Azure Route Table Terraform Module

This module is designed to manage Azure route tables and their associations within a Virtual Network (VNet). It supports configuring route definitions, associating route tables to subnets, and applying management locks for governance and security.

Features

• Route Table Management: Create and configure Azure route tables.
• Custom Routes: Define routes with address prefixes, next hop types, and optional next hop IP addresses.
• Subnet Association: Attach route tables to subnets for traffic control.
• Management Locks: Apply locks to protect route tables from accidental deletion or modification.
• Configurable Timeouts: Set custom timeouts for create, update, read, and delete operations.

Example Usage

This example shows how to provision an Azure route table, define routes, associate it with a subnet, and apply management locks.

resource "azurerm_resource_group" "vnetrg" {
  name     = "rg-vnet-example"
  location = "germanywestcentral"
}

module "vnet-test" {
  source              = "CloudAstro/virtual-network/azurerm"
  name                = "vnet-test"
  location            = azurerm_resource_group.vnetrg.location
  resource_group_name = azurerm_resource_group.vnetrg.name
  address_space       = ["10.10.0.0/24"]
}

module "snet-test" {
  source               = "CloudAstro/subnet/azurerm"
  name                 = "snet-test"
  resource_group_name  = azurerm_resource_group.vnetrg.name
  virtual_network_name = module.vnet-test.virtual_network.name
  address_prefixes     = ["10.10.0.0/24"]
}

module "route-table" {
  source                        = "../../"
  name                          = "rt-example"
  location                      = azurerm_resource_group.vnetrg.location
  resource_group_name           = azurerm_resource_group.vnetrg.name
  subnet_id                     = module.snet-test.subnet.id
  bgp_route_propagation_enabled = true

  tags = {
    environment = "test"
  }

  routes = {
    "route1" = {
      address_prefix         = "8.8.8.8/32"
      next_hop_type          = "VirtualAppliance"
      next_hop_in_ip_address = "10.10.0.1"
    }
  }
}

Requirements

Name	Version
terraform	~> 1.9.0
azurerm	>= 4.0.0

Providers

Name	Version
azurerm	>= 4.0.0

Resources

Name	Type
azurerm_management_lock.route_table_lock	resource
azurerm_route.route	resource
azurerm_route_table.route_table	resource
azurerm_subnet_route_table_association.route_table_association	resource

