diff --git a/modules/high_availability_existing_vnet/README.md b/modules/high_availability_existing_vnet/README.md
index 81538f3..ff6fcda 100755
--- a/modules/high_availability_existing_vnet/README.md
+++ b/modules/high_availability_existing_vnet/README.md
@@ -23,7 +23,7 @@ provider "azurerm" {
module "example_module" {
source = "CheckPointSW/cloudguard-network-security/azure//modules/high_availability_existing_vnet"
- version = "1.0.4"
+ version = "1.0.5"
tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
source_image_vhd_uri = "noCustomUri"
diff --git a/modules/high_availability_new_vnet/README.md b/modules/high_availability_new_vnet/README.md
index fcbea2c..684e9c5 100755
--- a/modules/high_availability_new_vnet/README.md
+++ b/modules/high_availability_new_vnet/README.md
@@ -29,7 +29,7 @@ provider "azurerm" {
module "example_module" {
source = "CheckPointSW/cloudguard-network-security/azure//modules/high_availability_new_vnet"
- version = "1.0.4"
+ version = "1.0.5"
tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
source_image_vhd_uri = "noCustomUri"
diff --git a/modules/management_existing_vnet/README.md b/modules/management_existing_vnet/README.md
index bf7548f..c23f0c4 100755
--- a/modules/management_existing_vnet/README.md
+++ b/modules/management_existing_vnet/README.md
@@ -24,7 +24,7 @@ provider "azurerm" {
module "example_module" {
source = "CheckPointSW/cloudguard-network-security/azure//modules/management_existing_vnet"
- version = "1.0.4"
+ version = "1.0.5"
source_image_vhd_uri = "noCustomUri"
resource_group_name = "checkpoint-mgmt-terraform"
diff --git a/modules/management_new_vnet/README.md b/modules/management_new_vnet/README.md
index b5eab0d..69b4f81 100755
--- a/modules/management_new_vnet/README.md
+++ b/modules/management_new_vnet/README.md
@@ -26,7 +26,8 @@ provider "azurerm" {
module "example_module" {
source = "CheckPointSW/cloudguard-network-security/azure//modules/management_new_vnet"
- version = "1.0.4"
+ version = "1.0.5"
+
source_image_vhd_uri = "noCustomUri"
resource_group_name = "checkpoint-mgmt-terraform"
mgmt_name = "checkpoint-mgmt-terraform"
diff --git a/modules/mds_existing_vnet/README.md b/modules/mds_existing_vnet/README.md
index dd6130e..bbd08ff 100755
--- a/modules/mds_existing_vnet/README.md
+++ b/modules/mds_existing_vnet/README.md
@@ -23,7 +23,7 @@ provider "azurerm" {
module "example_module" {
source = "CheckPointSW/cloudguard-network-security/azure//modules/mds_existing_vnet"
- version = "1.0.4"
+ version = "1.0.5"
source_image_vhd_uri = "noCustomUri"
resource_group_name = "checkpoint-mds-rg-terraform"
diff --git a/modules/mds_new_vnet/README.md b/modules/mds_new_vnet/README.md
index d33e471..b9fc739 100755
--- a/modules/mds_new_vnet/README.md
+++ b/modules/mds_new_vnet/README.md
@@ -26,7 +26,7 @@ provider "azurerm" {
module "example_module" {
source = "CheckPointSW/cloudguard-network-security/azure//modules/mds_new_vnet"
- version = "1.0.4"
+ version = "1.0.5"
source_image_vhd_uri = "noCustomUri"
diff --git a/modules/nva_into_existing_hub/README.md b/modules/nva_into_existing_hub/README.md
index 77c26d6..7ac491f 100755
--- a/modules/nva_into_existing_hub/README.md
+++ b/modules/nva_into_existing_hub/README.md
@@ -22,7 +22,7 @@ provider "azurerm" {
module "example_module" {
source = "CheckPointSW/cloudguard-network-security/azure//modules/nva_into_existing_hub"
- version = "1.0.4"
+ version = "1.0.5"
authentication_method = "Service Principal"
client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
diff --git a/modules/nva_into_new_vwan/README.md b/modules/nva_into_new_vwan/README.md
index 736aa2a..4997749 100755
--- a/modules/nva_into_new_vwan/README.md
+++ b/modules/nva_into_new_vwan/README.md
@@ -24,7 +24,7 @@ provider "azurerm" {
module "example_module" {
source = "CheckPointSW/cloudguard-network-security/azure//modules/nva_into_new_vwan"
- version = "1.0.4"
+ version = "1.0.5"
authentication_method = "Service Principal"
client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
diff --git a/modules/single_gateway_existing_vnet/README.md b/modules/single_gateway_existing_vnet/README.md
index 286c527..64ba5e6 100755
--- a/modules/single_gateway_existing_vnet/README.md
+++ b/modules/single_gateway_existing_vnet/README.md
@@ -23,7 +23,7 @@ provider "azurerm" {
module "example_module" {
source = "CheckPointSW/cloudguard-network-security/azure//modules/single_gateway_existing_vnet"
- version = "1.0.4"
+ version = "1.0.5"
source_image_vhd_uri = "noCustomUri"
resource_group_name = "checkpoint-single-gw-terraform"
diff --git a/modules/single_gateway_new_vnet/README.md b/modules/single_gateway_new_vnet/README.md
index 6b8e149..bc34f48 100755
--- a/modules/single_gateway_new_vnet/README.md
+++ b/modules/single_gateway_new_vnet/README.md
@@ -25,7 +25,7 @@ provider "azurerm" {
module "example_module" {
source = "CheckPointSW/cloudguard-network-security/azure//modules/single_gateway_new_vnet"
- version = "1.0.4"
+ version = "1.0.5"
source_image_vhd_uri = "noCustomUri"
resource_group_name = "checkpoint-single-gw-terraform"
diff --git a/modules/vmss_existing_vnet/README.md b/modules/vmss_existing_vnet/README.md
index 6f05587..51987a5 100755
--- a/modules/vmss_existing_vnet/README.md
+++ b/modules/vmss_existing_vnet/README.md
@@ -24,7 +24,7 @@ provider "azurerm" {
module "example_module" {
source = "CheckPointSW/cloudguard-network-security/azure//modules/vmss_existing_vnet"
- version = "1.0.4"
+ version = "1.0.5"
subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
source_image_vhd_uri = "noCustomUri"
@@ -59,6 +59,9 @@ module "example_module" {
backend_load_distribution = "Default"
enable_custom_metrics = true
enable_floating_ip = false
+ use_public_ip_prefix = false
+ create_public_ip_prefix = false
+ existing_public_ip_prefix_id = ""
deployment_mode = "Standard"
admin_shell = "/etc/cli.sh"
serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
@@ -79,6 +82,17 @@ module "example_module" {
```
enable_custom_metrics = true
```
+- To create new public IP prefix for the public IP:
+ ```
+ use_public_ip_prefix = true
+ create_public_ip_prefix = true
+ ```
+- To use an existing public IP prefix for the public IP:
+ ```
+ use_public_ip_prefix = true
+ create_public_ip_prefix = false
+ existing_public_ip_prefix_id = "public IP prefix resource id"
+ ```
### Module's variables:
@@ -119,6 +133,9 @@ module "example_module" {
| **notification_email** | An email address to notify about scaling operations | string | Leave empty double quotes or enter a valid email address. |
| **enable_custom_metrics** | Indicates whether Custom Metrics will be used for VMSS Scaling policy and VM monitoring | boolean | true;
false.
**Default:** true |
| **enable_floating_ip** | Indicates whether the load balancers will be deployed with floating IP | boolean | true;
false.
**Default:** false |
+| **use_public_ip_prefix** | Indicates whether the public IP resources will be deployed with public IP prefix. | boolean | true;
false;
**Default:** false |
+| **create_public_ip_prefix** | Indicates whether the public IP prefix will be created or an existing one will be used. | boolean | true;
false;
**Default:** false |
+| **existing_public_ip_prefix_id** | The existing public IP prefix resource ID. | string | Existing public IP prefix resource ID
**Default:** "" |
| **deployment_mode** | Indicates which load balancer need to be deployed. External + Internal(Standard), only External, only Internal | string | Standard;
External;
Internal.
**Default:** "Standard" |
| **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh.
**Default:** "/etc/cli.sh" |
| **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type, to generate password hash use the command 'openssl passwd -6 PASSWORD' on Linux and paste it here | string | |
diff --git a/modules/vmss_existing_vnet/main.tf b/modules/vmss_existing_vnet/main.tf
index 4a7352f..14dac00 100755
--- a/modules/vmss_existing_vnet/main.tf
+++ b/modules/vmss_existing_vnet/main.tf
@@ -52,6 +52,14 @@ resource "random_id" "random_id" {
}
}
+resource "azurerm_public_ip_prefix" "public_ip_prefix" {
+ count = var.use_public_ip_prefix && var.create_public_ip_prefix ? 1 : 0
+ name = "${module.common.resource_group_name}-ipprefix"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ prefix_length = 30
+}
+
resource "azurerm_public_ip" "public-ip-lb" {
count = var.deployment_mode != "Internal" ? 1 : 0
name = "${var.vmss_name}-app-1"
@@ -60,6 +68,7 @@ resource "azurerm_public_ip" "public-ip-lb" {
allocation_method = var.vnet_allocation_method
sku = var.sku
domain_name_label = "${lower(var.vmss_name)}-${random_id.random_id.hex}"
+ public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
}
resource "azurerm_lb" "frontend-lb" {
diff --git a/modules/vmss_existing_vnet/variables.tf b/modules/vmss_existing_vnet/variables.tf
index 7192af1..7330cd3 100755
--- a/modules/vmss_existing_vnet/variables.tf
+++ b/modules/vmss_existing_vnet/variables.tf
@@ -368,6 +368,24 @@ variable "enable_floating_ip" {
default = false
}
+variable "use_public_ip_prefix" {
+ description = "Indicates whether the public IP resources will be deployed with public IP prefix."
