Note: Scroll down this article to download the terrafom files in zip format. |
Terraform Azure VNet with Dual Subnets and Route Tables
This Terraform project provisions a secure Azure Virtual Network (VNet) with two distinct subnets: 'internal' and 'external'. It creates corresponding route tables for each subnet to control traffic flow explicitly.
Features
- Creates a new Azure Resource Group or use existing.
- Deploys a Virtual Network (VNet) with a user-defined address space.
- Creates an internal subnet.
- Creates an external subnet.
- Sets
default_outbound_access_enabled = falseon both subnets. This is a security best practice, requiring explicit outbound access (e.g., via a NAT Gateway or firewall) rather than relying on Azure's default SNAT. - Creates an internal route table (
rt-internal) and associates it with theinternalsubnet. This table has no default routes, isolating it from the internet. - Creates an external route table (
rt-external) and associates it with theexternalsubnet. - Adds a default route (
0.0.0.0/0) with a next hop ofInternetto the external route table, allowing resources in this subnet to access the internet.
File Structure
main.tf: Contains all the Azure resource definitions (VNet, Subnets, Route Tables, etc.).variables.tf: Declares all input variables used in the project.output.tf: Declares outputs from the created resources (e.g., VNet ID, subnet IDs).terraform.auto.tfvars: An example file to provide values for the variables.
Prerequisites
- Terraform (v1.0.0+)
- An Azure Subscription
- Azure CLI authenticated (or a Service Principal configured for Terraform).
How to Use
Clone the repository (or copy the files to a local directory).
Review and edit
terraform.auto.tfvars: Update the values in this file to match your naming conventions and networking requirements.# --- Resource Group and Location --- resource_group_name = "my-networking-rg" location = "West Europe" # --- Virtual Network --- vnet_name = "main-vnet" vnet_address_space = ["10.61.0.0/16"] # --- Subnets --- internal_subnet = { name = "snet-internal" address_prefix = "10.61.1.0/24" } external_subnet = { name = "snet-external" address_prefix = "10.61.2.0/24" } # --- Route Tables --- internal_route_table_name = "rt-internal" external_route_table_name = "rt-external"Initialize Terraform:
terraform initReview the plan:
terraform planApply the configuration:
terraform apply
Inputs
| Name | Description | Type |
|---|---|---|
resource_group_name | The name of the resource group to create. | string |
location | The Azure region where resources will be deployed. | string |
vnet_name | The name of the virtual network. | string |
vnet_address_space | The address space for the virtual network (e.g., ["10.61.0.0/16"]). | list(string) |
internal_subnet | Configuration for the internal subnet. | object({ name = string, address_prefix = string }) |
external_subnet | Configuration for the external subnet. | object({ name = string, address_prefix = string }) |
internal_route_table_name | Name for the internal route table. | string |
external_route_table_name | Name for the external route table. | string |
Outputs
| Name | Description |
|---|---|
resource_group_name | The name of the created resource group. |
vnet_id | The ID of the created virtual network. |
vnet_name | The name of the created virtual network. |
internal_subnet_id | The ID of the internal subnet. |
external_subnet_id | The ID of the external subnet. |
internal_route_table_id | The ID of the internal route table. |
external_route_table_id | The ID of the external route table. |