diff --git a/examples/appgw/README.md b/examples/appgw/README.md
index 41ce6a16..6f9a6145 100644
--- a/examples/appgw/README.md
+++ b/examples/appgw/README.md
@@ -164,45 +164,45 @@ represents the Rules section of an Application Gateway in Azure Portal.
Below you can find a brief list of available properties:
-- `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+- `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+- `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
+ Application Gateway V2 dedicated subnet.
+- `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
+ described by `subnet_key`.
- `application_gateway` - (`map`, required) defines the basic Application Gateway settings, for details see
[module's documentation](../../modules/appgw/README.md#application_gateway). The most important
properties are:
- - `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
- Application Gateway V2 dedicated subnet.
- - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
- described by `subnet_key`.
- `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
Public IP will have it's name prefixes with `var.name_prefix`
- `zones` - (`list`, optional, defaults to module defaults) parameter controlling if this is a zonal, or a non-zonal
deployment
- `backend_pool` - (`map`, optional, defaults to module defaults) backend pool definition, when skipped, an empty backend
will be created
-- `listeners` - (`map`, required) defines Application Gateway's Listeners, see
- [module's documentation](../../modules/appgw/README.md#listeners) for details
-- `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend settings,
- see [module's documentation](../../modules/appgw/README.md#backends) for details
-- `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
- see [module's documentation](../../modules/appgw/README.md#probes) for details
-- `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
- see [module's documentation](../../modules/appgw/README.md#rewrites) for details
-- `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
- see [module's documentation](../../modules/appgw/README.md#redirects) for details
-- `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
- see [module's documentation](../../modules/appgw/README.md#url_path_maps) for details
-- `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either `backend`,
- `redirect` or `url_path_map`, see [module's documentation](../../modules/appgw/README.md#rules)
- for details
+- `listeners` - (`map`, required) defines Application Gateway's Listeners, see
+ [module's documentation](../../modules/appgw/README.md#listeners) for details
+- `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend
+ settings, see [module's documentation](../../modules/appgw/README.md#backends) for details
+- `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
+ see [module's documentation](../../modules/appgw/README.md#probes) for details
+- `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
+ see [module's documentation](../../modules/appgw/README.md#rewrites) for details
+- `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
+ see [module's documentation](../../modules/appgw/README.md#redirects) for details
+- `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
+ see [module's documentation](../../modules/appgw/README.md#url_path_maps) for details
+- `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either
+ `backend`, `redirect` or `url_path_map`, see
+ [module's documentation](../../modules/appgw/README.md#rules) for details
Type:
```hcl
map(object({
- name = string
+ name = string
+ vnet_key = string
+ subnet_key = string
application_gateway = object({
- vnet_key = string
- subnet_key = string
public_ip = object({
name = string
resource_group_name = optional(string)
diff --git a/examples/appgw/example.tfvars b/examples/appgw/example.tfvars
index 5b633434..125b5c61 100644
--- a/examples/appgw/example.tfvars
+++ b/examples/appgw/example.tfvars
@@ -40,10 +40,10 @@ vnets = {
appgws = {
"public-empty" = {
- name = "empty"
+ name = "empty"
+ vnet_key = "transit"
+ subnet_key = "appgw"
application_gateway = {
- vnet_key = "transit"
- subnet_key = "appgw"
public_ip = {
name = "public-empty-ip"
}
@@ -71,14 +71,14 @@ appgws = {
}
}
"public-http-minimum" = {
- name = "appgw-http-minimum"
+ name = "appgw-http-minimum"
+ vnet_key = "transit"
+ subnet_key = "appgw"
application_gateway = {
public_ip = {
name = "pip-http-minimum"
}
- vnet_key = "transit"
- subnet_key = "appgw"
- zones = []
+ zones = []
}
listeners = {
minimum = {
@@ -124,10 +124,10 @@ appgws = {
name = "pip-existing"
create = false
}
- vnet_key = "transit"
- subnet_key = "appgw"
- zones = ["1"]
+ zones = ["1"]
}
+ vnet_key = "transit"
+ subnet_key = "appgw"
backends = {
existing = {
name = "http-backend"
@@ -168,14 +168,14 @@ appgws = {
}
}
"public-http-autoscale" = {
- name = "appgw-http-autoscale"
+ name = "appgw-http-autoscale"
+ vnet_key = "transit"
+ subnet_key = "appgw"
application_gateway = {
public_ip = {
name = "pip-http-autoscale"
}
- vnet_key = "transit"
- subnet_key = "appgw"
- zones = null
+ zones = null
capacity = {
autoscale = {
min = 2
@@ -209,14 +209,14 @@ appgws = {
}
}
"public-waf" = {
- name = "appgw-waf"
+ name = "appgw-waf"
+ vnet_key = "transit"
+ subnet_key = "appgw"
application_gateway = {
public_ip = {
name = "pip-waf"
}
- vnet_key = "transit"
- subnet_key = "appgw"
- zones = []
+ zones = []
capacity = {
static = 4
}
@@ -280,7 +280,9 @@ appgws = {
# openssl pkcs12 -inkey test1.key -in test1.crt -export -out test1.pfx
# openssl pkcs12 -inkey test2.key -in test2.crt -export -out test2.pfx
"public-ssl-custom" = {
- name = "appgw-ssl-custom"
+ name = "appgw-ssl-custom"
+ vnet_key = "transit"
+ subnet_key = "appgw"
application_gateway = {
public_ip = {
name = "pip-ssl-custom"
@@ -289,8 +291,6 @@ appgws = {
name = "vmseries-pool"
}
frontend_ip_configuration_name = "public_ipconfig"
- vnet_key = "transit"
- subnet_key = "appgw"
zones = ["1", "2", "3"]
global_ssl_policy = {
type = "Custom"
@@ -598,13 +598,13 @@ appgws = {
}
}
"public-ssl-predefined" = {
- name = "appgw-ssl-predefined"
+ name = "appgw-ssl-predefined"
+ vnet_key = "transit"
+ subnet_key = "appgw"
application_gateway = {
public_ip = {
name = "pip-ssl-predefined"
}
- vnet_key = "transit"
- subnet_key = "appgw"
backend_pool = {
name = "vmseries-pool-custom"
}
diff --git a/examples/appgw/main.tf b/examples/appgw/main.tf
index 4c2de889..da2e5ba9 100644
--- a/examples/appgw/main.tf
+++ b/examples/appgw/main.tf
@@ -61,11 +61,11 @@ module "appgw" {
name = "${var.name_prefix}${each.value.name}"
resource_group_name = local.resource_group.name
location = var.location
+ subnet_id = module.vnet[each.value.vnet_key].subnet_ids[each.value.subnet_key]
application_gateway = merge(
each.value.application_gateway,
{
- subnet_id = module.vnet[each.value.application_gateway.vnet_key].subnet_ids[each.value.application_gateway.subnet_key]
public_ip = merge(
each.value.application_gateway.public_ip,
{
diff --git a/examples/appgw/variables.tf b/examples/appgw/variables.tf
index 9e841e98..9fca4971 100644
--- a/examples/appgw/variables.tf
+++ b/examples/appgw/variables.tf
@@ -128,41 +128,41 @@ variable "appgws" {
Below you can find a brief list of available properties:
- - `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+ - `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+ - `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
+ Application Gateway V2 dedicated subnet.
+ - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
+ described by `subnet_key`.
- `application_gateway` - (`map`, required) defines the basic Application Gateway settings, for details see
[module's documentation](../../modules/appgw/README.md#application_gateway). The most important
properties are:
- - `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
- Application Gateway V2 dedicated subnet.
- - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
- described by `subnet_key`.
- `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
Public IP will have it's name prefixes with `var.name_prefix`
- `zones` - (`list`, optional, defaults to module defaults) parameter controlling if this is a zonal, or a non-zonal
deployment
- `backend_pool` - (`map`, optional, defaults to module defaults) backend pool definition, when skipped, an empty backend
will be created
- - `listeners` - (`map`, required) defines Application Gateway's Listeners, see
- [module's documentation](../../modules/appgw/README.md#listeners) for details
- - `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend settings,
- see [module's documentation](../../modules/appgw/README.md#backends) for details
- - `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
- see [module's documentation](../../modules/appgw/README.md#probes) for details
- - `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
- see [module's documentation](../../modules/appgw/README.md#rewrites) for details
- - `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
- see [module's documentation](../../modules/appgw/README.md#redirects) for details
- - `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
- see [module's documentation](../../modules/appgw/README.md#url_path_maps) for details
- - `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either `backend`,
- `redirect` or `url_path_map`, see [module's documentation](../../modules/appgw/README.md#rules)
- for details
+ - `listeners` - (`map`, required) defines Application Gateway's Listeners, see
+ [module's documentation](../../modules/appgw/README.md#listeners) for details
+ - `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend
+ settings, see [module's documentation](../../modules/appgw/README.md#backends) for details
+ - `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
+ see [module's documentation](../../modules/appgw/README.md#probes) for details
+ - `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
+ see [module's documentation](../../modules/appgw/README.md#rewrites) for details
+ - `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
+ see [module's documentation](../../modules/appgw/README.md#redirects) for details
+ - `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
+ see [module's documentation](../../modules/appgw/README.md#url_path_maps) for details
+ - `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either
+ `backend`, `redirect` or `url_path_map`, see
+ [module's documentation](../../modules/appgw/README.md#rules) for details
EOF
type = map(object({
- name = string
+ name = string
+ vnet_key = string
+ subnet_key = string
application_gateway = object({
- vnet_key = string
- subnet_key = string
public_ip = object({
name = string
resource_group_name = optional(string)
diff --git a/examples/common_vmseries/README.md b/examples/common_vmseries/README.md
index 051c2517..9f12b753 100644
--- a/examples/common_vmseries/README.md
+++ b/examples/common_vmseries/README.md
@@ -415,8 +415,8 @@ Following properties are supported:
- `natgw` - (`map`, required) a map defining basic NAT Gateway configuration. For details on available options
please refer to [module documentation](../../modules/natgw/README.md#natgw). One property that's worth
mentioning is:
- - `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this NAT Gateway
- will be assigned to.
+- `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this
+ NAT Gateway will be assigned to.
- `subnet_keys` - (`list(string)`, required) a list of subnets (key values) the NAT Gateway will be assigned to, defined
in `var.vnets` for a VNET described by `vnet_name`.
- `public_ip` - (`object`, optional) an object defining a public IP resource attached to the NAT Gateway.
@@ -445,11 +445,11 @@ map(object({
name = string
resource_group_name = optional(string)
natgw = object({
- vnet_key = string
create = optional(bool, true)
zone = optional(string)
idle_timeout = optional(number)
})
+ vnet_key = string
subnet_keys = list(string)
public_ip = optional(object({
create = bool
@@ -496,17 +496,17 @@ Following properties are available:
in the `var.vnets` map
- `nsg_vnet_key` - (`string`, optional, mutually exclusive with `nsg_name`) a key pointing to a VNET definition
in the `var.vnets` map that stores the NSG described by `nsg_key`
+- `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets`
+ map that stores the Subnet described by `subnet_key`.
- `frontend_ips` - (`map`, optional, defaults to `{}`) a map containing frontend IP configuration with respective
`in_rules` and `out_rules`
Please refer to [module documentation](../../modules/loadbalancer/README.md#frontend_ips) for available properties.
**Note!** \
- In this example the `subnet_id` is not available directly, three other properties were introduced instead.
+ In this example the `subnet_id` is not available directly, three other property was introduced instead:
- - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map
- - `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets` map
- that stores the Subnet described by `subnet_key`
+ - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map.
Type:
@@ -534,12 +534,12 @@ map(object({
source_ips = list(string)
base_priority = optional(number)
}))
+ vnet_key = optional(string)
frontend_ips = optional(map(object({
name = string
public_ip_name = optional(string)
create_public_ip = optional(bool, false)
public_ip_resource_group_name = optional(string)
- vnet_key = optional(string)
subnet_key = optional(string)
private_ip_address = optional(string)
gwlb_key = optional(string)
@@ -759,8 +759,6 @@ The most basic properties are as follows:
The most often used option are as follows:
- - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets used to
- deploy network interfaces for deployed VM.
