Skip to content

Add Terraform quickstart template for Azure NAT Gateway Standard V2#479

Open
asudbring wants to merge 7 commits intoAzure:masterfrom
asudbring:us568272-nat-v2
Open

Add Terraform quickstart template for Azure NAT Gateway Standard V2#479
asudbring wants to merge 7 commits intoAzure:masterfrom
asudbring:us568272-nat-v2

Conversation

@asudbring
Copy link
Copy Markdown
Contributor

@asudbring asudbring commented Apr 9, 2026

Summary

Adds a new Terraform quickstart template (quickstart/101-nat-gateway-v2-create/) that deploys an Azure NAT Gateway using the Standard V2 SKU. This template is the Terraform equivalent of the Bicep template in the Quickstart: Create a Standard V2 Azure NAT Gateway - Deployment templates article, intended to be referenced from a new "Terraform" tab in that documentation.

Resources deployed

The template creates all resources matching the Bicep template in the article:

Resource Terraform Type Key Configuration
Resource Group azurerm_resource_group Random pet name prefix
NAT Gateway azurerm_nat_gateway sku_name = "StandardV2" (zone-redundant by default)
Public IP azurerm_public_ip sku = "StandardV2", Static allocation, IPv4
NAT Gateway ↔ Public IP azurerm_nat_gateway_public_ip_association Links NAT GW to public IP
Virtual Network azurerm_virtual_network 10.0.0.0/16 address space
Subnet azurerm_subnet 10.0.0.0/24 prefix
Subnet ↔ NAT Gateway azurerm_subnet_nat_gateway_association Associates subnet with NAT GW
Network Security Group azurerm_network_security_group Empty rules (Bastion provides access)
Network Interface azurerm_network_interface Dynamic private IP, no public IP
NIC ↔ NSG azurerm_network_interface_security_group_association Links NIC to NSG
Linux Virtual Machine azurerm_linux_virtual_machine Standard_D2s_v3, Ubuntu 22.04 LTS
Bastion Host azurerm_bastion_host Developer SKU (uses VNet ID, no dedicated subnet)
SSH Key tls_private_key RSA 4096-bit for VM authentication

Template structure

Follows this repo's standard quickstart conventions:

  • providers.tf — azurerm ~>4.0, random ~>3.0, tls ~>4.0
  • variables.tf — resource_group_location (centralus), resource_group_name_prefix, username
  • main.tf — All Azure resources
  • ssh.tf — TLS SSH key generation
  • outputs.tf — resource_group_name, nat_gateway_name, nat_gateway_id, location
  • readme.md — Standard format with resource types table and variables
  • TestRecord.md — Placeholder for CI test results

Key differences from existing 101-nat-gateway-create

Feature 101-nat-gateway-create (existing) 101-nat-gateway-v2-create (new)
NAT Gateway SKU Standard StandardV2
Public IP SKU Standard StandardV2
Bastion None Developer SKU
VM public IP Yes (direct) No (Bastion access only)
SSH key generation azapi provider tls provider
Provider version azurerm ~>3.0 azurerm ~>4.0
VM size Standard_DS1_v2 Standard_D2s_v3
Boot diagnostics storage Yes No (uses managed)

Testing

Validated locally with Terraform v1.13+ and azurerm v4.67.0:

  • terraform fmt — passed (no formatting issues)
  • terraform validate — passed (configuration is valid)
  • terraform plan — 16 resources planned successfully
  • terraform apply — all 14 Azure resources deployed successfully to centralus
  • terraform destroy — all 14 resources cleaned up successfully

Related documentation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@asudbring