This module standardizes the creation of networks and subnets with options to create managed nat gateways and AZ promises. It was born from being frustrated with other modules that kept using count() statements instead of for_each() as I found it too brittle, and grew from there. The main goals/features here:
- creates a single virtual network
- creates multiple subnets
- can create a NAT Gateway per subnet with prefered AZ to create a zonal promise
- map service endpoints and policies as needed
This module bundles variables together into a map of strings fairly regularly, as it helps to organize things. In most cases, the key value works as a join/unifier between desired subnets. For example:
module "vnet" {
source = "Justin-DynamicD/virtual_network/azurerm"
global_settings = {
location = "West US 2"
resource_group_name = ""
}
network = {
address_spaces = ["10.10.0.0/16"]
}
subnets = {
network1 = "10.10.0.0/20"
network2 = "10.10.16.0/20"
network3 = "10.10.32.0/20"
}
ngw_subnet_azs = {
network1 = "1"
network3 = "3"
}
}In this example, the network gateways in ngw_subnet_azs will be asigned to the subnet in subnets with the matching name. As network2 does not have an associated key in ngw_subnet_azs, it will not get a NGW assigned.
global_settings = {
location = ""
name = ""
resource_group_name = ""
}| name | type | required | default | description |
|---|---|---|---|---|
| location | string | yes | - | sets the region for all resources created |
| name | string | yes | - | used for both the name of the virtual network and supporting resources where needed |
| resource_group_name | string | yes | - | name of the resource group in which to place all created resources |
network = {
address_spaces = []
dns_servers = []
}| name | type | required | default | description |
|---|---|---|---|---|
| address_spaces | list(string) | yes | - | list of CIDR blocks for the vnet ex: "10.0.0.0/8" |
| dns_servers | list(string) | no | [] | override Azure DNS servers with a defined set |
ngw_settings = {
public_ip_allocation_method = "Static"
public_ip_sku = "Standard"
ngw_sku = "Standard"
idle_timeout_in_minutes = "10"
}| name | type | required | default | description |
|---|---|---|---|---|
| public_ip_allocation_method | string | no | Static | public IP address allocation method |
| public_ip_sku | string | no | Standard | SKU/Tier for the Public IP |
| ngw_sku | string | no | Standard | SKU/Tier for the NAT Gateway |
| idle_timeout_in_minutes | string | no | 10 | session timeout for NAT Gateway |
subnets = {
subnet1 = "192.168.1.0/24"
}This is a key/value list of subnet names and IP ranges. All IP ranges must fit within the superscope defined in network.address_spaces. Excluding this map will will create a network with no subnets defined.
subnet_service_endpoints = {
subnet1 = ["Microsoft.KeyVault"]
}This map contains lists of services to associate with said subnet.
private_endpoint_network_policies = {
subnet1 = "Enabled"
}A map with key (string) subnet name, value (string) [Enabled, Disabled, NetworkSecurityGroupEnabled, RouteTableEnabled] to indicate network policies for the private link endpoint on the subnet. Default value is Disabled.
private_link_service_network_policies_enabled = {
subnet1 = true
}A map with key (string) subnet name, value (bool) true or false to indicate enable or disable network policies for the private link service on the subnet. Default value is false.
ngw_subnet_azs = {
subnet1 = null
}This is a key/value list of subnet names that will have a NAT gateway created and associated. The key is the name of the matching subnet, the value can be defined as null to create a regional NGW, or a int can be defined to assign the NGW to a specific availability zone and create a zonal promise. This int must be a valid availability zone in a supported region.
tags = {
Terraform = "true"
}Map of tags to apply to every resource that is created.
This module will provide the following outputs:
| name | type | description |
|---|---|---|
| vnet_address_space | string | The address space of the newly created vNet |
| vnet_id | string | The id of the newly created vNet |
| vnet_location | string | The location of the newly created vNet |
| vnet_name | string | The name of the newly created vNet |
| vnet_subnets | listof objects | list of subnet objects for each subnet |