Terraform-provider-azurerm: Support for Azure Firewall Manager resources

@jturver1 Thank you for submitting this feature request :+1:

I had a try with the API, feels we can create the following resources, which are almost same as your listing, with some minor changes:

• [x] azurerm_firewall_policy: The firewall policy resource
• [ ] azurerm_firewall_policy_rule_collection_group: The firewall rule collection group belonging to some firewall policy resource.

Regarding the firewall resource itself, we shall enhance the existing azurerm_firewall to allow it to specify the firewall_policy.

Currently, I have not looked into the secured virtual hub or hub virtual network. I will update that part here later.

Or do you have any opinion on this?

Hi Magodo, that sounds great thank you 👍

I agree that the resources above are the priority for now. We want to be able to manage the policy and rule sets on a high frequency basis using Terraform state awareness.

It would be great to have terraform manage the Secure Virtual Hub construct as well, but that will mostly be a deploy and destroy only construct and we can use a null resource with local exec to do that for now.

Many thanks and please keep up your valuable efforts in proactive maintenance of AzureRM they are greatly appreciated.

Quick update and additional request for the Firewall Manager, Firewall Policy resource configuration:
Can we please include a section to:

• Enable / Disable ThreatIntelligence feature (set mode)
• Manage ThreatIntelligence whitelist

API ref here (evolving fast):

• https://docs.microsoft.com/en-us/rest/api/virtualnetwork/firewallpolicies/createorupdate
  
  
  
  • ThreatIntelligence settings: AzureFirewallThreatIntelMode
  
  
  • ThreatIntelligenceWhitelist: FirewallPolicyThreatIntelWhitelist
  
  

Many thanks again

@jturver1 These two properties have been covered in the linked PR #7390.

@magodo Is secure virtual hub under consideration for being implemented anytime soon?

@ersil Yes, will be implemented soon.

@jackofallops @magodo If you want, I can take a crack at this. But it seems like you are already working so I'd prefer not to duplicate

Hi,

I have created an "azure_firewall" and a "azurerm_firewall_policy". But I cannot find any documentation on how to connect these two resources. Have tried to add firewall_policy_id in "azure_firewall", but get message: An argument named "firewall_policy_id" is not expected here.

I cannot find any documentation that describe how to connect an Azure Firewall Policy to an Azure Firewall.

Have I missed something or is this not supported yet?

@runemy Its currently not supported, but maybe if you wait till Thursday and release 2.36 it will finally be supported :) Just follow this pull request https://github.com/terraform-providers/terraform-provider-azurerm/pull/8879

This has been released in version 2.37.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.37.0"
}
# ... other configuration ...

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!