Merge remote-tracking branch 'origin/main' into int-5.7.0
This commit is contained in:
lolorol
Коммит
34d7a5422d
|
|
@ -10,4 +10,5 @@
|
|||
**/*.log
|
||||
**/backend.azurerm.tf
|
||||
public
|
||||
*output.json
|
||||
*output.json
|
||||
**/*.pyc
|
||||
|
|
@ -51,22 +51,27 @@ module "launchpad" {
|
|||
}
|
||||
|
||||
compute = {
|
||||
bastion_hosts = try(var.compute.bastion_hosts, var.bastion_hosts)
|
||||
container_groups = var.container_groups
|
||||
virtual_machines = try(var.compute.virtual_machines, var.virtual_machines)
|
||||
bastion_hosts = try(var.compute.bastion_hosts, var.bastion_hosts)
|
||||
container_groups = var.container_groups
|
||||
azure_container_registries = try(var.compute.azure_container_registries, var.azure_container_registries)
|
||||
virtual_machines = try(var.compute.virtual_machines, var.virtual_machines)
|
||||
}
|
||||
|
||||
networking = {
|
||||
azurerm_routes = try(var.networking.azurerm_routes, var.azurerm_routes)
|
||||
network_profiles = var.network_profiles
|
||||
network_security_group_definition = try(var.networking.network_security_group_definition, var.network_security_group_definition)
|
||||
private_dns = try(var.networking.private_dns, var.private_dns)
|
||||
public_ip_addresses = try(var.networking.public_ip_addresses, var.public_ip_addresses)
|
||||
route_tables = try(var.networking.route_tables, var.route_tables)
|
||||
virtual_hub_connections = try(var.networking.virtual_hub_connections, var.virtual_hub_connections)
|
||||
vnet_peerings_v1 = try(var.networking.vnet_peerings_v1, var.vnet_peerings_v1)
|
||||
vnets = try(var.networking.vnets, var.vnets)
|
||||
}
|
||||
|
||||
security = {
|
||||
keyvault_keys = var.keyvault_keys
|
||||
}
|
||||
|
||||
storage = local.storage
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
locals {
|
||||
storage = {
|
||||
storage_account_queues = var.storage_account_queues
|
||||
}
|
||||
}
|
||||
|
|
@ -32,7 +32,7 @@ provider "azurerm" {
|
|||
partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8"
|
||||
features {
|
||||
api_management {
|
||||
purge_soft_delete_on_destroy = var.provider_azurerm_features_api_management.purge_soft_delete_on_destroy
|
||||
purge_soft_delete_on_destroy = try(var.provider_azurerm_features_api_management.purge_soft_delete_on_destroy, null)
|
||||
# recover_soft_deleted_api_managements = var.provider_azurerm_features_api_management.recover_soft_deleted_api_managements
|
||||
}
|
||||
# application_insights {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
variable "storage_account_queues" {
|
||||
default = {}
|
||||
}
|
||||
|
|
@ -229,6 +229,10 @@ variable "vnets" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "vnet_peerings_v1" {
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "network_security_group_definition" {
|
||||
default = {}
|
||||
}
|
||||
|
|
@ -263,4 +267,12 @@ variable "virtual_hub_connections" {
|
|||
|
||||
variable "custom_variables" {
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "azure_container_registries" {
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "private_dns" {
|
||||
default = {}
|
||||
}
|
||||
|
|
@ -13,5 +13,5 @@ terraform {
|
|||
version = "~> 0.5.0"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,5 +13,5 @@ terraform {
|
|||
version = ">= 0.5.0"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,5 +17,5 @@ terraform {
|
|||
version = "~> 0.5.0"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ terraform {
|
|||
version = "~> 1.2.24"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
||||
data "azurerm_client_config" "current" {}
|
||||
|
|
|
|||
|
|
@ -17,5 +17,5 @@ terraform {
|
|||
version = "~> 0.5.0"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
|
@ -13,5 +13,5 @@ terraform {
|
|||
version = "~> 2.0.3"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,5 +13,5 @@ terraform {
|
|||
version = ">= 0.0.13"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
|
@ -30,7 +30,7 @@ terraform {
|
|||
version = "~> 1.2.0"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
||||
provider "azurerm" {
|
||||
|
|
|
|||
|
|
@ -14,18 +14,8 @@ resource "azurerm_virtual_machine_extension" "devops_selfhosted_agent" {
|
|||
|
||||
#timestamp: use this field only to trigger a re-run of the script by changing value of this field.
