Terraform module to generate virtual network, subnet, dns_zones.
| Name | Version |
|---|---|
| terraform | >= 1.8 |
| azurerm | >= 4 |
| Name | Version |
|---|---|
| azurerm | >= 4 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| vnet_name | The name of the virtual network. | string |
n/a | yes |
| azure_bastion_security_rules | A map of security rules to be created in the AzureBastionSubnet Network Security Group. The key of the map is the name of the security rule. This Map contains the required rules for the Azure Bastion Subnet. These rules are required for the Azure Bastion service to work properly. This map is merged with the default rules and security rules to create the final set of rules for the Azure Bastion Subnet. hclhcl |
map(object({ |
{ |
no |
| azure_bastion_source_ip_prefixes | The source IP prefixes that can access the Azure Bastion service, recommendation is not to use the default! | set(string) |
[ |
no |
| default_rules | A map of default security rules to be created in every Network Security Group, except if you specificy "network_security_group_config -> Azure default" in the subnet configuration. but of course, you can override these defaults by specifying the same rule in a new default_rules map.This map is merged with the security rules map to create the final set of rules for the Network Security Group. hclhcl |
map(object({ |
{ |
no |
| natgateway | This object describes the public IP configuration when creating Nat Gateway's with a public IP. If creating more than one public IP, then these values will be used for all public IPs. - allocation_method = (Required) - Defines the allocation method for this IP address. Possible values are Static or Dynamic.- ddos_protection_mode = (Optional) - The DDoS protection mode of the public IP. Possible values are Disabled, Enabled, and VirtualNetworkInherited. Defaults to VirtualNetworkInherited.- ddos_protection_plan_id = (Optional) - The ID of DDoS protection plan associated with the public IP. ddos_protection_plan_id can only be set when ddos_protection_mode is Enabled- domain_name_label = (Optional) - Label for the Domain Name. Will be used to make up the FQDN. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system.- idle_timeout_in_minutes = (Optional) - Specifies the timeout for the TCP idle connection. The value can be set between 4 and 30 minutes.- inherit_tags = (Optional) - Defaults to false. Set this to false if only the tags defined on this resource should be applied. - Future functionality leaving in.- ip_version = (Optional) - The IP Version to use, IPv6 or IPv4. Changing this forces a new resource to be created. Only static IP address allocation is supported for IPv6.- lock_level = (Optional) - Set this value to override the resource level lock value. Possible values are None, CanNotDelete, and ReadOnly.- name = (Optional) - The name of the Nat gateway. Changing this forces a new resource to be created.- sku = (Optional) - The SKU of the Public IP. Accepted values are Basic and Standard. Defaults to Standard to support zones by default. Changing this forces a new resource to be created. When sku_tier is set to Global, sku must be set to Standard.- sku_tier = (Optional) - The SKU tier of the Public IP. Accepted values are Global and Regional. Defaults to Regional- zones = (Optional) - A list of zones where this public IP should be deployed. Defaults to no zone. if you prefer, you can set other values for the zones ["1","2","3"]. Changing this forces a new resource to be created.Example Inputs: hclhcl |
object({ |
null |
no |
| private_dns | This object describes the private DNS configuration for the virtual network. - zone_name = (Required) - The name of the private DNS zone.- zone_link_enabled = (Optional) - Whether to link the private DNS zone to the virtual network. Defaults to true.- zone_link_name = (Optional) - The name of the private DNS zone link. Changing this forces a new resource to be created.- resource_group_name = (Optional) - The name of the resource group to link the private DNS zone to. Changing this forces a new resource to be created.Example Inputs: hclhcl |
map(object({ |
null |
no |
| public_ip | This object describes the public IP configuration when creating a public IP. Its is preconfigured by the Nat Gateway. - allocation_method = (Optional) - Defines the allocation method for this IP address. Possible values are Static or Dynamic, default is Static.- ip_version = (Optional) - The IP Version to use, IPv6 or IPv4. Changing this forces a new resource to be created. Only static IP address allocation is supported for IPv6, Default is IPv4.- name = (Optional) - The name of the Public IP. Changing this forces a new resource to be created.- sku = (Optional) - The SKU of the Public IP. Accepted values are Basic and Standard. Defaults to Standard. Changing this forces a new resource to be created.- sku_tier = (Optional) - The SKU Tier that should be used for the Public IP. Possible values are Regional and Global. Defaults to Regional. Changing this forces a new resource to be created.- zones = (Optional) - A collection containing the availability zone to allocate the Public IP in. Changing this forces a new resource to be created, Availability Zones are only supported with a Standard SKU and in select regions at this time. Standard SKU Public IP Addresses that do not specify a zone are not zone-redundant by default.} |
object({ |
{} |
no |
| resource_group | The name of the resource group in which to create the resources. | object({ |
{ |
no |
