https://live.paloaltonetworks.com/t5/community-blogs/deploying-cloud-ngfw-for-azure-using-terraform/ba-p/566200 ====== Azure terraform basics ====== https://learn.microsoft.com/en-us/training/modules/terraform-introduction-to-infrastructure-as-code/1-introduction ====== Review of a project ====== https://m.youtube.com/watch?v=Hi0NIdwn0nk ====== AzureRM provider 4.0 ====== https://youtu.be/02T9wwqK6qk?si=asFdeIQjXO_Ub4yL ====== map match====== Certainly! Let's create a simplified example to illustrate how the map function is used in your Terraform code. We'll simulate the structure of the data and show how the mapping is done. Imagine you have a module that outputs a list of virtual hub connections. Each connection has a `remote_virtual_network_id` and other properties. We'll use this data to create a new map where the keys are these network IDs, and the values are the entire connection objects. Here's a hypothetical example: ### Initial Data (Simulated) Suppose the `module.alz_connectivity.azurerm_virtual_hub_connection.virtual_wan` outputs something like this: ```hcl [ { id: "connection1", remote_virtual_network_id: "network1", // other properties... }, { id: "connection2", remote_virtual_network_id: "network2", // other properties... } ] ``` ### Terraform Map Function We want to create a map from this data where the key is `remote_virtual_network_id` and the value is the whole object. ```hcl locals { virhubconnection_map = { for connection in module.alz_connectivity.azurerm_virtual_hub_connection.virtual_wan : connection.remote_virtual_network_id => connection } } ``` ### Resulting Map The `local.virhubconnection_map` will look like this: ```hcl { "network1" = { id: "connection1", remote_virtual_network_id: "network1", // other properties... }, "network2" = { id: "connection2", remote_virtual_network_id: "network2", // other properties... } } ``` ### Usage in BGP Connections You can then use this map to easily find a connection based on its `remote_virtual_network_id`. For example: ```hcl virtual_network_connection_id = local.virhubconnection_map["network1"].id ``` This line will get the `id` of the connection whose `remote_virtual_network_id` is `"network1"`, effectively retrieving the `id` of `connection1` in our example. This demonstrates the power of the map function in organizing and accessing data more efficiently in Terraform configurations. ====== DATA issue replace ====== https://itnext.io/beware-of-depends-on-for-modules-it-might-bite-you-da4741caac70 ====== delete wit az cli peer ====== az network vwan bgp-connection delete --name peer1 --vhub-name myVhub --resource-group myResourceGroup --subscription mySubscriptionId ====== iam ====== provider "azurerm" { features {} } provider "azuread" {} # Define Azure subscriptions in locals locals { subscriptions = { dev = { name = "Dev Subscription" subscription_id = "YOUR_DEV_SUBSCRIPTION_ID" }, prod = { name = "Prod Subscription" subscription_id = "YOUR_PROD_SUBSCRIPTION_ID" } } } # Iterate over each subscription resource "azurerm_role_assignment" "example" { for_each = local.subscriptions principal_id = azuread_group.example[each.key].object_id role_definition_name = "Reader" scope = "/subscriptions/${each.value.subscription_id}" } # Create Azure AD groups and add users for each subscription resource "azuread_group" "example" { for_each = local.subscriptions name = "Group_${each.key}" description = "Azure AD Group for ${each.value.name}" } resource "azuread_group_member" "example" { for_each = local.subscriptions group_id = azuread_group.example[each.key].id members = [ "user1@example.com", "user2@example.com", # Add more user email addresses as needed for each subscription ] } ====== Azapi ====== https://learn.microsoft.com/en-us/azure/developer/terraform/get-started-azapi-resource ====== silver-peak ====== provider "azurerm" { features = {} } resource "azurerm_resource_group" "example" { name = "your-resource-group-name" location = "your-location" } resource "azurerm_virtual_network" "example" { name = "your-virtual-network" address_space = ["10.0.0.0/16"] location = azurerm_resource_group.example.location resource_group_name = azurerm_resource_group.example.name } resource "azurerm_subnet" "example" { name = "your-subnet" resource_group_name = azurerm_resource_group.example.name virtual_network_name = azurerm_virtual_network.example.name address_prefixes = ["10.0.1.0/24"] } resource "azurerm_network_security_group" "example" { name = "your-nsg" location = azurerm_resource_group.example.location resource_group_name = azurerm_resource_group.example.name } resource "azurerm_subnet_network_security_group_association" "example" { subnet_id = azurerm_subnet.example.id network_security_group_id = azurerm_network_security_group.example.id } resource "azurerm_network_interface" "example" { name = "your-network-interface" location = azurerm_resource_group.example.location resource_group_name = azurerm_resource_group.example.name ip_configuration { name = "internal" subnet_id = azurerm_subnet.example.id private_ip_address_allocation = "Dynamic" } } resource "azurerm_windows_virtual_machine" "example" { name = "your-vm-name" resource_group_name = azurerm_resource_group.example.name location = azurerm_resource_group.example.location size = "Standard_DS2_v2" admin_username = "your-admin-username" admin_password = "your-admin-password" network_interface_ids = [azurerm_network_interface.example.id] os_profile { computer_name = "your-vm-name" admin_username = "your-admin-username" admin_password = "your-admin-password" } os_profile_windows_config { provision_vm_agent = true } } output "resource_group_name" { value = azurerm_resource_group.example.name } output "virtual_network_id" { value = azurerm_virtual_network.example.id } output "subnet_id" { value = azurerm_subnet.example.id } output "network_security_group_id" { value = azurerm_network_security_group.example.id } output "network_interface_id" { value = azurerm_network_interface.example.id } output "virtual_machine_id" { value = azurerm_windows_virtual_machine.example.id }