|
||||
# Any integer value is acceptable; it must only be different than the previous value.
|
||||
settings = jsonencode(
|
||||
{
|
||||
"timestamp" : each.value.version,
|
||||
"fileUris" : concat(local.devops_selfhosted_agent.file_uris, local.devops_selfhosted_agent.storage_account_blobs_urls),
|
||||
|
||||
}
|
||||
)
|
||||
protected_settings = jsonencode(
|
||||
{
|
||||
"commandToExecute" : format("bash %s '%s' '%s' '%s' '%s' '%s' '%s' '%s'", var.extensions[each.key].agent_init_script, var.settings[each.key].azure_devops.url, var.settings[each.key].agent_pat, var.settings[each.key].azure_devops.agent_pool.name, var.settings[each.key].azure_devops.agent_pool.agent_name_prefix, var.settings[each.key].azure_devops.agent_pool.num_agents, var.settings[each.key].admin_username, var.settings[each.key].azure_devops.rover_version)
|
||||
}
|
||||
)
|
||||
settings = jsonencode(local.settings)
|
||||
protected_settings = jsonencode(local.protected_settings)
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -41,4 +31,18 @@ locals {
|
|||
|
||||
storage_account_blobs_urls = try(var.settings.devops_selfhosted_agent.storage_account_blobs_urls, [])
|
||||
}
|
||||
}
|
||||
|
||||
settings = {
|
||||
timestamp = var.extensions.devops_selfhosted_agent.version
|
||||
fileUris = concat(local.devops_selfhosted_agent.file_uris, local.devops_selfhosted_agent.storage_account_blobs_urls)
|
||||
|
||||
}
|
||||
|
||||
protected_settings = {
|
||||
commandToExecute = format("bash %s '%s' '%s' '%s' '%s' '%s' '%s' '%s'", var.extensions["devops_selfhosted_agent"].agent_init_script, var.settings["devops_selfhosted_agent"].azure_devops.url, var.settings["devops_selfhosted_agent"].agent_pat, var.settings["devops_selfhosted_agent"].azure_devops.agent_pool.name, var.settings["devops_selfhosted_agent"].azure_devops.agent_pool.agent_name_prefix, var.settings["devops_selfhosted_agent"].azure_devops.agent_pool.num_agents, var.settings["devops_selfhosted_agent"].admin_username, var.settings["devops_selfhosted_agent"].azure_devops.rover_version)
|
||||
managedIdentity = can(var.settings.devops_selfhosted_agent.managed_identity) ? {
|
||||
objectId = var.settings.devops_selfhosted_agent.managed_identity
|
||||
} : {}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -61,6 +61,9 @@ variable "mssql_servers" {
|
|||
variable "storage_accounts" {
|
||||
default = {}
|
||||
}
|
||||
variable "storage_containers" {
|
||||
default = {}
|
||||
}
|
||||
variable "storage_account_blobs" {
|
||||
default = {}
|
||||
}
|
||||
|
|
@ -103,3 +106,6 @@ variable "dynamic_keyvault_secrets" {
|
|||
variable "managed_identities" {
|
||||
default = {}
|
||||
}
|
||||
variable "var_folder_path" {
|
||||
default = null
|
||||
}
|
||||
|
|
@ -33,6 +33,7 @@ module "vm_extensions" {
|
|||
[
|
||||
for key, value in try(var.storage_account_blobs, []) : module.caf.storage_account_blobs[key].url
|
||||
])
|
||||
managed_identity = can(each.value.virtual_machine_extensions.devops_selfhosted_agent.managed_identity.lz_key) ? local.remote.managed_identities[each.value.virtual_machine_extensions.devops_selfhosted_agent.managed_identity.lz_key][each.value.virtual_machine_extensions.devops_selfhosted_agent.managed_identity.key].rbac_id : module.caf.managed_identities[each.value.virtual_machine_extensions.devops_selfhosted_agent.managed_identity.key].rbac_id
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ terraform {
|
|||
version = "~> 0.1.3"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
||||
provider "azurerm" {
|
||||
|
|
|
|||
|
|
@ -2,14 +2,14 @@
|
|||
|
||||
module "enterprise_scale" {
|
||||
source = "Azure/caf-enterprise-scale/azurerm"
|
||||
version = "2.1.0"
|
||||
version = "3.3.0"
|
||||
|
||||
# source = "/tf/caf/alz"
|
||||
|
||||
providers = {
|
||||
azurerm = azurerm
|
||||
azurerm.connectivity = azurerm
|
||||
azurerm.management = azurerm
|
||||
azurerm.connectivity = azurerm.connectivity
|
||||
azurerm.management = azurerm.management
|
||||
}
|
||||
|
||||
root_parent_id = var.root_parent_id == null ? data.azurerm_client_config.current.tenant_id : var.root_parent_id
|
||||
|
|
@ -23,4 +23,23 @@ module "enterprise_scale" {
|
|||
root_id = var.root_id
|
||||
root_name = var.root_name
|
||||
subscription_id_overrides = local.subscription_id_overrides
|
||||
|
||||
# To support native alz deployment mode
|
||||
configure_connectivity_resources = var.configure_connectivity_resources
|
||||
configure_identity_resources = var.configure_identity_resources
|
||||
configure_management_resources = var.configure_management_resources
|
||||
deploy_connectivity_resources = var.deploy_connectivity_resources
|
||||
deploy_diagnostics_for_mg = var.deploy_diagnostics_for_mg
|
||||
deploy_identity_resources = var.deploy_identity_resources
|
||||
deploy_management_resources = var.deploy_management_resources
|
||||
disable_telemetry = var.disable_telemetry
|
||||
subscription_id_connectivity = local.subscription_id_connectivity
|
||||
subscription_id_management = local.subscription_id_management
|
||||
subscription_id_identity = local.subscription_id_identity
|
||||
}
|
||||
|
||||
locals {
|
||||
subscription_id_connectivity = var.subscription_id_connectivity == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_connectivity
|
||||
subscription_id_management = var.subscription_id_management == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_management
|
||||
subscription_id_identity = var.subscription_id_identity == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_identity
|
||||
}
|
||||
|
|
@ -3,18 +3,40 @@ terraform {
|
|||
required_providers {
|
||||
azurerm = {
|
||||
source = "hashicorp/azurerm"
|
||||
version = ">= 3.9.0"
|
||||
version = "~> 3.35.0"
|
||||
}
|
||||
}
|
||||
required_version = ">= 1.1.0"
|
||||
experiments = [module_variable_optional_attrs]
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
||||
|
||||
provider "azurerm" {
|
||||
partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8"
