terraform-azurerm-networking

This Terraform module deploys a Virtual Network in Azure and some optional associated resources including:

• One or more Subnets.
• One NAT Gateway.
• One Bastion Host.
• One Network Security Group and NSG Rules.
• One Route Table and Routes.
• One or more VNET Peerings.

You can choose to make use of the associated resource (NSG, Nat Gateway or Route Table) deployed by the module or make use of an external one by using the keyword "module" instead of the resource ID.

Please check the "examples" directory for more information.

Requirements

Name	Version
terraform	>= 1.3.1
azurerm	>= 3.25.0, < 4.0

Providers

Name	Version
azurerm	>= 3.25.0, < 4.0

Modules

No modules.

Resources

Name	Type
azurerm_bastion_host.bastion	resource
azurerm_nat_gateway.nat_gateway	resource
azurerm_nat_gateway_public_ip_association.nat_gateway_public_ip_association	resource
azurerm_nat_gateway_public_ip_prefix_association.nat_gateway_public_ip_prefix_association	resource
azurerm_network_security_group.network_security_group	resource
azurerm_network_security_rule.network_security_rule	resource
azurerm_public_ip.bastion-ip	resource
azurerm_public_ip.public_ip	resource
azurerm_public_ip_prefix.public_ip_prefix	resource
azurerm_route.route	resource
azurerm_route_table.route_table	resource
azurerm_subnet.AzureBastionSubnet	resource
azurerm_subnet.subnet	resource
azurerm_subnet_nat_gateway_association.external_nat_gateway_association	resource
azurerm_subnet_nat_gateway_association.module_nat_gateway_association	resource
azurerm_subnet_network_security_group_association.external_network_security_group_association	resource
azurerm_subnet_network_security_group_association.module_network_security_group_association	resource
azurerm_subnet_route_table_association.external_route_table_association	resource
azurerm_subnet_route_table_association.module_route_table_association	resource
azurerm_virtual_network.virtual_network	resource
azurerm_virtual_network_peering.peering	resource

Inputs

Name	Description	Type	Default	Required
bastion	Bastion to be attached to the vnet and its options, if not null a new Azure Bastion plus a Bastion Subnet will be created.	object({ AzureBastionSubnet = string name = optional(string) public_ip_name = optional(string) sku = optional(string, "Basic") copy_paste_enabled = optional(bool, true) file_copy_enabled = optional(bool, false) ip_connect_enabled = optional(bool, false) scale_units = optional(number, 2) shareable_link_enabled = optional(bool, false) tunneling_enabled = optional(bool, false) tags = optional(map(string), null) })	null	no
location	The location/region where all resources will be created. Changing this forces a new resource to be created.	string	n/a	yes
nat_gateway	Map of azurerm_nat_gateway options, if not null a new azurerm_nat_gateway will be created	object({ name = optional(string) idle_timeout_in_minutes = optional(number, 4) sku_name = optional(string, "Standard") zones = optional(list(string), null) tags = optional(map(string), null) public_ip = optional(number) public_ip_prefix = optional(map(number)) })	null	no
network_security_group	Map of azurerm_network_security_group options, if not null a new azurerm_network_security_group will be created	object({ name = optional(string) tags = optional(map(string), null) rules = optional(list(object({ access = string direction = string name = string priority = number protocol = string description = optional(string, null) destination_address_prefix = optional(string, null) destination_address_prefixes = optional(list(string)) destination_application_security_group_ids = optional(list(string)) destination_port_range = optional(string, null) destination_port_ranges = optional(list(string)) source_address_prefix = optional(string, "*") source_address_prefixes = optional(list(string), null) source_application_security_group_ids = optional(list(string), null) source_port_range = optional(string, null) source_port_ranges = optional(list(string), null) })), null) })	null	no
peerings	Map of peerings, the key is the name of the peering	map(object({ remote_virtual_network_id = string allow_virtual_network_access = optional(bool, true) allow_forwarded_traffic = optional(bool, false) //This one is true by default in Azure Portal but false in azurerm, not nice. allow_gateway_transit = optional(bool, false) use_remote_gateways = optional(bool, false) }))	null	no
resource_group_name	The name of the resource group in which to create the virtual network. This module will NOT create a resource group.	string	n/a	yes
route_table	Map of azurerm_route_table options, if not null a new azurerm_route_table will be created	object({ name = optional(string) disable_bgp_route_propagation = optional(bool, false) routes = optional(map(map(string))) tags = optional(map(string), null) })	null	no
subnet_delegations_actions	Unfortunately this variable has to be kept updated with the output of `az network vnet subnet list-available-delegations --location westeurope	jq 'to_entries	map( {(.value.serviceName) : .value.actions } )	add'` Reason hashicorp/terraform-provider-azurerm#5975
subnets	Map defining the subnets to be deployed, the key is the name of the subnet while the value is a list of address spaces	map(object({ address_prefixes = list(string) delegation = optional(string, "") service_endpoints = optional(list(string), []) service_endpoint_policy_ids = optional(list(string), null) private_endpoint_network_policies_enabled = optional(bool, true) private_link_service_network_policies_enabled = optional(bool, true) nat_gateway = optional(string, null) route_table = optional(string, null) network_security_group = optional(string, null) }))	n/a	yes
virtual_network_address_space	The address space used by the virtual network.	list(string)	n/a	yes
virtual_network_bgp_community	The BGP community attribute in format :.	string	null	no
virtual_network_ddos_protection_plan	Service that provides DDoS mitigation, requires the ID of the plan	string	null	no
virtual_network_dns_servers	List of IP addresses of DNS servers	list(string)	[]	no
virtual_network_edge_zone	Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created.	string	null	no
virtual_network_flow_timeout_in_minutes	The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes.	number	null	no
virtual_network_name	The name of the virtual network. Changing this forces a new resource to be created.	string	n/a	yes
virtual_network_tags	Map of tags that will be applied to the virtual network resource	map(string)	null	no

Outputs

Name	Description
nat_gateway_id	Outputs the ID for azurerm_nat_gateway
nat_gateway_resource_guid	Outputs the GUID for azurerm_nat_gateway
network_security_group_id	Outputs the ID for azurerm_network_security_group
network_security_rule_id	Outputs the list of azurerm_network_security_rule ids
resource_group_name	The name of the resource group in which to create the virtual network.
route_table_id	Outputs the ID for azurerm_route_table
route_table_subnets	Outputs the collection of subnets associated with the route table.
subnet_address_prefixes	Ouputs a maps in the form: [subnet_name = subnet_address_prefixes]
subnet_id	Outputs a map in the form: {subnet_name = subnet_id}
subnet_name	Outputs the list of subnet names
virtual_network_address_space	The list of address spaces used by the virtual network.
virtual_network_guid	The GUID of the virtual network.
virtual_network_id	The virtual Network Configuration ID.
virtual_network_location	The location/region where the virtual network is created.
virtual_network_name	The name of the virtual network.