This solution uses a Terraform template to launch a new networking stack. It will create one VNET with three subnets: mgmt, external, internal. Use this Terraform template to create your Azure VNET infrastructure, and then head back to the BIG-IP Azure Terraform folder to get started!
- This template requires a service account to deploy with the Terraform Azure provider and build out all the neccessary Azure objects
- See the Terraform Azure Provider "Authenticating Using a Service Principal" for details. Also, review the available Azure built-in roles too.
- Permissions will depend on the objects you are creating
- Note: Make sure to practice least privilege
- Variables are configured in variables.tf
- Sensitive variables like Azure SSH keys are configured in terraform.tfvars or Azure Key Vault
- Note: Other items like BIG-IP password can be stored in Azure Key Vault. Refer to the Prerequisites.
- Files
- main.tf - resources for provider, versions
- network.tf - resources for VNET, subnets, security groups
| Name | Version |
|---|---|
| terraform | >= 1.2.0 |
| azurerm | >= 3.48.0 |
| Name | Version |
|---|---|
| azurerm | 3.48.0 |
| random | 3.4.3 |
No modules.
| Name | Type |
|---|---|
| azurerm_network_security_group.external | resource |
| azurerm_network_security_group.internal | resource |
| azurerm_network_security_group.mgmt | resource |
| azurerm_resource_group.main | resource |
| azurerm_subnet.external | resource |
| azurerm_subnet.internal | resource |
| azurerm_subnet.mgmt | resource |
| azurerm_subnet_network_security_group_association.external | resource |
| azurerm_subnet_network_security_group_association.internal | resource |
| azurerm_subnet_network_security_group_association.mgmt | resource |
| azurerm_virtual_network.main | resource |
| random_id.buildSuffix | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| adminSrcAddr | Allowed Admin source IP prefix | string |
"0.0.0.0/0" |
no |
| ext_address_prefix | External subnet address prefix | string |
"10.90.2.0/24" |
no |
| f5_cloud_failover_label | This is a tag used for F5 Cloud Failover Extension to identity which cloud objects to move during a failover event. | string |
"myFailover" |
no |
| int_address_prefix | Internal subnet address prefix | string |
"10.90.3.0/24" |
no |
| location | Azure Location of the deployment | string |
"westus2" |
no |
| mgmt_address_prefix | Management subnet address prefix | string |
"10.90.1.0/24" |
no |
| projectPrefix | This value is inserted at the beginning of each Azure object (alpha-numeric, no special character) | string |
"demo" |
no |
| resourceOwner | This is a tag used for object creation. Example is last name. | string |
null |
no |
| vnet_cidr | CIDR IP Address range of the Virtual Network | string |
"10.90.0.0/16" |
no |
| Name | Description |
|---|---|
| external_security_group_name | External security group name |
| external_subnet_addresses | External subnet address prefix |
| external_subnet_name | External subnet name |
| internal_security_group_name | Internal security group name |
| internal_subnet_addresses | Internal subnet address prefix |
| internal_subnet_name | Internal subnet name |
| mgmt_security_group_name | Management security group name |
| mgmt_subnet_addresses | Management subnet address prefix |
| mgmt_subnet_name | Management subnet name |
| resource_group | Resource group name |
| vnet | VNet name |
To run this Terraform template, perform the following steps:
- Clone the repo to your favorite location
- Modify terraform.tfvars with the required information
# Azure Environment
location = "westus2"
adminSrcAddr = "0.0.0.0/0"
resourceOwner = "fred"
# Prefix for objects being created
projectPrefix = "mydemo123"
- Initialize the directory
terraform init
- Test the plan and validate errors
terraform plan
- Finally, apply and deploy
terraform apply
- When done with everything, don't forget to clean up!
terraform destroy