- `size` - (`string`, optional, defaults to module defaults) Azure VM size (type). Consult the *VM-Series Deployment
Guide* as only a few selected sizes are supported.
- `zone` - (`string`, optional, defaults to module defaults) the Availability Zone in which the VM and (if deployed)
@@ -822,6 +820,9 @@ The most basic properties are as follows:
For details on the other properties refer to [module's documentation](../../modules/panorama/README.md#virtual_machine).
+- `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets used to
+ deploy network interfaces for deployed VM.
+
- `interfaces` - (`list`, required) configuration of all network interfaces
**Note!** \
@@ -864,7 +865,6 @@ map(object({
custom_id = optional(string)
})
virtual_machine = object({
- vnet_key = string
size = optional(string)
bootstrap_options = optional(string)
bootstrap_package = optional(object({
@@ -890,6 +890,7 @@ map(object({
identity_ids = optional(list(string))
allow_extension_operations = optional(bool)
})
+ vnet_key = string
interfaces = list(object({
name = string
subnet_key = string
@@ -921,45 +922,45 @@ represents the Rules section of an Application Gateway in Azure Portal.
Below you can find a brief list of available properties:
-- `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+- `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+- `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
+ Application Gateway V2 dedicated subnet.
+- `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
+ described by `subnet_key`.
- `application_gateway` - (`map`, required) defines the basic Application Gateway settings, for details see
[module's documentation](../../modules/appgw/README.md#application_gateway). The most important
properties are:
- - `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
- Application Gateway V2 dedicated subnet.
- - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
- described by `subnet_key`.
- - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
+ - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
Public IP will have it's name prefixes with `var.name_prefix`
- `zones` - (`list`, optional, defaults to module defaults) parameter controlling if this is a zonal, or a non-zonal
deployment
- `backend_pool` - (`map`, optional, defaults to module defaults) backend pool definition, when skipped, an empty backend
will be created
-- `listeners` - (`map`, required) defines Application Gateway's Listeners, see
+- `listeners` - (`map`, required) defines Application Gateway's Listeners, see
[module's documentation](../../modules/appgw/README.md#listeners) for details
-- `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend settings,
- see [module's documentation](../../modules/appgw/README.md#backends) for details
-- `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
+- `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend
+ settings, see [module's documentation](../../modules/appgw/README.md#backends) for details
+- `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
see [module's documentation](../../modules/appgw/README.md#probes) for details
-- `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
+- `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
see [module's documentation](../../modules/appgw/README.md#rewrites) for details
-- `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
+- `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
see [module's documentation](../../modules/appgw/README.md#redirects) for details
-- `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
+- `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
see [module's documentation](../../modules/appgw/README.md#url_path_maps) for details
-- `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either `backend`,
- `redirect` or `url_path_map`, see [module's documentation](../../modules/appgw/README.md#rules)
- for details
+- `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either
+ `backend`, `redirect` or `url_path_map`, see
+ [module's documentation](../../modules/appgw/README.md#rules) for details
Type:
```hcl
map(object({
- name = string
+ name = string
+ vnet_key = string
+ subnet_key = string
application_gateway = object({
- vnet_key = string
- subnet_key = string
public_ip = object({
name = string
resource_group_name = optional(string)
diff --git a/examples/common_vmseries/example.tfvars b/examples/common_vmseries/example.tfvars
index d7a91303..67f6475c 100644
--- a/examples/common_vmseries/example.tfvars
+++ b/examples/common_vmseries/example.tfvars
@@ -151,9 +151,9 @@ load_balancers = {
"private" = {
name = "private-lb"
frontend_ips = {
+ vnet_key = "transit"
"ha-ports" = {
name = "private-vmseries"
- vnet_key = "transit"
subnet_key = "private"
private_ip_address = "10.0.0.30"
in_rules = {
@@ -176,11 +176,11 @@ vmseries = {
version = "10.2.3"
}
virtual_machine = {
- vnet_key = "transit"
size = "Standard_DS3_v2"
zone = 1
bootstrap_options = "type=dhcp-client"
}
+ vnet_key = "transit"
interfaces = [
{
name = "vm01-mgmt"
@@ -207,11 +207,11 @@ vmseries = {
version = "10.2.3"
}
virtual_machine = {
- vnet_key = "transit"
size = "Standard_DS3_v2"
zone = 2
bootstrap_options = "type=dhcp-client"
}
+ vnet_key = "transit"
interfaces = [
{
name = "vm02-mgmt"
@@ -238,10 +238,10 @@ vmseries = {
# --- APPLICATION GATEWAYs --- #
appgws = {
public = {
- name = "appgw"
+ name = "appgw"
+ vnet_key = "transit"
+ subnet_key = "appgw"
application_gateway = {
- vnet_key = "transit"
- subnet_key = "appgw"
public_ip = {
name = "appgw-pip"
}
diff --git a/examples/common_vmseries/main.tf b/examples/common_vmseries/main.tf
index cfc670b5..84ca8b6e 100644
--- a/examples/common_vmseries/main.tf
+++ b/examples/common_vmseries/main.tf
@@ -79,7 +79,7 @@ module "natgw" {
natgw = each.value.natgw
- subnet_ids = { for v in each.value.subnet_keys : v => module.vnet[each.value.natgw.vnet_key].subnet_ids[v] }
+ subnet_ids = { for v in each.value.subnet_keys : v => module.vnet[each.value.vnet_key].subnet_ids[v] }
public_ip = try(merge(each.value.public_ip, { name = "${each.value.public_ip.create ? var.name_prefix : ""}${each.value.public_ip.name}" }), null)
public_ip_prefix = try(merge(each.value.public_ip_prefix, { name = "${each.value.public_ip_prefix.create ? var.name_prefix : ""}${each.value.public_ip_prefix.name}" }), null)
@@ -124,7 +124,7 @@ module "load_balancer" {
v,
{
public_ip_name = v.create_public_ip ? "${var.name_prefix}${v.public_ip_name}" : "${v.public_ip_name}",
- subnet_id = try(module.vnet[v.vnet_key].subnet_ids[v.subnet_key], null)
+ subnet_id = try(module.vnet[each.value.vnet_key].subnet_ids[v.subnet_key], null)
}
)
}
@@ -160,7 +160,7 @@ module "ngfw_metrics" {
resource "local_file" "bootstrap_xml" {
for_each = {
for k, v in var.vmseries :
- k => v.virtual_machine
+ k => merge(v.virtual_machine, { vnet_key = v.vnet_key })
if try(v.virtual_machine.bootstrap_package.bootstrap_xml_template != null, false)
}
@@ -295,7 +295,7 @@ module "vmseries" {
interfaces = [for v in each.value.interfaces : {
name = "${var.name_prefix}${v.name}"
- subnet_id = module.vnet[each.value.virtual_machine.vnet_key].subnet_ids[v.subnet_key]
+ subnet_id = module.vnet[each.value.vnet_key].subnet_ids[v.subnet_key]
create_public_ip = v.create_public_ip
public_ip_name = v.create_public_ip ? "${var.name_prefix}${coalesce(v.public_ip_name, "${v.name}-pip")}" : v.public_ip_name
public_ip_resource_group_name = v.public_ip_resource_group_name
@@ -339,10 +339,11 @@ module "appgw" {
resource_group_name = local.resource_group.name
location = var.location
+ subnet_id = module.vnet[each.value.vnet_key].subnet_ids[each.value.subnet_key]
+
application_gateway = merge(
each.value.application_gateway,
{
- subnet_id = module.vnet[each.value.application_gateway.vnet_key].subnet_ids[each.value.application_gateway.subnet_key]
public_ip = merge(
each.value.application_gateway.public_ip,
{ name = "${each.value.application_gateway.public_ip.create ? var.name_prefix : ""}${each.value.application_gateway.public_ip.name}" }
diff --git a/examples/common_vmseries/variables.tf b/examples/common_vmseries/variables.tf
index 4505680a..fb3eb00a 100644
--- a/examples/common_vmseries/variables.tf
+++ b/examples/common_vmseries/variables.tf
@@ -132,8 +132,8 @@ variable "natgws" {
- `natgw` - (`map`, required) a map defining basic NAT Gateway configuration. For details on available options
please refer to [module documentation](../../modules/natgw/README.md#natgw). One property that's worth
mentioning is:
- - `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this NAT Gateway
- will be assigned to.
+ - `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this
+ NAT Gateway will be assigned to.
- `subnet_keys` - (`list(string)`, required) a list of subnets (key values) the NAT Gateway will be assigned to, defined
in `var.vnets` for a VNET described by `vnet_name`.
- `public_ip` - (`object`, optional) an object defining a public IP resource attached to the NAT Gateway.
@@ -159,11 +159,11 @@ variable "natgws" {
name = string
resource_group_name = optional(string)
natgw = object({
- vnet_key = string
create = optional(bool, true)
zone = optional(string)
idle_timeout = optional(number)
})
+ vnet_key = string
subnet_keys = list(string)
public_ip = optional(object({
create = bool
@@ -208,17 +208,17 @@ variable "load_balancers" {
in the `var.vnets` map
- `nsg_vnet_key` - (`string`, optional, mutually exclusive with `nsg_name`) a key pointing to a VNET definition
in the `var.vnets` map that stores the NSG described by `nsg_key`
+ - `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets`
+ map that stores the Subnet described by `subnet_key`.
- `frontend_ips` - (`map`, optional, defaults to `{}`) a map containing frontend IP configuration with respective
`in_rules` and `out_rules`
Please refer to [module documentation](../../modules/loadbalancer/README.md#frontend_ips) for available properties.
**Note!** \
- In this example the `subnet_id` is not available directly, three other properties were introduced instead.
+ In this example the `subnet_id` is not available directly, three other property was introduced instead:
- - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map
- - `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets` map
- that stores the Subnet described by `subnet_key`
+ - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map.
EOF
default = {}
nullable = false
@@ -244,12 +244,12 @@ variable "load_balancers" {
source_ips = list(string)
base_priority = optional(number)
}))
+ vnet_key = optional(string)
frontend_ips = optional(map(object({
name = string
public_ip_name = optional(string)
create_public_ip = optional(bool, false)
public_ip_resource_group_name = optional(string)
- vnet_key = optional(string)
subnet_key = optional(string)
private_ip_address = optional(string)
gwlb_key = optional(string)
@@ -444,8 +444,6 @@ variable "vmseries" {
The most often used option are as follows:
- - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets used to
- deploy network interfaces for deployed VM.
- `size` - (`string`, optional, defaults to module defaults) Azure VM size (type). Consult the *VM-Series Deployment
Guide* as only a few selected sizes are supported.
- `zone` - (`string`, optional, defaults to module defaults) the Availability Zone in which the VM and (if deployed)
@@ -507,6 +505,9 @@ variable "vmseries" {
For details on the other properties refer to [module's documentation](../../modules/panorama/README.md#virtual_machine).
+ - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets used to
+ deploy network interfaces for deployed VM.
+
- `interfaces` - (`list`, required) configuration of all network interfaces
**Note!** \
@@ -547,7 +548,6 @@ variable "vmseries" {
custom_id = optional(string)
})
virtual_machine = object({
- vnet_key = string
size = optional(string)
bootstrap_options = optional(string)
bootstrap_package = optional(object({
@@ -573,6 +573,7 @@ variable "vmseries" {
identity_ids = optional(list(string))
allow_extension_operations = optional(bool)
})
+ vnet_key = string
interfaces = list(object({
name = string
subnet_key = string
@@ -616,43 +617,43 @@ variable "appgws" {
Below you can find a brief list of available properties:
- - `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+ - `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+ - `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
+ Application Gateway V2 dedicated subnet.
+ - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
+ described by `subnet_key`.
