terraformでAzuefirewallを作る

data "azurerm_resource_group" "sample_rg01"{
    name = "Terraform_Test_RG"
}

# 既存のVNETを参照
data "azurerm_virtual_network" "sample_vnet"{
    name                = "test-container-apps-env-vnet"             # 既存の仮想ネットワーク名
    resource_group_name = data.azurerm_resource_group.sample_rg01.name  # 既存のリソースグループ名
}

#サブネットを作成
resource "azurerm_subnet" "appgw_subnet" {
    name = "AzureFirewallSubnet"
    resource_group_name = data.azurerm_virtual_network.sample_vnet.resource_group_name
    virtual_network_name = data.azurerm_virtual_network.sample_vnet.name
    address_prefixes =  ["10.0.3.0/26"]
}

#パブリックIPを作成
resource "azurerm_public_ip" "appgw_pip" {
    name                = "appgw-pip"
    resource_group_name = data.azurerm_resource_group.sample_rg01.name
    location            = data.azurerm_virtual_network.sample_vnet.location
    allocation_method   = "Static"
}

#Azure Firewall を作成
resource "azurerm_firewall" "test-firewall" {
    name                = "testfirewall"
    location            = data.azurerm_virtual_network.sample_vnet.location
    resource_group_name = data.azurerm_resource_group.sample_rg01.name
    sku_name            = "AZFW_VNet"//変更不可
    sku_tier            = "Standard"

    ip_configuration {
        name                 = "azfw-ipconfig"
        subnet_id            = azurerm_subnet.appgw_subnet.id    //サブネット
        public_ip_address_id = azurerm_public_ip.appgw_pip.id //パブリックIP
    }
    firewall_policy_id = azurerm_firewall_policy.azfw_policy.id //FWポリシー
}

resource "azurerm_firewall_policy" "azfw_policy" {
    name                     = "azfw-policy"
    resource_group_name      = data.azurerm_resource_group.sample_rg01.name
    location                 = data.azurerm_virtual_network.sample_vnet.location
    sku                      = "Standard"
    threat_intelligence_mode = "Alert"
}