Skip to content

Create a technical document giving detailed steps on how to configure Packer to use private Azure vNet with public IP #503

New issue
New issue
Open
Open
Create a technical document giving detailed steps on how to configure Packer to use private Azure vNet with public IP#503
Labels
enhancementgood first issue
@robsmi-msfte

Description

@robsmi-msfte
robsmi-msfte
opened on Jun 24, 2025

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Please search the existing issues for relevant feature requests, and use the
reaction feature
(https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/)
to add upvotes to pre-existing requests.

Description

Create a technical document giving detailed steps on how to configure Packer to use private Azure vNet with public IP. Such a guide would have saved me many hours trying to address this problem:
Without other changes, Packer in Azure creates a vNet, NSG, and public IP address resources. The NSG is to open access to WinRM, but is otherwise default out-of-box rules. The Packer NSG does not block SMB outbound ports 445 and 137-139, which my security organization has determined is a risk, even though the resources might be short lived. What if for example, the build fails and fails to clean up the resources? We have a running VM that has ports exposed to the Internet. We need to block those and such an article like this proposal would be a big help.

Use Case(s)

Where we can pre-create an Azure vNet, then create an associated Azure Network Security group (NSG). We can then edit that NSG and an an SMB outbound deny rule for ports 445, and 137-139. Now Packer can use that, it can create its public IP, and everyone is happy.

Code examples

Potential configuration

variable "virtual_network_name" {
  type    = string
  default = "Packer_TempBuild_vNet"
}

variable "virtual_network_subnet_name" {
  type    = string
  default = "default"
}

variable "virtual_network_resource_group_name" {
  type    = string
  default = "packer-temp-build"
}

  virtual_network_name               = var.virtual_network_name
  virtual_network_resource_group_name = var.virtual_network_resource_group_name
  virtual_network_subnet_name        = var.virtual_network_subnet_name
  private_virtual_network_with_public_ip = true

Potential References

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementgood first issue

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions