From 165a8c5779a6e1063a7ce0f9cba06cb99eed2e55 Mon Sep 17 00:00:00 2001 From: asudbring Date: Wed, 8 Apr 2026 22:33:21 -0500 Subject: [PATCH 1/9] docs: Add providers.tf for NAT Gateway V2 quickstart template --- .../101-nat-gateway-v2-create/providers.tf | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 quickstart/101-nat-gateway-v2-create/providers.tf diff --git a/quickstart/101-nat-gateway-v2-create/providers.tf b/quickstart/101-nat-gateway-v2-create/providers.tf new file mode 100644 index 000000000..243f14c3d --- /dev/null +++ b/quickstart/101-nat-gateway-v2-create/providers.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>4.0" + } + random = { + source = "hashicorp/random" + version = "~>3.0" + } + tls = { + source = "hashicorp/tls" + version = "~>4.0" + } + } +} + +provider "azurerm" { + features {} +} From b11054cb84eb252085b6821f8fd4ccbe026f87d5 Mon Sep 17 00:00:00 2001 From: asudbring Date: Wed, 8 Apr 2026 22:33:28 -0500 Subject: [PATCH 2/9] docs: Add variables.tf for NAT Gateway V2 quickstart template --- .../101-nat-gateway-v2-create/variables.tf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 quickstart/101-nat-gateway-v2-create/variables.tf diff --git a/quickstart/101-nat-gateway-v2-create/variables.tf b/quickstart/101-nat-gateway-v2-create/variables.tf new file mode 100644 index 000000000..382a3df2a --- /dev/null +++ b/quickstart/101-nat-gateway-v2-create/variables.tf @@ -0,0 +1,17 @@ +variable "resource_group_location" { + type = string + default = "centralus" + description = "Location of the resource group." +} + +variable "resource_group_name_prefix" { + type = string + default = "rg" + description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." +} + +variable "username" { + type = string + description = "The username for the local account that will be created on the new VM." + default = "azureuser" +} From 00328a4bccd22fe3ddc54539f82a6d524110c137 Mon Sep 17 00:00:00 2001 From: asudbring Date: Wed, 8 Apr 2026 22:33:35 -0500 Subject: [PATCH 3/9] docs: Add main.tf with StandardV2 NAT Gateway, VM, and Bastion resources --- quickstart/101-nat-gateway-v2-create/main.tf | 124 +++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 quickstart/101-nat-gateway-v2-create/main.tf diff --git a/quickstart/101-nat-gateway-v2-create/main.tf b/quickstart/101-nat-gateway-v2-create/main.tf new file mode 100644 index 000000000..bd7125b66 --- /dev/null +++ b/quickstart/101-nat-gateway-v2-create/main.tf @@ -0,0 +1,124 @@ +# Resource Group +resource "azurerm_resource_group" "rg" { + location = var.resource_group_location + name = "${random_pet.prefix.id}-rg" +} + +# Network Security Group +resource "azurerm_network_security_group" "nsg" { + name = "nsg-1" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name +} + +# Public IP address for NAT Gateway (StandardV2) +resource "azurerm_public_ip" "nat_pip" { + name = "public-ip-nat" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + allocation_method = "Static" + sku = "StandardV2" + ip_version = "IPv4" + idle_timeout_in_minutes = 4 +} + +# NAT Gateway (StandardV2) +resource "azurerm_nat_gateway" "nat_gw" { + name = "nat-gateway" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + sku_name = "StandardV2" + idle_timeout_in_minutes = 4 +} + +# Associate NAT Gateway with Public IP +resource "azurerm_nat_gateway_public_ip_association" "nat_pip_assoc" { + nat_gateway_id = azurerm_nat_gateway.nat_gw.id + public_ip_address_id = azurerm_public_ip.nat_pip.id +} + +# Virtual Network +resource "azurerm_virtual_network" "vnet" { + name = "vnet-1" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name +} + +# Subnet +resource "azurerm_subnet" "subnet" { + name = "subnet-1" + resource_group_name = azurerm_resource_group.rg.name + virtual_network_name = azurerm_virtual_network.vnet.name + address_prefixes = ["10.0.0.0/24"] +} + +# Associate NAT Gateway with Subnet +resource "azurerm_subnet_nat_gateway_association" "subnet_nat_assoc" { + subnet_id = azurerm_subnet.subnet.id + nat_gateway_id = azurerm_nat_gateway.nat_gw.id +} + +# Network Interface +resource "azurerm_network_interface" "nic" { + name = "nic-1" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + + ip_configuration { + name = "ipconfig-1" + subnet_id = azurerm_subnet.subnet.id + private_ip_address_allocation = "Dynamic" + } +} + +# Connect