diff --git a/modules/appgw/.header.md b/modules/appgw/.header.md index 69f6344..93f28cb 100644 --- a/modules/appgw/.header.md +++ b/modules/appgw/.header.md @@ -8,7 +8,7 @@ In order to use module `appgw`, you need to deploy `azurerm_resource_group` and Then you can use below code as an example of calling module to create Application Gateway: ```hcl -# Create Application Gateay +# Create Application Gateway module "appgw" { source = "PaloAltoNetworks/swfw-modules/azurerm//modules/appgw" @@ -79,6 +79,13 @@ appgws = { port = 80 } } + backend_settings = { + minimum = { + name = "http-backend" + port = 80 + protocol = "Http" + } + } rewrites = { minimum = { name = "minimum-set" @@ -97,9 +104,9 @@ appgws = { minimum = { name = "minimum-rule" priority = 1 - backend = "minimum" - listener = "minimum" - rewrite = "minimum" + backend_key = "minimum" + listener_key = "minimum" + rewrite_key = "minimum" } } } @@ -129,13 +136,11 @@ appgws = { capacity = { static = 2 } - backends = { + backend_settings = { existing = { name = "http-backend" port = 80 protocol = "Http" - timeout = 60 - cookie_based_affinity = "Enabled" } } listeners = { @@ -162,9 +167,9 @@ appgws = { existing = { name = "existing-rule" priority = 1 - backend = "existing" - listener = "existing" - rewrite = "existing" + backend_key = "existing" + listener_key = "existing" + rewrite_key = "existing" } } } @@ -195,13 +200,11 @@ appgws = { max = 20 } } - backends = { + backend_settings = { http = { name = "http-backend" port = 80 protocol = "Http" - timeout = 60 - cookie_based_affinity = "Enabled" } } listeners = { @@ -214,8 +217,8 @@ appgws = { http = { name = "http-rule" priority = 1 - backend = "http" - listener = "http" + backend_key = "http" + listener_key = "http" } } } @@ -250,13 +253,11 @@ appgws = { rule_set_type = "OWASP" rule_set_version = "3.2" } - backends = { + backend_settings = { waf = { name = "waf-backend" port = 80 protocol = "Http" - timeout = 60 - cookie_based_affinity = "Enabled" } } listeners = { @@ -283,9 +284,9 @@ appgws = { minimum = { name = "waf-rule" priority = 1 - backend = "waf" - listener = "waf" - rewrite = "waf" + backend_key = "waf" + listener_key = "waf" + rewrite_key = "waf" } } } @@ -342,9 +343,9 @@ appgws = { capacity = { static = 2 } - ssl_global = { - ssl_policy_type = "Predefined" - ssl_policy_name = "AppGwSslPolicy20170401" + global_ssl_policy = { + type = "Predefined" + name = "AppGwSslPolicy20170401" } ssl_profiles = { profile1 = { @@ -360,7 +361,7 @@ appgws = { protocol = "Https" ssl_profile_name = "appgw-ssl-profile1" ssl_certificate_path = "./files/test1.pfx" - ssl_certificate_pass = "" + ssl_certificate_pass = "123abc" host_names = ["test1.appgw.local"] } https2 = { @@ -368,20 +369,20 @@ appgws = { port = 443 protocol = "Https" ssl_certificate_path = "./files/test2.pfx" - ssl_certificate_pass = "" + ssl_certificate_pass = "123abc" host_names = ["test2.appgw.local"] } } backend_pool = { name = "vmseries-pool" } - backends = { + backend_settings = { https1 = { name = "https1-settings" port = 481 protocol = "Https" timeout = 60 - cookie_based_affinity = "Enabled" + use_cookie_based_affinity = true hostname_from_backend = false hostname = "test1.appgw.local" root_certs = { @@ -396,7 +397,7 @@ appgws = { port = 482 protocol = "Https" timeout = 60 - cookie_based_affinity = "Enabled" + use_cookie_based_affinity = true hostname_from_backend = false hostname = "test2.appgw.local" root_certs = { @@ -453,16 +454,16 @@ appgws = { https1 = { name = "https1-rule" priority = 2 - backend = "https1" - listener = "https1" - rewrite = "https1" + backend_key = "https1" + listener_key = "https1" + rewrite_key = "https1" } https2 = { name = "https2-rule" priority = 3 - backend = "https2" - listener = "https2" - rewrite = "https2" + backend_key = "https2" + listener_key = "https2" + rewrite_key = "https2" } } } @@ -498,10 +499,10 @@ appgws = { capacity = { static = 2 } - ssl_global = { - ssl_policy_type = "Custom" - ssl_policy_min_protocol_version = "TLSv1_0" - ssl_policy_cipher_suites = ["TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + global_ssl_policy = { + type = "Custom" + min_protocol_version = "TLSv1_0" + cipher_suites = ["TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", @@ -583,21 +584,21 @@ appgws = { backend_pool = { name = "vmseries-pool" } - backends = { + backend_settings = { http = { name = "http-settings" port = 80 protocol = "Http" timeout = 60 - cookie_based_affinity = "Enabled" - probe = "http" + use_cookie_based_affinity = true + probe_key = "http" } https1 = { name = "https1-settings" port = 481 protocol = "Https" timeout = 60 - cookie_based_affinity = "Enabled" + use_cookie_based_affinity = true hostname_from_backend = false hostname = "test1.appgw.local" root_certs = { @@ -606,14 +607,14 @@ appgws = { path = "./files/ca-cert1.pem" } } - probe = "https1" + probe_key = "https1" } https2 = { name = "https2-settings" port = 482 protocol = "Https" timeout = 60 - cookie_based_affinity = "Enabled" + use_cookie_based_affinity = true hostname_from_backend = false hostname = "test2.appgw.local" root_certs = { @@ -622,7 +623,7 @@ appgws = { path = "./files/ca-cert2.pem" } } - probe = "https2" + probe_key = "https2" } } probes = { @@ -704,60 +705,60 @@ appgws = { http = { name = "http-rule" priority = 1 - backend = "http" - listener = "http" - rewrite = "http" + backend_key = "http" + listener_key = "http" + rewrite_key = "http" } https1 = { name = "https1-rule" priority = 2 - backend = "https1" - listener = "https1" - rewrite = "https1" + backend_key = "https1" + listener_key = "https1" + rewrite_key = "https1" } https2 = { name = "https2-rule" priority = 3 - backend = "https2" - listener = "https2" - rewrite = "https2" + backend_key = "https2" + listener_key = "https2" + rewrite_key = "https2" } redirect_listener = { name = "redirect-listener-rule" priority = 4 - listener = "redirect_listener" - redirect = "redirect_listener" + listener_key = "redirect_listener" + redirect_key = "redirect_listener" } redirect_url = { name = "redirect-url-rule" priority = 5 - listener = "redirect_url" - redirect = "redirect_url" + listener_key = "redirect_url" + redirect_key = "redirect_url" } path_based_backend = { name = "path-based-backend-rule" priority = 6 - listener = "path_based_backend" - url_path_map = "path_based_backend" + listener_key = "path_based_backend" + url_path_map_key = "path_based_backend" } path_based_redirect_listener = { name = "path-redirect-listener-rule" priority = 7 - listener = "path_based_redirect_listener" - url_path_map = "path_based_redirect_listener" + listener_key = "path_based_redirect_listener" + url_path_map_key = "path_based_redirect_listener" } path_based_redirect_url = { name = "path-redirect-rul-rule" priority = 8 - listener = "path_based_redirect_url" - url_path_map = "path_based_redirect_url" + listener_key = "path_based_redirect_url" + url_path_map_key = "path_based_redirect_url" } } redirects = { redirect_listener = { name = "listener-redirect" type = "Permanent" - target_listener = "http" + target_listener_key = "http" include_path = true include_query_string = true } @@ -772,35 +773,35 @@ appgws = { url_path_maps = { path_based_backend = { name = "backend-map" - backend = "http" + backend_key = "http" path_rules = { http = { paths = ["/plaintext"] - backend = "http" + backend_key = "http" } https = { paths = ["/secure"] - backend = "https1" + backend_key = "https1" } } } path_based_redirect_listener = { name = "redirect-listener-map" - backend = "http" + backend_key = "http" path_rules = { http = { paths = ["/redirect"] - redirect = "redirect_listener" + redirect_key = "redirect_listener" } } } path_based_redirect_url = { name = "redirect-url-map" - backend = "http" + backend_key = "http" path_rules = { http = { paths = ["/redirect"] - redirect = "redirect_url" + redirect_key = "redirect_url" } } } diff --git a/modules/appgw/README.md b/modules/appgw/README.md index bd9580a..48c4b7a 100644 --- a/modules/appgw/README.md +++ b/modules/appgw/README.md @@ -8,7 +8,7 @@ In order to use module `appgw`, you need to deploy `azurerm_resource_group` and Then you can use below code as an example of calling module to create Application Gateway: ```hcl -# Create Application Gateay +# Create Application Gateway module "appgw" { source = "PaloAltoNetworks/swfw-modules/azurerm//modules/appgw" @@ -79,6 +79,13 @@ appgws = { port = 80 } } + backend_settings = { + minimum = { + name = "http-backend" + port = 80 + protocol = "Http" + } + } rewrites = { minimum = { name = "minimum-set" @@ -97,9 +104,9 @@ appgws = { minimum = { name = "minimum-rule" priority = 1 - backend = "minimum" - listener = "minimum" - rewrite = "minimum" + backend_key = "minimum" + listener_key = "minimum" + rewrite_key = "minimum" } } } @@ -129,13 +136,11 @@ appgws = { capacity = { static = 2 } - backends = { + backend_settings = { existing = { name = "http-backend" port = 80 protocol = "Http" - timeout = 60 - cookie_based_affinity = "Enabled" } } listeners = { @@ -162,9 +167,9 @@ appgws = { existing = { name = "existing-rule" priority = 1 - backend = "existing" - listener = "existing" - rewrite = "existing" + backend_key = "existing" + listener_key = "existing" + rewrite_key = "existing" } } } @@ -195,13 +200,11 @@ appgws = { max = 20 } } - backends = { + backend_settings = { http = { name = "http-backend" port = 80 protocol = "Http" - timeout = 60 - cookie_based_affinity = "Enabled" } } listeners = { @@ -214,8 +217,8 @@ appgws = { http = { name = "http-rule" priority = 1 - backend = "http" - listener = "http" + backend_key = "http" + listener_key = "http" } } } @@ -250,13 +253,11 @@ appgws = { rule_set_type = "OWASP" rule_set_version = "3.2" } - backends = { + backend_settings = { waf = { name = "waf-backend" port = 80 protocol = "Http" - timeout = 60 - cookie_based_affinity = "Enabled" } } listeners = { @@ -283,9 +284,9 @@ appgws = { minimum = { name = "waf-rule" priority = 1 - backend = "waf" - listener = "waf" - rewrite = "waf" + backend_key = "waf" + listener_key = "waf" + rewrite_key = "waf" } } } @@ -342,9 +343,9 @@ appgws = { capacity = { static = 2 } - ssl_global = { - ssl_policy_type = "Predefined" - ssl_policy_name = "AppGwSslPolicy20170401" + global_ssl_policy = { + type = "Predefined" + name = "AppGwSslPolicy20170401" } ssl_profiles = { profile1 = { @@ -360,7 +361,7 @@ appgws = { protocol = "Https" ssl_profile_name = "appgw-ssl-profile1" ssl_certificate_path = "./files/test1.pfx" - ssl_certificate_pass = "" + ssl_certificate_pass = "123abc" host_names = ["test1.appgw.local"] } https2 = { @@ -368,20 +369,20 @@ appgws = { port = 443 protocol = "Https" ssl_certificate_path = "./files/test2.pfx" - ssl_certificate_pass = "" + ssl_certificate_pass = "123abc" host_names = ["test2.appgw.local"] } } backend_pool = { name = "vmseries-pool" } - backends = { + backend_settings = { https1 = { name = "https1-settings" port = 481 protocol = "Https" timeout = 60 - cookie_based_affinity = "Enabled" + use_cookie_based_affinity = true hostname_from_backend = false hostname = "test1.appgw.local" root_certs = { @@ -396,7 +397,7 @@ appgws = { port = 482 protocol = "Https" timeout = 60 - cookie_based_affinity = "Enabled" + use_cookie_based_affinity = true hostname_from_backend = false hostname = "test2.appgw.local" root_certs = { @@ -453,16 +454,16 @@ appgws = { https1 = { name = "https1-rule" priority = 2 - backend = "https1" - listener = "https1" - rewrite = "https1" + backend_key = "https1" + listener_key = "https1" + rewrite_key = "https1" } https2 = { name = "https2-rule" priority = 3 - backend = "https2" - listener = "https2" - rewrite = "https2" + backend_key = "https2" + listener_key = "https2" + rewrite_key = "https2" } } } @@ -498,10 +499,10 @@ appgws = { capacity = { static = 2 } - ssl_global = { - ssl_policy_type = "Custom" - ssl_policy_min_protocol_version = "TLSv1_0" - ssl_policy_cipher_suites = ["TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + global_ssl_policy = { + type = "Custom" + min_protocol_version = "TLSv1_0" + cipher_suites = ["TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", @@ -583,21 +584,21 @@ appgws = { backend_pool = { name = "vmseries-pool" } - backends = { + backend_settings = { http = { name = "http-settings" port = 80 protocol = "Http" timeout = 60 - cookie_based_affinity = "Enabled" - probe = "http" + use_cookie_based_affinity = true + probe_key = "http" } https1 = { name = "https1-settings" port = 481 protocol = "Https" timeout = 60 - cookie_based_affinity = "Enabled" + use_cookie_based_affinity = true hostname_from_backend = false hostname = "test1.appgw.local" root_certs = { @@ -606,14 +607,14 @@ appgws = { path = "./files/ca-cert1.pem" } } - probe = "https1" + probe_key = "https1" } https2 = { name = "https2-settings" port = 482 protocol = "Https" timeout = 60 - cookie_based_affinity = "Enabled" + use_cookie_based_affinity = true hostname_from_backend = false hostname = "test2.appgw.local" root_certs = { @@ -622,7 +623,7 @@ appgws = { path = "./files/ca-cert2.pem" } } - probe = "https2" + probe_key = "https2" } } probes = { @@ -704,60 +705,60 @@ appgws = { http = { name = "http-rule" priority = 1 - backend = "http" - listener = "http" - rewrite = "http" + backend_key = "http" + listener_key = "http" + rewrite_key = "http" } https1 = { name = "https1-rule" priority = 2 - backend = "https1" - listener = "https1" - rewrite = "https1" + backend_key = "https1" + listener_key = "https1" + rewrite_key = "https1" } https2 = { name = "https2-rule" priority = 3 - backend = "https2" - listener = "https2" - rewrite = "https2" + backend_key = "https2" + listener_key = "https2" + rewrite_key = "https2" } redirect_listener = { name = "redirect-listener-rule" priority = 4 - listener = "redirect_listener" - redirect = "redirect_listener" + listener_key = "redirect_listener" + redirect_key = "redirect_listener" } redirect_url = { name = "redirect-url-rule" priority = 5 - listener = "redirect_url" - redirect = "redirect_url" + listener_key = "redirect_url" + redirect_key = "redirect_url" } path_based_backend = { name = "path-based-backend-rule" priority = 6 - listener = "path_based_backend" - url_path_map = "path_based_backend" + listener_key = "path_based_backend" + url_path_map_key = "path_based_backend" } path_based_redirect_listener = { name = "path-redirect-listener-rule" priority = 7 - listener = "path_based_redirect_listener" - url_path_map = "path_based_redirect_listener" + listener_key = "path_based_redirect_listener" + url_path_map_key = "path_based_redirect_listener" } path_based_redirect_url = { name = "path-redirect-rul-rule" priority = 8 - listener = "path_based_redirect_url" - url_path_map = "path_based_redirect_url" + listener_key = "path_based_redirect_url" + url_path_map_key = "path_based_redirect_url" } } redirects = { redirect_listener = { name = "listener-redirect" type = "Permanent" - target_listener = "http" + target_listener_key = "http" include_path = true include_query_string = true } @@ -772,35 +773,35 @@ appgws = { url_path_maps = { path_based_backend = { name = "backend-map" - backend = "http" + backend_key = "http" path_rules = { http = { paths = ["/plaintext"] - backend = "http" + backend_key = "http" } https = { paths = ["/secure"] - backend = "https1" + backend_key = "https1" } } } path_based_redirect_listener = { name = "redirect-listener-map" - backend = "http" + backend_key = "http" path_rules = { http = { paths = ["/redirect"] - redirect = "redirect_listener" + redirect_key = "redirect_listener" } } } path_based_redirect_url = { name = "redirect-url-map" - backend = "http" + backend_key = "http" path_rules = { http = { paths = ["/redirect"] - redirect = "redirect_url" + redirect_key = "redirect_url" } } } diff --git a/modules/gwlb/.header.md b/modules/gwlb/.header.md index 2e76393..345958c 100644 --- a/modules/gwlb/.header.md +++ b/modules/gwlb/.header.md @@ -15,11 +15,12 @@ In order to use GWLB, below minimal definition of Gateway Load Balancer can be u ```hcl gwlb = { - name = "vmseries-gwlb" - - frontend_ip = { - vnet_key = "security" - subnet_key = "data" + vmseries_gwlb = { + name = "vmseries-gwlb" + frontend_ip = { + vnet_key = "security" + subnet_key = "data" + } } } ``` @@ -33,7 +34,8 @@ For more customized requirements, below extended definition of GWLB can be appli - 2 backends are defined (external and internal) ```hcl - gwlb2 = { + gwlb = { + vmseries_gwlb = { name = "vmseries-gwlb2" zones = [] @@ -51,6 +53,7 @@ For more customized requirements, below extended definition of GWLB can be appli health_probe = { name = "custom-name-health-probe" port = 80 + protocol = "Tcp" } backends = { @@ -78,4 +81,5 @@ For more customized requirements, below extended definition of GWLB can be appli } } } +} ``` diff --git a/modules/gwlb/README.md b/modules/gwlb/README.md index 2344571..40aec2d 100644 --- a/modules/gwlb/README.md +++ b/modules/gwlb/README.md @@ -15,11 +15,12 @@ In order to use GWLB, below minimal definition of Gateway Load Balancer can be u ```hcl gwlb = { - name = "vmseries-gwlb" - - frontend_ip = { - vnet_key = "security" - subnet_key = "data" + vmseries_gwlb = { + name = "vmseries-gwlb" + frontend_ip = { + vnet_key = "security" + subnet_key = "data" + } } } ``` @@ -33,7 +34,8 @@ For more customized requirements, below extended definition of GWLB can be appli - 2 backends are defined (external and internal) ```hcl - gwlb2 = { + gwlb = { + vmseries_gwlb = { name = "vmseries-gwlb2" zones = [] @@ -51,6 +53,7 @@ For more customized requirements, below extended definition of GWLB can be appli health_probe = { name = "custom-name-health-probe" port = 80 + protocol = "Tcp" } backends = { @@ -78,6 +81,7 @@ For more customized requirements, below extended definition of GWLB can be appli } } } +} ``` ## Reference diff --git a/modules/loadbalancer/.header.md b/modules/loadbalancer/.header.md index bdb2a08..5c7705a 100644 --- a/modules/loadbalancer/.header.md +++ b/modules/loadbalancer/.header.md @@ -32,6 +32,7 @@ module "lbi" { name = "private-lb" region = "West Europe" resource_group_name = "existing-rg" + backend_name = "vmseries_backend" frontend_ips = { ha = { @@ -64,6 +65,7 @@ module "lbe" { name = "public-lb" region = "West Europe" resource_group_name = "existing-rg" + backend_name = "vmseries_backend" frontend_ips = { web = { @@ -74,7 +76,7 @@ module "lbe" { http = { name = "http" port = 80 - protocol = "TCP" + protocol = "Tcp" } } } diff --git a/modules/loadbalancer/README.md b/modules/loadbalancer/README.md index ea5744e..833caee 100644 --- a/modules/loadbalancer/README.md +++ b/modules/loadbalancer/README.md @@ -32,6 +32,7 @@ module "lbi" { name = "private-lb" region = "West Europe" resource_group_name = "existing-rg" + backend_name = "vmseries_backend" frontend_ips = { ha = { @@ -64,6 +65,7 @@ module "lbe" { name = "public-lb" region = "West Europe" resource_group_name = "existing-rg" + backend_name = "vmseries_backend" frontend_ips = { web = { @@ -74,7 +76,7 @@ module "lbe" { http = { name = "http" port = 80 - protocol = "TCP" + protocol = "Tcp" } } } diff --git a/modules/natgw/.header.md b/modules/natgw/.header.md index b811f98..6f07ea7 100644 --- a/modules/natgw/.header.md +++ b/modules/natgw/.header.md @@ -31,8 +31,8 @@ module "natgw" { name = "NATGW_name" resource_group_name = "resource_group_name" location = "region_name" - subnet_ids = { "a_subnet_name" = -module.vnet.subnet_ids["a_subnet_name"] } + subnet_ids = { "subnet_name" = "/subscription/xxxx/......." } + idle_timeout = 120 } ``` diff --git a/modules/natgw/README.md b/modules/natgw/README.md index ed03035..8fd71fd 100644 --- a/modules/natgw/README.md +++ b/modules/natgw/README.md @@ -30,8 +30,8 @@ module "natgw" { name = "NATGW_name" resource_group_name = "resource_group_name" location = "region_name" - subnet_ids = { "a_subnet_name" = -module.vnet.subnet_ids["a_subnet_name"] } + subnet_ids = { "subnet_name" = "/subscription/xxxx/......." } + idle_timeout = 120 } ``` diff --git a/modules/virtual_machine/.README.md b/modules/virtual_machine/.README.md index dd37aee..bbcd35b 100644 --- a/modules/virtual_machine/.README.md +++ b/modules/virtual_machine/.README.md @@ -11,7 +11,7 @@ You can easily control the linux flavour by passing `UbuntuServer`, `RHEL`, `ope module "vm" { source = "../../modules/virtual_machine" - location = "Australia East" + region = "Australia East" resource_group_name = azurerm_resource_group.this.name name = "linuxvm" vm_os_simple = "UbuntuServer" diff --git a/modules/virtual_network_gateway/.header.md b/modules/virtual_network_gateway/.header.md index c33dca2..a3a9dd0 100644 --- a/modules/virtual_network_gateway/.header.md +++ b/modules/virtual_network_gateway/.header.md @@ -15,14 +15,13 @@ module "vng" { for_each = var.virtual_network_gateways name = "${var.name_prefix}${each.value.name}" - location = var.region + region = var.region resource_group_name = local.resource_group.name - network = each.value.network - subnet_id = module.vnet[each.value.vnet_key].subnet_ids[each.value.subnet_key] + ip_configurations = each.value.ip_configurations + instance_settings = each.value.instance_settings + subnet_id = "/subscription/xxxx/......." - - virtual_network_gateway = each.value.virtual_network_gateway azure_bgp_peer_addresses = each.value.azure_bgp_peer_addresses bgp = each.value.bgp local_network_gateways = each.value.local_network_gateways @@ -38,7 +37,7 @@ Below there are provided sample values for `virtual_network_gateways` map: virtual_network_gateways = { expressroute = { name = "expressroute" - virtual_network_gateway = { + instance_settings = { type = "ExpressRoute" # vpn_type = "PolicyBased" sku = "Standard" @@ -46,20 +45,18 @@ virtual_network_gateways = { } vnet_key = "transit" subnet_key = "vpn" - network = { - public_ip_zones = ["1"] - ip_configurations = { - primary = { - create_public_ip = true - name = "primary" - public_ip_name = "expressroute_pip" - } + ip_configurations = { + primary = { + create_public_ip = true + name = "primary" + public_ip_name = "expressroute_pip" } } + } expressroute_policy_based = { name = "er_policy" - virtual_network_gateway = { + instance_settings = { type = "ExpressRoute" vpn_type = "PolicyBased" sku = "Standard" @@ -67,20 +64,18 @@ virtual_network_gateways = { } vnet_key = "er" subnet_key = "vpn" - network = { - public_ip_zones = ["1"] - ip_configurations = { - primary = { - create_public_ip = true - name = "primary" - public_ip_name = "er_policy_pip" - } + ip_configurations = { + primary = { + create_public_ip = true + name = "primary" + public_ip_name = "er_policy_pip" } } + } vpn_simple = { name = "simple-vpn" - virtual_network_gateway = { + instance_settings = { type = "Vpn" # vpn_type = "PolicyBased" sku = "VpnGw1" @@ -88,20 +83,18 @@ virtual_network_gateways = { } vnet_key = "er" subnet_key = "vpn" - network = { - public_ip_zones = [] - ip_configurations = { - primary = { - create_public_ip = true - name = "primary" - public_ip_name = "simple_vpn_pip" - } + ip_configurations = { + primary = { + create_public_ip = true + name = "primary" + public_ip_name = "simple_vpn_pip" } } + } "vng" = { name = "vng" - virtual_network_gateway = { + instance_settings = { type = "Vpn" sku = "VpnGw2AZ" generation = "Generation2" @@ -109,21 +102,19 @@ virtual_network_gateways = { } vnet_key = "transit" subnet_key = "vpn" - network = { - public_ip_zones = ["1", "2", "3"] - ip_configurations = { - primary = { - name = "primary" - create_public_ip = true - public_ip_name = "vng-primary-pip" - } - secondary = { - name = "secondary" - create_public_ip = true - public_ip_name = "vng-secondary-pip" - } + ip_configurations = { + primary = { + name = "primary" + create_public_ip = true + public_ip_name = "vng-primary-pip" + } + secondary = { + name = "secondary" + create_public_ip = true + public_ip_name = "vng-secondary-pip" } } + azure_bgp_peer_addresses = { one_primary = "169.254.21.2" one_secondary = "169.254.22.2" @@ -219,36 +210,31 @@ variable "virtual_network_gateways" { nullable = false type = map(object({ name = string - virtual_network_gateway = object({ + instance_settings = object({ type = optional(string) vpn_type = optional(string) sku = optional(string) active_active = optional(bool) generation = optional(string) - custom_routes = optional(map(list(string))) }) vnet_key = string subnet_key = string - network = object({ - public_ip_zones = optional(list(string)) - ip_configurations = object({ - primary = object({ - name = string - create_public_ip = optional(bool) - public_ip_name = string - private_ip_address_allocation = optional(string) - }) - secondary = optional(object({ - name = string - create_public_ip = optional(bool) - public_ip_name = string - private_ip_address_allocation = optional(string) - })) + + ip_configurations = object({ + primary = object({ + name = string + create_public_ip = optional(bool) + public_ip_name = string + private_ip_address_allocation = optional(string) }) - private_ip_address_enabled = optional(bool) - default_local_network_gateway_id = optional(string) - edge_zone = optional(string) + secondary = optional(object({ + name = string + create_public_ip = optional(bool) + public_ip_name = string + private_ip_address_allocation = optional(string) + })) }) + azure_bgp_peer_addresses = optional(map(string)) bgp = optional(object({ enable = optional(bool, false) diff --git a/modules/virtual_network_gateway/README.md b/modules/virtual_network_gateway/README.md index 20fe794..36de18c 100644 --- a/modules/virtual_network_gateway/README.md +++ b/modules/virtual_network_gateway/README.md @@ -15,13 +15,13 @@ module "vng" { for_each = var.virtual_network_gateways name = "${var.name_prefix}${each.value.name}" - location = var.region + region = var.region resource_group_name = local.resource_group.name - network = each.value.network - subnet_id = module.vnet[each.value.vnet_key].subnet_ids[each.value.subnet_key] + ip_configurations = each.value.ip_configurations + instance_settings = each.value.instance_settings + subnet_id = "/subscription/xxxx/......." - virtual_network_gateway = each.value.virtual_network_gateway azure_bgp_peer_addresses = each.value.azure_bgp_peer_addresses bgp = each.value.bgp local_network_gateways = each.value.local_network_gateways @@ -37,7 +37,7 @@ Below there are provided sample values for `virtual_network_gateways` map: virtual_network_gateways = { expressroute = { name = "expressroute" - virtual_network_gateway = { + instance_settings = { type = "ExpressRoute" # vpn_type = "PolicyBased" sku = "Standard" @@ -45,20 +45,18 @@ virtual_network_gateways = { } vnet_key = "transit" subnet_key = "vpn" - network = { - public_ip_zones = ["1"] - ip_configurations = { - primary = { - create_public_ip = true - name = "primary" - public_ip_name = "expressroute_pip" - } + ip_configurations = { + primary = { + create_public_ip = true + name = "primary" + public_ip_name = "expressroute_pip" } } + } expressroute_policy_based = { name = "er_policy" - virtual_network_gateway = { + instance_settings = { type = "ExpressRoute" vpn_type = "PolicyBased" sku = "Standard" @@ -66,20 +64,18 @@ virtual_network_gateways = { } vnet_key = "er" subnet_key = "vpn" - network = { - public_ip_zones = ["1"] - ip_configurations = { - primary = { - create_public_ip = true - name = "primary" - public_ip_name = "er_policy_pip" - } + ip_configurations = { + primary = { + create_public_ip = true + name = "primary" + public_ip_name = "er_policy_pip" } } + } vpn_simple = { name = "simple-vpn" - virtual_network_gateway = { + instance_settings = { type = "Vpn" # vpn_type = "PolicyBased" sku = "VpnGw1" @@ -87,20 +83,18 @@ virtual_network_gateways = { } vnet_key = "er" subnet_key = "vpn" - network = { - public_ip_zones = [] - ip_configurations = { - primary = { - create_public_ip = true - name = "primary" - public_ip_name = "simple_vpn_pip" - } + ip_configurations = { + primary = { + create_public_ip = true + name = "primary" + public_ip_name = "simple_vpn_pip" } } + } "vng" = { name = "vng" - virtual_network_gateway = { + instance_settings = { type = "Vpn" sku = "VpnGw2AZ" generation = "Generation2" @@ -108,21 +102,19 @@ virtual_network_gateways = { } vnet_key = "transit" subnet_key = "vpn" - network = { - public_ip_zones = ["1", "2", "3"] - ip_configurations = { - primary = { - name = "primary" - create_public_ip = true - public_ip_name = "vng-primary-pip" - } - secondary = { - name = "secondary" - create_public_ip = true - public_ip_name = "vng-secondary-pip" - } + ip_configurations = { + primary = { + name = "primary" + create_public_ip = true + public_ip_name = "vng-primary-pip" + } + secondary = { + name = "secondary" + create_public_ip = true + public_ip_name = "vng-secondary-pip" } } + azure_bgp_peer_addresses = { one_primary = "169.254.21.2" one_secondary = "169.254.22.2" @@ -218,36 +210,31 @@ variable "virtual_network_gateways" { nullable = false type = map(object({ name = string - virtual_network_gateway = object({ + instance_settings = object({ type = optional(string) vpn_type = optional(string) sku = optional(string) active_active = optional(bool) generation = optional(string) - custom_routes = optional(map(list(string))) }) vnet_key = string subnet_key = string - network = object({ - public_ip_zones = optional(list(string)) - ip_configurations = object({ - primary = object({ - name = string - create_public_ip = optional(bool) - public_ip_name = string - private_ip_address_allocation = optional(string) - }) - secondary = optional(object({ - name = string - create_public_ip = optional(bool) - public_ip_name = string - private_ip_address_allocation = optional(string) - })) + + ip_configurations = object({ + primary = object({ + name = string + create_public_ip = optional(bool) + public_ip_name = string + private_ip_address_allocation = optional(string) }) - private_ip_address_enabled = optional(bool) - default_local_network_gateway_id = optional(string) - edge_zone = optional(string) + secondary = optional(object({ + name = string + create_public_ip = optional(bool) + public_ip_name = string + private_ip_address_allocation = optional(string) + })) }) + azure_bgp_peer_addresses = optional(map(string)) bgp = optional(object({ enable = optional(bool, false) diff --git a/modules/vmss/.header.md b/modules/vmss/.header.md index 7ccb821..b4a7d19 100644 --- a/modules/vmss/.header.md +++ b/modules/vmss/.header.md @@ -66,15 +66,20 @@ module "vmss" { resource_group_name = "hub-rg" region = "West Europe" + image = { + version = "10.2.901" + publisher = "paloaltonetworks" + offer = "vmseries-flex" + sku = "byol" + } + authentication = { username = "panadmin" password = "c0mpl1c@t3d" - disable_password_authentication = true - } - vm_image_configuration = { - img_version = "10.2.4" + disable_password_authentication = false } - scale_set_configuration = {} + + interfaces = [ { name = "managmeent" diff --git a/modules/vmss/README.md b/modules/vmss/README.md index 9d3544b..327c613 100644 --- a/modules/vmss/README.md +++ b/modules/vmss/README.md @@ -66,15 +66,19 @@ module "vmss" { resource_group_name = "hub-rg" region = "West Europe" + image = { + version = "10.2.901" + publisher = "paloaltonetworks" + offer = "vmseries-flex" + sku = "byol" + } + authentication = { username = "panadmin" password = "c0mpl1c@t3d" - disable_password_authentication = true + disable_password_authentication = false } - vm_image_configuration = { - img_version = "10.2.4" - } - scale_set_configuration = {} + interfaces = [ { name = "managmeent" diff --git a/modules/vmss/versions.tf b/modules/vmss/versions.tf index dbd95b3..a01cef6 100644 --- a/modules/vmss/versions.tf +++ b/modules/vmss/versions.tf @@ -7,3 +7,4 @@ terraform { } } } + diff --git a/modules/vnet/.header.md b/modules/vnet/.header.md index 274c677..b374dfb 100644 --- a/modules/vnet/.header.md +++ b/modules/vnet/.header.md @@ -12,6 +12,7 @@ This module is designed to work in several *modes* depending on which variables name = "transit" resource_group_name = "existing-rg" address_space = ["10.0.0.0/25"] + region = "North Europe" network_security_groups = { inbound = { name = "inbound-nsg" @@ -35,42 +36,53 @@ This module is designed to work in several *modes* depending on which variables name = "default-rt" routes = { "default" = { - name = "default-udr" - address_prefix = "0.0.0.0/0" - next_hop_type = "VirtualAppliance" - next_hop_in_ip_address = "5.6.7.8" + name = "default-udr" + address_prefix = "0.0.0.0/0" + next_hop_type = "VirtualAppliance" + next_hop_ip_address = "5.6.7.8" } } } } subnets = { "subnet" = { - name = "snet" - address_prefixes = ["10.0.0.0/28"] - network_security_group = "inbound" - route_table = "default" + name = "snet" + address_prefixes = ["10.0.0.0/28"] + network_security_group_key = "inbound" + route_table_key = "default" } } ``` -- source a VNET but create Subnets, NSGs and Route Tables. This is a similar example to the above one, NSG and Route Table are empty this time: +- source a VNET but create Subnets, NSGs and Route Tables. This is a similar example to the above one, NSG is empty this time: ```hcl create_virtual_network = false name = "existing-vnet" resource_group_name = "existing-rg" + region = "North Europe" network_security_groups = { inbound = { name = "inbound-nsg" } } route_tables = { - default = { name = "default-rt" } + default = { + name = "default-rt" + routes = { + "default" = { + name = "default-udr" + address_prefix = "0.0.0.0/0" + next_hop_type = "VirtualAppliance" + next_hop_ip_address = "5.6.7.8" + } + } + } } subnets = { "subnet" = { - name = "snet" - address_prefixes = ["10.0.0.0/28"] - network_security_group = "inbound" - route_table = "default" + name = "snet" + address_prefixes = ["10.0.0.0/28"] + network_security_group_key = "inbound" + route_table_key = "default" } } ``` @@ -81,6 +93,7 @@ This module is designed to work in several *modes* depending on which variables create_virtual_network = false name = "existing-vnet" resource_group_name = "existing-rg" + region = "North Europe" network_security_groups = { inbound = { name = "inbound-nsg" @@ -104,10 +117,10 @@ This module is designed to work in several *modes* depending on which variables name = "default-rt" routes = { "default" = { - name = "default-udr" - address_prefix = "0.0.0.0/0" - next_hop_type = "VirtualAppliance" - next_hop_in_ip_address = "5.6.7.8" + name = "default-udr" + address_prefix = "0.0.0.0/0" + next_hop_type = "VirtualAppliance" + next_hop_ip_address = "5.6.7.8" } } } @@ -115,9 +128,9 @@ This module is designed to work in several *modes* depending on which variables create_subnets = false subnets = { "subnet" = { - name = "snet" - network_security_group = "inbound" - route_table = "default" + name = "snet" + network_security_group_key = "inbound" + route_table_key = "default" } } ``` diff --git a/modules/vnet/README.md b/modules/vnet/README.md index b2c427d..e65e76f 100644 --- a/modules/vnet/README.md +++ b/modules/vnet/README.md @@ -11,6 +11,7 @@ This module is designed to work in several *modes* depending on which variables name = "transit" resource_group_name = "existing-rg" address_space = ["10.0.0.0/25"] + region = "North Europe" network_security_groups = { inbound = { name = "inbound-nsg" @@ -34,42 +35,53 @@ This module is designed to work in several *modes* depending on which variables name = "default-rt" routes = { "default" = { - name = "default-udr" - address_prefix = "0.0.0.0/0" - next_hop_type = "VirtualAppliance" - next_hop_in_ip_address = "5.6.7.8" + name = "default-udr" + address_prefix = "0.0.0.0/0" + next_hop_type = "VirtualAppliance" + next_hop_ip_address = "5.6.7.8" } } } } subnets = { "subnet" = { - name = "snet" - address_prefixes = ["10.0.0.0/28"] - network_security_group = "inbound" - route_table = "default" + name = "snet" + address_prefixes = ["10.0.0.0/28"] + network_security_group_key = "inbound" + route_table_key = "default" } } ``` -- source a VNET but create Subnets, NSGs and Route Tables. This is a similar example to the above one, NSG and Route Table are empty this time: +- source a VNET but create Subnets, NSGs and Route Tables. This is a similar example to the above one, NSG is empty this time: ```hcl create_virtual_network = false name = "existing-vnet" resource_group_name = "existing-rg" + region = "North Europe" network_security_groups = { inbound = { name = "inbound-nsg" } } route_tables = { - default = { name = "default-rt" } + default = { + name = "default-rt" + routes = { + "default" = { + name = "default-udr" + address_prefix = "0.0.0.0/0" + next_hop_type = "VirtualAppliance" + next_hop_ip_address = "5.6.7.8" + } + } + } } subnets = { "subnet" = { - name = "snet" - address_prefixes = ["10.0.0.0/28"] - network_security_group = "inbound" - route_table = "default" + name = "snet" + address_prefixes = ["10.0.0.0/28"] + network_security_group_key = "inbound" + route_table_key = "default" } } ``` @@ -80,6 +92,7 @@ This module is designed to work in several *modes* depending on which variables create_virtual_network = false name = "existing-vnet" resource_group_name = "existing-rg" + region = "North Europe" network_security_groups = { inbound = { name = "inbound-nsg" @@ -103,10 +116,10 @@ This module is designed to work in several *modes* depending on which variables name = "default-rt" routes = { "default" = { - name = "default-udr" - address_prefix = "0.0.0.0/0" - next_hop_type = "VirtualAppliance" - next_hop_in_ip_address = "5.6.7.8" + name = "default-udr" + address_prefix = "0.0.0.0/0" + next_hop_type = "VirtualAppliance" + next_hop_ip_address = "5.6.7.8" } } } @@ -114,9 +127,9 @@ This module is designed to work in several *modes* depending on which variables create_subnets = false subnets = { "subnet" = { - name = "snet" - network_security_group = "inbound" - route_table = "default" + name = "snet" + network_security_group_key = "inbound" + route_table_key = "default" } } ```