Proposed Pull Request Change

📄 Document Links

View on GitHub View on Microsoft Learn

--- title: 'Quickstart: Secure virtual hub using Azure Firewall Manager - Terraform' description: In this quickstart, you learn how to secure your virtual hub using Azure Firewall Manager and Terraform. services: firewall-manager author: duongau ms.author: duau ms.date: 01/09/2025 ms.topic: quickstart ms.service: azure-firewall-manager ms.custom: devx-track-terraform content_well_notifications: - AI-Contribution --- # Quickstart: Secure your virtual hub using Azure Firewall Manager - Terraform In this quickstart, you use Terraform to secure your virtual hub using Azure Firewall Manager. The deployed firewall has an application rule that allows connections to `www.microsoft.com` . Two Windows Server 2019 virtual machines are deployed to test the firewall. One jump server is used to connect to the workload server. From the workload server, you can only connect to `www.microsoft.com`. For more information about Azure Firewall Manager, see [What is Azure Firewall Manager?](overview.md). ## Prerequisites - An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn). [!INCLUDE [open-source-devops-prereqs-azure-subscription.md](~/azure-dev-docs-pr/articles/includes/open-source-devops-prereqs-azure-subscription.md)] - [Install and configure Terraform](/azure/developer/terraform/quickstart-configure) ## Review and Implement the Terraform code > [!NOTE] > The sample code for this article is located in the [Azure Terraform GitHub repo](https://github.com/Azure/terraform/tree/master/quickstart/101-front-door-classic). You can view the log file containing the [test results from current and previous versions of Terraform](https://github.com/Azure/terraform/tree/master/quickstart/101-front-door-classic/TestRecord.md). > > See more [articles and sample code showing how to use Terraform to manage Azure resources](/azure/terraform) Multiple Azure resources are defined in the Terraform code. The following resources are defined in the `main.tf` file: - [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) - [azurerm_virtual_wan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_wan) - [azurerm_virtual_hub](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub) - [azurerm_virtual_hub_connection](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub_connection) - [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) - [azurerm_firewall_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy) - [azurerm_firewall_policy_rule_collection_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy_rule_collection_group) - [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) - [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) - [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) - [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) - [azurerm_network_interface_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association) - [azurerm_windows_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine) - [azurerm_route_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table) - [azurerm_subnet_route_table_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) - [azurerm_virtual_hub_route_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub_route_table) 1. Create a directory in which to test the sample Terraform code and make it the current directory. 1. Create a file named `provider.tf` and insert the following code: :::code language="Terraform" source="~/terraform_samples/quickstart/201-azfw-with-secure-hub/provider.tf"::: 1. Create a file named `main.tf` and insert the following code: :::code language="Terraform" source="~/terraform_samples/quickstart/201-azfw-with-secure-hub/main.tf"::: 1. Create a file named `variables.tf` and insert the following code: :::code language="Terraform" source="~/terraform_samples/quickstart/201-azfw-with-secure-hub/variables.tf"::: 1. Create a file named `outputs.tf` and insert the following code, being sure to update the value to your own backend hostname: :::code language="Terraform" source="~/terraform_samples/quickstart/201-azfw-with-secure-hub/outputs.tf"::: ## Initialize Terraform [!INCLUDE [terraform-init.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-init.md)] ## Create a Terraform execution plan [!INCLUDE [terraform-plan.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-plan.md)] ## Apply a Terraform execution plan [!INCLUDE [terraform-apply-plan.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-apply-plan.md)] ## Clean up resources [!INCLUDE [terraform-plan-destroy.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-plan-destroy.md)] ## Troubleshoot Terraform on Azure [Troubleshoot common problems when using Terraform on Azure](/azure/developer/terraform/troubleshoot) ## Next steps > [!div class="nextstepaction"] > [Learn about security partner providers](trusted-security-partners.md)