This a repository containing Terraform code to demonstrate the use of Routing Intent with Azure Virtual WAN.
The Terraform code recreates the following architecture:
List of resources deployed
- Virtual WAN
- Virtual WAN Hub x2
- Hub Firewall x2
- Log Analytics Workspace
- Firewall Policy
- VNet x3
- Bastion
- Virtual Machine x2
- A Microsoft Azure Subscription with Contributor or greater access
- The following must be installed
- Terraform version
v1.6.3 - AzureRM provider version
v3.7.8
-
Configure environment for access to azure
- Authenticate using Azure CLI
az login
- Select subscription for deployment
az account set --subscription "<SUBSCRIPTION_ID>"
-
Initialize Terraform configuration
terraform init
-
Validate the Terraform changes
terraform plan -out tfplan
It is recommended to save the Terraform plan to a file, by using the
-outoption to ensure you are applying the changes that were advertised by the plan command. -
Apply the terraform changes
terraform apply tfplan
-
Validate the infrastructure
- Connect to the Virtual Machines using the connect by IP function of Azure Bastion
- For testing purposes, you need to allow ICMP ping through the firewall of each VM
- Check the connection between the two VMs using their private IP addresses
- Check the Log Analytics workspace for evidence of the Firewall being used for traffic
-
Clean up resources once finished (be wary of Firewall + VWAN costs when testing!)
- Create a Terraform plan for removal of resources
terraform plan -destroy -out tfplan_destroy
- Apply removal plan to clean up resources
terraform apply tfplan_destroy