question

KaushalendraKumar avatar image
0 Votes"
KaushalendraKumar asked GitaraniSharmaMSFT-4262 edited

Attaching Azure Firewall Policy with Hub using Terraform

Attaching Azure Firewall Policy with Hub using Terraform

We are using hub and spoke architecture for creating landing zone on azure. We are using Terraform for infra provisioning. We have created VWAN, Hub, Firewall & Firewall policy using terraform. Now we want to attach our firewall policy to the hub using terraform but there seems no code on terraform using which I can achieve this task.

Does anyone know if there is terraform code block using which I can attach my azure firewall policy to the hub? Or may be powershell script using which I can do this?


azure-firewall
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered GitaraniSharmaMSFT-4262 edited

Hello @kaushalcloudprofile ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I understand you are creating a secure virtual hub in a hub-and-spoke architecture and would like to attach the firewall policy to the hub using Terraform or PowerShell script.

I found the below references that you can check for the same:

Terraform reference:
In order to create a secured vhub, you'll need to:
- Create a azurerm_firewall_policy
- Create a azurerm_firewall, setting its virtual_hub block and firewall_policy_id field.

See below reference template:
https://github.com/terraform-providers/terraform-provider-azurerm/blob/090fa6506f7693306b53b613c08ff6de86fc64e2/azurerm/internal/services/firewall/firewall_resource_test.go#L850-L897

In the attributes reference of Azurerm_Firewall, you can find "firewall_policy_id" and "virtual_hub" block which exports that virtual_hub_id.
Reference : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/firewall#attributes-reference

PowerShell script:

 # Get Virtual Hub
 $Hub = Get-AzVirtualHub -ResourceGroupName "testRG" -Name "hubname"
 # Get Firewall Policy
 $FWPolicy = Get-AzFirewallPolicy -Name firewallPolicy -ResourceGroupName $RG
 # New Firewall
 $AzFW = New-AzFirewall -Name "azfw1" -ResourceGroupName $RG -Location $Location `
             -VirtualHubId $Hub.Id -FirewallPolicyId $FWPolicy.Id `
             -Sku AZFW_Hub -HubIPAddress $AzFWHubIPs

Refer : https://docs.microsoft.com/en-us/azure/firewall-manager/secure-cloud-network-powershell#initial-virtual-wan-deployment

Seems like you need to create the Azure Firewall with the firewall policy and virtual hub settings. I couldn't find a way to attach them in an existing firewall.

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.