terraform/ecc-azure-207-asb_sql_managed_inst

resource "azurerm_network_security_group" "this" { name = "mi-security-group-red" location = azurerm_resource_group.this.location resource_group_name = azurerm_resource_group.this.name tags = var.tags } resource "azurerm_network_security_rule" "allow_management_inbound" { name = "allow_management_inbound" priority = 106 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_ranges = ["9000", "9003", "1438", "1440", "1452"] source_address_prefix = "*" destination_address_prefix = "*" resource_group_name = azurerm_resource_group.this.name network_security_group_name = azurerm_network_security_group.this.name } resource "azurerm_network_security_rule" "allow_misubnet_inbound" { name = "allow_misubnet_inbound" priority = 200 direction = "Inbound" access = "Allow" protocol = "*" source_port_range = "*" destination_port_range = "*" source_address_prefix = "10.0.0.0/24" destination_address_prefix = "*" resource_group_name = azurerm_resource_group.this.name network_security_group_name = azurerm_network_security_group.this.name } resource "azurerm_network_security_rule" "allow_health_probe_inbound" { name = "allow_health_probe_inbound" priority = 300 direction = "Inbound" access = "Allow" protocol = "*" source_port_range = "*" destination_port_range = "*" source_address_prefix = "AzureLoadBalancer" destination_address_prefix = "*" resource_group_name = azurerm_resource_group.this.name network_security_group_name = azurerm_network_security_group.this.name } resource "azurerm_network_security_rule" "allow_tds_inbound" { name = "allow_tds_inbound" priority = 1000 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "1433" source_address_prefix = "VirtualNetwork" destination_address_prefix = "*" resource_group_name = azurerm_resource_group.this.name network_security_group_name = azurerm_network_security_group.this.name } resource "azurerm_network_security_rule" "deny_all_inbound" { name = "deny_all_inbound" priority = 4096 direction = "Inbound" access = "Deny" protocol = "*" source_port_range = "*" destination_port_range = "*" source_address_prefix = "*" destination_address_prefix = "*" resource_group_name = azurerm_resource_group.this.name network_security_group_name = azurerm_network_security_group.this.name } resource "azurerm_network_security_rule" "allow_management_outbound" { name = "allow_management_outbound" priority = 112 direction = "Outbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_ranges = ["80", "443", "12000"] source_address_prefix = "*" destination_address_prefix = "*" resource_group_name = azurerm_resource_group.this.name network_security_group_name = azurerm_network_security_group.this.name } resource "azurerm_network_security_rule" "allow_misubnet_outbound" { name = "allow_misubnet_outbound" priority = 200 direction = "Outbound" access = "Allow" protocol = "*" source_port_range = "*" destination_port_range = "*" source_address_prefix = "10.0.0.0/24" destination_address_prefix = "*" resource_group_name = azurerm_resource_group.this.name network_security_group_name = azurerm_network_security_group.this.name } resource "azurerm_network_security_rule" "deny_all_outbound" { name = "deny_all_outbound" priority = 4096 direction = "Outbound" access = "Deny" protocol = "*" source_port_range = "*" destination_port_range = "*" source_address_prefix = "*" destination_address_prefix = "*" resource_group_name = azurerm_resource_group.this.name network_security_group_name = azurerm_network_security_group.this.name } resource "azurerm_virtual_network" "this" { name = "vnet-mi-red" resource_group_name = azurerm_resource_group.this.name address_space = ["10.0.0.0/16"] location = azurerm_resource_group.this.location tags = var.tags } resource "azurerm_subnet" "this" { name = "subnet-mi-red" resource_group_name = azurerm_resource_group.this.name virtual_network_name = azurerm_virtual_network.this.name address_prefixes = ["10.0.0.0/24"] delegation { name = "managedinstancedelegation" service_delegation { name = "Microsoft.Sql/managedInstances" actions = ["Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", "Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action"] } } } resource "azurerm_subnet_network_security_group_association" "this" { subnet_id = azurerm_subnet.this.id network_security_group_id = azurerm_network_security_group.this.id } resource "azurerm_route_table" "this" { name = "routetable-mi-red" location = azurerm_resource_group.this.location resource_group_name = azurerm_resource_group.this.name disable_bgp_route_propagation = false depends_on = [ azurerm_subnet.this ] } resource "azurerm_subnet_route_table_association" "this" { subnet_id = azurerm_subnet.this.id route_table_id = azurerm_route_table.this.id depends_on = [ azurerm_route_table.this ] }

terraform/ecc-azure-207-asb_sql_managed_inst_cmk/red/network.tf (150 lines of code) (raw):