Skip to content
/ terraform-azurerm-network Public
generated from cyber-scot/terraform-module-repo-template

A module used to deploy a virtual network and various other resources πŸ™Œ

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cyber-scot/terraform-azurerm-network

BranchesTags

Repository files navigation

resource "azurerm_virtual_network" "vnet" {
  name                = var.vnet_name
  resource_group_name = var.rg_name
  location            = var.location
  address_space       = var.vnet_address_space
  dns_servers         = var.dns_servers
  tags                = var.tags
}

resource "azurerm_subnet" "subnet" {
  for_each = var.subnets

  name                                          = each.key
  resource_group_name                           = var.rg_name
  virtual_network_name                          = azurerm_virtual_network.vnet.name
  address_prefixes                              = toset(each.value.address_prefixes)
  service_endpoints                             = toset(each.value.service_endpoints)
  service_endpoint_policy_ids                   = toset(each.value.service_endpoint_policy_ids)
  private_endpoint_network_policies_enabled     = each.value.private_endpoint_network_policies_enabled
  private_link_service_network_policies_enabled = each.value.private_link_service_network_policies_enabled

  dynamic "delegation" {
    for_each = each.value.delegation != null ? each.value.delegation : []
    content {
      name = delegation.value.type
      service_delegation {
        name    = delegation.value.type
        actions = lookup(var.subnet_delegations_actions, delegation.value.type, delegation.value.action)
      }
    }
  }
}

locals {
  subnets = {
    for subnet in azurerm_subnet.subnet :
    subnet.name => subnet.id
  }
}

resource "azurerm_subnet_network_security_group_association" "vnet" {
  for_each                  = var.nsg_ids != null ? var.nsg_ids : {}
  subnet_id                 = local.subnets[each.key]
  network_security_group_id = each.value
}

locals {
  route_table_associations = { for assoc in azurerm_subnet_route_table_association.this : assoc.id => { subnet_id = assoc.subnet_id, route_table_id = assoc.route_table_id } }

  grouped_by_route_table = { for rt_id in distinct([for assoc in local.route_table_associations : local.route_table_associations[assoc].route_table_id]) :
    rt_id => [for assoc in local.route_table_associations : local.route_table_associations[assoc].subnet_id if local.route_table_associations[assoc].route_table_id == rt_id]
  }
}


resource "azurerm_route_table" "this" {
  for_each = var.route_tables

  name                          = each.key
  location                      = var.location
  resource_group_name           = var.rg_name
  disable_bgp_route_propagation = false

  dynamic "route" {
    for_each = each.value.routes
    content {
      name                   = route.key
      address_prefix         = route.value.address_prefix
      next_hop_type          = route.value.next_hop_type
      next_hop_in_ip_address = lookup(route.value, "next_hop_in_ip_address", null)
    }
  }
}

resource "azurerm_subnet_route_table_association" "this" {
  depends_on     = [azurerm_subnet.subnet]
  for_each       = var.subnet_route_table_associations
  subnet_id      = local.subnets[each.key]
  route_table_id = azurerm_route_table.this[each.value].id
}

Requirements

No requirements.

Providers

Name Version
azurerm n/a

Modules

No modules.

Resources

Name Type
azurerm_route_table.this resource
azurerm_subnet.subnet resource
azurerm_subnet_network_security_group_association.vnet resource
azurerm_subnet_route_table_association.this resource
azurerm_virtual_network.vnet resource