- `application_gateway` - (`map`, required) defines the basic Application Gateway settings, for details see
[module's documentation](../../modules/appgw/README.md#application_gateway). The most important
properties are:
- - `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
- Application Gateway V2 dedicated subnet.
- - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
- described by `subnet_key`.
- - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
+ - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
Public IP will have it's name prefixes with `var.name_prefix`
- `zones` - (`list`, optional, defaults to module defaults) parameter controlling if this is a zonal, or a non-zonal
deployment
- `backend_pool` - (`map`, optional, defaults to module defaults) backend pool definition, when skipped, an empty backend
will be created
- - `listeners` - (`map`, required) defines Application Gateway's Listeners, see
+ - `listeners` - (`map`, required) defines Application Gateway's Listeners, see
[module's documentation](../../modules/appgw/README.md#listeners) for details
- - `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend settings,
- see [module's documentation](../../modules/appgw/README.md#backends) for details
- - `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
+ - `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend
+ settings, see [module's documentation](../../modules/appgw/README.md#backends) for details
+ - `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
see [module's documentation](../../modules/appgw/README.md#probes) for details
- - `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
+ - `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
see [module's documentation](../../modules/appgw/README.md#rewrites) for details
- - `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
+ - `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
see [module's documentation](../../modules/appgw/README.md#redirects) for details
- - `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
+ - `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
see [module's documentation](../../modules/appgw/README.md#url_path_maps) for details
- - `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either `backend`,
- `redirect` or `url_path_map`, see [module's documentation](../../modules/appgw/README.md#rules)
- for details
+ - `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either
+ `backend`, `redirect` or `url_path_map`, see
+ [module's documentation](../../modules/appgw/README.md#rules) for details
EOF
default = {}
nullable = false
type = map(object({
- name = string
+ name = string
+ vnet_key = string
+ subnet_key = string
application_gateway = object({
- vnet_key = string
- subnet_key = string
public_ip = object({
name = string
resource_group_name = optional(string)
diff --git a/examples/common_vmseries_and_autoscale/README.md b/examples/common_vmseries_and_autoscale/README.md
index f6dccad1..3e7df8dc 100644
--- a/examples/common_vmseries_and_autoscale/README.md
+++ b/examples/common_vmseries_and_autoscale/README.md
@@ -215,10 +215,10 @@ Name | Type | Description
[`name_prefix`](#name_prefix) | `string` | A prefix that will be added to all created resources.
[`create_resource_group`](#create_resource_group) | `bool` | When set to `true` it will cause a Resource Group creation.
[`natgws`](#natgws) | `map` | A map defining NAT Gateways.
-[`load_balancers`](#load_balancers) | `map` | A map containing configuration for all (private and public) Load Balancers.
+[`load_balancers`](#load_balancers) | `map` | A map containing configuration for all (private and public) Load Balancers.
[`ngfw_metrics`](#ngfw_metrics) | `object` | A map controlling metrics-relates resources.
[`scale_sets`](#scale_sets) | `map` | A map defining Azure Virtual Machine Scale Sets based on Palo Alto Networks Next Generation Firewall image.
-[`appgws`](#appgws) | `map` | A map defining all Application Gateways in the current deployment.
+[`appgws`](#appgws) | `map` | A map defining all Application Gateways in the current deployment.
@@ -432,8 +432,8 @@ Following properties are supported:
- `natgw` - (`map`, required) a map defining basic NAT Gateway configuration. For details on available options
please refer to [module documentation](../../modules/natgw/README.md#natgw). One property that's worth
mentioning is:
- - `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this NAT Gateway
- will be assigned to.
+- `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this
+ NAT Gateway will be assigned to.
- `subnet_keys` - (`list(string)`, required) a list of subnets (key values) the NAT Gateway will be assigned to, defined
in `var.vnets` for a VNET described by `vnet_name`.
- `public_ip` - (`object`, optional) an object defining a public IP resource attached to the NAT Gateway.
@@ -462,11 +462,11 @@ map(object({
name = string
resource_group_name = optional(string)
natgw = object({
- vnet_key = string
create = optional(bool, true)
zone = optional(string)
idle_timeout = optional(number)
})
+ vnet_key = string
subnet_keys = list(string)
public_ip = optional(object({
create = bool
@@ -489,41 +489,41 @@ Default value: `map[]`
#### load_balancers
-A map containing configuration for all (private and public) Load Balancers.
+ A map containing configuration for all (private and public) Load Balancers.
+
+ This is a brief description of available properties. For a detailed one please refer to
+ [module documentation](../../modules/loadbalancer/README.md).
+
+ Following properties are available:
+
+ - `name` - (`string`, required) a name of the Load Balancer
+ - `load_balancer` - (`map`, optional, defaults to `null`) a map defining basic Load Balancer configuration, for
+ for details on available properties see
+ [module documentation](../../modules/loadbalancer/README.md#load_balancer)
+ - `health_probes` - (`map`, optional, defaults to `null`) a map defining health probes that will be used by
+ load balancing rules;
+ please check [module documentation](../../modules/loadbalancer/README.md#health_probes)
+ for more specific use cases and available properties
+ - `nsg_auto_rules_settings` - (`map`, optional, defaults to `null`) a map defining a location of an existing NSG rule
+ that will be populated with `Allow` rules for each load balancing rule (`in_rules`); please check
+ [module documentation](../../modules/loadbalancer/README.md#nsg_auto_rules_settings)
+ for available properties; please note that in this example two additional properties are
+ available:
+ - `nsg_key` - (`string`, optional, mutually exclusive with `nsg_name`) a key pointing to an NSG definition
+ in the `var.vnets` map
+ - `nsg_vnet_key` - (`string`, optional, mutually exclusive with `nsg_name`) a key pointing to a VNET definition
+ in the `var.vnets` map that stores the NSG described by `nsg_key`
+- `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets`
+ map that stores the Subnet described by `subnet_key`.
+ - `frontend_ips` - (`map`, optional, defaults to `{}`) a map containing frontend IP configuration with respective
+ `in_rules` and `out_rules`
+
+ Please refer to [module documentation](../../modules/loadbalancer/README.md#frontend_ips) for available properties.
-This is a brief description of available properties. For a detailed one please refer to
-[module documentation](../../modules/loadbalancer/README.md).
-
-Following properties are available:
-
-- `name` - (`string`, required) a name of the Load Balancer
-- `load_balancer` - (`map`, optional, defaults to `null`) a map defining basic Load Balancer configuration, for
- for details on available properties see
- [module documentation](../../modules/loadbalancer/README.md#load_balancer)
-- `health_probes` - (`map`, optional, defaults to `null`) a map defining health probes that will be used by
- load balancing rules;
- please check [module documentation](../../modules/loadbalancer/README.md#health_probes)
- for more specific use cases and available properties
-- `nsg_auto_rules_settings` - (`map`, optional, defaults to `null`) a map defining a location of an existing NSG rule
- that will be populated with `Allow` rules for each load balancing rule (`in_rules`); please check
- [module documentation](../../modules/loadbalancer/README.md#nsg_auto_rules_settings)
- for available properties; please note that in this example two additional properties are
- available:
- - `nsg_key` - (`string`, optional, mutually exclusive with `nsg_name`) a key pointing to an NSG definition
- in the `var.vnets` map
- - `nsg_vnet_key` - (`string`, optional, mutually exclusive with `nsg_name`) a key pointing to a VNET definition
- in the `var.vnets` map that stores the NSG described by `nsg_key`
-- `frontend_ips` - (`map`, optional, defaults to `{}`) a map containing frontend IP configuration with respective
- `in_rules` and `out_rules`
-
- Please refer to [module documentation](../../modules/loadbalancer/README.md#frontend_ips) for available properties.
-
- **Note!** \
- In this example the `subnet_id` is not available directly, three other properties were introduced instead.
+ **Note!** \
+ In this example the `subnet_id` is not available directly, three other property was introduced instead:
- - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map
- - `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets` map
- that stores the Subnet described by `subnet_key`
+ - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map.
Type:
@@ -551,12 +551,12 @@ map(object({
source_ips = list(string)
base_priority = optional(number)
}))
+ vnet_key = optional(string)
frontend_ips = optional(map(object({
name = string
public_ip_name = optional(string)
create_public_ip = optional(bool, false)
public_ip_resource_group_name = optional(string)
- vnet_key = optional(string)
subnet_key = optional(string)
private_ip_address = optional(string)
gwlb_key = optional(string)
@@ -666,8 +666,6 @@ The basic Scale Set configuration properties are as follows:
Below we present only the most important ones, for the rest please refer to
[module's documentation](../../modules/vmss/README.md#virtual_machine_scale_set):
- - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets
- used to deploy network interfaces for VMs in this Scale Set
- `size` - (`string`, optional, defaults to module defaults) Azure VM size (type). Consult the *VM-Series
Deployment Guide* as only a few selected sizes are supported
- `zones` - (`list`, optional, defaults to module defaults) a list of Availability Zones in which VMs from
@@ -688,6 +686,8 @@ The basic Scale Set configuration properties are as follows:
the scale set when the autoscaling engine cannot read the metrics or is otherwise unable to compare
the metrics to the thresholds
+- `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets
+ used to deploy network interfaces for VMs in this Scale Set
- `interfaces` - (`list`, required) configuration of all network interfaces, order does matter - the 1st
interface should be the management one. Following properties are available:
- `name` - (`string`, required) name of the network interface (will be prefixed with `var.name_prefix`)
@@ -729,7 +729,6 @@ map(object({
custom_id = optional(string)
})
virtual_machine_scale_set = optional(object({
- vnet_key = string
size = optional(string)
bootstrap_options = optional(string)
zones = optional(list(string))
@@ -752,6 +751,7 @@ map(object({
notification_emails = optional(list(string), [])
webhooks_uris = optional(map(string), {})
}), {})
+ vnet_key = string
interfaces = list(object({
name = string
subnet_key = string
@@ -805,56 +805,56 @@ Default value: `map[]`
#### appgws
-A map defining all Application Gateways in the current deployment.
+ A map defining all Application Gateways in the current deployment.
-For detailed documentation on how to configure this resource, for available properties, especially for the defaults,
-refer to [module documentation](../../modules/appgw/README.md).
+ For detailed documentation on how to configure this resource, for available properties, especially for the defaults,
+ refer to [module documentation](../../modules/appgw/README.md).
-**Note!** \
-The `rules` property is meant to bind together `backend`, `redirect` or `url_path_map` (all 3 are mutually exclusive). It
-represents the Rules section of an Application Gateway in Azure Portal.
-
-Below you can find a brief list of available properties:
-
-- `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
-- `application_gateway` - (`map`, required) defines the basic Application Gateway settings, for details see
- [module's documentation](../../modules/appgw/README.md#application_gateway). The most important
- properties are:
- - `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
- Application Gateway V2 dedicated subnet.
- - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
- described by `subnet_key`.
- - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
- Public IP will have it's name prefixes with `var.name_prefix`
- - `zones` - (`list`, optional, defaults to module defaults) parameter controlling if this is a zonal, or a non-zonal
- deployment
- - `backend_pool` - (`map`, optional, defaults to module defaults) backend pool definition, when skipped, an empty backend
- will be created
-- `listeners` - (`map`, required) defines Application Gateway's Listeners, see
- [module's documentation](../../modules/appgw/README.md#listeners) for details
-- `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend settings,
- see [module's documentation](../../modules/appgw/README.md#backends) for details
-- `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
- see [module's documentation](../../modules/appgw/README.md#probes) for details
-- `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
- see [module's documentation](../../modules/appgw/README.md#rewrites) for details
-- `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
- see [module's documentation](../../modules/appgw/README.md#redirects) for details
-- `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
- see [module's documentation](../../modules/appgw/README.md#url_path_maps) for details
-- `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either `backend`,
- `redirect` or `url_path_map`, see [module's documentation](../../modules/appgw/README.md#rules)
- for details
+ **Note!** \
+ The `rules` property is meant to bind together `backend`, `redirect` or `url_path_map` (all 3 are mutually exclusive). It
+ represents the Rules section of an Application Gateway in Azure Portal.
+
+ Below you can find a brief list of available properties:
+
+ - `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+- `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
+ Application Gateway V2 dedicated subnet.
+ - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
+ described by `subnet_key`.
+ - `application_gateway` - (`map`, required) defines the basic Application Gateway settings, for details see
+ [module's documentation](../../modules/appgw/README.md#application_gateway). The most important
+ properties are:
+ - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
+ Public IP will have it's name prefixes with `var.name_prefix`
+ - `zones` - (`list`, optional, defaults to module defaults) parameter controlling if this is a zonal, or a non-zonal
+ deployment
+ - `backend_pool` - (`map`, optional, defaults to module defaults) backend pool definition, when skipped, an empty backend
+ will be created
+ - `listeners` - (`map`, required) defines Application Gateway's Listeners, see
+ [module's documentation](../../modules/appgw/README.md#listeners) for details
+ - `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend
+ settings, see [module's documentation](../../modules/appgw/README.md#backends) for details
+ - `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
+ see [module's documentation](../../modules/appgw/README.md#probes) for details
+ - `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
+ see [module's documentation](../../modules/appgw/README.md#rewrites) for details
+ - `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
+ see [module's documentation](../../modules/appgw/README.md#redirects) for details
+ - `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
+ see [module's documentation](../../modules/appgw/README.md#url_path_maps) for details
+ - `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either
+ `backend`, `redirect` or `url_path_map`, see
+ [module's documentation](../../modules/appgw/README.md#rules) for details
Type:
```hcl
map(object({
- name = string
+ name = string
+ vnet_key = string
+ subnet_key = string
application_gateway = object({
- vnet_key = string
- subnet_key = string
public_ip = object({
name = string
resource_group_name = optional(string)
diff --git a/examples/common_vmseries_and_autoscale/example.tfvars b/examples/common_vmseries_and_autoscale/example.tfvars
index 29bef926..0be57291 100644
--- a/examples/common_vmseries_and_autoscale/example.tfvars
+++ b/examples/common_vmseries_and_autoscale/example.tfvars
@@ -149,11 +149,11 @@ load_balancers = {
}
}
"private" = {
- name = "private-lb"
+ name = "private-lb"
+ vnet_key = "transit"
frontend_ips = {
"ha-ports" = {
name = "private-vmseries"
- vnet_key = "transit"
subnet_key = "private"
private_ip_address = "10.0.0.30"
in_rules = {
@@ -173,10 +173,10 @@ load_balancers = {
# --- APPLICATION GATEWAYs --- #
appgws = {
public = {
- name = "appgw"
+ name = "appgw"
+ vnet_key = "transit"
+ subnet_key = "appgw"
application_gateway = {
- vnet_key = "transit"
- subnet_key = "appgw"
public_ip = {
name = "appgw-pip"
}
@@ -235,13 +235,13 @@ scale_sets = {
disable_password_authentication = false
}
virtual_machine_scale_set = {
- vnet_key = "transit"
bootstrap_options = "type=dhcp-client"
zones = ["1", "2", "3"]
}
autoscaling_configuration = {
default_count = 1
}
+ vnet_key = "transit"
interfaces = [
{
name = "management"
diff --git a/examples/common_vmseries_and_autoscale/main.tf b/examples/common_vmseries_and_autoscale/main.tf
index d3ac4ebd..4816367f 100644
--- a/examples/common_vmseries_and_autoscale/main.tf
+++ b/examples/common_vmseries_and_autoscale/main.tf
@@ -79,7 +79,7 @@ module "natgw" {
natgw = each.value.natgw
- subnet_ids = { for v in each.value.subnet_keys : v => module.vnet[each.value.natgw.vnet_key].subnet_ids[v] }
+ subnet_ids = { for v in each.value.subnet_keys : v => module.vnet[each.value.vnet_key].subnet_ids[v] }
public_ip = try(merge(each.value.public_ip, { name = "${each.value.public_ip.create ? var.name_prefix : ""}${each.value.public_ip.name}" }), null)
public_ip_prefix = try(merge(each.value.public_ip_prefix, { name = "${each.value.public_ip_prefix.create ? var.name_prefix : ""}${each.value.public_ip_prefix.name}" }), null)
@@ -123,7 +123,7 @@ module "load_balancer" {
v,
{
public_ip_name = v.create_public_ip ? "${var.name_prefix}${v.public_ip_name}" : "${v.public_ip_name}",
- subnet_id = try(module.vnet[v.vnet_key].subnet_ids[v.subnet_key], null)
+ subnet_id = try(module.vnet[each.value.vnet_key].subnet_ids[v.subnet_key], null)
}
)
}
@@ -166,10 +166,11 @@ module "appgw" {
resource_group_name = local.resource_group.name
location = var.location
+ subnet_id = module.vnet[each.value.vnet_key].subnet_ids[each.value.subnet_key]
+
application_gateway = merge(
each.value.application_gateway,
{
- subnet_id = module.vnet[each.value.application_gateway.vnet_key].subnet_ids[each.value.application_gateway.subnet_key]
public_ip = merge(
each.value.application_gateway.public_ip,
{ name = "${each.value.application_gateway.public_ip.create ? var.name_prefix : ""}${each.value.application_gateway.public_ip.name}" }
@@ -206,7 +207,7 @@ module "vmss" {
interfaces = [
for v in each.value.interfaces : {
name = v.name
- subnet_id = module.vnet[each.value.virtual_machine_scale_set.vnet_key].subnet_ids[v.subnet_key]
+ subnet_id = module.vnet[each.value.vnet_key].subnet_ids[v.subnet_key]
create_public_ip = v.create_public_ip
pip_domain_name_label = v.pip_domain_name_label
lb_backend_pool_ids = try([module.load_balancer[v.load_balancer_key].backend_pool_id], [])
diff --git a/examples/common_vmseries_and_autoscale/variables.tf b/examples/common_vmseries_and_autoscale/variables.tf
index 8f997836..9c8694ee 100644
--- a/examples/common_vmseries_and_autoscale/variables.tf
+++ b/examples/common_vmseries_and_autoscale/variables.tf
@@ -132,8 +132,8 @@ variable "natgws" {
- `natgw` - (`map`, required) a map defining basic NAT Gateway configuration. For details on available options
please refer to [module documentation](../../modules/natgw/README.md#natgw). One property that's worth
mentioning is:
- - `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this NAT Gateway
- will be assigned to.
+ - `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this
+ NAT Gateway will be assigned to.
- `subnet_keys` - (`list(string)`, required) a list of subnets (key values) the NAT Gateway will be assigned to, defined
in `var.vnets` for a VNET described by `vnet_name`.
- `public_ip` - (`object`, optional) an object defining a public IP resource attached to the NAT Gateway.
@@ -159,11 +159,11 @@ variable "natgws" {
name = string
resource_group_name = optional(string)
natgw = object({
- vnet_key = string
create = optional(bool, true)
zone = optional(string)
idle_timeout = optional(number)
})
+ vnet_key = string
subnet_keys = list(string)
public_ip = optional(object({
create = bool
@@ -208,17 +208,17 @@ variable "load_balancers" {
in the `var.vnets` map
- `nsg_vnet_key` - (`string`, optional, mutually exclusive with `nsg_name`) a key pointing to a VNET definition
in the `var.vnets` map that stores the NSG described by `nsg_key`
+- `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets`
+ map that stores the Subnet described by `subnet_key`.
- `frontend_ips` - (`map`, optional, defaults to `{}`) a map containing frontend IP configuration with respective
`in_rules` and `out_rules`
Please refer to [module documentation](../../modules/loadbalancer/README.md#frontend_ips) for available properties.
**Note!** \
- In this example the `subnet_id` is not available directly, three other properties were introduced instead.
+ In this example the `subnet_id` is not available directly, three other property was introduced instead:
- - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map
- - `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets` map
- that stores the Subnet described by `subnet_key`
+ - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map.
EOF
default = {}
nullable = false
@@ -244,12 +244,12 @@ variable "load_balancers" {
source_ips = list(string)
base_priority = optional(number)
}))
+ vnet_key = optional(string)
frontend_ips = optional(map(object({
name = string
public_ip_name = optional(string)
create_public_ip = optional(bool, false)
public_ip_resource_group_name = optional(string)
- vnet_key = optional(string)
subnet_key = optional(string)
private_ip_address = optional(string)
gwlb_key = optional(string)
@@ -348,8 +348,6 @@ variable "scale_sets" {
Below we present only the most important ones, for the rest please refer to
[module's documentation](../../modules/vmss/README.md#virtual_machine_scale_set):
- - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets
- used to deploy network interfaces for VMs in this Scale Set
- `size` - (`string`, optional, defaults to module defaults) Azure VM size (type). Consult the *VM-Series
Deployment Guide* as only a few selected sizes are supported
- `zones` - (`list`, optional, defaults to module defaults) a list of Availability Zones in which VMs from
@@ -370,6 +368,8 @@ variable "scale_sets" {
the scale set when the autoscaling engine cannot read the metrics or is otherwise unable to compare
the metrics to the thresholds
+ - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets
+ used to deploy network interfaces for VMs in this Scale Set
- `interfaces` - (`list`, required) configuration of all network interfaces, order does matter - the 1st
interface should be the management one. Following properties are available:
- `name` - (`string`, required) name of the network interface (will be prefixed with `var.name_prefix`)
@@ -409,7 +409,6 @@ variable "scale_sets" {
custom_id = optional(string)
})
virtual_machine_scale_set = optional(object({
- vnet_key = string
size = optional(string)
bootstrap_options = optional(string)
zones = optional(list(string))
@@ -432,6 +431,7 @@ variable "scale_sets" {
notification_emails = optional(list(string), [])
webhooks_uris = optional(map(string), {})
}), {})
+ vnet_key = string
interfaces = list(object({
name = string
subnet_key = string
@@ -494,43 +494,43 @@ variable "appgws" {
Below you can find a brief list of available properties:
- - `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+ - `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+- `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
+ Application Gateway V2 dedicated subnet.
+ - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
+ described by `subnet_key`.
- `application_gateway` - (`map`, required) defines the basic Application Gateway settings, for details see
[module's documentation](../../modules/appgw/README.md#application_gateway). The most important
properties are:
- - `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
- Application Gateway V2 dedicated subnet.
- - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
- described by `subnet_key`.
- - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
+ - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
Public IP will have it's name prefixes with `var.name_prefix`
- `zones` - (`list`, optional, defaults to module defaults) parameter controlling if this is a zonal, or a non-zonal
deployment
- `backend_pool` - (`map`, optional, defaults to module defaults) backend pool definition, when skipped, an empty backend
will be created
- - `listeners` - (`map`, required) defines Application Gateway's Listeners, see
+ - `listeners` - (`map`, required) defines Application Gateway's Listeners, see
[module's documentation](../../modules/appgw/README.md#listeners) for details
- - `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend settings,
- see [module's documentation](../../modules/appgw/README.md#backends) for details
- - `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
+ - `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend
+ settings, see [module's documentation](../../modules/appgw/README.md#backends) for details
+ - `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
see [module's documentation](../../modules/appgw/README.md#probes) for details
- - `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
+ - `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
see [module's documentation](../../modules/appgw/README.md#rewrites) for details
- - `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
+ - `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
see [module's documentation](../../modules/appgw/README.md#redirects) for details
- - `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
+ - `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
see [module's documentation](../../modules/appgw/README.md#url_path_maps) for details
- - `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either `backend`,
- `redirect` or `url_path_map`, see [module's documentation](../../modules/appgw/README.md#rules)
- for details
+ - `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either
+ `backend`, `redirect` or `url_path_map`, see
+ [module's documentation](../../modules/appgw/README.md#rules) for details
EOF
default = {}
nullable = false
type = map(object({
- name = string
+ name = string
+ vnet_key = string
+ subnet_key = string
application_gateway = object({
- vnet_key = string
- subnet_key = string
public_ip = object({
name = string
resource_group_name = optional(string)
diff --git a/examples/dedicated_vmseries/example.tfvars b/examples/dedicated_vmseries/example.tfvars
index 95819a83..e522960b 100644
--- a/examples/dedicated_vmseries/example.tfvars
+++ b/examples/dedicated_vmseries/example.tfvars
@@ -135,11 +135,11 @@ load_balancers = {
}
}
"private" = {
- name = "private-lb"
+ name = "private-lb"
+ vnet_key = "transit"
frontend_ips = {
"ha-ports" = {
name = "private-vmseries"
- vnet_key = "transit"
subnet_key = "private"
private_ip_address = "10.0.0.30"
in_rules = {
@@ -177,9 +177,8 @@ vmseries = {
version = "10.2.3"
}
virtual_machine = {
- vnet_key = "transit"
- size = "Standard_DS3_v2"
- zone = 1
+ size = "Standard_DS3_v2"
+ zone = 1
bootstrap_package = {
bootstrap_storage_key = "bootstrap"
static_files = { "files/init-cfg.txt" = "config/init-cfg.txt" }
@@ -188,6 +187,7 @@ vmseries = {
public_snet_key = "public"
}
}
+ vnet_key = "transit"
interfaces = [
{
name = "vm-in-01-mgmt"
@@ -212,9 +212,8 @@ vmseries = {
version = "10.2.3"
}
virtual_machine = {
- vnet_key = "transit"
- size = "Standard_DS3_v2"
- zone = 2
+ size = "Standard_DS3_v2"
+ zone = 2
bootstrap_package = {
bootstrap_storage_key = "bootstrap"
static_files = { "files/init-cfg.txt" = "config/init-cfg.txt" }
@@ -223,6 +222,7 @@ vmseries = {
public_snet_key = "public"
}
}
+ vnet_key = "transit"
interfaces = [
{
name = "vm-in-02-mgmt"
@@ -246,9 +246,8 @@ vmseries = {
version = "10.2.3"
}
virtual_machine = {
- vnet_key = "transit"
- size = "Standard_DS3_v2"
- zone = 1
+ size = "Standard_DS3_v2"
+ zone = 1
bootstrap_package = {
bootstrap_storage_key = "bootstrap"
static_files = { "files/init-cfg.txt" = "config/init-cfg.txt" }
@@ -257,6 +256,7 @@ vmseries = {
public_snet_key = "public"
}
}
+ vnet_key = "transit"
interfaces = [
{
name = "vm-obew-01-mgmt"
@@ -281,9 +281,8 @@ vmseries = {
version = "10.2.3"
}
virtual_machine = {
- vnet_key = "transit"
- size = "Standard_DS3_v2"
- zone = 2
+ size = "Standard_DS3_v2"
+ zone = 2
bootstrap_package = {
bootstrap_storage_key = "bootstrap"
static_files = { "files/init-cfg.txt" = "config/init-cfg.txt" }
@@ -292,6 +291,7 @@ vmseries = {
public_snet_key = "public"
}
}
+ vnet_key = "transit"
interfaces = [
{
name = "vm-obew-02-mgmt"
diff --git a/examples/dedicated_vmseries/main.tf b/examples/dedicated_vmseries/main.tf
index cfc670b5..84ca8b6e 100644
--- a/examples/dedicated_vmseries/main.tf
+++ b/examples/dedicated_vmseries/main.tf
@@ -79,7 +79,7 @@ module "natgw" {
natgw = each.value.natgw
- subnet_ids = { for v in each.value.subnet_keys : v => module.vnet[each.value.natgw.vnet_key].subnet_ids[v] }
+ subnet_ids = { for v in each.value.subnet_keys : v => module.vnet[each.value.vnet_key].subnet_ids[v] }
public_ip = try(merge(each.value.public_ip, { name = "${each.value.public_ip.create ? var.name_prefix : ""}${each.value.public_ip.name}" }), null)
public_ip_prefix = try(merge(each.value.public_ip_prefix, { name = "${each.value.public_ip_prefix.create ? var.name_prefix : ""}${each.value.public_ip_prefix.name}" }), null)
@@ -124,7 +124,7 @@ module "load_balancer" {
v,
{
public_ip_name = v.create_public_ip ? "${var.name_prefix}${v.public_ip_name}" : "${v.public_ip_name}",
- subnet_id = try(module.vnet[v.vnet_key].subnet_ids[v.subnet_key], null)
+ subnet_id = try(module.vnet[each.value.vnet_key].subnet_ids[v.subnet_key], null)
}
)
}
@@ -160,7 +160,7 @@ module "ngfw_metrics" {
resource "local_file" "bootstrap_xml" {
for_each = {
for k, v in var.vmseries :
- k => v.virtual_machine
+ k => merge(v.virtual_machine, { vnet_key = v.vnet_key })
if try(v.virtual_machine.bootstrap_package.bootstrap_xml_template != null, false)
}
@@ -295,7 +295,7 @@ module "vmseries" {
interfaces = [for v in each.value.interfaces : {
name = "${var.name_prefix}${v.name}"
- subnet_id = module.vnet[each.value.virtual_machine.vnet_key].subnet_ids[v.subnet_key]
+ subnet_id = module.vnet[each.value.vnet_key].subnet_ids[v.subnet_key]
create_public_ip = v.create_public_ip
public_ip_name = v.create_public_ip ? "${var.name_prefix}${coalesce(v.public_ip_name, "${v.name}-pip")}" : v.public_ip_name
public_ip_resource_group_name = v.public_ip_resource_group_name
@@ -339,10 +339,11 @@ module "appgw" {
resource_group_name = local.resource_group.name
location = var.location
+ subnet_id = module.vnet[each.value.vnet_key].subnet_ids[each.value.subnet_key]
+
application_gateway = merge(
each.value.application_gateway,
{
- subnet_id = module.vnet[each.value.application_gateway.vnet_key].subnet_ids[each.value.application_gateway.subnet_key]
public_ip = merge(
each.value.application_gateway.public_ip,
{ name = "${each.value.application_gateway.public_ip.create ? var.name_prefix : ""}${each.value.application_gateway.public_ip.name}" }
diff --git a/examples/dedicated_vmseries/variables.tf b/examples/dedicated_vmseries/variables.tf
index 4505680a..fb3eb00a 100644
--- a/examples/dedicated_vmseries/variables.tf
+++ b/examples/dedicated_vmseries/variables.tf
@@ -132,8 +132,8 @@ variable "natgws" {
- `natgw` - (`map`, required) a map defining basic NAT Gateway configuration. For details on available options
please refer to [module documentation](../../modules/natgw/README.md#natgw). One property that's worth
mentioning is:
- - `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this NAT Gateway
- will be assigned to.
+ - `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this
+ NAT Gateway will be assigned to.
- `subnet_keys` - (`list(string)`, required) a list of subnets (key values) the NAT Gateway will be assigned to, defined
in `var.vnets` for a VNET described by `vnet_name`.
- `public_ip` - (`object`, optional) an object defining a public IP resource attached to the NAT Gateway.
@@ -159,11 +159,11 @@ variable "natgws" {
name = string
resource_group_name = optional(string)
natgw = object({
- vnet_key = string
create = optional(bool, true)
zone = optional(string)
idle_timeout = optional(number)
})
+ vnet_key = string
subnet_keys = list(string)
public_ip = optional(object({
create = bool
@@ -208,17 +208,17 @@ variable "load_balancers" {
in the `var.vnets` map
- `nsg_vnet_key` - (`string`, optional, mutually exclusive with `nsg_name`) a key pointing to a VNET definition
in the `var.vnets` map that stores the NSG described by `nsg_key`
+ - `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets`
+ map that stores the Subnet described by `subnet_key`.
- `frontend_ips` - (`map`, optional, defaults to `{}`) a map containing frontend IP configuration with respective
`in_rules` and `out_rules`
Please refer to [module documentation](../../modules/loadbalancer/README.md#frontend_ips) for available properties.
**Note!** \
- In this example the `subnet_id` is not available directly, three other properties were introduced instead.
+ In this example the `subnet_id` is not available directly, three other property was introduced instead:
- - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map
- - `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets` map
- that stores the Subnet described by `subnet_key`
+ - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map.
EOF
default = {}
nullable = false
@@ -244,12 +244,12 @@ variable "load_balancers" {
source_ips = list(string)
base_priority = optional(number)
}))
+ vnet_key = optional(string)
frontend_ips = optional(map(object({
name = string
public_ip_name = optional(string)
create_public_ip = optional(bool, false)
public_ip_resource_group_name = optional(string)
- vnet_key = optional(string)
subnet_key = optional(string)
private_ip_address = optional(string)
gwlb_key = optional(string)
@@ -444,8 +444,6 @@ variable "vmseries" {
The most often used option are as follows:
- - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets used to
- deploy network interfaces for deployed VM.
- `size` - (`string`, optional, defaults to module defaults) Azure VM size (type). Consult the *VM-Series Deployment
Guide* as only a few selected sizes are supported.
- `zone` - (`string`, optional, defaults to module defaults) the Availability Zone in which the VM and (if deployed)
@@ -507,6 +505,9 @@ variable "vmseries" {
For details on the other properties refer to [module's documentation](../../modules/panorama/README.md#virtual_machine).
+ - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets used to
+ deploy network interfaces for deployed VM.
+
- `interfaces` - (`list`, required) configuration of all network interfaces
**Note!** \
@@ -547,7 +548,6 @@ variable "vmseries" {
custom_id = optional(string)
})
virtual_machine = object({
- vnet_key = string
size = optional(string)
bootstrap_options = optional(string)
bootstrap_package = optional(object({
@@ -573,6 +573,7 @@ variable "vmseries" {
identity_ids = optional(list(string))
allow_extension_operations = optional(bool)
})
+ vnet_key = string
interfaces = list(object({
name = string
subnet_key = string
@@ -616,43 +617,43 @@ variable "appgws" {
Below you can find a brief list of available properties:
- - `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+ - `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+ - `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
+ Application Gateway V2 dedicated subnet.
+ - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
+ described by `subnet_key`.
- `application_gateway` - (`map`, required) defines the basic Application Gateway settings, for details see
[module's documentation](../../modules/appgw/README.md#application_gateway). The most important
properties are:
- - `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
- Application Gateway V2 dedicated subnet.
- - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
- described by `subnet_key`.
- - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
+ - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
Public IP will have it's name prefixes with `var.name_prefix`
- `zones` - (`list`, optional, defaults to module defaults) parameter controlling if this is a zonal, or a non-zonal
deployment
- `backend_pool` - (`map`, optional, defaults to module defaults) backend pool definition, when skipped, an empty backend
will be created
- - `listeners` - (`map`, required) defines Application Gateway's Listeners, see
+ - `listeners` - (`map`, required) defines Application Gateway's Listeners, see
[module's documentation](../../modules/appgw/README.md#listeners) for details
- - `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend settings,
- see [module's documentation](../../modules/appgw/README.md#backends) for details
- - `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
+ - `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend
+ settings, see [module's documentation](../../modules/appgw/README.md#backends) for details
+ - `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
see [module's documentation](../../modules/appgw/README.md#probes) for details
- - `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
+ - `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
see [module's documentation](../../modules/appgw/README.md#rewrites) for details
- - `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
+ - `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
see [module's documentation](../../modules/appgw/README.md#redirects) for details
- - `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
+ - `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
see [module's documentation](../../modules/appgw/README.md#url_path_maps) for details
- - `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either `backend`,
- `redirect` or `url_path_map`, see [module's documentation](../../modules/appgw/README.md#rules)
- for details
+ - `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either
+ `backend`, `redirect` or `url_path_map`, see
+ [module's documentation](../../modules/appgw/README.md#rules) for details
EOF
default = {}
nullable = false
type = map(object({
- name = string
+ name = string
+ vnet_key = string
+ subnet_key = string
application_gateway = object({
- vnet_key = string
- subnet_key = string
public_ip = object({
name = string
resource_group_name = optional(string)
diff --git a/examples/dedicated_vmseries_and_autoscale/example.tfvars b/examples/dedicated_vmseries_and_autoscale/example.tfvars
index 85fbf0a2..d01a505c 100644
--- a/examples/dedicated_vmseries_and_autoscale/example.tfvars
+++ b/examples/dedicated_vmseries_and_autoscale/example.tfvars
@@ -111,9 +111,9 @@ vnets = {
natgws = {
"natgw" = {
- name = "public-natgw"
+ name = "public-natgw"
+ vnet_key = "transit"
natgw = {
- vnet_key = "transit"
}
subnet_keys = ["public", "management"]
public_ip_prefix = {
@@ -158,10 +158,10 @@ load_balancers = {
load_balancer = {
zones = null
}
+ vnet_key = "transit"
frontend_ips = {
"ha-ports" = {
name = "private-vmseries"
- vnet_key = "transit"
subnet_key = "private"
private_ip_address = "10.0.0.30"
in_rules = {
@@ -191,13 +191,13 @@ scale_sets = {
disable_password_authentication = false
}
virtual_machine_scale_set = {
- vnet_key = "transit"
bootstrap_options = "type=dhcp-client"
zones = null
}
autoscaling_configuration = {
default_count = 2
}
+ vnet_key = "transit"
interfaces = [
{
name = "management"
@@ -223,13 +223,13 @@ scale_sets = {
disable_password_authentication = false
}
virtual_machine_scale_set = {
- vnet_key = "transit"
bootstrap_options = "type=dhcp-client"
zones = null
}
autoscaling_configuration = {
default_count = 2
}
+ vnet_key = "transit"
interfaces = [
{
name = "management"
diff --git a/examples/dedicated_vmseries_and_autoscale/main.tf b/examples/dedicated_vmseries_and_autoscale/main.tf
index d3ac4ebd..4816367f 100644
--- a/examples/dedicated_vmseries_and_autoscale/main.tf
+++ b/examples/dedicated_vmseries_and_autoscale/main.tf
@@ -79,7 +79,7 @@ module "natgw" {
natgw = each.value.natgw
- subnet_ids = { for v in each.value.subnet_keys : v => module.vnet[each.value.natgw.vnet_key].subnet_ids[v] }
+ subnet_ids = { for v in each.value.subnet_keys : v => module.vnet[each.value.vnet_key].subnet_ids[v] }
public_ip = try(merge(each.value.public_ip, { name = "${each.value.public_ip.create ? var.name_prefix : ""}${each.value.public_ip.name}" }), null)
public_ip_prefix = try(merge(each.value.public_ip_prefix, { name = "${each.value.public_ip_prefix.create ? var.name_prefix : ""}${each.value.public_ip_prefix.name}" }), null)
@@ -123,7 +123,7 @@ module "load_balancer" {
v,
{
public_ip_name = v.create_public_ip ? "${var.name_prefix}${v.public_ip_name}" : "${v.public_ip_name}",
- subnet_id = try(module.vnet[v.vnet_key].subnet_ids[v.subnet_key], null)
+ subnet_id = try(module.vnet[each.value.vnet_key].subnet_ids[v.subnet_key], null)
}
)
}
@@ -166,10 +166,11 @@ module "appgw" {
resource_group_name = local.resource_group.name
location = var.location
+ subnet_id = module.vnet[each.value.vnet_key].subnet_ids[each.value.subnet_key]
+
application_gateway = merge(
each.value.application_gateway,
{
- subnet_id = module.vnet[each.value.application_gateway.vnet_key].subnet_ids[each.value.application_gateway.subnet_key]
public_ip = merge(
each.value.application_gateway.public_ip,
{ name = "${each.value.application_gateway.public_ip.create ? var.name_prefix : ""}${each.value.application_gateway.public_ip.name}" }
@@ -206,7 +207,7 @@ module "vmss" {
interfaces = [
for v in each.value.interfaces : {
name = v.name
- subnet_id = module.vnet[each.value.virtual_machine_scale_set.vnet_key].subnet_ids[v.subnet_key]
+ subnet_id = module.vnet[each.value.vnet_key].subnet_ids[v.subnet_key]
create_public_ip = v.create_public_ip
pip_domain_name_label = v.pip_domain_name_label
lb_backend_pool_ids = try([module.load_balancer[v.load_balancer_key].backend_pool_id], [])
diff --git a/examples/dedicated_vmseries_and_autoscale/variables.tf b/examples/dedicated_vmseries_and_autoscale/variables.tf
index 8f997836..9c8694ee 100644
--- a/examples/dedicated_vmseries_and_autoscale/variables.tf
+++ b/examples/dedicated_vmseries_and_autoscale/variables.tf
@@ -132,8 +132,8 @@ variable "natgws" {
- `natgw` - (`map`, required) a map defining basic NAT Gateway configuration. For details on available options
please refer to [module documentation](../../modules/natgw/README.md#natgw). One property that's worth
mentioning is:
- - `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this NAT Gateway
- will be assigned to.
+ - `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this
+ NAT Gateway will be assigned to.
- `subnet_keys` - (`list(string)`, required) a list of subnets (key values) the NAT Gateway will be assigned to, defined
in `var.vnets` for a VNET described by `vnet_name`.
- `public_ip` - (`object`, optional) an object defining a public IP resource attached to the NAT Gateway.
@@ -159,11 +159,11 @@ variable "natgws" {
name = string
resource_group_name = optional(string)
natgw = object({
- vnet_key = string
create = optional(bool, true)
zone = optional(string)
idle_timeout = optional(number)
})
+ vnet_key = string
subnet_keys = list(string)
public_ip = optional(object({
create = bool
@@ -208,17 +208,17 @@ variable "load_balancers" {
in the `var.vnets` map
- `nsg_vnet_key` - (`string`, optional, mutually exclusive with `nsg_name`) a key pointing to a VNET definition
in the `var.vnets` map that stores the NSG described by `nsg_key`
+- `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets`
+ map that stores the Subnet described by `subnet_key`.
- `frontend_ips` - (`map`, optional, defaults to `{}`) a map containing frontend IP configuration with respective
`in_rules` and `out_rules`
Please refer to [module documentation](../../modules/loadbalancer/README.md#frontend_ips) for available properties.
**Note!** \
- In this example the `subnet_id` is not available directly, three other properties were introduced instead.
+ In this example the `subnet_id` is not available directly, three other property was introduced instead:
- - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map
- - `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets` map
- that stores the Subnet described by `subnet_key`
+ - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map.
EOF
default = {}
nullable = false
@@ -244,12 +244,12 @@ variable "load_balancers" {
source_ips = list(string)
base_priority = optional(number)
}))
+ vnet_key = optional(string)
frontend_ips = optional(map(object({
name = string
public_ip_name = optional(string)
create_public_ip = optional(bool, false)
public_ip_resource_group_name = optional(string)
- vnet_key = optional(string)
subnet_key = optional(string)
private_ip_address = optional(string)
gwlb_key = optional(string)
@@ -348,8 +348,6 @@ variable "scale_sets" {
Below we present only the most important ones, for the rest please refer to
[module's documentation](../../modules/vmss/README.md#virtual_machine_scale_set):
- - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets
- used to deploy network interfaces for VMs in this Scale Set
- `size` - (`string`, optional, defaults to module defaults) Azure VM size (type). Consult the *VM-Series
Deployment Guide* as only a few selected sizes are supported
- `zones` - (`list`, optional, defaults to module defaults) a list of Availability Zones in which VMs from
@@ -370,6 +368,8 @@ variable "scale_sets" {
the scale set when the autoscaling engine cannot read the metrics or is otherwise unable to compare
the metrics to the thresholds
+ - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets
+ used to deploy network interfaces for VMs in this Scale Set
- `interfaces` - (`list`, required) configuration of all network interfaces, order does matter - the 1st
interface should be the management one. Following properties are available:
- `name` - (`string`, required) name of the network interface (will be prefixed with `var.name_prefix`)
@@ -409,7 +409,6 @@ variable "scale_sets" {
custom_id = optional(string)
})
virtual_machine_scale_set = optional(object({
- vnet_key = string
size = optional(string)
bootstrap_options = optional(string)
zones = optional(list(string))
@@ -432,6 +431,7 @@ variable "scale_sets" {
notification_emails = optional(list(string), [])
webhooks_uris = optional(map(string), {})
}), {})
+ vnet_key = string
interfaces = list(object({
name = string
subnet_key = string
@@ -494,43 +494,43 @@ variable "appgws" {
Below you can find a brief list of available properties:
- - `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+ - `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+- `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
+ Application Gateway V2 dedicated subnet.
+ - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
+ described by `subnet_key`.
- `application_gateway` - (`map`, required) defines the basic Application Gateway settings, for details see
[module's documentation](../../modules/appgw/README.md#application_gateway). The most important
properties are:
- - `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
- Application Gateway V2 dedicated subnet.
- - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
- described by `subnet_key`.
- - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
+ - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
Public IP will have it's name prefixes with `var.name_prefix`
- `zones` - (`list`, optional, defaults to module defaults) parameter controlling if this is a zonal, or a non-zonal
deployment
- `backend_pool` - (`map`, optional, defaults to module defaults) backend pool definition, when skipped, an empty backend
will be created
- - `listeners` - (`map`, required) defines Application Gateway's Listeners, see
+ - `listeners` - (`map`, required) defines Application Gateway's Listeners, see
[module's documentation](../../modules/appgw/README.md#listeners) for details
- - `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend settings,
- see [module's documentation](../../modules/appgw/README.md#backends) for details
- - `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
+ - `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend
+ settings, see [module's documentation](../../modules/appgw/README.md#backends) for details
+ - `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
see [module's documentation](../../modules/appgw/README.md#probes) for details
- - `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
+ - `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
see [module's documentation](../../modules/appgw/README.md#rewrites) for details
- - `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
+ - `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
see [module's documentation](../../modules/appgw/README.md#redirects) for details
- - `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
+ - `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
see [module's documentation](../../modules/appgw/README.md#url_path_maps) for details
- - `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either `backend`,
- `redirect` or `url_path_map`, see [module's documentation](../../modules/appgw/README.md#rules)
- for details
+ - `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either
+ `backend`, `redirect` or `url_path_map`, see
+ [module's documentation](../../modules/appgw/README.md#rules) for details
EOF
default = {}
nullable = false
type = map(object({
- name = string
+ name = string
+ vnet_key = string
+ subnet_key = string
application_gateway = object({
- vnet_key = string
- subnet_key = string
public_ip = object({
name = string
resource_group_name = optional(string)
diff --git a/examples/standalone_panorama/README.md b/examples/standalone_panorama/README.md
index 40053354..d629bcf8 100644
--- a/examples/standalone_panorama/README.md
+++ b/examples/standalone_panorama/README.md
@@ -401,8 +401,6 @@ The basic Panorama VM configuration properties are as follows:
Following properties are available:
- - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets used to
- deploy network interfaces for deployed VM.
- `size` - (`string`, optional, defaults to module defaults) Azure VM size (type). Consult the *VM-Series Deployment
Guide* as only a few selected sizes are supported.
- `zone` - (`string`, optional, defaults to module defaults) the Availability Zone in which the VM will be created.
@@ -411,6 +409,8 @@ The basic Panorama VM configuration properties are as follows:
For details on the other properties refer to [module's documentation](../../modules/panorama/README.md#virtual_machine).
+- `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets used to
+ deploy network interfaces for deployed VM.
- `interfaces` - (`list`, required) configuration of all network interfaces, order does matter - the 1st
interface should be the management one.
