Introduction
In today’s cloud-first world, businesses increasingly require secure, scalable, and efficient global networks. Azure Virtual WAN (VWAN) provides a comprehensive networking solution that simplifies complex global networking architectures. When paired with Terraform, a popular Infrastructure as Code (IaC) tool, setting up and managing a global network becomes even more seamless. This blog will guide you through the steps to set up a global network using Azure Virtual WAN with Terraform.
Prerequisites
Before diving into the setup, ensure you have the following:
- Azure Subscription: An active Azure subscription.
- Terraform Installed: Terraform should be installed on your machine. If not, you can download it from the official Terraform website.
- Azure CLI Installed: Azure CLI is necessary to authenticate Terraform with Azure.
- Basic Knowledge of Terraform: Familiarity with Terraform configuration files, providers, and modules.
Step 1: Initialize Your Terraform Project
Start by creating a new directory for your Terraform project. Inside this directory, create a file named main.tf. This file will contain the Terraform code for setting up the Azure Virtual WAN.
mkdir azure-vwan-terraform
cd azure-vwan-terraform
touch main.tfStep 2: Configure the Azure Provider
In main.tf, start by defining the Azure provider. This configuration will enable Terraform to interact with Azure resources.
provider "azurerm" {
features = {}
}
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0"
}
}
required_version = ">= 1.0"
}Step 3: Define Resource Groups
Resource groups in Azure are logical containers that hold related resources. Define a resource group where the Virtual WAN will be deployed.
resource "azurerm_resource_group" "example" {
name = "vwan-rg"
location = "East US"
}Step 4: Create the Azure Virtual WAN
Next, create the Virtual WAN resource. Azure Virtual WAN is a networking service that provides optimized and automated branch connectivity to Azure and can be used to connect VNets, VPNs, and ExpressRoute circuits.
resource "azurerm_virtual_wan" "vwan" {
name = "main-vwan"
resource_group_name = azurerm_resource_group.vhub-rg.name
location = azurerm_resource_group.vhub-location.location
type = "Standard"
tags = {
environment = "production"
}
}Step 5: Create Virtual Hubs
Virtual hubs are the core components of the Virtual WAN architecture. They act as the central connection points for traffic coming from various locations.
resource "azurerm_virtual_hub" "vhub" {
name = "main-hub"
resource_group_name = azurerm_resource_group.vhub-rg.name
location = azurerm_resource_group.vhub-location.location
virtual_wan_id = azurerm_virtual_wan.main-vwan.id
address_prefix = "10.0.0.0/24"
tags = {
environment = "production"
}
}Step 6: Configure Hub Routing
You’ll need to define how traffic should be routed within the hub. This involves setting up routing tables and associations.
resource "azurerm_virtual_hub_route_table" "vhub_route_table" {
name = "example-hub-rt"
resource_group_name = azurerm_resource_group.vhub-rg.name
virtual_hub_id = azurerm_virtual_hub.vhub.id
route {
name = "route-to-vnet"
address_prefix = "10.1.0.0/16"
next_hop_type = "VnetPeering"
}
}Step 7: Connect VNets to the Virtual Hub
To enable connectivity between your VNets and the Virtual Hub, set up VNet connections.
resource "azurerm_virtual_hub_connection" "vhub-connection" {
name = "vhub-connection"
resource_group_name = azurerm_resource_group.example.name
virtual_hub_id = azurerm_virtual_hub.vhub.id
remote_virtual_network_id = azurerm_virtual_network.vnet.id
routing = {
associated_route_table_id = azurerm_virtual_hub_route_table.vhub-route_table.id
propagated_route_table_ids = [azurerm_virtual_hub_route_table.vhub2-route_table.id]
}
}Step 8: Establish VPN Gateway Connections
If you have on-premises networks that need to connect to your Azure environment, set up VPN gateway connections.
resource "azurerm_vpn_gateway" "example" {
name = "vhub-vpn-gateway"
location = azurerm_resource_group.vhub-location.location
resource_group_name = azurerm_resource_group.vhub-rg.name
virtual_hub_id = azurerm_virtual_hub.vhub.id
vpn_gateway_scale_unit = 1
tags = {
environment = "production"
}
}Step 9: Implement Security with Network Security Groups
To secure your VNets, apply Network Security Groups (NSGs) to control inbound and outbound traffic.
resource "azurerm_network_security_group" "nsg" {
name = "main-nsg"
location = azurerm_resource_group.vhub-location.location
resource_group_name = azurerm_resource_group.vhub-rg.name
security_rule {
name = "allow-ssh"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "0.0.0.0/0"
destination_address_prefix = "*"
}
}Step 10: Deploy and Verify
Finally, deploy the configuration by running the following Terraform commands:
terraform init
terraform plan
terraform applyYou can verify the deployment using the Azure Portal or Azure CLI.
Conclusion
In Conclusion i want to add setting up a global network using Azure Virtual WAN and Terraform is a powerful way to manage and scale your cloud infrastructure. This guide provided a step-by-step approach to creating a global network, from setting up the Virtual WAN to securing your VNets. With Terraform, you gain the added benefit of automating and version-controlling your network setup, making it easier to manage changes and collaborate across teams.
By following these steps, you should now have a fully functional global network on Azure, ready to handle the demands of your organization’s global operations.