IaC Bazaar
AzureLive-tested

Azure Standard Load Balancer (L4)

An Azure Standard L4 load balancer with a self-created static public IP frontend, a backend address pool, health probes and load-balancing rules — Standard SKU throughout.

terraformAzure#azure

Compare Load Balancer across clouds →

azure-load-balancerterraform v1.7

Verification

Live-tested

Really deployed, verified, idempotent and destroyed in a cloud sandbox.

Conformance

  • Static validation (fmt · validate · tflint)
  • Security scan (Checkov)
  • Plan tests (mocked: validation rules · outputs)

Provenance

  • SHA-256 checksum
  • Signature (pending)

Functional

  • Live-tested — applied, verified, destroyed

Last verified 2026-06-30 · how we verify

Documentation

azure-load-balancer

Status: static-validated, live-test pending. Ships under live-test quarantine until promoted by the Azure live lane. Schema is validated against the azurerm v4 provider docs.

An Azure Standard L4 (Layer-4) Load Balancer with a self-created static public IP frontend, a backend address pool, health probe(s) and load-balancing rule(s). Consumes an existing resource group. Works with Terraform and OpenTofu (>= 1.6), azurerm provider >= 4.0, < 5.0.

What it provisions

  • azurerm_public_ip — Standard SKU, static allocation, IPv4 (the LB frontend)
  • azurerm_lb — Standard SKU, one public frontend IP configuration
  • azurerm_lb_backend_address_pool — one pool; attach NICs/VMs/VMSS out of band
  • azurerm_lb_probe — one per probes entry (default: a single TCP probe on 80)
  • azurerm_lb_rule — one per rules entry (default: TCP 80 -> 80 via the probe)

Secure / modern defaults

  • Standard SKU for both the LB and its public IP (they must match). Basic is retiring (30 Sep 2025) and lacks TCP reset and outbound rules. Standard is closed by default: traffic flows only on ports an explicit LB rule opens (the backend's own NSG still applies).
  • Static public IP allocation (mandatory for the Standard SKU).
  • TCP Reset enabled on rules by default for faster, cleaner failover.
  • No outbound SNAT rules are created — this is an inbound load balancer; add an explicit outbound rule out of band if the backend needs LB-based egress.

Verification

Static-validated (tofu fmt, tofu validate, tflint, checkov). Live apply/verify/destroy testing pending an Azure sandbox subscription — see catalog status.

License

Commercial — LicenseRef-IaCBazaar-Commercial

Usage code & full reference unlock after purchase

The complete copy-paste usage, the full input/output reference, and operational notes ship with your licence — shown here and bundled in the download.

  • Usage
  • Inputs
  • Outputs
  • Requirements & notes