updates1

LiSeda · LiSeda · commit 11fbfc6296b4 · 2025-03-21T14:15:17.000-07:00
diff --git a/articles/web-application-firewall/quickstart-web-application-firewall-terraform.md b/articles/web-application-firewall/quickstart-web-application-firewall-terraform.md
@@ -0,0 +1,159 @@
+---
+title: 'Quickstart: Use Terraform to configure Azure Web Application Firewall on Azure Application Gateway'
+description: In this quickstart, you use Terraform to create an Azure Application Gateway with an Azure Web Application Firewall (WAF) policy. A virtual network with a subnet, a static public IP address, an Azure Web Application Firewall policy with custom rules, and Azure Application Gateway with autoscaling work together to block specific IP addresses.
+ms.topic: quickstart
+ms.date: 03/20/2025
+ms.custom: devx-track-terraform
+ms.service: azure-application-gateway
+author: halkazwini
+ms.author: halkazwini
+#customer intent: As a Terraform user, I want to learn how to configure Azure Web Application Firewall on Azure Application Gateway.
+content_well_notification: 
+  - AI-contribution
+---
+
+# 'Quickstart: Use Terraform to configure Azure Web Application Firewall on Azure Application Gateway'
+
+In this quickstart, you use Terraform to create an Azure Application Gateway with an Azure Web Application Firewall (WAF) policy. A key component of creating scalable, reliable, and secure web front ends in Azure, Application Gateway is a web traffic load balancer that helps you to manage traffic to your web applications. Application Gateway bases how it routes traffic on factors that include round-robin, cookie-based sessions, and more. In addition to an Application Gateway, this code also creates a resource group, virtual network, subnet within the virtual network, public IP address, and a WAF policy with custom rules to block traffic from a specific IP address.
+
+[!INCLUDE [About Terraform](~/azure-dev-docs-pr/articles/terraform/includes/abstract.md)]
+
+> [!div class="checklist"]
+> * Define the IP address that the WAF custom rule should block.
+> * Create an Azure resource group with a unique name.
+> * Establish a virtual network with a specific name and address.
+> * Generate a random name for the subnet, and create a subnet in the virtual network.
+> * Generate a public IP address.
+> * Create a WAF policy.
+> * Configure settings and define managed rules for the WAF policy.
+> * Create a custom rule to block traffic from a specific IP address.
+> * Set up the Application Gateway.
+> * Configure the SKU and capacity of the Application Gateway.
+> * Enable autoscaling for the Application Gateway.
+> * Configure the gateway's IP settings.
+> * Set up the front-end IP configuration, and define the front-end port.
+> * Define the back-end address pool with IP addresses, and configure back-end HTTP settings.
+> * Define the HTTP listener.
+> * Define the request routing rule.
+> * Associate the WAF policy with the Application Gateway.
+> * Output the resource group name, public IP address, Application Gateway ID, WAF policy ID, and Application Gateway.
+
+## Prerequisites
+
+- Create an Azure account with an active subscription. You can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+
+- [Install and configure Terraform.](/azure/developer/terraform/quickstart-configure)
+
+## Implement the Terraform code
+
+> [!NOTE]
+> The sample code for this article is located in the [Azure Terraform GitHub repo](https://github.com/Azure/terraform/tree/master/quickstart/101-web-application-firewall). You can view the log file containing the [test results from current and previous versions of Terraform](https://github.com/Azure/terraform/tree/master/quickstart/101-web-application-firewall/TestRecord.md).
+> 
+> See more [articles and sample code showing how to use Terraform to manage Azure resources](/azure/terraform).
+
+1. Create a directory in which to test and run the sample Terraform code, and make it the current directory.
+
+1. Create a file named `main.tf`, and insert the following code:
+    :::code language="Terraform" source="~/terraform_samples/quickstart/101-web-application-firewall/main.tf":::
+
+1. Create a file named `outputs.tf`, and insert the following code:
+    :::code language="Terraform" source="~/terraform_samples/quickstart/101-web-application-firewall/outputs.tf":::
+
+1. Create a file named `providers.tf`, and insert the following code:
+    :::code language="Terraform" source="~/terraform_samples/quickstart/101-web-application-firewall/providers.tf":::
+
+1. Create a file named `variables.tf`, and insert the following code:
+    :::code language="Terraform" source="~/terraform_samples/quickstart/101-web-application-firewall/variables.tf":::
+
+## Initialize Terraform
+
+[!INCLUDE [terraform-init.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-init.md)]
+
+## Create a Terraform execution plan
+
+[!INCLUDE [terraform-plan.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-plan.md)]
+
+## Apply a Terraform execution plan
+
+[!INCLUDE [terraform-apply-plan.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-apply-plan.md)]
+
+## Verify the results
+
+### [Azure CLI](#tab/azure-cli)
+
+1. Get the Azure resource group name.
+
+    ```console
+    resource_group_name=$(terraform output -raw resource_group_name)
+    ```
+
+1. Get the public IP address.
+
+    ```console
+    public_ip_address=$(terraform output -raw public_ip_address)
+    ```
+
+1. Get the WAF policy ID.
+
+    ```console
+    web_application_firewall_policy_id=$(terraform output -raw web_application_firewall_policy_id)
+    ```
+
+1. Get the Application Gateway ID.
+
+    ```console
+    application_gateway_id=$(terraform output -raw application_gateway_id)
+    ```
+
+1. Run `az network application-gateway show` to view the Application Gateway.
+
+    ```azurecli
+    az appservice ase show --name $application_gateway_name --resource-group $resource_group_name  
+    ```
+
+### [Azure PowerShell](#tab/azure-powershell)
+
+1. Get the Azure resource group name.
+
+    ```console
+    $resource_group_name=$(terraform output -raw resource_group_name)
+    ```
+
+1. Get the public IP address.
+
+    ```console
+    $public_ip_address=$(terraform output -public_ip_address)
+    ```
+
+1. Get the WAF policy ID.
+
+    ```console
+    $web_application_firewall_policy_id=$(terraform output -web_application_firewall_policy_id)
+    ```
+
+1. Get the Application Gateway ID.
+
+    ```console
+    $application_gateway_id=$(terraform output -application_gateway_id)
+    ```
+
+1. Run `Get-AzAppServiceEnvironment` to view the Application Gateway.
+
+    ```azurepowershell
+    Get-AzApplicationGateway -Name $application_gateway_name -ResourceGroupName $resource_group_name 
+    ```
+
+---
+
+## Clean up resources
+
+[!INCLUDE [terraform-plan-destroy.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-plan-destroy.md)]
+
+## Troubleshoot Terraform on Azure
+
+[Troubleshoot common problems when using Terraform on Azure](/azure/developer/terraform/troubleshoot).
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [See more articles about Application Gateway.](/search/?terms=Azure%20application%20gateway%20and%20terraform)
