Terraform Module to create a set of Azure network resources. Few of these resources added/excluded as per your requirement.
Following example to create a virtual network with subnets and network watcher resources.
module "vnet" {
source = "kumarvna/vnet/azurerm"
version = "2.0.0"
# By default, this module will not create a resource group, proivde the name here
# to use an existing resource group, specify the existing resource group name,
# and set the argument to `create_resource_group = true`. Location will be same as existing RG.
create_resource_group = true
resource_group_name = "rg-demo-westeurope-01"
vnetwork_name = "vnet-demo-westeurope-001"
location = "westeurope"
vnet_address_space = ["10.1.0.0/16"]
gateway_subnet_address_prefix = ["10.1.1.0/27"]
# Adding Standard DDoS Plan, and custom DNS servers (Optional)
create_ddos_plan = true
# Multiple Subnets, Service delegation, Service Endpoints, Network security groups
# These are default subnets with required configuration, check README.md for more details
# NSG association to be added automatically for all subnets listed here.
# First two address ranges from VNet Address space reserved for Gateway And Firewall Subnets.
# ex.: For 10.1.0.0/16 address space, usable address range start from 10.1.2.0/24 for all subnets.
# subnet name will be set as per Azure naming convention by defaut. expected value here is: <App or project name>
subnets = {
mgnt_subnet = {
subnet_name = "management"
subnet_address_prefix = ["10.1.2.0/24"]
service_endpoints = ["Microsoft.Storage"]
}
dmz_subnet = {
subnet_name = "appgateway"
subnet_address_prefix = ["10.1.3.0/24"]
service_endpoints = ["Microsoft.Storage"]
}
}
# Adding TAG's to your Azure resources (Required)
tags = {
ProjectName = "demo-internal"
Env = "dev"
Owner = "[email protected]"
BusinessUnit = "CORP"
ServiceClass = "Gold"
}
}Following example to create a virtual network with subnets, NSG, DDoS protection plan, and network watcher resources.
module "vnet" {
source = "kumarvna/vnet/azurerm"
version = "2.0.0"
# By default, this module will not create a resource group, proivde the name here
# to use an existing resource group, specify the existing resource group name,
# and set the argument to `create_resource_group = true`. Location will be same as existing RG.
create_resource_group = true
resource_group_name = "rg-demo-westeurope-01"
vnetwork_name = "vnet-demo-westeurope-001"
location = "westeurope"
vnet_address_space = ["10.1.0.0/16"]
firewall_subnet_address_prefix = ["10.1.0.0/26"]
gateway_subnet_address_prefix = ["10.1.1.0/27"]
# Adding Standard DDoS Plan, and custom DNS servers (Optional)
create_ddos_plan = true
# Multiple Subnets, Service delegation, Service Endpoints, Network security groups
# These are default subnets with required configuration, check README.md for more details
# NSG association to be added automatically for all subnets listed here.
# First two address ranges from VNet Address space reserved for Gateway And Firewall Subnets.
# ex.: For 10.1.0.0/16 address space, usable address range start from 10.1.2.0/24 for all subnets.
# subnet name will be set as per Azure naming convention by defaut. expected value here is: <App or project name>
subnets = {
mgnt_subnet = {
subnet_name = "management"
subnet_address_prefix = ["10.1.2.0/24"]
delegation = {
name = "testdelegation"
service_delegation = {
name = "Microsoft.ContainerInstance/containerGroups"
actions = ["Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action"]
}
}
nsg_inbound_rules = [
# [name, priority, direction, access, protocol, destination_port_range, source_address_prefix, destination_address_prefix]
# To use defaults, use "" without adding any values.
["weballow", "100", "Inbound", "Allow", "Tcp", "80", "*", "0.0.0.0/0"],
["weballow1", "101", "Inbound", "Allow", "", "443", "*", ""],
["weballow2", "102", "Inbound", "Allow", "Tcp", "8080-8090", "*", ""],
]
nsg_outbound_rules = [
# [name, priority, direction, access, protocol, destination_port_range, source_address_prefix, destination_address_prefix]
# To use defaults, use "" without adding any values.
["ntp_out", "103", "Outbound", "Allow", "Udp", "123", "", "0.0.0.0/0"],
]
}
dmz_subnet = {
subnet_name = "appgateway"
subnet_address_prefix = ["10.1.3.0/24"]
service_endpoints = ["Microsoft.Storage"]
nsg_inbound_rules = [
# [name, priority, direction, access, protocol, destination_port_range, source_address_prefix, destination_address_prefix]
# To use defaults, use "" without adding any values.
["weballow", "200", "Inbound", "Allow", "Tcp", "80", "*", ""],
["weballow1", "201", "Inbound", "Allow", "Tcp", "443", "AzureLoadBalancer", ""],
["weballow2", "202", "Inbound", "Allow", "Tcp", "9090", "VirtualNetwork", ""],
]
nsg_outbound_rules = [
# [name, priority, direction, access, protocol, destination_port_range, source_address_prefix, destination_address_prefix]
# To use defaults, use "" without adding any values.
]
}
}
# Adding TAG's to your Azure resources (Required)
tags = {
ProjectName = "demo-internal"
Env = "dev"
Owner = "[email protected]"
BusinessUnit = "CORP"
ServiceClass = "Gold"
}
}To run this example you need to execute following Terraform commands
terraform init
terraform plan
terraform applyRun terraform destroy when you don't need these resources.
| Name | Description |
|---|---|
resource_group_name |
The name of the resource group in which resources are created |
resource_group_id |
The id of the resource group in which resources are created |
resource_group_location |
The location of the resource group in which resources are created |
virtual_network_name |
The name of the virtual network. |
virtual_network_id |
The virtual NetworkConfiguration ID. |
virtual_network_address_space |
List of address spaces that are used the virtual network. |
subnet_ids |
List of IDs of subnets |
subnet_address_prefixes |
List of address prefix for subnets |
network_security_group_ids |
List of Network security groups and ids |
network_security_group |
Network security group details - Useful for splat expression. |
ddos_protection_plan |
Azure Network DDoS protection plan |
network_watcher_id |
ID of Network Watcher |