Part 9: Terraform with Azure – Deploy a VNET and Subnet

Reading Time: 5 minutes

My journey learning Terraform to deploy workloads in Microsoft Azure continues. If you missed the previous posts, please visit the links below.

Part 1: Terraform with Azure – How to install Terraform
Part 2: Terraform with Azure – How to install Azure cli
Part 3: Terraform with Azure – How to Install Visual Studio Code
Part 4: Terraform with Azure – How to install Azure Terraform Plugin in Visual Studio Code
Part 5: Terraform with Azure – Install Git and initialise repository
Part 6: Terraform with Azure – Deploy resources in Azure
Part 7: Terraform with Azure – Deploy a variables file in Terraform
Part 8: Terraform with Azure – Deploy terraform.tfvars file

In this blog post I will go through the process of deploying a VNET, Subnet and a NSG in Azure.

Terraform documentation is great to get started with deploying resources in Microsoft Azure. Check out the following Terraform link for sample code – Docs overview | Terraform Registry

Let’s get started,

  1. Access the Terraform Registry website and locate virtual network – Terraform Virtual Network
  2. Below is the sample code provided by Terraform (link provided in step 1 above). I don’t require the resource group block as I have created one as part of my previous blog post, therefore, it has been removed from the code below.
resource "azurerm_network_security_group" "example" {
  name                = "example-security-group"
  location            = azurerm_resource_group.example.location
  resource_group_name =

resource "azurerm_virtual_network" "example" {
  name                = "example-network"
  location            = azurerm_resource_group.example.location
  resource_group_name =
  address_space       = [""]
  dns_servers         = ["", ""]

  subnet {
    name           = "subnet1"
    address_prefix = ""

  subnet {
    name           = "subnet2"
    address_prefix = ""
    security_group =

  tags = {
    environment = "Production"

3. I will replace some of the code so it fits with what what I am doing, such as to include my existing resource group, location (UK South) and to make use of additional variables.

I’ll work through each block of code starting with the Network Security Group (NSG)

  • Line 2: I replace “example”, with “demo”
  • Line 3: I create a variable in my file and include the value in my terraform.tfvars file. I then replace “example-security-group” with my newly created variable.
  • Line 4: I use an existing variable I created in a previous blog post
  • Line 5: I use an existing variable I created in a previous blog post
1. #Create Network Security Group (NSG)
2. resource "azurerm_network_security_group" "demo" {
3. name                = var.nsg_name
4.  location            = resource_group_location
5.  resource_group_name = resource_group_name

Below are screenshots of my and terraform.tfvars file

4. Save changes. I move onto the next block of code I copied from the Terraform website. The virtual network (VNET),

  • Line 2: Replace “example” with “demo”
  • Line 3: Create a variable for network name, I replace “example network” with var.network_name
  • Line 4: I use my existing resource group location variable
  • Line 5: I use my existing resource group name variable
  • Line 7: I remove dns_server as I won’t need these for now
  • Line 10: I replace the name “subnet1” with a newly created variable var.subnet_name
  • Line 12: I replace “” replacing with
1.# Create virtual network and address space IP address
2: resource "azurerm_virtual_network" "demo" {
3: name                = var.network_name
4: location            = var.resource_group_location
5: resource_group_name = var.resource_group_name
6: address_space       = [""]
7: dns_servers         = ["", ""]
9:  subnet {
10:  name           = var.subnet_name
11: address_prefix = ""
12. security_group =

5. I’ll make use of tags, so add a tag named demo

tags = {
    environment = "demo"

My and terraform.tfvars file below,

6. Before continuing I’ll commit the changes to Git. Note that Git is not a requirement to deploy resources in Azure, but a great versioning tool that is popular. I covered Git in previous blog posts. Continue to step 7 if you do not wish to commit changes to the local Git repository.

  • Execute the command below
git stage .
  • To confirm the files have been staged, type the command below and press enter,
git status
  • Type a short but meaningful description of your choice
git commit -m "Added VNET Subnet and NSG"
  • Finally, the below command to list your commits
git log --oneline

7. Save. Next i run terraform validate to check for errors

Looks good

8. Next, I run terraform plan and the output is shown below,

9. Click save. Next, I run terraform apply, review and then type ‘yes’ to allow Terraform to continue.

10. I log into the Azure Portal and access my resource group, I have a new Virtual Network and Network Security Group located in region UK South.

I click on the new virtual network demo-vnet1, click subnets, and I see my subnet.

I click on demo_subnetA and can see my NSG (ng1demo) attached to demo_subnetA

Finally, here is my tag. I used the name demo

That’s it for now

I hope the journey has been useful to allow you to get started with Terraform.

Thanks for following