NSG to NIC +resource "azurerm_network_interface_security_group_association" "nic_nsg_assoc" { + network_interface_id = azurerm_network_interface.nic.id + network_security_group_id = azurerm_network_security_group.nsg.id +} + +# Linux Virtual Machine +resource "azurerm_linux_virtual_machine" "vm" { + name = "vm-1" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + network_interface_ids = [azurerm_network_interface.nic.id] + size = "Standard_D2s_v3" + + os_disk { + name = "vm-1_disk1" + caching = "ReadWrite" + storage_account_type = "Premium_LRS" + disk_size_gb = 30 + } + + source_image_reference { + publisher = "Canonical" + offer = "0001-com-ubuntu-server-jammy" + sku = "22_04-lts-gen2" + version = "latest" + } + + computer_name = "vm-1" + admin_username = var.username + + admin_ssh_key { + username = var.username + public_key = tls_private_key.ssh.public_key_openssh + } +} + +# Bastion Host (Developer SKU) +resource "azurerm_bastion_host" "bastion" { + name = "bastion-host" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + sku = "Developer" + virtual_network_id = azurerm_virtual_network.vnet.id +} + +resource "random_pet" "prefix" { + prefix = var.resource_group_name_prefix + length = 1 +} From 7bf886e7d81292e2b86b56674f391ac1cc6ec569 Mon Sep 17 00:00:00 2001 From: asudbring Date: Wed, 8 Apr 2026 22:33:42 -0500 Subject: [PATCH 4/9] docs: Add ssh.tf with TLS key generation for VM authentication --- quickstart/101-nat-gateway-v2-create/ssh.tf | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 quickstart/101-nat-gateway-v2-create/ssh.tf diff --git a/quickstart/101-nat-gateway-v2-create/ssh.tf b/quickstart/101-nat-gateway-v2-create/ssh.tf new file mode 100644 index 000000000..b78d45bf3 --- /dev/null +++ b/quickstart/101-nat-gateway-v2-create/ssh.tf @@ -0,0 +1,9 @@ +resource "tls_private_key" "ssh" { + algorithm = "RSA" + rsa_bits = 4096 +} + +output "key_data" { + value = tls_private_key.ssh.public_key_openssh + sensitive = true +} From 5b7da9d3bd0c18ca186c661e9938d39d8628c213 Mon Sep 17 00:00:00 2001 From: asudbring Date: Wed, 8 Apr 2026 22:33:49 -0500 Subject: [PATCH 5/9] docs: Add outputs.tf for NAT Gateway V2 quickstart template --- .../101-nat-gateway-v2-create/outputs.tf | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 quickstart/101-nat-gateway-v2-create/outputs.tf diff --git a/quickstart/101-nat-gateway-v2-create/outputs.tf b/quickstart/101-nat-gateway-v2-create/outputs.tf new file mode 100644 index 000000000..b5811fa9e --- /dev/null +++ b/quickstart/101-nat-gateway-v2-create/outputs.tf @@ -0,0 +1,19 @@ +output "resource_group_name" { + description = "The name of the created resource group." + value = azurerm_resource_group.rg.name +} + +output "nat_gateway_name" { + description = "The name of the created NAT gateway." + value = azurerm_nat_gateway.nat_gw.name +} + +output "nat_gateway_id" { + description = "The resource ID of the created NAT gateway." + value = azurerm_nat_gateway.nat_gw.id +} + +output "location" { + description = "The Azure region of the deployment." + value = azurerm_resource_group.rg.location +} From 3de5e5562d69432433396ec4a902294c9364bc76 Mon Sep 17 00:00:00 2001 From: asudbring Date: Wed, 8 Apr 2026 22:33:57 -0500 Subject: [PATCH 6/9] docs: Add readme.md for NAT Gateway V2 quickstart template --- .../101-nat-gateway-v2-create/readme.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 quickstart/101-nat-gateway-v2-create/readme.md diff --git a/quickstart/101-nat-gateway-v2-create/readme.md b/quickstart/101-nat-gateway-v2-create/readme.md new file mode 100644 index 000000000..a4037c6cf --- /dev/null +++ b/quickstart/101-nat-gateway-v2-create/readme.md @@ -0,0 +1,30 @@ +# Azure NAT Gateway V2 with a Linux virtual machine + +This template deploys an Azure Standard V2 NAT Gateway, a virtual network, a subnet, a network security group, a network interface, a Linux virtual machine, and a Developer SKU Bastion host. + +## Terraform resource types + +- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) +- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) +- [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) +- [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) +- [azurerm_nat_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway) +- [azurerm_nat_gateway_public_ip_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway_public_ip_association) +- [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) +- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) +- [azurerm_subnet_nat_gateway_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) +- [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) +- [azurerm_network_interface_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association) +- [azurerm_linux_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) +- [azurerm_bastion_host](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/bastion_host) +- [tls_private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) + +## Variables + +| Name | Description | Default | +|-|-|-| +| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg | +| `resource_group_location` | Location of the resource group. | centralus | +| `username` | Username of the administrator account of the virtual machine. | azureuser | + +## Example From 71710656d2587e57600813516baa0333b6e51fc2 Mon Sep 17 00:00:00 2001 From: asudbring Date: Wed, 8 Apr 2026 22:34:05 -0500 Subject: [PATCH 7/9] docs: Add TestRecord.md for NAT Gateway V2 quickstart template --- quickstart/101-nat-gateway-v2-create/TestRecord.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 quickstart/101-nat-gateway-v2-create/TestRecord.md diff --git a/quickstart/101-nat-gateway-v2-create/TestRecord.md b/quickstart/101-nat-gateway-v2-create/TestRecord.md new file mode 100644 index 000000000..e69de29bb From 8203796e962637700691ba27a4b2df47f3b1e532 Mon Sep 17 00:00:00 2001 From: asudbring Date: Tue, 14 Apr 2026 12:19:34 -0500 Subject: [PATCH 8/9] docs: add Bastion Developer SKU note to readme Add note explaining Developer SKU is used for cost savings and doesn't require AzureBastionSubnet. Links to Bastion overview for upgrading to Basic/Standard. --- quickstart/101-nat-gateway-v2-create/readme.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quickstart/101-nat-gateway-v2-create/readme.md b/quickstart/101-nat-gateway-v2-create/readme.md index a4037c6cf..cf1660ebb 100644 --- a/quickstart/101-nat-gateway-v2-create/readme.md +++ b/quickstart/101-nat-gateway-v2-create/readme.md @@ -19,6 +19,9 @@ This template deploys an Azure Standard V2 NAT Gateway, a virtual network, a sub - [azurerm_bastion_host](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/bastion_host) - [tls_private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) +> [!NOTE] +> This template deploys Azure Bastion with the Developer SKU for cost savings, which doesn't require a dedicated `AzureBastionSubnet` subnet. For multiple connections and more features, change the SKU to Basic or Standard and add the `AzureBastionSubnet` to the configuration. For more information, see [What is Azure Bastion?](https://learn.microsoft.com/azure/bastion/bastion-overview). + ## Variables | Name | Description | Default | From 7d7d916771a628b8599eeb97ccdc0febf694c685 Mon Sep 17 00:00:00 2001 From: asudbring Date: Tue, 14 Apr 2026 12:21:41 -0500 Subject: [PATCH 9/9] docs: use relative link for Bastion overview --- quickstart/101-nat-gateway-v2-create/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quickstart/101-nat-gateway-v2-create/readme.md b/quickstart/101-nat-gateway-v2-create/readme.md index cf1660ebb..ebb238103 100644 --- a/quickstart/101-nat-gateway-v2-create/readme.md +++ b/quickstart/101-nat-gateway-v2-create/readme.md @@ -20,7 +20,7 @@ This template deploys an Azure Standard V2 NAT Gateway, a virtual network, a sub - [tls_private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) > [!NOTE] -> This template deploys Azure Bastion with the Developer SKU for cost savings, which doesn't require a dedicated `AzureBastionSubnet` subnet. For multiple connections and more features, change the SKU to Basic or Standard and add the `AzureBastionSubnet` to the configuration. For more information, see [What is Azure Bastion?](https://learn.microsoft.com/azure/bastion/bastion-overview). +> This template deploys Azure Bastion with the Developer SKU for cost savings, which doesn't require a dedicated `AzureBastionSubnet` subnet. For multiple connections and more features, change the SKU to Basic or Standard and add the `AzureBastionSubnet` to the configuration. For more information, see [What is Azure Bastion?](/azure/bastion/bastion-overview). ## Variables