurerm_subnet.subnet.id
public_ip_address_id = azurerm_public_ip.example.id
}
}
resource "azurerm_route_table" "westroute" {
name                          = "West-route-table"
location                      = azurerm_resource_group.emo-rg.location
resource_group_name           = azurerm_resource_group.emo-rg.name
disable_bgp_route_propagation = false
route {
name                 = "route1"
address_prefix       = "0.0.0.0/0"
next_hop_type        = "VirtualAppliance"
next_hop_in_ip_address = azurerm_firewall.firewall.ip_configuration[0].private_ip_address
}
}

如何在创建Azure路由时在Terraform中引用防火墙私有IP地址。

Output:

Resources created after executing terraform code:

如何在创建Azure路由时在Terraform中引用防火墙私有IP地址。

After running the above code successfully, Route table is created with the below IP Address:

如何在创建Azure路由时在Terraform中引用防火墙私有IP地址。

Now in Firewall:

如何在创建Azure路由时在Terraform中引用防火墙私有IP地址。

huangapple
  • 本文由 发表于 2023年4月19日 22:50:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/76055914.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定