-
Notifications
You must be signed in to change notification settings - Fork 82
/
Copy pathvariables.virtualnetwork.tf
125 lines (94 loc) · 7.16 KB
/
variables.virtualnetwork.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
variable "virtual_network_enabled" {
description = "Enables and disables the virtual network submodule."
type = bool
default = false
}
variable "virtual_networks" {
type = map(object({
name = string
address_space = list(string)
resource_group_name = string
location = optional(string, "")
dns_servers = optional(list(string), [])
ddos_protection_enabled = optional(bool, false)
ddos_protection_plan_id = optional(string, "")
hub_network_resource_id = optional(string, "")
hub_peering_enabled = optional(bool, false)
hub_peering_direction = optional(string, "both")
hub_peering_name_tohub = optional(string, "")
hub_peering_name_fromhub = optional(string, "")
hub_peering_use_remote_gateways = optional(bool, true)
mesh_peering_enabled = optional(bool, false)
mesh_peering_allow_forwarded_traffic = optional(bool, false)
resource_group_creation_enabled = optional(bool, true)
resource_group_lock_enabled = optional(bool, true)
resource_group_lock_name = optional(string, "")
resource_group_tags = optional(map(string), {})
vwan_associated_routetable_resource_id = optional(string, "")
vwan_connection_enabled = optional(bool, false)
vwan_connection_name = optional(string, "")
vwan_hub_resource_id = optional(string, "")
vwan_propagated_routetables_labels = optional(list(string), [])
vwan_propagated_routetables_resource_ids = optional(list(string), [])
vwan_security_configuration = optional(object({
secure_internet_traffic = optional(bool, false)
secure_private_traffic = optional(bool, false)
routing_intent_enabled = optional(bool, false)
}), {})
tags = optional(map(string), {})
}))
description = <<DESCRIPTION
A map of the virtual networks to create. The map key must be known at the plan stage, e.g. must not be calculated and known only after apply.
### Required fields
- `name`: The name of the virtual network. [required]
- `address_space`: The address space of the virtual network as a list of strings in CIDR format, e.g. `["192.168.0.0/24", "10.0.0.0/24"]`. [required]
- `resource_group_name`: The name of the resource group to create the virtual network in. [required]
### DNS servers
- `dns_servers`: A list of DNS servers to use for the virtual network, e.g. `["192.168.0.1", "10.0.0.1"]`. If empty will use the Azure default DNS. [optional - default empty list]
### DDOS protection plan
- `ddos_protection_enabled`: Whether to enable ddos protection. [optional]
- `ddos_protection_plan_id`: The resource ID of the protection plan to attach the vnet. [optional - but required if ddos_protection_enabled is `true`]
### Location
- `location`: The location of the virtual network (and resource group if creation is enabled). [optional, will use `var.location` if not specified or empty string]
> Note at least one of `location` or `var.location` must be specified.
> If both are empty then the module will fail.
### Hub network peering values
The following values configure bi-directional hub & spoke peering for the given virtual network.
- `hub_peering_enabled`: Whether to enable hub peering. [optional]
- `hub_peering_direction`: The direction of the peering. [optional - allowed values are: `tohub`, `fromhub` or `both` - default `both`]
- `hub_network_resource_id`: The resource ID of the hub network to peer with. [optional - but required if hub_peering_enabled is `true`]
- `hub_peering_name_tohub`: The name of the peering to the hub network. [optional - leave empty to use calculated name]
- `hub_peering_name_fromhub`: The name of the peering from the hub network. [optional - leave empty to use calculated name]
- `hub_peering_use_remote_gateways`: Whether to use remote gateways for the hub peering. [optional - default true]
### Mesh peering values
Mesh peering is the capability to create a bi-directional peerings between all supplied virtual networks in `var.virtual_networks`.
Peerings will only be created between virtual networks with the `mesh_peering_enabled` value set to `true`.
- `mesh_peering_enabled`: Whether to enable mesh peering for this virtual network. Must be enabled on more than one virtual network for any peerings to be created. [optional]
- `mesh_peering_allow_forwarded_traffic`: Whether to allow forwarded traffic for the mesh peering. [optional - default false]
### Resource group values
The default is that a resource group will be created for each resource_group_name specified in the `var.virtual_networks` map.
It is possible to use a pre-existing resource group by setting `resource_group_creation_enabled` to `false`.
We recommend using resource groups aligned to the region of the virtual network,
however if you want multiple virtual networks in more than one location to share a resource group,
only one of the virtual networks should have `resource_group_creation_enabled` set to `true`.
- `resource_group_creation_enabled`: Whether to create a resource group for the virtual network. [optional - default `true`]
- `resource_group_lock_enabled`: Whether to create a `CanNotDelete` resource lock on the resource group. [optional - default `true`]
- `resource_group_lock_name`: The name of the resource lock. [optional - leave empty to use calculated name]
- `resource_group_tags`: A map of tags to apply to the resource group, e.g. `{ mytag = "myvalue", mytag2 = "myvalue2" }`. [optional - default empty]
### Virtual WAN values
- `vwan_associated_routetable_resource_id`: The resource ID of the route table to associate with the virtual network. [optional - leave empty to use `defaultRouteTable` on hub]
- `vwan_connection_enabled`: Whether to create a connection to a Virtual WAN. [optional - default false]
- `vwan_connection_name`: The name of the connection to the Virtual WAN. [optional - leave empty to use calculated name]
- `vwan_hub_resource_id`: The resource ID of the hub to connect to. [optional - but required if vwan_connection_enabled is `true`]
- `vwan_propagated_routetables_labels`: A list of labels of route tables to propagate to the virtual network. [optional - leave empty to use `["default"]`]
- `vwan_propagated_routetables_resource_ids`: A list of resource IDs of route tables to propagate to the virtual network. [optional - leave empty to use `defaultRouteTable` on hub]
- `vwan_security_configuration`: A map of security configuration values for VWAN hub connection - see below. [optional - default empty]
- `secure_internet_traffic`: Whether to forward internet-bound traffic to the destination specified in the routing policy. [optional - default `false`]
- `secure_private_traffic`: Whether to all internal traffic to the destination specified in the routing policy. Not compatible with `routing_intent_enabled`. [optional - default `false`]
- `routing_intent_enabled`: Enable to use with a Virtual WAN hub with routing intent enabled. Routing intent on hub is configured outside this module. [optional - default `false`]
### Tags
- `tags`: A map of tags to apply to the virtual network. [optional - default empty]
DESCRIPTION
nullable = false
default = {}
}