This code deploys a HUB & Spoke modular infrastructure on Azure Cloud.
-
base = it´s the mandatory module which deploys the following components:
- Resource Groups
- Log Analytics Workspace
- VNET
- Subnets
- IP Groups
- Network Security Groups
- Azure Firewall
- Azure Bastion
- Routing Tables
- VNET Peering between HUB and Spokes
-
vpn-gateway = deploy the VPN Gateway for On-Premises integration. The following components are deployed at this stage:
- Virtual Network Gateway
-
vpn-connections = deploy the VPN Connections to establish IPSec tunnel between HUB & On-Premises integration. The following components are deployed at this stage:
- Local Network Gateway
- Virtual Network Gateway Connection
-
virtual-machines = deploy the virtual-machines into the subnets (Spoke-1, Spoke-2 and On-Premises). Also a custom data script is loaded during VM provisioning.
-
frontdoor = deploy the Azure FrontDoor and the following components:
- Dedicated VNET and Subnet to host the WebApp virtual-machine (as a sample for security isolation)
- Network Security Group
- VNET Peering between HUB and WebApp VNET
- Azure FrontDoor (frontend, backend pools, probes and routing rules)
- Azure Firewall NAT Rule
- Web Application Firewall linked on Azure FrontDoor and loading two rules: 1) custom (block IP) and 2) Managed Rule - Default Rule Set
- IP Groups
You can:
- clone this repo or
- download the individual files (respecting the directory hierarchy).
Up to you choose the option better fits your requirement ;-).
Let me know and I'll be glad to invite you !!!, then ...
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin my-new-feature
- Submit a pull request :D
- Terraform
- GNU