|
||||
# partner identifier for CAF Terraform landing zones.
|
||||
features {}
|
||||
}
|
||||
|
||||
provider "azurerm" {
|
||||
partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8"
|
||||
alias = "connectivity"
|
||||
features {}
|
||||
subscription_id = local.subscription_id_connectivity
|
||||
tenant_id = var.tenant_id
|
||||
}
|
||||
|
||||
provider "azurerm" {
|
||||
partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8"
|
||||
alias = "management"
|
||||
features {}
|
||||
subscription_id = var.subscription_id_management == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_management
|
||||
tenant_id = var.tenant_id
|
||||
}
|
||||
|
||||
provider "azurerm" {
|
||||
partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8"
|
||||
alias = "identity"
|
||||
features {}
|
||||
subscription_id = var.subscription_id_identity == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_identity
|
||||
tenant_id = var.tenant_id
|
||||
}
|
||||
|
||||
data "azurerm_client_config" "current" {}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,34 @@
|
|||
output "objects" {
|
||||
value = module.enterprise_scale
|
||||
value = merge(
|
||||
tomap(
|
||||
{
|
||||
(var.landingzone.key) = {
|
||||
"vnets" = {
|
||||
for key, value in module.enterprise_scale.azurerm_virtual_network.connectivity : value.location => value
|
||||
}
|
||||
"virtual_subnets" = {
|
||||
for key, value in module.enterprise_scale.azurerm_subnet.connectivity : value.name => value
|
||||
}
|
||||
"azurerm_firewalls" = {
|
||||
for key, value in module.enterprise_scale.azurerm_firewall.connectivity : value.location => value
|
||||
}
|
||||
"azurerm_firewall_policies" = {
|
||||
for key, value in module.enterprise_scale.azurerm_firewall_policy.connectivity : value.location => value
|
||||
}
|
||||
"private_dns_zones" = {
|
||||
for key, value in module.enterprise_scale.azurerm_private_dns_zone.connectivity : value.name => value
|
||||
}
|
||||
"virtual_network_gateways" = {
|
||||
for key, value in module.enterprise_scale.azurerm_virtual_network_gateway.connectivity : value.name => value
|
||||
}
|
||||
}
|
||||
}
|
||||
),
|
||||
module.enterprise_scale
|
||||
)
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
output "custom_landing_zones" {
|
||||
value = local.custom_landing_zones
|
||||
}
|
||||
|
|
@ -62,6 +62,16 @@ variable "tags" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "root_parent_id" {
|
||||
type = string
|
||||
description = "The root_parent_id is used to specify where to set the root for all Landing Zone deployments. Usually the Tenant ID when deploying the core Enterprise-scale Landing Zones."
|
||||
default = null
|
||||
|
||||
validation {
|
||||
condition = can(regex("^[a-zA-Z0-9-_\\(\\)\\.]{1,36}$", var.root_parent_id)) || var.root_parent_id == null
|
||||
error_message = "Value must be a valid Management Group ID, consisting of alphanumeric characters, hyphens, underscores, periods and parentheses."
|
||||
}
|
||||
}
|
||||
|
||||
variable "root_id" {
|
||||
type = string
|
||||
|
|
@ -85,12 +95,6 @@ variable "root_name" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "root_parent_id" {
|
||||
type = string
|
||||
description = "If specified, will deploy the Enterprise scale bellow the root_parent_id."
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "deploy_core_landing_zones" {
|
||||
type = bool
|
||||
description = "If set to true, will include the core Enterprise-scale Management Group hierarchy."
|
||||
|
|
|
|||
|
|
@ -0,0 +1,612 @@
|
|||
variable "deploy_management_resources" {
|
||||
type = bool
|
||||
description = "If set to true, will enable the \"Management\" landing zone settings and add \"Management\" resources into the current Subscription context."
|
||||
default = false
|
||||
}
|
||||
variable "deploy_diagnostics_for_mg" {
|
||||
type = bool
|
||||
description = "If set to true, will deploy Diagnostic Settings for management groups"
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "configure_management_resources" {
|
||||
type = object({
|
||||
settings = optional(object({
|
||||
log_analytics = optional(object({
|
||||
enabled = optional(bool, true)
|
||||
config = optional(object({
|
||||
retention_in_days = optional(number, 30)
|
||||
enable_monitoring_for_vm = optional(bool, true)
|
||||
enable_monitoring_for_vmss = optional(bool, true)
|
||||
enable_solution_for_agent_health_assessment = optional(bool, true)
|
||||
enable_solution_for_anti_malware = optional(bool, true)
|
||||
enable_solution_for_change_tracking = optional(bool, true)
|
||||
enable_solution_for_service_map = optional(bool, true)
|
||||
enable_solution_for_sql_assessment = optional(bool, true)
|
||||
enable_solution_for_sql_vulnerability_assessment = optional(bool, true)
|
||||
enable_solution_for_sql_advanced_threat_detection = optional(bool, true)
|
||||
enable_solution_for_updates = optional(bool, true)
|
||||
enable_solution_for_vm_insights = optional(bool, true)
|
||||
enable_sentinel = optional(bool, true)
|
||||
}), {})
|
||||
}), {})
|
||||
security_center = optional(object({
|
||||
enabled = optional(bool, true)
|
||||
config = optional(object({
|
||||
email_security_contact = optional(string, "security_contact@replace_me")
|
||||
enable_defender_for_app_services = optional(bool, true)
|
||||
enable_defender_for_arm = optional(bool, true)
|
||||
enable_defender_for_containers = optional(bool, true)
|
||||
enable_defender_for_dns = optional(bool, true)
|
||||
enable_defender_for_key_vault = optional(bool, true)
|
||||
enable_defender_for_oss_databases = optional(bool, true)
|
||||
enable_defender_for_servers = optional(bool, true)
|
||||
enable_defender_for_sql_servers = optional(bool, true)
|
||||
enable_defender_for_sql_server_vms = optional(bool, true)
|
||||
enable_defender_for_storage = optional(bool, true)
|
||||
}), {})
|
||||
}), {})
|
||||
}), {})
|
||||
location = optional(string, "")
|
||||
tags = optional(any, {})
|
||||
advanced = optional(any, {})
|
||||
})
|
||||
description = "If specified, will customize the \"Management\" landing zone settings and resources."
|
||||
default = {
|
||||
settings = {
|
||||
log_analytics = {
|
||||
enabled = true
|
||||
config = {
|
||||
retention_in_days = 30
|
||||
enable_monitoring_for_vm = true
|
||||
enable_monitoring_for_vmss = true
|
||||
enable_solution_for_agent_health_assessment = true
|
||||
enable_solution_for_anti_malware = true
|
||||
enable_solution_for_change_tracking = true
|
||||
enable_solution_for_service_map = true
|
||||
enable_solution_for_sql_assessment = true
|
||||
enable_solution_for_sql_vulnerability_assessment = true
|
||||
enable_solution_for_sql_advanced_threat_detection = true
|
||||
enable_solution_for_updates = true
|
||||
enable_solution_for_vm_insights = true
|
||||
enable_sentinel = true
|
||||
}
|
||||
}
|
||||
security_center = {
|
||||
enabled = true
|
||||
config = {
|
||||
email_security_contact = "security_contact@replace_me"
|
||||
enable_defender_for_app_services = true
|
||||
enable_defender_for_arm = true
|
||||
enable_defender_for_containers = true
|
||||
enable_defender_for_dns = true
|
||||
enable_defender_for_key_vault = true
|
||||
enable_defender_for_oss_databases = true
|
||||
enable_defender_for_servers = true
|
||||
enable_defender_for_sql_servers = true
|
||||
enable_defender_for_sql_server_vms = true
|
||||
enable_defender_for_storage = true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
variable "deploy_identity_resources" {
|
||||
type = bool
|
||||
description = "If set to true, will enable the \"Identity\" landing zone settings."
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "configure_identity_resources" {
|
||||
type = object({
|
||||
settings = optional(object({
|
||||
identity = optional(object({
|
||||
enabled = optional(bool, true)
|
||||
config = optional(object({
|
||||
enable_deny_public_ip = optional(bool, true)
|
||||
enable_deny_rdp_from_internet = optional(bool, true)
|
||||
enable_deny_subnet_without_nsg = optional(bool, true)
|
||||
enable_deploy_azure_backup_on_vms = optional(bool, true)
|
||||
}), {})
|
||||
}), {})
|
||||
}), {})
|
||||
})
|
||||
description = "If specified, will customize the \"Identity\" landing zone settings."
|
||||
default = {
|
||||
settings = {
|
||||
identity = {
|
||||
enabled = true
|
||||
config = {
|
||||
enable_deny_public_ip = true
|
||||
enable_deny_rdp_from_internet = true
|
||||
enable_deny_subnet_without_nsg = true
|
||||
enable_deploy_azure_backup_on_vms = true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
variable "deploy_connectivity_resources" {
|
||||
type = bool
|
||||
description = "If set to true, will enable the \"Connectivity\" landing zone settings and add \"Connectivity\" resources into the current Subscription context."
|
||||
default = false
|
||||
}
|
||||
|
||||
# Notes for the `configure_connectivity_resources` variable:
|
||||
#
|
||||
# `settings.hub_network_virtual_network_gateway.config.address_prefix`
|
||||
# - Only support adding a single address prefix for GatewaySubnet subnet
|
||||
#
|
||||
# `settings.hub_network_virtual_network_gateway.config.gateway_sku_expressroute`
|
||||
# - If specified, will deploy the ExpressRoute gateway into the GatewaySubnet subnet
|
||||
#
|
||||
# `settings.hub_network_virtual_network_gateway.config.gateway_sku_vpn`
|
||||
# - If specified, will deploy the VPN gateway into the GatewaySubnet subnet
|
||||
#
|
||||
# `settings.hub_network_virtual_network_gateway.config.advanced_vpn_settings.private_ip_address_allocation`
|
||||
# - Valid options are "", "Static" or "Dynamic". Will set `private_ip_address_enabled` and `private_ip_address_allocation` as needed.
