This module manages the creation and configuration of Network Interfaces in Microsoft Azure. It allows you to define various settings such as IP configurations, DNS servers, and network security groups.
- Network Interface Creation: Provision and configure Azure Network Interfaces with various settings.
- IP Configuration: Manage both private and public IP addresses with flexible allocation methods.
- DNS Management: Customize DNS servers for the Network Interface, overriding the default settings of the Virtual Network if needed.
- Network Security: Attach Network Security Groups (NSGs) and Application Security Groups (ASGs) to manage traffic flow.
- Accelerated Networking: Enable or disable accelerated networking to enhance performance for supported VM sizes.
This example demonstrates how to deploy a Network Interface with custom IP configurations and optionally associate it with a Network Security Group, Public IP, or Application Security Group.
resource "azurerm_resource_group" "rg" {
name = "rg-nic-example"
location = "germanywestcentral"
}
module "vnet" {
source = "CloudAstro/virtual-network/azurerm"
name = "vnet-example"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
}
module "snet" {
source = "CloudAstro/subnet/azurerm"
name = "snet-example"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = module.vnet.virtual_network.name
address_prefixes = ["10.0.1.0/24"]
}
module "network_interface" {
source = "../.."
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
interfaces = {
first-nic = {
name = "first-nic"
dns_servers = ["168.63.129.16", "8.8.8.8"]
accelerated_networking_enabled = false
ip_forwarding_enabled = true
internal_dns_name_label = "vm-internal"
ip_configuration = [
{
name = "internal"
subnet_id = module.snet.subnet.id
private_ip_address_version = "IPv4"
private_ip_address_allocation = "Static"
primary = true
private_ip_address = "10.0.1.6"
}
]
}
second-nic = {
name = "second-nic"
dns_servers = ["168.63.129.16", "8.8.8.8"]
accelerated_networking_enabled = true
ip_forwarding_enabled = false
internal_dns_name_label = "vm-internal-2"
ip_configuration = [
{
name = "internal"
subnet_id = module.snet.subnet.id
private_ip_address_version = "IPv4"
private_ip_address_allocation = "Dynamic"
primary = true
},
{
name = "external"
subnet_id = module.snet.subnet.id
private_ip_address_version = "IPv4"
private_ip_address_allocation = "Dynamic"
primary = false
}
]
}
}
tags = {
environment = "production"
department = "IT"
}
}| Name | Version |
|---|---|
| terraform | ~> 1.9.0 |
| azurerm | >= 4.0.0 |
| Name | Version |
|---|---|
| azurerm | >= 4.0.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| location | * location - (Required) The Azure region where the virtual network (VNet) will be created. This value must be specified and cannot be null.Example Input: location = "eastus" |
string |
n/a | yes |
| resource_group_name | * resource_group_name - (Required) The name of the resource group where the network interface will be created.Example Input: resource_group_name = "my-resource-group" |
string |
n/a | yes |
| diagnostic_settings | * monitor_diagnostic_setting - Manages a Diagnostic Setting for an existing Resource.* name - (Required) Specifies the name of the Diagnostic Setting. Changing this forces a new resource to be created.-> NOTE: If the name is set to 'service' it will not be possible to fully delete the diagnostic setting. This is due to legacy API support. * target_resource_id - (Optional) The ID of an existing Resource on which to configure Diagnostic Settings. Changing this forces a new resource to be created.* eventhub_name - (Optional) Specifies the name of the Event Hub where Diagnostics Data should be sent.-> NOTE: If this isn't specified then the default Event Hub will be used. * eventhub_authorization_rule_id - (Optional) Specifies the ID of an Event Hub Namespace Authorization Rule used to send Diagnostics Data. -> NOTE: This can be sourced from the azurerm_eventhub_namespace_authorization_rule resource and is different from a azurerm_eventhub_authorization_rule resource.-> NOTE: At least one of eventhub_authorization_rule_id, log_analytics_workspace_id, partner_solution_id and storage_account_id must be specified.* log_analytics_workspace_id - (Optional) Specifies the ID of a Log Analytics Workspace where Diagnostics Data should be sent.-> NOTE: At least one of eventhub_authorization_rule_id, log_analytics_workspace_id, partner_solution_id and storage_account_id must be specified.* storage_account_id - (Optional) The ID of the Storage Account where logs should be sent. -> NOTE: At least one of eventhub_authorization_rule_id, log_analytics_workspace_id, partner_solution_id and storage_account_id must be specified.