Azure Standard Load Balancer (L4)

azure-load-balancer

Status: static-validated, live-test pending. Ships under live-test quarantine until promoted by the Azure live lane. Schema is validated against the azurerm v4 provider docs.

An Azure Standard L4 (Layer-4) Load Balancer with a self-created static public IP frontend, a backend address pool, health probe(s) and load-balancing rule(s). Consumes an existing resource group. Works with Terraform and OpenTofu (>= 1.6), azurerm provider >= 4.0, < 5.0.

What it provisions

• azurerm_public_ip — Standard SKU, static allocation, IPv4 (the LB frontend)
• azurerm_lb — Standard SKU, one public frontend IP configuration
• azurerm_lb_backend_address_pool — one pool; attach NICs/VMs/VMSS out of band
• azurerm_lb_probe — one per probes entry (default: a single TCP probe on 80)
• azurerm_lb_rule — one per rules entry (default: TCP 80 -> 80 via the probe)

Secure / modern defaults

• Standard SKU for both the LB and its public IP (they must match). Basic is retiring (30 Sep 2025) and lacks TCP reset and outbound rules. Standard is closed by default: traffic flows only on ports an explicit LB rule opens (the backend's own NSG still applies).
• Static public IP allocation (mandatory for the Standard SKU).
• TCP Reset enabled on rules by default for faster, cleaner failover.
• No outbound SNAT rules are created — this is an inbound load balancer; add an explicit outbound rule out of band if the backend needs LB-based egress.

Verification

Static-validated (tofu fmt, tofu validate, tflint, checkov). Live apply/verify/destroy testing pending an Azure sandbox subscription — see catalog status.

License

Commercial — LicenseRef-IaCBazaar-Commercial