|
||||
#
|
||||
# `settings.azure_firewall.config.address_prefix`
|
||||
# - Only support adding a single address prefix for AzureFirewallManagementSubnet subnet
|
||||
|
||||
variable "configure_connectivity_resources" {
|
||||
type = object({
|
||||
settings = optional(object({
|
||||
hub_networks = optional(list(
|
||||
object({
|
||||
enabled = optional(bool, true)
|
||||
config = object({
|
||||
address_space = list(string)
|
||||
location = optional(string, "")
|
||||
link_to_ddos_protection_plan = optional(bool, false)
|
||||
dns_servers = optional(list(string), [])
|
||||
bgp_community = optional(string, "")
|
||||
subnets = optional(list(
|
||||
object({
|
||||
name = string
|
||||
address_prefixes = list(string)
|
||||
network_security_group_id = optional(string, "")
|
||||
route_table_id = optional(string, "")
|
||||
})
|
||||
), [])
|
||||
virtual_network_gateway = optional(object({
|
||||
enabled = optional(bool, false)
|
||||
config = optional(object({
|
||||
address_prefix = optional(string, "")
|
||||
gateway_sku_expressroute = optional(string, "")
|
||||
gateway_sku_vpn = optional(string, "")
|
||||
advanced_vpn_settings = optional(object({
|
||||
enable_bgp = optional(bool, null)
|
||||
active_active = optional(bool, null)
|
||||
private_ip_address_allocation = optional(string, "")
|
||||
default_local_network_gateway_id = optional(string, "")
|
||||
vpn_client_configuration = optional(list(
|
||||
object({
|
||||
address_space = list(string)
|
||||
aad_tenant = optional(string, null)
|
||||
aad_audience = optional(string, null)
|
||||
aad_issuer = optional(string, null)
|
||||
root_certificate = optional(list(
|
||||
object({
|
||||
name = string
|
||||
public_cert_data = string
|
||||
})
|
||||
), [])
|
||||
revoked_certificate = optional(list(
|
||||
object({
|
||||
name = string
|
||||
public_cert_data = string
|
||||
})
|
||||
), [])
|
||||
radius_server_address = optional(string, null)
|
||||
radius_server_secret = optional(string, null)
|
||||
vpn_client_protocols = optional(list(string), null)
|
||||
vpn_auth_types = optional(list(string), null)
|
||||
})
|
||||
), [])
|
||||
bgp_settings = optional(list(
|
||||
object({
|
||||
asn = optional(number, null)
|
||||
peer_weight = optional(number, null)
|
||||
peering_addresses = optional(list(
|
||||
object({
|
||||
ip_configuration_name = optional(string, null)
|
||||
apipa_addresses = optional(list(string), null)
|
||||
})
|
||||
), [])
|
||||
})
|
||||
), [])
|
||||
custom_route = optional(list(
|
||||
object({
|
||||
address_prefixes = optional(list(string), [])
|
||||
})
|
||||
), [])
|
||||
}), {})
|
||||
}), {})
|
||||
}), {})
|
||||
azure_firewall = optional(object({
|
||||
enabled = optional(bool, false)
|
||||
config = optional(object({
|
||||
address_prefix = optional(string, "")
|
||||
enable_dns_proxy = optional(bool, true)
|
||||
dns_servers = optional(list(string), [])
|
||||
sku_tier = optional(string, "Standard")
|
||||
base_policy_id = optional(string, "")
|
||||
private_ip_ranges = optional(list(string), [])
|
||||
threat_intelligence_mode = optional(string, "Alert")
|
||||
threat_intelligence_allowlist = optional(list(string), [])
|
||||
availability_zones = optional(object({
|
||||
zone_1 = optional(bool, true)
|
||||
zone_2 = optional(bool, true)
|
||||
zone_3 = optional(bool, true)
|
||||
}), {})
|
||||
}), {})
|
||||
}), {})
|
||||
spoke_virtual_network_resource_ids = optional(list(string), [])
|
||||
enable_outbound_virtual_network_peering = optional(bool, false)
|
||||
enable_hub_network_mesh_peering = optional(bool, false)
|
||||
})
|
||||
})
|
||||
), [])
|
||||
vwan_hub_networks = optional(list(
|
||||
object({
|
||||
enabled = optional(bool, true)
|
||||
config = object({
|
||||
address_prefix = string
|
||||
location = string
|
||||
sku = optional(string, "")
|
||||
routes = optional(list(
|
||||
object({
|
||||
address_prefixes = list(string)
|
||||
next_hop_ip_address = string
|
||||
})
|
||||
), [])
|
||||
expressroute_gateway = optional(object({
|
||||
enabled = optional(bool, false)
|
||||
config = optional(object({
|
||||
scale_unit = optional(number, 1)
|
||||
}), {})
|
||||
}), {})
|
||||
vpn_gateway = optional(object({
|
||||
enabled = optional(bool, false)
|
||||
config = optional(object({
|
||||
bgp_settings = optional(list(
|
||||
object({
|
||||
asn = number
|
||||
peer_weight = number
|
||||
instance_0_bgp_peering_address = optional(list(
|
||||
object({
|
||||