+ type = bool
+ default = false
+}
+
+variable "create_public_ip_prefix" {
+ description = "Indicates whether the public IP prefix will created or an existing will be used."
+ type = bool
+ default = false
+}
+
+variable "existing_public_ip_prefix_id" {
+ description = "The existing public IP prefix resource id."
+ type = string
+ default = ""
+}
+
variable "nsg_id" {
description = "NSG ID - Optional - if empty use default NSG"
default = ""
diff --git a/modules/vmss_new_vnet/README.md b/modules/vmss_new_vnet/README.md
index 6a23897..8666171 100755
--- a/modules/vmss_new_vnet/README.md
+++ b/modules/vmss_new_vnet/README.md
@@ -29,7 +29,7 @@ provider "azurerm" {
module "example_module" {
source = "CheckPointSW/cloudguard-network-security/azure//modules/vmss_new_vnet"
- version = "1.0.4"
+ version = "1.0.5"
subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
source_image_vhd_uri = "noCustomUri"
@@ -63,6 +63,9 @@ module "example_module" {
backend_load_distribution = "Default"
enable_custom_metrics = true
enable_floating_ip = false
+ use_public_ip_prefix = false
+ create_public_ip_prefix = false
+ existing_public_ip_prefix_id = ""
deployment_mode = "Standard"
admin_shell = "/etc/cli.sh"
serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
@@ -78,6 +81,17 @@ module "example_module" {
```
enable_custom_metrics = true
```
+- To create new public IP prefix for the public IP:
+ ```
+ use_public_ip_prefix = true
+ create_public_ip_prefix = true
+ ```
+- To use an existing public IP prefix for the public IP:
+ ```
+ use_public_ip_prefix = true
+ create_public_ip_prefix = false
+ existing_public_ip_prefix_id = "public IP prefix resource id"
+ ```
## Deploy Without Public IP
@@ -118,6 +132,9 @@ module "example_module" {
| **notification_email** | An email address to notify about scaling operations | string | Leave empty double quotes or enter a valid email address
|
| **enable_custom_metrics** | Indicates whether Custom Metrics will be used for VMSS Scaling policy and VM monitoring | boolean | true;
false;
|
| **enable_floating_ip** | Indicates whether the load balancers will be deployed with floating IP | boolean | true;
false;
|
+| **use_public_ip_prefix** | Indicates whether the public IP resources will be deployed with public IP prefix. | boolean | true;
false;
**Default:** false |
+| **create_public_ip_prefix** | Indicates whether the public IP prefix will be created or an existing one will be used. | boolean | true;
false;
**Default:** false |
+| **existing_public_ip_prefix_id** | The existing public IP prefix resource ID. | string | Existing public IP prefix resource ID
**Default:** "" |
| **deployment_mode** | Indicates which load balancer needs to be deployed. External + Internal (Standard), only External, only Internal | string | Standard;
External;
Internal;
**Default:** "Standard" |
| **admin_shell** | Enables selecting different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh;
**Default:** "/etc/cli.sh" |
| **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type | string | |
diff --git a/modules/vmss_new_vnet/main.tf b/modules/vmss_new_vnet/main.tf
index d365acc..76b226a 100755
--- a/modules/vmss_new_vnet/main.tf
+++ b/modules/vmss_new_vnet/main.tf
@@ -49,6 +49,14 @@ resource "random_id" "random_id" {
}
}
+resource "azurerm_public_ip_prefix" "public_ip_prefix" {
+ count = var.use_public_ip_prefix && var.create_public_ip_prefix ? 1 : 0
+ name = "${module.common.resource_group_name}-ipprefix"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ prefix_length = 30
+}
+
resource "azurerm_public_ip" "public-ip-lb" {
count = var.deployment_mode != "Internal" ? 1 : 0
name = "${var.vmss_name}-app-1"
@@ -57,6 +65,7 @@ resource "azurerm_public_ip" "public-ip-lb" {
allocation_method = module.vnet.allocation_method
sku = var.sku
domain_name_label = "${lower(var.vmss_name)}-${random_id.random_id.hex}"
+ public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
}
resource "azurerm_lb" "frontend-lb" {
diff --git a/modules/vmss_new_vnet/variables.tf b/modules/vmss_new_vnet/variables.tf
index 1ecda9d..d4277c8 100755
--- a/modules/vmss_new_vnet/variables.tf
+++ b/modules/vmss_new_vnet/variables.tf
@@ -357,6 +357,24 @@ variable "enable_floating_ip" {
default = false
}
+variable "use_public_ip_prefix" {
+ description = "Indicates whether the public IP resources will be deployed with public IP prefix."
+ type = bool
+ default = false
+}
+
+variable "create_public_ip_prefix" {
+ description = "Indicates whether the public IP prefix will created or an existing will be used."
+ type = bool
+ default = false
+}
+
+variable "existing_public_ip_prefix_id" {
+ description = "The existing public IP prefix resource id."
+ type = string
+ default = ""
+}
+
variable "subscription_id" {
description = "Subscription ID"
type = string