Azure Support module. It creates a subnet, a Network Security Group and a bastion VM instance from a Claranet image by default. Included module documentation:
Module version | Terraform version | OpenTofu version | AzureRM version |
---|---|---|---|
>= 8.x.x | Unverified | 1.8.x | >= 4.0 |
>= 7.x.x | 1.3.x | >= 3.0 | |
>= 6.x.x | 1.x | >= 3.0 | |
>= 5.x.x | 0.15.x | >= 2.0 | |
>= 4.x.x | 0.13.x / 0.14.x | >= 2.0 | |
>= 3.x.x | 0.12.x | >= 2.0 | |
>= 2.x.x | 0.12.x | < 2.0 | |
< 2.x.x | 0.11.x | < 2.0 |
If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.
More details are available in the CONTRIBUTING.md file.
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper
available in the documentation.
module "azure_region" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
location = module.azure_region.location
client_name = var.client_name
environment = var.environment
stack = var.stack
}
module "azure_network_vnet" {
source = "claranet/vnet/azurerm"
version = "x.x.x"
environment = var.environment
location = module.azure_region.location
location_short = module.azure_region.location_short
client_name = var.client_name
stack = var.stack
resource_group_name = module.rg.resource_group_name
vnet_cidr = ["10.10.0.0/16"]
}
module "run" {
source = "claranet/run/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
monitoring_function_enabled = false
vm_monitoring_enabled = true
backup_vm_enabled = true
update_center_enabled = false
recovery_vault_cross_region_restore_enabled = true
vm_backup_daily_policy_retention = 31
}
resource "tls_private_key" "bastion" {
algorithm = "RSA"
}
module "support" {
source = "git::ssh://git@git.fr.clara.net/claranet/projects/cloud/azure/terraform/module/support.git?ref=vX.X.X"
client_name = var.client_name
location = module.azure_region.location
location_short = module.azure_region.location_short
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
virtual_network_name = module.azure_network_vnet.virtual_network_name
# Bastion parameters
vm_size = "Standard_B1s"
storage_os_disk_size_gb = "32"
admin_ssh_ips = var.admin_ssh_ips
# Define your private ip bastion if you want to override it
bastion_private_ip = "10.10.10.10"
# Set to null to deactivate backup (not recommended)
bastion_backup_policy_id = module.run.vm_backup_policy_id
# Optional: Put your SSH key here
ssh_public_key = tls_private_key.bastion.public_key_openssh
# Define your subnets if you want to override it
subnet_cidr_list = ["10.10.10.0/24"]
# support_dns_zone_name = var.support_dns_zone_name
# Diagnostics / logs
diagnostics_storage_account_name = module.run.logs_storage_account_name
azure_monitor_data_collection_rule_id = module.run.data_collection_rule_id
log_analytics_workspace_guid = module.run.log_analytics_workspace_guid
}
Name | Version |
---|---|
azurerm | ~> 3.108 |
tls | >= 3.0 |
Name | Source | Version |
---|---|---|
azure_region | claranet/regions/azurerm | ~> 7.2.0 |
bastion_vm | claranet/linux-vm/azurerm | ~> 7.13.0 |
claranet_gallery_images | claranet/claranet-gallery-images/azapi | ~> 7.0.0 |
support_nsg | claranet/nsg/azurerm | ~> 7.8.0 |
support_subnet | claranet/subnet/azurerm | ~> 7.2.0 |
Name | Type |
---|---|
azurerm_subnet_network_security_group_association.subnet_bastion_association | resource |
tls_private_key.ssh | resource |
azurerm_client_config.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
aad_ssh_login_admin_objects_ids | Azure Active Directory objects IDs allowed to connect as administrator on the VM. | list(string) |
[] |
no |
aad_ssh_login_enabled | Enable SSH logins with Azure Active Directory. | bool |
false |
no |
aad_ssh_login_extension_version | VM Extension version for Azure Active Directory SSH Login extension. | string |
"1.0" |
no |
aad_ssh_login_user_objects_ids | Azure Active Directory objects IDs allowed to connect as standard user on the VM. | list(string) |
[] |
no |
admin_password | Password for the administrator account of the virtual machine. | string |
null |
no |
admin_ssh_ips | Claranet IPs allowed to use SSH on bastion. | list(string) |
n/a | yes |
admin_username | Name of the administrator user. | string |
"claranet" |
no |
azure_monitor_agent_auto_upgrade_enabled | Automatically update agent when publisher releases a new version of the agent. | bool |
false |
no |
azure_monitor_agent_version | Azure Monitor Agent extension version. | string |
"1.12" |
no |
azure_monitor_data_collection_rule_id | Data Collection Rule ID from Azure Monitor for metrics and logs collection. Used with new monitoring agent, set to null if legacy agent is used. |
string |
n/a | yes |
bastion_backup_policy_id | Backup policy ID from the Recovery Vault to attach the Virtual Machine to (value to null to disable backup). |
string |
n/a | yes |
bastion_custom_data | The Base64-Encoded Custom Data which should be used for the bastion. Changing this forces a new resource to be created. | string |
null |
no |
bastion_extra_tags | Additional tags to associate with your bastion instance. | map(string) |
{} |
no |
bastion_identity | Map with identity block informations as described here https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine#identity. | object({ |
{ |
no |
bastion_maintenance_configuration_ids | List of maintenance configurations to attach to this VM. | list(string) |
[] |
no |
bastion_nic_accelerated_networking_enabled | Should Accelerated Networking be enabled? Defaults to false. | bool |
false |
no |
bastion_patch_mode | Specifies the mode of in-guest patching to this Linux Virtual Machine. Possible values are AutomaticByPlatform and ImageDefault |
string |
"ImageDefault" |
no |
bastion_private_ip | Allows to define the private IP to associate with the bastion. | string |
null |
no |
bastion_public_ip_sku | Public IP SKU attached to the bastion VM. Can be null if no public IP is needed.If set to null , the Terraform module must be executed from a host having connectivity to the bastion private IP.Thus, the bootstrap's ansible playbook will use the bastion private IP for inventory. |
string |
"Standard" |
no |
bastion_public_ip_zones | Zones for public IP attached to the VM. Can be null if no zone distpatch. |
list(number) |
[ |
no |
bastion_user_data | The Base64-Encoded User Data which should be used for the bastion. | string |
null |
no |
bastion_vm_image | Bastion Virtual Machine source image information. See https://www.terraform.io/docs/providers/azurerm/r/virtual_machine.html#storage_image_reference. This variable cannot be used if vm_image_id is already defined. Defaults to Claranet image. |
object({ |
null |
no |
bastion_vm_image_id | The ID of the Image which this Virtual Machine should be created from. This variable supersedes the vm_image variable if not null. Defaults to Claranet image. |
string |
null |
no |
client_name | Client name/account used in naming. | string |
n/a | yes |
custom_bastion_dns_label | Custom name for DNS label. | string |
null |
no |
custom_bastion_ipconfig_name | Custom name for IP Configuration. | string |
null |
no |
custom_bastion_nic_name | Custom name for NIC. | string |
null |
no |
custom_bastion_public_ip_name | Custom name for public IP. | string |
null |
no |
custom_bastion_storage_os_disk_name | Custom name for Bastion OS disk. | string |
"" |
no |
custom_bastion_vm_hostname | Custom Bastion hostname. | string |
"" |
no |
custom_bastion_vm_name | VM Name as displayed on the console. | string |
"" |
no |
custom_security_group_name | Custom name for Network Security Group. | string |
null |
no |
custom_subnet_name | Custom name for Subnet. | string |
null |
no |
default_outbound_access_enabled | Enable or disable default_outbound_access . See documentation. |
bool |
false |
no |
default_tags_enabled | Option to enable or disable default tags. | bool |
true |
no |
diagnostics_storage_account_name | Name of the Storage Account in which store VM diagnostics. | string |
n/a | yes |
environment | Project environment. | string |
n/a | yes |
extensions_extra_tags | Extra tags to set on the VM extensions. | map(string) |
{} |
no |
flow_log_enabled | Provision network watcher flow logs. | bool |
false |
no |
flow_log_location | The location where the Network Watcher Flow Log resides. Changing this forces a new resource to be created. Defaults to the location of the Network Watcher. |
string |
null |
no |
flow_log_logging_enabled | Enable Network Flow Logging. | bool |
true |
no |
flow_log_retention_policy_days | The number of days to retain flow log records. | number |
31 |
no |
flow_log_retention_policy_enabled | Boolean flag to enable/disable retention. | bool |
true |
no |
flow_log_storage_account_id | Network watcher flow log storage account ID. | string |
null |
no |
flow_log_traffic_analytics_enabled | Boolean flag to enable/disable traffic analytics. | bool |
true |
no |
flow_log_traffic_analytics_interval_in_minutes | How frequently service should do flow analytics in minutes. | number |
10 |
no |
location | Azure location. | string |
n/a | yes |
location_short | Short string for Azure location. | string |
n/a | yes |
log_analytics_workspace_guid | The resource GUID of the attached workspace. | string |
null |
no |
log_analytics_workspace_id | The resource ID of the attached workspace. | string |
null |
no |
log_analytics_workspace_location | The location of the attached workspace. | string |
null |
no |
name_prefix | Optional prefix for the generated name. | string |
"bastion" |
no |
name_suffix | Optional suffix for the generated name. | string |
"" |
no |
network_watcher_name | The name of the Network Watcher. Changing this forces a new resource to be created. | string |
null |
no |
network_watcher_resource_group_name | The name of the resource group in which the Network Watcher was deployed. Changing this forces a new resource to be created. | string |
null |
no |
nic_extra_tags | Additional tags to associate with your network interface. | map(string) |
{} |
no |
nsg_additional_rules | Additional network security group rules to add. For arguments please refer to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule#argument-reference. | list(object({ |
[] |
no |
nsg_extra_tags | Additional tags to associate with your Network Security Group. | map(string) |
{} |
no |
private_link_endpoint_enabled | Enable or disable network policies for the Private Endpoint on the subnet. | bool |
null |
no |
private_link_service_enabled | Enable or disable network policies for the Private Link Service on the subnet. | bool |
null |
no |
public_ip_extra_tags | Additional tags to associate with your public IP. | map(string) |
{} |
no |
resource_group_name | Resource group name. | string |
n/a | yes |
route_table_name | The Route Table name to associate with the subnet. | string |
null |
no |
route_table_rg | The Route Table RG to associate with the subnet. Default is the same RG than the subnet. | string |
null |
no |
service_endpoint_policy_ids | The list of IDs of Service Endpoint Policies to associate with the subnet. | list(string) |
null |
no |
service_endpoints | The list of Service endpoints to associate with the subnet. | list(string) |
[] |
no |
ssh_public_key | SSH public key, generated if empty. | string |
null |
no |
stack | Project stack name. | string |
n/a | yes |
storage_os_disk_account_type | The Type of Storage Account which should back this the Internal OS Disk. Possible values are Standard_LRS , StandardSSD_LRS , Premium_LRS , StandardSSD_ZRS and Premium_ZRS . |
string |
"Premium_ZRS" |
no |
storage_os_disk_caching | Specifies the caching requirements for the OS Disk. | string |
"ReadWrite" |
no |
storage_os_disk_extra_tags | Additional tags to set on the OS disk. | map(string) |
{} |
no |
storage_os_disk_overwrite_tags | True to overwrite existing OS disk tags instead of merging. | bool |
false |
no |
storage_os_disk_size_gb | Specifies the size of the OS Disk in gigabytes. | string |
n/a | yes |
storage_os_disk_tagging_enabled | Should OS disk tagging be enabled? Defaults to true . |
bool |
true |
no |
subnet_cidr_list | The address prefixes to use for the subnet. | list(string) |
n/a | yes |
virtual_network_name | Bastion VM virtual network name. | string |
n/a | yes |
virtual_network_resource_group_name | Bastion VM virtual network resource group name, default to resource_group_name if empty. |
string |
"" |
no |
vm_size | Bastion virtual machine size. | string |
n/a | yes |
Name | Description |
---|---|
bastion_admin_password | Password of the admin user. |
bastion_admin_username | Username of the admin user. |
bastion_hostname | Bastion hostname. |
bastion_maintenance_configurations_assignments | Maintenance configurations assignments configurations. |
bastion_network_interface_id | Bastion network interface ID. |
bastion_network_interface_private_ip | Bastion private IP. |
bastion_network_public_ip | Bastion public IP. |
bastion_network_public_ip_id | Bastion public IP ID. |
bastion_public_domain_name_label | Bastion public DNS. |
bastion_ssh_private_key | Bastion SSH private key. |
bastion_ssh_public_key | Bastion SSH public key. |
bastion_virtual_machine_id | Bastion virtual machine ID. |
bastion_virtual_machine_identity | System Identity assigned to the bastion virtual machine. |
bastion_virtual_machine_name | Bastion virtual machine name. |
bastion_virtual_machine_os_disk | Bastion virtual machine OS disk object. |
network_security_group_id | Network security group ID. |
network_security_group_name | Network security group name. |
subnet_cidr_list | CIDR list of the created subnet. |
subnet_id | ID of the created subnet. |
subnet_name | Name of the created subnet. |
terraform_module | Information about this Terraform module. |