Azurecloud~30 mins

NSG rules (inbound, outbound) in Azure - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Create Azure NSG Rules for Inbound and Outbound Traffic

📖 Scenario: You are setting up network security for a small Azure virtual network. You need to control which traffic can enter and leave your network using Network Security Group (NSG) rules.This is like setting up rules for who can enter your house and who can leave, to keep your home safe.

🎯 Goal: Build an Azure Network Security Group (NSG) with specific inbound and outbound rules to allow HTTP traffic in and block all other inbound traffic, and allow all outbound traffic.

📋 What You'll Learn

Create an NSG resource named myNSG

Add an inbound rule to allow TCP traffic on port 80 from any source

Add an inbound rule to deny all other inbound traffic

Add an outbound rule to allow all outbound traffic

💡 Why This Matters

🌍 Real World

Network Security Groups are used in Azure to control traffic flow to and from virtual machines and subnets, protecting resources from unwanted access.

💼 Career

Understanding NSG rules is essential for cloud engineers and network administrators to secure cloud infrastructure effectively.

Progress0 / 4 steps

Create the NSG resource

Create an Azure Network Security Group resource named myNSG with empty security rules.

Azure

resource "azurerm_network_security_group" "myNSG" {
  name                = "myNSG"
  location            = "eastus"
  resource_group_name = "myResourceGroup"

  # Your code here
}

Need a hint?

Start by defining the NSG resource with the exact name myNSG and an empty list for security_rule.

Add inbound rule to allow HTTP traffic

Add a security rule inside myNSG to allow inbound TCP traffic on port 80 from any source. Name the rule Allow-HTTP-Inbound with priority 100.

Azure

resource "azurerm_network_security_group" "myNSG" {
  name                = "myNSG"
  location            = "eastus"
  resource_group_name = "myResourceGroup"

  security_rule = [
    # Your code here
  ]
}

Need a hint?

Inside security_rule, add a rule dictionary with the exact properties and values to allow inbound TCP traffic on port 80.

Add inbound rule to deny all other inbound traffic

Add a second security rule inside myNSG to deny all other inbound traffic. Name it Deny-All-Inbound with priority 200.

Azure

resource "azurerm_network_security_group" "myNSG" {
  name                = "myNSG"
  location            = "eastus"
  resource_group_name = "myResourceGroup"

  security_rule = [
    {
      name                       = "Allow-HTTP-Inbound"
      priority                   = 100
      direction                  = "Inbound"
      access                     = "Allow"
      protocol                   = "Tcp"
      source_port_range          = "*"
      destination_port_range     = "80"
      source_address_prefix      = "*"
      destination_address_prefix = "*"
    },
    # Your code here
  ]
}

Need a hint?

Add a second rule dictionary to deny all inbound traffic except the allowed HTTP rule.

Add outbound rule to allow all outbound traffic

Add a third security rule inside myNSG to allow all outbound traffic. Name it Allow-All-Outbound with priority 300 and direction Outbound.

Azure

resource "azurerm_network_security_group" "myNSG" {
  name                = "myNSG"
  location            = "eastus"
  resource_group_name = "myResourceGroup"

  security_rule = [
    {
      name                       = "Allow-HTTP-Inbound"
      priority                   = 100
      direction                  = "Inbound"
      access                     = "Allow"
      protocol                   = "Tcp"
      source_port_range          = "*"
      destination_port_range     = "80"
      source_address_prefix      = "*"
      destination_address_prefix = "*"
    },
    {
      name                       = "Deny-All-Inbound"
      priority                   = 200
      direction                  = "Inbound"
      access                     = "Deny"
      protocol                   = "*"
      source_port_range          = "*"
      destination_port_range     = "*"
      source_address_prefix      = "*"
      destination_address_prefix = "*"
    },
    # Your code here
  ]
}

Need a hint?

Add a third rule dictionary to allow all outbound traffic with the exact properties.