Inputs

Name	Description	Type	Default	Required
location	* location - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. Example input: location = "us-east-1"	string	n/a	yes
name	* name - (Required) The name of the route table. Changing this forces a new resource to be created. Example Input: name = "rt-external-net"	string	n/a	yes
resource_group_name	* resource_group_name - (Required) The name of the resource group in which to create the route table. Changing this forces a new resource to be created. Example Input: resource_group_name = "rg-external-net"	string	n/a	yes
subnet_id	* subnet_id - (Required) The ID of the Subnet. Changing this forces a new resource to be created. Example Input: subnet_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-vnet/providers/Microsoft.Network/virtualNetworks/vnet-name/subnets/snet-name"	string	n/a	yes
bgp_route_propagation_enabled	* bgp_route_propagation_enabled - (Optional) Boolean flag which controls propagation of routes learned by BGP on that route table. Defaults to true. Example Input: bgp_route_propagation_enabled = true	bool	true	no
management_lock	* management_lock - (Optional) The management_lock block resource as defined below. * name - (Required) Specifies the name of the Management Lock. Changing this forces a new resource to be created. * scope - (Required) Specifies the scope at which the Management Lock should be created. Changing this forces a new resource to be created. * lock_level - (Required) Specifies the Level to be used for this Lock. Possible values are CanNotDelete and ReadOnly. Changing this forces a new resource to be created. ~> Note: CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. * notes - (Optional) Specifies some notes about the lock. Maximum of 512 characters. Changing this forces a new resource to be created. The timeouts block allows you to specify timeouts for certain actions: * create - (Defaults to 30 minutes) Used when creating the Management Lock. * read - (Defaults to 5 minutes) Used when retrieving the Management Lock. * delete - (Defaults to 30 minutes) Used when deleting the Management Lock. Example Input: management_lock = { lock1 = { name = "lock1" lock_level = "ReadOnly" notes = "This is a test lock" } }	map(object({ name = string scope = optional(string) lock_level = string notes = optional(string) timeouts = optional(object({ create = optional(string, "30") read = optional(string, "5") delete = optional(string, "30") })) }))	null	no
routes	* route - (Optional) The route block resource as defined below. * name - (Required) The name of the route. Changing this forces a new resource to be created. * resource_group_name - (Required) The name of the resource group in which to create the route. Changing this forces a new resource to be created. * route_table_name - (Required) The name of the route table within which create the route. Changing this forces a new resource to be created. * address_prefix - (Required) The destination to which the route applies. Can be CIDR (such as 10.1.0.0/16) or Azure Service Tag (such as ApiManagement, AzureBackup or AzureMonitor) format. * next_hop_type - (Required) The type of Azure hop the packet should be sent to. Possible values are VirtualNetworkGateway, VnetLocal, Internet, VirtualAppliance and None. * next_hop_in_ip_address - (Optional) Contains the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. The timeouts block allows you to specify timeouts for certain actions: * create - (Defaults to 30 minutes) Used when creating the Route. * update - (Defaults to 30 minutes) Used when updating the Route. * read - (Defaults to 5 minutes) Used when retrieving the Route. * delete - (Defaults to 30 minutes) Used when deleting the Route. Example Input: routes = { route-to-onprem = { address_prefix = "10.1.0.0/16" next_hop_type = "VirtualAppliance" next_hop_in_ip_address = "10.150.0.10" } route-to-xyz = { address_prefix = "10.2.0.0/16" next_hop_type = "VirtualAppliance" next_hop_in_ip_address = "10.120.0.15" } }	map(object({ name = optional(string) resource_group_name = optional(string) route_table_name = optional(string) address_prefix = string next_hop_type = string next_hop_in_ip_address = optional(string) timeouts = optional(object({ create = optional(string, "30") update = optional(string, "30") read = optional(string, "5") delete = optional(string, "30") })) }))	null	no
tags	* tags - (Optional) A mapping of tags to assign to the resource. Example Input: tags = { foo = bar }	map(string)	null	no
timeouts	The timeouts block allows you to specify timeouts for certain actions: * create - (Defaults to 30 minutes) Used when creating the Route Table. * update - (Defaults to 30 minutes) Used when updating the Route Table. * read - (Defaults to 5 minutes) Used when retrieving the Route Table. * delete - (Defaults to 30 minutes) Used when deleting the Route Table.	object({ create = optional(string, "30") update = optional(string, "30") read = optional(string, "5") delete = optional(string, "30") })	null	no

Outputs

Name

Description

route_table

* name - The name of the Route Table. * resource_group_name - The name of the Resource Group in which the Route Table exists.The following attributes are exported: * bgp_route_propagation_enabled - Boolean flag which controls propagation of routes learned by BGP on that route table. * id - The Route Table ID. * location - The Azure Region in which the Route Table exists. * subnets - The collection of Subnets associated with this route table. * tags - A mapping of tags assigned to the Route Table. * route - One or more route blocks as documented below. The route block exports the following: * name - The name of the Route. * address_prefix - The destination CIDR to which the route applies. * next_hop_type - The type of Azure hop the packet should be sent to. * next_hop_in_ip_address - Contains the IP address packets should be forwarded to. Example output: output "name" { value = module.module_name.route_table.name }

Modules

No modules.

🌐 Additional Information

This module provides a flexible way to manage Azure route tables, including custom routes, subnet associations, and management locks. It is suitable for standalone deployments or as part of larger Azure network infrastructures.

📚 Resources

• Terraform AzureRM Route Table Resource
• Terraform AzureRM Route Resource
• Terraform AzureRM Subnet Route Table Association
• Terraform AzureRM Management Lock
• Terraform AzureRM Provider

⚠️ Notes

• Ensure route address prefixes do not conflict with existing subnets or routes.
• Validate that next hop types (e.g., VirtualAppliance, Internet, VnetPeering) are supported for your use case.
• Subnet associations should be reviewed carefully to avoid unintentional routing behavior.
• Management locks can prevent accidental deletion but may require additional permissions to modify or remove.

🧾 License

This module is released under the Apache 2.0 License. See the LICENSE file for full details.