Azure DDoS Protection Plan

    # Azure DDoS Protection ## Description 📝 Distributed denial of service (`DDoS`) attacks are some of the largest availability and security concerns facing customers that are moving their applications to the cloud. A DDoS attack attempts to exhaust an application's resources, making the application unavailable to legitimate users. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet. Azure DDoS Protection, combined with application design best practices, provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes. ## Architecture 🏛️ This architecture consists of two resource groups and one virtual network. The protection with the DDoS protection plan is added in the Vnet component but based on the needs , can be added also in the public ip directly. The first resource group, that is connected to the public ip, contains also a Web Application Firewall to filter the traffic that is coming through the internet to the resource group that contains the app service. The app service in this architecture is represented from a Linux Web App and a service plan. The connections will come from the internet, get filtered from the DDoS protection plan to check if they contain some pattern recognised as a DDoS attact and then they go through the application gateway that in our case, also includes the WAF. # Requirements | Name | Configuration | | --- | --- | | Terraform | all versions | | Provider | Azure | | Provider version | 3.20 | ## How to use the architecture To use this architecture , clone it within your project and change the following variables: | Variable | Description | | --- | --- | | snet_gateway_prefix | Gateway Subnet Prefix | | vnet_main_addrspace | Virtual Network Address Space |