What I do

Help create and manage Azure Virtual Networks:

Configure VNets with address spaces
Create subnets with proper CIDR blocks
Set up Network Security Groups (NSGs)
Configure service endpoints and delegations

When to use me

Use this skill when:

Setting up network infrastructure for VMs
Creating isolated network environments
Implementing hub-spoke network topology
Configuring private endpoints

Resource Templates

# Virtual Network
resource "azurerm_virtual_network" "main" {
  name                = "${local.name_prefix}-vnet"
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name
  address_space       = ["10.0.0.0/16"]

  tags = local.common_tags
}

# Subnets
resource "azurerm_subnet" "web" {
  name                 = "web-subnet"
  resource_group_name  = azurerm_resource_group.main.name
  virtual_network_name = azurerm_virtual_network.main.name
  address_prefixes     = ["10.0.1.0/24"]
}

resource "azurerm_subnet" "app" {
  name                 = "app-subnet"
  resource_group_name  = azurerm_resource_group.main.name
  virtual_network_name = azurerm_virtual_network.main.name
  address_prefixes     = ["10.0.2.0/24"]
}

resource "azurerm_subnet" "db" {
  name                 = "db-subnet"
  resource_group_name  = azurerm_resource_group.main.name
  virtual_network_name = azurerm_virtual_network.main.name
  address_prefixes     = ["10.0.3.0/24"]

  service_endpoints = ["Microsoft.Sql", "Microsoft.Storage"]
}

# Network Security Group
resource "azurerm_network_security_group" "web" {
  name                = "${local.name_prefix}-web-nsg"
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name

  security_rule {
    name                       = "AllowHTTPS"
    priority                   = 100
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "443"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }

  security_rule {
    name                       = "AllowHTTP"
    priority                   = 110
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "80"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }

  tags = local.common_tags
}

# Associate NSG with Subnet
resource "azurerm_subnet_network_security_group_association" "web" {
  subnet_id                 = azurerm_subnet.web.id
  network_security_group_id = azurerm_network_security_group.web.id
}

Resource Templates

# Virtual Network resource "azurerm_virtual_network" "main" { name = "${local.name_prefix}-vnet" location = azurerm_resource_group.main.location resource_group_name = azurerm_resource_group.main.name address_space = ["10.0.0.0/16"] tags = local.common_tags } # Subnets resource "azurerm_subnet" "web" { name = "web-subnet" resource_group_name = azurerm_resource_group.main.name virtual_network_name = azurerm_virtual_network.main.name address_prefixes = ["10.0.1.0/24"] } resource "azurerm_subnet" "app" { name = "app-subnet" resource_group_name = azurerm_resource_group.main.name virtual_network_name = azurerm_virtual_network.main.name address_prefixes = ["10.0.2.0/24"] } resource "azurerm_subnet" "db" { name = "db-subnet" resource_group_name = azurerm_resource_group.main.name virtual_network_name = azurerm_virtual_network.main.name address_prefixes = ["10.0.3.0/24"] service_endpoints = ["Microsoft.Sql", "Microsoft.Storage"] } # Network Security Group resource "azurerm_network_security_group" "web" { name = "${local.name_prefix}-web-nsg" location = azurerm_resource_group.main.location resource_group_name = azurerm_resource_group.main.name security_rule { name = "AllowHTTPS" priority = 100 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" destination_address_prefix = "*" } security_rule { name = "AllowHTTP" priority = 110 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" destination_address_prefix = "*" } tags = local.common_tags } # Associate NSG with Subnet resource "azurerm_subnet_network_security_group_association" "web" { subnet_id = azurerm_subnet.web.id network_security_group_id = azurerm_network_security_group.web.id }

CIDR	Hosts	Use Case
/24	251	Standard subnet
/25	123	Medium workloads
/26	59	Small workloads
/27	27	Minimal workloads
/28	11	Gateway subnet

Az Virtual Network

What I do

When to use me

Resource Templates

Az Virtual Network

What I do

When to use me

Resource Templates

Variables

Outputs

Common Subnet Sizes

Best Practices

Feishu Drive

Nanoclaw Repl

Crosspost

Cloudflare

Mcp Integration

Setup Deploy