Skip to content

azurermVirtualNetworkGatewayNatRule

Manages a Virtual Network Gateway Nat Rule.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example_1",
  {
    address_space: ["10.0.0.0/16"],
    location: azurermResourceGroupExample.location,
    name: "example-vnet",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const azurermPublicIpExample = new azurerm.publicIp.PublicIp(
  this,
  "example_2",
  {
    allocation_method: "Dynamic",
    location: azurermResourceGroupExample.location,
    name: "example-pip",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPublicIpExample.overrideLogicalId("example");
const azurermSubnetExample = new azurerm.subnet.Subnet(this, "example_3", {
  address_prefixes: ["10.0.1.0/24"],
  name: "GatewaySubnet",
  resource_group_name: azurermResourceGroupExample.name,
  virtual_network_name: azurermVirtualNetworkExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetExample.overrideLogicalId("example");
const azurermVirtualNetworkGatewayExample =
  new azurerm.virtualNetworkGateway.VirtualNetworkGateway(this, "example_4", {
    ip_configuration: [
      {
        private_ip_address_allocation: "Dynamic",
        public_ip_address_id: azurermPublicIpExample.id,
        subnet_id: azurermSubnetExample.id,
      },
    ],
    location: azurermResourceGroupExample.location,
    name: "example-vnetgw",
    resource_group_name: azurermResourceGroupExample.name,
    sku: "Basic",
    type: "Vpn",
    vpn_type: "RouteBased",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkGatewayExample.overrideLogicalId("example");
const dataAzurermVirtualNetworkGatewayExample =
  new azurerm.dataAzurermVirtualNetworkGateway.DataAzurermVirtualNetworkGateway(
    this,
    "example_5",
    {
      name: azurermVirtualNetworkGatewayExample.name,
      resource_group_name:
        azurermVirtualNetworkGatewayExample.resourceGroupName,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzurermVirtualNetworkGatewayExample.overrideLogicalId("example");
const azurermVirtualNetworkGatewayNatRuleExample =
  new azurerm.virtualNetworkGatewayNatRule.VirtualNetworkGatewayNatRule(
    this,
    "example_6",
    {
      external_mapping: [
        {
          address_space: "10.2.0.0/26",
          port_range: "200",
        },
      ],
      internal_mapping: [
        {
          address_space: "10.4.0.0/26",
          port_range: "400",
        },
      ],
      ip_configuration_id: `\${${dataAzurermVirtualNetworkGatewayExample.ipConfiguration}.0.id}`,
      mode: "EgressSnat",
      name: "example-vnetgwnatrule",
      resource_group_name: azurermResourceGroupExample.name,
      type: "Dynamic",
      virtual_network_gateway_id: dataAzurermVirtualNetworkGatewayExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkGatewayNatRuleExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • name - (Required) The name which should be used for this Virtual Network Gateway Nat Rule. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The Name of the Resource Group in which this Virtual Network Gateway Nat Rule should be created. Changing this forces a new resource to be created.

  • virtualNetworkGatewayId - (Required) The ID of the Virtual Network Gateway that this Virtual Network Gateway Nat Rule belongs to. Changing this forces a new resource to be created.

  • externalMapping - (Required) One or more externalMapping blocks as documented below.

  • internalMapping - (Required) One or more internalMapping blocks as documented below.

  • ipConfigurationId - (Optional) The ID of the IP Configuration this Virtual Network Gateway Nat Rule applies to.

  • mode - (Optional) The source Nat direction of the Virtual Network Gateway Nat. Possible values are egressSnat and ingressSnat. Defaults to egressSnat. Changing this forces a new resource to be created.

  • type - (Optional) The type of the Virtual Network Gateway Nat Rule. Possible values are dynamic and static. Defaults to static. Changing this forces a new resource to be created.

A externalMapping block exports the following:

  • addressSpace - (Required) The string CIDR representing the address space for the Virtual Network Gateway Nat Rule external mapping.

  • portRange - (Optional) The single port range for the Virtual Network Gateway Nat Rule external mapping.

A internalMapping block exports the following:

  • addressSpace - (Required) The string CIDR representing the address space for the Virtual Network Gateway Nat Rule internal mapping.

  • portRange - (Optional) The single port range for the Virtual Network Gateway Nat Rule internal mapping.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Virtual Network Gateway Nat Rule.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Virtual Network Gateway Nat Rule.
  • read - (Defaults to 5 minutes) Used when retrieving the Virtual Network Gateway Nat Rule.
  • update - (Defaults to 30 minutes) Used when updating the Virtual Network Gateway Nat Rule.
  • delete - (Defaults to 30 minutes) Used when deleting the Virtual Network Gateway Nat Rule.

Import

Virtual Network Gateway Nat Rules can be imported using the resourceId, e.g.

terraform import azurerm_virtual_network_gateway_nat_rule.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.Network/virtualNetworkGateways/gw1/natRules/rule1