@@ -453,7 +453,6 @@ map(object({
custom_id = optional(string)
})
virtual_machine = object({
- vnet_key = string
size = optional(string)
zone = string
disk_type = optional(string)
@@ -465,6 +464,7 @@ map(object({
identity_type = optional(string)
identity_ids = optional(list(string))
})
+ vnet_key = string
interfaces = list(object({
name = string
subnet_key = string
diff --git a/examples/standalone_panorama/example.tfvars b/examples/standalone_panorama/example.tfvars
index 2693c794..3d32e6cd 100644
--- a/examples/standalone_panorama/example.tfvars
+++ b/examples/standalone_panorama/example.tfvars
@@ -57,11 +57,11 @@ panoramas = {
version = "10.2.3"
}
virtual_machine = {
- vnet_key = "vnet"
size = "Standard_D5_v2"
zone = null
disk_name = "panorama-os-disk"
}
+ vnet_key = "vnet"
interfaces = [
{
name = "management"
diff --git a/examples/standalone_panorama/main.tf b/examples/standalone_panorama/main.tf
index 9b8992a4..d12684b4 100644
--- a/examples/standalone_panorama/main.tf
+++ b/examples/standalone_panorama/main.tf
@@ -102,7 +102,7 @@ module "panorama" {
interfaces = [for v in each.value.interfaces : {
name = "${var.name_prefix}${v.name}"
- subnet_id = module.vnet[each.value.virtual_machine.vnet_key].subnet_ids[v.subnet_key]
+ subnet_id = module.vnet[each.value.vnet_key].subnet_ids[v.subnet_key]
create_public_ip = v.create_public_ip
public_ip_name = v.create_public_ip ? "${var.name_prefix}${coalesce(v.public_ip_name, "${each.value.name}-pip")}" : v.public_ip_name
public_ip_resource_group_name = v.public_ip_resource_group_name
diff --git a/examples/standalone_panorama/variables.tf b/examples/standalone_panorama/variables.tf
index 571792d0..3e91c4cb 100644
--- a/examples/standalone_panorama/variables.tf
+++ b/examples/standalone_panorama/variables.tf
@@ -173,8 +173,6 @@ variable "panoramas" {
Following properties are available:
- - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets used to
- deploy network interfaces for deployed VM.
- `size` - (`string`, optional, defaults to module defaults) Azure VM size (type). Consult the *VM-Series Deployment
Guide* as only a few selected sizes are supported.
- `zone` - (`string`, optional, defaults to module defaults) the Availability Zone in which the VM will be created.
@@ -183,6 +181,8 @@ variable "panoramas" {
For details on the other properties refer to [module's documentation](../../modules/panorama/README.md#virtual_machine).
+ - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets used to
+ deploy network interfaces for deployed VM.
- `interfaces` - (`list`, required) configuration of all network interfaces, order does matter - the 1st
interface should be the management one.
@@ -223,7 +223,6 @@ variable "panoramas" {
custom_id = optional(string)
})
virtual_machine = object({
- vnet_key = string
size = optional(string)
zone = string
disk_type = optional(string)
@@ -235,6 +234,7 @@ variable "panoramas" {
identity_type = optional(string)
identity_ids = optional(list(string))
})
+ vnet_key = string
interfaces = list(object({
name = string
subnet_key = string
diff --git a/examples/standalone_vmseries/example.tfvars b/examples/standalone_vmseries/example.tfvars
index 2fe69507..972460b8 100644
--- a/examples/standalone_vmseries/example.tfvars
+++ b/examples/standalone_vmseries/example.tfvars
@@ -50,9 +50,9 @@ vmseries = {
}
virtual_machine = {
bootstrap_options = "type=dhcp-client"
- vnet_key = "transit"
zone = null
}
+ vnet_key = "transit"
interfaces = [
{
name = "vm-mgmt"
diff --git a/examples/standalone_vmseries/main.tf b/examples/standalone_vmseries/main.tf
index cfc670b5..688b70f5 100644
--- a/examples/standalone_vmseries/main.tf
+++ b/examples/standalone_vmseries/main.tf
@@ -79,7 +79,7 @@ module "natgw" {
natgw = each.value.natgw
- subnet_ids = { for v in each.value.subnet_keys : v => module.vnet[each.value.natgw.vnet_key].subnet_ids[v] }
+ subnet_ids = { for v in each.value.subnet_keys : v => module.vnet[each.value.vnet_key].subnet_ids[v] }
public_ip = try(merge(each.value.public_ip, { name = "${each.value.public_ip.create ? var.name_prefix : ""}${each.value.public_ip.name}" }), null)
public_ip_prefix = try(merge(each.value.public_ip_prefix, { name = "${each.value.public_ip_prefix.create ? var.name_prefix : ""}${each.value.public_ip_prefix.name}" }), null)
@@ -124,7 +124,7 @@ module "load_balancer" {
v,
{
public_ip_name = v.create_public_ip ? "${var.name_prefix}${v.public_ip_name}" : "${v.public_ip_name}",
- subnet_id = try(module.vnet[v.vnet_key].subnet_ids[v.subnet_key], null)
+ subnet_id = try(module.vnet[each.value.vnet_key].subnet_ids[v.subnet_key], null)
}
)
}
@@ -295,7 +295,7 @@ module "vmseries" {
interfaces = [for v in each.value.interfaces : {
name = "${var.name_prefix}${v.name}"
- subnet_id = module.vnet[each.value.virtual_machine.vnet_key].subnet_ids[v.subnet_key]
+ subnet_id = module.vnet[each.value.vnet_key].subnet_ids[v.subnet_key]
create_public_ip = v.create_public_ip
public_ip_name = v.create_public_ip ? "${var.name_prefix}${coalesce(v.public_ip_name, "${v.name}-pip")}" : v.public_ip_name
public_ip_resource_group_name = v.public_ip_resource_group_name
@@ -339,10 +339,11 @@ module "appgw" {
resource_group_name = local.resource_group.name
location = var.location
+ subnet_id = module.vnet[each.value.vnet_key].subnet_ids[each.value.subnet_key]
+
application_gateway = merge(
each.value.application_gateway,
{
- subnet_id = module.vnet[each.value.application_gateway.vnet_key].subnet_ids[each.value.application_gateway.subnet_key]
public_ip = merge(
each.value.application_gateway.public_ip,
{ name = "${each.value.application_gateway.public_ip.create ? var.name_prefix : ""}${each.value.application_gateway.public_ip.name}" }
diff --git a/examples/standalone_vmseries/variables.tf b/examples/standalone_vmseries/variables.tf
index 4505680a..fb3eb00a 100644
--- a/examples/standalone_vmseries/variables.tf
+++ b/examples/standalone_vmseries/variables.tf
@@ -132,8 +132,8 @@ variable "natgws" {
- `natgw` - (`map`, required) a map defining basic NAT Gateway configuration. For details on available options
please refer to [module documentation](../../modules/natgw/README.md#natgw). One property that's worth
mentioning is:
- - `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this NAT Gateway
- will be assigned to.
+ - `vnet_key` - (`string`, required) a name (key value) of a VNET defined in `var.vnets` that hosts a subnet this
+ NAT Gateway will be assigned to.
- `subnet_keys` - (`list(string)`, required) a list of subnets (key values) the NAT Gateway will be assigned to, defined
in `var.vnets` for a VNET described by `vnet_name`.
- `public_ip` - (`object`, optional) an object defining a public IP resource attached to the NAT Gateway.
@@ -159,11 +159,11 @@ variable "natgws" {
name = string
resource_group_name = optional(string)
natgw = object({
- vnet_key = string
create = optional(bool, true)
zone = optional(string)
idle_timeout = optional(number)
})
+ vnet_key = string
subnet_keys = list(string)
public_ip = optional(object({
create = bool
@@ -208,17 +208,17 @@ variable "load_balancers" {
in the `var.vnets` map
- `nsg_vnet_key` - (`string`, optional, mutually exclusive with `nsg_name`) a key pointing to a VNET definition
in the `var.vnets` map that stores the NSG described by `nsg_key`
+ - `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets`
+ map that stores the Subnet described by `subnet_key`.
- `frontend_ips` - (`map`, optional, defaults to `{}`) a map containing frontend IP configuration with respective
`in_rules` and `out_rules`
Please refer to [module documentation](../../modules/loadbalancer/README.md#frontend_ips) for available properties.
**Note!** \
- In this example the `subnet_id` is not available directly, three other properties were introduced instead.
+ In this example the `subnet_id` is not available directly, three other property was introduced instead:
- - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map
- - `vnet_key` - (`string`, optional, defaults to `null`) a key pointing to a VNET definition in the `var.vnets` map
- that stores the Subnet described by `subnet_key`
+ - `subnet_key` - (`string`, optional, defaults to `null`) a key pointing to a Subnet definition in the `var.vnets` map.
EOF
default = {}
nullable = false
@@ -244,12 +244,12 @@ variable "load_balancers" {
source_ips = list(string)
base_priority = optional(number)
}))
+ vnet_key = optional(string)
frontend_ips = optional(map(object({
name = string
public_ip_name = optional(string)
create_public_ip = optional(bool, false)
public_ip_resource_group_name = optional(string)
- vnet_key = optional(string)
subnet_key = optional(string)
private_ip_address = optional(string)
gwlb_key = optional(string)
@@ -444,8 +444,6 @@ variable "vmseries" {
The most often used option are as follows:
- - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets used to
- deploy network interfaces for deployed VM.
- `size` - (`string`, optional, defaults to module defaults) Azure VM size (type). Consult the *VM-Series Deployment
Guide* as only a few selected sizes are supported.
- `zone` - (`string`, optional, defaults to module defaults) the Availability Zone in which the VM and (if deployed)
@@ -507,6 +505,9 @@ variable "vmseries" {
For details on the other properties refer to [module's documentation](../../modules/panorama/README.md#virtual_machine).
+ - `vnet_key` - (`string`, required) a key of a VNET defined in `var.vnets`. This is the VNET that hosts subnets used to
+ deploy network interfaces for deployed VM.
+
- `interfaces` - (`list`, required) configuration of all network interfaces
**Note!** \
@@ -547,7 +548,6 @@ variable "vmseries" {
custom_id = optional(string)
})
virtual_machine = object({
- vnet_key = string
size = optional(string)
bootstrap_options = optional(string)
bootstrap_package = optional(object({
@@ -573,6 +573,7 @@ variable "vmseries" {
identity_ids = optional(list(string))
allow_extension_operations = optional(bool)
})
+ vnet_key = string
interfaces = list(object({
name = string
subnet_key = string
@@ -616,43 +617,43 @@ variable "appgws" {
Below you can find a brief list of available properties:
- - `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+ - `name` - (`string`, required) the name of the Application Gateway, will be prefixed with `var.name_prefix`
+ - `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
+ Application Gateway V2 dedicated subnet.
+ - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
+ described by `subnet_key`.
- `application_gateway` - (`map`, required) defines the basic Application Gateway settings, for details see
[module's documentation](../../modules/appgw/README.md#application_gateway). The most important
properties are:
- - `subnet_key` - (`string`, required) a key pointing to a Subnet definition in the `var.vnets` map, this has to be an
- Application Gateway V2 dedicated subnet.
- - `vnet_key` - (`string`, required) a key pointing to a VNET definition in the `var.vnets` map that stores the Subnet
- described by `subnet_key`.
- - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
+ - `public_ip` - (`map`, required) defines a Public IP resource used by the Application Gateway instance, a newly created
Public IP will have it's name prefixes with `var.name_prefix`
- `zones` - (`list`, optional, defaults to module defaults) parameter controlling if this is a zonal, or a non-zonal
deployment
- `backend_pool` - (`map`, optional, defaults to module defaults) backend pool definition, when skipped, an empty backend
will be created
- - `listeners` - (`map`, required) defines Application Gateway's Listeners, see
+ - `listeners` - (`map`, required) defines Application Gateway's Listeners, see
[module's documentation](../../modules/appgw/README.md#listeners) for details
- - `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend settings,
- see [module's documentation](../../modules/appgw/README.md#backends) for details
- - `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
+ - `backends` - (`map`, optional, mutually exclusive with `redirects` and `url_path_maps`) defines HTTP backend
+ settings, see [module's documentation](../../modules/appgw/README.md#backends) for details
+ - `probes` - (`map`, optional, defaults to module defaults) defines backend probes used check health of backends,
see [module's documentation](../../modules/appgw/README.md#probes) for details
- - `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
+ - `rewrites` - (`map`, optional, defaults to module defaults) defines rewrite rules,
see [module's documentation](../../modules/appgw/README.md#rewrites) for details
- - `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
+ - `redirects - (`map`, optional, mutually exclusive with `backends` and `url_path_maps`) static redirects definition,
see [module's documentation](../../modules/appgw/README.md#redirects) for details
- - `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
+ - `url_path_maps - (`map`, optional, mutually exclusive with `backends` and `redirects`) URL path maps definition,
see [module's documentation](../../modules/appgw/README.md#url_path_maps) for details
- - `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either `backend`,
- `redirect` or `url_path_map`, see [module's documentation](../../modules/appgw/README.md#rules)
- for details
+ - `rules - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either
+ `backend`, `redirect` or `url_path_map`, see
+ [module's documentation](../../modules/appgw/README.md#rules) for details
EOF
default = {}
nullable = false
type = map(object({
- name = string
+ name = string
+ vnet_key = string
+ subnet_key = string
application_gateway = object({
- vnet_key = string
- subnet_key = string
public_ip = object({
name = string
resource_group_name = optional(string)
diff --git a/examples/virtual_network_gateway/README.md b/examples/virtual_network_gateway/README.md
index 55695064..c448edb6 100644
--- a/examples/virtual_network_gateway/README.md
+++ b/examples/virtual_network_gateway/README.md
@@ -219,9 +219,9 @@ map(object({
generation = optional(string)
custom_routes = optional(map(list(string)))
})
+ vnet_key = string
+ subnet_key = string
network = object({
- vnet_key = string
- subnet_key = string
public_ip_zones = optional(list(string))
ip_configurations = object({
primary = object({
diff --git a/examples/virtual_network_gateway/example.tfvars b/examples/virtual_network_gateway/example.tfvars
index e58e8622..c2b32476 100644
--- a/examples/virtual_network_gateway/example.tfvars
+++ b/examples/virtual_network_gateway/example.tfvars
@@ -46,9 +46,9 @@ virtual_network_gateways = {
generation = "Generation2"
active_active = true
}
+ vnet_key = "transit"
+ subnet_key = "vpn"
network = {
- vnet_key = "transit"
- subnet_key = "vpn"
public_ip_zones = ["1", "2", "3"]
ip_configurations = {
primary = {
diff --git a/examples/virtual_network_gateway/main.tf b/examples/virtual_network_gateway/main.tf
index bfaca714..b5980749 100644
--- a/examples/virtual_network_gateway/main.tf
+++ b/examples/virtual_network_gateway/main.tf
@@ -49,10 +49,9 @@ module "vng" {
location = var.location
resource_group_name = local.resource_group.name
- network = merge(
- each.value.network,
- { subnet_id = module.vnet[each.value.network.vnet_key].subnet_ids[each.value.network.subnet_key] }
- )
+ network = each.value.network
+ subnet_id = module.vnet[each.value.vnet_key].subnet_ids[each.value.subnet_key]
+
virtual_network_gateway = each.value.virtual_network_gateway
azure_bgp_peer_addresses = each.value.azure_bgp_peer_addresses
diff --git a/examples/virtual_network_gateway/variables.tf b/examples/virtual_network_gateway/variables.tf
index af54ca3e..1c136b77 100644
--- a/examples/virtual_network_gateway/variables.tf
+++ b/examples/virtual_network_gateway/variables.tf
@@ -125,9 +125,9 @@ variable "virtual_network_gateways" {
generation = optional(string)
custom_routes = optional(map(list(string)))
})
+ vnet_key = string
+ subnet_key = string
network = object({
- vnet_key = string
- subnet_key = string
public_ip_zones = optional(list(string))
ip_configurations = object({
primary = object({
diff --git a/modules/appgw/README.md b/modules/appgw/README.md
index 0d30b3ce..dd5e0627 100644
--- a/modules/appgw/README.md
+++ b/modules/appgw/README.md
@@ -817,6 +817,7 @@ Name | Type | Description
[`name`](#name) | `string` | The name of the Application Gateway.
[`resource_group_name`](#resource_group_name) | `string` | The name of the Resource Group to use.
[`location`](#location) | `string` | The name of the Azure region to deploy the resources in.
+[`subnet_id`](#subnet_id) | `string` | An ID of a subnet that will host the Application Gateway.
[`application_gateway`](#application_gateway) | `object` | A map defining basic Application Gateway configuration.
[`listeners`](#listeners) | `map` | A map of listeners for the Application Gateway.
[`rules`](#rules) | `map` | A map of rules for the Application Gateway.
@@ -896,14 +897,23 @@ Type: string
[back to list](#modules-required-inputs)
+#### subnet_id
+
+An ID of a subnet that will host the Application Gateway.
+
+This has to be a subnet dedicated to Application Gateway v2.
+
+
+Type: string
+
+[back to list](#modules-required-inputs)
+
#### application_gateway
A map defining basic Application Gateway configuration.
Following properties are either required or important:
-- `subnet_id` - (`string`, required) an ID of a subnet that will host the Application Gateway, this has to
- be a subnet dedicated to Application Gateway v2
- `public_ip` - (`map`, required) a map defining listener's public IP configuration
- `name` - (`string`, required) name of the Public IP resource
- `create` - (`bool`, optional, defaults to `true`) controls if the Public IP resource is created or sourced
@@ -989,7 +999,6 @@ Type:
```hcl
object({
- subnet_id = string
public_ip = object({
name = string
resource_group_name = optional(string)
@@ -1134,6 +1143,7 @@ Default value: `map[]`
[back to list](#modules-optional-inputs)
+
#### ssl_profiles
A map of SSL profiles.
diff --git a/modules/appgw/main.tf b/modules/appgw/main.tf
index 5d9f6293..30685ac7 100644
--- a/modules/appgw/main.tf
+++ b/modules/appgw/main.tf
@@ -83,7 +83,7 @@ resource "azurerm_application_gateway" "this" {
gateway_ip_configuration {
name = "ip_config"
- subnet_id = var.application_gateway.subnet_id
+ subnet_id = var.subnet_id
}
frontend_ip_configuration {
diff --git a/modules/appgw/variables.tf b/modules/appgw/variables.tf
index 47c31430..279fd73a 100644
--- a/modules/appgw/variables.tf
+++ b/modules/appgw/variables.tf
@@ -21,14 +21,21 @@ variable "tags" {
type = map(string)
}
+variable "subnet_id" {
+ description = <<-EOF
+ An ID of a subnet that will host the Application Gateway.
+
+ This has to be a subnet dedicated to Application Gateway v2.
+ EOF
+ type = string
+}
+
variable "application_gateway" {
description = <<-EOF
A map defining basic Application Gateway configuration.
Following properties are either required or important:
- - `subnet_id` - (`string`, required) an ID of a subnet that will host the Application Gateway, this has to
- be a subnet dedicated to Application Gateway v2
- `public_ip` - (`map`, required) a map defining listener's public IP configuration
- `name` - (`string`, required) name of the Public IP resource
- `create` - (`bool`, optional, defaults to `true`) controls if the Public IP resource is created or sourced
@@ -110,7 +117,6 @@ variable "application_gateway" {
EOF
type = object({
- subnet_id = string
public_ip = object({
name = string
resource_group_name = optional(string)
diff --git a/modules/virtual_network_gateway/README.md b/modules/virtual_network_gateway/README.md
index 8f3d1c03..dbae92bb 100644
--- a/modules/virtual_network_gateway/README.md
+++ b/modules/virtual_network_gateway/README.md
@@ -148,6 +148,7 @@ Name | Type | Description
[`resource_group_name`](#resource_group_name) | `string` | The name of the Resource Group to use.
[`location`](#location) | `string` | The name of the Azure region to deploy the resources in.
[`virtual_network_gateway`](#virtual_network_gateway) | `object` | A map containing the basic Virtual Network Gateway configuration.
+[`subnet_id`](#subnet_id) | `string` | An ID of a Subnet in which the Virtual Network Gateway will be created.
[`network`](#network) | `object` | Network configuration of the Virtual Network Gateway.
[`azure_bgp_peer_addresses`](#azure_bgp_peer_addresses) | `map` | Map of IP addresses used on Azure side for BGP.
[`bgp`](#bgp) | `object` | A map controlling the BGP configuration used by this Virtual Network Gateway.
@@ -264,6 +265,17 @@ object({
```
+[back to list](#modules-required-inputs)
+
+#### subnet_id
+
+An ID of a Subnet in which the Virtual Network Gateway will be created.
+
+This has to be a dedicated Subnet names `GatewaySubnet`.
+
+
+Type: string
+
[back to list](#modules-required-inputs)
#### network
@@ -272,8 +284,6 @@ Network configuration of the Virtual Network Gateway.
Following properties are available:
-- `subnet_id` - (`string`, required) ID of a Subnet in which the Virtual Network Gateway will be created.
- This has to be a dedicated Subnet names `GatewaySubnet`.
- `public_ip_zones` - (`list`, optional, defaults to `["1", "2", "3"]`) a list of Availability Zones in which
the Virtual Network Gateway will be available.
- `ip_configurations` - (`map`, required) a map defining the Public IPs used by the Virtual Network Gateway.
@@ -302,7 +312,6 @@ Type:
```hcl
object({
- subnet_id = string
public_ip_zones = optional(list(string), ["1", "2", "3"])
ip_configurations = object({
primary = object({
@@ -502,6 +511,7 @@ Default value: `map[]`
+
#### vpn_clients
VPN client configurations (IPSec point-to-site connections).
diff --git a/modules/virtual_network_gateway/main.tf b/modules/virtual_network_gateway/main.tf
index 24f33efe..07d13b56 100644
--- a/modules/virtual_network_gateway/main.tf
+++ b/modules/virtual_network_gateway/main.tf
@@ -52,7 +52,7 @@ resource "azurerm_virtual_network_gateway" "this" {
name = ip_configuration.value.name
public_ip_address_id = ip_configuration.value.create_public_ip ? azurerm_public_ip.this[ip_configuration.value.name].id : data.azurerm_public_ip.exists[ip_configuration.value.name].id
private_ip_address_allocation = ip_configuration.value.private_ip_address_allocation
- subnet_id = var.network.subnet_id
+ subnet_id = var.subnet_id
}
}
diff --git a/modules/virtual_network_gateway/variables.tf b/modules/virtual_network_gateway/variables.tf
index 343a5abc..b2bf6ca5 100644
--- a/modules/virtual_network_gateway/variables.tf
+++ b/modules/virtual_network_gateway/variables.tf
@@ -75,14 +75,21 @@ variable "virtual_network_gateway" {
}
}
+variable "subnet_id" {
+ description = <<-EOF
+ An ID of a Subnet in which the Virtual Network Gateway will be created.
+
+ This has to be a dedicated Subnet names `GatewaySubnet`.
+ EOF
+ type = string
+}
+
variable "network" {
description = <<-EOF
Network configuration of the Virtual Network Gateway.
Following properties are available:
- - `subnet_id` - (`string`, required) ID of a Subnet in which the Virtual Network Gateway will be created.
- This has to be a dedicated Subnet names `GatewaySubnet`.
- `public_ip_zones` - (`list`, optional, defaults to `["1", "2", "3"]`) a list of Availability Zones in which
the Virtual Network Gateway will be available.
- `ip_configurations` - (`map`, required) a map defining the Public IPs used by the Virtual Network Gateway.
@@ -107,7 +114,6 @@ variable "network" {
EOF
type = object({
- subnet_id = string
public_ip_zones = optional(list(string), ["1", "2", "3"])
ip_configurations = object({
primary = object({