custom_ips = list(string)
|
||||
})
|
||||
), [])
|
||||
instance_1_bgp_peering_address = optional(list(
|
||||
object({
|
||||
custom_ips = list(string)
|
||||
})
|
||||
), [])
|
||||
})
|
||||
), [])
|
||||
routing_preference = optional(string, "Microsoft Network")
|
||||
scale_unit = optional(number, 1)
|
||||
}), {})
|
||||
}), {})
|
||||
azure_firewall = optional(object({
|
||||
enabled = optional(bool, false)
|
||||
config = optional(object({
|
||||
enable_dns_proxy = optional(bool, true)
|
||||
dns_servers = optional(list(string), [])
|
||||
sku_tier = optional(string, "Standard")
|
||||
base_policy_id = optional(string, "")
|
||||
private_ip_ranges = optional(list(string), [])
|
||||
threat_intelligence_mode = optional(string, "Alert")
|
||||
threat_intelligence_allowlist = optional(list(string), [])
|
||||
availability_zones = optional(object({
|
||||
zone_1 = optional(bool, true)
|
||||
zone_2 = optional(bool, true)
|
||||
zone_3 = optional(bool, true)
|
||||
}), {})
|
||||
}), {})
|
||||
}), {})
|
||||
spoke_virtual_network_resource_ids = optional(list(string), [])
|
||||
secure_spoke_virtual_network_resource_ids = optional(list(string), [])
|
||||
enable_virtual_hub_connections = optional(bool, false)
|
||||
})
|
||||
})
|
||||
), [])
|
||||
ddos_protection_plan = optional(object({
|
||||
enabled = optional(bool, false)
|
||||
config = optional(object({
|
||||
location = optional(string, "")
|
||||
}), {})
|
||||
}), {})
|
||||
dns = optional(object({
|
||||
enabled = optional(bool, true)
|
||||
config = optional(object({
|
||||
location = optional(string, "")
|
||||
enable_private_link_by_service = optional(object({
|
||||
azure_api_management = optional(bool, true)
|
||||
azure_app_configuration_stores = optional(bool, true)
|
||||
azure_arc = optional(bool, true)
|
||||
azure_automation_dscandhybridworker = optional(bool, true)
|
||||
azure_automation_webhook = optional(bool, true)
|
||||
azure_backup = optional(bool, true)
|
||||
azure_batch_account = optional(bool, true)
|
||||
azure_bot_service_bot = optional(bool, true)
|
||||
azure_bot_service_token = optional(bool, true)
|
||||
azure_cache_for_redis = optional(bool, true)
|
||||
azure_cache_for_redis_enterprise = optional(bool, true)
|
||||
azure_container_registry = optional(bool, true)
|
||||
azure_cosmos_db_cassandra = optional(bool, true)
|
||||
azure_cosmos_db_gremlin = optional(bool, true)
|
||||
azure_cosmos_db_mongodb = optional(bool, true)
|
||||
azure_cosmos_db_sql = optional(bool, true)
|
||||
azure_cosmos_db_table = optional(bool, true)
|
||||
azure_data_explorer = optional(bool, true)
|
||||
azure_data_factory = optional(bool, true)
|
||||
azure_data_factory_portal = optional(bool, true)
|
||||
azure_data_health_data_services = optional(bool, true)
|
||||
azure_data_lake_file_system_gen2 = optional(bool, true)
|
||||
azure_database_for_mariadb_server = optional(bool, true)
|
||||
azure_database_for_mysql_server = optional(bool, true)
|
||||
azure_database_for_postgresql_server = optional(bool, true)
|
||||
azure_digital_twins = optional(bool, true)
|
||||
azure_event_grid_domain = optional(bool, true)
|
||||
azure_event_grid_topic = optional(bool, true)
|
||||
azure_event_hubs_namespace = optional(bool, true)
|
||||
azure_file_sync = optional(bool, true)
|
||||
azure_hdinsights = optional(bool, true)
|
||||
azure_iot_dps = optional(bool, true)
|
||||
azure_iot_hub = optional(bool, true)
|
||||
azure_key_vault = optional(bool, true)
|
||||
azure_key_vault_managed_hsm = optional(bool, true)
|
||||
azure_kubernetes_service_management = optional(bool, true)
|
||||
azure_machine_learning_workspace = optional(bool, true)
|
||||
azure_managed_disks = optional(bool, true)
|
||||
azure_media_services = optional(bool, true)
|
||||
azure_migrate = optional(bool, true)
|
||||
azure_monitor = optional(bool, true)
|
||||
azure_purview_account = optional(bool, true)
|
||||
azure_purview_studio = optional(bool, true)
|
||||
azure_relay_namespace = optional(bool, true)
|
||||
azure_search_service = optional(bool, true)
|
||||
azure_service_bus_namespace = optional(bool, true)
|
||||
azure_site_recovery = optional(bool, true)
|
||||
azure_sql_database_sqlserver = optional(bool, true)
|
||||
azure_synapse_analytics_dev = optional(bool, true)
|
||||
azure_synapse_analytics_sql = optional(bool, true)
|
||||
azure_synapse_studio = optional(bool, true)
|
||||
azure_web_apps_sites = optional(bool, true)
|
||||
azure_web_apps_static_sites = optional(bool, true)
|
||||
cognitive_services_account = optional(bool, true)
|
||||
microsoft_power_bi = optional(bool, true)
|
||||
signalr = optional(bool, true)
|
||||
signalr_webpubsub = optional(bool, true)
|
||||
storage_account_blob = optional(bool, true)
|
||||
storage_account_file = optional(bool, true)
|
||||
storage_account_queue = optional(bool, true)
|
||||
storage_account_table = optional(bool, true)
|
||||
storage_account_web = optional(bool, true)
|
||||
}), {})
|
||||
private_link_locations = optional(list(string), [])
|
||||
public_dns_zones = optional(list(string), [])
|
||||
private_dns_zones = optional(list(string), [])
|
||||
enable_private_dns_zone_virtual_network_link_on_hubs = optional(bool, true)
|
||||
enable_private_dns_zone_virtual_network_link_on_spokes = optional(bool, true)
|
||||
virtual_network_resource_ids_to_link = optional(list(string), [])
|
||||
}), {})
|
||||
}), {})
|
||||
}), {})
|
||||
location = optional(string, "")
|
||||
tags = optional(any, {})
|
||||
advanced = optional(any, {})
|
||||
})
|
||||
description = "If specified, will customize the \"Connectivity\" landing zone settings and resources."
|
||||
default = {
|
||||
settings = {
|
||||
hub_networks = [
|
||||
{
|
||||
enabled = true
|
||||
config = {
|
||||
address_space = ["10.100.0.0/16", ]
|
||||
location = ""
|
||||
link_to_ddos_protection_plan = false
|
||||
dns_servers = []
|
||||
bgp_community = ""
|
||||
subnets = []
|
||||
virtual_network_gateway = {
|
||||
enabled = false
|
||||
config = {
|
||||
address_prefix = "10.100.1.0/24"
|
||||
gateway_sku_expressroute = "ErGw2AZ"
|
||||
gateway_sku_vpn = "VpnGw3"
|
||||
advanced_vpn_settings = {
|
||||
enable_bgp = null
|
||||
active_active = null
|
||||
private_ip_address_allocation = ""
|
||||
default_local_network_gateway_id = ""
|
||||
vpn_client_configuration = []
|
||||
bgp_settings = []
|
||||
custom_route = []
|
||||
}
|
||||
}
|
||||
}
|
||||
azure_firewall = {
|
||||
enabled = false
|
||||
config = {
|
||||
address_prefix = "10.100.0.0/24"
|
||||
enable_dns_proxy = true
|
||||
dns_servers = []
|
||||
sku_tier = ""
|
||||
base_policy_id = ""
|
||||
private_ip_ranges = []
|
||||
threat_intelligence_mode = ""
|
||||
threat_intelligence_allowlist = []
|
||||
availability_zones = {
|
||||
zone_1 = true
|
||||
zone_2 = true
|
||||
zone_3 = true
|
||||
}
|
||||
}
|
||||
}
|
||||
spoke_virtual_network_resource_ids = []
|
||||
enable_outbound_virtual_network_peering = false
|
||||
enable_hub_network_mesh_peering = false
|
||||
}
|
||||
},
|
||||
]
|
||||
vwan_hub_networks = [
|
||||
{
|
||||
enabled = false
|
||||
config = {
|
||||
address_prefix = "10.200.0.0/22"
|
||||
location = ""
|
||||
sku = ""
|
||||
routes = []
|
||||
expressroute_gateway = {
|
||||
enabled = false
|
||||
config = {
|
||||
scale_unit = 1
|
||||
}
|
||||
}
|
||||
vpn_gateway = {
|
||||
enabled = false
|
||||
config = {
|
||||
bgp_settings = []
|
||||
routing_preference = ""
|
||||
scale_unit = 1
|
||||
}
|
||||
}
|
||||
azure_firewall = {
|
||||
enabled = false
|
||||
config = {
|
||||
enable_dns_proxy = false
|
||||
dns_servers = []
|
||||
sku_tier = "Standard"
|
||||
base_policy_id = ""
|
||||
private_ip_ranges = []
|
||||
threat_intelligence_mode = ""
|
||||
threat_intelligence_allowlist = []
|
||||
availability_zones = {
|
||||
zone_1 = true
|
||||
zone_2 = true
|
||||
zone_3 = true
|
||||
}
|
||||
}
|
||||
}
|
||||
spoke_virtual_network_resource_ids = []
|
||||
secure_spoke_virtual_network_resource_ids = []
|
||||
enable_virtual_hub_connections = false
|
||||
}
|
||||
},
|
||||
]
|
||||
ddos_protection_plan = {
|
||||
enabled = false
|
||||
config = {
|
||||
location = ""
|
||||
}
|
||||
}
|
||||
dns = {
|
||||
enabled = true
|
||||
config = {
|
||||
location = ""
|
||||
enable_private_link_by_service = {
|
||||
azure_api_management = true
|
||||
azure_app_configuration_stores = true
|
||||
azure_arc = true
|
||||
azure_automation_dscandhybridworker = true
|
||||
azure_automation_webhook = true
|
||||
azure_backup = true
|
||||
azure_batch_account = true
|
||||
azure_bot_service_bot = true
|
||||
azure_bot_service_token = true
|
||||
azure_cache_for_redis = true
|
||||
azure_cache_for_redis_enterprise = true
|
||||
azure_container_registry = true
|
||||
azure_cosmos_db_cassandra = true
|
||||
azure_cosmos_db_gremlin = true
|
||||
azure_cosmos_db_mongodb = true
|
||||
azure_cosmos_db_sql = true
|
||||
azure_cosmos_db_table = true
|
||||
