This terraform module simplifies the process of creating and managing virtual network resources on azure with configurable options for network topology, subnets, security groups, and more to ensure a secure and efficient environment for resource communication in the cloud.
Optional network security group for each subnet, capable of managing multiple rules
Association of a single network security group with multiple subnets
Support for multiple service endpoints and delegations, including actions
Utilization of terratest for robust validation
Route table support with multiple user defined routes
Association of multiple subnets with a single route table
Optional virtual network peering for enhanced network integration
Offers three-tier naming hierarchy (explicit, convention-based, or key-based) for flexible resource management.
The following requirements are needed by this module:
The following providers are used by this module:
- azurerm (~> 4.0)
The following resources are used by this module:
- azurerm_network_security_group.nsg (resource)
- azurerm_network_security_rule.rules (resource)
- azurerm_route.routes (resource)
- azurerm_route_table.rt (resource)
- azurerm_subnet.subnets (resource)
- azurerm_subnet_network_security_group_association.nsg_as (resource)
- azurerm_subnet_route_table_association.rt_as (resource)
- azurerm_virtual_network.vnet (resource)
- azurerm_virtual_network_dns_servers.dns (resource)
- azurerm_virtual_network.existing (data source)
The following input variables are required:
Description: Contains all virtual network configuration
Type:
object({
name = string
address_space = optional(list(string))
ip_address_pool = optional(object({
id = string
number_of_ip_addresses = number
}))
resource_group_name = optional(string)
location = optional(string)
use_existing_vnet = optional(bool, false)
edge_zone = optional(string)
bgp_community = optional(string)
flow_timeout_in_minutes = optional(number)
private_endpoint_vnet_policies = optional(string)
dns_servers = optional(list(string), [])
tags = optional(map(string))
ddos_protection_plan = optional(object({
id = string
enable = optional(bool, true)
}))
encryption = optional(object({
enforcement = string
}))
subnets = optional(map(object({
name = optional(string)
address_prefixes = list(string)
service_endpoints = optional(list(string), [])
private_link_service_network_policies_enabled = optional(bool, false)
private_endpoint_network_policies = optional(string, "Disabled")
service_endpoint_policy_ids = optional(list(string), [])
default_outbound_access_enabled = optional(bool, null)
delegations = optional(map(object({
name = string
actions = optional(list(string), [])
})), {})
network_security_group = optional(object({
name = optional(string)
rules = optional(map(object({
name = optional(string)
priority = number
direction = string
access = string
protocol = string
source_port_range = optional(string)
source_port_ranges = optional(list(string))
destination_port_range = optional(string)
destination_port_ranges = optional(list(string))
source_address_prefix = optional(string)
source_address_prefixes = optional(list(string))
destination_address_prefix = optional(string)
destination_address_prefixes = optional(list(string))
description = optional(string)
source_application_security_group_ids = optional(list(string), [])
destination_application_security_group_ids = optional(list(string), [])
})), {})
}))
route_table = optional(object({
name = optional(string)
bgp_route_propagation_enabled = optional(bool, true)
routes = optional(map(object({
name = optional(string)
address_prefix = string
next_hop_type = string
next_hop_in_ip_address = optional(string, null)
})), {})
}))
shared = optional(object({
network_security_group = optional(string)
route_table = optional(string)
}), {})
})), {})
network_security_groups = optional(map(object({
name = optional(string)
rules = optional(map(object({
name = optional(string)
priority = number
direction = string
access = string
protocol = string
source_port_range = optional(string)
source_port_ranges = optional(list(string), null)
destination_port_range = optional(string, null)
destination_port_ranges = optional(list(string), null)
source_address_prefix = optional(string, null)
source_address_prefixes = optional(list(string), null)
destination_address_prefix = optional(string, null)
destination_address_prefixes = optional(list(string), null)
description = optional(string, null)
source_application_security_group_ids = optional(list(string), [])
destination_application_security_group_ids = optional(list(string), [])
})), {})
})), {})
route_tables = optional(map(object({
name = optional(string)
bgp_route_propagation_enabled = optional(bool, true)
routes = optional(map(object({
name = optional(string)
address_prefix = string
next_hop_type = string
next_hop_in_ip_address = optional(string, null)
})), {})
})), {})
})The following input variables are optional (have default values):
Description: default azure region to be used.
Type: string
Default: null
Description: Used for naming purposes
Type: map(string)
Default: null
Description: default resource group to be used.
Type: string
Default: null
Description: tags to be added to the resources
Type: map(string)
Default: {}
Description: Whether to use existing VNet for all vnets
Type: bool
Default: false
The following outputs are exported:
Description: contains network security group configuration
Description: contains subnet configuration
Description: contains virtual network configuration
For more information, please see our goals and non-goals.
For more information, please see our testing guidelines
Using a dedicated module, we've developed a naming convention for resources that's based on specific regular expressions for each type, ensuring correct abbreviations and offering flexibility with multiple prefixes and suffixes.
Full examples detailing all usages, along with integrations with dependency modules, are located in the examples directory.
To update the module's documentation run make doc
We welcome contributions from the community! Whether it's reporting a bug, suggesting a new feature, or submitting a pull request, your input is highly valued.
For more information, please see our contribution guidelines.
MIT Licensed. See LICENSE for full details.