* log_analytics_destination_type - (Optional) Possible values are AzureDiagnostics and Dedicated. When set to Dedicated, logs sent to a Log Analytics workspace will go into resource specific tables, instead of the legacy AzureDiagnostics table.-> NOTE: This setting will only have an effect if a log_analytics_workspace_id is provided. For some target resource type (e.g., Key Vault), this field is unconfigurable. Please see resource types for services that use each method. Please see the documentation for details on the differences between destination types.* partner_solution_id - (Optional) The ID of the market partner solution where Diagnostics Data should be sent. For potential partner integrations, click to learn more about partner integration.-> NOTE: At least one of eventhub_authorization_rule_id, log_analytics_workspace_id, partner_solution_id and storage_account_id must be specified.* metric - (Optional) One or more metric blocks as defined below.* category - (Required) The name of a Diagnostic Metric Category for this Resource.* -> NOTE: The Metric Categories available vary depending on the Resource being used. You may wish to use the azurerm_monitor_diagnostic_categories Data Source to identify which categories are available for a given Resource.* enabled - (Optional) Is this Diagnostic Metric enabled? Defaults to true.* timeouts - The timeouts block allows you to specify timeouts for certain actions:* create - (Defaults to 30 minutes) Used when creating the Diagnostics Setting.* update - (Defaults to 30 minutes) Used when updating the Diagnostics Setting.* read - (Defaults to 5 minutes) Used when retrieving the Diagnostics Setting.* delete - (Defaults to 60 minutes) Used when deleting the Diagnostics Setting.Example Input: diagnostic_settings = { |
map(object({ |
null |
no |
| interfaces | * interfaces - (Optional) A list of Network Interfaces to be created.* name - (Required) The name of the Network Interface. Changing this forces a new resource to be created.* auxiliary_mode - (Optional) Specifies the auxiliary mode used to enable network high-performance feature on Network Virtual Appliances (NVAs). This feature offers competitive performance in Connections Per Second (CPS) optimization, along with improvements to handling large amounts of simultaneous connections. Possible values are AcceleratedConnections, Floating, MaxConnections and None.-> Note: auxiliary_mode is in Preview and requires that the preview is enabled - more information can be found in the Azure documentation.* auxiliary_sku - (Optional) Specifies the SKU used for the network high-performance feature on Network Virtual Appliances (NVAs). Possible values are A8, A4, A1, A2 and None.-> Note: auxiliary_sku is in Preview and requires that the preview is enabled - more information can be found in the Azure documentation.* dns_servers - (Optional) A list of IP Addresses defining the DNS Servers which should be used for this Network Interface.-> Note: Configuring DNS Servers on the Network Interface will override the DNS Servers defined on the Virtual Network. * edge_zone - (Optional) Specifies the Edge Zone within the Azure Region where this Network Interface should exist. Changing this forces a new Network Interface to be created.* ip_forwarding_enabled - (Optional) Should IP Forwarding be enabled? Defaults to false.* accelerated_networking_enabled - (Optional) Should Accelerated Networking be enabled? Defaults to false.-> Note: Only certain Virtual Machine sizes are supported for Accelerated Networking - more information can be found in this document. -> Note: To use Accelerated Networking in an Availability Set, the Availability Set must be deployed onto an Accelerated Networking enabled cluster. * internal_dns_name_label - (Optional) The (relative) DNS Name used for internal communications between Virtual Machines in the same Virtual Network.* ip_configuration - The ip_configuration block supports the following:* name - (Required) A name used for this IP Configuration.* gateway_load_balancer_frontend_ip_configuration_id - (Optional) The Frontend IP Configuration ID of a Gateway SKU Load Balancer.* subnet_id - (Optional) The ID of the Subnet where this Network Interface should be located in.-> Note: This is required when private_ip_address_version is set to IPv4.* private_ip_address_version - (Optional) The IP Version to use. Possible values are IPv4 or IPv6. Defaults to IPv4.* private_ip_address_allocation - (Required) The allocation method used for the Private IP Address. Possible values are Dynamic and Static.~> Note: Dynamic means "An IP is automatically assigned during creation of this Network Interface"; Static means "User supplied IP address will be used"* public_ip_address_id - (Optional) Reference to a Public IP Address to associate with this NIC* primary - (Optional) Is this the Primary IP Configuration? Must be true for the first ip_configuration when multiple are specified. Defaults to false. When private_ip_address_allocation is set to Static the following fields can be configured:* private_ip_address - (Optional) The Static IP Address which should be used.Example Input: interfaces = { |
map(object({ |
null |
no |
| tags | * tags - (Optional) A map of tags to associate with the network and subnets.Example Input: tags = { |
map(string) |
null |
no |
| timeouts | The timeouts block allows you to specify timeouts for certain actions:* create - (Defaults to 30 minutes) Used when creating the Network Interface.* update - (Defaults to 30 minutes) Used when updating the Network Interface.* read - (Defaults to 5 minutes) Used when retrieving the Network Interface.* delete - (Defaults to 30 minutes) Used when deleting the Network Interface.Example Input: timeouts = { |
object({ |
null |
no |
| Name | Description |
|---|---|
| interface | * name - (Required) The name of the Network Interface. Changing this forces a new resource to be created.* resource_group_name - (Required) The name of the Resource Group in which to create the Network Interface. Changing this forces a new resource to be created.* location - (Required) The location where the Network Interface should exist. Changing this forces a new resource to be created.* auxiliary_mode - (Optional) Specifies the auxiliary mode used to enable network high-performance feature on Network Virtual Appliances (NVAs). This feature offers competitive performance in Connections Per Second (CPS) optimization, along with improvements to handling large amounts of simultaneous connections. Possible values are AcceleratedConnections, Floating, MaxConnections and None.* auxiliary_sku - (Optional) Specifies the SKU used for the network high-performance feature on Network Virtual Appliances (NVAs). Possible values are A8, A4, A1, A2 and None.* dns_servers - (Optional) A list of IP Addresses defining the DNS Servers which should be used for this Network Interface.* edge_zone - (Optional) Specifies the Edge Zone within the Azure Region where this Network Interface should exist. Changing this forces a new Network Interface to be created.* ip_forwarding_enabled - (Optional) Should IP Forwarding be enabled? Defaults to false.* accelerated_networking_enabled - (Optional) Should Accelerated Networking be enabled? Defaults to false.* internal_dns_name_label - (Optional) The (relative) DNS Name used for internal communications between Virtual Machines in the same Virtual Network.* tags - (Optional) A mapping of tags to assign to the resource.The ip_configuration block supports the following:* name - (Required) A name used for this IP Configuration.* gateway_load_balancer_frontend_ip_configuration_id - (Optional) The Frontend IP Configuration ID of a Gateway SKU Load Balancer.* subnet_id - (Optional) The ID of the Subnet where this Network Interface should be located in.* private_ip_address_version - (Optional) The IP Version to use. Possible values are IPv4 or IPv6. Defaults to IPv4.* private_ip_address_allocation - (Required) The allocation method used for the Private IP Address. Possible values are Dynamic and Static.* public_ip_address_id - (Optional) Reference to a Public IP Address to associate with this NIC* primary - (Optional) Is this the Primary IP Configuration? Must be true for the first ip_configuration when multiple are specified. Defaults to false.* private_ip_address - (Optional) The Static IP Address which should be used.Example output: output "name" { |
No modules.
For more details on Azure Network Interfaces and their configurations, refer to the Azure Network Interface documentation. This module is used to create and manage network interfaces for Azure VMs and other network resources.
- Ensure that the network interface is correctly associated with the appropriate virtual network and subnet.
- Configure network security groups (NSGs) and IP configurations to meet your network security and connectivity requirements.
- Validate your Terraform configuration before deployment to confirm that the network interface settings are applied as intended.
This module is licensed under the MIT License. See the LICENSE file for more details.