| security_rules | A map of security rules to be created in every Network Security Group. The key of the map is the name of the security rule. - access - (Required) Specifies whether network traffic is allowed or denied. Possible values are Allow and Deny.- name - (Required) Name of the network security rule to be created.- description - (Optional) A description for this rule. Restricted to 140 characters.- destination_address_prefix - (Optional) CIDR or destination IP range or * to match any IP. Tags such as VirtualNetwork, AzureLoadBalancer and Internet can also be used. Besides, it also supports all available Service Tags like ‘Sql.WestEurope‘, ‘Storage.EastUS‘, etc. You can list the available service tags with the CLI:shell az network list-service-tags --location westcentralus. For further information please see [Azure CLI - destination_address_prefixes - (Optional) List of destination address prefixes. Tags may not be used. This is required if destination_address_prefix is not specified.- destination_application_security_group_ids - (Optional) A List of destination Application Security Group IDs- destination_port_range - (Optional) Destination Port or Range. Integer or range between 0 and 65535 or * to match any. This is required if destination_port_ranges is not specified.- destination_port_ranges - (Optional) List of destination ports or port ranges. This is required if destination_port_range is not specified.- direction - (Required) The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are Inbound and Outbound.- name - (Required) The name of the security rule. This needs to be unique across all Rules in the Network Security Group. Changing this forces a new resource to be created.- priority - (Required) Specifies the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.- protocol - (Required) Network protocol this rule applies to. Possible values include Tcp, Udp, Icmp, Esp, Ah or * (which matches all).- resource_group_name - (Required) The name of the resource group in which to create the Network Security Rule. Changing this forces a new resource to be created.- source_address_prefix - (Optional) CIDR or source IP range or * to match any IP. Tags such as VirtualNetwork, AzureLoadBalancer and Internet can also be used. This is required if source_address_prefixes is not specified.- source_address_prefixes - (Optional) List of source address prefixes. Tags may not be used. This is required if source_address_prefix is not specified.- source_application_security_group_ids - (Optional) A List of source Application Security Group IDs- source_port_range - (Optional) Source Port or Range. Integer or range between 0 and 65535 or * to match any. This is required if source_port_ranges is not specified.- source_port_ranges - (Optional) List of source ports or port ranges. This is required if source_port_range is not specified.--- timeouts block supports the following:- create - (Defaults to 30 minutes) Used when creating the Network Security Rule.- delete - (Defaults to 30 minutes) Used when deleting the Network Security Rule.- read - (Defaults to 5 minutes) Used when retrieving the Network Security Rule.- update - (Defaults to 30 minutes) Used when updating the Network Security Rule.hclhcl |
map(object({ |
{} |
no |
| subnets | This object describes the subnets to create within the virtual network. - address_prefix = (Optional) - The address prefix to use for the subnet. Changing this forces a new resource to be created.- address_prefixes = (Optional) - The address prefixes to use for the subnet. Changing this forces a new resource to be created.- name = (Optional) - The name of the subnet. Changing this forces a new resource to be created.- create_network_security_group = (Optional) - Whether to create a specific Network Security Group for the subnet. Defaults to false.- network_security_group_config = (Optional) - The configuration for the Network Security Group. Changing this forces a new resource to be created.azure_default = (Optional) - Whether to use the Azure default Network Security Group rules. Defaults to false.- network_security_group_id = (Optional) - The ID of the Network Security Group to associate with the subnet. Changing this forces a new resource to be created.- no_nsg_association = (Optional) - Whether to associate a Network Security Group with the subnet. Defaults to false.- nat_gateway = (Optional) - The NAT Gateway to associate with the subnet. Changing this forces a new resource to be created.- network_security_group = (Optional) - The Network Security Group to associate with the subnet. Changing this forces a new resource to be created.- private_endpoint_network_policies = (Optional) - The network policies for private endpoints on the subnet. Possible values are Enabled and Disabled. Defaults to Enabled.- private_link_service_network_policies_enabled = (Optional) - Enable or disable network policies for private link service on the subnet. Defaults to true.- route_table = (Optional) - The Route Table to associate with the subnet. Changing this forces a new resource to be created.- service_endpoint_policies = (Optional) - The service endpoint policies to associate with the subnet. Changing this forces a new resource to be created.- service_endpoints = (Optional) - The service endpoints to associate with the subnet. Changing this forces a new resource to be created.- default_outbound_access_enabled = (Optional) - Whether to allow outbound traffic from the subnet. Defaults to false.- sharing_scope = (Optional) - The sharing scope of the subnet. Possible values are None, Shared, and Service. Defaults to None.- delegate_to = (Optional) - The service to delegate to. Changing this forces a new resource to be created.- timeouts = (Optional) - The timeouts for the subnet.- role_assignments = (Optional) - The role assignments for the subnet.Example Inputs: hclhcl |
map(object({ |
{} |
no |
| tags | A map of tags to assign to the resource. | map(string) |
{} |
no |
| vnet_address_space | The address space that is used by the virtual network. | list(string) |
[ |
no |
| vnet_dns_servers | The DNS servers to be used by the virtual network. | list(string) |
[] |
no |
| Name | Description |
|---|---|
| all_network_security_groups | A map of all network security groups created keyed by subnet |
| all_subnets | A list of all subnets created |
| id | The ID of the virtual network |
| name | The name of the virtual network |
| private_dns_zone_list | A map of private DNS zone names to their corresponding names and IDs |
| resource_group | The resource group in which the virtual network is created |
| subnets | A map of subnet names to their corresponding names and IDs |
| subnets_with_default_nsg | n/a |
| subnets_with_nsg | n/a |
| subnets_with_nsg_azure_default | n/a |
Copyright: Schuberg Philis
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.