added scenario 2 sample (Azure#282)

* added scenario 2 sample

* added additional module for AVS pc

* Updated routeserver and gateway modules with tags

* added firewall export

* corrected module naming error

* corrected module naming error

* added globalreach module

Author: jchancellor-ms

terraform/modules/avs_azure_firewall_w_log_analytics/outputs.tf

@@ -20,4 +20,8 @@ output "firewall_policy_name" {
 
 output "firewall_policy_id" {
   value = azurerm_firewall_policy.avs_base_policy.id
+}
+
+output "firewall_rg_name" {
+  value = var.rg_name
 }

terraform/modules/avs_expressroute_gateway/main.tf

@@ -4,12 +4,14 @@ resource "azurerm_public_ip" "gatewaypip" {
   location            = var.rg_location
   allocation_method   = "Dynamic"
   sku                 = "Basic" #required for an ultraperformance gateway
+  tags                = var.tags
 }
 
 resource "azurerm_virtual_network_gateway" "gateway" {
   name                = var.expressroute_gateway_name
   resource_group_name = var.rg_name
   location            = var.rg_location
+  tags                = var.tags
 
   type = "ExpressRoute"
   sku  = var.expressroute_gateway_sku
@@ -22,18 +24,6 @@ resource "azurerm_virtual_network_gateway" "gateway" {
   }
 }
 
-resource "azurerm_virtual_network_gateway_connection" "avs" {
-  name                = var.express_route_connection_name
-  location            = var.rg_location
-  resource_group_name = var.rg_name
-  enable_bgp          = true
-
-  type                       = "ExpressRoute"
-  virtual_network_gateway_id = azurerm_virtual_network_gateway.gateway.id
-  express_route_circuit_id   = var.express_route_id
-  authorization_key          = var.express_route_authorization_key
-}
-
 #############################################################################################
 # Telemetry Section - Toggled on and off with the telemetry variable
 # This allows us to get deployment frequency statistics for deployments

terraform/modules/avs_expressroute_gateway/variables.tf

@@ -29,19 +29,9 @@ variable "gateway_subnet_id" {
   description = "The full resource id for the subnet where the bastion will be deployed"
 }
 
-variable "express_route_connection_name" {
-  type        = string
-  description = "Azure resource name for the express_route connection to the AVS private cloud"
-}
-
-variable "express_route_id" {
-  type        = string
-  description = "Azure resource id for the AVS express_route"
-}
-
-variable "express_route_authorization_key" {
-  type        = string
-  description = "AVS private cloud express route authorization key"
+variable "tags" {
+  type        = map(string)
+  description = "List of the tags that will be assigned to each resource"
 }
 
 #################################################################

terraform/modules/avs_expressroute_gateway_old/example.tfvars.template

@@ -0,0 +1,11 @@
+  #This is a template file for the module
+  #Items that are bracketed are typically resource links to other module output
+  expressroute_pip_name           = "AVS_EXR_PIP"
+  expressroute_gateway_name       = "AVS_EXR_GW"
+  expressroute_gateway_sku        = "Standard"
+  rg_name                         = "AVS_Sample_RG"
+  rg_location                     = "Southeast Asia"
+  gateway_subnet_id               = "<resource_id_of_the_gateway_subnet>"
+  express_route_connection_name   = "AVS_EXR_Connection"
+  express_route_id                = "<resource_id_of_the_AVS_expressroute>"
+  express_route_authorization_key = "<authorization_key_of_the_AVS>"

terraform/modules/avs_expressroute_gateway_old/main.tf

@@ -0,0 +1,77 @@
+resource "azurerm_public_ip" "gatewaypip" {
+  name                = var.expressroute_pip_name
+  resource_group_name = var.rg_name
+  location            = var.rg_location
+  allocation_method   = "Dynamic"
+  sku                 = "Basic" #required for an ultraperformance gateway
+}
+
+resource "azurerm_virtual_network_gateway" "gateway" {
+  name                = var.expressroute_gateway_name
+  resource_group_name = var.rg_name
+  location            = var.rg_location
+
+  type = "ExpressRoute"
+  sku  = var.expressroute_gateway_sku
+
+  ip_configuration {
+    name                          = "default"
+    public_ip_address_id          = azurerm_public_ip.gatewaypip.id
+    private_ip_address_allocation = "Dynamic"
+    subnet_id                     = var.gateway_subnet_id
+  }
+}
+
+resource "azurerm_virtual_network_gateway_connection" "avs" {
+  name                = var.express_route_connection_name
+  location            = var.rg_location
+  resource_group_name = var.rg_name
+  enable_bgp          = true
+
+  type                       = "ExpressRoute"
+  virtual_network_gateway_id = azurerm_virtual_network_gateway.gateway.id
+  express_route_circuit_id   = var.express_route_id
+  authorization_key          = var.express_route_authorization_key
+}
+
+#############################################################################################
+# Telemetry Section - Toggled on and off with the telemetry variable
+# This allows us to get deployment frequency statistics for deployments
+# Re-using parts of the Core Enterprise Landing Zone methodology
+#############################################################################################
+locals {
+  #create an empty ARM template to use for generating the deployment value
+  telem_arm_subscription_template_content = <<TEMPLATE
+    {
+      "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+      "contentVersion": "1.0.0.0",
+      "parameters": {},
+      "variables": {},
+      "resources": [],
+      "outputs": {
+        "telemetry": {
+          "type": "String",
+          "value": "For more information, see https://aka.ms/alz/tf/telemetry"
+        }
+      }
+    }
+    TEMPLATE
+  module_identifier                       = lower("avs_expressroute_gateway")
+  telem_arm_deployment_name               = "${lower(var.guid_telemetry)}.${substr(local.module_identifier, 0, 20)}.${random_string.telemetry.result}"
+}
+
+#create a random string for uniqueness  
+resource "random_string" "telemetry" {
+  length  = 4
+  special = false
+  upper   = false
+  lower   = true
+}
+
+resource "azurerm_subscription_template_deployment" "telemetry_core" {
+  count = var.module_telemetry_enabled ? 1 : 0
+
+  name             = local.telem_arm_deployment_name
+  location         = var.rg_location
+  template_content = local.telem_arm_subscription_template_content
+}

terraform/modules/avs_expressroute_gateway_old/outputs.tf

@@ -0,0 +1,3 @@
+output "expressroute_gateway_id" {
+  value = azurerm_virtual_network_gateway.gateway.id
+}

terraform/modules/avs_expressroute_gateway_old/readme.md

@@ -0,0 +1,8 @@
+### General 
+
+* Description: This module creates a new ExpressRoute gateway in an existing VNet and then creates the AVS expressRoute connection using a previously generated ExpressRoute authorization key.  The existing VNet requires that an appropriately sized GatewaySubnet exists and is used for the deployment. Resource ID inputs are usually outputs from other modules, but can be input as the full resource ID string.
+
+* The module leverages variables for naming and common values to be modified as part of the deployment.
+
+* A tfvars template file has been included for use if implementing this module as a standalone deployment.
+

terraform/modules/avs_expressroute_gateway_old/variables.tf

@@ -0,0 +1,61 @@
+#################################################################
+# module variables
+#################################################################
+variable "expressroute_pip_name" {
+  type        = string
+  description = "Azure resource name assigned to the expressroute public ip"
+}
+variable "expressroute_gateway_name" {
+  type        = string
+  description = "Azure resource name assigned to the AVS expressroute gateway instance"
+}
+variable "expressroute_gateway_sku" {
+  type        = string
+  description = "The sku for the AVS expressroute gateway"
+  default     = "Standard"
+}
+
+variable "rg_name" {
+  type        = string
+  description = "Resource Group Name where the expressroute gateway and the associated public ip are being deployed"
+}
+variable "rg_location" {
+  type        = string
+  description = "Resource Group location"
+  default     = "westus2"
+}
+variable "gateway_subnet_id" {
+  type        = string
+  description = "The full resource id for the subnet where the bastion will be deployed"
+}
+
+variable "express_route_connection_name" {
+  type        = string
+  description = "Azure resource name for the express_route connection to the AVS private cloud"
+}
+
+variable "express_route_id" {
+  type        = string
+  description = "Azure resource id for the AVS express_route"
+}
+
+variable "express_route_authorization_key" {
+  type        = string
+  description = "AVS private cloud express route authorization key"
+}
+
+#################################################################
+# telemetry variables
+#################################################################
+variable "module_telemetry_enabled" {
+  type        = bool
+  description = "toggle the telemetry on/off for this module"
+  default     = true
+}
+
+variable "guid_telemetry" {
+  type        = string
+  description = "guid used for telemetry identification. Defaults to module guid, but overrides with root if needed."
+  default     = "0f9a8adc-9d37-40b3-aaed-ab34b95cf6dd"
+}
+

terraform/modules/avs_expressroute_globalreach/inputs.auto.tfvars

@@ -0,0 +1,4 @@
+gr_connection_name = "test_gr_connection"
+private_cloud_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/privatecloudrg/providers/Microsoft.AVS/privateClouds/privatecloudname"
+gr_remote_auth_key = "00000000-0000-0000-0000-000000000000"
+gr_remote_expr_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/expressrouterg/providers/Microsoft.Network/expressRouteCircuits/expressroutename"

terraform/modules/avs_expressroute_globalreach/main.tf

@@ -0,0 +1,11 @@
+resource "azapi_resource" "globalreach_connections" {
+  type = "Microsoft.AVS/privateClouds/globalReachConnections@2022-05-01"
+  name = var.gr_connection_name
+  parent_id = var.private_cloud_id
+  body = jsonencode({
+    properties = {
+      authorizationKey = var.gr_remote_auth_key
+      peerExpressRouteCircuit = var.gr_remote_expr_id
+    }
+  })
+}

terraform/modules/avs_expressroute_globalreach/outputs.tf

@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    azapi = {
+      source = "azure/azapi"
+    }
+  }
+}

terraform/modules/avs_expressroute_globalreach/providers.tf

@@ -0,0 +1,19 @@
+variable "gr_connection_name" {
+  type = string
+  description = "Name for the new global reach connection"
+}
+
+variable "private_cloud_id" {
+  type = string
+  description = "The Azure Resource ID for the private cloud where the global reach connection will originate from"
+}
+
+variable "gr_remote_auth_key" {
+  type = string
+  description = "The authorization key value for the remote expressRoute where the global reach connection will connect to"
+}
+
+variable "gr_remote_expr_id" {
+  type = string
+  description = "The Azure Resource ID for the remote expressRoute circuit where the global reach connection will connect to"
+}