diff --git a/templates/complete_multi_region/examples/config-virtual-wan-multi-region.tfvars b/templates/complete_multi_region/examples/config-virtual-wan-multi-region.tfvars index 32bfbcc..7709766 100644 --- a/templates/complete_multi_region/examples/config-virtual-wan-multi-region.tfvars +++ b/templates/complete_multi_region/examples/config-virtual-wan-multi-region.tfvars @@ -10,7 +10,6 @@ # `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`. # `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`. -management_use_avm = false management_settings_es = { default_location = "$${starter_location_01}" root_parent_id = "$${root_parent_management_group_id}" diff --git a/templates/complete_multi_region/examples/config-virtual-wan-multi-region.yaml b/templates/complete_multi_region/examples/config-virtual-wan-multi-region.yaml new file mode 100644 index 0000000..b3249da --- /dev/null +++ b/templates/complete_multi_region/examples/config-virtual-wan-multi-region.yaml @@ -0,0 +1,138 @@ +# This file contains templated variables to avoid repeating the same hard-coded values. +# Templated variables are denoted by the dollar curly braces token (e.g. ${starter_location_01}). The following details each templated variable that you can use: +# `starter_location_01`: This the primary an Azure location sourced from the `starter_locations` variable. This can be used to set the location of resources. +# `starter_location_02` to `starter_location_10`: These are the secondary Azure locations sourced from the `starter_locations` variable. This can be used to set the location of resources. +# `starter_location_01_availability_zones` to `starter_location_10_availability_zones`: These are the availability zones for the Azure locations sourced from the `starter_locations` variable. This can be used to set the availability zones of resources. +# `starter_location_01_virtual_network_gateway_sku_express_route` to `starter_location_10_virtual_network_gateway_sku_express_route`: These are the default SKUs for the Express Route virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. +# `starter_location_01_virtual_network_gateway_sku_vpn` to `starter_location_10_virtual_network_gateway_sku_vpn`: These are the default SKUs for the VPN virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. +# `root_parent_management_group_id`: This is the id of the management group that the ALZ hierarchy will be nested under. +# `subscription_id_identity`: The subscription ID of the subscription to deploy the identity resources to, sourced from the variable `subscription_id_identity`. +# `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`. +# `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`. + +--- +connectivity_resource_groups: + ddos: + location: ${starter_location_01} + name: rg-hub-ddos-${starter_location_01} + dns: + location: ${starter_location_01} + name: rg-hub-dns-${starter_location_01} + vnet_primary: + location: ${starter_location_01} + name: rg-vwan-hub-${starter_location_01} + vnet_secondary: + location: ${starter_location_02} + name: rg-vwan-hub-${starter_location_02} + vwan: + location: ${starter_location_01} + name: rg-vwan-${starter_location_01} +connectivity_type: virtual_wan +management_settings_es: + configure_connectivity_resources: + advanced: + custom_settings_by_resource_type: + azurerm_network_ddos_protection_plan: + ddos: + ${starter_location_01}: + name: ddos-hub-${starter_location_01} + azurerm_resource_group: + ddos: + ${starter_location_01}: + name: ${connectivity_resource_group_ddos} + dns: + ${starter_location_01}: + name: ${connectivity_resource_group_dns} + settings: + ddos_protection_plan: + config: + location: ${starter_location_01} + dns: + config: + location: ${starter_location_01} + configure_management_resources: + advanced: + asc_export_resource_group_name: rg-management-asc-export-${starter_location_01} + azurerm_automation_account: + management: + name: aa-management-${starter_location_01} + azurerm_log_analytics_workspace: + management: + name: law-management-${starter_location_01} + custom_settings_by_resource_type: + azurerm_resource_group: + management: + name: rg-management-${starter_location_01} + location: ${starter_location_01} + default_location: ${starter_location_01} + deploy_connectivity_resources: false + deploy_management_resources: true + root_id: alz + root_name: Azure-Landing-Zones + root_parent_id: ${root_parent_management_group_id} + subscription_id_connectivity: ${subscription_id_connectivity} + subscription_id_identity: ${subscription_id_identity} + subscription_id_management: ${subscription_id_management} +virtual_wan_settings: + ddos_protection_plan: + location: ${starter_location_01} + name: ddos-hub-${starter_location_01} + resource_group_name: ${connectivity_resource_group_ddos} + location: ${starter_location_01} + name: vwan-hub-${starter_location_01} + resource_group_name: ${connectivity_resource_group_vwan} +virtual_wan_virtual_hubs: + primary: + firewall: + firewall_policy: + name: fwp-hub-${starter_location_01} + name: fw-hub-${starter_location_01} + sku_name: AZFW_Hub + sku_tier: Standard + zones: ${starter_location_01_availability_zones} + hub: + address_prefix: 10.0.0.0/16 + location: ${starter_location_01} + name: vwan-hub-${starter_location_01} + resource_group_name: ${connectivity_resource_group_vnet_primary} + private_dns_zones: + is_primary: true + networking: + private_dns_resolver: + name: pdr-hub-dns-${starter_location_01} + resource_group_name: ${connectivity_resource_group_vnet_primary} + virtual_network: + address_space: 10.10.0.0/24 + name: vnet-hub-dns-${starter_location_01} + private_dns_resolver_subnet: + address_prefix: 10.10.0.0/28 + name: subnet-hub-dns-${starter_location_01} + resource_group_name: ${connectivity_resource_group_vnet_primary} + resource_group_name: ${connectivity_resource_group_dns} + secondary: + firewall: + firewall_policy: + name: fwp-hub-${starter_location_02} + name: fw-hub-${starter_location_02} + sku_name: AZFW_Hub + sku_tier: Standard + zones: ${starter_location_02_availability_zones} + hub: + address_prefix: 10.1.0.0/16 + location: ${starter_location_02} + name: vwan-hub-${starter_location_02} + resource_group_name: ${connectivity_resource_group_vnet_secondary} + private_dns_zones: + is_primary: false + networking: + private_dns_resolver: + name: pdr-hub-dns-${starter_location_02} + resource_group_name: ${connectivity_resource_group_vnet_secondary} + virtual_network: + address_space: 10.11.0.0/24 + name: vnet-hub-dns-${starter_location_02} + private_dns_resolver_subnet: + address_prefix: 10.11.0.0/28 + name: subnet-hub-dns-${starter_location_02} + resource_group_name: ${connectivity_resource_group_vnet_secondary} + resource_group_name: ${connectivity_resource_group_dns} diff --git a/templates/complete_multi_region/locals-hub-and-spoke-vnet.tf b/templates/complete_multi_region/locals-hub-and-spoke-vnet.tf index e3601c1..8e95f22 100644 --- a/templates/complete_multi_region/locals-hub-and-spoke-vnet.tf +++ b/templates/complete_multi_region/locals-hub-and-spoke-vnet.tf @@ -10,12 +10,12 @@ locals { } locals { - hub_and_spoke_vnet_settings_json = tostring(jsonencode(var.hub_and_spoke_vnet_settings)) + hub_and_spoke_vnet_settings_json = tostring(var.skip_deploy ? jsonencode({}) : jsonencode(var.hub_and_spoke_vnet_settings)) hub_and_spoke_vnet_settings_json_templated = templatestring(local.hub_and_spoke_vnet_settings_json, local.final_replacements) hub_and_spoke_vnet_settings_json_final = replace(replace(local.hub_and_spoke_vnet_settings_json_templated, "\"[", "["), "]\"", "]") hub_and_spoke_vnet_settings = jsondecode(local.hub_and_spoke_vnet_settings_json_final) - hub_and_spoke_vnet_virtual_networks_json = tostring(jsonencode(var.hub_and_spoke_vnet_virtual_networks)) + hub_and_spoke_vnet_virtual_networks_json = tostring(var.skip_deploy ? jsonencode({}) : jsonencode(var.hub_and_spoke_vnet_virtual_networks)) hub_and_spoke_vnet_virtual_networks_json_templated = templatestring(local.hub_and_spoke_vnet_virtual_networks_json, local.final_replacements) hub_and_spoke_vnet_virtual_networks_json_final = replace(replace(local.hub_and_spoke_vnet_virtual_networks_json_templated, "\"[", "["), "]\"", "]") hub_and_spoke_vnet_virtual_networks = local.connectivity_hub_and_spoke_vnet_enabled ? jsondecode(local.hub_and_spoke_vnet_virtual_networks_json_final) : {} diff --git a/templates/complete_multi_region/locals-management.tf b/templates/complete_multi_region/locals-management.tf index a63e632..fce6640 100644 --- a/templates/complete_multi_region/locals-management.tf +++ b/templates/complete_multi_region/locals-management.tf @@ -1,13 +1,6 @@ locals { - management_settings_es_json = tostring(jsonencode(var.management_settings_es)) + management_settings_es_json = var.skip_deploy ? jsonencode({}) : jsonencode(var.management_settings_es) management_settings_es_json_templated = templatestring(local.management_settings_es_json, local.final_replacements) management_settings_es_json_final = replace(replace(local.management_settings_es_json_templated, "\"[", "["), "]\"", "]") management_settings_es = jsondecode(local.management_settings_es_json_final) } - -locals { - management_settings_avm_json = tostring(jsonencode(var.management_settings_avm)) - management_settings_avm_json_templated = templatestring(local.management_settings_avm_json, local.final_replacements) - management_settings_avm_json_final = replace(replace(local.management_settings_avm_json_templated, "\"[", "["), "]\"", "]") - management_settings_avm = jsondecode(local.management_settings_avm_json_final) -} diff --git a/templates/complete_multi_region/locals-resource-groups.tf b/templates/complete_multi_region/locals-resource-groups.tf index 7c20cec..de86c44 100644 --- a/templates/complete_multi_region/locals-resource-groups.tf +++ b/templates/complete_multi_region/locals-resource-groups.tf @@ -1,5 +1,5 @@ locals { - connectivity_resource_groups_json = tostring(jsonencode(var.connectivity_resource_groups)) + connectivity_resource_groups_json = tostring(var.skip_deploy ? jsonencode({}) : jsonencode(var.connectivity_resource_groups)) connectivity_resource_groups_json_templated = templatestring(local.connectivity_resource_groups_json, local.config_template_file_variables) connectivity_resource_groups_json_final = replace(replace(local.connectivity_resource_groups_json_templated, "\"[", "["), "]\"", "]") connectivity_resource_groups = jsondecode(local.connectivity_resource_groups_json_final) diff --git a/templates/complete_multi_region/locals-virtual-wan.tf b/templates/complete_multi_region/locals-virtual-wan.tf index c1ecb36..f4b2963 100644 --- a/templates/complete_multi_region/locals-virtual-wan.tf +++ b/templates/complete_multi_region/locals-virtual-wan.tf @@ -1,10 +1,10 @@ locals { - virtual_wan_settings_json = tostring(jsonencode(var.virtual_wan_settings)) + virtual_wan_settings_json = tostring(var.skip_deploy ? jsonencode({}) : jsonencode(var.virtual_wan_settings)) virtual_wan_settings_json_templated = templatestring(local.virtual_wan_settings_json, local.final_replacements) virtual_wan_settings_json_final = replace(replace(local.virtual_wan_settings_json_templated, "\"[", "["), "]\"", "]") virtual_wan_settings = local.connectivity_virtual_wan_enabled ? jsondecode(local.virtual_wan_settings_json_final) : null - virtual_wan_virtual_hubs_json = tostring(jsonencode(var.virtual_wan_virtual_hubs)) + virtual_wan_virtual_hubs_json = tostring(var.skip_deploy ? jsonencode({}) : jsonencode(var.virtual_wan_virtual_hubs)) virtual_wan_virtual_hubs_json_templated = templatestring(local.virtual_wan_virtual_hubs_json, local.final_replacements) virtual_wan_virtual_hubs_json_final = replace(replace(local.virtual_wan_virtual_hubs_json_templated, "\"[", "["), "]\"", "]") virtual_wan_virtual_hubs = local.connectivity_virtual_wan_enabled ? jsondecode(local.virtual_wan_virtual_hubs_json_final) : {} diff --git a/templates/complete_multi_region/management.tf b/templates/complete_multi_region/management.tf index 4f41b4f..36ade56 100644 --- a/templates/complete_multi_region/management.tf +++ b/templates/complete_multi_region/management.tf @@ -1,7 +1,7 @@ module "management_es" { source = "./modules/management-es" - count = var.skip_deploy ? 0 : (var.management_use_avm ? 0 : 1) + count = var.skip_deploy ? 0 : 1 enable_telemetry = var.enable_telemetry settings = local.management_settings_es @@ -12,18 +12,3 @@ module "management_es" { azurerm.management = azurerm.management } } - -module "management_avm" { - source = "./modules/management-avm" - - count = var.skip_deploy ? 0 : (var.management_use_avm ? 1 : 0) - - enable_telemetry = var.enable_telemetry - settings = local.management_settings_avm - - providers = { - azurerm = azurerm - azurerm.connectivity = azurerm.connectivity - azurerm.management = azurerm.management - } -} diff --git a/templates/complete_multi_region/modules/management-avm/main.tf b/templates/complete_multi_region/modules/management-avm/main.tf deleted file mode 100644 index 3c7a73e..0000000 --- a/templates/complete_multi_region/modules/management-avm/main.tf +++ /dev/null @@ -1,7 +0,0 @@ -# Not implemented yet -output "temp_for_linting" { - value = { - settings = var.settings - enable_telemetry = var.enable_telemetry - } -} diff --git a/templates/complete_multi_region/modules/management-avm/terraform.tf b/templates/complete_multi_region/modules/management-avm/terraform.tf deleted file mode 100644 index f5314d8..0000000 --- a/templates/complete_multi_region/modules/management-avm/terraform.tf +++ /dev/null @@ -1,13 +0,0 @@ -terraform { - required_version = "~> 1.9" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "~> 3.107" - configuration_aliases = [ - azurerm.connectivity, - azurerm.management, - ] - } - } -} diff --git a/templates/complete_multi_region/modules/management-avm/variables.tf b/templates/complete_multi_region/modules/management-avm/variables.tf deleted file mode 100644 index 06e3c15..0000000 --- a/templates/complete_multi_region/modules/management-avm/variables.tf +++ /dev/null @@ -1,18 +0,0 @@ -variable "settings" { - type = any - default = {} - description = <. -If it is set to false, then no telemetry will be collected. -DESCRIPTION - nullable = false -} diff --git a/templates/complete_multi_region/modules/management-es/main.tf b/templates/complete_multi_region/modules/management-es/main.tf index 3ea1a33..039c0bd 100644 --- a/templates/complete_multi_region/modules/management-es/main.tf +++ b/templates/complete_multi_region/modules/management-es/main.tf @@ -1,6 +1,6 @@ module "management_groups" { source = "Azure/caf-enterprise-scale/azurerm" - version = "6.1.0" + version = "6.2.0" disable_telemetry = !var.enable_telemetry default_location = var.settings.default_location diff --git a/templates/complete_multi_region/modules/virtual-wan/main.tf b/templates/complete_multi_region/modules/virtual-wan/main.tf index 7926ece..0b918ea 100644 --- a/templates/complete_multi_region/modules/virtual-wan/main.tf +++ b/templates/complete_multi_region/modules/virtual-wan/main.tf @@ -20,7 +20,7 @@ module "firewall_policy" { module "virtual_wan" { source = "Azure/avm-ptn-virtualwan/azurerm" - version = "0.5.0" + version = "0.5.1" allow_branch_to_branch_traffic = try(var.virtual_wan_settings.allow_branch_to_branch_traffic, null) disable_vpn_encryption = try(var.virtual_wan_settings.disable_vpn_encryption, false) diff --git a/templates/complete_multi_region/variables-management.tf b/templates/complete_multi_region/variables-management.tf index 8f63fab..fc7402d 100644 --- a/templates/complete_multi_region/variables-management.tf +++ b/templates/complete_multi_region/variables-management.tf @@ -1,9 +1,3 @@ -variable "management_use_avm" { - type = bool - default = false - description = "Flag to enable/disable the use of the AVM version of the management modules" -} - variable "management_settings_avm" { type = any default = {} diff --git a/templates/complete_multi_region/yaml.tf b/templates/complete_multi_region/yaml.tf index 2591b6a..ae360df 100644 --- a/templates/complete_multi_region/yaml.tf +++ b/templates/complete_multi_region/yaml.tf @@ -19,7 +19,6 @@ locals { YAML yaml_file_hub_and_spoke_vnet_es = yamlencode({ - management_use_avm = var.management_use_avm management_settings_es = var.management_settings_es connectivity_type = var.connectivity_type connectivity_resource_groups = var.connectivity_resource_groups @@ -28,7 +27,6 @@ YAML }) yaml_file_virtual_wan_es = yamlencode({ - management_use_avm = var.management_use_avm management_settings_es = var.management_settings_es connectivity_type = var.connectivity_type connectivity_resource_groups = var.connectivity_resource_groups