Thanks to visit codestin.com
Credit goes to github.com

Skip to content
/ terraform-azure-nsg Public

This Terraform module is used to create Azure Network Security Group on AZURE. An Azure Network Security Group (NSG) is a fundamental Azure security tool that acts as a basic, stateful packet filtering firewall to control network traffic to and from Azure resources within a virtual network

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

terraform-az-modules/terraform-azure-nsg

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

6 Commits
.github
.github
Β 
Β 
examples
examples
Β 
Β 
.deepsource.toml
.deepsource.toml
Β 
Β 
.editorconfig
.editorconfig
Β 
Β 
.gitignore
.gitignore
Β 
Β 
CHANGELOG.md
CHANGELOG.md
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
README.yaml
README.yaml
Β 
Β 
data.tf
data.tf
Β 
Β 
locals.tf
locals.tf
Β 
Β 
main.tf
main.tf
Β 
Β 
outputs.tf
outputs.tf
Β 
Β 
permissions.tf
permissions.tf
Β 
Β 
variables.tf
variables.tf
Β 
Β 
versions.tf
versions.tf
Β 
Β 

Repository files navigation

Banner

Terraform Azure Network Security Group

With our comprehensive DevOps toolkit - streamline operations, automate workflows, enhance collaboration and, most importantly, deploy with confidence.

Terraform Licence Changelog

We are a group of DevOps engineers and architects collaborating to build standardized, scalable, and secure infrastructure in today's ever-evolving digital landscape. Rooted in a strong belief in automation and modular designβ€”much like microservicesβ€”we focus on decomposing infrastructure into smaller, reusable components such as databases, clusters, and more. These components are built to follow industry best practices and are easy to manage, scale, and secure.

This repository is part of the terraform-az-modules organization and provides open-source, reusable Terraform modules. It includes practical examples and workflows to help users quickly understand, implement, and improve their infrastructure with minimal configuration and high maintainability.

Prerequisites and Providers

This table contains both Prerequisites and Providers:

Description Name Version
Prerequisite Terraform >= 1.6.6
Provider azure >= 3.90.0

Examples

IMPORTANT: Since the master branch used in source varies based on new modifications, we recommend using the release versions.

πŸ“Œ For additional usage examples, check the complete list under examples/ directory.

Requirements

Name Version
terraform >= 1.6.6
azurerm >=3.85.0

Providers

Name Version
azurerm >=3.85.0

Modules

Name Source Version
labels terraform-az-modules/tags/azure 1.0.0

Resources

Name Type
azurerm_monitor_diagnostic_setting.nsg_diagnostic resource
azurerm_network_security_group.nsg resource
azurerm_network_security_rule.inbound resource
azurerm_network_security_rule.outbound resource
azurerm_network_watcher_flow_log.nsg_flow_logs resource

Inputs

Name Description Type Default Required
create Used when creating the Resource Group. string "30m" no
custom_name Override default naming convention string null no
delete Used when deleting the Resource Group. string "30m" no
deployment_mode Specifies how the infrastructure/resource is deployed string "terraform" no
enable_diagnostic Set to false to prevent the module from creating the diagnosys setting for the NSG Resource.. bool false no
enable_flow_logs Flag to be set true when network security group flow logging feature is to be enabled. bool false no
enable_traffic_analytics Boolean flag to enable/disable traffic analytics. bool false no
enabled Set to false to prevent the module from creating any resources. bool true no
environment Environment (e.g. prod, dev, staging). string "" no
eventhub_authorization_rule_id Eventhub authorization rule id to pass it to destination details of diagnosys setting of NSG. string null no
eventhub_name Eventhub Name to pass it to destination details of diagnosys setting of NSG. string null no
extra_tags Variable to pass extra tags. map(string) null no
flow_log_retention_policy_days Flow log retention days must be between 0 and 365 for all configurations. number 100 no
flow_log_retention_policy_enabled Boolean flag to enable/disable retention. bool false no
flow_log_storage_account_id The id of storage account in which flow logs will be received. Note: Currently, only standard-tier storage accounts are supported. string null no
flow_log_version The version (revision) of the flow log. Possible values are 1 and 2. number 1 no
inbound_rules List of objects that represent the configuration of each inbound rule. 
list(object({
    name                         = string
    priority                     = number
    access                       = string
    protocol                     = string
    source_address_prefix        = optional(string)
    source_address_prefixes      = optional(list(string))
    source_port_range            = optional(string)
    destination_address_prefix   = optional(string)
    destination_address_prefixes = optional(list(string))
    destination_port_range       = optional(string)
    description                  = optional(string)
  }))
 [] no
label_order The order of labels used to construct resource names or tags. If not specified, defaults to ['name', 'environment', 'location']. list(any) 
[
  "name",
  "environment",
  "location"
]
 no
location The location/region where the virtual network is created. Changing this forces a new resource to be created. string "" no
log_analytics_destination_type Possible values are AzureDiagnostics and Dedicated, default to AzureDiagnostics. When set to Dedicated, logs sent to a Log Analytics workspace will go into resource specific tables, instead of the legacy AzureDiagnostics table. string "AzureDiagnostics" no
log_analytics_workspace_id log analytics workspace id to pass it to destination details of diagnosys setting of NSG. string null no
log_analytics_workspace_resource_id The resource ID of the attached log analytics workspace. string null no
logs List of log categories. Defaults to all available. list(map(string)) [] no
managedby ManagedBy, eg 'terraform-az-modules'. string "terraform-az-modules" no
name Name (e.g. app or cluster). string "" no
network_watcher_name The name of the Network Watcher. Changing this forces a new resource to be created. string null no
outbound_rules List of objects that represent the configuration of each outbound rule. 
list(object({
    name                         = string
    priority                     = number
    access                       = string
    protocol                     = string
    source_address_prefix        = optional(string)
    source_address_prefixes      = optional(list(string))
    source_port_range            = optional(string)
    destination_address_prefix   = optional(string)
    destination_address_prefixes = optional(list(string))
    destination_port_range       = optional(string)
    description                  = optional(string)
  }))
 [] no
read Used when retrieving the Resource Group. string "5m" no
repository Terraform current module repo string "https://github.com/terraform-az-modules/terraform-azure-nsg" no
resource_group_name The name of the resource group in which to create the network security group. string n/a yes
resource_position_prefix Controls the placement of the resource type keyword (e.g., "vnet", "ddospp") in the resource name.

- If true, the keyword is prepended: "vnet-core-dev".
- If false, the keyword is appended: "core-dev-vnet".

This helps maintain naming consistency based on organizational preferences.		 bool true no
traffic_analytics_settings Settings for traffic analytics. This is used when enable_traffic_analytics is set to true. 
object({
    log_analytics_workspace_id          = string
    workspace_region                    = string
    log_analytics_workspace_resource_id = string
    interval_in_minutes                 = number
  })
 
{
  "interval_in_minutes": 60,
  "log_analytics_workspace_id": null,
  "log_analytics_workspace_resource_id": null,
  "workspace_region": null
}
 no
update Used when updating the Resource Group. string "30m" no

Outputs

Name Description
id The network security group configuration ID.
name The name of the network security group.
network_security_group_id The ID of network security group
network_watcher_name The name of the Network Watcher. Changing this forces a new resource to be created.
storage_account_id The ID of the Storage Account where flow logs are stored.
tags The tags assigned to the resource.

Module Dependencies

This module has dependencies on:

πŸ“‘ Changelog

Refer here.

✨ Contributors

Big thanks to our contributors for elevating our project with their dedication and expertise! But, we do not wish to stop there, would like to invite contributions from the community in improving these projects and making them more versatile for better reach. Remember, every bit of contribution is immensely valuable, as, together, we are moving in only 1 direction, i.e. forward.



If you're considering contributing to our project, here are a few quick guidelines that we have been following (Got a suggestion? We are all ears!):

  • Fork the Repository: Create a new branch for your feature or bug fix.
  • Coding Standards: You know the drill.
  • Clear Commit Messages: Write clear and concise commit messages to facilitate understanding.
  • Thorough Testing: Test your changes thoroughly before submitting a pull request.
  • Documentation Updates: Include relevant documentation updates if your changes impact it.

Feedback

Spot a bug or have thoughts to share with us? Let's squash it together! Log it in our issue tracker, feel free to drop us an email at [email protected]).

Show some love with a β˜… on our GitHub! if our work has brightened your day! – your feedback fuels our journey!

πŸš€ Our Accomplishment

We have 50+ Azure Terraform modules πŸ™Œ. You could consider them finished, but, with enthusiasts like yourself, we are able to ever improve them, so we call our status - improvement in progress.

Tap into our capabilities

We provide a platform for organizations to engage with experienced, top-tier DevOps and Cloud professionals. Tap into our pool of certified engineers and architects to elevate your DevOps and Cloud solutions.

At Azure Terraform Modules Organisation, we have extensive experience in designing, building, and migrating environments; securing infrastructure; consulting; monitoring; optimizing; automating; and maintaining complex, large-scale modern systems. With a strong client presence across American and European regions, our certified experts deliver robust and scalable cloud solutions.

Write to us at [email protected].

We are The Cloud Experts!

We ❀️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

About

This Terraform module is used to create Azure Network Security Group on AZURE. An Azure Network Security Group (NSG) is a fundamental Azure security tool that acts as a basic, stateful packet filtering firewall to control network traffic to and from Azure resources within a virtual network

Topics

devops cloud azure terraform hcl terraform-modules azurerm azure-network-security-groups tf-az-modules

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

1.0.0 Latest
Jun 5, 2025

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages