Hello @kaushalcloudprofile ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand you are creating a secure virtual hub in a hub-and-spoke architecture and would like to attach the firewall policy to the hub using Terraform or PowerShell script.
I found the below references that you can check for the same:
Terraform reference:
In order to create a secured vhub, you'll need to:
- Create a azurerm_firewall_policy
- Create a azurerm_firewall, setting its virtual_hub block and firewall_policy_id field.
See below reference template:
https://github.com/terraform-providers/terraform-provider-azurerm/blob/090fa6506f7693306b53b613c08ff6de86fc64e2/azurerm/internal/services/firewall/firewall_resource_test.go#L850-L897
In the attributes reference of Azurerm_Firewall, you can find "firewall_policy_id" and "virtual_hub" block which exports that virtual_hub_id.
Reference : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/firewall#attributes-reference
PowerShell script:
# Get Virtual Hub
$Hub = Get-AzVirtualHub -ResourceGroupName "testRG" -Name "hubname"
# Get Firewall Policy
$FWPolicy = Get-AzFirewallPolicy -Name firewallPolicy -ResourceGroupName $RG
# New Firewall
$AzFW = New-AzFirewall -Name "azfw1" -ResourceGroupName $RG -Location $Location `
-VirtualHubId $Hub.Id -FirewallPolicyId $FWPolicy.Id `
-Sku AZFW_Hub -HubIPAddress $AzFWHubIPs
Seems like you need to create the Azure Firewall with the firewall policy and virtual hub settings. I couldn't find a way to attach them in an existing firewall.
Kindly let us know if the above helps or you need further assistance on this issue.
----------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.