This Terraform module deploys a Virtual Network in Azure with a subnet or a set of subnets passed in as input parameters.
The module does not create nor expose a security group. This would need to be defined separately as additional security rules on subnets in the deployed network.
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "my-resources"
location = "West Europe"
}
module "vnet" {
source = "Azure/vnet/azurerm"
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
subnet_names = ["subnet1", "subnet2", "subnet3"]
subnet_service_endpoints = {
subnet2 = ["Microsoft.Storage", "Microsoft.Sql"],
subnet3 = ["Microsoft.AzureActiveDirectory"]
}
delegation_name = {
subnet2 = "Subnet2_function_delegation",
subnet3 = "Subnet3_function_delegation"
}
service_delegation_name = {
subnet2 = "Microsoft.Web/serverFarms",
subnet3 = "Microsoft.Web/serverFarms"
}
service_delegation_actions = {
subnet2 = ["Microsoft.Network/virtualNetworks/subnets/action"],
subnet3 = ["Microsoft.Network/virtualNetworks/subnets/action"]}
tags = {
environment = "dev"
costcenter = "it"
}
depends_on = [azurerm_resource_group.example]
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "my-resources"
location = "West Europe"
}
module "vnet" {
source = "Azure/vnet/azurerm"
resource_group_name = azurerm_resource_group.example.name
vnet_location = "East US"
address_space = ["10.0.0.0/16"]
subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
subnet_names = ["subnet1", "subnet2", "subnet3"]
tags = {
environment = "dev"
costcenter = "it"
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "my-resources"
location = "West Europe"
}
module "vnet" {
source = "Azure/vnet/azurerm"
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
subnet_names = ["subnet1", "subnet2", "subnet3"]
nsg_ids = {
subnet1 = azurerm_network_security_group.ssh.id
subnet2 = azurerm_network_security_group.ssh.id
subnet3 = azurerm_network_security_group.ssh.id
}
tags = {
environment = "dev"
costcenter = "it"
}
}
resource "azurerm_network_security_group" "ssh" {
name = "ssh"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
security_rule {
name = "test123"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "my-resources"
location = "West Europe"
}
module "vnet" {
source = "Azure/vnet/azurerm"
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
subnet_names = ["subnet1", "subnet2", "subnet3"]
route_tables_ids = {
subnet1 = azurerm_route_table.example.id
subnet2 = azurerm_route_table.example.id
subnet3 = azurerm_route_table.example.id
}
tags = {
environment = "dev"
costcenter = "it"
}
}
resource "azurerm_route_table" "example" {
name = "MyRouteTable"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
}
resource "azurerm_route" "example" {
name = "acceptanceTestRoute1"
resource_group_name = azurerm_resource_group.example.name
route_table_name = azurerm_route_table.example.name
address_prefix = "10.1.0.0/16"
next_hop_type = "vnetlocal"
}
module "vnet" {
source = "Azure/vnet/azurerm"
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
subnet_names = ["subnet1", "subnet2", "subnet3"]
subnet_service_endpoints = {
subnet2 = ["Microsoft.Storage", "Microsoft.Sql"],
subnet3 = ["Microsoft.AzureActiveDirectory"]
}
subnet_enforce_private_link_endpoint_network_policies = {
"subnet2" = true,
"subnet3" = true
}
tags = {
environment = "dev"
costcenter = "it"
}
depends_on = [azurerm_resource_group.example]
}
module "vnet" {
source = "Azure/vnet/azurerm"
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
subnet_names = ["subnet1", "subnet2", "subnet3"]
subnet_service_endpoints = {
subnet2 = ["Microsoft.Storage", "Microsoft.Sql"],
subnet3 = ["Microsoft.AzureActiveDirectory"]
}
subnet_enforce_private_link_service_network_policies = {
"subnet3" = true
}
tags = {
environment = "dev"
costcenter = "it"
}
depends_on = [azurerm_resource_group.example]
}
We provide 2 ways to build, run, and test the module on a local development machine. Native (Mac/Linux) or Docker.
We provide simple script to quickly set up module development environment:
$ curl -sSL https://raw.githubusercontent.com/Azure/terramodtest/master/tool/env_setup.sh | sudo bash
Then simply run it in local shell:
$ cd $GOPATH/src/{directory_name}/
$ bundle install
$ rake build
$ rake full
We provide a Dockerfile to build a new image based FROM
the microsoft/terraform-test
Docker hub image which adds additional tools / packages specific for this module (see Custom Image section). Alternatively use only the microsoft/terraform-test
Docker hub image by using these instructions.
This builds the custom image:
$ docker build --build-arg BUILD_ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID --build-arg BUILD_ARM_CLIENT_ID=$ARM_CLIENT_ID --build-arg BUILD_ARM_CLIENT_SECRET=$ARM_CLIENT_SECRET --build-arg BUILD_ARM_TENANT_ID=$ARM_TENANT_ID -t azure-vnet .
This runs the build and unit tests:
$ docker run --rm azure-vnet /bin/bash -c "bundle install && rake build"
This runs the end to end tests:
$ docker run --rm azure-vnet /bin/bash -c "bundle install && rake e2e"
This runs the full tests:
$ docker run --rm azure-vnet /bin/bash -c "bundle install && rake full"
Originally created by Eugene Chuvyrov