Add Terraform quickstart template for Azure NAT Gateway Standard V2

quickstart/101-nat-gateway-v2-create/main.tf

@@ -0,0 +1,124 @@
+# Resource Group
+resource "azurerm_resource_group" "rg" {
+  location = var.resource_group_location
+  name     = "${random_pet.prefix.id}-rg"
+}
+
+# Network Security Group
+resource "azurerm_network_security_group" "nsg" {
+  name                = "nsg-1"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+# Public IP address for NAT Gateway (StandardV2)
+resource "azurerm_public_ip" "nat_pip" {
+  name                    = "public-ip-nat"
+  location                = azurerm_resource_group.rg.location
+  resource_group_name     = azurerm_resource_group.rg.name
+  allocation_method       = "Static"
+  sku                     = "StandardV2"
+  ip_version              = "IPv4"
+  idle_timeout_in_minutes = 4
+}
+
+# NAT Gateway (StandardV2)
+resource "azurerm_nat_gateway" "nat_gw" {
+  name                    = "nat-gateway"
+  location                = azurerm_resource_group.rg.location
+  resource_group_name     = azurerm_resource_group.rg.name
+  sku_name                = "StandardV2"
+  idle_timeout_in_minutes = 4
+}
+
+# Associate NAT Gateway with Public IP
+resource "azurerm_nat_gateway_public_ip_association" "nat_pip_assoc" {
+  nat_gateway_id       = azurerm_nat_gateway.nat_gw.id
+  public_ip_address_id = azurerm_public_ip.nat_pip.id
+}
+
+# Virtual Network
+resource "azurerm_virtual_network" "vnet" {
+  name                = "vnet-1"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+# Subnet
+resource "azurerm_subnet" "subnet" {
+  name                 = "subnet-1"
+  resource_group_name  = azurerm_resource_group.rg.name
+  virtual_network_name = azurerm_virtual_network.vnet.name
+  address_prefixes     = ["10.0.0.0/24"]
+}
+
+# Associate NAT Gateway with Subnet
+resource "azurerm_subnet_nat_gateway_association" "subnet_nat_assoc" {
+  subnet_id      = azurerm_subnet.subnet.id
+  nat_gateway_id = azurerm_nat_gateway.nat_gw.id
+}
+
+# Network Interface
+resource "azurerm_network_interface" "nic" {
+  name                = "nic-1"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+
+  ip_configuration {
+    name                          = "ipconfig-1"
+    subnet_id                     = azurerm_subnet.subnet.id
+    private_ip_address_allocation = "Dynamic"
+  }
+}
+
+# Connect NSG to NIC
+resource "azurerm_network_interface_security_group_association" "nic_nsg_assoc" {
+  network_interface_id      = azurerm_network_interface.nic.id
+  network_security_group_id = azurerm_network_security_group.nsg.id
+}
+
+# Linux Virtual Machine
+resource "azurerm_linux_virtual_machine" "vm" {
+  name                  = "vm-1"
+  location              = azurerm_resource_group.rg.location
+  resource_group_name   = azurerm_resource_group.rg.name
+  network_interface_ids = [azurerm_network_interface.nic.id]
+  size                  = "Standard_D2s_v3"
+
+  os_disk {
+    name                 = "vm-1_disk1"
+    caching              = "ReadWrite"
+    storage_account_type = "Premium_LRS"
+    disk_size_gb         = 30
+  }
+
+  source_image_reference {
+    publisher = "Canonical"
+    offer     = "0001-com-ubuntu-server-jammy"
+    sku       = "22_04-lts-gen2"
+    version   = "latest"
+  }
+
+  computer_name  = "vm-1"
+  admin_username = var.username
+
+  admin_ssh_key {
+    username   = var.username
+    public_key = tls_private_key.ssh.public_key_openssh
+  }
+}
+
+# Bastion Host (Developer SKU)
+resource "azurerm_bastion_host" "bastion" {
+  name                = "bastion-host"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  sku                 = "Developer"
+  virtual_network_id  = azurerm_virtual_network.vnet.id
+}
+
+resource "random_pet" "prefix" {
+  prefix = var.resource_group_name_prefix
+  length = 1
+}

quickstart/101-nat-gateway-v2-create/outputs.tf

@@ -0,0 +1,19 @@
+output "resource_group_name" {
+  description = "The name of the created resource group."
+  value       = azurerm_resource_group.rg.name
+}
+
+output "nat_gateway_name" {
+  description = "The name of the created NAT gateway."
+  value       = azurerm_nat_gateway.nat_gw.name
+}
+
+output "nat_gateway_id" {
+  description = "The resource ID of the created NAT gateway."
+  value       = azurerm_nat_gateway.nat_gw.id
+}
+
+output "location" {
+  description = "The Azure region of the deployment."
+  value       = azurerm_resource_group.rg.location
+}

quickstart/101-nat-gateway-v2-create/providers.tf

@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>4.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~>4.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}

quickstart/101-nat-gateway-v2-create/readme.md

@@ -0,0 +1,30 @@
+# Azure NAT Gateway V2 with a Linux virtual machine
+
+This template deploys an Azure Standard V2 NAT Gateway, a virtual network, a subnet, a network security group, a network interface, a Linux virtual machine, and a Developer SKU Bastion host.
+
+## Terraform resource types
+
+- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
+- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
+- [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group)
+- [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip)
+- [azurerm_nat_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway)
+- [azurerm_nat_gateway_public_ip_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway_public_ip_association)
+- [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network)
+- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet)
+- [azurerm_subnet_nat_gateway_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association)
+- [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface)
+- [azurerm_network_interface_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association)
+- [azurerm_linux_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine)
+- [azurerm_bastion_host](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/bastion_host)
+- [tls_private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key)
+
+## Variables
+
+| Name | Description | Default |
+|-|-|-|
+| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
+| `resource_group_location` | Location of the resource group. | centralus |
+| `username` | Username of the administrator account of the virtual machine. | azureuser |
+
+## Example

quickstart/101-nat-gateway-v2-create/ssh.tf

@@ -0,0 +1,9 @@
+resource "tls_private_key" "ssh" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+output "key_data" {
+  value     = tls_private_key.ssh.public_key_openssh
+  sensitive = true
+}

quickstart/101-nat-gateway-v2-create/variables.tf

@@ -0,0 +1,17 @@
+variable "resource_group_location" {
+  type        = string
+  default     = "centralus"
+  description = "Location of the resource group."
+}
+
+variable "resource_group_name_prefix" {
+  type        = string
+  default     = "rg"
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+}
+
+variable "username" {
+  type        = string
+  description = "The username for the local account that will be created on the new VM."
+  default     = "azureuser"
+}