nsg
claranet/nsg/azurerm
Terraform module for Azure Network Security Group
Azure Network Security Group     This module creates an Azure Network Security Group with possible predefined rules. The default module configuration deny all inbound traffic. When Flow Logs are enabled Make sure to use a Storage Account with no existing lifecycle management rules as this will add a new rule and overwrite the existing ones. Fore more details, see https://github.com/hashicorp/terraform-provider-azurerm/issues/6935. Global versioning rule for Claranet Azure modules | Module version | Terraform version | OpenTofu version | AzureRM version | | -------------- | ----------------- | ---------------- | --------------- | | >= 8.x.x |
| Name | Type | Description | Default |
|---|---|---|---|
| stack | string | Project stack name. | |
| client_name | string | Client name/account used in naming. | |
| location_short | string | Short string for Azure location. | |
| resource_group_name | string | Resource group name. | |
| location | string | Azure location. | |
| environment | string | Project environment. | |
| flow_log_storage_account_id | string | Network watcher flow log storage account ID. | null |
| winrm_source_allowed | any | Allowed source for inbound WinRM traffic. Can be a Service Tag, "*" or a CIDR li | [] |
| additional_rules | list(object({ priority | Additional network security group rules to add. For arguements please refer to [ | [] |
| cifs_inbound_allowed | bool | True to allow inbound CIFS traffic. | false |
| custom_name | string | Security Group custom name. | null |
| ssh_inbound_allowed | bool | True to allow inbound SSH traffic. | false |
| rdp_source_allowed | any | Allowed source for inbound RDP traffic. Can be a Service Tag, "*" or a CIDR list | [] |
| application_gateway_rules_enabled | bool | True to configure rules mandatory for hosting an Application Gateway. See [docum | false |
| load_balancer_rules_enabled | bool | True to configure rules mandatory for hosting a Load Balancer. | false |
| extra_tags | map(string) | Additional tags to associate with your Network Security Group. | {} |
| use_existing_network_watcher | bool | Whether to use an existing Network Watcher or not? Useful when the Network Watch | true |
| network_watcher_resource_group_name | string | The name of the Resource Group in which the Network Watcher was deployed. Changi | null |
| https_inbound_allowed | bool | True to allow inbound HTTPS traffic. | false |
| nfs_source_allowed | any | Allowed source for inbound NFSv4 traffic. Can be a Service Tag, "*" or a CIDR li | [] |
| default_tags_enabled | bool | Option to enable or disable default tags. | true |
| winrm_inbound_allowed | bool | True to allow inbound secure WinRM traffic. | false |
| flow_log_traffic_analytics_interval_in_minutes | number | How frequently service should do flow analytics in minutes. | 10 |
| flow_log_location | string | The location where the Network Watcher Flow Log resides. Changing this forces a | null |
| network_watcher_name | string | The name of the Network Watcher. Changing this forces a new resource to be creat | null |
| flow_log_traffic_analytics_enabled | bool | Boolean flag to enable/disable traffic analytics. | true |
| … and 4 more inputs | |||
resource — Network security group resource object.id — Network security group ID.name — Network security group name.network_watcher_flow_log_id — Network watcher flow log ID.network_watcher_flow_log_resource — Network watcher flow log resource object.resource_group_name — Network security group resource group name.Azure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,