azure_data_explorer = true
|
||||
azure_data_factory = true
|
||||
azure_data_factory_portal = true
|
||||
azure_data_health_data_services = true
|
||||
azure_data_lake_file_system_gen2 = true
|
||||
azure_database_for_mariadb_server = true
|
||||
azure_database_for_mysql_server = true
|
||||
azure_database_for_postgresql_server = true
|
||||
azure_digital_twins = true
|
||||
azure_event_grid_domain = true
|
||||
azure_event_grid_topic = true
|
||||
azure_event_hubs_namespace = true
|
||||
azure_file_sync = true
|
||||
azure_hdinsights = true
|
||||
azure_iot_dps = true
|
||||
azure_iot_hub = true
|
||||
azure_key_vault = true
|
||||
azure_key_vault_managed_hsm = true
|
||||
azure_kubernetes_service_management = true
|
||||
azure_machine_learning_workspace = true
|
||||
azure_managed_disks = true
|
||||
azure_media_services = true
|
||||
azure_migrate = true
|
||||
azure_monitor = true
|
||||
azure_purview_account = true
|
||||
azure_purview_studio = true
|
||||
azure_relay_namespace = true
|
||||
azure_search_service = true
|
||||
azure_service_bus_namespace = true
|
||||
azure_site_recovery = true
|
||||
azure_sql_database_sqlserver = true
|
||||
azure_synapse_analytics_dev = true
|
||||
azure_synapse_analytics_sql = true
|
||||
azure_synapse_studio = true
|
||||
azure_web_apps_sites = true
|
||||
azure_web_apps_static_sites = true
|
||||
cognitive_services_account = true
|
||||
microsoft_power_bi = true
|
||||
signalr = true
|
||||
signalr_webpubsub = true
|
||||
storage_account_blob = true
|
||||
storage_account_file = true
|
||||
storage_account_queue = true
|
||||
storage_account_table = true
|
||||
storage_account_web = true
|
||||
}
|
||||
private_link_locations = []
|
||||
public_dns_zones = []
|
||||
private_dns_zones = []
|
||||
enable_private_dns_zone_virtual_network_link_on_hubs = true
|
||||
enable_private_dns_zone_virtual_network_link_on_spokes = true
|
||||
virtual_network_resource_ids_to_link = []
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
variable "disable_telemetry" {
|
||||
type = bool
|
||||
description = "If set to true, will disable telemetry for the module. See https://aka.ms/alz-terraform-module-telemetry."
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "subscription_id_connectivity" {
|
||||
type = string
|
||||
description = "If specified, identifies the Platform subscription for \"Connectivity\" for resource deployment and correct placement in the Management Group hierarchy."
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "subscription_id_management" {
|
||||
type = string
|
||||
description = "If specified, identifies the Platform subscription for \"Management\" for resource deployment and correct placement in the Management Group hierarchy."
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "subscription_id_identity" {
|
||||
type = string
|
||||
description = "If specified, identifies the Platform subscription for \"Identity\" for resource deployment and correct placement in the Management Group hierarchy."
|
||||
default = null
|
||||
}
|
||||
|
|
@ -10,7 +10,7 @@ terraform {
|
|||
version = "~> 2.1.0"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ terraform {
|
|||
version = "~> 0.3.9"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
||||
provider "azurerm" {
|
||||
|
|
|
|||
|
|
@ -9,5 +9,5 @@ terraform {
|
|||
version = "~> 2.17.0"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
|
@ -13,5 +13,5 @@ terraform {
|
|||
version = "~> 2.0.3"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ terraform {
|
|||
version = "~> 0.5.0"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
||||
data "azurerm_client_config" "current" {}
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ terraform {
|
|||
version = "~> 0.26.1"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
||||
provider "azurerm" {
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ provider "azurerm" {
|
|||
# partner identifier for CAF Terraform landing zones.
|
||||
features {
|
||||
api_management {
|
||||
purge_soft_delete_on_destroy = var.provider_azurerm_features_api_management.purge_soft_delete_on_destroy
|
||||
purge_soft_delete_on_destroy = try(var.provider_azurerm_features_api_management.purge_soft_delete_on_destroy, null)
|
||||
# recover_soft_deleted_api_managements = var.provider_azurerm_features_api_management.recover_soft_deleted_api_managements
|
||||
}
|
||||
# application_insights {
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче