<- All Blueprints
Create a template that deploys...

Azure Network Security Group

This blueprint creates an Azure Network Security Group (NSG) with best practices in mind, encouraging the definition of specific security rules to control network traffic and enhance security. It uses secure defaults while allowing customization to suit different requirements. The blueprint also promotes the use of tags for better resource identification and management, organizing variables into intuitive groups to assist users—including those who may not be cloud infrastructure experts—in configuring essential and advanced settings easily.

Template code
Automatically generated UI

---
constants:
  __name: "{{ name }}_{{ __guid }}"
variables:
  name:
    desc: "Name of the Network Security Group."
    required: true
    group: NSG Details
  resource_group_name:
    desc: "Name of the Resource Group."
    required: true
    group: NSG Details
    links_to: resource.azurerm_resource_group.name
  location:
    desc: "Azure region where the Network Security Group will be created."
    required: true
    group: NSG Details
    default: "eastus"
  security_rules:
    group: Security Rules
    required: false
  tags:
    group: Tags
    required: false
groups:
  NSG Details:
    order: 1
    desc: "Basic settings for the Network Security Group."
  Security Rules:
    order: 2
    desc: "Define inbound and outbound security rules."
  Tags:
    order: 3
    desc: "Tags to assign to the Network Security Group."
---

resource "azurerm_network_security_group" "__name" {
  name                = {{ name }}
  location            = {{ location }}
  resource_group_name = {{ resource_group_name }}

{{# security_rules }}
  security_rule {
    name                       = {{ security_rules.name | required: true }}
    priority                   = {{ security_rules.priority | desc: "Priority between 100 and 4096." | required: true }}
    direction                  = {{ security_rules.direction | desc: "Inbound or Outbound." | required: true | default: "Inbound" }}
    access                     = {{ security_rules.access | desc: "Allow or Deny." | required: true | default: "Allow" }}
    protocol                   = {{ security_rules.protocol | desc: "Tcp, Udp, Icmp, or *." | required: true | default: "*" }}
    source_port_range          = {{ security_rules.source_port_range | desc: "Source port range between 0-65535 or *." | required: false | default: "*" }}
    destination_port_range     = {{ security_rules.destination_port_range | desc: "Destination port range between 0-65535 or *." | required: false | default: "*" }}
    source_address_prefix      = {{ security_rules.source_address_prefix | desc: "CIDR or *." | required: false | default: "*" }}
    destination_address_prefix = {{ security_rules.destination_address_prefix | desc: "CIDR or *." | required: false | default: "*" }}
    description                = {{ security_rules.description | required: false }}
  }
{{/ security_rules }}

  tags = {
    Name = {{ name }}
    {{# tags }}
      {{ tags.key | required: false }} = {{ tags.value | required: false }}
    {{/ tags }}
  }
}

// Encourages defining specific security rules to control inbound and outbound traffic.
// Uses default settings that promote security while allowing customization.
// Tags are included for better resource management and identification.
//
What am I looking at?

Talk to a Human

See Resourcely in action and learn how it can help you secure and manage your cloud infrastructure today!