Inputs

Name Description Type Default Required
dns_servers The DNS servers to be used with vNet. list(string) [] no
location The location for this resource to be put in string n/a yes
nsg_ids A map of subnet name to Network Security Group IDs map(string) {} no
rg_name The name of the resource group, this module does not create a resource group, it is expecting the value of a resource group already exists string n/a yes
route_tables Map of Route Tables to be created, where the key is the name of the Route Table. 
map(object({
    routes = map(object({
      address_prefix         = string
      next_hop_type          = string
      next_hop_in_ip_address = optional(string)
    }))
  }))
 {} no
route_tables_ids A map of subnet name to Route table ids map(string) {} no
subnet_delegations_actions List of delegation actions when delegations of subnets is used, will be done for query map(list(string)) 
{
  "GitHub.Network/networkSettings": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.AVS/PrivateClouds": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.ApiManagement/service": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Apollo/npu": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.App/environments": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.App/testClients": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.AzureCosmosDB/clusters": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.BareMetal/AzureHPC": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.BareMetal/AzureHostedService": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.BareMetal/AzurePaymentHSM": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.BareMetal/AzureVMware": [
    "Microsoft.Network/networkinterfaces/",
    "Microsoft.Network/virtualNetworks/subnets/join/action"
  ],
  "Microsoft.BareMetal/CrayServers": [
    "Microsoft.Network/networkinterfaces/",
    "Microsoft.Network/virtualNetworks/subnets/join/action"
  ],
  "Microsoft.BareMetal/MonitoringServers": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Batch/batchAccounts": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.CloudTest/hostedpools": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.CloudTest/images": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.CloudTest/pools": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Codespaces/plans": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.ContainerInstance/containerGroups": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.ContainerService/TestClients": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.ContainerService/managedClusters": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.DBforMySQL/flexibleServers": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.DBforMySQL/servers": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.DBforMySQL/serversv2": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.DBforPostgreSQL/flexibleServers": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.DBforPostgreSQL/serversv2": [
    "Microsoft.Network/virtualNetworks/subnets/join/action"
  ],
  "Microsoft.DBforPostgreSQL/singleServers": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Databricks/workspaces": [
    "Microsoft.Network/virtualNetworks/subnets/join/action",
    "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
    "Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action"
  ],
  "Microsoft.DelegatedNetwork/controller": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.DevCenter/networkConnection": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.DocumentDB/cassandraClusters": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Fidalgo/networkSettings": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.HardwareSecurityModules/dedicatedHSMs": [
    "Microsoft.Network/networkinterfaces/",
    "Microsoft.Network/virtualNetworks/subnets/join/action"
  ],
  "Microsoft.Kusto/clusters": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.LabServices/labplans": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Logic/integrationServiceEnvironments": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.MachineLearningServices/workspaces": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Netapp/volumes": [
    "Microsoft.Network/networkinterfaces/",
    "Microsoft.Network/virtualNetworks/subnets/join/action"
  ],
  "Microsoft.Network/dnsResolvers": [
    "Microsoft.Network/virtualNetworks/subnets/join/action"
  ],
  "Microsoft.Network/fpgaNetworkInterfaces": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Network/managedResolvers": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Network/networkWatchers.": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Network/virtualNetworkGateways": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Orbital/orbitalGateways": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.PowerPlatform/enterprisePolicies": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.PowerPlatform/vnetaccesslinks": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.ServiceFabricMesh/networks": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.ServiceNetworking/trafficControllers": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Singularity/accounts/networks": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Singularity/accounts/npu": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Sql/managedInstances": [
    "Microsoft.Network/virtualNetworks/subnets/join/action",
    "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
    "Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action"
  ],
  "Microsoft.Sql/managedInstancesOnebox": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Sql/managedInstancesStage": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Sql/managedInstancesTest": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Sql/servers": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.StoragePool/diskPools": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.StreamAnalytics/streamingJobs": [
    "Microsoft.Network/virtualNetworks/subnets/join/action"
  ],
  "Microsoft.Synapse/workspaces": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Web/hostingEnvironments": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Microsoft.Web/serverFarms": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "NGINX.NGINXPLUS/nginxDeployments": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "PaloAltoNetworks.Cloudngfw/firewalls": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ],
  "Qumulo.Storage/fileSystems": [
    "Microsoft.Network/virtualNetworks/subnets/action"
  ]
}
 no
subnet_enforce_private_link_endpoint_network_policies A map of subnet name to enable/disable private link endpoint network policies on the subnet. map(bool) {} no
subnet_enforce_private_link_service_network_policies A map of subnet name to enable/disable private link service network policies on the subnet. map(bool) {} no
subnet_route_table_associations Map where the key is the subnet name and the value is the name of the route table to associate with. map(string) {} no
subnet_service_endpoints A map of subnet name to service endpoints to add to the subnet. map(any) {} no
subnets Map of subnets with their properties 
map(object({
    address_prefixes                              = set(string)
    private_endpoint_network_policies_enabled     = optional(bool, true)
    private_link_service_network_policies_enabled = optional(bool, false)
    service_endpoint_policy_ids                   = optional(set(string))
    delegation = optional(list(object({
      type   = optional(string)
      action = optional(list(string)) # Optional user-defined action
    })))
    service_endpoints = optional(list(string))
  }))
 {} no
tags The tags to associate with your network and subnets. map(string) n/a yes
vnet_address_space The address space that is used by the virtual network. list(string) n/a yes
vnet_location The location of the vnet to create. Defaults to the location of the resource group. string n/a yes
vnet_name Name of the vnet to create string n/a yes

Outputs

Name Description
route_table_ids Map of Route Table names to their IDs.
subnet_ids_associated_with_route_tables The IDs of the subnets associated with each route table
subnets_ids The ids of the subnets created
subnets_names The name of the subnets created
vnet_address_space The address space of the newly created vNet
vnet_dns_servers The dns servers of the vnet, if it is using Azure default, this module will return the Azure 'wire' IP as a list of string in the 1st element
vnet_id The id of the newly created vNet
vnet_location The location of the newly created vNet
vnet_name The Name of the newly created vNet
vnet_rg_name The resource group name which the VNet is in

About

A module used to deploy a virtual network and various other resources πŸ™Œ

Topics

azure terraform terraform-module terraform-registry azurerm-terraform-provider azure-terraform

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages